CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013,
All

Last Update: 2/22/2013

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

*** NOTE: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the module vendor.

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
1903 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Loadable Kernel Module
(Software Version: 5.5f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/22/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 2.2 running on a LG Optimus 3D (LG-P920); Android 2.3 running on a LG G2X (LG-P999); Android 4.0 running on a Samsung Nexus-S (GT-I9023); Android 4.1 running on a LG Optimus (LG-P920); Ubuntu Linux 32 bit running on a Dell Dimension 9200; Ubuntu Linux 64 bit running on a Dell Dimension 9200 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #2039 and #2272); Triple-DES (Cert. #1316); SHS (Cert. #1785); HMAC (Cert. #1238); RNG (Cert. #1065); DRBG (Cert. #201)

-Other algorithms: NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1902 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Laurence Hamid
TEL: 819-595-3069

CST Lab: NVLAP 100432-0

Imation S250/D250
(Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Version: 4.5.0)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/21/2013 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF2 (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1901 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Ann-Marie Rubin
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 Kernel Crypto API Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode with Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837, Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs is automatically verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/21/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 without AES-NI running on HP ProLiant DL585; Red Hat Enterprise Linux 6.2 with AES-NI running on IBM HS22; Red Hat Enterprise Linux 6.2 without AES-NI running on IBM HS22 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1968, #1969, #1970, #1971 and #1972); Triple-DES (Certs. #1278 and #1279); SHS (Certs. #1725 and #1726); HMAC (Certs. #1187, #1188, #1199 and #1200); RNG (Certs. #1033, #1034, #1035, #1036 and #1037); DSA (Certs #628, #629, #634 and #635)

-Other algorithms: DES; Triple-DES (CTR; non-compliant); AES (192 bits, XTS; non-compliant); RNG (X9.31 with stdrng or ansi_cprng; non-compliant)

Multi-chip standalone

"The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 6.2 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator."
1900 Gemalto
Avenue du Pic de Bertagne - BP100
Gemenos, 13881
France

-Anthony Vella
TEL: +33 4 42 36 61 38
FAX: +33 4 42 36 52 36

CST Lab: NVLAP 100432-0

Gemalto MultiApp ID V2.1
(Hardware Versions: P5CC081 [1] and P5CC145 [2]; Firmware Version: MultiApp ID V2.1 with softmask V2.2 [1] and V2.4 [2] and Demonstration Applet V1.1 [1,2])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/21/2013 Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: RNG (Cert. #1023); Triple-DES (Cert. #1264); Triple-DES MAC (Triple-DES Cert. #1264, vendor affirmed); AES (Cert. #1943); RSA (Certs. #1006 and #1010); SHS (Certs. #1706 and #1707); ECDSA (Cert. #280); CVL (Cert. #17)

-Other algorithms: Triple-DES (Cert. # 1264, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES MAC (AES Cert. #1943; non-compliant); EC Diffie-Hellman

Single-chip

"MultiApp V2.1 is a highly secured smartcard contact-only platform from Gemalto complying with Javacard 2.2.2 and GP 2.1.1 standards and operated on NXP P5CC081 and P5CC145 chips. Its cryptographic library implements TDES, AES, SHA, RSA, RSA CRT, ECDSA, ECC CDH and RNG ANSX9.31 algorithms. This modular and flexible platform serves various needs, enabling secure data storage, identification, authentication and digital signatures (AS) with biometry control. This field-proven OS has the largest number of references in national ID programs, thus ensuring a secure investment."
1890 IBM Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, GA 30328
USA

-Scott Sinsel
TEL: 404-236-2722
FAX: 404-236-2632

CST Lab: NVLAP 200416-0

SiteProtector Cryptographic Module
(Software Version: 1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/19/2013 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2003 R2 Standard, Version 5.2 SP 2 on an IBM eServer 326m running on an AMD Opteron Processor 270

-FIPS-approved algorithms: AES (Cert. #1181); HMAC (Cert. #681); RNG (Cert. #652); RSA (Cert. #562); SHS (Cert. #1090)

-Other algorithms: MD5; RSA (key agreement; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"IBM Proventia+ Management SiteProtectorTM system is a security management system that provides centralized command and control, analysis, reporting and workflow for all ISS IBM Protection devices and select third-party security solutions including network IPS, Network Multi-Function, Server, Endpoint, Vulnerability Assessment, Application Assessment, and DLP. All of these IBM ISS security components have a common update and policy management system as well. The SiteProtector system provides an in-depth security event analysis capability that is specific to the needs of security analysts."
1889 Stanley Security Solutions, Inc.
6161 E 75th Street
PO Box 50444
Indianapolis, IN 46250
USA

-Mr. Robert Strong
TEL: 317-806-3288

-Mr. Thomas Schuster
TEL: 317-806-3150

CST Lab: NVLAP 100414-0

Wi-Q OMW (OW2000) [1], WAC (SDC2K) [2], WDC [3], and WXC [4] Controllers
(Hardware Versions: 12681B [1]; 82065A [2]; 82069B [3]; 82069C [3]; 82069E [3]; 82069F [3] 82376C [4]; 82376D [4]; 82376F [4]; 82376G [4]; Firmware Version: 3.00.039)

(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/13/2013 Overall Level: 1 

-FIPS-approved algorithms: SHS (Cert. #1583); AES (Cert. #1802)

-Other algorithms: N/A

Multi-chip embedded

"The Stanley Wi-Q Controller Cryptographic Module is a wireless end point device that communicates via proprietary 802.15.4 protocol to a Stanley Wi-Q Portal Gateway module. The Stanley Wi-Q Controller provides secure key entry and data encryption functions within the Stanley Wi-Q Wireless Access Control System."
1888 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco Aironet 1552E Outdoor Access Point
(Hardware Version: AIR-CAP1552E-A-K9 Revision: B0; FIPS Kit Version AIRLAP-FIPSKIT=; Firmware Versions: 7.0.116.0, 7.0.230.0 and 7.2.103.0)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/11/2013 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1357 and #1359); HMAC (Cert. #794); RNG (Cert. #746); RSA (Cert. #660); SHS (Cert. #1238)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); RC4; MD5; HMAC MD5

Multi-chip standalone

"The Cisco Aironet 1552E Outdoor Access Point is the standard model, dual-radio system with dual-band radios that are compliant with IEEE 802.11a/n (5-GHz) and 802.11b/g/n standards (2.4 GHz). The 1552E has three external antenna connections for three dual-band antennas. It has Ethernet and fiber Smaill Form-Factor Pluggable (SFP) backhaul options, along with the option of a battery backup. This model also has a PoE-out port and can power a video surveillance camera."
1887 Cambium Networks Ltd.
Unit B2, Linhay Business Park
Ashburton, Devon TQ12 7UP
UK

-Mark Thomas
TEL: +44 1364 655586
FAX: +44 1364 655500

CST Lab: NVLAP 100432-0

Cambium PTP 600 Series Point to Point Wireless Ethernet Bridges
(Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Versions: PTP600-10-00-FIPS and PTP600-10-05-FIPS)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013;
02/22/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The 600 Series of Point-to-Point wireless Ethernet bridges operates in the 2.5, 4.5, 4.8, 4.9, 5.4, 5.8 and 5.9 GHz spectrum, offering high performance Ethernet and TDM connectivity in line-of-sight and non-line-of-sight environments. PTP 600 links have class-leading sensitivity and power output, supporting data rates up to 300 Mbps and range up to 124 miles. This series of secure wireless bridges makes cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers, utilities, transportation agencies and public safety organizations."
1886 Comtech EF Data Corporation
2114 West 7th Street
Tempe, AZ 85281
USA

-Wallace Davis
TEL: 480-333-2189

CST Lab: NVLAP 200427-0

DMD2050E TRANSEC Module
(Hardware Version: PL-0000192-1, Revision A; Firmware Version: 1.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #2025 and #2026); ECDSA (Cert. #296); HMAC (Cert. #1228); RNG (Cert. #1061); RSA (Cert. #1053); SHS (Cert. #1775); Triple-DES (Cert. #1309)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength);RSA (key transport; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256-bits of encryption strength); MD5

Multi-chip embedded

"The Comtech EF Data FIPS Security Module features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via the DMD2050E Satellite Modem, as well as firmware to provide the cryptographic functions needed to act as an endpoint for TLS and SSH management, and control traffic."
1885 Curtiss-Wright Controls Defense Solutions
2600 Paramount Place, Suite 200
Fairborn, OH 45324
USA

-Paul Davis
TEL: 937-252-560
FAX: 937-252-2729

-Matt Young
TEL: 937-252-2729
FAX: 937-252-2729

CST Lab: NVLAP 200427-0

3U VPX-1TB FSM Flash Storage Module
(Hardware Versions: RHFS-3UR1024-F, RHFS-3UJ1024-F; Firmware Version: 1.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #250 and #1978); DRBG (Cert. #180); HMAC (Cert. #1191); SHS (Cert. #1732)

-Other algorithms: TRNG

Multi-chip embedded

"The Flash Storage Module (FSM) AES cryptographic engine uses 256-bit encryption keys and performs real-time encryption of all data written to or read from solid state drives. The FSM cryptographic engines provides maximum data-at-rest security in commercial and military applications."
1884 Totemo AG
Freihofstrasse 22
Küsnacht, CH-8700
Switzerland

-Marcel Mock
TEL: +41 44 914 99 00

-Daniel Raap
TEL: +41 44 914 99 00

CST Lab: NVLAP 200928-0

Totemo Cryptographic Module (TCM)
(Software Version: 2.0)

(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/08/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Totemo Appliance OS 2.0 v0711 with JRE 7.0 running on a Apligo NSA 7110 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #2059); Triple-DES (Cert. #1326); DSA (Cert. #652); RSA (Cert. #1071); ECDSA (Cert. #302); SHS (Cert. #1800); DRBG (Cert. #206); HMAC (Cert. #1252)

-Other algorithms: AES (Cert. #2059, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1326, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Totemo Cryptographic Module supplies the cryptographic services required by the Totemo Security Platform (TSP) and the Totemo products which provides secure email, file transfer, and mobile messaging solutions. These solutions secure all types of communication without any infrastructure prerequisites."
1883 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Andrew Young
TEL: 443-327-1183
FAX: 410-931-7524

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 100432-0

eToken 5100, 5105, 5200 and 5205
(Hardware Versions: eToken 5100, eToken 5105, eToken 5200 and eToken 5205; Firmware Version: Athena IDProtect 0106.0113.2109 with SafeNet eToken Applet Suite 1.2.9)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013;
02/15/2013
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"SafeNet eToken is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business resources."
1882 Entrust, Inc.
One Lincoln Centre
5400 LBJ Freeway
Suite 1340
Dallas, TX 75240
USA

-Jim Feeley
TEL: 613-270-3198
FAX: 613-270-2505

CST Lab: NVLAP 100432-0

Entrust IdentityGuard PIV Credential
(Hardware Version: SCHW 1.0; Firmware Version: SCOS 1.0 with Entrust IdentityGuard PIV Applet 1.0.1 Patch 172799)

(PIV Card Application: Cert. #33)

(When operated in FIPS mode with PIN policies configured as indicated in the Security Policy Section 9)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: RNG (Cert. #942); Triple-DES (Cert. #1144); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); AES (Cert. #1769); RSA (Cert. #885); ECDSA (Cert. #237); CVL (Cert. #5)

-Other algorithms: HW RNG; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); AES (Cert. #1769, key wrapping; key establishment methodology provides 256 bits of encryption strength); Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"The Entrust IdentityGuard PIV Credential is a cryptographic module intended for use by US Federal agencies and other markets that require smartcards conformant with the PIV standards. The module can also be configured for use in markets where the set of keys and data objects, or the access control rules governing their use, differ from the PIV data model."
1881 WinMagic Inc.
200 Matheson Boulevard West
Suite 201
Mississauga, ON L5R 3L7
Canada

-Alexander Mazuruc
TEL: 905-502-7000 ext. 225
FAX: 905-502-7001

CST Lab: NVLAP 200928-0

SecureDoc® Disk Encryption Cryptographic Engine for MacOS X
(Software Version: 6.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/04/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7 Lion 32-bit running on a MacBook Pro; Mac OS X 10.7 Lion 64-bit running on a MacBook Pro (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1924 and #1925); SHS (Cert. #1690); RNG (Cert. #1012); HMAC (Cert. #1159)

-Other algorithms: AES (Certs. #1924 and #1925, key wrapping)

Multi-chip standalone

"SecureDoc® Disk Encryption Cryptographic Engine for MacOS X provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on MacOS X platform. The module employs PKCS-11 cryptographic standard to deliver full disk and removable media encryption on Apple computers and laptops."
1880 WinMagic Inc.
200 Matheson Boulevard West
Suite 201
Mississauga, ON L5R 3L7
Canada

-Alexander Mazuruc
TEL: 905-502-7000 ext. 225
FAX: 905-502-7001

CST Lab: NVLAP 200928-0

SecureDoc® Disk Encryption Cryptographic Engine for Windows
(Software Version: 6.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/04/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 32-bit running on an Acer Aspire 7745G Intel Core i7, Microsoft Windows 7 32-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI, Microsoft Windows 7 64-bit running on an Acer Aspire 7745G Intel Core i7, Microsoft Windows 7 64-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1924 and #1925); SHS (Cert. #1690); RNG (Cert. #1012); HMAC (Cert. #1159)

-Other algorithms: AES (Certs. #1924 and #1925, key wrapping)

Multi-chip standalone

"SecureDoc® Disk Encryption Cryptographic Engine for Windows provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on Windows platform. The module employs PKCS-11 cryptographic standard to deliver full disk encryption and other data protection solutions for General Purpose Computers, laptops and removable media."
1879 TechGuard Security
28 Hawk Ridge Circle
Suite 107
Lake St. Louis, MO 63367
USA

-David Maestas
TEL: 636-489-2230

CST Lab: NVLAP 200002-0

PoliWall-CCF M10 [1], M50 [2], G01 [3] and G10 [4] Series Security Appliance
(Hardware Versions: PW-CCF-M10-01C [1], PW-CCF-M50-01C [2], PW-CCF-G01-01C [3], PW-CCF-G01-01F [3], PW-CCF-G10-01X [4] and PW-CCF-G10-01F [4] with FIPS Kits: (PW-CCF-M10-FK1 [1,2], PW-CCF-G01-FK1 [3] and PW-CCF-G10-FK1 [4]); Software Version: 2.02.3101)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 02/04/2013 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1600 and #1601); RSA (Cert. #782); RNG (Cert. #857); SHS (Certs. #1412 and #1413)

-Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip standalone

"The TechGuard Security PoliWall is a network boundary device that rapidly determines the country of origin for all incoming packets using HIPPIE (High-speed Internet Protocol Packet Inspection Engine) technology. Packets are filtered according to defined policies, exception lists, and Pre-Compiled Exception Lists (PCEL) that are bound to rule groups for specific network addresses and protocols. PoliWall also provides administrators with the ability to create maps which exclude traffic from selected countries."
1878 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Version: 5.5f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/31/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 2.2 running on a LG Optimus 3D (LG-P920); Android 2.3 running on a LG G2X (LG-P999); Android 4.0 running on a Samsung Nexus-S (GT-I9023); Android 4.1 running on a LG Optimus (LG-P920); Ubuntu Linux 32 bit running on a Dell Dimension 9200; Ubuntu Linux 64 bit running on a Dell Dimension 9200 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #2039 and #2272); Triple-DES (Cert. #1316); SHS (Cert. #1785); HMAC (Cert. #1238); RSA (Cert. #1059); DSA (Cert. #647); ECDSA (Cert. #298); RNG (Cert. #1065); DRBG (Cert. #201)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1877 Palo Alto Networks
3300 Olcott Street
Santa Clara, CA 95054
USA

-Jake Bajic
TEL: 408-753-3901
FAX: 408-753-4001

CST Lab: NVLAP 100432-0

PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series Firewalls
(Hardware Versions: HW P/Ns 910-000006-00H Rev. H with FIPS Kit P/N 920-000005-004 Rev. 4 (PA-500), 910-000004-00Q Rev. Q with FIPS Kit P/N 920-000004-004 Rev. 4 (PA-2020), 910-000003-00Q Rev. Q with FIPS Kit P/N 920-000004-004 Rev. 4 (PA-2050), 910-000002-00U Rev. U with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4020), HW P/N 910-000001-00U Rev. U with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4050), 910-000005-00L Rev. L with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4060), 910-000010-008 Rev. 8 w/ FIPS Kit P/N 920-000037-002 Rev. 2 (PA-5020), 910-000009-009 Rev. 9 w/ FIPS Kit P/N 920-000037-002 Rev. 2 (PA-5050) and 910-000008-008 Rev. 8 w/ FIPS Kit P/N 920-000037-002 Rev. 2 (PA-5060); Firmware Version: 4.0.10 or 4.0.12-h2)

(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/30/2013 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1987); RSA (Cert. #1031); HMAC (Cert. #1201); SHS (Cert. #1743); RNG (Cert. #1044)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES

Multi-chip standalone

"The Palo Alto Networks PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique idenification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications."
1876 Apricorn Inc.
12191 Kirkham Road
Poway, CA 92064
USA

-Robert Davidson
TEL: 858-513-4430
FAX: 858-513-2020

CST Lab: NVLAP 100432-0

Apricorn Aegis Secure Key
(Hardware Versions: ASK-256-4GB [1], ASK-256-8GB [2] and ASK-256-16GB [3]; Firmware Versions: V01.12A13-F05 [1], V01.12A13-F04 [2] and V01.12A15 Code Package-111130 [3] with Security Controller Firmware Revision iStorage v6)

(Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/30/2013 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177)

-Other algorithms: NDRNG

Multi-chip standalone

"The Apricorn Aegis Secure Key is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology. The Apricorn Aegis Secure Key uses full-disk hardware based AES 256 bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG)."
1875 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with Wireless Services Modules (WiSMs)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2] and P/N 800-26335 [3, 4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL or WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions: Supervisor Blade: Cisco IOS Release 12.2.33-SXI3 or Cisco IOS Release 12.2.33-SXH5; WiSM: 7.0.230.0)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/25/2013 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1874 Ultra Stereo Labs, Inc.
181 Bonetti Drive
San Luis Obispo, CA 93401
USA

-Larry McCrigler
TEL: 805-549-0161
FAX: 805-549-0163

CST Lab: NVLAP 100432-0

IMB-1000 HFR and IMB-1200 HFR Secure Media Blocks
(Hardware Versions: Rev. 11 and 12; Firmware Version: 08162012)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/18/2013 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1459, #1460 and #1964); HMAC (Certs. #856 and #857); SHS (Certs. #1320 and #1321); RNG (Cert. #798); RSA (Cert. #712); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; TI S-BOX; EC Diffie-Hellman; DCI

Multi-chip embedded

"The Image Media Block is a type of Secure Processing Block that contains a Security Manager, Image, Audio and Subtitle Media Decryptors, Image decoder, Image and Audio Forensic Marking (FM) and optional Link Encoder. It is used for playback of encrypted movie content in commercial cinemas."
1873 iStorage Limited
Research House
Fraser Road
Greenford, Middlesex UB6 7AQ
England

-John Michael
TEL: +44 20 8537-3435
FAX: +44 20 8537-3438

CST Lab: NVLAP 100432-0

datAshur Secure USB Flash Drive
(Hardware Version: IS-FL-DA-256-4 [1], IS-FL-DA-256-8 [2] and IS-FL-DA-256-16 [3]; Firmware Version: V01.12A13-F05 [1], V01.12A13-F04 [2] and V01.12A15 Code Package-111130 [3] with Security Controller Firmware Revision iStorage v6)

(Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/08/2013;
01/24/2013
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177)

-Other algorithms: NDRNG

Multi-chip standalone

"The iStorage datAshur is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology licensed from ClevX, LLC. datAshur uses full-disk hardware based AES 256 Bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG). datAshur supports a single encrypted private partition available to the user when unlocked."
1872 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 4150F
(Hardware Version: NSA-4150-FWEX-FRR and FIPS Kit: SAC-4150F-FIPS-KT; Firmware Version: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/08/2013 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement;non-compliant)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1871 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 2150F
(Hardware Version: NSA-2150-FWEX-F and FIPS Kit: SAC-2150F-FIPS-KT; Firmware Version: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/08/2013 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement; non-compliant)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1870 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100F
(Hardware Version: NSA-1100-FWEX-F and FIPS Kit: SAC-1100F-FIPS-KT; Firmware Version: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/08/2013 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement; non-compliant)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1869 WatchGuard Technologies, Inc.
505 Fifth Avenue South, Suite 500
Seattle, WA 98104
USA

-Peter Eng
TEL: 206 613 6600

CST Lab: NVLAP 200556-0

XTM 21 [1], XTM 21-W [2], XTM 22 [3], XTM 22-W [4], XTM 23 [5], XTM 23-W [6], XTM 25 [7], XTM 25-W [8], XTM 26 [9], XTM 26-W [10], XTM 33 [11], XTM 33-W [12], XTM 330 [13], XTM 505 [14], XTM 510 [15], XTM 520 [16], XTM 530 [17], XTM 810 [18], XTM 820 [19], XTM 830 [20], XTM 830-F [21], XTM 1050 [22] and XTM 2050 [23]
(Hardware Versions: XP3E6 [1, 3, 5], XP3E6W [2, 4, 6], FS1E5 [7, 9], FS1E5W [8, 10], FS2E5 [11], FS2E5W [12], NC5AE7 [13], NC2AE8 [14, 15, 16, 17], NS2BE10 [18, 19, 20], NS2BE6F4 [21], NX3CE12 [22] and NC4E16F2 [23] with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.5.1)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/21/2012 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #1078, #1079, #1080, #1082, #1180, #1181 and #1182 ); AES (Certs. #1658, #1659, #1660, #1662, #1827, #1828 and #1829); SHS (Certs. #1452, #1453, #1454, #1457, #1606, #1607 and #1608 ); HMAC (Certs. #973, #974, #975, #977, #1081, #1082 and #1083 ); RSA (Cert. #819 ); ECDSA (Cert. #211); RNG (Cert. #885); DSA (Cert. #631)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5

Multi-chip standalone

"WatchGuard Fireware XTM extensible threat management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need."
1868 Bomgar Corporation
578 Highland Colony Parkway
Paragon Centre, Suite 300
Ridgeland, MS 39157
USA

-Main Office
TEL: 601-519-0123
FAX: 601-510-9080

-Stella Kwon
TEL: 703-736-8363
FAX: 601-510-9080

CST Lab: NVLAP 200002-0

B200™, B300™ and B400™ Remote Support Appliances
(Hardware Versions: B200 [1], B300r1 [2] and B400r1 [3]; Tamper Evident Label Kit: TEL135325 [1,2,3]; Front Bezels: (FB000300 [2] and FB000400 [3]); Software Version: 12.1.6FIPS; Firmware Version: 3.3.2FIPS)

(When operated in FIPS mode and with the tamper evident labels and front bezels applied as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/15/2013 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #2219); Triple-DES (Cert. #1389), RSA (Cert. #1136), SHS (Cert. #1910); HMAC (Cert. #1350); RNG (Cert. #1113)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5

Multi-chip standalone

"Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1867 Pitney Bowes Inc.
37 Executive Drive
Danbury, CT 06810
USA

-David Riley
TEL: 203-796-3208
FAX: 203-796-3129

CST Lab: NVLAP 100432-0

Cygnus X3 Hardware Security Module (XHSM)
(Hardware Version: P/N 1R84000 Version A; Firmware Versions: 01.00.06 and 01.03.0074 (Device Abstraction Layer))

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/19/2012 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: AES (Cert. #1979); DRBG (Cert. #181); DSA (Cert. #632); ECDSA (Cert. #286); HMAC (Cert. #1192); KAS (Cert. #33); CVL (Cert. #20); RSA (Cert. #1063); SHS (Cert. #1733); Triple-DES (Cert. #1319); Triple-DES MAC (Triple-DES Cert. #1319, vendor affirmed)

-Other algorithms: AES (Cert. #1979, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Single-chip

"The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 in order to support international digital indicia standards globally. The Cygnus X3 HSM Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1866 Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200556-0

FortiGate-3950B/3951B
(Hardware Versions: FortiGate-3950B (C4DE23) and FortiGate-3951B [(C4EL37) and FSM-064 (PE4F79)] with Blank Face Plate (P06698-02) and Tamper Evident Seal: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/19/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1856, #1857 and #1858); Triple-DES (Certs. #1203, #1204 and #1205); HMAC (Certs. #1103, #1104 and #1105); SHS (Certs. #1633, #1634 and #1635); RSA (Cert. #939); RNG (Cert. #974)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); DES

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1865 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba 3000 [A], 6000/M3 Revision C4 [B] and Dell W-3000 [C], W-6000M3 [D] Controllers with ArubaOS FIPS Firmware
(Hardware Versions: [3200-F1 Revision C4, 3400-F1 Revision C4, 3600-F1 Revision C4, 3200-USF1 Revision C4, 3400-USF1 Revision C4 and 3600-USF1 Revision C4] [1] [A], [(6000-400-F1 or 6000-400-USF1) with M3mk1-S-F1 Revision C4, HW-FT, HW-PSU-200 or HW-PSU-400, LC-2G-1, LC-2G24F-1 or LC-2G24FP-1] [1] [B], [W-3200-F1, W-3400-F1, W-3600-F1, W-3200-USF1, W-3400-USF1 and W-3600-USF1] [2] [C], and [(W-6000-400-F1 or W-6000-400-USF1) with W-6000M3, HW-FT and HW-PSU-400] [2] [D] with FIPS kit 4010061-01; Firmware Version: ArubaOS_MMC_6.1.2.3-FIPS [1] and Dell_PCW_MMC_6.1.2.3-FIPS [2] or ArubaOS_MMC_6.1.4.1-FIPS [1] and Dell_PCW_MMC_6.1.4.1-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400")

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/18/2012;
01/24/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #762, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #417, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #769, #1627, #1629 and #1631); Triple-DES (Certs. #667, #1198 and #1201)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services"
1864 Cambium Networks, Ltd.
Unit B2, Linhay Business Park
Ashburton, Devon TQ13 7UP
UK

-Mark Thomas
TEL: +44 1364 655586
FAX: +44 1364 655500

CST Lab: NVLAP 100432-0

Cambium Networks PTP 800 Compact Modem Unit (CMU)
(Hardware Versions: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800-05-02)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/04/2013;
02/22/2013
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG

Multi-chip standalone

"Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Cambium Networks Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution."
1863 Kaseya US Sales, LLC
901 N. Glebe Road
Suite 1010
Arlington, VA 22203
USA

-Bill Durant
TEL: 415-694-5700

CST Lab: NVLAP 200996-0

Virtual System Administrator Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/13/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with MAC OS X v10.6.8; Windows 7 (32-bit); Windows 7 (64-bit); Windows Server 2008; Red Hat Enterprise Linux 5.5 (32-bit); Red Hat Enterprise Linux 5.5 (64-bit) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1988 and #1989); HMAC (Cert. #1202); SHS (Cert. #1744); DRBG (Cert. #185)

-Other algorithms: AES (Cert. #1989, key wrapping); AES-CBC (non-compliant)

Multi-chip standalone

"The Kaseya Virtual System Administrator provides an IT automation framework allowing IT managers to proactively monitor, manage, maintain, and protect distributed IT resources using a single, integrated web-based interface. The services offered by Kaseya Virtual System Administrator are ever-broadening; as IT management services needs increase, so do the tools and services provided by the framework."
1862 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Seagate Secure® TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module
(Hardware Version: 1BU282; Firmware Version: 0003)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/07/2013;
01/25/2013
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #1811 and #1343); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure« Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in the Seagate Pulsar.2 SED model disk drive. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1861 RSA Security, Inc.
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Youngjin Son
TEL: +82-10-6700-6735

CST Lab: NVLAP 200900-0

RSA BSAFE® Crypto-C Micro Edition for Samsung MFP SW Platform (VxWorks)
(Software Version: 3.0.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 12/10/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with VxWorks (single user mode)

-FIPS-approved algorithms: AES (Cert. #1826); Triple-DES (Cert. #1179); DSA (Cert. #573); ECDSA (Cert. #252); RNG (Cert. #962); DRBG (Cert. #143); RSA (Cert. #918); SHS (Cert. #1605); HMAC (Cert. #1080)

-Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman

Multi-chip standalone

"A software cryptographic library within the Vxworks real-time operating system specifically for embedded systems based on the ARM9 CPU architecture."
1860 CMS Products
12 Mauchly
Unit E
Irvine, CA 92618
USA

-Les Kristof
TEL: 714-424-5521
FAX: 949-754-9060

CST Lab: NVLAP 100432-0

CE Secure
(Hardware Versions: P/Ns CE-HDDFIPS-500, CE-HDDFIPS-320 and CE-HDDFIPS-250; Firmware Version: 0001SDM7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/25/2013 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225)

-Other algorithms: NDRNG

Multi-chip embedded

"The CE Secure CE-HDDFIPS is a Self Encrypting Drive used in CMS Products' line of external secure storage devices. All data on the secure storage device is protected with state of the art hardware encryption."
1859 Red Hat®, Inc.
314 Littleton Road
Raleigh, NC 27606
USA

-Ann-Marie Rubin
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 Openswan Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode and when obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9 of the provided Security Policy. This module contains the embedded Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode and the Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837 operating in FIPS mode. Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs are verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/03/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #1289 and #1290); AES (Certs. #1985 and 1986); SHS (Certs. #1741 and #1742); RSA (Cert. #979, vendor affirmed); DRBG (Certs. #183 and #184); DSA (Certs. #634 and #635); HMAC (Certs. #1129, #1130, #1134, #1135, #1199 and #1200)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); RC2; RC4; DES; Seed; CAMELLIA; MD2; MD5

Multi-chip standalone

"The Red Hat Enterprise Linux 6.2 OpenSwan Cryptographic Module is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec."
1858 Vidyo, Inc.
433 Hackensack Ave, 6th Floor
Hackensack, NJ 07601
USA

CST Lab: NVLAP 200556-0

Cryptographic Security Kernel
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/29/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E50xx without AES-NI; Mac OS X 10.6.8 32-bit running on Intel Core Duo without AES-NI; Mac OS X 10.6.8 64-bit running on Intel Core 2 Duo without AES-NI; Mac OS X 10.7.3 32-bit or Mac OS 10.7.3 64-bit running on Intel Core 2 Duo without AES-NI; Windows 7 32-bit running on Intel Core Duo without AES-NI; Windows 7 64-bit running on Intel Core 2 Duo without AES-NI; Windows XP 32-bit running on Intel Core Duo without AES-NI; Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E3 with AES-NI; Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on Intel Core i5 with AES-NI; Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on Intel Core i5 with AES-NI; Windows 7 32-bit or Windows 7 64-bit running on Intel Core i5 with AES-NI; Windows XP 32-bit running on Intel Core i5 with AES-NI (single-user mode)

-FIPS-approved algorithms: AES (Certs. #2027 and #2028), DRBG (Certs. #194 and #195), HMAC (Certs. #1229 and #1230), SHS (Certs. #1776 and #1777)

-Other algorithms: N/A

Multi-chip standalone

"The Vidyo Cryptographic Security Kernel is a subset of the VidyoTechnology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications."
1857 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, ON K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCI 7000 Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.8.7)

(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant)

Multi-chip embedded

"Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1856 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, ON K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCI 7000 Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.8.7)

(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/29/2012;
12/03/2012
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant)

Multi-chip embedded

"Luna PCI® offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI® HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1855 Nexus Wireless
Artists Court
15 Manette Street
London, W1D 4AP
United Kingdom

-Paul Richards
TEL: +44-207-734-0200
FAX: +44-207-734-0210

CST Lab: NVLAP 200416-0

Nexus FIPS 140-2 Crypto Module
(Hardware Version: 1.01; Firmware Versions: ES0408_RL01_R1_02_001 version 1.02.001 and ES0408_RL02_R1_02_000 version 1.02.000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/18/2013 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #914); DSA (Cert. #337); SHS (Certs. #901 and #928); HMAC (Cert. #533); RNG (Cert. #524)

-Other algorithms: DES; AES MAC (AES Cert. #914, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Nexus FIPS140-2 Crypto Module is a single-board security module designed to conform to FIPS140-2 standards and primarily intended for use in P25 radio equipment. The module supports both KFD and KMF management implementations, including a dedicated 3-wire KFD interface. It includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSKEK keys in non-volatile memory within the FIPS module, with protection from unauthorized disclosure or modification. The FIPS Module executes encryption and decryption of P25 Phase 1 voice and data tra"
1854

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/28/2012 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1853 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco 4402 and 4404 Wireless LAN Controllers
(Hardware Versions: 4402, Revision Number R0 and 4404, Revision Number R0; FIPS Kit AIRWLC4400FIPSKIT=, Version A0; Opacity Baffle Version 1.0; Firmware Version: 7.0.230.0)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 4400 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, intrusion protection and intelligent radio resource management."
1852 Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0

FortiWiFi-60C
(Hardware Version: C4DM95 with Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); AES CCM (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1851 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Control Center
(Hardware Versions: [FWE-C1015 and FIPS Kit: FWE-CC-FIPS-KIT1], [FWE-C2050 and FIPS Kit: FWE-CC-FIPS-KIT2] and [FWE-C3000 and FIPS Kit: FWE-CC-FIPS-KIT2]; Firmware Version: 5.2.0)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012;
12/12/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1831 and #1897); Triple-DES (Certs. #1184 and #1233); SHS (Certs. #1611 and #1666); HMAC (Certs. #1085 and #1137); DRBG (Cert. #163); RNG (Certs. #963 and #1009); RSA (Certs. #920 and #972); DSA (Certs. #575 and #599)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5

Multi-chip standalone

"McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
1850 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Version: 3.0.0.16)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/29/2012;
01/24/2013
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with Wind River VxWorks General Purpose Platform 6.0 (PPC 604 32-bit) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #2018); DRBG (Cert. #192); DSA (Cert. #643); ECDSA (Certs. #293 and #294); HMAC (Cert. #1222); RNG (Cert. #1058); RSA (Cert. #1047); SHS (Cert. #1768); Triple-DES (Cert. #1303)

-Other algorithms: AES-GCM (non-compliant); DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1849 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-60 and AP-61 Wireless Access Points
(Hardware Versions: AP-60-F1 Rev. 01 and AP-61-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/06/2012;
01/24/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1848 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 4150E
(Hardware Version: NSA-4150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/19/2012 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1847 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 2150E
(Hardware Version: NSA-2150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/19/2012 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1846 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100E
(Hardware Version: NSA-1100-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/19/2012 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1845 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-65, AP-70 and AP-85 Wireless Access Points
(Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 and AP-85TX-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS)

(When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012;
01/24/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1843 Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat, 13705
France

-Frederic Garnier
TEL: +33 4 42 36 43 68
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 200427-0

Protiva+ PIV v2.0 using TOP DL v2 and TOP IL v2
(Hardware Versions: A1025258 and A1023393; Firmware Version: Build#11 - M1005011 + Softmask V04, Applet Version: PIV Applet v2.00 + OATH Applet v2.10)

(PIV Card Application: Cert. #30)

(When operated in FIPS mode with module TOP DL v2 or TOP IL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1973); CVL (Cert. #18); ECDSA (Cert. #284); RNG (Cert. #1038); RSA (Cert. #1019); SHS (Cert. #1727); Triple-DES (Cert. #1280); Triple-DES MAC (Triple-DES Cert. #1280, vendor affirmed)

-Other algorithms: N/A

Single-chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1842 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124-3452
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: N/A

CST Lab: NVLAP 100432-0

SRA EX6000 and SRA EX7000
(Hardware Versions: P/Ns 101-500210-62 Rev. A (SRA EX6000) and 101-500188-62 Rev. A (SRA EX7000); Firmware Version: SRA 10.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1868, #1869 and #1870); HMAC (Certs. #1113, #1114 and #1115); RNG (Cert. #980); RSA (Certs. #950 and #951); SHS (Certs. #1642, #1643 and #1644); Triple-DES (Certs. #1213, #1214 and #1215)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG; MD5; RC4

Multi-chip standalone

"Built on Aventail's powerful, proven SSL VPN platform, the SonicWALL Aventail SRA EX6000 and SRA EX7000 appliances provide granular access control for any type of remote access by first detecting the identity and the security of the end point, protecting applications with granular policy based on who the user is and the trust established for the end point used for access, and then connecting authorized employees and business partners effortlessly from a broad range of cross-platform devices only to authorized resources."
1841 InZero Systems
13755 Sunrise Valley Drive
Suite 750
Herndon, VA 20171
U.S.A.

-FIPS Product Team
TEL: 703-636-2048
FAX: 703-793-1805

CST Lab: NVLAP 200002-0

InZero Gateway
(Hardware Version: XB2CUSB3.1; Firmware Version: 2.80.0.38)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #1841); DSA (Cert. #576); HMAC (Cert. #1095); RNG (Cert. #967); RSA (Cert. #929); SHS (Cert. #1622); Triple-DES (Cert. #1194)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The InZero Gateway is a pocket-sized appliance that provides FIPS-validated VPNs and endpoint security for a Windows PC. The module's hardware sandbox ensures safe browsing (e.g., opening downloaded files) and safe internet banking. A conversion engine strips malware from e-mail attachments. The firewall helps enforce NAC policy. The module may be managed locally by the Crypto Officer or by a network administrator using a Management Console. The HTTPS management connection and VPNs use FIPS validated encryption, while sandbox HTTPS connections are non-FIPS for compatibility."
1840 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Robbie Gill
TEL: 408-754-8406

CST Lab: NVLAP 200427-0

Aruba 3000 [1] and 6000/M3 Revision B2 [2] Controllers with ArubaOS FIPS Firmware
(Hardware Versions: [3200-F1 Revision B2, 3400-F1 Revision B2, 3600-F1 Revision B2, 3200-USF1 Revision B2, 3400-USF1 Revision B2, 3600-USF1 Revision B2] [1] and [(6000-400-F1 or 6000-400-USF1) with (M3mk1-S-F1 Revision B2, LC-2G-1, LC-2G24F-1, LC-2G24FP-1, HW-FT, HW-PSU-200 or HW-PSU-400] [2] with FIPS kit 4010061-01; Firmware Version: ArubaOS_MMC_6.1.2.3-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400")

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/11/2013 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #465, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #416, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #768, #1627, #1629 and #1631); Triple-DES (Certs. #482, #1198 and #1201)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services"
1839 Entrust, Inc.
One Lincoln Centre
5400 LBJ Freeway
Suite 1340
Dallas, TX 75240
USA

-James Kendry
TEL: 972-726-0419
FAX: 972-713-5805

CST Lab: NVLAP 100432-0

Entrust Authority™ Security Toolkit for the Java®Platform
(Software Version: 8.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/29/2012 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2008 R2 with Dell Optiplex 755

-FIPS-approved algorithms: AES (Certs. #1935 and #1954); Triple-DES (Cert. #1261); Triple-DES MAC (Cert. #1261, vendor affirmed); DSA (Cert. #617); DRBG (Cert. #170); ECDSA (Cert. #277); SHS (Cert. #1700); HMAC (Cert. #1168); RNG (Cert. #1019); RSA (Cert. #1001); CVL (Cert. #16); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); AES (Cert. #1935, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); CAST3; CAST128; DES; IDEA; RC2; RC4; Rijndael-256; MD2; MD5; RIPEMD-160; SSL3-SHA-MD5; HMAC-MD5; CAST128 MAC; DES MAC; IDEA MAC; ElGamal; SPEKE

Multi-chip standalone

"Entrust Authority™ Security Toolkit for the Java® Platform enables custom applications to be built using a rich set of APIs that provide encryption, digital signature, and certificate authentication capabilities, as well as the ability to manage the full lifecycles of digital certificate-based identities through integration with the Entrust Authority PKI."
1838 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-92, AP-93, AP-104, AP-105, AP-175, Dell W-AP92, W-AP93, W-AP104, W-AP105 and W-AP175 Wireless Access Points
(Hardware Versions: AP-92-F1[1], AP-93-F1[1], AP-104-F1[1], AP-105-F1[1], AP-175P-F1[1], AP-175AC-F1[1], AP-175DC-F1[1], W-AP92-F1[2], W-AP93-F1[2], W-AP104-F1[2], W-AP105-F1[2], W-AP175P-F1[2], W-AP175AC-F1[2], W-AP175DC-F1[2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS[1] and Dell_PCW_6.1.2.3-FIPS[2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/08/2012;
01/24/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1837 Red Hat, Inc.
1801 Varsity Drive
Raleigh, NC 27606
USA

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

NSS Cryptographic Module
(Software Version: 3.12.9.1)

(When operated in FIPS Mode and when obtained, installed, and initialized as specified in Section 5 of the provided Security Policy. Section 5 also specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/08/2012 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system with AES-NI (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1908); DRBG (Cert. #165); DSA (Cert. #602); HMAC (Cert. #1145); RSA (Cert. #979); SHS (Cert. #1675); Triple-DES (Cert. #1240)

-Other algorithms: AES (Cert. #1908, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); HKDF; J-PAKE; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); SEED; Triple-DES (Cert. #1240, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/ ."
1836 RSA Security, Inc.
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Youngjin Son
TEL: +82-10-6700-6735

CST Lab: NVLAP 200900-0

RSA BSAFE® Crypto-C Micro Edition for MFP SW Platform (pSOS)
(Software Versions: 3.0.0.1 and 3.0.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/08/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with pSOS (single user mode)

-FIPS-approved algorithms: AES (Cert. #1808); Triple-DES (Cert. #1166); DSA (Cert. #566); ECDSA (Cert. #249); RNG (Cert. #953); DRBG (Cert. #137); RSA (Cert. #905); SHS (Cert. #1587); HMAC (Cert. #1066)

-Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman

Multi-chip standalone

"A software cryptographic library within the pSOS real-time operating system specifically for embedded systems based on the ARM9 CPU architecture."
1835 Cavium Networks
2315 N First Street
San Jose, CA 95131
USA

-TA Ramanujam
TEL: 408-931-2952
FAX: 408-577-1992

CST Lab: NVLAP 100432-0

NITROX XL 1600-NFBE HSM Family
(Hardware Versions: P/Ns CN1620-NFBE1NIC-2.0, CN1620-NFBE3NIC-2.0, CN1610-NFBE1NIC-2.0, CN1610-NFBE1-3.0, CN1620-NFBE1-3.0, CN1620-NFBE3-3.0, CN1610-NFBE1-2.0, CN1620-NFBE1-2.0 and CN1620-NFBE3-2.0; Firmware Version: CN16XX-NFBE-FW-2.1-110015)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/08/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1265 and #1266); Triple-Des (Cert. #898); RSA (Certs. #607 and #742); ECDSA (Certs. #150 and #188); SHS (Certs. #1165 and #1166); HMAC (Cert. #736); KAS (Cert. #5); RNG (Cert. #707); DRBG (Cert. #32); DSA (Cert. #474)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE

Multi-chip embedded

"The NITROX XL 1600-NFBE HSM adapter family delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets."
1834 Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0

FortiGate-200B [1], FortiGate-310B [2] and FortiGate-620B [3]
(Hardware Versions: C4CD24 [1], C4ZF35 [2] and C4AK26 [3] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/08/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1833 Motorola Solutions, Inc.
One Motorola Plaza
Holtsville, NY 11742
USA

-Bert Scaramozzino
TEL: 631-738-3215
FAX: 631-738-4164

CST Lab: NVLAP 200968-0

Fusion 802.1x Authentication Supplicant
(Software Version: H_3.40.0.0.19)

(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/07/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Motorola ES400 with Windows Mobile 6.5 OS OEM Version 2.31.0002; Motorola MC65 with Windows Mobile 6.5 OS OEM Version 2.31.0002 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #1200); AES (Cert. #1853); SHS (Cert. 1630); HMAC (Cert. #1100); RSA (Cert. #936); DSA (Cert. #578); RNG (Cert. #971)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; RC4; RC2; MD5; CCKM; IDEA; SMS4

Multi-chip standalone

"Motorola Fusion 802.1x Authentication Supplicant is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government"
1832 Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0

FortiGate-60C [1], FortiGate-110C [2] and FortiGate-111C [3]
(Hardware Versions: C4DM93 [1], C4HA15 [2] and C4BQ31 [3] with Tamper Evident Seal Kit: FIPS-SEAL-RED [1] or FIPS-SEAL-BLUE [2,3]; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/07/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1408, #1899, and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1831 Motorola Solutions, Inc.
1303 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

KMF CryptR
(Hardware Version: P/N CLN8566A; Firmware Version: R01.02.10 or R01.05.00)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
12/07/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1901); DRBG (Cert. #159); ECDSA (Cert. #268); SHS (Cert. #1670)

-Other algorithms: AES (Cert. #1901, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #1901, vendor affirmed; P25 AES OTAR); NDRNG; LFSR; KAS (non-compliant); DES-XL; DES-OFB; DES-ECB; DES-CBC; DVI-XL; DVP-XL

Multi-chip standalone

"The KMF CryptR provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola's Key Management Facility (KMF). The KMF and KMF CryptR combine to provide these cryptographic services for Motorola's APCO-25 compliant Astro radio systems."
1830 Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0

FortiGate-5140 Chassis with FortiGate 5000 Series Blades
(Hardware Version: Chassis: C4GL51; Blades: P4CF76, P4CJ36-02, P4CJ36-04 and P4EV74; AMC Components: P4FC12 and AMC4F9; Shelf Manager: PN 21594 346; Alarm Panel: PN 21594 159; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1405, #1408, #1858, #1899 and #1900); Triple-DES (Certs. #958, #961, #1205, #1234 and #1235); SHS (Certs. #1275, #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #826, #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1829 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco 5508 Wireless LAN Controller
(Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Version: 7.0.230.0 or 7.2.103.0)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1828 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-134, AP-135 and Dell W-AP134, W-AP135 Wireless Access Points
(Hardware Versions: AP-134-F1 [1], AP-135-F1 [1], W-AP134-F1 [2] and W-AP135-F1 [2] with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2])

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
01/24/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1827 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 200556-0

Symantec Scanner Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/05/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with CentOS 5.5 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1809); Triple-DES (Cert. #1167); DSA (Cert. #567); SHS (Cert. #1588); RNG (Cert. #954); RSA (Cert. #906); HMAC (Cert. #1067)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The Symantec Scanner Cryptographic Module Version 1.0 provides cryptographic services to the Scanner component of the Symantec Messaging Gateway solution, a secure email gateway offering. The Scanner provides filtering services on inbound and outbound message flows and is responsible for taking actions on emails based on filtering verdicts."
1826 Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

-Monty Forehand
TEL: 720-684-2835
FAX: 720-684-2733

CST Lab: NVLAP 100432-0

Seagate Secure® TCG Opal SSC Self-Encrypting Drive
(Hardware Versions: 9WU142, 9WU14C and 9WU141; Firmware Version: 0001SDM7 or 0001SED7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225)

-Other algorithms: NDRNG

Multi-chip embedded

"The Seagate Secure® TCG Opal SSC Self-Encrypting Drive is embedded in Seagate Momentus® Thin Self-Encrypting Drives (SEDs). The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
1825 TIBCO LogLogic®, Inc.
110 Rose Orchard Way
Suite 200
San Jose, CA 95134
USA

-Thor Taylor
TEL: (408) 215-5941

-Phuong Hoang
TEL: (408) 731-7022

CST Lab: NVLAP 200928-0

LogLogic Communications Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/25/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Oracle Enterprise Linux 5.6 running on LX 820, LX 1020, ST 1020, LX 4020, ST 1020, ST 2020-SAN, ST 4020 and MX 3020 appliances (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1926); SHS (Cert. #1691); HMAC (Cert. #1160); RNG (Cert. #1013)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The LogLogic Communications Cryptographic Module establishes a secure, encrypted tunnel between LogLogic products for the secure transmission of log data."
1824 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Telepresence C20 Codec
(Hardware Version: C20 v1; Firmware Version: TC5.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/14/2012;
11/21/2012;
12/03/2012
Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-FIPS-approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255)

-Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1823 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Telepresence C40, C60, and C90 Codecs
(Hardware Versions: C40 v1, C60 v1 and C90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
11/21/2012;
12/03/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (Cert. #1928); DRBG(Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255)

-Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1822 Data-Pac Mailing Systems Corp.
1217 Bay Road
Webster, NY 14580
USA

-Ken Yankloski
TEL: 585-787-7074
FAX: 585-671-1409

-John Keirsbilck
TEL: 585-787-7077
FAX: 585-671-1409

CST Lab: NVLAP 200427-0

iButton Postal Security Device
(Hardware Version: MAXQ1959B-F50#; Firmware Version: 1.3)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/01/2012 Overall Level: 3 

-Physical Security: Level 3 +EFT

-FIPS-approved algorithms: DSA (Cert. #544); RNG (Cert. #927); SHS (Cert. #1526)

-Other algorithms: N/A

Multi-chip standalone

"The Data-Pac MAXQ1959B-F50# Postal Security Device (PSD) is an embedded cryptographic module used for postage evidencing. The PSD complies with FIPS 140-2 standards and postal requirements to support the USPS IBI program, including strong cryptographic and physical security for the protection of postal funds."
1821 Integral Memory PLC.
Unit 6 Iron Bridge Close
Iron Bridge Business Park
Off Great Central Way
London, Middelsex NW10 0UF
United Kingdom

-Patrick Warley
TEL: +44 (0)20 8451 8700
FAX: +44 (0)20 8459 6301

- Samik Halai
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

CST Lab: NVLAP 200996-0

Crypto Dual (Underlying Steel Chassis) [1] and Crypto Dual Plus (Underlying Steel Chassis) [2]
(Hardware Versions: INFD2GCRYPTODL140-2(R) [1], INFD4GCRYPTODL140-2(R) [1], INFD8GCRYPTODL140-2(R) [1], INFD16GCRYPTODL140-2(R) [1], INFD32GCRYTPODL140-2(R) [1], INFD64GCRYPTODL140-2(R) [1], INFD2GCRYDLP140-2(R) [2], INFD4GCRYDLP140-2(R) [2], INFD8GCRYDLP140-2(R) [2], INFD16GCRYDLP140-2(R) [2], INFD32GCRYDLP140-2(R) [2], INFD64GCRYDLP140-2(R) [2], INFD128GCRYDLP140-2(R) [2], INFD256GCRYDLP140-2(R) [2], INFD512GCRYDLP140-2(R) [2] and INFD1TCRYDLP140-2(R) [2]; Firmware Version: PS2251-65)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/01/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1205); SHS (Cert. #1108); RNG (Cert. #666)

-Other algorithms: NDRNG

Multi-chip standalone

"The Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) features Dual Password (User and Master) and works in both Windows & Mac operating Systems. Featuring Premium 256 bit AES security, it is one of the most secure and durable of all Integral USB Flash Drives. It has brute-force password attack protection, a 26 language interface and operates with a zero footprint."
1820 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-120 Series and Dell W-AP120 Series Wireless Access Points
(Hardware Versions: AP-124-F1 [1], AP-125-F1 [1], W-AP124-F1 [2] and W-AP125-F1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/05/2012;
01/24/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1819 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 200556-0

Symantec Control Center Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode with RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/12/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389); DRBG (vendor affirmed); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614)

-Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RNG (X9.31, non-compliant); MD5; SHA-1 (non-compliant); RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5

Multi-chip standalone

1818 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco EX60 and EX90 TelePresence Systems
(Hardware Versions: EX60 v1 and EX90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2012;
11/21/2012;
12/03/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255)

-Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1817 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 Event Manager
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/11/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Event Manager cryptographic module provides cryptographic services to an Event Manager. In particular, these services support secure communication with supporting SQL Server databases."
1816 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation S250/D250
(Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Versions: 4.0.1 or 4.0.2)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2012;
01/04/2013
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1815 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Robbie Gill
TEL: 408-754-8406

CST Lab: NVLAP 200427-0

Aruba RAP-5WN and Dell W-RAP-5WN Remote Access Points
(Hardware Versions: RAP-5WN-F1 [1] and W-RAP-5WN-F1 [2]; Firmware Version: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2012 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba's RAP-5WN access point aggregates wired and wireless user traffic and forwards it to an Aruba Mobility Controller through a secure IPsec tunnel, using the public Internet or an optional 3G/4G WWAN service for backhaul. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 standard along with optional Suite B cryptography for high-assurance applications. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1814 Websense Inc.
10240 Sorrento Valley Road
San Diego, CA 92121
USA

-Joshua Rosenthol
TEL: 858-320-3684

CST Lab: NVLAP 200928-0

Crypto Module C
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/11/2012;
01/22/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2; 32-bit Red Hat Enterprise Linux 6 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #1257); AES (Cert. #1931); SHS (Cert. #1696); HMAC (Cert. #1165); RNG (Cert. #1016); DSA (Cert. #614); RSA (Cert. #997)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); AES-CFB1 (non-compliant); ECDSA (non-compliant); ECDH (non-compliant)

Multi-chip standalone

"Websense produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Websense Crypto Module C provides support for cryptographic and secure communications services for these solutions."
1813 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Guillaume Gavillet
FAX: 408-936-1801

-Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 200002-0

Junos-FIPS 10.4 L2 OS Cryptographic Module
(Firmware Version: 10.4R5)

(When operated only on the specific platforms specified on the reverse. The routing engine and chassis configured with tamper evident seals installed as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 10/11/2012 Overall Level: 2 

-Design Assurance: Level 3

-Tested: M120 [1], M320 [2], MX240 [3], MX480 [4], MX960 [5] and T1600 [6]; Routing Engines: (RE-A-2000-4096 [1,2] and RE-S-2000-4096 [3,4,5,6]); Routing Engine Control Boards: (750-011402 [1] and 750-021524 [3,4,5]); Blanking Plate (540-015089 Rev02 [5]); Control Boards: (750-009188 [2] and 750-024570 [6]); with Tamper Evident Seal Kit: (JNPR-FIPS-TAMPER-LBLS [1,2,3,4,5,6])

-FIPS-approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"Juniper Networks M, T and MX series routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software, which provides both management and control functions as well as all IP routing."
1812 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Control Center Virtual Appliance
(Software Versions: 5.2.0 and 5.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/11/2012;
10/31/2012
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with CGLinux (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1862 and #1917); Triple-DES (Certs. #1209 and #1247); SHS (Certs. #1638 and #1683); HMAC (Certs. #1109 and #1152); DRBG (Cert. #162); RNG (Certs. #976 and #1008); RSA (Certs. #943 and #985); DSA (Certs. #581 and #608)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5

Multi-chip standalone

"McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
1811 Diversinet Corp.
2235 Sheppard Avenue East
Suite 1700
Toronto, Ontario M2J 5B5
Canada

-Charles Blair
TEL: 416-756-2324 ext 234

-Diversinet Sales
TEL: 416-756-2324

CST Lab: NVLAP 200928-0

Diversinet Java Crypto Module
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/11/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 with JDK v1.6 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #1276); AES (Cert. #1965); SHS (Cert. #1723); HMAC (Cert. #1185); DRBG (Cert. #175); RSA (Cert. #1017)

-Other algorithms:

Multi-chip standalone

"Diversinet Java SE Crypto Module is a JCA (Java Cryptography Architecture) Provider shipped with Diversinet MobiSecure Products. The Crypto Module implements several JCE (Java Cryptography Extension) algorithms including Triple DES, AES, SHA, HMAC and RSA. The Crypto Module is packaged in a signed Java Archive (JAR) file."
1810 Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200426-0

FortiGate-1240B [1] and FortiGate-3140B [2]
(Hardware Versions: C4CN43 [1] and C4XC55 [2] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE [1] or FIPS-SEAL-RED [2]; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1408, #1858, #1899 and #1900); Triple-DES (Certs. #961, #1205, #1234 and #1235); SHS (Certs. #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1809 Systematic Development Group, LLC
350 Jim Moran Blvd. Suite 122
Deerfield Beach, FL 33442
USA

-George Wolf
TEL: 954-889-3535 x315

CST Lab: NVLAP 100432-0

LOK-IT® 10 KEY (Series SDG003FM)
(Hardware Versions: HW003-32 Rev:01 [2], HW003-16 Rev:03 [1], HW003-16 Rev:04 [2], HW003-08 Rev:02 [1], HW003-08 Rev:03 [2] , HW003-04 Rev:02 [1] and HW003-04 Rev:03 [2]; Firmware Version: USB Controller Firmware Revision V01.12A12-F01 [1] or V01.12A14-F05 [2]; Security Controller Firmware Revision SDG003FM-010)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/02/2012;
01/22/2013
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1514); SHS (Cert. #1682); DRBG (Cert. #164)

-Other algorithms: NDRNG

Multi-chip standalone

"This module is a multi-chip standalone cryptographic module, as defined by FIPS 140-2 and consists of an Initio 1861 USB controller, NAND Flash memory and a Microchip PIC16LF1825 security controller. All components are encased in hard, opaque, production grade integrated circuit packaging. The cryptographic boundary is defined as the boundary of the module's PCB and hard epoxy coating. The module uses a NDRNG as input to a Hash_DRBG algorithm specified in NIST special publication SP800-90 to generate a random 256 bit encryption key. The AES key has 256 bits of entropy."
1808 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 Log Manager
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/02/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Log Manager cryptographic module provides cryptographic services to a Log Manager. In particular, these services support secure communication with other LogRhythm components (System Monitor Agents and AI Engine Servers) and SQL Server databases."
1807 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 Console
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/02/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Console cryptographic module provides cryptographic services to a Console. In particular, these services support secure communication with SQL Server databases in a LogRhythm deployment."
1806 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 Windows System Monitor Agent
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/02/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Windows System Monitor Agent cryptographic module provides cryptographic services to a Windows System Monitor Agent. In particular, these services support secure communication with a LogRhythm Log Manager component."
1805 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 AI Engine Server
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/02/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 AI Engine Server cryptographic module provides cryptographic services to an AI Engine Server. In particular, these services support secure communication with LogRhythm Log Managers and Event Manager SQL Server databases."
1804 Diversinet Corp.
2235 Sheppard Avenue East
Suite 1700
Toronto, Ontario M2J5B5
Canada

-Charles Blair
TEL: 416-756-2324 ext 234

-Diversinet Sales
TEL: 416-756-2324

CST Lab: NVLAP 200928-0

Diversinet Java Crypto Module for Mobile
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/03/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android OS v2.2 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #1277); AES (Cert. #1966); SHS (Cert. #1724); HMAC (Cert. #1186); DRBG (Cert. #176); RSA (Cert. #1018)

-Other algorithms: N/A

Multi-chip standalone

"Diversinet Java ME Crypto Module is shipped with Diversinet MobiSecure Client SDK for Java based run-time environments on Smartphones and tablets including, Android OS-, BlackBerry OS- and Java ME MIDP-based. The Crypto Module implements several cryptography algorithms including Triple DES, AES, SHA, HMAC and RSA."
1803 Websense Inc.
10240 Sorrento Valley Road
San Diego, CA 92121
USA

-Joshua Rosenthol
TEL: 1-858-320-3684

CST Lab: NVLAP 200928-0

Crypto Module Java
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/25/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2 with JRE v1.6.0 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #1262); AES (Cert. #1936); SHS (Cert. #1701); HMAC (Cert. #1169); RNG (Cert. #1020); DSA (Cert. #618); RSA (Cert. #1002)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); ECDSA (non-compliant); ECDH (non-compliant); MD2; MD4; MD5

Multi-chip standalone

"The Websense Crypto Module Java provides cryptographic and secure communication services for the Websense-developed family of web security, email security, and data loss prevention solutions, deployed on high-performance, pre-configured hardware or as fully-customizable "ready-to-install" software."
1802 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Greg Farris
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

VDX 6710, VDX 6720 and VDX 6730 with Network OS (NOS) v2.1.0 Firmware
(Hardware Versions: VDX6710-54-F (P/N 80-1004843-02), VDX6710-54-R (P/N 80-1004702-02), VDX6720-16-F (P/N 80-1004566-05), VDX6720-16-R (P/N 80-1004567-05), VDX6720-24-F (P/N 80-1004564-05), VDX6720-24-R (P/N 80-1004565-05), VDX6720-40-F (P/N 80-1004570-05), VDX6720-40-R (P/N 80-1004571-05), VDX6720-60-F (P/N 80-1004568-05), VDX6720-60-R (P/N 80-1004569-05), VDX6730-16-F (P/N 80-1005649-01), VDX6730-16-R (P/N 80-1005651-01), VDX6730-24-F (P/N 80-1005648-01), VDX6730-24-R (P/N 80-1005650-01), VDX6730-40-F (P/N 80-1005680-01), VDX6730-40-R (P/N 80-1005681-01), VDX6730-60-F (P/N 80-1005679-011) and VDX6730-60-R (P/N 80-1005678-01) with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: Network OS (NOS) v2.1.0 (P/N 63-1000931-01))

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/07/2012 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #652); AES (Certs. #731 and #1595); SHS (Certs. #749 and #1407); HMAC (Certs. #397 and #933); RNG (Cert. #426); RSA (Certs. #342 and #778)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96

Multi-chip standalone

"The VDX 6710, VDX 6720 and VDX 6730 are multiple-chip standalone cryptographic modules. The module is a Gigabit Ethernet routing switch that provides secure network services and network management."
1801 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

µMACE
(Hardware Version: P/N AT58Z04; Firmware Version: R01.00.04)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/07/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1876); DRBG (Cert. #154); ECDSA (Cert. #263); KAS (Cert. #28); SHS (Cert. #1619)

-Other algorithms: AES (Cert. #1876, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG

Single-chip

"The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products."
1800 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Andrew Young
TEL: 703-647-8408
FAX: 410-290-6506

CST Lab: NVLAP 100432-0

eToken 4300
(Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: SafeNet eToken 4300 010E.1245.0002 with PIV Applet 3.0)

(PIV Card Application: Cert. #32)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/06/2012 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"eToken 4300 is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. eToken 4300 is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. eToken 4300 supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. eToken 4300 exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1799 Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

-Todd Cignetti
TEL: 412-262-2571, ext. 106
FAX: 412-262-2574

CST Lab: NVLAP 200928-0

CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE
(Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/04/2012 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #482, #667 and #1258); AES (Certs. #465, #762 and #1932); SHS (Cert. #1697); HMAC (Certs. #416, #417 and #1166); RSA (Certs. #998); DSA (Certs. #615); RNG (Certs. #1017)

-Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP100 VSE and CEP1000 VSE provide data confidentiality, data integrity and data authentication for network traffic at bit rates from 75 Mbps to 1 Gbps."
1798 Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

-Todd Cignetti
TEL: 412-262-2571, ext. 106
FAX: 412-262-2574

CST Lab: NVLAP 200928-0

CEP10-R, CEP10 VSE and CEP10-C
(Hardware Versions: [CEP10-R, PN 410-032-402, A], [CEP10 VSE, PN 410-032-402, A], [CEP10-C, PN 410-032-602, A] and [CEP10 VSE, PN 410-032-602, A]; Firmware Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/06/2012 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #673 and #1258); AES (Certs. #779 and #1932); SHS (Cert. #1697); HMAC (Certs. #426 and #1166); RSA (Cert. #998); DSA (Cert. #615); RNG (Cert. #1017)

-Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer full line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP10 VSE provides data confidentiality, data integrity and data authentication for network traffic at bit rates from 3 Mbps to 50 Mbps."
1797 Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

-Todd Cignetti
TEL: 412-262-2571, ext. 106
FAX: 412-262-2574

CST Lab: NVLAP 200928-0

CEP10G VSE
(Hardware Version: [CEP10G VSE, A]; Firmware Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/04/2012 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #1195 and #1258); AES (Certs. #1842 and #1932); SHS (Cert. #1697); HMAC (Certs. #1141 and #1166); RSA (Cert. #998); DSA (Cert. #615); RNG (Cert. #1017)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer full line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP10G VSE provides data confidentiality, data integrity and data authentication for network traffic at bit rates from 500 Mbps to 10 Gbps."
1796 Brocade Communications Systems, Inc.
130 Holger W
San Jose, CA 95134
USA

-Greg Farris
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones; 6510 FC Switch; and 7800 Extension Switch
(Hardware Version: [6510 FC Switch (P/Ns 80-1005232-02, 80-1005267-02, 80-1005268-02, 80-1005269-02, 80-1005271-02 and 80-1005272-02) [A,B], 7800 Extension Switch (P/Ns 80-1002607-06, 80-1002608-06 and 80-1002609-06) [A,B], [DCX Backbone (P/Ns 80-1001064-08, 80-1001064-09, 80-1004920-02 and 80-1004920-03), DCX-4S Backbone (P/Ns 80-1002071-08, 80-1002071-09, 80-1002066-08 and 80-1002066-09), DCX 8510-4 Backbone (P/Ns 80-1004697-02, 80-1004697-03, 80-1005158-02 and 80-1005158-03) and DCX 8510-8 Backbone (P/Ns 80-1004917-02 and 80-1004917-03] with Blades (P/Ns 80-1001070-06 [A,B], 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1001071-02, 80-1000696-01, 80-1005166-01, 80-1005187-01, 80-1001066-01, 80-1001067-01, 80-1001453-01, 80-1003887-01, 80-1002762-04, 80-1000233-10, 80-1002839-02, 49-1000016-04, 49-1000064-02 and 49-1000294-05)] with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.0.0b (P/N 63-1000968-01) [A] or Fabric OS v7.0.0b1 (P/N 63-1001098-01) [B])

(When operated in FIPS mode and when tamper evident labels are installed on the initially built configurations as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/31/2012 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #652 and #1043); AES (Certs. #731, #1595 and #1596); SHS (Certs. #749, #1407 and #1408); HMAC (Certs. #397, #933 and #934); RNG (Certs. #426 and #854); RSA (Certs. #778, #779, #1048 and #1049)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96

Multi-chip standalone

"The Brocade« DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
1795 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

-Thomas Palsherm
TEL: +49 89 4119-2384
FAX: +49 89 4119-9093

CST Lab: NVLAP 200427-0

Sm@rtCafé Expert 6.0 FIPS
(Hardware Versions: P5CC081, P5CD081 and P5CD145; Firmware Version: Sm@rtCafé Expert 6.0)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/31/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed)

-Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides between 128 and 175 bits of encryption strength)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafé Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
1794 Thales e-Security
Meadow View House
Crendon Industrial Estate, Long Crendon,
Aylesbury, Buckinghamshire HP18 9EQ
United Kingdom

-Datacryptor-Certifications
TEL: +44 (0)1844 201800

CST Lab: NVLAP 200002-0

Secure Generic Sub-System (SGSS), Version 3.5
(Hardware Versions: 1213H130 Issue 6E, 1213R130 Issue 1, 1213P130 Issue 2 and 1213P130 Issue 2A; Software Version: 3.0.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/28/2012;
09/27/2012
Overall Level: 3 

-FIPS-approved algorithms: ECDSA (Cert. #283); SHS (Cert. #1717)

-Other algorithms: N/A

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000, Datacryptor® Advanced Performance and Small Form Factor family (Link, Frame Relay, E1/T1, E3/T3, and IP models). The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (ECDSA) and SHA-384 hashing. This is a revalidation of the SGSS certified under FIPS Certificate #836, and does not affect the previous FIPS validation."
1793 HID Global
15370 Barranca Pkwy
Irvine, CA 92618
USA

-Stephane Ardiley
TEL: 510-745-6288
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

HID Global Digital Identity Applet v2 on NXP JCOP 2.4.2
(Hardware Version: P/N P5CD145; Firmware Version: JCOP 2.4.2 R0 MaskID 53 and patchID 98, Digital Identity Applet Suite 2.7.1)

(PIV Card Application: Cert. #29)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/28/2012 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: RNG (Cert. #942); Triple-DES (Cert. #1144); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); RSA (Cert. #885)

-Other algorithms: Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured for use with HID Global JavaCard Applet Suite v2.7.1 for support of GSC-IS v2.1, NIST SP800-73-3 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
1792 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 OpenSSH Server Cryptographic Module
(Software Version: 2.1)

(When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode. When obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/24/2012;
10/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); RNG (Certs. #989, #990, #994 and #995); HMAC (Certs. #1129, #1130, #1134 and #1135); SHS (Certs. #1658, #1659, #1663 and #1664); RSA (Certs. #964, #965, #969 and #970)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 160 bits of encryption strength)

Multi-chip standalone

"The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.2. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1791 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 OpenSSH Client Cryptographic Module
(Software Version: 2.1)

(When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/24/2012;
10/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); RNG (Certs. #989, #990, #994 and #995); HMAC (Certs. #1129, #1130, #1134 and #1135); SHS (Certs. #1658, #1659, #1663 and #1664); RSA (Certs. #964, #965, #969 and #970)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 160 bits of encryption strength)

Multi-chip standalone

"The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.2. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1790 ARX (Algorithmic Research)
10 Nevatim Street
Petah-Tikva, 49561
Israel

-Ezer Farhi
TEL: +972-39279529
FAX: +972-39230864

CST Lab: NVLAP 200002-0

PrivateServer
(Hardware Version: 4.7; Firmware Version: 4.8.1)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1983); Triple-DES (Cert. #1286); RSA (Cert. #1029); SHS (Cert. #1738); Triple-DES MAC (Triple-DES Cert. #1286, vendor affirmed); RNG (Cert. #1042); ECDSA (Cert. #288); HMAC (Cert. #1196)

-Other algorithms: DES Stream; MD5; RSA cipher only with ISO9796 padding; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES; DES MAC

Multi-chip standalone

"The PrivateServer is a high-performance cryptographic service provider. PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES MAC, CCM, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capability."
1789 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032
(Hardware Versions: FWE-S1104, FWE-S2008, FWE-S3008, FWE-S4016, FWE-S5032 and FWE-S6032; Firmware Version: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/22/2012 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1788 Q1 Labs
890 Winter Street
Suite 230
Waltham, MA 02451
USA

-Ellen Knickle
TEL: 506-444-6870
FAX: 506-459-7016

-Peter Clark
TEL: 506-635-4900
FAX: 506-459-7016

CST Lab: NVLAP 200427-0

Cryptographic Security Kernel
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/22/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux (RHEL) 5.7; CentOS 5.7 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1907); HMAC (Cert. #1144); RNG (Cert. #1001); RSA (Cert. #978); SHS (Cert. #1674); Triple-DES (Cert. #1239)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5, RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"Q1 Labs Cryptographic Security Kernel is multi-algorithm library providing general-purpose cryptographic services. The purpose of the module is to provide a single API for cryptographic functionality that can provide centralized control over FIPS-Approved mode status, provide availability of only FIPS-Approved algorithms or vendor-affirmed implementations of non FIPS-Approved algorithms, and provide for centralized logging and reporting of the cryptographic engine."
1787 GDC Technology (USA), LLC
1016 West Magnolia Boulevard
Burbank, CA 91506
USA

-Pranay Kumar
TEL: (877) 743-2872
FAX: (877) 643-2872

CST Lab: NVLAP 100432-0

IMB
(Hardware Version: GDC-IMB-v1; Firmware Version: 1.1 with Security Manager Firmware Version 1.2.11)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/22/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1278 and #1286); SHS (Certs. #1176, #1178, #1179 and #1180); RNG (Certs. #713 and #716); RSA (Certs. #610 and #613); HMAC (Certs. #743 and #747)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; S-Box

Multi-chip embedded

"A digital cinema media block designed to be compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management and logging."
1786 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/24/2012;
01/24/2013
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 7 (64-bit) with Sun JRE 6.0; Android 2.2 ARM (32-bit) JRE 6.0 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1911); DRBG (Cert. #160); DSA (Cert. #604); ECDSA (Cert. #271); HMAC (Cert. #1148); PBKDF (vendor affirmed); RNG (Cert. #1004); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243)

-Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1785 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/24/2012;
01/24/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 7 (64-bit) with Sun JRE 6.0; Android 2.2 ARM (32-bit) JRE 6.0 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1911); DRBG (Cert. #160); DSA (Cert. #604); ECDSA (Cert. #271); HMAC (Cert. #1148); PBKDF (vendor affirmed); RNG (Cert. #1004); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243)

-Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1784 Hewlett-Packard Company
8000 Foothills Blvd
Rosevillle, CA 95747
USA

-Sunil Amanna
TEL: 916-785-1183
FAX: 916-785-1103

-Harjit Dhillon
TEL: 916-785-0341
FAX: 916-785-1103

CST Lab: NVLAP 200002-0

HP Networking 5400 zl [1,2] and 8200 zl [3,4] Switch Series
(Hardware Versions: 5406 zl [1] 5412 zl [2], 8206 zl [3], 8212 zl [4] [A] [B]; Switches: (J8697A [1], J8698A [2], J9447A [3] and J9091A [4] [A] [B]); Management Modules: (J8726A [1,2] and two J9092A [3,4] [A] [B]); Power Supply: (J9306A: one [1,3] or two [2,4]); Support Module: (J9095A [3,4] [A] [B]); Fabric Module: (two J9093A [3,4] [A] [B]); Blank Plate: (5069-8563: five [1,3] or eleven [2,4]); PSU Blank Plate (5003-0753: one [1,3] or two [2,4]); Opacity Shield Kits: (J9710A [1], J9711A [2], J9712A [3] and J9713A [4]); High Performance Fan Trays: (J9721A [1], J9722A [2], J9723A [3] and J9724A [4]); with ([HP Gig-T/SFP+ V2 zl Mod: J9536A] and [Tamper Evident Seal Kit: J9709A]) [1,2,3,4]; Firmware Versions: K.15.07.003 [A] and K.15.07.0012 [B])

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/15/2012;
12/13/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #1718); Triple-DES (Cert. #1105); SHS (Certs. #1501 and #1600); HMAC (Cert. #993); RSA (Certs. #866 and #915); DSA (Cert. #530); RNG (Cert. #911)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); MD5

Multi-chip standalone

"The HP 5400 Switch series consists of Layer 2/3/4 switches which support integrated advanced capabilities in chassis (6-slot and 12-slot) form factor and offer maximum flexibility, life time warranty and lowered TCO. The HP 8200 zl Switch Series offers high performance, scalability, and a wide range of features in a high-availability platform that dramatically reduces complexity and provides reduced cost of ownership."
1783

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/08/2012 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

1782 SafeNet, Inc.
20 Colonnade Drive
Suite 200
Ottowa, ON K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-221-5032
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

ProtectServer Internal Express (PSI-e)
(Hardware Versions: VBD-04-0302 and VBD-04-0303; Firmware Versions: 3.20.00 and 3.20.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/07/2012;
11/05/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1859 and #1860); DSA (Cert. #579); ECDSA (Cert. #259); HMAC (Cert. #1106); RNG (Cert. #975); RSA (Cert. #940); SHS (Cert. #1636); Triple-DES (Certs. #1206 and #1207); Triple-DES MAC (Triple-DES Cert. #1206, vendor affirmed)

-Other algorithms: AES MAC (AES Cert. #1859; non-compliant); ARIA; CAST-128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); ECIES; EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); SEED; SEED MAC; Triple-DES (Certs. #1206 and #1207, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); AES (Certs. #1859 and #1860, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Multi-chip embedded

"The SafeNet PSI-e is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-e also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC."
1781 Valid S/A
Av. Paulista, 1000, terreo
Sao Paulo, 01310-100
Brazil

-Carlos Okada
TEL: +55 11 2575-6800
FAX: +55 11 2575-6500

CST Lab: NVLAP 100432-0

IDflex V
(Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Valid IDflex V 010B.0352.0005 with LASER PKI Applet 3.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/07/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1654); RSA (Cert. # 824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDflex V is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDflex V is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDflex V supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDflex V exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1780

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/07/2012;
09/26/2012
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1779

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/07/2012;
09/26/2012
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1778

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/07/2012 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1777 Thales e-Security, Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Nathan Turajski
TEL: 954-888-6201

CST Lab: NVLAP 200427-0

Thales e-Security keyAuthority®
(Hardware Version: 1.0; Firmware Version: 3.0.3)

(This module contains the embedded module IBM Java JCE FIPS 140-2 Cryptographic Module validated to FIPS 140-2 under Cert. #1081 operating in FIPS mode using IBM JVM 1.6)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/07/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #805 and #1795); DRBG (Cert. #128); HMAC (Certs. #445 and #1059); RNG (Cert. #463); RSA (Certs. #387 and #898); SHS (Certs. #803, #1573 and #1577)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"Thales keyAuthority® is a standards-based, FIPS-validated key management appliance that enables organizations to confidently manage encryption for multiple types of encrypting endpoints. The appliance manages encryption keys throughout their lifecycle to meet security policy and regulatory compliance requirements. A vendor-neutral approach ensures broad support for encryption devices."
1776 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, ON K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® CA4
(Hardware Version: LTK-02-0501; Firmware Version: 4.8.7)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/01/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1785; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
1775 SafeNet, Inc.
20 Colonnade Road
Suite 200
Nepean, ON K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCM Key Export (KE) Cryptographic Module
(Hardware Version: LTK-02-0501; Firmware Version: 4.8.7)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/01/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1785; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1774 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, ON K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCM
(Hardware Version: LTK-02-0501; Firmware Version: 4.8.7)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/01/2012 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed)

-Other algorithms: DES; AES MAC (AES Cert. #1785, non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1773 Ciena® Corporation
1201 Winterson Road
Linthicum, MD 21090
USA

-Patrick Scully
TEL: 613-670-3207

CST Lab: NVLAP 200928-0

565 Advanced Services Platform [1], 5100 Advanced Services Platform [2] and 5200 Advanced Services Platform [3]
(Hardware Versions: [NT0H50DAE5 REV 004 [1], NTPM50AAE5 Rev 11 [2], NT0H50AA Rev 014 [3], SP Card NT0H5066E5 Rev 04 [1] and NT0H41ABE5 Rev 8 [2,3], QOTR/E Card NT0H25BAE5 Rev 2 [1,2,3], OCM Card NT0H40BCE5 Rev 18 [3], Filler Card NT0H52ABE6 Rev 02 [1,2,3]] with FIPS security kit NT0H25BZ Rev 3; Firmware Versions: 11.2 and 11.21)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/01/2012;
02/06/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #1161); AES (Certs. #1682, #1794 and #1796); SHS (Certs. #1576 and #1578); HMAC (Certs. #1058 and #1060); RSA (Certs. #897 and #899); DRBG (Certs. #130 and #131)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; DES; Blowfish

Multi-chip standalone

"The 565/5100/5200 Advanced Services Platform offers an integrated transport encryption solution providing an ultra-low latency and protocol-agnostic wirespeed encryption service for use in small to large enterprises or datacenters and also offered through service providers as a differentiated managed service."
1772 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Guillaume Gavillet
FAX: 408-936-1801

-Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 200002-0

Junos-FIPS 10.4 L1 OS Cryptographic Module
(Firmware Version: 10.4R5)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 07/31/2012 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: RE-850-1536 [M7i] and RE-850-1536 [M10i]

-FIPS-approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"Juniper Networks M7i and M10i routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software which provides both management and control functions as well as all IP routing."
1771 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Wendi Ittah
TEL: 703- 399-0535

CST Lab: NVLAP 200928-0

ProxySG 510-5 [1], 510-10 [2], 510-20 [3], 510-25 [4], 810-5 [5], 810-10 [6], 810-20 [7] and 810-25 [8]
(Hardware Versions: 090-02760 Rev U.0 [1]; 090-02761 Rev X.0 [2]; 090-02762 Rev W.0 [2]; 090-02761 Rev C.0 [2]; 090-02762 Rev C.0 [2]; 090-02763 Rev W.0 [3]; 090-02764 Rev W.0 [3]; 090-02763 Rev C.0 [3]; 090-02764 Rev C.0 [3]; 090-02781 Rev X.0 [4]; 090-02782 Rev X.0 [4]; 090-02781 Rev C.0 [4]; 090-02782 Rev C.0 [4]; 090-02765 Rev W.0 [5]; 090-02766 Rev Y.0 [6]; 090-02767 Rev Y.0 [6]; 090-02766 Rev H.0 [6]; 090-02767 Rev H.0 [6]; 090-02768 Rev X.0 [7]; 090-02769 Rev X.0 [7]; 090-02768 Rev H.0 [7]; 090-02769 Rev H.0 [7]; 090-02783 Rev Z.0 [8]; 090-02784 Rev Z.0 [8]; 090-02783 Rev H.0 [8] and 090-02784 Rev H.0 [8] with FIPS kit 085-02597; Firmware Versions: 5.5 or 5.5.7.2)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/31/2012;
08/07/2012;
01/04/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #105, #397 and #1885); Triple-DES (Certs. #217, #435 and #1224); RSA (Cert. #962); SHS (Cert. #1656); HMAC (Cert. #1127); RNG (Cert. #987).

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 510 and 810 are some of several appliance lines offered by Blue Coat"
1770 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Wendi Ittah
TEL: 703- 399-0535

CST Lab: NVLAP 200928-0

ProxySG 510-5 [1], 510-10 [2], 510-20 [3], 510-25 [4], 810-5 [5], 810-10 [6], 810-20 [7], 810-25 [8]
(Hardware Versions: 090-02760 Rev U.0 [1]; 090-02761 Rev X.0 [2]; 090-02762 Rev W.0 [2]; 090-02761 Rev C.0 [2]; 090-02762 Rev C.0 [2]; 090-02763 Rev W.0 [3]; 090-02764 Rev W.0 [3]; 090-02763 Rev C.0 [3]; 090-02764 Rev C.0 [3]; 090-02781 Rev X.0 [4]; 090-02782 Rev X.0 [4]; 090-02781 Rev C.0 [4]; 090-02782 Rev C.0 [4]; 090-02765 Rev W.0 [5]; 090-02766 Rev Y.0 [6]; 090-02767 Rev Y.0 [6]; 090-02766 Rev H.0 [6]; 090-02767 Rev H.0 [6];090-02768 Rev X.0 [7]; 090-02769 Rev X.0 [7]; 090-02768 Rev H.0 [7]; 090-02769 Rev H.0 [7]; 090-02783 Rev Z.0 [8]; 090-02784 Rev Z.0 [8]; 090-02783 Rev H.0 [8] and 090-02784 Rev H.0 [8] with FIPS kit 085-02597; Firmware Versions: 6.1 or 6.1.5.5)

(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/31/2012;
08/07/2012;
01/04/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #105, #397 and #1875); Triple-DES (Certs. #217, #435 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 510 and 810 are some of several appliance lines offered by Blue Coat"
1769 Hewlett-Packard Development Company, L.P.
2344 Boulevard Alfred-Nobel
St-Laurent, QC H4S 0A4
Canada

-Gilbert Moineau
TEL: +1-514-920-4250

CST Lab: NVLAP 200002-0

HP 5406 zl [1], HP 5412 zl [2], HP 8206 zl [3] and HP 8212 zl [4] Switches with the HP MSM765zl Mobility Controller
(Hardware Version: (J8697A [1], J8698A [2], J9447A [3] and J9091A [4] [B]); Management Modules: (J8726A [1,2] and J9092A [3,4] [B]); Power Supply: (J9306A: one [1,3] or two [2,4]); Support Module: (J9095A [3,4] [B]); Fabric Module: (J9093A: two [3,4] [B]); Blank Plate: (5069-8563: four [1], ten [2], five [3] or eleven [4]); Opacity Shield Kits: (J9710A [1], J9711A [2], J9712A [3] and J9713A [4]); High Performance Fan Trays: (J9721A [1], J9722A [2], J9723A [3] and J9724A [4]); with (HP Gig-T/SFP+ V2 zl Mod: J9536A; HP Mobility Controller: J9370A [A] and Tamper Evident Seal Kit: J9709A) [1,2,3,4]; Firmware Version: 5.6.0 [A] and K.15.07.0003 [B])

(When operated in FIPS mode with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/27/2012 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1824 and #1825); Triple-DES (Certs. #1177 and #1178); SHS (Certs. #1603 and #1604); HMAC (Certs. #1079 and #1107); RNG (Cert. #961); RSA (Certs. #917 and #921)

-Other algorithms: RC4; MD5; HMAC-MD5; SHA-[224, 256, 384 and 512] (Cert. #1604; non-compliant); HMAC-SHA-[224, 256, 384 and 512] (Cert. #1079; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The HP 5400/8200 zl Switch Series with the HP MSM765zl Mobility Controller provide centralized management and control of intelligent HP MSM APs for a wide range of deployments, from small Internet cafes and businesses, to large corporations and institutions."
1768 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Wendi Ittah
TEL: 703- 399-0535

CST Lab: NVLAP 200928-0

ProxySG 9000-10 [1], 9000-20 [2] and 9000-20B [3]
(Hardware Version: 090-02844 [1], 090-02843 [1], 090-02840 [2], 090-02839 [2], 090-02984 [3] and 090-02985 [3] with FIPS kit 085-02718;; Firmware Versions: 5.5 or 5.5.7.2)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/27/2012;
08/07/2012;
01/04/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1265 and #1885); Triple-DES (Certs. #898 and #1224); RSA (Cert. #962); SHS (Cert. #1656); HMAC (Cert. #1127); RNG (Cert. #987).

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 9000 is one of several appliance lines offered by Blue Coat"
1767 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Wendi Ittah
TEL: 703- 399-0535

CST Lab: NVLAP 200928-0

ProxySG 900-10 [1], 900-10B [2], 900-20 [3], 900-30 [4], 900-45 [5] and 900-55 [6]
(Hardware Version: 090-02900 [1], 090-02901 [1], 090-02988 [2], 090-02989 [2], 090-02902 [3], 090-02903 [3], 090-02904 [4], 090-02905 [4], 09002908 [5], 090-02909 [5], 090-02979 [6] and 090-02980 [6] with FIPS kit 085-02742; Firmware Versions: 6.1 or 6.1.5.5)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/27/2012;
08/07/2012;
08/16/2012;
01/04/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1265 and #1875); Triple-DES (Certs. #898 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 900 is one of several appliance lines offered by Blue Coat"
1766 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Wendi Ittah
TEL: 703- 399-0535

CST Lab: NVLAP 200928-0

ProxySG 9000-10 [1], 9000-20 [2], 9000-20B [3], 9000-30 [4] and 9000-40 [5]
(Hardware Version: 090-02844 [1], 090-02843 [1], 090-02840 [2], 090-02839 [2], 090-02984 [3], 090-02985 [3], 090-02841 [4], 090-02842 [4], 090-02845 [5] and 090-02846 [5] with FIPS kit 085-02718; Firmware Versions: 6.1 or 6.1.5.5)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/27/2012;
08/07/2012;
08/16/2012;
09/27/2012;
01/04/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1265 and #1875); Triple-DES (Certs. #898 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 9000 is one of several appliance lines offered by Blue Coat"
1765 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 905-507-4230

CST Lab: NVLAP 200556-0

BlackBerry Cryptographic Java Module
(Software Versions: 2.8 and 2.8.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 07/31/2012;
10/10/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on [Solaris 10, 32-bit; Solaris 10, 64-bit; Red Hat Linux AS 5.5, 32-bit; Red Hat Linux AS 5.5, 64-bit; Windows Vista, 32-bit; Windows Vista, 64-bit; Windows 2008 Server, 64-bit] (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #964); AES (Cert. #1411); SHS (Cert. #1281); HMAC (Cert. #832); RNG (Cert. #773); DSA (Cert. #455); ECDSA (Cert. #179); RSA (Cert. #687); DRBG (Cert. #52); KAS (Cert. #8)

-Other algorithms: ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength);

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Java Module is a software module that provides cryptographic services to BlackBerry® products such as the BlackBerry® PlayBook Administration Service, and other BlackBerry® products."
1764 Athena Smartcard, Inc.
20380 Town Center Lane
Suite 240
Cupertino, CA 95014
USA

-Ian Simmons
TEL: 408-865-0112
FAX: 408-865-0333

CST Lab: NVLAP 100432-0

IDProtect Duo with PIV
(Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: Athena IDProtect 010E.1245.0002 with PIV Applet 3.0)

(PIV Card Application: Cert. #31)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/23/2012 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high performance government and enterprise smart card applications."
1763 Motorola Solutions, Inc.
Unit A1, Linhay Business Park
Ashburton, Devon TQ13 7UP
United Kingdom

-Richard Carter
TEL: +44 1364 655504
FAX: +44 1364 654625

CST Lab: NVLAP 100432-0

Motorola PTP 800 Series CMU Cryptographic Module
(Hardware Version: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800 04-10)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2012 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG

Multi-chip standalone

"Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Motorola Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution."
1762 INSIDE Secure
41 Parc Club du Golf
Aix-en-Provence, 13856
France

-Jerome Ducros
TEL: +333 (0)413758653

CST Lab: NVLAP 100432-0

VaultIC420™, VaultIC440™ and VaultIC460™
(Hardware Versions: P/N: ATVaultIC420, ATVaultIC440 and ATVaultIC460, Platform: AT90SO128 - Silicon Rev F; Firmware Version: 1.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2012;
09/06/2012
Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: AES (Cert. #1822); DRBG (Cert. #142); DSA (Cert. #572); ECDSA (Cert. #251); HMAC (Cert. #1077); RSA (Cert. #927); SHS (Cert. #1601); Triple-DES (Cert. #1175)

-Other algorithms: DES; DES MAC; Triple-DES MAC (non-compliant); HOTP; TOTP; RSA (encrypt/decrypt); AES (Cert. #1822, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"The VaultIC™ 420, VaultIC™ 440 and VaultIC™ 460 is an Application Specific Standard Product (ASSP) designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection."
1761 Motorola Solutions, Inc.
1303 E. Algonquin Rd
Schaumburg, IL 60196
USA

-Richard Carter
TEL: 44-0-1364-655500
FAX: 44-0-1364-654625

CST Lab: NVLAP 100432-0

Motorola PTP 600 Series Point to Point Wireless Ethernet Bridges
(Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Version: PTP600 10-00)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2012 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); RADIUS

Multi-chip standalone

"PTP 600 Series Ethernet bridges offer high performance connectivity and backhaul in challenging non-line-of-sight environments. With carrier-grade reliability, PTP 600 links have class-leading sensitivity and power output which enable links to go farther, while sustaining high throughput regardless of conditions. With data rates up to 300 Mbps and reaching distances up to 124 miles, this Series of high-performance and secure wireless bridges make cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers and public safety organizations."
1760 Catbird Networks, Inc.
1800 Green Hills Road
Suite 113
Scotts Valley, CA 95066
USA

-Michael Berman
TEL: 1-800-673-6775

CST Lab: NVLAP 100432-0

Catbird vSecurity Crypto Module v1.0
(Software Version: v1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/27/2012 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with CentOS 6.0 running on Intel Core i5 with AES-NI (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1922); DRBG (Cert. #166); DSA (Cert. #609); HMAC (Cert. #1157); RNG (Cert. #1010); RSA (Cert. #991); SHS (Cert. #1688); Triple-DES (Cert. #1252); ECDSA (Cert. #274); CVL (Cert. #14)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"Catbird is the industry pioneer in security and compliance for virtualized environments, a four-time Best of Show Finalist at VMworld and a Gartner Group Cool Vendor 2011. Catbird's comprehensive protection includes monitoring and enforcement of PCI, NIST, HIPAA, FISMA, DIACAP and other requirements in virtual environments. Maintaining regulatory and corporate compliance in the new data center and eliminating uncertainty over secure virtualization, Catbird's protection keeps Tier-1 application deployment plans on track."
1759 Cummings Engineering Consultants, Inc.
145 S. 79th St.
Suite 26
Chandler, AZ 85226
USA

-Darren Cummings
TEL: 480-809-6024

CST Lab: NVLAP 100432-0

Cummings Engineering's Secure Mobility Suite B Crypto Module v1.0
(Software Version: v1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/27/2012 Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with Android 2.2 running on Qualcomm QSD 8250 (ARMv7) with NEON; Linux 3.0.4 running on TI OMAP 3 (ARMv7) with NEON; Ubuntu 10.04; Fedora 14 running on Intel Core i5 with AES-NI; Windows 7 running on Intel Core i5 with AES-NI; Windows 7; Android 2.2; Android 2.2 running on Intel Core i5 with AES-NI (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1916); DRBG (Cert. #161); DSA (Cert. #607); HMAC (Cert. #1151); RNG (Cert. #1007); RSA (Cert. #984); SHS (Cert. #1681); Triple-DES (Cert. #1246); ECDSA (Cert. #272); CVL (Cert. #13)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"Cummings Engineering is a leading provider of mobility innovation providing state-of-the art advanced cryptography and enterprise solutions in both commercial and government markets. Cummings Engineering has multiple patents/patents-pending in the secure communications domain and has made breakthroughs around MDM, Secure Smartphones, and more. Cummings Engineering is committed to providing best-in-class products and services to protect the privacy and data of US Citizens."
1758 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module
(Software Version: 2.1)

(When operated in FIPS Mode and when obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/27/2012;
10/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); SHS (Certs. #1658, #1659, #1663 and #1664); RNG (Certs. #989, #990, #994 and #995); RSA (Certs. #964, #965, #969 and #970); HMAC (Certs #1129, #1130, #1134 and #1135)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 160 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength); MD5

Multi-chip standalone

"The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library version 1.0.0-20.el6 delivered with RHEL 6.2."
1757 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 Libgcrypt Cryptographic Module
(Software Version: 2.1)

(When operated in FIPS mode and when obtained, installed and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/27/2012;
10/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1886, #1890, #1891 and #1892); Triple-DES (Certs. #1225, #1228, #1229 and #1230); SHS (Certs. #1657, #1660, #1661 and #1662); RSA (Certs. #963, #966, #967 and #968); DSA (Certs. #591, #594, #595 and #596); HMAC (Certs. #1128, #1131, #1132 and #1133); RNG (Certs. #988, #991, #992 and #993)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5

Multi-chip standalone

"The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library version 1.4.5-9.e16 delivered with RHEL 6.2."
1756 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

NetScreen-ISG 1000 [1] and NetScreen-ISG 2000 [2]
(Hardware Versions: [NS-ISG-1000, NS-ISG-1000-DC, NS-ISG-1000B and NS-ISG-1000B-DC] [1] and [(NS-ISG-2000, NS-ISG-2000-DC, NS-ISG-2000B and NS-ISG-2000B-DC) with 1, 2, 3 or 4 FE8 Interface Cards][2] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/27/2012 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #1058); AES (Cert. #1617); DSA (Cert. #504); SHS (Cert. #1426); RNG (Cert. #865); RSA (Cert. #795); HMAC (Cert. #948); ECDSA (Cert. #202)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5

Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1755 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

NetScreen-5200 [1] and Netscreen-5400 [2]
(Hardware Versions: [(NS-5200 [1] with one NS-5000-8G2) and (NS-5400 [2] with one to three NS-500-8G2)] with (NS-5000-MGT2 or NS-5000-MGT3) and JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/27/2012 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #1059); AES (Cert. #1618); DSA (Cert. #505); SHS (Cert. #1427); RNG (Cert. #866); RSA (Cert. #796); HMAC (Cert. #949); ECDSA (Cert. #203)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5

Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1754 Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200556-0

FortiOS™
(Firmware Version: 4.0 MR3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 07/17/2012 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: FortiGate 3950B

-FIPS-approved algorithms: AES (Certs. #1856 and #1857); Triple-DES (Certs. #1203 and #1204); HMAC (Certs. #1103 and #1104); SHS (Certs. #1633 and #1634); RSA (Cert. #939); RNG (Cert. #974)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)

Multi-chip standalone

"The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
1753 Utimaco Safeware AG
Germanusstr. 4
Aachen, 52080
Germany

-Dr. Gesa Ott
TEL: +49 241-1696-200
FAX: +49 241-1696-199

CST Lab: NVLAP 100432-0

SafeGuard® CryptoServer Se
(Hardware Version: P/N CryptoServer Se, Version 3.00.3.1; Firmware Version: 1.0.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/24/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1711); DRBG (Cert. #141); ECDSA (Cert. #221); HMAC (Cert. #990); RSA (Certs. #841 and #842); SHS (Certs. #1498, #1597 and #1598); Triple-DES (Cert. #1101); Triple-DES MAC (Triple-DES Cert. #1101, vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (Cert. #1711, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1101, key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES; MD5; DSA (non-compliant); MDC-2; RIPEMD-160; Retail-TDES MAC (non-compliant); AES MAC (AES Cert. #1711; non-compliant)

Multi-chip embedded

"SafeGuard® CryptoServer Se is an encapsulated, protected hardware security module which provides secure cryptographic services like encryption or decryption (for various cryptographic algorithms like Triple-DES, RSA and AES), hashing, signing, and verification of data (RSA, ECDSA), random number generation, on-board secure key generation, key storage and further key management functions in a tamper-protected environment. The module is optionally available with or without RSA Crypto Accelerator."
1752 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Versions: P/Ns 5185912Y01 or 5185912Y03; Firmware Versions: [D01.03.08, D01.03.10, R07.11.08, R07.11.10, R07.11.11 or R01.03.13] and [R01.00.00 or (R01.00.00 and R02.00.00)])

(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2012;
07/18/2012
12/12/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1751 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Versions: P/Ns 5185912Y01 or 5185912Y03; Firmware Versions: [D01.03.08, D01.03.10, R07.11.08, R07.11.10, R07.11.11 or R01.03.13] and [R01.00.00 or (R01.00.00 and R02.00.00)])

(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2012;
07/18/2012;
12/12/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1750 Athena Smartcard, Inc.
20380 Town Center Lane
Suite 240
Cupertino, CA 95014
USA

-Ian Simmons
TEL: 408-865-0112
FAX: 408-865-0333

CST Lab: NVLAP 100432-0

IDProtect Key with LASER PKI
(Hardware Version: Inside Secure AT90SC25672RCT-USB Rev. D packaged in TIDPTMINI72 and TIDPUSBV2J; Firmware Version: Athena IDProtect 0106.0130.0401 with LASER PKI Applet 3.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/17/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1749 Athena Smartcard, Inc.
20380 Town Center Lane
Suite 240
Cupertino, CA 95014
USA

-Ian Simmons
TEL: 408-865-0112
FAX: 408-865-0333

CST Lab: NVLAP 100432-0

IDProtect Duo with LASER PKI
(Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: Athena IDProtect 010E.1245.0002 with LASER PKI Applet 3.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/17/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1748 Vocality International Ltd
Lydling Barn, Puttenham Lane
Shackleford, Surrey GU8 6AP
United Kingdom

-Martin Saunders
TEL: +44 1483 813130
FAX: +44 1483 813121

CST Lab: NVLAP 100432-0

BASICS IP PC104
(Hardware Versions: 68551-01-1/68551C6; Firmware Version: 08_42.05)

(When configured in FIPS mode as specified in Section 8 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1734); DSA (Cert. #540); ECDSA (Cert. #226); RSA (Cert. #857); RNG (Cert. #923); HMAC (Cert. #1010); SHS (Cert. #1518); Triple-DES (Cert. #1123)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG

Multi-chip embedded

"The BASICS IP PC104 unit is a high-performance 10/100base-T Router which incorporates a cryptographic module. It provides 3 independently routable subnets; one for the uplink port, one for the downlink port and one for the four Ethernet switch ports which are also IEEE802.1q VLAN and Power-over-Ethernet (PoE) capable. It can also bridge network traffic to the uplink port from any IP device connected to its Downlink port. It may be used as a simple switch or a sophisticated secure multiprotocol IP router and can also power a group of SIP VoIP phones."
1747 OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD 21710
USA

-Steve Marquess
TEL: 877-673-6775

CST Lab: NVLAP 100432-0

OpenSSL FIPS Object Module
(Software Version: 2.0, 2.0.1 or 2.0.2)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/27/2012;
07/09/2012;
07/18/2012;
10/24/2012;
01/22/2013;
02/06/2013;
02/22/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android 2.2 (gcc Compiler Version 4.4.0); Android 2.2 running on Qualcom QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0); Microsoft Windows 7 (32 bit) (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00); uCLinux 0.9.29 (gcc Compiler Version 4.2.1); Fedora 14 running on Intel Core i5 with AES-NI (gcc Compiler Version 4.5.1); HP-UX 11i (32 bit) (HP C/aC++ B3910B); HP-UX 11i (64 bit) (HP C/aC++ B3910B); Ubuntu 10.04 (32 bit) (gcc Compiler Version 4.1.3); Ubuntu 10.04 (64 bit) (gcc Compiler Version 4.1.3); Android 3.0 (gcc Compiler Version 4.4.0); Linux 2.6.27 (gcc Compiler Version 4.2.4); Microsoft Windows 7 (64 bit) (Microsoft C/C++ Optimizing Compiler Version 16.00); Ubuntu 10.04 running on Intel Core i5 with AES-NI (32 bit) (gcc Compiler Version 4.1.3); Linux 2.6.33 (gcc Compiler Version 4.1.0); Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0); VxWorks 6.8 (gcc Compiler Version 4.1.2); Linux 2.6 (gcc Compiler Version 4.3.2); Linux 2.6.32 (gcc Compiler Version 4.3.2); Oracle Solaris 10 (32 bit) (gcc Compiler Version 3.4.3); Oracle Solaris 10 (64 bit) (gcc Compiler Version 3.4.3); Oracle Solaris 11(32 bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 (64 bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (32 bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (64 bit) (gcc Compiler Version 4.5.2); Oracle Linux 5 (64 bit) (gcc Compiler Version 4.1.2); CascadeOS 6.1 (32 bit) (gcc Compiler Version 4.4.5); CascadeOS 6.1 (64 bit) (gcc Compiler Version 4.4.5); Oracle Linux 5 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.1.2); Oracle Linux 6 (gcc Compiler Version 4.4.6); Oracle Linux 6 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.4.6); Oracle Solaris 11 (32 bit) (Sun C Version 5.12); Oracle Solaris 11 (64 bit) (Sun C Version 5.12); Android 4.0 (gcc Compiler Version 4.4.3); Apple iOS 5.1 (gcc Compiler Version 4.2.1); Microsoft Windows CE 6.0 (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM); Microsoft Windows CE 5.0 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM); Linux 2.6 (gcc Compiler Version 4.1.0); DSP Media Framework 1.4 (TMS320C6x C/C++ Compiler v6.0.13); Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3); NetBSD 5.1 (gcc Compiler Version 4.1.3); Microsoft Windows 2008 running on Intel Xeon E3-1220v2 (32-bit under vSphere) (Microsoft 32-bit C/C++ Optimizing Compiler Version 16.00 for 80x86); Microsoft Windows 2008 running on Intel Xeon E3-1220v2 (64-bit under vSphere) (Microsoft C/C++ Optimizing Compiler Version 16.00 for x64); RHEL 6 running on Intel Xeon E3-1220v2 (32-bit under vSphere) (gcc Compiler Version 4.4.6); RHEL 6 running on Intel Xeon E3-1220v2 (64-bit under vSphere) (gcc Complier Version 4.4.6); Microsoft Windows 7 running on Intel Core i5-2430M (64-bit) with AES-NI (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64); Android 4.1 running on TI DM3730 (ARMv7) (gcc Compiler Version 4.6); Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6); Android 4.2 running on Nvidia Tegra 3 (ARMv7) (gcc Compiler Version 4.6); Android 4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version 4.6) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1884, #2116, and #2234); DRBG (Certs. #157, #229, and #264); DSA (Certs. #589, #661, and #693); HMAC (Certs. #1126, #1288, and #1363); RNG (Certs. #985, #1087, and #1119); RSA (Certs. #960, #1086, and #1145); SHS (Certs. #1655, #1840, and #1923); Triple-DES (Certs. #1223, #1346, and #1398); ECDSA (Certs. #264, #270, #315, #347 and #378); CVL (Certs. #10, #12, #24, #36 and #49)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"The OpenSSL FIPS Object Module 2.0 is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications."
1746 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5]
(Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4133P-500 [4] and nC4133P-500N [5], Build Standard N; Firmware Version: 2.50.16-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3 +EFP
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500, and nShield F3 500 for netHSM family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1745 Vormetric Inc.
2545 N. 1st Street
San Jose, CA 95131-1003
USA

-Mike Yoder
TEL: 408-433-6059
FAX: 408-844-8638

-Richard Gorman
TEL: 408-433-6000
FAX: 408-844-8638

CST Lab: NVLAP 200002-0

Vormetric Data Security Server Module
(Hardware Version: 1.0; Firmware Version: 4.4.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1838); Triple-DES (Cert. #1192); SHS (Cert. #1620); HMAC (Cert. #1093); RSA (Cert. #928); RNG (Cert. #965)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Vormetric Data Security Server is a multi-chip standalone cryptographic module. The Vormetric Data Security Server is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Encryption Expert Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module."
1744 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3]
(Hardware Versions: nC4031Z-10 [1], nC3021U-10 [2] and TSMC200 [3], Build Standard N; Firmware Version: 2.50.17-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1770); Triple-DES (Cert. #1146); HMAC (Cert. #1039); Triple-DES MAC (Triple-DES Cert. #1146, vendor affirmed); SHS (Cert. #1554); DSA (Cert. #553); ECDSA (Cert. #238); RSA (Cert. #886); DRBG (Cert. #120); CVL (Cert. #6)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1770, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1146, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #6, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #6, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
1743 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F2 6000e [1], nShield F2 1500e [2], nShield F2 500e [3] and nShield F2 10e [4]
(Hardware Versions: nC3023E-6K0 [1], nC3023E-1K5 [2], nC3023E-500 [3] and nC3023E-010 [4], Build Standard N; Firmware Version: 2.50.16-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1742 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7]
(Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Version: 2.50.16-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1741 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F3 500 [1], nShield F3 500 for NetHSM [2] and nShield F3 10 PCI [3]
(Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-10 [3], Build Standard N; Firmware Version: 2.50.16-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield F3 10 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1740 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F2 500 [1] and nShield F2 10 PCI [2]
(Hardware Versions: nC3023P-500 [1] and nC3023P-10 [2], Build Standard N; Firmware Version: 2.50.16-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1739 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3]
(Hardware Versions: nC4031Z-10 [1], nC4031U-10 [2] and TSMC200 [3], Build Standard N; Firmware Version: 2.50.17-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1770); Triple-DES (Cert. #1146); HMAC (Cert. #1039); Triple-DES MAC (Triple-DES Cert. #1146, vendor affirmed); SHS (Cert. #1554); DSA (Cert. #553); ECDSA (Cert. #238); RSA (Cert. #886); DRBG (Cert. #120); CVL (Cert. #6)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1770, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1146, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #6, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #6, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
1738 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@ncipher.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nToken
(Hardware Version: nC2023P-000, Build Standard N; Firmware Version: 2.50.16-2)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2012 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #1579); HMAC (Cert. #925); SHS (Cert. #1398); DSA (Cert. #487); DRBG (Cert. #72)

-Other algorithms: N/A

Multi-chip embedded

"The nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
1737 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F2 4000 [1], nShield F2 2000 [2] and nShield F2 500 [3]
(Hardware Versions: nC3023P-4K0 [1], nC3023P-2K0 [2] and nC3123P-500 [3], Build Standard N; Firmware Version: 2.50.16-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1736 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Wendi Ittah
TEL: 703- 399-0535

CST Lab: NVLAP 200928-0

ProxySG 600-10 [1], 600-20 [2] and 600-35 [3]
(Hardware Versions: 090-02911 [1], 090-02912 [1], 090-02913 [2], 090-02914 [2], 090-02915 [3] and 090-02916 [3] with FIPS kit 085-02762; Firmware Versions: 6.1 or 6.1.5.5)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/21/2012;
07/24/2012;
08/07/2012;
01/04/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #105 and #1875); Triple-DES (Certs. #217 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 600 is one of several appliance lines offered by Blue Coat"
1735 IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0

IBM® z/VM® Version 6 Release 1 System SSL Cryptographic Module
(Hardware Version: z10 CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863; Software Version: 573FAL00: z/VM 6.1 with APAR PM43382)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 06/25/2012 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with IBM System z10 (TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #976 and #1873); Triple-DES (Certs. #769 and #1217); DSA (Cert. #586); RSA (Cert. #953); SHS (Certs. #946 and #1646); HMAC (Cert. #1117); RNG (Cert. #982)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2

Multi-chip standalone

"z/VM System SSL provides cryptographic functions which allows z/VM to protect data using the SSL/TLS protocols. z/VM System SSL also enables administrators to create and manage X.509 V3 certificates and keys within key database files."
1734 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation S250/D250
(Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Version: 4.0.0)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/21/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1733 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7]
(Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Version: 2.50.16-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/20/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1732 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Gorczyca

CST Lab: NVLAP 200556-0

Symantec Enterprise Vault Cryptographic Module
(Software Version: 1.0.0.2)

(When operated in FIPS mode with module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode or Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/20/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Microsoft Windows Server 2008 R2 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #818 and #1168); Triple-DES (Certs. #691 and #846); RSA (Certs. #395, #559 and #568); SHS (Certs. #816 and #1081); HMAC (Certs. #452 and #687); RNG (Cert. #470); DRBG (Cert. #23)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); ANSI X9.31 RSA key-pair generation (non-compliant); ANSI X9.31 RSA signature verification (non-compliant); RC2; RC4; MD5; MD2; MD4; DES

Multi-chip standalone

"Symantec Enterprise Vault Cryptographic Module is a multi-chip standalone physical embodiment. The module consists of a DLL which interfaces with the Microsoft Cryptographic API to provide the required cryptographic functionality. The Enterprise Vault Cryptographic Module may be used for encryption/decryption of Enterprise Vault passwords, hashing of indexes, and random number generation."
1731 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

SSG 320M and SSG 350M
(Hardware Versions: [SSG-320M-SB, SSG-320M-SH, SSG-320M-SB-TAA, SSG-320M-SH-TAA, SSG-320M-SB-DC-N-TAA, SSG-320M-SH-DC-N-TAA, SSG-350M-SB, SSG-350M-SH, SSG-350M-SB-TAA, SSG-350M-SH-TAA, SSG-350M-SB-DC-N-TAA and SSG-350M-SH-DC-N-TAA] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/12/2012;
07/24/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #1062); AES (Cert. #1621); DSA (Cert. #508); SHS (Cert. #1430); RNG (Cert. #869); RSA (Cert. #799); HMAC (Cert. #952); ECDSA (Cert. #206)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5

Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1730 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

Juniper Networks SSG 520M and SSG 550M
(Hardware Versions: [SSG-520M-SH, SSG-520M-SH-N, SSG-520M-SH-DC-N, SSG-520M-N-TAA, SSG-520M-SH-DC-N-TAA, SSG-550M-SH, SSG-550M-SH-N, SSG-550M-SH-DC-N, SSG-550M-N-TAA and SSG-550M-SH-DC-N-TAA] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/12/2012;
07/24/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #1063); AES (Cert. #1622); DSA (Cert. #509); SHS (Cert. #1431); RNG (Cert. #870); RSA (Cert. #800); HMAC (Cert. #953); ECDSA (Cert. #207)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5

Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1729 Certicom Corp.
4701 Tahoe Blvd.
Building A
Mississauga, Ontario L4W 0B5
Canada

-Kris Orr
TEL: 905-507-4220

-Certicom Eastern US Sales Office
TEL: 703-234-2357
FAX: 703-234-2356

CST Lab: NVLAP 200928-0

Security Builder® FIPS Module
(Software Version: 6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 06/08/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with QNX Neutrino 6.6; QNX Neutrino 6.5; Red Hat Linux AS 5.6 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #1159); AES (Cert. #1789); SHS (Cert. #1571); HMAC (Cert. #1054); RNG (Cert. #949); DRBG (Cert. #127); DSA (Cert. #563); ECDSA (Cert. #242); RSA (Cert. #894); KAS (Cert. #25); CVL (Cert. #7)

-Other algorithms: DES; DESX; AES CCM* (non-compliant); AES-XCBC-MAC (non-compliant); AES EAX (non-compliant); AES MMO (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECPVS; ECIES; ECSPEKE; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Diffie-Hellman (non-compliant key agreement; key establishment methodology provides less than 80 bits of encryption strength)

Multi-chip standalone

"The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1728 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Jennifer Gilbert
TEL: 703-484-0168

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL , WS-SUP720-3B, VS-S 720 10G-3C, or VS-S 720 10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K9=, WS-SVC-WISM2-5-K9=, WS-SVC-WISM2-3-K9=, WS-SVC-WISM2-1-K9=, WS-SVC-WISM2-5-K9, WS-SVC-WISM2-3-K9 or WS-SVC-WISM2-1-K9]; Firmware Versions: [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2.33.SXJ; WiSM2: 7.0.116.0)

(When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/01/2012;
06/21/2012
Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1727 Aruba Networks
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba 620, 650 and Dell W-620, W-650 Controllers with ArubaOS FIPS Firmware
(Hardware Versions: 620-F1 [1], 620-USF1 [1], 650-F1 [1], 650-USF1 [1], W-620-F1 [2], W-620-USF1 [2], W-650-F1 [2], W-650-USF1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6xx_6.1.2.3-FIPS [1] and Dell_PCW_6xx_6.1.2.3-FIPS [2] or ArubaOS_6xx_6.1.4.1-FIPS [1] and Dell_PCW_6xx_6.1.4.1-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/24/2012;
01/24/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #779, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #426, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #781, #1627, #1629 and #1631); Triple-DES (Certs. #673, #1198 and #1201)

-Other algorithms: DES; HMAC-MD5; MD5; NDRNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform."
1726 Voltage Security, Inc.
20400 Stevens Creek Blvd.
Cupertino, CA 95014
USA

-Luther Martin
TEL: 650-543-1280
FAX: 650-543-1279

CST Lab: NVLAP 200802-0

Voltage IBE Cryptographic Module for z/OS
(Hardware Version: Crypto Express2 card (CEX2C) [a separately configured version of 4764-001 (P/N 12R6536)]; Software Version: 4.0; Firmware Version: 4764-001(2096a16d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 05/31/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with IBM System z10 with z/OS PUT1106 / RSU1108

-FIPS-approved algorithms: AES (Cert. #1812); Triple-DES (Cert. #1168); DSA (Cert. #568); SHS (Cert. #1590); RNG (Cert. #955); RSA (Cert. #908); HMAC (Cert. #1069); DRBG (Cert. #139)

-Other algorithms: NDRNG; IBE; FFX; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES

Multi-chip standalone

"The Voltage IBE Cryptographic Module for z/OS Version 4.0 is a FIPS 140-2 Level 1 compliant software-hybrid module that provides encrypt/decrypt and cryptographic signature services for Internet Protocol (IP) traffic."
1725 Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

-Hasbi Kabacaoglu
TEL: +49-3303-525-656
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0

Postal mRevenector DE 2011
(Hardware Version: 580036020300/01; Firmware Versions: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001; FRANKIT-Application: 90.0036.0204.00/2011515001)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/29/2012;
01/22/2013
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS-approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"The Francotyp-Postalia Postal mRevenector DE 2011 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector DE 2011 has been designed in compliance with the Deutsche Post (DPAG), FRANKIT Specification."
1724 Hughes Network Systems, LLC.
11717 Exploration Lane
Germantown, MD 20876
USA

-Tim Young
TEL: 301-428-1632

CST Lab: NVLAP 200427-0

Hughes SPACEWAY Crypto Kernel
(Firmware Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 05/23/2012 Overall Level: 1 

-Tested: ST HN9500 with VxWorks 5.4; AGW2 with VxWorks 5.4; AGW5 with VxWorks 5.4

-FIPS-approved algorithms: AES (Cert. #1788); DRBG (Cert. #126); HMAC (Cert. #1053); SHS (Cert. #1570)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); MD5

Multi-chip standalone

"The HSCK v1.0 is a firmware library that provides cryptographic functionality for securing communications over the Hughes SPACEWAY Satellite communication systems. SPACEWAY enables a full-mesh digital network that interconnects with a wide range of end-user equipment and systems."
1723 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

SSG 140
(Hardware Versions: (SSG-140-SB and SSG-140-SH) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/23/2012;
07/24/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #1060); AES (Cert. #1619); DSA (Cert. #506); SHS (Cert. #1428); RNG (Cert. #867); RSA (Cert. #797); HMAC (Cert. #950); ECDSA (Cert. #204)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5

Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1722 Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0

Postal mRevenector US 2011
(Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001; IBIP Application: 90.0036.0203.00/2011485001)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/23/2012;
01/22/2013
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS-approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); ECDSA (Cert. #184); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG

Multi-chip embedded

"The Francotyp-Postalia Postal mRevenector US 2011 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector US 2011 has been designed in compliance with the United States Postal Services (USPS), Information-Based Indicia Program (IBIP)."
1721 Vormetric Inc.
2545 N. 1st Street
San Jose, CA 95131-1003
USA

-Mike Yoder
TEL: 408-433-6059
FAX: 408-844-8638

-Richard Gorman
TEL: 408-433-6000
FAX: 408-844-8638

CST Lab: NVLAP 200002-0

Vormetric Encryption Expert Cryptographic Module
(Software Version: 4.4.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 05/23/2012;
06/05/2012
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2003 32-bit; Windows 2008 64-bit; Solaris 10 64-bit; Redhat Linux 5.7 64-bit; HPUX 11i v3 64-bit (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1820); Triple-DES (Cert. #1173); SHS (Cert. #1596); HMAC (Cert. #1075)

-Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services."
1720 Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0

mRevenector 2011
(Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/23/2012 Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS-approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); HMAC (Cert. #878); RSA (Cert. #732); SHS (Cert. #1346)

-Other algorithms: NDRNG

Multi-chip embedded

"mRevenector2011 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the mRevenector2011 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
1719 Green Hills Software
30 W Sola Street
Santa Barbara, CA 93101
USA

-David Sequino
TEL: 206-310-6795
FAX: 978-383-0560

-Douglas Kovach
TEL: 727-781-4909
FAX: 727-781-3915

CST Lab: NVLAP 200427-0

INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit
(Software Version: 1.0.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/22/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with RHEL 5; Green Hills Software INTEGRITY OS v5.0.11 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1762); ECDSA (Cert. #235); HMAC (Cert. #1033); RNG (Cert. #939); RSA (Cert. #878); SHS (Cert. #1546)

-Other algorithms: ARCFour; DES; Diffie-Hellman; EC Diffie-Hellman; ECMQV; DSA (non-compliant); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Triple-DES (non-compliant)

Multi-chip standalone

"Green Hills Software, Integrity Security Services (ISS) High Assurance Embedded Cryptographic Toolkit (HA-ECT) is a standards-based, flexible cryptographic toolkit providing developers with a software framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. The ISS HA-ECT FIPS Module is designed to support multiple cryptographic software and hardware providers with a single common API, easily targeted to a variety operating systems."
1718 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

Juniper Networks LN1000 Mobile Secure Router
(Hardware Version: LN1000-V with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 11.2S4)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/07/2012 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #1269 and #1270); AES (Certs. #1956 and #1957); DSA (Cert. #624); SHS (Certs. #1715 and #1716); RNG (Cert. #1028); RSA (Cert. #1013); HMAC (Certs. #1178 and #1179)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"Juniper Networks LN1000 Mobile Secure Router is an edge access router that delivers a high-performance routing firewall and intrusion detection service (IDS). The LN1000 addresses the growing demand for a network access presence in military, first responder and transportation vehicles, mining and exploration equipment, unmanned aircraft, and power grids."
1717 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506-E [1], Catalyst 6509-E [2] and Catalyst 6513-E [3] Switches with Supervisor Cards (VS-S2T-10G or VS-S2T-10G-XL) and Line Cards (WS-X6908-10G or WS-X6908-10G-2TXL)
(Hardware Version: 6506-E -M0 [1], 6509-E -N0 [2], 6513-E -S0 [3], Supervisor Card VS-S2T-10G -B0, Supervisor Card VS-S2T-10G-XL -C0, Line Card WS-X6908-10G -A0, Line Card WS-X6908-10G-2TXL version -B0 and FIPS kit packaging (CVPN6500FIPS/KIT=); Firmware Version: 15.0(1)SY2)

(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/03/2012;
12/21/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1426, #1427 and #1816); DRBG (Cert. #140); HMAC (Cert. #1072); RSA (Cert. #911); SHS (Cert. #1593); Triple-DES (Cert. #1171)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); AES (Cert. #1816, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"The Catalyst 6500 series switches offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco switches easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1716

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/02/2012 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1715 Hewlett-Packard Development Company, L.P.
2344 Boulevard Alfred-Nobel
St-Laurent, QC H4S 0A4
Canada

-Gilbert Moineau
TEL: +1-514-920-4250

CST Lab: NVLAP 200002-0

HP MSM430 Dual Radio 802.11N TAA AP [1], HP MSM430 Dual Radio 802.11N AP (WW) [2], HP MSM430 Dual Radio 802.11N AP (JP) [3], HP MSM460 Dual Radio 802.11N TAA AP [4], HP MSM460 Dual Radio 802.11N AP (WW) [5], HP MSM460 Dual Radio 802.11N AP (JP) [6], HP MSM466 Dual Radio 802.11N TAA AP [7], HP MSM466 Dual Radio 802.11N AP (WW) [8] and HP MSM466 Dual Radio 802.11N AP (JP) [9]
(Hardware Versions: J9654A [1], J9651A [2], J9652A [3], J9655A [4], J9591A [5], J9589A [6], J9656A [7], J9622A [8] and J9620A [9] with FIPS kit J9740A; Firmware Version: 5.6.0)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/03/2012 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1823 and #1840); Triple-DES (Cert. #1176); SHS (Cert. #1602); HMAC (Cert. #1078); RNG (Cert. #960); RSA (Cert. #916)

-Other algorithms: Blowfish; MD5; HMAC-MD5; SHA-[224, 256, 384 and 512] (Cert. #1602; non-compliant); HMAC-SHA-[224, 256, 384 and 512] (Cert. #1078; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); AES (Cert. #1840, key wrapping; key establishment methodology provides 128 bits of encryption strength)

Multi-chip standalone

"The MSM430, MSM460 and MSM466 Access Points allow wireless devices to connect to a wired network using Wi-Fi 802.11abgn."
1714 Honeywell Scanning and Mobility (HSM) - USA
700 Visions Dr, PO Box 208
Building A
Skaneateles Falls, NY 13153-0208
USA

-Mike Robinson
TEL: 315-554-6387
FAX: 856-232-2932

-Tom Amundsen
TEL: 856-374-5589
FAX: 856-232-2932

CST Lab: NVLAP 200928-0

Scanning and Mobility FIPS Module
(Firmware Versions: 4.0 B and 4.0 S)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 07/11/2012;
07/12/2012
Overall Level: 1 

-Tested: ARM 920T processor running Hand Held Products BASE firmware 31205423-052 or Hand Held Products Scanner firmware 31205480-025; ARM 926EJ-S processor running Honeywell Xenon 1902 Cordless Base Firmware or Honeywell Xenon 1902 Cordless Scanner firmware

-FIPS-approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The Honeywell Scanning and Mobility FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Honeywell Scanning and Mobility FIPS Module is part of the Honeywell Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1713 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 519-886-4839

CST Lab: NVLAP 200928-0

BlackBerry Cryptographic Library
(Software Versions: 2.0.0.10 and 2.0.0.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/03/2012;
01/24/2013
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional 2002 with SP3, 32-bit edition (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #1193); AES (Cert. #1839); SHS (Cert. #1621); HMAC (Cert. #1094); RNG (Cert. #966); ECDSA (Cert. #254)

-Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Library is a software module that provides cryptographic services to many BlackBerry® desktop products such as the BlackBerry® Enterprise Server, BlackBerry® Desktop Software, and many other BlackBerry® products."
1712 Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0

Kanguru Defender 2000
(Hardware Versions: P/Ns KDF2000-2G, KDF2000-4G and KDF2000-8G, Version 1.0; Firmware Version: 2.03.10)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/03/2012;
12/21/2012
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Kanguru Defender 2000 is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device."
1711 Athena Smartcard, Inc.
20380 Town Center Lane
Suite 240
Cupertino, CA 95014
USA

-Ian Simmons
TEL: 408-865-0112
FAX: 408-865-0333

CST Lab: NVLAP 100432-0

IDProtect with LASER PKI
(Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Athena IDProtect 010B.0352.0005 with LASER PKI Applet 3.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/30/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1654); RSA (Cert. # 824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1710 Red Hat, Inc.
1801 Varsity Drive
Raleigh, NC 27606
USA

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

NSS Freebl Cryptographic Module
(Software Version: 3.12.9.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 04/30/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #602); SHS (Cert. #1675)

-Other algorithms: MD2; MD5

Multi-chip standalone

"The NSS Freebl cryptographic module is an open-source, general-purpose cryptographic hash library. It is available for free under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. The NSS Freebl cryptographic module is jointly developed by Red Hat and Oracle engineers and is used in the GNU glibc library. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1709 Hewlett-Packard TippingPoint
14231 Tandem Blvd
Austin, TX 78728
USA

-Dinesh Vakharia
TEL: 512-432-2628

-Freddie Jimenez Jr.
TEL: 512-432-2907

CST Lab: NVLAP 200427-0

HP TippingPoint Intrusion Prevention System
(Hardware Version: S6100N; Firmware Version: 3.2.1.1639)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/27/2012 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-FIPS-approved algorithms: AES (Cert. #1855); HMAC (Cert. #1102); RNG (Cert. #973); RSA (Cert. #938); SHS (Cert. #1632); Triple-DES (Cert. #1202)

-Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength).

Multi-chip standalone

"Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
1708 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5]
(Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4133P-500 [4] and nC4133P-500N [5], Build Standard N; Firmware Version: 2.50.16-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/27/2012 Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS-approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1707 Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200426-0

FortiMail-3000C
(Hardware Version: C4GY52; Firmware Version: FortiMail 4.0, build0369, 110615)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/12/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1604); Triple-DES (Cert. #1049); RNG (Cert. #860); SHS (Cert. #1417); HMAC (Cert. #940); RSA (Cert. #786)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)

Multi-chip standalone

"The FortiMail family of messaging security appliances provide an effective barrier against the ever-rising volume of spam, maximum protection against sophisticated message based attacks, and features designed to facilitate regulatory compliance. FortiMail appliances offer both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities."
1706 Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200426-0

FortiMail™ OS
(Firmware Version: FortiMail 4.0, build0369, 110615)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 04/12/2012 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: FortiMail-3000C

-FIPS-approved algorithms: AES (Cert. #1604); Triple-DES (Cert. #1049); RNG (Cert. #860); SHS (Cert. #1417); HMAC (Cert. #940); RSA (Cert. #786)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)

Multi-chip standalone

"FortiMail OS is a firmware based operating system that runs exclusively on Fortinet’s FortiMail product family (PC-based, purpose built appliances). FortiMail offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities."
1705 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F3 500 PCI [1], nShield F3 500 for NetHSM [2] and nShield F3 10 PCI [3]
(Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-10 [3], Build Standard N; Firmware Version: 2.50.16-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/12/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield F3 10 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1704 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

Juniper Networks SRX650 Services Gateways
(Hardware Versions: (SRX650-BASE-SRE6-645AP and SRX650-BASE-SRE6-645DP) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 11.2S4)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/05/2012 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #1271 and #1272); AES (Certs. #1959 and #1960); DSA (Cert. #625); SHS (Certs. #1718 and #1719); RNG (Cert. #1029); RSA (Cert. #1014); HMAC (Certs. #1180 and #1181)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus and data center applications, are powered by Juniper Networks JUNOS the proven"
1703 S&C Electric Company
6601 Northridge Boulevard
Chicago, IL 60626-3997
USA

-Prakash Ramadass
TEL: 510-749-5648
FAX: 510-864-6860

CST Lab: NVLAP 100432-0

IntelliCom WAN 1720
(Hardware Version: IntelliCom WAN 1720; Firmware Version: 1.1.0.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/03/2012 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #1114 and #1235); HMAC (Cert. #720); RNG (Cert. #618); RSA (Cert. #592); SHS (Cert. #1133)

-Other algorithms: AES (non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"IntelliCom(TM) WAN Mesh Node, a wireless high-speed wide-area networking router that combines ultra-high throughput - up to 400 Mbps - with extremely low latencies of less than one millisecond. IntelliCom WAN Mesh Node features 802.11n mesh radio latencies of less than one millisecond. IntelliCom WAN Mesh Node features 802.11n mesh radio unlicensed bands as well as the 4.9-GHz municipal licensed band. This network architecture is selfforming and self-healing; communication is not inhibited by the loss of any single node."
1702 Entrust, Inc.
One Lincoln Centre
5400 LBJ Freeway
Suite 1340
Dallas, TX 75240
USA

-James Kendry
TEL: 972-726-0419
FAX: 972-713-5805

CST Lab: NVLAP 100432-0

Entrust Authority™ Security Kernel
(Software Version: 8.1sp1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/12/2012 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows Server 2008 R2 Enterprise Edition running on Dell Optiplex 755

-FIPS-approved algorithms: AES (Cert. #1923); HMAC (Cert. #1158); SHS (Cert. #1689); DRBG (Cert. #167); RSA (Cert. #992); Triple-DES (Cert. #1253); Triple-DES MAC (Triple-DES Cert. #1253, vendor affirmed); CVL (Cert. #15 and SP 800-135, vendor affirmed, key agreement); RNG (Cert. #1011); ECDSA (Cert. #275); DSA (Cert. #610)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); MD2; MD5; RMD-160; CAST; CAST3; CAST5; DES; IDEA; RC2; RC4; PAKE; AES-DAC; CAST-DAC; CAST3-DAC; CAST5-DAC; DES-DAC; IDEA-DAC; RC2-DAC

Multi-chip standalone

"By managing the full lifecycles of digital certificate-based identities, Entrust Authority PKI enables encryption, digital signature and certificate authentication capabilities to be consistently and transparently applied across a broad range of applications and platforms."
1701 Apple Inc.
11921 Freedom Drive
Reston, VA 20190
USA

-Shawn Geddis
TEL: 703-264-5103

CST Lab: NVLAP 200002-0

Apple FIPS Cryptographic Module
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/30/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7.0 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1872); DSA (Cert. #585); ECDSA (Cert. #262); HMAC (Cert. #1116); RNG (Cert. #981); RSA (Cert. #952); SHS (Cert. #1645); Triple-DES (Cert. #1216)

-Other algorithms: ASC; Blowfish; CAST; DES; RC2; RC4; RC5; FEE; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (non-compliant key generation)

Multi-chip standalone

"Apple's OS X Lion (v10.7) security services are now built on a newer 'Next Generation Cryptography' platform and does not use the CDSA/CSP module previously validated. Apple is re-validating the same CDSA/CSP module under OS X Lion to provide validation solely for third-party applications."
1700 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 881W and Cisco 881GW Integrated Services Routers (ISRs)
(Hardware Versions: 881W and 881GW with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: Router Firmware Version: IOS 15.1(3)T2 and AP Firmware Version: 12.4(25d)JA1)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/28/2012;
04/02/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #962, #1535, #1791, #1792 and #1793); DRBG (Cert. #129); HMAC (Certs. #537, #1056 and #1057); RNG (Cert. #950); RSA (Cert. #896); SHS (Certs. #933, #1574 and #1575); Triple-DES (Certs. #757 and #1160)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); AES (Cert. #1791, key wrapping; key establishment methodology provides 128 bits of encryption strength)

Multi-chip standalone

"The Cisco 881W and Cisco 881GW Integrated Services Routers (ISR) provide connectivity and security services in a single, secure device. These routers offer broadband speeds and simplified management to small businesses, and enterprise small branch and teleworkers. The module is also a wireless access point that provide secure wireless access to clients."
1699 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369

CST Lab: NVLAP 200556-0

McAfee EMM Cryptographic Module
(Software Version: 1.0)

(When operated with module Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/28/2012 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1168); HMAC (Cert. #687); SHS (Cert. #1081)

-Other algorithms: N/A

Multi-chip standalone

"The McAfee EMM Cryptographic Module provides cryptographic operations for McAfee Enterprise Mobility Manager, an enterprise class security solution which provides centralized mobile device management, provisioning, security, support, and auditing."
1698 Hitachi Solutions, Ltd.
4-12-7, Higashishinagawa
Shinagawa-ku, Tokyo 140-0002
Japan

-Applied Security Development Department
TEL: +81-3-5780-2111

CST Lab: NVLAP 200835-0

HIBUN Cryptographic Module for Pre-boot
(Software Version: 1.0 Rev. 2)

Validated to FIPS 140-2

JCMVP Cert. #J0017

Security Policy

Consolidated Validation Certificate

Software 03/28/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Pre-boot 16-bit (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1779); SHS (Cert. #1561); HMAC (Cert. #1044)

-Other algorithms: N/A

Multi-chip standalone

"HIBUN Cryptographic Module for Pre-boot is the cryptographic library module which operates on the Pre-boot environment."
1697 Hitachi Solutions, Ltd.
4-12-7, Higashishinagawa
Shinagawa-ku, Tokyo 140-0002
Japan

-Applied Security Development Department
TEL: +81-3-5780-2111

CST Lab: NVLAP 200835-0

HIBUN Cryptographic Module for Kernel-Mode
(Software Version: 1.0 Rev. 2)

Validated to FIPS 140-2

JCMVP Cert. #J0016

Security Policy

Consolidated Validation Certificate

Software 03/28/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1787); SHS (Cert. #1569); HMAC (Cert. #1052)

-Other algorithms: N/A

Multi-chip standalone

"HIBUN Cryptographic Module for Kernel-Mode is the cryptographic library module which operates on the Windows Kernel-Mode. Full listing of testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit (single-user mode)"
1696 Hitachi Solutions, Ltd.
4-12-7, Higashishinagawa
Shinagawa-ku, Tokyo 140-0002
Japan

-Applied Security Development Department
TEL: +81-3-5780-2111

CST Lab: NVLAP 200835-0

HIBUN Cryptographic Module for User-Mode
(Software Version: 1.0 Rev. 2)

Validated to FIPS 140-2

JCMVP Cert. #J0015

Security Policy

Consolidated Validation Certificate

Software 03/28/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit; Linux Kernel 2.6 (Fedora 12) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1780); SHS (Cert. #1562); HMAC (Cert. #1045); DRBG (Cert. #125)

-Other algorithms: N/A

Multi-chip standalone

"HIBUN Cryptographic Module for User-Mode is the cryptographic library module which operates on the Windows User-Mode and Linux User-Mode. Full testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit; Linux Kernel 2.6 (Fedora 12) (single-user mode)"
1695 NEC Corporation
1753
Shimonumabe
Nakahara-ku
Kawasaki, Kanagawa 211-8666
Japan

-NEC Corporation
TEL: +81-44-455-8326

CST Lab: NVLAP 200835-0

iPASOLINK MODEM AES Card
(Hardware Version: 5.00; Firmware Version: NWA-055300-004)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/18/2012 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #1834)

-Other algorithms: N/A

Multi-chip embedded

"iPASOLINK is NEC's most advanced and comprehensive optical and radio converged transport product family, in which iPASOLINK MODEM AES Card is implemented as a cryptographic module. The module provides encryption/decryption services by AES-CTR."
1694 SafeNet, Inc.
20 Colonnade Dr, Suite 200
Ottawa, ON K2E 7M6
Canada

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI-e Cryptographic Module
(Hardware Version: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Version: 6.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/30/2012;
09/27/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KKDF (SP 800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Certs. #1130, #1134 and #1137, vendor-affirmed)

-Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip embedded

"The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
1693 SafeNet, Inc.
20 Colonnade Drive, Suite 200
Ottawa, ON K2E 7M6
Canada

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

-Mark Yakabuski
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI-e Cryptographic Module
(Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Version: 6.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/28/2012;
09/27/2012
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KKDF (SP800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Certs. #1130, #1134 and #1137, vendor-affirmed)

-Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip embedded

"The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
1692 IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0

IBM® z/OS® Version 1 Release 13 System SSL Cryptographic Module
(Hardware Version: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Software Version: System SSL level HCPT3D0/JCPT3D1 w/ APAR OA36775, RACF level HRF7780 and ICSF level HCR7780 w/ APAR OA36882; Firmware Version: 4765-001 (e1ced7a0))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 03/12/2012 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1713, #1864 and #1865); Triple-DES (Certs. #1103, #1210 and #1211); DSA (Certs. #582 and #583); RSA (Certs. #944, #945, #946, #947 and #948); SHS (Certs. #1497, #1639 and #1640); HMAC (Certs. #1110 and #1111); RNG (Certs. #977 and #978)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2; HMAC-MD5; ECDSA (non-compliant)

Multi-chip standalone

"System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1691

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/09/2012 Overall Level: 3 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1690 Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat, 13705
France

-Frederic Garnier
TEL: +33 4 42 36 43 68
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 200427-0

Protiva PIV v1.55 on TOP DL v2
(Hardware Version: A1023378; Firmware Version: Build#11 - M1005011+ Softmask V03, Applet Version: Protiva PIV v1.55)

(PIV Card Application: Cert. #27)

(When operated in FIPS mode with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/09/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed)

-Other algorithms: N/A

Single-chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1689 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Unified IP Phone 7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE and 7975G
(Hardware Versions: (CP-7906G: V01-V09), (CP-7911G: V01-V09), (CP-7931G: V01-V05), (CP-7941G: V01-V02), (CP-7942G: V01-V10), (CP-7945G: V01-V11), (CP-7961G: V01-V02), (CP-7961GE: V01), (CP-7962G: V01-V11), (CP-7965G: V01-V11), (CP-7970G: V01-V02), (CP-7971G/7971GE: V01-V03) and (CP-7975G: V01-V12); Firmware Version: 9.2(1)SR2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/09/2012 Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #1745 and #1747); HMAC (Certs. #1022 and #1024); RNG (Cert. #931); RSA (Cert. #868); SHS (Certs. #1532 and #1534); Triple-DES (Cert. #1132)

-Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Unified IP Phones 7900 Series deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1688 Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

-Monty Forehand
TEL: 720-684-2835
FAX: 720-684-2733

CST Lab: NVLAP 200427-0

Momentus® FDE Attached Storage Drives FIPS 140 Module
(Hardware Version: ST9500326AS; Firmware Version: 566)

(When operated in FIPS mode. Files distributed with the module mounted within the CD Drive are excluded from the validation.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/09/2012 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #797 and #1341); HMAC (Cert. #883); SHS (Cert. #1223); RNG (Cert. #737); RSA (SigVer, Cert. #648); Triple-DES (Cert. #697)

-Other algorithms: DES

Multi-chip embedded

"The Momentus® Attached Storage FDE Drives, FIPS 140 Modules are FIPS 140-2 Level 2 modules which provide full disk encryption with user authentication These products are designed to prevent data breaches due to loss or theft on the road, in the office. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms in DriveTrust Security Mode. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, and authenticated FW download."
1687 Mitsubishi Space Software Co., Ltd.
Tsukuba Mitsui Bldg.,
1-6-1, Takezono
Tsukuba-shi, Ibaraki-ken 305-0032
Japan

-Shinichi Shimazaki
TEL: +81-29-856-0154
FAX: +81-29-859-0320

-Ikuo Shionoya
TEL: +81-29-856-0154
FAX: +81-29-859-0320

CST Lab: NVLAP 200928-0

Command Encryption Module
(Firmware Version: 2.0)

(When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 03/30/2012 Overall Level: 2 

-EMI/EMC: Level 3

-Tested: HP Compaq 6000 Pro Small Form Factor PC running Microsoft Windows XP Professional SP2 and Zone Labs Zone Alarm Pro Firewall version 10.0.250.000

-FIPS-approved algorithms: Triple-DES (Cert. #1119)

-Other algorithms:

Multi-chip standalone

"Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
1686 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

McAfee Endpoint Encryption Client Windows Cryptographic Module 1.0 [1] and McAfee Endpoint Encryption Client Preboot Cryptographic Module 1.0 [2]
(Software Version: 6.1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/09/2012 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with (Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without AES-NI; Windows 7 32-bit or Windows Vista 32-bit running on Intel Core i5 with AES-NI; Windows 7 64-bit or Windows Vista 64-bit running on Intel Core i7 with AES-NI) [1]; (McAfee Endpoint Encryption Preboot OS running on Intel Core i3 without AES-NI; McAfee Endpoint Encryption Preboot OS running on Intel Core i5 or i7 with AES-NI) [2] (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1881, #1882 and #1883); DRBG (Cert. #156); HMAC (Cert. #1124 and #1125); SHS (Certs. #1653 and #1654);

-Other algorithms: RC5; PKCS#5; AES (non-compliant); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1881, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

1685 ZyFLEX Technologies Incorporation
4F, No.5-2, Industry E. 9th Rd.
Science Park Hsinchu
Hsin-Chu, 30075
Taiwan, R.O.C.

-Nick Tseng
TEL: +886-3-5679168
FAX: +886-3-5679188

CST Lab: NVLAP 200824-0

ZyFLEX Crypto Module ZCM-100
(Hardware Version: AAM; Firmware Version: 1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/09/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1670 and #1671); DSA (Cert. #521); HMAC (Cert. #980); RNG (Certs. #888 and #889); RSA (Cert. #827); SHS (Cert. #1462)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip embedded

"ZyFLEX Crypto Module ZCM-100 is a hardware multichip embedded module that targets high speed data link layer (OSI layer 2) secure data transmission applications in an IP-based network. ZCM-100 implements AES-256 encryption/decryption algorithms and other Approved security functions by using both hardware FPGA circuitry and a 32-bit microcontroller. Its miniaturized size and low power consumption features make ZCM-100 suitably fit in a portable wireless communication device such as a handheld radio."
1684 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-Vinnie Moscaritolo
TEL: 650-527-9000

CST Lab: NVLAP 200802-0

PGP Cryptographic Engine
(Software Version: 4.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/24/2012 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7; IOS 5 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #1151); AES (Cert. #1778); SHS (Cert. #1559); HMAC (Certs. #1043)

-Other algorithms: AES (EME2 mode; non-compliant)

Multi-chip standalone

"The PGP Cryptographic Engine includes a wide range of field-tested and standards-based encryption, and encoding algorithms used by PGP Whole Disk Encryption."
1683 Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, NY 14534
USA

-Robert Pethick
TEL: 585-248-9447
FAX: 585-248-9185

CST Lab: NVLAP 100432-0

Communication Server
(Software Versions: 5.12.110, 6.0.148, 6.1.22, 6.3.249 or 6.4.500)

(When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode) or (Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/15/2012 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7; Microsoft Windows Server 2008 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1650); RNG (Cert. #882)

-Other algorithms: RC2

Multi-chip standalone

"The Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel's advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1682 Voltage Security, Inc.
20400 Stevens Creek Blvd.
Cupertino, CA 95014
USA

-Luther Martin
TEL: 650-543-1280
FAX: 650-543-1279

CST Lab: NVLAP 200802-0

Voltage IBE Cryptographic Module
(Software Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/14/2012;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 7 Professional SP1, 32-bit; Red Hat Enterprise Linux Server 5.3, 32-bit (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1752); Triple-DES (Cert. #1135); DSA (Cert. #547); SHS (Cert. #1539); RNG (Cert. #934); RSA (Cert. #871); HMAC (Cert. #1029); DRBG (Cert. #115)

-Other algorithms: IBE; BBX; FFX; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits encryption strength); MD5; Diffie-Hellman; DES

Multi-chip standalone

"Voltage IBE Cryptographic Module implements the following algorithms: DSA; TDES; AES (ECB, CBC, CFB, OFB, FPE); DRNG; DRBG; SHS; HMAC; CMAC; RSA; DH; BF IBE; BB1 IBE; MD; DES"
1681 Symantec Corporation
350 Ellis St.
Mountain View, CA 94043
USA

-Vinnie Moscaritolo
TEL: 650-527-8000

CST Lab: NVLAP 200802-0

PGP Software Developer's Kit (SDK) Cryptographic Module
(Software Version: 4.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/28/2012 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP3; Mac OS X 10.7; Linux, 32-bit: CentOS 5.5; iOS 5 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #1150); AES (Cert. #1777); RSA (Cert. #888); DSA (Cert. #558); SHS (Cert. #1558); HMAC (Cert. #1042); DRBG (Cert. #124)

-Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD-160; ElGamal; EC Diffie-Hellman; ECDSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP Software Developer's Kit (SDK) Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1680 Absolute Software Corporation
Suite 1600, Four Bentall Centre
1055 Dunsmuir Street
PO Box 49211
Vancouver, BC V7X 1K8
Canada

-Tim Parker
TEL: 604-730-9851 ext. 194
FAX: 604-730-2621

CST Lab: NVLAP 200556-0

Absolute Encryption Engine
(Software Version: 1.2.0.46)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/14/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 64-bit; Windows 7 32-bit; Windows XP 32-bit; Windows Vista 32-bit; Windows Vista 64-bit; Red Hat Enterprise Linux (RHEL) 6 32-bit; Mac OS X v10.6.7 32-bit (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1610); RNG (Cert. #864)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength)

Multi-chip standalone

"Absolute Software Corporation provides security products for the central management of all IT assets. The Absolute Encryption Engine is a dynamic-linked library (DLL) defined as the encryption module on the client and server callable by applications via an Application Programming Interface (API). The module is currently used by the Absolute Computrace product."
1679 Senetas Corporation Ltd.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 (3) 9868 4515
FAX: +61 (3) 9821 4899

-Horst Marcinsky
TEL: +61 (3) 9868 45555
FAX: +61 (3) 9821 4899

CST Lab: NVLAP 200426-0

CN1000 Fibre Channel Encryptor
(Hardware Version: A5175B; Firmware Version: 1.9.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 02/14/2012 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #1158); AES (Certs. #1775 and #1786); SHS (Cert. #1568); RNG (Cert. #948); DSA (Cert. #562); RSA (Cert. #893); HMAC (Cert. #1051)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The CN1000 Fibre Channel Encryptor is a high-speed, standards based, encryptor specifically designed to secure data transmitted over Fibre Channel point-to-point networks at line rates up to 4.25Gb/s. Data privacy is provided by FIPS approved AES algorithms."
1678 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

-Thomas Palsherm
TEL: +49 89 4119-2384
FAX: +49 89 4119-9093

CST Lab: NVLAP 200427-0

StarSign Crypto USB Token powered by Sm@rtCafé Expert 6.0
(Hardware Version: P5CC081; Firmware Version: Sm@rtCafT Expert 6.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/09/2012 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed)

-Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides 128 to 256 bits of encryption strength)

Multi-chip standalone

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafT Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafT Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
1677 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

McAfee Endpoint Encryption Disk Driver Cryptographic Module 1.0
(Software Version: 6.1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/09/2012 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without AES-NI; Windows Vista 32-bit or Windows 7 32-bit running on Intel Core i5 with AES-NI; Windows Vista 64-bit or Windows 7 64-bit running on Intel Core i7 with AES-NI (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1882); HMAC (Cert. #1125); SHS (Cert. #1654)

-Other algorithms: RC5; AES (non-compliant)

Multi-chip standalone

1676 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Bordwine
TEL: 703-885-3854

CST Lab: NVLAP 200556-0

Symantec Java Cryptographic Module Version 1.1
(Software Version: 1.1)

(When operated in FIPS mode with module RSA BSAFE® Crypto-J Software Module validated to FIPS 140-2 under Cert. #1291 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/09/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 with Sun JRE 5.0; Microsoft Windows XP SP2 with Sun JRE 6.0 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1109); DSA (Cert. #357); ECDSA (Cert. #130); DRBG (Cert. #15); HMAC (Cert. #621); RNG (Cert. #616); RSA (Cert. #522); SHS (Cert. #1032); Triple-DES (Cert. #806)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5; ANSI X9.31 RNG (non-compliant); MD5Random; SHA1Random (non-compliant)

Multi-chip standalone

"The Symantec Java Cryptographic Module Version 1.1 provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite."
1675 Uplogix, Inc.
7600B N. Capital of Texas Highway
Austin, TX 78731
USA

-Martta Howard
TEL: 512-857-7043

CST Lab: NVLAP 200427-0

Uplogix 430 [1] and 3200 [2]
(Hardware Versions: (43-1002-50 and 43-1102-50) [1] and (37-0326-03 and 37-0326-04) [2]; Firmware Version: 4.3.5.19979)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/06/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (Certs. #1644 and #1647); DRBG (Cert. #90); DSA (Certs. #515 and #517); HMAC (Certs. #966 and #968); RNG (Cert. #881); RSA (Certs. #812 and #815); SHS (Certs. #1445 and #1448); Triple-DES (Certs. #1074 and #1076)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); HMAC-MD5-96; HMAC-SHA-96 (non-compliant); MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)

Multi-chip standalone

"Uplogix is a network independent management platform that locates with - and directly connects to - managed devices. Standing alone or augmenting existing centralized management tools, Uplogix provides configuration, performance and security management actions that are best performed locally. Local Management reduces operational costs, speeds problem resolution, and improves security and compliance versus centralized-only management. Our local focus on network device automation enables the transition to more network sensitive cloud and virtual infrastructure technologies."
1674 Avaya, Inc.
211 Mt. Airy Road
Basking Ridge, NJ 07920
USA

-Dragan Grebovich
TEL: 978-671-3476

CST Lab: NVLAP 200556-0

Secure Router 4134
(Hardware Version: Chassis: 4134, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); 1-port HSSI Medium Card (Part Number: 333-70290-01 Rev 9); 1-port Channelized / Clear Channel T3 Medium Card (Part Number: 333-70280-01 Rev 8); 8-port T1/E1 Medium Card (Part Number: 333-70275-01 Rev 01.0012); 10-port Gigabit Ethernet (GbE) Medium Card (Part Number: 333-70330-01 Rev 01.0023); 24-port Fast Ethernet (FE) Medium Card (Part Number: 333-70325-01 Rev 15); 24-port Fast Ethernet/Power over Ethernet (FE/PoE) Medium Card (Part Number: 333-70325-02 Rev 01.0017); Firmware Version: 10.3.0.100)

(When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy and with all interface card slots filled or covered)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/06/2012 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #275 and #1050); AES (Certs. #173 and #1605); SHS (Cert. #1418); HMAC (Cert. #941); RSA (SigVer, Cert. #787); DSA (Certs. #496 and #501); DRBG (Cert. #79)

-Other algorithms: MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #787; non-compliant)

Multi-chip standalone

"The Secure Router 4134 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs."
1673 Avaya, Inc.
211 Mt. Airy Road
Basking Ridge, NJ 07920
USA

-Dragan Grebovich
TEL: 978-671-3476

CST Lab: NVLAP 200556-0

Secure Router 2330
(Hardware Version: Chassis: 2330, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); Firmware Version: 10.3.0.100)

(When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy, with all interface card slots filled or covered)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/06/2012 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #210 and #1051); AES (Certs. #96 and #1606); SHS (Certs. #187 and #1419); HMAC (Cert.#942); RSA (SigVer, Cert. #788); DSA (Cert. #497); DRBG (Cert. #80)

-Other algorithms: MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #788; non-compliant)

Multi-chip standalone

"The Secure Router 2330 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs."
1672 IBM Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010
FAX: 845-433-7510

-James Sweeny
TEL: 845-435-7453
FAX: 845-435-8530

CST Lab: NVLAP 200658-0

IBM® z/OS® Version 1 Release 13 ICSF PKCS#11 Cryptographic Module
(Hardware Version: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048); Software Version: ICSF level HCR7780 w/ APAR OA36882 and RACF level HRF7780; Firmware Version: CPACF (FC3863 w/ System Driver Level 86E) and optional 4765-001 (e1ced7a0))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software-Hybrid 02/06/2012 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Accelerator (CEX3A) is a separately configured version of 4765-001 (P/N 45D6048))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1713 and #1866); Triple-DES (Certs. #1103 and #1212); DSA (Cert. #584); ECDSA (Cert. #261); RSA (Certs. #946, #949 and #971); SHS (Certs. #1497 and #1641); HMAC (Cert. #1112); DRBG (Cert. #151); CVL (Cert. #9)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; Triple-DES (non-compliant); DSA (non-compliant); HMAC (non-compliant); RC4; BLOWFISH; MD5; MD2; RIPE-MD; EC Brainpool

Multi-chip standalone

"The ICSF PKCS #11 module consists of software-based cryptographic algorithms, as well as symmetric and hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF) and RSA Hardware clear key modular math cryptography provided through the Crypto Express3 card (CEX3A). The RSA hardware support is accessed through auxiliary module CSFINPVT which acts as a pipe between ICSF PKCS #11 and the cryptographic cards."
1671 Sensage, Inc.
1400 Bridge Parkway
Suite 202
Redwood City, CA 94065
USA

-Brad Kekst
TEL: 415-215-3567
FAX: 650-631-2810

-Rao Yendluri
TEL: 650-830-0484
FAX: 650-631-2810

CST Lab: NVLAP 200002-0

CryptoCore Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/06/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Redhat Enterprise Linux Version 5.1; Redhat Enterprise Linux Version 5.5 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1761); Triple-DES (Cert. #1140); RSA (Cert. #877); DSA (Cert. #551); SHS (Cert. #1545); HMAC (Cert. #1032); RNG (Cert. #938)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); HMAC-MD5; MD5; DES; CAST5; Blowfish; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"Sensage’s purpose-built event data warehouse products enable users to easily collect and store large volumes of log and event data, while also providing an ability to query and perform analyses on the event data that are available. Their Private Encryption File System solution gives product administrators the ability to employ FIPS-validated encryption and decryption on stored data, providing protection of data-at-rest (log files, configuration files, and other stored data) within the product."
1670 Dolby Laboratories, Inc.
100 Potrero Avenue
San Francisco, CA 94103
USA

-Dean Bullock
TEL: 415-645-5336
FAX: 415-645-4000

CST Lab: NVLAP 100432-0

CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC
(Hardware Versions: P/N CAT862Z, Revisions FIPS_1.0, FIPS_1.1, FIPS_1.2 and FIPS_1.3; Firmware Version: 4.4.0.37)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/02/2012;
02/09/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #519, #520 and #1067); SHS (Certs. #592 and #1086); RSA (Cert. #233); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The CAT862 Dolby JPEG2000/MPEG2 Media Block IDC performs all the cryptography, license management, and video decoding functions for the DSS200 Dolby Screen Server, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality and outstanding reliability. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets DCI specifications for security, data rate, storage capacity, and redundancy."
1669 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 519-886-4839

CST Lab: NVLAP 200928-0

BlackBerry Cryptographic Kernel
(Firmware Versions: 3.8.7.0 [1], 3.8.7.1 [1,2], 3.8.7.4 [2], 3.8.7.5 [2] and 3.8.7.6 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 01/19/2012;
10/10/2012
Overall Level: 1 

-Design Assurance: Level 3

-Tested: BlackBerry 9900 with BlackBerry OS Versions 7.0 [1] and 7.1 [2]

-FIPS-approved algorithms: Triple-DES (Certs. #1163 and #1164); AES (Certs. #1798, #1799, #1800 and #1801); SHS (Certs. #1581 and #1582); HMAC (Certs. #1063 and #1064); RSA (Certs. #902 and #903); DRBG (Certs. #132 and #133); ECDSA (Certs. #244 and #245)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1668 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Common Cryptographic Module (C3M)
(Hardware Versions: Intel [Core i5, Core i7 and Xeon] with AES-NI; Software Version: 0.9.8r.1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 01/19/2012;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with FreeBSD 8.2 or Windows 7 SP1 running on Intel Core i5 with AES-NI; Red Hat Enterprise Linux v5 running on Intel Xeon with AES-NI or Intel Core i7 with AES-NI (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1758); DSA (Cert. #550); ECDSA (Cert. #234); HMAC (Cert. #1031); RNG (Cert. #937); RSA (Cert. #876); SHS (Cert. #1544); Triple-DES (Cert. #1139)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength)

Multi-chip standalone

"The Cisco Common Cryptographic Module (C3M) is a software-hybrid that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols."
1667 Qube Cinema, Inc.
601 S. Glenoaks Blvd.
Ste. 102
Burbank, CA 91502
USA

-Rajesh Ramachandran
TEL: 818-392-8155
FAX: 818-301-0401

CST Lab: NVLAP 100432-0

Secure Media Block
(Hardware Versions: Z-OEM-DCI-Q-R0, Z-OEM-DCI-Q-R2 and Z-OEM-DCI-Q-R3; Firmware Version: 105; Security Manager Version: 1.0.3.4)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/11/2012;
06/21/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #812 and #1455); HMAC (Certs. #450 and #854); RNG (Certs. #467 and #797); RSA (Certs. #392 and #711); SHS (Certs. #809, #810, #811 and #1318)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip embedded

"The Qube Secure Media Block is used in Digital Cinema applications, providing core functionality required to playback Digital Cinema Packages. The module performs essence decryption when processing encrypted content, it ensures link encryption downstream to a projector device, and it provides other features as to enable a fully capable Digital Cinema Server. Content owners and other stake holders rely upon the security features provided by the Qube Secure Media Block to protect their valuable content, and to perform secure logging of operations within a theatre auditorium."
1666 Motorola Mobility, Inc.
600 North US Highway 45
Libertyville, IL 60048
USA

-Ed Simon
TEL: 800-617-2403

CST Lab: NVLAP 100432-0

Motorola Mobility Cryptographic Suite B Module
(Software Version: 5.4fm)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/25/2012;
03/07/2012;
03/14/2012;
05/29/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 2.3; Android 4.0 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1930); Triple-DES (Cert. #1256); SHS (Cert. #1695); HMAC (Cert. #1164); RSA (Cert. #996); DSA (Cert. #613); RNG (Cert. #1015)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Motorola Mobility Cryptographic Suite B Module is used in Motorola Business Ready Android devices to encrypt sensitive application data. For details on Motorola Business Ready, see www.motorola.com/Business-Ready/US-EN/Home."
1665 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-8000 S
(Hardware Version: P/N M-8000 S, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 6.1.15.35)

(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/10/2012 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1664 Certicom Corp.
4701 Tahoe Blvd.
Building A
Mississauga, ON L4W 0B5
Canada

-Certicom Sales
TEL: 905-507-4220
FAX: 905-507-4230

-Kris Orr
TEL: 289-261-4104
FAX: 905-507-4230

CST Lab: NVLAP 200928-0

Security Builder® FIPS Module
(Firmware Versions: 4.0 B and 4.0 S)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 01/10/2012;
03/30/2012
Overall Level: 1 

-Tested: ARM 920T processor running Hand Held Products BASE firmware 31205423-052 or Hand Held Products Scanner firmware 31205480-025; ARM 926EJ-S processor running Honeywell Xenon 1902 Cordless Base Firmware or Honeywell Xenon 1902 Cordless Scanner firmware

-FIPS-approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1663

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/05/2012 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1662 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 4150F
(Hardware Version: NSA-4150-FWEX-FRR and Seal Kit: SAC-4150F-FIPS-KT; Firmware Version: 7.0.1.01.E12)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/29/2011 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1661 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 2150F
(Hardware Version: NSA-2150-FWEX-F and Seal Kit: SAC-2150F-FIPS-KT; Firmware Version: 7.0.1.01.E12)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/29/2011 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications"
1660 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100F
(Hardware Version: NSA-1100-FWEX-F and Seal Kit: SAC-1100F-FIPS-KT; Firmware Version: 7.0.1.01.E12)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/29/2011 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1659 A10 Networks, Inc.
2309 Bering Drive
San Jose, CA 95131
USA

-John Chiong
TEL: 408-325-8668
FAX: 408-325-8666

CST Lab: NVLAP 200648-0

AX Series Advanced Traffic Manager AX2500, AX2600-GCF, AX3000-GCF, AX3000-11-GCF, AX5100, AX5200 and AX5200-11
(Hardware Versions: AX2500, AX2600-GCF, AX3000-GCF, AX5100 and AX5200; Firmware Version: R261-GR1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/29/2011;
06/14/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #1092, #1124, #1128 and #1129); AES (Certs. #1693, #1739 and #1740); SHS (Certs. #1480, #1519, #1524 and #1525); HMAC (Certs. #985, #1011, #1016 and #1017); RSA (Certs. #829, #858, #862 and #863); RNG (Certs. #900 and #933)

-Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The AX Series Advanced Traffic Manager is designed to meet the growing demands of Web sites, carriers and enterprises. The AX offers intelligent Layer 4-7 application processing capabilities with industry-leading performance and scalability to meet critical business requirements at competitive prices. AX Series’ standard redundant components and high availability design ensure organizations non-stop service availability for all types of applications."
1658 Samsung Electronics
San #16 Banwol-Dong
Hwasung-City, Gyeonggi-Do 445-701
Republic of Korea

-Jisoo Kim
TEL: +82-31-208-3870
FAX: +82-10-3204-4201

CST Lab: NVLAP 200648-0

Samsung SSD PM810 SED FIPS 140 Module
(Hardware Versions: MZ5PA128HMCD-010D9 and MZ5PA256HMDR-010D9; Firmware Version: AXM96D1Q)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/29/2011 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #1637); SHS (Cert. #1442); HMAC (Cert. #963); RNG (Cert. #878)

-Other algorithms: N/A

Multi-chip standalone

"SAMSUNG SSD PM810 SED FIPS 140 Module provides high-performance AES-256 cryptographic encryption and decryption of the data stored in NAND Flash via SATA interface. The PM810 encryption/decryption creates no degradation in performance compared to non-encrypted SSD. The PM810 supports both the ATA Security Feature Set and TCG Opal SSC. Security Functionalities include user authentication for access control via ISV TCG Opal support, user data encryption for data protection, and instantaneous sanitization of user drive data via cryptographic erase for repurposing or disposal."
1657 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Catalyst 3560-X and 3750-X Switches
(Hardware Versions: (WS-C3560X-24P, WS-C3560X-24T, WS-C3560X-48P, WS-C3560X-48PF, WS-C3560X-48T, WS-C3750X-12S, WS-C3750X-24P, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P, WS-C3750X-48PF, WS-C3750X-48T, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK, C3KX-NM-10GT) with FIPS Kit (C3KX-FIPS-KIT); Firmware Version: 15.0(1)SE2)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/22/2011;
02/23/2012;
05/29/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1024, #1275 and #1749); HMAC (Cert. #1026); RNG (Cert. #932); RSA (Cert. #869); SHS (Cert. #1536); Triple-DES (Cert. #1133)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); AES (Cert. #1749, key wrapping; key establishment methodology provides 128 bits or 256 bits of encryption strength)

Multi-chip standalone

"Cisco Catalyst 3750-X and 3650-X Series Switches are enterprise-class stackable switches that provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as Cisco StackPower, Power over Ethernet Plus (PoE+), optional network modules, redundant power supplies, and MAC security. The Catalyst 3750-X and 3650-X Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev"
1656 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module for Luna® IS and RSS
(Hardware Version: VBD-03-0100; Firmware Versions: 5.2.7 and 5.2.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/22/2011;
01/11/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #510, #1737 and #1738); DSA (Certs. #542 and #543); ECDSA (Certs. #228 and #229); HMAC (Certs. #1014 and #1015); RNG (Certs. #925 and #926); RSA (Certs. #860 and #861); SHS (Certs. #1522 and #1523); Triple-DES (Certs. #520, #1126 and #1127); Triple-DES MAC (Triple DES Cert. #520; vendor affirmed)

-Other algorithms: AES MAC (Certs. #510, #910 and #913; non-compliant); CAST5; CAST5-MAC; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HAS-160; HAS-160 MAC; KCDSA; MD2; MD5; RC2; RC4; RC5; SEED; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip embedded

"The Luna® PCI for Luna® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
1655 Concepteers, LLC
121 Newark Ave
Suite 204
Jersey City, NJ 07302
USA

-David Van
TEL: 201-221-3052
FAX: 201-844-6262

CST Lab: NVLAP 200556-0

Concepteers Teleconsole TCS6U4W
(Hardware Version: A2; Firmware Version: 2.0)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/15/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (1) (Cert. #1544); Triple-DES (Cert. #1014); SHS (Cert. #1369); DSA (Cert. #476); RSA (Cert. #747); HMAC (Cert. #895); RNG (Cert. #832)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); AES (2) (non-compliant); RC4;

Multi-chip standalone

"The Teleconsole S6U4W is a small form factor network appliance providing Secure Remote Diagnostic Access (SRDA) to virtually any technology equipment (IT, Medical, Utilities (SCADA), Manufacturing, Retail (POS) and more). The unified, cross-platform solution is vendor independent and provides Authentication, Authorization, Access and Audit on a single platform to streamline access provisioning, security enforcement and user activity tracking for compliance."
1654 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Michael Hong
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200648-0

Brocade Mobility 7131N Dual-Radio 802.11n FIPS Access Point BR-AP7131N66040FGR and BR-AP7131N66040FWW
(Hardware Versions: BR-AP7131N66040FGR and BR-AP7131N66040FWW; Firmware Version: AP7131N v4.0.1.0-003GRN)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/15/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #831 and #832); AES (Certs. #1147, #1148, #1149 and #1150); SHS (Certs. #1063 and #1064); HMAC (Certs. #652 and #653); RSA (Cert. #543); RNG (Certs. #635 and #636)

-Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); AES (non-compliant); SHS (non-compliant)

Multi-chip standalone

"Brocade Mobility 7131N Dual-radio 802.11n FIPS Access Point delivers the throughput, coverage and resiliency required to build an all-wireless enterprise. The design provides simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and non-data applications such as Wireless IPS"
1653 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050 and M-6050
(Hardware Versions: P/Ns M-1250 Version 1.10 [1], M-1450 Version 1.10 [1], M-2750 Version 1.50 [1], M-2850 Version 1.00 [1], M-2950 Version 1.00 [1], M-3050 Version 1.20 [1], M-4050 Version 1.20 [2] and M-6050 Version 1.40 [2]; FIPS Kit P/Ns IAC-FIPS-KT2 [1] and IAC-FIPS-KT7 [2]; Firmware Version: 6.1.15.35)

(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/15/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1652 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

SSG 5 and SSG 20
(Hardware Versions: (SSG-5-SB, SSG-5-SB-BT, SSG-5-SB-M, SSG-5-SH, SSG-5-SH-BT, SSG-5-SH-M , SSG-20-SB and SSG-20-SH) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/15/2011;
07/24/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #1061); AES (Cert. #1620); DSA (Cert. #507); SHS (Cert. #1429); RNG (Cert. #868); RSA (Cert. #798); HMAC (Cert. #951); ECDSA (Cert. #205)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of security); NDRNG; DES; MD5

Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1651 Nexgrid, LLC
4444 Germanna Hwy
Locust Grove, VA 22508
USA

-Thomas McLure
TEL: 888-556-0911 ext 1010
FAX: 703-562-8385

-Haim Shaul
TEL: 888-556-0911 ext 1003
FAX: 703-562-8385

CST Lab: NVLAP 200427-0

ecoNet smart grid gateways: ecoNet SL and ecoNet MSA
(Hardware Versions: ENSL2, ENSL5 and ENMSA2; Firmware Version: 3.1.2-FIPS)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/05/2012 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #1665); DSA (Cert. #520); HMAC (Cert. #979); RNG (Cert. #887); RSA (Cert. #820); SHS (Cert. #1459); Triple-DES (Cert. #1083)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 224 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"ecoNet smart grid gateways provide the central link between intelligent endpoint devices and the Utility's backhaul or WAN enabling real time network control and monitoring."
1650 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Unified IP Phone 6921, 6941, 6945 and 6961
(Hardware Versions: 6921: 5, 6941: 5, 6945: 4 and 6961: 4; Firmware Version: 9.2(1)SR1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/14/2011;
02/23/2012
Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #1746, #1748 and #1751); HMAC (Certs. #1023, #1025 and #1028); RNG (Cert. #930); RSA (Cert. #867); SHS (Certs. #1533, #1535 and #1538); Triple-DES (Cert. #1131)

-Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Unified IP Phones 6921, 6941, 6945, and 6961 deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1649 AirTight Networks, Inc.
339 N. Bernardo Avenue
Suite 200
Mountain View, CA 94043
USA

-Hemant Chaskar
TEL: 650-961-1111
FAX: 650-961-1169

CST Lab: NVLAP 200002-0

SpectraGuard® Enterprise Server
(Firmware Version: 6.5.35)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 12/14/2011;
01/31/2012
Overall Level: 1 

-Tested: AirTight SA-350 Spectraguard Enterprise Appliance with CentOS 5.2

-FIPS-approved algorithms: AES (Cert. #1545); Triple-DES (Cert. #1015 ); RSA (Cert. #748); DSA (Cert. #477); SHS (Cert. #1370); HMAC (Cert. #896); RNG (Cert. #833)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 178 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 270 bits of encryption strength); RSA (non-compliant); DSA (non-compliant); AES-CTR (non-compliant); ARC4; Blowfish-CBC; CAST128; ARC4-256; ARC4-128; RC2; RC4; DES; IDEA; HMAC-SHA1-96 (non-compliant); HMAC-MD5; HMAC-MD5-96; UMAC-64; RIPEMD-160

Multi-chip standalone

"The implementation performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks"
1648 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Ross Choi
TEL: 972-761-7628

-Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0

Samsung Kernel Crypto API Cryptographic Module
(Software Versions: LK2.6.35.7_AGB_v1.2 and LK2.6.36.3_AHC_v1.2)

(When operated in FIPS mode and only on the specific platforms specified on the reverse)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 12/14/2011 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2 U1); Android Honeycomb w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1732 and #1733); SHS (Certs. #1516 and #1517); RNG (Certs. #921 and #922); Triple-DES (Certs. #1120 and #1121); HMAC (Certs. #1008 and #1009)

-Other algorithms: DES; AES-CTS (non-compliant); Triple-DES (CTR; non-compliant); Twofish; AEAD; MD5; ansi_cprng; ARC4; GHASH (GCM hash)

Multi-chip standalone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
1647 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Unified IP Phone 6901 and 6911
(Hardware Versions: 6901 and 6911: 1.0; Firmware Version: 9.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/22/2011;
02/23/2012
Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #1746 and #1748); HMAC (Certs. #1023 and #1025); RNG (Cert. #930); RSA (Cert. #867); SHS (Certs. #1533 and #1535); Triple-DES (Cert. #1131)

-Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Unified IP Phones 6901 and 6911deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1646 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-8000 P
(Hardware Version: P/N M-8000 P, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 6.1.15.35)

(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/06/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1645 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Web Gateway WG5000 and WG5500 Appliances
(Hardware Versions: 5000 [1] and 5500 [2]; EWG-5000-FIPS-KIT [1] and EWG-5500-FIPS-KIT [2]; Firmware Version: 7.1.0)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/15/2011;
01/17/2012;
08/24/2012;
08/24/2012
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1625 and #1633); Triple-DES (Certs. #1065 and #1069); DSA (Certs. #511 and #514); RSA (Certs. #803 and #807); SHS (Certs. #1434 and #1438); HMAC (Certs. #956 and #960); RNG (Certs. #872 and #875)

-Other algorithms: MD4; MD5; RC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today’s most demanding enterprises. McAfee Web Gateway WG5000 and WG5500 Appliances deliver scalable deployment flexibility and performance. McAfee Web Gateway WG5000 and WG5500 Appliances deliver comprehensive security for all aspects of Web 2.0 traffic."
1644 VMware, Inc.
3401 Hillview Avenue
Palo Alto, CA 94304
USA

-Pam Takahama
TEL: 650-427-2063

CST Lab: NVLAP 200556-0

PCoIP Cryptographic Module for VMware View
(Software Version: 3.5.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 12/06/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP running on a Dell Poweredge 2850; Microsoft Windows XP running on a Dell Optiplex GX260; Red Hat Enterprise Linux (RHEL) 5.1 running on a Dell Poweredge 2850

-FIPS-approved algorithms: AES (Certs. #1639, #1640 and #1642); SHS (Cert. #1443); RNG (Cert. #879); HMAC (Cert. #964)

-Other algorithms: Salsa12; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The PCoIP Cryptographic module for VMware View is a multi-chip standalone cryptographic module evaluated for use on a standard General Purpose Computer (GPC) platform. The overal security level is Level 2. The module consists of a single shared library which is used by both the PCoIP server and the PCoIP client applications."
1643 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Common Cryptographic Module (C3M)
(Software Version: 0.9.8r.1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/29/2011;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with FreeBSD 8.2 (32-bit and 64-bit); Red Hat Enterprise Linux v5 (32-bit and 64-bit); Linux Kernel 2.6.27.7; Yellow Dog Linux 6.2; Windows 7 SP1 (32-bit and 64-bit); Mac OS X 10.6 (32-bit and 64-bit); Openwall Linux 3.0 (32-bit); Android 2.3.3 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1759); DSA (Cert. #550); ECDSA (Cert. #234); HMAC (Cert. #1031); RNG (Cert. #937); RSA (Cert. #876); SHS (Cert. #1544); Triple-DES (Cert. #1139)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength)

Multi-chip standalone

"The Cisco Common Cryptographic Module (C3M) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols."
1642 U.S. Department of State
301 4th Street SW SA-44
Washington, DC 20547
USA

-Paul Newton
TEL: 202-203-5153
FAX: 202-203-7669

CST Lab: NVLAP 100432-0

PKI BLADE Cosmo
(Hardware Version: P/N B0; Firmware Version: FC10 (with op-code 071964) with ID-One PIV Applet Suite V2.3.2-a and PKI BLADE Applet V1.2)

(PIV Card Application: Cert. #25)

(When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.6)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/21/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); AES (Cert. #840); RNG (Cert. #480); RSA (Cert. #403); ECDSA (Cert. #94); SHS (Cert. #833); CVL (Cert. #3)

-Other algorithms: Triple-DES (Cert. #698, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #840, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #840; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using fingerprint biometrics."
1641 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Version: 5.4fm)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/17/2011;
05/29/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 2.3; Android 4.0 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1757); Triple-DES (Cert. #1138); SHS (Cert. #1543); HMAC (Cert. #1030); RSA (Cert. #875); DSA (Cert. #549); RNG (Cert. #936)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1640 Watchdata Technologies Pte Ltd
No.2 Yandong Business Park
Wanhong West Street
Capital Airport Road
Beijing, Chaoyang District 100015
People's Republic of China

-Bai Jing

CST Lab: NVLAP 200658-0

WatchKey USB Token
(Hardware Version: K6 with Z32L256D32U and K003010A; Firmware Version: 360C6702)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/17/2011 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #1616); Triple-DES (Cert. #1057); RSA (Cert. #794); DRBG (Cert. #85); SHS (Cert. #1425)

-Other algorithms: SHA-1 (non-compliant)

Multi-chip standalone

"The WatchKey USB token provides digital signature generation and verification for online authentication of online transactions and data encryption/decryption to online service users."
1639 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 5940 Embedded Services Routers
(Hardware Versions: Cisco 5940 ESR air-cooled card and Cisco 5940 ESR conduction-cooled card; Firmware Version: 15.2(3)GC)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/16/2011;
02/23/2012;
07/18/2012;
02/08/2013
Overall Level: 1 

-Design Assurance: Level 2

-FIPS-approved algorithms: AES (Certs. #962, #1535 and #1643); DRBG (Cert. #89); HMAC (Certs. #537 and #965); RSA (Cert. #811); SHS (Certs. #933 and #1444); Triple-DES (Certs. #757 and #1073)

-Other algorithms: DES; DES MAC; HMAC-MD5; MD4; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)

Multi-chip embedded

"The Cisco 5940 is a high-performance, ruggedized router. With onboard hardware encryption, the Cisco 5940 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The Cisco 5940 Embedded Services Routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The Cisco 5940 Router Card uses industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology."
1638 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
12, Lane 551, Min-Tsu Road SEC.5,
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886-3-424-4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0

HiKey - Flash and HiKey PKI Token
(Hardware Versions: 2.0 and 2.1; Software Version: Card OS version 3.2 with PKI Applet: 2.1; Firmware Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/16/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1710); Triple-DES (Cert. #1100); Triple-DES MAC (Triple-DES Cert. #1100, vendor affirmed); SHS (Cert. #1493); HMAC (Cert. #988); DRBG (Cert. #106); RSA (Cert. #839)

-Other algorithms: MD5; HMAC-MD5; RIPEMD 160; HMAC-RIPEMD 160; RSA (encrypt/decrypt); AES MAC (AES Cert. #1710; non-compliant)

Multi-chip standalone

"The HiKey Flash and HiKey PKI Token modules are multi-chip standalone implementations of a cryptographic module. The Hikey - Flash and HiKey PKI Token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HiKey - Flash and HiKey PKI Token cryptographic modules contain an implementation of the Global Platform (GP) Version 2.1.1 specification defining a secure infrastructure for post-issuance programmable smart cards."
1637 Certicom Corp.
5520 Explorer Drive
Fourth Floor
Mississauga, Ontario L4W 5L1
Canada

-Mike Harvey
TEL: 905-507-4220
FAX: 905-507-4230

-Worldwide Sales & Marketing Headquarters
TEL: 703-234-2357
FAX: 703-234-2356

CST Lab: NVLAP 200556-0

Security Builder® FIPS Java Module
(Software Versions: 2.8 and 2.8.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/16/2011;
08/24/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10, 32-bit; Solaris 10, 64-bit; Red Hat Linux AS 5.5, 32-bit; Red Hat Linux AS 5.5, 64-bit; Windows Vista, 32-bit; Windows Vista, 64-bit; Windows 2008 Server, 64-bit (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #964); AES (Cert. #1411); SHS (Cert. #1281); HMAC (Cert. #832); RNG (Cert. #773); DSA (Cert. #455); ECDSA (Cert. #179); RSA (Cert. #687); DRBG (Cert. #52); KAS (Cert. #8)

-Other algorithms: ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip standalone

"The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
1636 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Seagate Secure Constellation® ES [16-25] and Constellation®.2 [1-15] Self-Encrypting Drives FIPS 140 Module
(Hardware Versions: 9XU268 [1, 6], 9XU268-251 [2, 7, 9, 11], 9XU268-257 [3, 8, 10, 12, 13], 9XU268-047 [4], 9XU268-090 [5], 9XU264 [1, 6], 9XU264-251 [2, 7, 9, 11], 9XU264-257 [3, 8, 10, 12, 13], 9XU264-047 [4], 9XU264-090 [5], 9XU168 [14, 15], 9XU164 [14, 15], 9XU162 [14, 15], 1AV268 [16, 18], 1AV264 [16, 18], 1AV264-257 [17, 20, 22], 1AV264-251 [19, 21, 23], 1AV262 [16, 18], 1AV168 [24, 25], 1AV164 [24, 25] and 1AV162 [24, 25]; Firmware Versions: A002 [1], ASF2 [2], ANF1 [3], NS01 [4], QF70 [5], 0003 [6, 14], ASF5 [7], AEF3 [8], ASF8 [9], AEF5 [10], ASF9 [11], AEF6 [12], AEF7 [13], 0002 [14, 18, 25], A001 [16, 24], PNF0 [17], PSF1 [19], and PEF3 [20], PSF4 [21], PEF4 [22] and PSF5 [23])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/10/2011;
03/14/2012:
06/21/2012;
10/17/2012;
12/12/2012;
01/25/2013
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #1416, #1417 and #1343); DRBG (Cert. #62); SHS (Cert. #1225); RSA (Cert. #650)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in Seagate Constellation®.2 and Constellation® ES SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1635 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Seagate Secure Constellation® ES.2 [30-49], Savvio® 10K.5 [1-19] and Savvio® 15K.3 [20-29] Self-Encrypting Drives FIPS 140 Module
(Hardware Versions: 9XS066 [1, 7], 9XS066-251 [2, 8, 13, 16], 9XS066-257 [3, 9, 14, 17, 18], 9XS066-047 [4], 9XS066-090 [5, 11], 9XS066-031 [10, 19], 9XS066-037 [10, 19], 9XS066-046 [12], 9XR066 [1, 7], 9XR066-251 [2, 8, 13, 16], 9XR066-257 [3, 9, 14, 17, 18], 9XR066-047 [4], 9XR066-090 [5, 11], 9XR066-038 [6, 15], 9XR066-046 [12], 9XP066 [1, 7], 9XP066-047 [4], 9XP066-090 [5, 11], 9XP066-046 [12], 9XN066 [1, 7], 9XN066-251 [2, 8, 13, 16], 9XN066-257 [3, 9, 14, 17, 18], 9XN066-047 [4], 9XN066-090 [5, 11], 9XN066-046 [12], 9XM066 [20, 23], 9XM066-251 [21, 24, 26, 28], 9XM066-257 [22, 25, 27, 29], 9XL066 [20, 23], 9XL066-251 [21, 24, 26, 28], 9XL066-257 [22, 25, 27, 29], 9XT260 [30, 36], 9XT260-251 [31, 37, 41, 44], 9XT260-257 [32, 38, 42, 45, 46], 9XT260-038 [33, 43], 9XT260-047 [34], 9XT260-090 [35], 9XT260-031 [39, 47], 9XT260-037 [39, 47], 9XT260-046 [40], 9XT267 [36] and 9XT160 [48, 49]; Firmware Versions: A002 [1, 20], CSF2 [2], CNF1 [3], NS03 [4], HF72 [5], NA00 [6, 43], 0003 [7, 23], CSF4 [8], CEF3 [9], CE01 [10], HF75 [11], 6E01 [12], CSF7 [13], CEF4 [14], F740 [15], CSF8 [16], CEF5 [17], CEF6 [18], CE06 [19], YSF3 [21], YNF2 [22], YSF5 [24], YEF4 [25], YSF8 [26], YEF5 [27], YSF9 [28], YEF6 [29], 0002 [30], RSF3 [31], RNF3 [32], NQE1 [33], NS01 [34], NF72 [35], 0005 [36], RSF5 [37], REF5 [38], YE01 [39], 6EA1 [40], RSF8 [41], REF6 [42], RSFA [44], REF7 [45], REF8 [46], YE04 [47], F000 [48] and F003 [49])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/10/2011;
11/17/2011;
03/14/2012;
06/21/2012;
10/17/2012;
12/12/2012;
01/25/2013
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #1416, #1417 and #1343); DRBG (Cert. #62); SHS (Cert. #1225); RSA (Cert. #650)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure Enterprise Self-Encrypting Drives FIPS 140 Module 2 is embodied in Seagate Constellation® ES.2, Savvio® 15K.3, and Savvio® 10K.5 SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1634 Pierson Capital Technology LLC
129 North La Salle Street
Suite 3800
Chicago, IL 60602
USA

-Frank Psaila
TEL: +86 13501108625
FAX: +86 1085183930

-Likely Lee
TEL: +86 13810220119
FAX: +86 1085183930

CST Lab: NVLAP 200658-0

MIIKOO
(Hardware Version: D4; Firmware Versions: Device Bootstrap v3.1, Device Application 006262 and Cryptographic Algorithm v2.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/10/2011 Overall Level: 3 

-FIPS-approved algorithms: RSA (Cert. #737); Triple-DES (Cert. #1004); SHS (Cert. #1351); HMAC (Cert. #884); DRBG (Cert. #63)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"MIIKOO combines fingerprint recognition and additional cryptography capabilities to generate Dynamic PINs. It is compatible with any type of bank cards by seamlessly providing the added biometrical triggering of dynamic PIN security over the existing financial transaction network."
1633 Doremi Cinema LLC
1020 Chestnut St.
Burbank, CA 91506
USA

-Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

-Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 200802-0

Dolphin DCI 1.2
(Hardware Versions: DOLPHIN-DCI-1.2-A0, DOLPHIN-DCI-1.2-A1, DOLPHIN-DCI-1.2-C0 and DOLPHIN-DCI-1.2-C1; Firmware Versions: 2.0.8p, 21.03m-1 and 99.03f)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/10/2011 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #521, #532 and #1252); HMAC (Certs. #271 and #731); SHS (Certs. #593 and #1148); RNG (Certs. #326, #693, #696 and #700); RSA (Certs. #600, #601 and #777)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNGs; MD5; HMAC-MD5

Multi-chip embedded

"The Dolphin DCI 1.2 is a PCI-card that provides a standard definition/high definition serial digital interface. This is a Doremi decoder hardware card that contains a JPEG-2000 decoder hardware and BNC serial digital interface connectors used in Doremi Digital Cinema Servers like the DCP-2000. The Dolphin DCI 1.2 utilizes a dual-link encoded serial digital interface for output of DCI compliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e. trailers, advertisement, etc.)."
1632 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Ross Choi
TEL: 972-761-7628

-Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0

Samsung Key Management Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/10/2011 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2); Android Honeycomb w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1741 and #1742); SHS (Certs. #1528 and #1529); RNG (Certs. #928 and #929); HMAC (Certs. #1018 and #1019); PBKDF (SP 800-132, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Provides general purpose key management services to user-space applications on the mobile platform."
1631

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/24/2012;
05/03/2012
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1630 Advantor Systems, LLC
12612 Challenge Parkway
Suite 300
Orlando, FL 32826
USA

-Chuck Perkinson
TEL: 407-926-6960
FAX: 407-857-1635

CST Lab: NVLAP 200427-0

Infraguard Processor Module
(Hardware Version: 5.1; Firmware Version: 1.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/10/2011 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #1736); HMAC (Cert. #1013); RNG (Cert. #924); SHS (Cert. #1521)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip embedded

"The Infraguard Processor Module (IPM) is a multi-chip, embedded, plug-in encryption module coated with an opaque, tamper evident material. The IPM is used to provide secure LAN and telephone modem communications for Advantor Systems' physical security systems. The IPM is embedded in multiple products, including an alarm panel and an alarm panel receiving product."
1629 Protected Mobility LLC
6259 Executive Blvd
Rockville, MD 20852
USA

-Paul Benware
TEL: 585-582-5601
FAX: 585-582-3297

-Donald Paris
TEL: 301-770-4556
FAX: 240-238-6637

CST Lab: NVLAP 200697-0

PMCryptolib
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/16/2011 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with iOS 4.2; iOS 4.3; Android 2.2; Android 2.3; Android 3.0; (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1716); SHS (Cert. #1499); DRBG (Cert. #108); HMAC (Cert. #991); ECDSA (Cert. #222)

-Other algorithms:

Multi-chip standalone

"PMCryptolib is a dynamic linked library software module. The module provides cryptographic services through a Application Programming Interface (API)."
1628 NAL Research Corporation
9300 West Courthouse Rd.
Suite 102
Manassas, VA 20110
USA

-Peter Kormendi
TEL: 703-392-1136

CST Lab: NVLAP 200697-0

XM Crypto Module
(Firmware Version: 1.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 11/07/2011 Overall Level: 1 

-Tested: A3LA-XM with A3LA-XM OS ver. 1.1.0

-FIPS-approved algorithms: AES (Cert. #1698)

-Other algorithms: N/A

Multi-chip standalone

"A3LA-XM is a modem comprised of the XM Crypto Module encryption board and a communication board. It is designed to transmit AES 256-bit encrypted data via a communication network. The A3LA-XM has an internal micro-controller programmed to monitor the modems connectivity status to prevent hardware lock-up. Similar to a standard landline modem, the A3LA-XM can be controlled by any DTE (data terminal equipment) capable of sending standard AT commands via an RS232 serial or a USB 2.0 port."
1627 Communication Devices Inc.
85 Fulton St., Unit #2
Boonton, NJ 07005-1912
USA

-Donald Snook
TEL: 973-334-1980

CST Lab: NVLAP 200002-0

Port Authority Series
(Hardware Versions: PA111-SA CDI 01-03-0912B, PA111-RM CDI 01-03-0912B, PA155-RM CDI 01-03-0912B and PA199-RM CDI 01-03-0912B; Firmware Version: 10.00.78)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/01/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (Cert. #1375); SHS (Cert. #1257); HMAC (Cert. #808); RNG (Cert. #758)

-Other algorithms: AES (Cert. #1375, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Multi-chip standalone

"Secure Out of Band Management appliance with network port, internal modem, and up to 9 serial ports. Allows Secure Out of Band Access to Firewalls, Routers, Network appliances etc.. Supports up to 256 bit AES CFB encryption."
1626 ViaSat UK Ltd.
Sanford Lane
Wareham, Dorset BH20 4DY
United Kingdom

-Tim D. Stone
TEL: +44 1929 55 44 00
FAX: +44 1929 55 25 25

CST Lab: NVLAP 200556-0

FlagStone Core
(Hardware Versions: V2.0.1.1, V2.0.1.2, V2.0.1.3, V2.0.2.1, V2.0.2.2, V2.0.2.3, V2.0.3.3, V2.0.3.4, V2.0.4.5, V2.0.5.3, V2.0.5.4 and V2.0.5.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/31/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #922 and #923); RNG (Cert. #531)

-Other algorithms: N/A

Multi-chip embedded

"The FlagStone Core is a multi-chip embedded cryptographic module used within the Eclypt ranges of drives. The FlagStone Core, and subsequently the Eclypt ranges of drives utilising the FlagStone Core, provide access control and data encryption services to protect access to data stored on a connected HDD/SSD (Hard Disk Drive/Solid Data Drive). All accessible sectors on a drive connected to a FlagStone Core are encrypted. The Eclypt range of drives includes Eclypt, Eclypt Freedom and Eclypt Nano."
1625 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Version: 5.3.1v)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/30/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with ThreadX v5.3 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1717); Triple-DES (Cert. #1104); SHS (Cert. #1500); HMAC (Cert. #992); RSA (Cert. #843); DSA (Cert. #529); ECDSA (Cert. #223); RNG (Cert. #910)

-Other algorithms: AES (Cert. #1717, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; MD5; HMAC-MD5; RC2; RC4; AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1624

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/24/2011;
12/21/2011
Overall Level: 4 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip embedded

1623

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/24/2011;
12/21/2011
Overall Level: 4 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip embedded

1622 Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

-Kevin Nigh
TEL: 412-262-2571
FAX: 919-865-0679

CST Lab: NVLAP 200928-0

CEP10-R, CEP10 VSE and CEP10-C
(Hardware Versions: [CEP10-R, PN 410-032-402, A], [CEP10 VSE, PN 410-032-402, A], [CEP10-C, PN 410-032-602, A] and [CEP10 VSE, PN 410-032-602, A]; Firmware Version: 1.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 10/24/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #673, #1089 and #1090); AES (Certs. #779, #1680 and #1681); SHS (Certs. #781, #1466 and #1467); HMAC (Certs. #426, #983 and #984); RSA (Certs. #825 and #826); DSA (Certs. #523 and #524); RNG (Certs. #891 and #892)

-Other algorithms: MD5; HMAC-MD5; ARC2; ARC4; AES-XCBC-MAC-96 (non-compliant); DES; Blowfish; AEAD; EC Diffie-Hellman; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 to 150 bits of encryption strength)

Multi-chip standalone

"The Certes Networks CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the Certes Networks CEP10-R and CEP10 VSE has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP's local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1621 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B
(Hardware Versions: 7606-S and 7609-S with SUP720-3B; Firmware Version: 15.1(3)S3)

(When operated in FIPS mode with the tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/28/2011;
02/09/2012;
02/23/2012;
07/09/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (Cert. #1634); DRBG (Cert. #88); HMAC (Cert. #961); RSA (Cert. #808); SHS (Cert. #1439); Triple-DES (Cert. #1070)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength); DES; DES MAC; HMAC MD5; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 7606-S and 7609-S routers are designed for deployment at the network edge, where robust performance and IP/Multiprotocol Label Switching services are necessary to meet the requirements of both enterprises and service providers. It enables Carrier Ethernet service providers to deploy an advanced network infrastructure that supports a range of IP video and triple-play (voice, video, and data) system applications in both the residential and business services markets. They also deliver WAN and metropolitan-area network networking solutions at the enterprise edge."
1620 Klas Ltd
1101 30th Street NW
Suite 500
Washington, DC 20007
USA

-Frank Murray
TEL: (866)-263-5467
FAX: (866)-532-3091

CST Lab: NVLAP 100432-0

KlasRouter
(Hardware Version: KlasRouter, Versions 3.02 and 3.03; Firmware Version: KlasOS3, Version 3.1.0 rc0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/19/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #1599); Triple-DES (Cert. #1045); HMAC (Cert. #936); SHS (Cert. #1411); ECDSA (Cert. #197); RNG (Cert. #856)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); NDRNG; MD5; HMAC-MD5; DSA (non-compliant)

Multi-chip standalone

"KlasRouter is a low-power router that provides Virtual Private Networking (including Suite-B algorithms), WAN Acceleration, VLAN and a host of other networking features in a compact package. KlasRouter is standards-based and hence is interoperable with any infastructure and the perfect solution for establishing a remote office in a secure environment."
1619 Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089-1206
USA

-Seyed Safakish
TEL: 408-745-2000
FAX: 408-745-2100

-Bishakha Banerjee
TEL: 408-745-2000
FAX: 408-745-2100

CST Lab: NVLAP 100432-0

FIPS Multi Service PIC
(Hardware Versions: PE-MS-100-1, PB-MS-100-1, PB-MS-400-2 and PC-MS-500-3; Firmware Version: 10.4 R1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/19/2011 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #465); Triple-DES (Certs. #482 and #1046); SHS (Certs. #768 and #1414); HMAC (Certs. #416 and #937); RSA (Cert. #783); RNG (Cert. #858)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; DES

Multi-chip embedded

"The FIPS Multiple Service PIC supports compressed real time protocol (CRTP), high-speed Network Address Translation (NAT), stateful firewall, tunnel services, IPSec encryption and J-Flow accounting today while having built-in headroom to support additional services in the future."
1618

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/18/2011 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1617 Dell, Inc.
One Dell Way
Round Rock, TX 78682
USA

CST Lab: NVLAP 200697-0

Dell PowerConnect J-Series J-SRX100, J-SRX210 and J-SRX240 Services Gateways
(Hardware Versions: (J-SRX100B, J-SRX100H, J-SRX210B, J-SRX210BE, J-SRX210H, J-SRX210HE, J-SRX210H-POE, J-SRX210HE-POE, J-SRX240B, J-SRX240H and J-SRX240H-POE) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R3)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 10/06/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #1064); AES (Cert. #1624); DSA (Cert. #510); SHS (Cert. #1433); RNG (Cert. #871); RSA (Cert. #802); HMAC (Cert. #955)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"Dell Inc. J-SRX100, J-SRX210, and J-SRX240 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. Supports Firewall, Ipsec VPN and IPS."
1616 Concepteers, LLC
121 Newark Ave
Suite 204
Jersey City, NJ 07302
USA

-David Van
TEL: 201-221-3052
FAX: 201-844-6262

CST Lab: NVLAP 200556-0

Concepteers Teleconsole E
(Hardware Version: rev A1; Firmware Version: 2.0)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 10/05/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1547); Triple-DES (Cert. #1017); SHS (Cert. #1374); DSA (Cert. #479); RSA (Cert. #752); HMAC (Cert. #903); RNG (Cert. #836)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The Teleconsole E is an enterprise network appliance providing Secure Remote Diagnostic Access (SRDA) to virtually any technology equipment (IT, Medical, Utilities (SCADA), Manufacturing, Retail (POS) and more). The unified, cross-platform solution is vendor independent and provides Authentication, Authorization, Access and Audit on a single platform to streamline access provisioning, security enforcement and user activity tracking for compliance."
1615 Symantec Corporation
20330 Stevens Creek Blvd.
Cupertino, CA 95014
USA

-John Bordwine
TEL: 703-885-3854

CST Lab: NVLAP 200556-0

Symantec Java Cryptographic Module
(Software Version: 1.0)

(This module contains the embedded module RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/30/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389 and vendor affirmed: SP 800-90); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614)

-Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE; RIPEMD 160; RNG (X9.31 non-compliant; MD5; SHA-1 non-compliant); RC2; RC4; RC5; RSA OAEP (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"The Symantec Java Cryptographic Module provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite."
1614 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Version: 5.4f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/30/2011;
10/26/2011;
11/08/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Vx Works 6.7; Android 2.2; VxWorks 5.5; VxWorks 6.2; VxWorks 6.4; WindRiver 4.0 using Linux 2.6.34 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1505, #1506, #1507, #1509 and #1510); Triple-DES (Cert. #1006); SHS (Cert. #1353); HMAC (Cert. #885); RSA (Cert. #738); DSA (Cert. #472); ECDSA (Cert. #187); RNG (Cert. #819); DRBG (Cert. #64)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt)

Multi-chip standalone

"The Mocana Cryptographic Suite B Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1613 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

Juniper Networks SRX100, SRX210, SRX220, SRX240 and SRX650 Services Gateways
(Hardware Versions: (SRX100B, SRX100H, SRX210B, SRX210BE, SRX210H, SRX210HE, SRX210H-POE, SRX210HE-POE, SRX220H, SRX220H-POE, SRX240B, SRX240H, SRX240H-POE, SRX650-BASE-SRE6-645AP and SRX650-BASE-SRE6-645DP) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 10/06/2011;
11/08/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #1064); AES (Cert. #1624); DSA (Cert. #510); SHS (Cert. #1433); RNG (Cert. #871); RSA (Cert. #802); HMAC (Cert. #955)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"SRX100, SRX210, SRX220, SRX240 and SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus and data center applications, are powered by Juniper Networks JUNOS the proven"
1612 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Loadable Kernel Module
(Software Version: 5.4f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/29/2011;
10/26/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 2.2; WindRiver 4.0 using Linux 2.6.34 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1505, #1506, #1507, #1509 and #1510); Triple-DES (Cert. #1006); SHS (Cert. #1353); HMAC (Cert. #885); RNG (Cert. #819)

-Other algorithms: DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Loadable Kernel Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1611 Juniper Networks, Inc.
1194 North Mathilda Ave.
Sunnyvale, CA. 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

Juniper Networks SRX3400 and SRX3600 Services Gateways
(Hardware Versions: (SRX3400BASE-AC, SRX3400BASE-DC, SRX3600BASE-AC and SRX3600BASE-DC) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 10/06/2011;
11/08/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #1032 and #1033); AES (Certs. #1575 and #1577); DSA (Cert. #486); SHS (Certs. #1395 and #1396); RNG (Cert. #849); RSA (Cert. #768); HMAC (Certs. #922 and #923)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"Juniper Networks SRX3000 Series line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX3000 Series line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions."
1610 EMC Corporation
176 South Street
Hopkinton, MA 01748
USA

-Dan Reddy
TEL: 508-249-2733

-Kerry Mahoney
TEL: 508-249-4940
FAX: 508-249-3172

CST Lab: NVLAP 200427-0

4 Gb/s FC I/O Module with Encryption
(Hardware Version: 303-176-100B B04)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/26/2011 Overall Level: 1 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1638)

-Other algorithms: AES (Cert. #1638, key wrapping)

Multi-chip embedded

"Data at Rest Encryption provides hardware-based, back-end encryption for EMC storage systems. Back-end encryption protects information from unauthorized access when drives are physically removed from the system. It also offers a convenient means of decommissioning all drives in the system at once. EMC 4Gb/s Fibre Channel I/O modules implement AES-XTS 256-bit encryption on all drives in the system. These modules encrypt/decrypt data as it is written to and read from a drive. The drives need not be self-encrypting because the I/O module encrypts. All back end drive types are thus supported."
1609 AirTight Networks, Inc.
339 N. Bernardo Avenue
Suite 200
Mountain View, CA 94043
USA

-Hemant Chaskar
TEL: 650-961-1111
FAX: 650-961-1169

CST Lab: NVLAP 200002-0

SpectraGuard® Enterprise Sensor
(Hardware Version: SS-300-AT-C-10 with SS-FIPS-TPL; Firmware Version: 6.2.39p1)

(When operated in FIPS mode and with tamper evident seals installed over the ventilation openings as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/26/2011 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #1310); SHS (Cert. #1199); RNG (Cert. #732); RSA (Cert. #628); HMAC (Cert. #763)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5

Multi-chip standalone

"The module performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks."
1608 Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA 94304
USA

-Gloria English
TEL: 408-447-3979

-Mihai Damian
TEL: 408-447-3977

CST Lab: NVLAP 200002-0

NonStop Volume Level Encryption (NSVLE)
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/26/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Debian Linux HPTE Ver. 3.0.0; Debian Linux HPTE Ver. 4.0.0 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1364 and #1365); Triple-DES (Cert. #941); SHS (Cert #1246); RNG (Cert. #751); HMAC (Cert. #800); RSA (Cert. #666)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); MD5

Multi-chip standalone

1607 Verdasys, Inc.
404 Wyman St.
Suite 320
Waltham, MA 02451
USA

-Harvey Morrison
TEL: 781-788-8180

CST Lab: NVLAP 200002-0

Verdasys Secure Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 09/26/2011;
08/24/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit; Windows XP 64-bit (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1384); SHS (Cert. #1261); DRBG (Cert. #50); HMAC (Cert. #814); RSA (Cert. #677)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RNG (non-compliant)

Multi-chip standalone

"The Verdasys FIPS Kernel Mode Cryptographic Module, VSEC.SYS, is a software module that provides cryptographic services for Digital Guardian's server and endpoint products. The Verdasys FIPS Kernel Mode Cryptographic Module is leveraged in a variety of functions including securing communication, protecting agent components, and file encryption."
1606 Fortress(TM) Technologies
4023 Tampa Road
Suite 2200
Oldsmar, FL 34677
USA

-Tony Margalis
TEL: 813-288-7388
FAX: 813-288-7389

CST Lab: NVLAP 200427-0

Fortress Mesh Points
(Hardware Versions: ES210, ES300, ES440, ES520v1, ES520v2 and ES820; Firmware Version: 5.3.1)

(When operated in FIPS mode and with the tamper evident seals and glue installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/26/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #688, #694 and #1519); DRBG (Cert. #66); HMAC (Certs. #367, #371 and #889); KAS (Cert. #10); RNG (Certs. #402 and #406); RSA (Cert. #439); SHS (Certs. #717, #721 and #1357)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits security strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits security strength); MD5

Multi-chip standalone

"The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1605 Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

-Kevin Nigh
TEL: 412-262-2571
FAX: 919-865-0679

CST Lab: NVLAP 200928-0

CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE
(Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 1.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/26/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #482, #667, #1089 and #1090); AES (Certs. #465, #762, #1680 and #1681); SHS (Certs. #768, #769, #1466 and #1467); HMAC (Certs. #416, #417, #983 and #984); RSA (Certs. #825 and #826); DSA (Certs. #523 and #524); RNG (Certs. #891 and #892)

-Other algorithms: MD5; HMAC-MD5; ARC2; ARC4; AES-XCBC-MAC-96 (non-compliant); DES; Blowfish; AEAD; EC Diffie-Hellman; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The Certes Networks CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the Certes Networks CEP has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1604 Centrify Corporation
785 N. Mary Avenue
Suite 200
Sunnyvale, CA 94085
USA

-Kitty Shih
TEL: 408-542-7500
FAX: 408-542-7575

CST Lab: NVLAP 200648-0

Centrify Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/20/2011;
12/01/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.6.5; Mac OS X 10.7; RedHat Enterprise Linux ES v5 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #1018 and #1208); AES (Certs. #1554 and #1861); SHS (Certs. #1375 and #1637); HMAC (Certs. #904 and #1108); RSA (Certs. #755 and #941); DSA (Certs. #480 and #580); DRBG (Certs. #69 and #149)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 219 bits of encryption strength)

Multi-chip standalone

"Centrify Cryptographic Module is a general purpose cryptographic library. The Centrify Cryptographic Module provides the cryptographic services for all Centrify products."
1603 Ciena® Corporation
1201 Winterson Road
Linthicum, MD 21090
USA

-Mark Kettle
TEL: 613-763-2422
FAX: 613-763-7191

-Bao-Chau Nguyen
TEL: 613-763-1671
FAX: 613-763-7191

CST Lab: NVLAP 200556-0

Optical Metro 5130
(Hardware Version: Chassis: NTB200BAE5 Rev: 03, S-DNM: NTB211AAE5 Rev: 02, Filler: NTB207BAE5 Rev: 02, and Seal Kit: NTB209LAE6; Firmware Version: 4.00.008.927)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/20/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (1) (Cert. #1462); Triple-DES (Cert. #986); SHS (Cert. #1324); HMAC (Cert. #859); RNG (Cert. #799)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); AES (2) (non-compliant); DES; Blowfish; MD5; OM5130 Key-based scrambler

Multi-chip standalone

"The OM 5130 cost effectively simplifies and secures data file mobility between data centers. The OM 5130 increases WAN efficiency, natively consolidates data and storage networks onto a common encrypted WAN link and delivers definable time-of-day bandwidth management that allocates bandwidth to the required application at the required time of day."
1602 Juniper Networks, Inc.
1194 North Mathilda Ave.
Sunnyvale, CA. 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

Juniper Networks SRX5600 and SRX5800 Services Gateways
(Hardware Versions: (SRX5600BASE-AC, SRX5600BASE-DC, SRX5800BASE-AC and SRX5800BASE-DC) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/20/2011;
11/08/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #1030 and #1034); AES (Certs. #1573 and #1578); DSA (Cert. #484); SHS (Certs. #1393 and #1397); RNG (Cert. #847); RSA (Cert. #766); HMAC (Certs. #920 and #924)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"Juniper Networks SRX5000 line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX5000 line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions."
1601 McAfee, Inc.
27201 Puerta Real, Suite 400
Mission Viejo, CA 92691
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

McAfee Endpoint Encryption for PCs
(Software Version: 5.2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/08/2011;
10/04/2011
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit; Windows Vista 64-bit (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHS (Cert. #1247); RNG (Cert. #752)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG

Multi-chip standalone

"McAfee Endpoint Encryption for PCs is a Software Only Module which resides on general purpose computer systems. The module is used for whole disk encryption that enables users to secure sensitive data stored on hard disk drives in the event of a lost or stolen workstation or laptop computer. McAfee Endpoint Encryption for PCs is an enterprise class software product that is centrally managed and can be deployed to large heterogeneous enterprise environments."
1600 IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0

IBM® z/OS® Version 1 Release 12 System SSL Cryptographic Module
(Hardware Versions: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Software Version: System SSL level HCPT3C0/JCPT3C1 w/ APAR OA34156, RACF level HRF7770 and ICSF level HCR7770 w/ APAR OA34205; Firmware Version: 4765-001 (e1ced7a0))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 09/08/2011 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R12] (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1702, #1703 and #1713); Triple-DES (Certs. #1093, #1094 and #1103); DSA (Certs. #526 and #527); RSA (Certs. #831, #832, #844, #845 and #846); SHS (Certs. #1485, #1486 and #1497); HMAC (Certs. #986 and #987); RNG (Certs. #901 and #902)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2; ECDSA (non-compliant)

Multi-chip standalone

"System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1599 STMicroelectronics, Inc.
750 Canton Drive
Suite 300
Coppell, TX 75019
USA

-Gianfranco Scherini
TEL: 408-919-8426
FAX: 408-919-0250

CST Lab: NVLAP 200802-0

HardCache™-SL3/PC v2.1
(Hardware Version: STM7007)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/20/2011 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1068); SHS (Cert. #1219); HMAC (Cert. #781); Triple-DES (Cert. #798); ECDSA (Cert. #155); RSA (Cert. #623); RNG (Cert. #725)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Single-chip

"The STMicroelectronics HardCache™-SL3/PC v2.1 Cryptographic Module (HW rev STM7007) is a single chip cryptographic module designed as a hardware accelerated encryption engine for computer and peripheral applications. The cryptographic module is targeted for PC applications including desktop client, laptop, and server systems. Benefits compared to competing hardware and software solutions include better overall system performance, low power, and tamper resistant hardware security."
1598 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Bordwine
TEL: 703-885-3854
FAX: 301-514-3726

CST Lab: NVLAP 200556-0

Symantec Cross-Platform Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/02/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2003 Server (32-bit); RHEL 5 (32-bit); Solaris 10 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1614); Triple-DES (Cert. #1055); RSA (Cert. #792); DSA (Cert. #502); SHS (Cert. #1423); HMAC (Cert. #946); DRBG (Cert. #83)

-Other algorithms: DES; Camellia; SEED; RC2; RC4; MD2; MD5; RSA (Cert. #792, key wrapping; key establishment methodology provides between 80 and 192 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The Symantec Cross-Platform Cryptographic Module (SymCPM) is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCPM is implemented in the C programming language and consists of three components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
1597 Bomgar Corporation
578 Highland Colony Parkway
Paragon Centre, Suite 300
Ridgeland, MS 39157
USA

-Main Office
TEL: 601-519-0123
FAX: 601-510-9080

-Victor Wolff
TEL: 703-483-5515
FAX: 601-510-9080

CST Lab: NVLAP 200426-0

B200™ and B300™ Remote Support Appliances
(Hardware Version: B200, B300 or B300r1; Software Version: 10.6.2 FIPS; Firmware Version: 3.2.2 FIPS)

(When operated in FIPS mode and with the tamper evident seals applied as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/31/2011;
10/26/2011
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #1563); Triple-DES (Cert. #1027); RSA (Cert. #762); SHS (Cert. #1388); HMAC (Cert. #915); RNG (Cert. #844)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5

Multi-chip standalone

"Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1596 Bomgar Corporation
578 Highland Colony Parkway
Paragon Centre, Suite 300
Ridgeland, MS 39157
USA

-Main Office
TEL: 601-519-0123
FAX: 601-510-9080

-Victor Wolff
TEL: 703-483-5515
FAX: 601-510-9080

CST Lab: NVLAP 200426-0

B400™ Remote Support Appliance
(Hardware Version: B400 or B400r1; Software Version: 10.6.2 FIPS; Firmware Version: 3.2.2 FIPS)

(When operated in FIPS mode and with the tamper evident seals applied as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/31/2011;
10/26/2011
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #1563); Triple-DES (Cert. #1027); RSA (Cert. #762); SHS (Cert. #1388); HMAC (Cert. #915); RNG (Cert. #844)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5

Multi-chip standalone

"Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1595 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Gorczyca

CST Lab: NVLAP 200556-0

Symantec Enterprise Vault Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode with module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode or Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/31/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Microsoft Windows Server 2008 R2 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #818 and #1168); Triple-DES (Certs. #691 and #846); RSA (Certs. #395, #559 and #568); SHS (Certs. #816 and #1081); HMAC (Certs. #452 and #687); RNG (Cert. #470); DRBG (Cert. #23)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); ANSI X9.31 RSA key-pair generation (non-compliant); ANSI X9.31 RSA signature verification (non-compliant); RC2; RC4; MD5; MD2; MD4; DES

Multi-chip standalone

"Symantec Enterprise Vault Cryptographic Module is a multi-chip standalone physical embodiment. The module consists of a DLL which interfaces with the Microsoft Cryptographic API to provide the required cryptographic functionality. The Enterprise Vault Cryptographic Module may be used for encryption/decryption of Enterprise Vault passwords, hashing of indexes, and random number generation."
1594 SafeNet, Inc.
1655 N Fort Myer Drive
Suite 1150
Arlington, VA 22209
USA

-SafeNet Government Sales
TEL: 703-647-8408
FAX: 410-290-6506

CST Lab: NVLAP 200002-0

SafeNet Ethernet Encryptor, Branch Office
(Hardware Versions: 943-5020v-004 [1] [2] and 943-50211-001 [2]; Firmware Versions: 1.0.6.4 [1] and 2.0.2 [2])

(When operated in FIPS mode. Refer to the cryptographic module's security policy for the details on the letter v designations.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/27/2011 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1243); HMAC (Cert. #740); RNG (Cert. #690); RSA (Cert. #596); SHS (Cert. #1142); Triple-DES (Cert. #890)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Camellia; SEED

Multi-chip standalone

"The SafeNet Ethernet Encryptor Branch Office provides data privacy and access control for connections between vulnerable public and private networks. It employs a FIPS-approved AES algorithm and can be deployed in 10 Megabit Ethernet networks. The encryptor can be centrally controlled or managed across multiple remote stations using SafeNet's Security Management Center (SMC), a SNMPv3-based security management system."
1593 Mxtran Inc.
9F, No.16, Li-Hsin Road, Science Park
Hsin-chu, 300
Republic of China

-C.W. Pang
TEL: +886-3-6661778#29300
FAX: +886-3-6662568

CST Lab: NVLAP 200824-0

Mxtran Payeeton Solution
(Hardware Version: MX11E25644E; Firmware Version: Simker v2.30)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/22/2011 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #1007); AES (Cert. #1511); RSA (Cert. #739); SHS (Cert. #1354); HMAC (Cert. #886); RNG (Cert. #820)

-Other algorithms: N/A

Single-chip

"Mxtran Payeeton Solution (MPS, hereafter referred to as the module) of Mxtran Inc. acts as a flexible platform for diversified mobile commerce services, allowing Mxtran clients to support both proximity payment and mobile payment via SMS for prepaid, online paid and post-paid services including e-ticketing, e-coupons, access control, membership management and more. Mxtran leverages extensive integrated circuit expertise to deliver highly customizable, portable applications and payment services in a single handset."
1592 Harris Corporation
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Brian Justice
TEL: 434-455-9586

-Joyce O'Quinn
TEL: 434-455-6458

CST Lab: NVLAP 200427-0

Harris Unified Audio Card
(Hardware Version: EA-103168-002; Firmware Versions: MPC 860: SK-007765-007 v R03A08, DSP: SK-007765-013 v R03A05, Boot Loader / Factory Test: R03A02, Low Level Boot: R01D01 and DSP Factory Test: R01D02)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/22/2011 Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #1652 and #1653), HMAC (Cert. #970), RNG (Cert. #883), SHS (Cert. #1450)

-Other algorithms: AES MAC (AES Cert. #1652, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Harris UAC is a multi-channel analog audio gateway used to interface analog radio communication equipment such as conventional base stations to radio systems and other devices on a Voice Interoperability Data Access (VIDA) network."
1591 Symantec Corporation
20330 Stevens Creek Blvd
Cupertino, CA 95014
USA

-John Bordwine
TEL: 703-885-3854
FAX: 301-514-3726

CST Lab: NVLAP 200556-0

Symantec Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/12/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (32-bit); Red Hat Enterprise Linux 4.8 (32-bit) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1607); Triple-DES (Cert. #1052); DSA (Cert. #498); SHS (Cert. #1420); RNG (Cert. #861); RSA (Cert. #789); HMAC (Cert. #943)

-Other algorithms: DES; Blowfish; CAST; IDEA; RC2; RC4; RC5; MD2; MD4; MD5; RipeMD; MDC-2; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (Cert. #789, key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The Symantec Cryptographic Module is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCrypt is implemented in the C programming language and consists of a shared library that is linked with SSIM application components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
1590 BAE Systems
2525 Network Place
Herndon, VA 22171
USA

-John Ata
TEL: 703-736-4384
FAX: 703-736-4348

CST Lab: NVLAP 200427-0

STOP OS 7 Kernel Cryptographic Module
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/10/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with STOP 7.3 Beta 1 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1603); DRBG (Cert. #78); HMAC (Cert. #939); SHS (Cert. #1416); Triple-DES (Cert. #1048)

-Other algorithms: DES

Multi-chip standalone

"The STOP 7 Kernel Cryptographic Module is a library that is distributed as part of the monolithic kernel. The module provides the general purpose cryptographic functionality used by the kernel and kernel modules."
1589 ZTE Corporation
NO. 55, Hi-tech Road South
Shen Zhen, Guangdong Province 518057
People's Republic of China

-Mr. Royce Wang
TEL: +86-755-2677 0345
FAX: +86-755-2677 0347

CST Lab: NVLAP 200658-0

UEP Cryptographic Module
(Software Version: 4.11.10)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/10/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with NewStart CGS Linux V3.02 with Sun JDK/JRE 1.6.0_11 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #1039 and #1040); AES (Certs. #1583 and #1584); DSA (Certs. #489 and #490); SHS (Certs. #1402 and #1403); RSA (Certs. #773 and #774); HMAC (Certs. #929 and #930); DRBG (Certs. #73 and #74)

-Other algorithms: N/A

Multi-chip standalone

"UEP cryptographic mpdule provides general purpose cryptographic services intended to protect data in transit and at rest."
1588 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

Agent Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode with module RSA BSAFE Crypto-C Micro Edition validated to FIPS 140-2 under Cert. #828 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 08/05/2011 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (x86 32-bit) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #490); Triple-DES (Cert. #501); RSA (Cert. #203); SHS (Cert. #560); RNG (Cert. #270); DSA (Cert. #199);

-Other algorithms: NDRNG

Multi-chip standalone

"McAfee Agent Cryptographic Module provides cryptographic operations for McAfee Agent, a software agent used in conjunction with McAfee ePolicy Orchestrator (ePO) to manage and monitor numerous end-point security products."
1587 McAfee Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

ePO Cryptographic Module
(Software Version: 1.0, 1.1, 1.2, 1.3, or 1.4)

(When operated in FIPS mode with module RSA BSAFE® Crypto-J validated to FIPS 140-2 under Cert. #1047 operating in FIPS mode and with module RSA BSAFE® Crypto-C Micro Edition validated to FIPS 140-2 under Cert. #1092 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 08/05/2011;
11/17/2011;
04/02/2012;
08/16/2012;
01/04/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP (x86 32 bit) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #670 and #860); RSA (Certs. #312 and #412); SHS (Certs. #703 and #855); RNG (Certs. #390 and #492); DSA (Cert. #311); Triple-DES (Cert. #707);

-Other algorithms: NDRNG

Multi-chip standalone

"McAfee ePO Cryptographic Module provides cryptographic operations for McAfee ePolicy Orchestrator (ePO), a security management software that allows enterprises to unify the management of numerous end-point, network, and data security products."
1586 ZTE Corporation
NO. 55, Hi-tech Road South
Shen Zhen, Guangdong Province 518057
People's Republic of China

-Mr. Royce Wang
TEL: +86-755-2677 0345
FAX: +86-755-2677 0347

CST Lab: NVLAP 200658-0

Unified Platform Cryptographic Library
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/09/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with EMBSYS (TM) Carrier Grade Embedded Linux V3 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1585 and #1586); Triple-DES (Certs. #1041 and #1042); SHS (Certs. #1404 and #1405); RSA (Certs. #775 and #776); DSA (Certs. #491 and #492); HMAC (Certs. #931 and #932); DRBG (Certs. #75 and #76)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); IDEA; DES; RC2; RC4; MD2; MD4; MD5; RIPEMD; CAST; Blowfish

Multi-chip standalone

"Unified Platform Cryptographic Library provides general purpose cryptographic services intended to protect data in transit and at rest."
1585 Fortinet, Inc.
13221 Woodland Park Road
Suite 110
Herndon, VA 20171
USA

-Phil Fuster, Vice President, Federal Operations
TEL: 703-709-5011 x2807
FAX: 703-709-2180

CST Lab: NVLAP 200426-0

FortiGate-80C [1], FortiGate-110C [2] and FortiGate-111C [3]
(Hardware Versions: C4BC61 [1], C4HA15 [2] and C4BQ31 [3]; Firmware Version: FortiOS 4.0, build6359, 100712)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2011 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1404, #1408 and #1409); Triple-DES (Certs. #957, #961 and #962); RNG (Cert. #770); SHS (Certs. #1274, #1278 and #1279); HMAC (Certs. #825, #829 and #830); RSA (Certs. #685 and #686)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1584 Fortinet, Inc.
13221 Woodland Park Road
Suite 110
Herndon, VA 20171
USA

-Phil Fuster, Vice President, Federal Operations
TEL: 703-709-5011 x2807
FAX: 703-709-2180

CST Lab: NVLAP 200426-0

FortiGate-1240B [1], FortiGate-3016B [2], FortiGate-3600A [3] and FortiGate-3810A-E4 [4]
(Hardware Versions: C4CN43 [1], C4XA14 [2], V3BU94 [3] and C3GV75 [4]; Firmware Version: FortiOS 4.0, build6341, 100617)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2011 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1404, #1408 and #1409); Triple-DES (Certs. #957, #961 and #962); RNG (Cert. #770); SHS (Certs. #1274, #1278 and #1279); HMAC (Certs. #825, #829 and #830); RSA (Certs. #685 and #686)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1583 Fortinet, Inc.
13221 Woodland Park Road
Suite 110
Herndon, VA 20171
USA

-Phil Fuster, Vice President, Federal Operations
TEL: 703-709-5011 x2807
FAX: 703-709-2180

CST Lab: NVLAP 200426-0

FortiGate-200B [1], FortiGate-300A [2], FortiGate-300A-HD [3], FortiGate-310B [4], FortiGate-311B [5], FortiGate-620B [6] and FortiGate-800 [7]
(Hardware Versions: C4CD24 [1], C4FK88 [2], C4FK88 [3], C4ZF35 [4], C4CI39 [5], C4AK26 [6] and C4UT39 [7]; Firmware Version: FortiOS 4.0, build6359, 100712)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2011 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1404, #1405, #1408, #1409 and #1463); Triple-DES (Certs. #957, #958, #961, #962 and #987); RNG (Cert. #770); SHS (Certs. #1274, #1275, #1278, #1279 and #1327); HMAC (Certs. #825, #826, #829, #830 and #862); RSA (Certs. #685 and #686)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1582 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

IPCryptR2
(Hardware Version: P/N BLN1306A; Firmware Version: R03.01.51)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2011 Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: Level 3
-Operational Environment: Level 3

-FIPS-approved algorithms: AES (Certs. #1424 and #1425); SHS (Cert. #1292); RNG (Cert. #778); ECDSA (FIPS 186-3, vendor affirmed)

-Other algorithms: AES MAC (AES Cert. #1424, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1424, key wrapping; key establishment methodology provides 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); LFSR; NDRNG

Multi-chip standalone

"The IPCryptR2 provides secure key management and data encryption in Astro, Dimetra and Broadband Systems."
1581 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Check Point IP Appliance
(Hardware Versions: IP290 (CPAP-IP295-D-GFIP [Nokia NBB0292000] and N431174001, CPAP-IP295-D-AC-DS [Nokia NBB0295000] and N431174001) and IP690 (CPAP-IP695-D-GFIP [Nokia NBB0692000], CPIP-A-4-1C and N431174001); Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA-30)

(When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #497, #709, #769 and #342); Triple-DES (Certs. #507, #637, #510, #638, #729, #669 and #406); HMAC (Certs. #248, #384, #251, #385, #499, #421 and #146); SHS (Certs. #564, #734, #567, #735, #883, #775 and #417); DSA (Certs. #202 and #271); RSA (Certs. #211, #332, #213 and #333); RNG (Certs. #275, #417, #277 and #418)

-Other algorithms: CAST; DES; HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); Triple-DES (K3 mode; non-compliant)

Multi-chip standalone

"The Check Point IP Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1580 Hewlett-Packard TippingPoint
7501 N. Capital of Texas Highway
Austin, TX 78737
USA

-Dinesh Vakharia
TEL: 512-681-8271

-Freddie Jimenez Jr.
TEL: 512-681-8305

CST Lab: NVLAP 200427-0

HP TippingPoint Security Management System
(Firmware Version: 3.2.0.8312.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 08/10/2011 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-Tested: Fedora Core 10 Operating System running on a HP ProLiant DL320 G6 Server

-FIPS-approved algorithms: AES (Certs. #1631 and #1632); DRBG (Cert. #87); DSA (Cert. #513); HMAC (Certs. #958 and #959); RNG (Cert. #874); RSA (Certs. #805 and #806); SHS (Certs. #1436 and #1437); Triple-DES (Certs. #1067 and #1068)

-Other algorithms: Blowfish; CAMELLIA; CAST; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and112 bits of encryption strength); IDEA; MD2; MD5; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); SEED

Multi-chip standalone

"The HP Security Management System Appliance Series delivers enterprise-class security management capabilities that are simple to use and extremely powerful. The Security Management System Appliance is a hardened appliance that provides both global vision and security policy control for large-scale deployments of all HP products, including HP Intrusion Prevention Systems (IPS), Core Controllers, and SSL Appliances. The appliance is responsible for discovering, monitoring, configuring, diagnosing, remediating, and reporting for global IPS deployments."
1579 Certicom Corp.
4701 Tahoe Blvd.,
Building A
Mississauga, Ontario L4W 0B5
Canada

-Randy Tsang
TEL: 289-261-4189

-Certicom Eastern US Sales Office
TEL: 703-234-2357
FAX: 703-234-2356

CST Lab: NVLAP 200426-0

Security Builder FIPS Module
(Software Version: 5.6, 5.6.1 or 5.6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 07/21/20111;
06/05/2012;
08/16/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with QNX Neutrino Version 6.6 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #1054); AES (Cert. #1609); SHS (Cert. #1422); HMAC (Cert. #945); RNG (Cert. #863); DRBG (Cert. #82); DSA (Cert. #500); ECDSA (Cert. #200); RSA (Cert. #791); KAS (Cert. #14; key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

-Other algorithms: DES; DESX; AES CCM* (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECIES; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The Security Builder FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1578 Research in Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Security Certifications Team
TEL: (519) 888-7465 x 72921
FAX: (519) 888-9852

CST Lab: NVLAP 200426-0

BlackBerry OS Cryptographic Library
(Software Version: 5.6, 5.6.1 or 5.6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 07/21/2011;
06/05/2012;
08/16/2012;01/24/2013;
02/22/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with BlackBerry® Tablet OS Version 2.0 (Binary compatible to BlackBerry® Tablet OS Version 1.0) (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #1053); AES (Cert. #1608); SHS (Cert. #1421); HMAC (Cert. #944); RNG (Cert. #862); DRBG (Cert. #81); DSA (Cert. #499); ECDSA (Cert. #199); RSA (Cert. #790); KAS (Cert. #13; key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

-Other algorithms: DES; DESX; AES CCM* (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECIES; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The BlackBerry OS Cryptographic Library is a software module that provides the cryptographic functionality required for secure operation of the BlackBerry® PlayBook™ and devices running the BlackBerry® 10 OS ."
1577 Futurex
864 Old Boerne Rd.
Bulverde, TX 78163
USA

-Paul Enman
TEL: 830-980-9782
FAX: 830-438-8782

CST Lab: NVLAP 100432-0

EXP9000 Hardware Security Module
(Hardware Version: P/N 9750-2075, Revision B; Firmware Version: 4.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/05/2011 Overall Level: 3 

-FIPS-approved algorithms: RSA (Cert. #810); AES (Cert. #1636); Triple-DES (Cert. #1072); SHS (Cert. #1441); HMAC (Cert. #962); RNG (Cert. #877)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; DES; TR-31

Multi-chip embedded

"The EXP9000 cryptographic module provides secure encryption, storage, and transmission of sensitive data used in a wide variety of applications including Futurex Hardware Security Modules (HSM) and Key Management Servers (KMS)."
1576 Teledyne Webb Research
82 Technology Park Drive
East Falmouth, MA 02536
USA

-David Pingal
TEL: 508-548-2077 x 146

CST Lab: NVLAP 200002-0

MiniCrypt
(Software Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 07/21/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Persistor CF1 HW system with Motorola MC68CK338CPV14 processor running PicoDOS version 2.26

-FIPS-approved algorithms: AES (Cert. #1268); SHS (Cert. #1168); HMAC (Cert. #738)

-Other algorithms: N/A

Multi-chip standalone

"MiniCrypt is a small, low resource utilization, software library for use in embedded systems, providing encryption, decrypting, hashing and message authentication functions."
1575 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 519-886-4839

CST Lab: NVLAP 200556-0

BlackBerry Smartcard Reader
(Hardware Version: 2.0; Firmware Version: 3.8.5.51)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/15/2011 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1172); HMAC (Cert. #672); SHS (Cert. #1084); RNG (Cert. #648); RSA (Cert. #555); ECDSA (Cert. #140)

-Other algorithms: EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"The BlackBerry Smart Card Reader for BlackBerry devices is an accessory that, when used in proximity to certain Bluetooth(R) enabled BlackBerry devices and computers, integrates smart card use with the BlackBerry Enterprise Solution, letting users authenticate with their smart cards to log in to Bluetooth enabled BlackBerry devices and computers."
1574 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

Endpoint Encryption Manager
(Software Version: 5.2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/15/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2003 Standard Edition SP2 on Dell Optiplex GX620 with 3.0 GHz Intel Pentium D Processor 830 (1 CPU) (32 bit); Windows Server 2008 64 bit Enterprise Edition on Dell PowerEdge 2970 with 1.7 GHz quad core AMD Opteron 2344 Processor (2 CPUs) (64-bit) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHS (Cert. #1247); RNG (Cert. #752)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG

Multi-chip standalone

"McAfee Endpoint Encryption Manager (EEMgr) is the central management console for McAfee Endpoint Encryption for PC clients and users. The EEMgr allows authorized administrators to manage system users and computers, configure and apply security policies, recover user credentials, and create custom login tokens to be used with smart cards and PKI systems."
1573 U.S. Department of State
301 4th Street SW SA-44
Washington, DC 20547
USA

-Paul Newton
TEL: 202-203-5153
FAX: 202-203-7669

CST Lab: NVLAP 100432-0

PKI BLADE Applet and Protiva PIV DL Card
(Hardware Version: P/N P5CD144 Version A1047808; Firmware Version: EI08-M1004069, Softmask V01, PIV Applet V1.55 and PKI BLADE Applet V1.2)

(PIV Card Application: Cert. #22)

(When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 12)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/15/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed); SHS (Cert. #786); RSA (Cert. #372); RNG (Cert. #450)

-Other algorithms: Triple-DES (Cert. #678, key wrapping; key establishment methodology provides 100 bits of encryption strength)

Single-chip

"The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using passwords and fingerprints biometrics."
1572 Harris Corporation
1680 University Avenue
Rochester, NY, NY 14610
USA

-Hang Liu
TEL: 434-455-9610

-Dennis Boyer
TEL: 919-609-0608

CST Lab: NVLAP 200426-0

Harris AES Software Load Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/13/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Texas Instruments DSP/BIOS Software Kernel Version 5.33.03 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1482)

-Other algorithms: N/A

Multi-chip standalone

"The Harris AES Software Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals."
1571 Thales - nCipher
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200002-0

nShield Connect 6000 [1], nShield Connect 1500 [2] and nShield Connect 500 [3]
(Hardware Versions: NH2047 [1], NH2040 [2] and NH2033 [3], Build Standard N; Firmware Version: V11.30)

(When operated in FIPS mode with nShield PCIe validated to FIPS 140-2 under Cert. #1063)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/13/2011 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #397, #754 and #1227); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435, #666 and #883); Triple-DES MAC (Cert. #666, vendor affirmed); DSA (Certs. #280 and #407); ECDSA (Certs. #81 and #145); SHS (Certs. #764 and #1127); HMAC (Certs. #410 and #717); RSA (Cert. #356); RNG (Certs. #436 and #681)

-Other algorithms: Aria; Arc Four; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The Thales nShield Connect is a network-attached hardware security module for business continuity of always-on, mission-critical systems in shared infrastructures, providing high availability, scalability and remote management for cryptographic infrastructures. Part of the nCipher product line, nShield Connect is the world's first HSM with redundant, hot-swappable power supplies, and enables organizations to build reliable, large-scale cryptographic services for their infrastructures."
1570 SanDisk Corporation
Atir Yeda 7
Kfar-Saba, Israel

-Boris Dolgunov
TEL: +972-9-7645000
FAX: +972-3-5488666

CST Lab: NVLAP 100432-0

Cruzer Enterprise FIPS Edition
(Hardware Versions: P/Ns 54-89-15381-004G, 54-89-15381-008G, 54-89-15381-016G and 54-89-153-032G, Version Revision 1; Firmware Version: 9.5.21.01.F3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/12/2011 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #1432 and #1433); RSA (Cert. #702); SHS (Cert. #1295); RNG (Cert. #779)

-Other algorithms: RSA (encrypt/decrypt)

Multi-chip embedded

"The SanDisk Cruzer Enterprise FIPS Edition secure USB flash drive offers on-the-fly hardware encryption for enterprises and government agencies that helps IT professionals within those organizations to effectively protect information on company-issued USB flash drives. It is specially designed to meet the unique USB security, compliance, and manageability needs of large organizations. With FIPS 140-2 level 2 certification inside, the Cruzer Enterprise FIPS Edition caters to the ultra-sensitive security requirements of government agencies and enterprises."
1569 Doremi Cinema LLC
1020 Chestnut St.
Burbank, CA 91506
USA

-Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

-Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 200802-0

IMB
(Hardware Versions: IMB-A0, IMB-A1, IMB-A2, IMB-E0, IMB-E1 and IMB-E2; Firmware Versions: (5.0.10f, 30.04m-1 and 99.03f) or (5.0.21, 30.05g1 and 99.03f))

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/11/2011;
08/16/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #532, #1252 and #1383); HMAC (Cert. #731); SHS (Cert. #1148); RNG (Certs. #693 and #696); RSA (Certs. #600, #601 and #777)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG; MD5; HMAC-MD5; EC Diffie-Hellman; TI S-box

Multi-chip embedded

"The IMB (Integrated Media Block) is a card that utilizes Doremi’s patented 4K media block technology. The IMB can be installed in a DLP Series-II 4K-ready projector along with Doremi’s external ShowVault(TM), allowing to perform 4K content playback. The customer can still choose to project in 2K using the IMB."
1568 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

Endpoint Encryption Manager
(Software Version: 5.2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/30/2011 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (32-bit); Windows Server 2008 (64 bit) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHA-1 (Cert. #1247); RNG (Cert. #752)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG

Multi-chip standalone

"McAfee Endpoint Encryption Manager (EEMgr) is the central management console for McAfee Endpoint Encryption for PC clients and users. The EEMgr allows authorized administrators to manage system users and computers, configure and apply security policies, recover user credentials, and create custom login tokens to be used with smart cards and PKI systems."
1567 Lumension Security, Inc.
15880 Greenway-Hayden Loop
Suite 100
Scottsdale, AZ 85260
USA

-Chris Chevalier
TEL: 480-970-1025
FAX: 480-970-6323

-Ron Smith
TEL: 480-663-8763
FAX: 480-970-6323

CST Lab: NVLAP 200002-0

Lumension Cryptographic Kernel
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/27/2011 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX620 running MS Windows Server 2003 Standard, Version 5.2 SP 2 (32-bit version); Dell PowerEdge 2850 running MS Windows Server 2003 Standard x64, Version 5.2 SP 2 (64-bit version); Dell Optiplex GX620 running MS Windows XP Professional, Version 5.1 SP 2 (32-bit version); Dell PowerEdge 2850 running Windows XP Professional x64, Version 5.2 SP 2 (64-bit version)

-FIPS-approved algorithms: AES (Cert. #1045); SHS (Cert. #995); RNG (Cert. #596); HMAC (Cert. #587); RSA (Cert. #499); ECDSA (Cert. #126)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5; HMAC-MD5; ECIES

Multi-chip standalone

"The Lumension Cryptographic Kernel (LCK) v1.0 provides the cryptographic functions for certain Lumension products, including Application and Device Control. These products secure endpoints from malware and unauthorized software execution, and from malicious or accidental data loss through the use of removable devices and media."
1566 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® CNG Cryptographic Primitives Library
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/27/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 (x86 32-bit); Microsoft Windows 7 (x86_64 64-bit) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1598); DRBG (Cert. #77); DSA (Cert. #493); ECDSA (Cert. #196); HMAC (Cert. #935); RNG (Cert. #855); RSA (Cert. #780 and FIPS 186-3, vendor affirmed); SHS (Cert. #1410); Triple-DES (Cert. #1044)

-Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; HMAC-MD2; HMAC-MD4; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength)

Multi-chip standalone

"RSA BSAFE® CNG Cryptographic Primitives Library is a drop-in replacement for the Microsoft user-mode CNG (Cryptograpy, Next Generation) provider. It supports a wide range of industry standard encryption algorithms. Software applications written against the Microsoft CNG framework, that do not explicitly request a specific provider, will automatically use the BSAFE CNG cryptographic implementations without modification once the BSAFE CNG Primitive Provider is installed."
1565 Xceedium, Inc.
30 Montgomery Street
Suite 1020
Jersey City, NJ 07302
USA

-Dave Olander
TEL: 201-536-1000 x121
FAX: 201-536-1200

CST Lab: NVLAP 200556-0

Xceedium Xsuite
(Hardware Versions: 5 and 5a; Firmware Version: 1.0.0)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/23/2011;
12/03/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1151 and #1572); Triple-DES (Certs. #833 and #1029); SHS (Certs. #1065 and #1392); RSA (Cert. #765); HMAC (Certs. #654 and #919); RNG (Cert. #846)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DSA (Cert. #483; non compliant)

Multi-chip standalone

"Xceedium's GateKeeper is a hardened appliance that functions as a secure centralized management platform that enables IT operations to remotely manage data centers as one integrated system. A standardized security model can be developed to mitigate the risks of "untrusted" users; provide centralized access and policy, compartmentalize down to the port, define good and bad behavior, alert and restrict access to applications or commands. GateKeeper provides touch free support and includes all access methods and tools for in-band, out-of-band and power control."
1564 Schweitzer Engineering Laboratories, Inc.
2350 NE Hopkins Court
Pullman, WA 99163
USA

-Joe Casebolt
TEL: 509-332-1890
FAX: 509-332-7990

CST Lab: NVLAP 100432-0

SEL-3044
(Hardware Version: 1.0; Firmware Version: R101 or R103)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/23/2011;
02/15/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1272); SHS (Cert. #1170); HMAC (Cert. #739); RNG (Cert. #710); DSA (Cert. #412)

-Other algorithms: AES (Cert. #1272, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength)

Multi-chip standalone

"The SEL-3044 SEL Encryption Card provides strong cryptographic security to a variety of communications networks. It protects point-to-point, multi-drop, and many-to-many networks. The SEL-3044 secures all byte oriented serial protocols including popular SCADA or PCS protocols like DNP and MODBUS common to PLC, IED, and RTU products. It quickly integrates into serial communication networks including modem and data radio."
1563 3e Technologies International, Inc.
Suite 500, 9715 Key West Avenue
Rockville, MD 20850
USA

-Chris Guo
TEL: 301-944-1294
FAX: 301-670-6989

CST Lab: NVLAP 200002-0

3e-030-2 Security Server Cryptographic Core
(Software Version: 4.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 06/20/2011 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Red Hat Linux Enterprise 5.5 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1546); Triple-DES (Cert. #1016); SHS (Cert. #1371); HMAC (Cert. #897); RSA (Cert. #749); DSA (Cert. #478); ECDSA (Cert. #191); RNG (Cert. #834)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); MD5

Multi-chip standalone

"The 3e-030-2 Security Server Cryptographic Core (Version 4.0) provides FIPS 140-2 validated cryptographic functionality for the 3eTI Security Server product, a RADIUS based Authentication Server, capable of EAP-TLS authentication of wireless client, support of JITC DoD-signed certificates for PKI usage, and full 802.11i support. The 3e-030-2 provides the following FIPS-approved cryptographic algorithms: AES, SHA-1, SHA-2, HMAC, RSA DSA ECDSA sign/verify, FIPS 186-2 PRNG. The 3e-030-2 also supports the following non-FIPS cryptographic algorithms: Diffie Hellman, ECDH and MD5"
1562 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren

CST Lab: NVLAP 200416-0

Datacryptor® Gig Ethernet [1] and 10 Gig Ethernet [2]
(Hardware Versions: 1600x433 [1] and 1600x437 [2]; Firmware Version: 4.5)

(When configured with the Multi-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/20/2011 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1033, #1488, #1489, #1548 and #1550); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); NDRNG

Multi-chip standalone

"The Datacryptor® Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules designed to secure data transmissions across public Ethernet Layer 2 networks. The Gig Ethernet uses an SFP transceiver and the 10 Gig Ethernet uses a higher-speed XFP transceiver. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM."
1561 Oracle Corporation
500 Eldorado Blvd., Bldg 5
Broomfield, CO 80021
USA

-David Hostetter
TEL: 303-272-7126
FAX: 303-272-6555

CST Lab: NVLAP 100432-0

StorageTek™ T10000C Tape Drive
(Hardware Version: P/N 316052503; Firmware Version: 1.51.318)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/17/2011 Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #1564, #1565, #1566, #1567, #1568, #1569 and #1570); DRBG (Cert. #71); HMAC (Certs. #916 and #917); SHS (Certs. #1389 and #1390); RSA (Cert. #763)

-Other algorithms: AES (Cert. #1567, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The StorageTek™ T10000C Tape Drive provides 5 TB native capacity and 240 MB/sec throughput using BaFe media and with backward read compatibility to the T10000A/B. Designed for maximum security and performance, the T10000C provides AES-256 encryption to protect and authenticate customer data and to provide secure, authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle OKM to provide a secure end-to-end management solution."
1560 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3925E and Cisco 3945E Integrated Services Routers (ISRs)
(Hardware Versions: 3925E (with PCB rev -A0 and -B0), 3945E (with PCB rev -A0 and -B0), [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0], ISR: FIPS-SHIELD-3900=; Firmware Version: 15.1(2)T3)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/14/2011;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #803 and #1580); HMAC (Certs. #443 and #926); RNG (Cert. #850); RSA (Cert. #771); SHS (Certs. #801 and #1399); Triple-DES (Certs. #1036 and #1037)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 3925E and 3945E Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1559 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

Atalla Cryptographic Subsystem (ACS)
(Hardware Version: P/N 610113-002 Rev. C; Firmware Version: Loader Version 0.65, PSMCU Version 0.98)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/14/2011;
09/19/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1305 and #1311); RNG (Cert. #728); RSA (Cert. #625); SHS (Cert. #1194)

-Other algorithms: N/A

Multi-chip embedded

"The Atalla Cryptographic Subsystem (ACS) is a multi-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1558 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81 46 202 8074
FAX: +81 46 202 6304

CST Lab: NVLAP 200802-0

Gemini
(Hardware Version: 1.0.0; Firmware Version: 1.0.0 or 1.0.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/14/2011;
07/19/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1539, #1540 and #1541); RNG (Certs. #828, #829 and #830); RSA (Certs. #750 and #751); HMAC (Certs. #901 and #902); SHS (Certs. #1364, #1365, #1366 and #1367)

-Other algorithms: HMAC-MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip embedded

"The primary purpose of the Gemini is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1557 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 2150E
(Hardware Version: 2150E; Firmware Version: 7.0.1.01.E12)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/09/2011 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1556 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100E
(Hardware Version: 1100E; Firmware Version: 7.0.1.01.E12)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/09/2011 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1555 BlockMaster AB
Kyrkogatan 17
Lund, S-222 22
Sweden

-Johan Söderström
TEL: +46 (0) 46-2765100

-Anders Pettersson
TEL: +46 (0) 46-2765100

CST Lab: NVLAP 200002-0

BM-C1000
(Hardware Versions: BM-C1000-01, BM-C1000-02, BM-C1000-04, BM-C1000-08, BM-C1000-16, BM-C1000-32 and BM-C1000-64; Firmware Version: 4.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/07/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: Level 3

-FIPS-approved algorithms: AES (Cert. #1236); SHS (Cert. #1134); RNG (Cert. #683), RSA (Cert. #617)

-Other algorithms: NDRNG; RSA-512 (non-compliant)

Multi-chip embedded

"The BlockMaster microcontroller BM9931 powers FIPS secure USB flash drives. All data stored is encrypted transparently on the fly within the hardware in accordance with the specification of the Federal Information Processing Standard (FIPS 140-2)."
1554 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 4150E
(Hardware Version: 4150E; Firmware Version: 7.0.1.01.E12)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/07/2011 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1553 Comtech EF Data Corporation
2114 West 7th Street
Tempe, AZ 85281
USA

-Wallace Davis
TEL: 480-333-2189
FAX: 480-333-2147

CST Lab: NVLAP 200427-0

SLM-5650A TRANSEC Module
(Hardware Version: 1.2; Firmware Version: 1.2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/07/2011 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1537 and #1538); ECDSA (Cert. #189); HMAC (Cert. #893); RNG (Cert. #827); RSA (Cert. #746); SHS (Cert. #1363); Triple-DES (Cert. #1012)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The SLM-5650 satellite modem includes a single FIPS card called the SLM-5650A TRANSEC Module that will perform bulk encryption of all packets for transmission over the satellite regardless of the protocol, the format of data, or existing encryption on the incoming data. The SLM-5650A TRANSEC Module uses 256-bit AES in CBC mode for bulk encryption of all data requiring encryption. The module is managed using a proprietary graphical user interface (GUI) over TLS, referred to as the Management & Control Console, and a command line management interface over SSH."
1552 Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Check Point IP Appliance
(Hardware Versions: IP1280 (CPAP-IP1285-D-GFIP [Nokia NBB1270000], CPIP-A-4-1C, CPIP-A-D80G-CA, CPIP-A-CA-12-24 and N431174001), IP2450 (CPAP-IP2455-D-GFIP [Nokia NBB3450000], CPIP-A-4-1C, CPIP-A-D80G-CA, CPIP-A-CA-12-24 and N431174001) and IP2455 (CPAP-IP2455-D- GFIP, CPIP-A-4-1C, CPIP-A-D80G-CA, CPIP-A-CA-12-24 and N431174001) ; Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA 30)

(When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/07/2011;
10/04/2011
Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #709 and #91); Triple-DES (Certs. #637, #638, #729 and #204); HMAC (Certs. #384, #385, #499 and #203); SHS (Certs. #734, #735, #883 and #500); DSA (Cert. #271); RSA (Certs. #332 and #333); RNG (Certs. #417 and #418)

-Other algorithms: CAST; DES; HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); Triple-DES (K3 mode; non-compliant)

Multi-chip standalone

"The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1551 Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Check Point IP Appliance
(Hardware Versions: IP390 (CPAP-IP395-D-GFIP [Nokia NBB0302000] and N431174001) and IP560 (CPAP-IP565-D-AC [Nokia NBB0562000] and CPIP-A-4-1C, CPIP-A-PCMCIA-CA, N431174001); Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA-30)

(When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/21/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #397, #342, #442 and #497); Triple-DES (Certs. #507, #510, #465, #466, #435, #406 and #729); HMAC (Certs. #248, #251, #207, #208, #176, #146 and #499); SHS (Certs. #564, #567, #508, #509, #469, #417 and #883); DSA (Certs. #202 and #204); RSA (Certs. #211, #213, #215 and #167); RNG (Certs. #275, #277, #229 and #230)

-Other algorithms: CAST; DES (Cert. #314); HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Triple-DES (K3 mode; non-compliant)

Multi-chip standalone

"The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1550 SafeNet, Inc.
20 Colonnade Drive
Suite 200
Ottowa, Ontario K2E 7M6
Canada

-Iain Holness
TEL: 613-221-5049
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

ProtectServer Internal Express (PSI-e)
(Hardware Version: VBD-04-0302; Firmware Version: 3.00.03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/07/2011 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1582); DSA (Cert. #488); ECDSA (Cert. #193); HMAC (Cert. #928); RNG (Cert. #851); RSA (Cert. #772); SHS (Cert. #1401); Triple-DES (Cert. #1038); Triple-DES MAC (Triple-DES Cert. #1038, vendor affirmed)

-Other algorithms: AES MAC (AES Cert. #1582; non-compliant); ARIA; CAST-128; CAST-128 MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); ECIES; EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (Key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); SEED; SEED MAC;

Multi-chip embedded

"The SafeNet PSI-e is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-e also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC."
1549 Sophos Ltd.
The Pentagon
Abingdon Science Park
Oxford, Oxfordshire OX14 3YP
United Kingdom

-Curt W. Lindenberger
TEL: 781-494-5800
FAX: 781-494-5801

-Joachim Schneider
TEL: +49 (0) 6171-88-1968
FAX: +49 (0) 89-30703123

CST Lab: NVLAP 200002-0

SafeGuard Cryptographic Engine
(Software Version: 5.60)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 05/27/2011 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition 32-bit; Microsoft Windows 7 Ultimate Edition 64-bit; FreeBSD 6.1 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1447 and #1448); Triple-DES (Cert. #982); HMAC (Cert. #849); SHS (Certs. #1311, #1312 and #1317); RNG (Cert. #792)

-Other algorithms: N/A

Multi-chip standalone

"SafeGuard Cryptographic Engine is the core cryptographic component of Sophos' encryption products SafeGuard Enterprise, SafeGuard PrivateDisk, SafeGuard LAN Crypt and SafeGuard PrivateCrypto. It provides a solid implementation of standard algorithms used for disk and file encryption, key generation, key management, and integrity protection."
1548 Motorola Solutions, Inc.
1150 Kifer Rd
Sunnyvale, CA 94086
USA

-Tresa Johnson
TEL: 408-991-7589
FAX: 408-991-7420

CST Lab: NVLAP 100432-0

Motorola Network Router (MNR) S2500
(Hardware Version: Base Unit P/N CLN1713F, Version Rev D with Encryption Module P/N CLN8262C, Version Rev F; Firmware Version: XS-16.0.1.44)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/23/2011 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #581 and #588); AES (Certs. #611 and #625); DSA (Cert. #237); SHS (Certs. #659 and #693); HMAC (Certs. #322 and #342); RNG (Cert. #349); RSA (Cert. #283)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5

Multi-chip standalone

"MNR S2500 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S2500 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S2500 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1547 Motorola Solutions, Inc.
1150 Kifer Rd
Sunnyvale, CA 94086
USA

-Tresa Johnson
TEL: 408-991-7589
FAX: 408-991-7420

CST Lab: NVLAP 100432-0

Motorola Network Router (MNR) S6000
(Hardware Version: Base Unit HW P/N CLN1780H, Version Rev A with Encryption Module HW P/N CLN8261D, Version Rev L; Firmware Versions: PS-16.0.1.44 and GS-16.0.1.44)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/23/2011 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #275 and #580); AES (Certs. #173 and #609); DSA (Cert. #236); SHS (Certs. #258 and #658); HMAC (Certs. #39 and #323); RNG (Cert. #348); RSA (Cert. #282)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5

Multi-chip standalone

"MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1546 Motorola Solutions, Inc.
1150 Kifer Rd
Sunnyvale, CA 94086
USA

-Tresa Johnson
TEL: 408-991-7589
FAX: 408-991-7420

CST Lab: NVLAP 100432-0

Motorola GGM 8000 Gateway
(Hardware Version: Base Unit P/N: CLN1841A, Version Rev B with Encryption Module P/N: CLN8492D, Version Rev B; FIPS Kit: P/N CLN1854A, Rev. B; Power Supply: P/N CLN1850A, Rev. C (AC) or P/N CLN1849A, Rev. C (DC); Firmware Version: XS-16.0.1.44)

(When operated in FIPS mode with tamper labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/09/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #685 and #989); AES (Certs. #803 and #1469); DSA (Cert. #465); SHS (Certs. #801 and #1329); RNG (Cert. #803); RSA (Cert. #718); HMAC (Certs. #443 and #864)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5

Multi-chip standalone

"GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1545 Hewlett-Packard TippingPoint
7501N. Capital of Texas Highway
Austin, TX 78731
USA

-Dinesh Vakharia
TEL: 512-681-8271

-Freddie Jimenez Jr.
TEL: 512-681-8305

CST Lab: NVLAP 200427-0

HP TippingPoint Intrusion Prevention System
(Hardware Versions: S10 [1], S110 [1], S330 [1], S660N [2], S1400N [2], S2500N [2] and S5100N [2]; Firmware Versions: 3.1.4.1427 [1] and 3.2.0.1530 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/27/2011 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-FIPS-approved algorithms: AES (Certs. #1557, #1558 and #1559); HMAC (Certs. #909, #910 and #911); RNG (Certs. #838, #839 and #840); RSA (Certs. #756, #757 and #758); SHS (Certs. #1381, #1382 and #1383); Triple-DES (Certs. #1021, #1022 and #1023)

-Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; Non-Approved RNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength).

Multi-chip standalone

"Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
1544 LaserCard Corporation
1875 N. Shoreline Blvd.
Mountain View, CA 94043
USA

-Alex Giakoumis
TEL: 650-335-4348
FAX: 650-969-6121

CST Lab: NVLAP 100432-0

LaserCard LCCIDProtect
(Hardware Version: P/N AT90SC28872RCU Revision G; Firmware Version: 010B.9288.0303)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/10/2011;
07/27/2011
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #965); Triple-DES MAC (Triple-DES Cert. #965, vendor affirmed); RNG (Cert. #774)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Single-chip

"FIPS Approved algorithms (relies on loaded applications): AES (Cert. #1412); RSA (Cert. #688); SHS (Cert. #1282) LaserCard LCCIDProtect is a cryptographic module based on the Athena OS755 Java Card smart card operating system with 72Kbyte of EEPROM. LCCIDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications. LCCIDProtect exposes PKI and biometric APIs and is designed for high performance government and enterprise smart card applications."
1543 CareFusion
10020 Pacific Mesa Blvd.
San Diego, CA 92121
USA

-Robert Canfield
TEL: 858-617-4753
FAX: 858-617-5981

CST Lab: NVLAP 100432-0

Alaris® PC Unit Model 8015
(Hardware Version: Model 8015 with FIPS Kit 11935165; Firmware Versions: 9.7.0, 9.9.0 or 9.12.0)

(When operated in FIPS mode with tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/27/2011;
01/11/2012;
09/27/2012
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (1) (Cert. #1436); SHS (Cert. #1301)

-Other algorithms: AES (2) (non-compliant); RC4; MD5; SHS (non-compliant); RIPEMD; DES; Triple-DES (non-compliant); RC2-CBC, RC2-ECB, RC2-CFB64, RC2-OFB64; Blowfish; CAST; RSA (non-compliant); DSA (non-compliant); Diffie-Hellman; RNG (non-compliant)

Multi-chip standalone

"The CareFusion Alaris® PC Unit Model 8015 is a point-of-care unit, which is the main component of the Alaris® System. The Alaris System is a modular system intended for adult, pediatric, and neonatal care in a professional healthcare environment. The Alaris System brings a higher level of medication error prevention to the point of patient care."
1542

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/05/2011 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1541 3e Technologies International, Inc.
9715 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-523-F2 and 3e-523-3 Secure Multi-function Wireless Data Points
(Hardware Versions: (1.0, 1.1 or 1.2) (3e-523-F2) and 2.0 (3e-523-3); Firmware Version: 4.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/29/2011 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1021, #1022 and #1023); HMAC (Certs. #570, #571 and #572); RNG (Cert. #583); RSA (Cert. #490); SHS (Certs. #975, #976 and #977); Triple-DES (Cert. #783)

-Other algorithms: AES (Cert. #1021, key wrapping); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5

Multi-chip standalone

"The 3e-523-F2 and 3e-523-3 operate as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i."
1540 XYPRO Technology Corporation
3325 Cochran Street
Suite 200
Simi Valley, CA 93063
USA

-Sheila Johnson
TEL: 805-583-2874
FAX: 805-583-0124

-Scott Uroff
TEL: 805-583-2874
FAX: 805-583-0124

CST Lab: NVLAP 200427-0

XYGATE /ESDK
(Software Version: 3.3.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/28/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP with Service Pack 3; HP NonStop Server G06; HP NonStop Server H06; HP NonStop Server J06; HP-UX 10.2; HP-UX 11.11; Solaris 10; IBM AIX 5.2; SuSE Linux Enterprise Server 10; Red Hat Enterprise Linux v5.1; IBM z/OS 1.11 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1571); DSA (Cert. #482); HMAC (Cert. #918); RNG (Cert. #845); RSA (Cert. #764); SHS (Cert. #1391); Triple-DES (Cert. #1028)

-Other algorithms: Blowfish; CAST-128; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ElGamal; HMAC MD5; HMAC RIPE-MD; IDEA; MD2; MD4; MD5; RC2; RC4; RC5; RIPE-MD; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Skipjack (non-compliant)

Multi-chip standalone

"The XYGATE Encryption Software Development Kit [XESDK] is a dynamically linked software library that supplies: symmetric key encryption including the approved AES and TripleDES; hashing algorithms including the approved SHA-1 and SHA-256; public key encryption including RSA; signature algorithms including the approved RSA and DSA; secure session protocols such as SSH, SSL and TLS and e-mail protocols such as PGP and S/MIME. Based on cryptlib by Peter Gutmann, the XESDK, written in C, provides encryption services for applications, communications and databases across multiple computer platforms."
1539 Xirrus, Inc.
2101 Corporate Center Dr
Thousand Oaks, CA 91320
USA

-Steve Smith
TEL: 805-262-1600
FAX: 805-262-1601

CST Lab: NVLAP 100432-0

Xirrus Wi-Fi Array XN4, XN8, XN12 and XN16
(Hardware Versions: P/Ns 190-0109-001 Version D [XN4], 190-0110-002 Version B [XN8], 190-0128-001 Version D [XN12] and 190-0111-001 Version D [XN16]; Firmware Version: 4.1 or 5.0)

(When operated in FIPS mode and with tamper evident seals and security straps installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/05/2011 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #1009); SHS (Cert. #1325); HMAC (Cert. #860); AES (Certs. #1508 and #1515); RSA (Cert. #715); RNG (Cert. #800)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4

Multi-chip standalone

"The Xirrus Wi-Fi Array consists of 4, 8, 12, or 16 802.11abgn access points coupled to a directional antenna system, and integrated together with a multi-gigabit switch, controller, firewall, threat sensor, and spectrum analyzer into a single, easy-to-install device."
1538 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren

CST Lab: NVLAP 200416-0

Datacryptor® 100M Ethernet
(Hardware Version: 1600x439; Firmware Version: 4.5)

(When configured with the Multi-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/28/2011;
05/12/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1033, #1490 and #1549); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); NDRNG

Multi-chip standalone

"The Datacryptor® 100 Mbps Ethernet Layer 2 is a rack-mountable multi-chip standalone cryptographic module designed to secure data in transmissions across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM."
1537 Brocade Communications Systems, Inc.
1745 Technology Drive
San Jose, CA, CA 95110
USA

-Michael Hong
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200648-0

Brocade Mobility RFS7000 Controller
(Hardware Version: RFS7000; Firmware Version: 4.1.0.0-040GR)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/28/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424)

-Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"Brocade Mobility RFS7000 Controller provides robust, highly scalable support for seamless mobility for government agencies. The innovative architecture simplifies network deployment and management, provides superior performance, security and scalability. The Brocade Mobility RFS7000 enables campus-wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service and increased voice capacity. Integrated security features include intrusion detection and protection, secure guest access and protection against denial of service attacks."
1536 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen 
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.02.00, R01.02.01 or R01.02.02] and [R01.00.00 or (R01.00.00 and R02.00.00)])

(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/28/2011;
07/27/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1535 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen 
TEL: 847-576-2352 

CST Lab: NVLAP 100432-0

Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.02.00, R01.02.01 or R01.02.02] and [R01.00.00 or (R01.00.00 and R02.00.00)])

(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/28/2011;
07/27/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1534 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Nexus 7000 18 Slot
(Hardware Version: N7K-C7018= N7K-C7018-V01; Software Version: NX-OS System Software for Nexus 7000 Release 5.1(1a) or 5.2.5; NX-OS EPLD Updates for Nexus 7000 Release 5.1(1); NX-OS Kick Start for Nexus 7000 Release 5.1(1a) or 5.2.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/28/2011;
02/23/2012;
07/18/2012
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-FIPS-approved algorithms: AES (Certs. #1602, #1024, #1197, #1275, #1276, #1426 and #1427); DSA (Cert. #495); HMAC (Certs. #938 and #847); RNG (Cert. #859); RSA (Cert. #784); SHS (Certs. #1415 and #1307); Triple-DES (Cert. #1047)

-Other algorithms: DES; HMAC-MD5; MD5; Non-Approved RNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength)

Multi-chip standalone

"The Cisco Nexus 7000 Series is capable of more than 15 terabits per second (Tbps) of switching capacity and offers market-leading Gigabit Ethernet and 10 Gigabit Ethernet density. Built on a zero-service-loss hardware and software architecture, the Cisco Nexus 7000 Series offers the kind of high availability needed in a next-generation data center, in which virtualization increases the scope of downtime and Unified Fabric demands Fibre Channel-like availability to properly support storage services. The Cisco Nexus 7000 Series was built with manageability in mind and incorporate."
1533 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Nexus 7000 10 Slot
(Hardware Version: N7K-C7010= N7K-C7010-V02, FIPS Kit (CISCO-FIPS-KIT=); Software Version: NX-OS System Software for Nexus 7000 Release 5.1(1a) or 5.2.5; NX-OS EPLD Updates for Nexus 7000 Release 5.1(1); NX-OS Kick Start for Nexus 7000 Release 5.1(1a) or 5.2.5)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/15/2011;
02/23/2012;
07/18/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1602, #1024, #1197, #1275, #1276, #1426 and #1427); DSA (Cert. #495); HMAC (Certs. #938 and #847); RNG (Cert. #859); RSA (Cert. #784); SHS (Certs. #1415 and #1307); Triple-DES (Cert. #1047)

-Other algorithms: DES; HMAC-MD5; MD5; Non-Approved RNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength)

Multi-chip standalone

"The Cisco Nexus 7000 Series is capable of more than 15 terabits per second (Tbps) of switching capacity and offers market-leading Gigabit Ethernet and 10 Gigabit Ethernet density. Built on a zero-service-loss hardware and software architecture, the Cisco Nexus 7000 Series offers the kind of high availability needed in a next-generation data center, in which virtualization increases the scope of downtime and Unified Fabric demands Fibre Channel-like availability to properly support storage services. The Cisco Nexus 7000 Series was built with manageability in mind and incorporate."
1532 NetLib®
A Subsidiary of Communication Horizons, LLC
65 High Ridge Road, Suite 428
Stamford, CT 06905
USA

-Niel Weicher
TEL: 203-246-6507

CST Lab: NVLAP 200416-0

NetLib® Encryptionizer® DE/FIPS
(Software Versions: 2010.201.10.0 and 2010.501.10.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 04/12/2011 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Windows 7 (x86); Windows Server 2003 (x86); Windows Server 2008 (x86); Windows 7 (x64); Windows Server 2003 (x64); Windows Server 2008 (x64) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1502 and #1528); SHS (Certs. #1376 and #1377); HMAC (Certs. #905 and #906)

-Other algorithms: N/A

Multi-chip standalone

"The NetLib® Encryptionizer® DE/FIPS versions 2010.201.10.0 and 2010.501.10.0 provide encryption of data stored in server-based and desktop-based databases and files, including MS SQL Server databases and backups . It can be deployed without programming and without adding any administrative overhead. The purpose of whole database encryption is to make a database or file unusable if it is stolen, copied, downloaded, lost, or otherwise improperly accessed. It supports both 32-bit and 64-bit applications."
1531 Motorola, Inc.
6480 Via Del Oro
San Jose, CA, CA 95119
USA

-Sameer Kanagala
TEL: 408-528-2886
FAX: 408-528-2500

-Colin R. Cooper
TEL: 408-528-2871
FAX: 408-528-2903

CST Lab: NVLAP 200648-0

RFS7000 RF Switch
(Hardware Version: RFS7000; Firmware Version: 4.1.0.0-040GR)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/12/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424)

-Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"RFS7000-GR Wireless Switch from Motorola provides robust, highly scalable support for seamless mobility for government agencies. Motorola's architecture simplifies network deployment and management, provides superior performance, security and scalability, and supports emerging RF technologies. The RFS7000-GR enables campus-wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service and increased voice capacity. Integrated security features include intrusion detection and protection, secure guest access and protection against denial of service attacks."
1530

CST Lab: NVLAP 200802-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/04/2011;
10/10/2012
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1529 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 881, Cisco 881G and Cisco 891 Integrated Services Routers (ISRs)
(Hardware Versions: 881, 881G, 891 and [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: 15.1(2)T2A and 15.1(2)T3)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/01/2011;
07/27/2011;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1527, #962 and #1535); HMAC (Certs. #891 and #537); RNG (Cert. #823); RSA (Cert. #743); SHS (Certs. #1359 and #933); Triple-DES (Certs. #1010 and #757)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"Cisco 880, and Cisco 890 series ISRs provide Internet, VPN, voice, data, and backup capability to corporate teleworkers and remote and small offices of fewer than 20 users. These routers are capable of bridging and multiprotocol routing between LAN and WAN ports, and provide advanced features such as antivirus protection."
1528

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/30/2011 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1527 Systematic Development Group, LLC
350 Jim Moran Blvd.
Suite 122
Deerfield Beach, FL 33442
USA

-George Wolf
TEL: 954-889-3535 x315

CST Lab: NVLAP 100432-0

LOK-IT™ 10 KEY (Series SDG003FM) and LOK-IT™ 5 KEY (Series SDG004FP)
(Hardware Versions: HW003-16 Rev:01, HW003-16 Rev:02, HW003-08 Rev:01, HW003-04 Rev:01 (10 Key) and HW004-08 Rev:01 (5 Key);  Firmware Version: USB Controller Firmware Revision V01.12A09-F01 (10 Key and 5 Key) or V01.12A12-F01 (10 Key) ; Security Controller Firmware Revisions SDG003FM-008 (10 Key) and SDG004FP-008 (5 Key))

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/28/2011;
10/04/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1514)

-Other algorithms: N/A

Multi-chip standalone

"LOK-IT™ is a USB Flash drive with a multi-chip embedded cryptographic module architecture as defined by FIPS 140-2. It consists of an Initio 1861 USB controller, NAND Flash memory and a Microchip PIC16F688 security controller. The product supports 256 bit AES encryption of data stored in NAND Flash memory. The drive provides self-contained user authentication without the need for host computer applications. Two derivations of the product exist differing in the number of numeric buttons; the SDG003FM has 10 numeric buttons and the SDG004FP has 5 numeric buttons."
1526 Lexmark International Inc.
740 West New Circle Rd.
Lexington, KY 40550
USA

-Graydon Dodson
TEL: 859-232-6483

CST Lab: NVLAP 200416-0

Lexmark PrintCryption™
(Firmware Version: 1.3.2f)

(Requires Option P/N 57X9000 to enable the PrintCryption firmware)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 03/24/2011 Overall Level: 1 

-Tested: Lexmark X548 Printer with IBM 750CL processor on Lexmark Linux 2.6.28; Lexmark X792 Printer with Freescale 7448 processor on Lexmark Linux 2.6.28;

-FIPS-approved algorithms: AES (Certs. #1209 and #1487); SHS (Certs. #1112 and #1343); RNG (Certs. #670 and #811); RSA (Certs. #579, #730 and FIPS 186-3, vendor affirmed); HMAC (Certs. #704 and #876)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); NDRNG

Multi-chip standalone

"The Lexmark PrintCryption™ is an option for the Lexmark printers that enables the transfer and printing of encrypted print jobs. With the Lexmark PrintCryption™ module installed, the printer is capable of decrypting print jobs encrypted with the AES (FIPS 197) algorithm. The Lexmark PrintCryption™ analyzes the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the document to be printed."
1525 Xirrus, Inc.
2101 Corporate Center Dr
Thousand Oaks, CA 91320
USA

-Steve Smith
TEL: 805-262-1600
FAX: 805-262-1601

CST Lab: NVLAP 100432-0

Xirrus Wi-Fi Array XS4 and XS8
(Hardware Versions: P/Ns: 190-0092-002 Rev D1 [XS4] and 190-0091-005 Rev A1 [XS8]; Firmware Version: 3.5)

(When operated in FIPS mode and with tamper evident seals and security straps installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/01/2011 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #1005); SHS (Cert. #1326); HMAC (Cert. #861); AES (Certs. #470 and #1503); RSA (Cert. #716); RNG (Cert. #801)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4

Multi-chip standalone

"The Xirrus Wi-Fi Array consists of 4, 8, 12, or 16 802.11abgn access points coupled to a directional antenna system, and integrated together with a multi-gigabit switch, controller, firewall, threat sensor, and spectrum analyzer into a single, easy-to-install device."
1524 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E7M6
Canada

-Iain Holness
TEL: 613-221-5049
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

SafeNet Luna EFT
(Hardware Version: GRK-09-0100 or GRK-15-0100 [2]; Firmware Version: MAL00000E [1] or MAL000001E [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/23/2011;
10/04/2011
Overall Level: 3 

-FIPS-approved algorithms: RNG (Cert. #806); RSA (Certs. #723 and #899); SHS (Certs. #1335 and #1560); Triple-DES (Cert. #994)

-Other algorithms: MD5

Multi-chip standalone

"SafeNet Luna EFT is designed for Electronic Funds Transfer (EFT) and payment system processing environments, providing powerful end-to-end security for online banking transactions and applications for credit, debit, and chip cards."
1523 Athena Smartcard, Inc.
20380 Town Center Lane
Suite 240
Cupertino, CA 95014
USA

-Ian Simmons
TEL: 408-865-0112
FAX: 408-865-0333

CST Lab: NVLAP 100432-0

Athena IDProtect
(Hardware Version: P/N AT90SC28872RCU Revision G; Firmware Version: 010B.9288.0303)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/05/2011;
04/27/2011;
06/09/2011
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #965); Triple-DES MAC (Triple-DES Cert. #965, vendor affirmed); RNG (Cert. #774);

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Single-chip

"FIPS Approved algorithms (relies on loaded applications): AES (Cert. #1412); RSA (Cert. #688); SHS (Cert. #1282)

IDProtect is a cryptographic module based on the Athena OS755 Java Card smart card operating system with 72Kbyte of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications. IDProtect exposes PKI and biometric APIs and is designed for high performance government and enterprise smart card applications."

1522 IBM® Corporation
9032 S Rita Road
Tucson, AZ 85744
USA

-David L. Swanson
TEL: 520-799-5515

CST Lab: NVLAP 200427-0

IBM LTO Generation 5 Encrypting Tape Drive
(Hardware Versions: 45E8192 EC Level M11221 (Fibre Channel) and 45E8193 EC Level M11221 (SAS); Firmware Versions: pf100923e.A9Q5.FC.fips.ro (Fibre Channel) and pf100923e.A9Q5.SAS.fips.ro (SAS))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/23/2011 Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #1530, #1531 and #1532); RNG (Cert. #825); RSA (Cert. #744); SHS (Cert. #1361)

-Other algorithms: AES (Cert. #1530, key wrapping; key establishment methodology provides 256-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IBM LTO Generation 5 Encrypting Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Two different host interface types of the LTO Generation 5 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
1521 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2951, Cisco 3925 and Cisco 3945 Integrated Services Routers (ISRs)
(Hardware Versions: 2951 [1][2], 3925 [1][3], 3945 [1][3], FIPS Kit (CISCO-FIPS-KIT=), Revision -B0 [1], ISR: FIPS-SHIELD-2951= [2] and FIPS-SHIELD-3900= [3]; Firmware Version: 15.1(2)T2A and 15.1(2)T3)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/18/2011;
04/04/2011;
07/27/2011;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1527, #963 and #1536); HMAC (Certs. #891 and #538); RNG (Cert. #823); RSA (Cert. #743); SHS (Certs. #1359 and #934); Triple-DES (Certs. #1010 and #758)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 2951, 3925 and 3945 Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1520 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1905, Cisco 1921, Cisco 1941, Cisco 2901, Cisco 2911 and Cisco 2921 Integrated Services Routers (ISRs)
(Hardware Version: 1905 [1][2], 1921 [1][2], 1941 [1][2], 2901 [1][3], 2911 [1][4], 2921 [1][5], FIPS Kit (CISCO-FIPS-KIT=), Revision -B0 [1], ISR: FIPS-SHIELD-1900= [2], FIPS-SHIELD-2901= [3], FIPS-SHIELD-2911= [4] and FIPS-SHIELD-2921= [5]; Firmware Version: 15.1(2)T2A and 15.1(2)T3)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/11/2011;
04/04/2011;
07/27/2011;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1527 and #1115); HMAC (Certs. #891 and #627); RNG (Cert. #823); RSA (Cert. #743); SHS (Certs. #1359 and #1038); Triple-DES (Certs. #1010 and #812)

-Other algorithms: DES, HMAC-MD5, MD5, RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 1905, 1921, 1941, 2901, 2911 and 2921 Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1519 Code Corporation
14870 S. Pony Express Rd.
Suite 200
Bluffdale, UT 84065
USA

-Tim Jackson
TEL: 801-984-7865
FAX: 801-495-0280

CST Lab: NVLAP 100432-0

Code Reader 2500 FIPS and Code Reader 3500 FIPS
(Hardware Versions: P/Ns 2512FIPS_01 and 3512FIPS_01; Firmware Version: 4641)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/11/2011;
04/04/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1457); DRBG (Cert. #55)

-Other algorithms: NDRNG

Multi-chip standalone

"Code Corporation’s Code Reader 2500 FIPS or Code Reader 3500 FIPS bar code readers, when used in conjunction with a CodeXML® FIPS Bluetooth® Modem, provide an encrypted wireless bar code reading solution with a working range of up to 300 feet. Code Corporation’s FIPS bar code readers employ a FIPS approved AES-256 algorithm to generate per session keys to encrypt data and a separate key to encrypt overhead communications ensure that the connection between modem and bar code reader is highly secure. The FIPS code has been optimized to provide line speed communications over the wireless link."
1518 GDC Technology (USA), LLC
3500 W. Olive Ave.
Suite 940
Burbank, CA 91505
USA

-Tim Folk
TEL: (877) 743--2872
FAX: 877-643-2872

CST Lab: NVLAP 100432-0

IMB
(Hardware Version: GDC-IMB-v1; Firmware Version: 1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/11/2011 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1278 and #1286); SHS (Certs. #1176, #1178, #1179 and #1180); RNG (Certs. #713 and #716); RSA (Certs. #610 and #613); HMAC (Certs. #743 and #747)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5

Multi-chip embedded

"A digital cinema media block designed to be compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management, ASM communications and logging."
1517 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Harsha Nagaraja
TEL: 408-754-3010

CST Lab: NVLAP 200427-0

Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS Firmware
(Hardware Versions: 3200: 3200-8-AOS-STD-FIPS-US; 3400: 3400-32-AOS-STD-FIPS-US; 3600: 3600-64-AOS-STD-FIPS-US; 6000: (6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS) with [(minimum one: LC-2G-1, LC-2G24F-1 or LC-2G24FP-1) and (one or two: M3mk1-G10X-10G2X)] (no more than four total); 3200 Revision C4: 3200-8-AOS-STD-FIPS-US Revision C4; 3400 Revision C4: 3400-32-AOS-STD-FIPS-US Revision C4; 3600 Revision C4: 3600-64-AOS-STD-FIPS-US Revision C4; 6000 Revision C4: (6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS) with [(minimum one: LC-2G-1, LC-2G24F-1 or LC-2G24FP-1) and (one or two: M3mk1-G10X-10G2X Revision C4)] (no more than four total); Firmware Versions: 3200, 3400 and 3600: A3000_3.3.2.0-FIPS, A3000_3.3.2.11-FIPS, A3000_3.3.2.14-FIPS, A3000_3.3.2.18-FIPS, A3000_3.3.2.19-FIPS, A3000_3.3.2.20-FIPS, A3000_3.3.2.21-FIPS, A3000_3.4.2.3-FIPS, A3000_3.4.4.0-FIPS; 6000 or A3000_3.4.5.1-FIPS: ArubaOS_MMC_3.3.2.0-FIPS, ArubaOS_MMC_3.3.2.11-FIPS, ArubaOS_MMC_3.3.2.14-FIPS, ArubaOS_MMC_3.3.2.18-FIPS, ArubaOS_MMC_3.3.2.19-FIPS, ArubaOS_MMC_3.3.2.20-FIPS, ArubaOS_MMC_3.3.2.21-FIPS, ArubaOS_MMC_3.4.2.3-FIPS, ArubaOS_MMC_3.4.4.0-FIPS or ArubaOS_MMC_3.4.5.1-FIPS)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/11/2011;
07/19/2011;
02/06/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #465, #762 and #823); HMAC (Certs. #416, #417 and #458); RNG (Cert. #475); RSA (Cert. #399); SHS (Certs. #768, #769 and #823); Triple-DES (Certs. #482, #667 and #694)

-Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength).

Multi-chip standalone

"Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security stan"
1516 Hewlett-Packard Company
19091 Pruneridge Ave., MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

HP Enterprise Secure Key Manager
(Hardware Version: P/N AJ575A, Version 2.1; Firmware Version: 4.8.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/11/2011;
09/19/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (Cert. #1480); DSA (Cert. #467); HMAC (Cert. #871); RNG (Cert. #807); RSA (Cert. #726); SHS (Cert. #1338); Triple-DES (Cert. #997)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5; RC4

Multi-chip standalone

"The HP Enterprise Secure Key Manager (ESKM) automates key generation and management. It is a hardened security appliance delivering identity-based access, administration, and logging. Additionally, the ESKM provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
1515 Motorola Solutions, Inc.
1303 E. Algonquin Road
Schaumburg, IL 60196 
USA

-Richard Carter
TEL: 44-0-1364-655500
FAX: 44-0-1364-654625

CST Lab: NVLAP 100432-0

Motorola PTP 600 Series
(Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; P/N WB3593 (HW Security Upgrade Kit); Firmware Version: PTP600 08-50)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/09/2011;
03/28/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: SHS (Cert. #1101); DSA (Cert. #399); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #700); Triple-DES (Cert. #863)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"PTP 600 Series Ethernet bridges offer high performance connectivity and backhaul in challenging non-line-of-sight environments. With carrier-grade reliability, PTP 600 links have class-leading sensitivity and power output which enable links to go farther, while sustaining high throughput regardless of conditions. With data rates up to 300 Mbps and reaching distances up to 124 miles, this Series of high-performance and secure wireless bridges make cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers and public safety organizations."
1514 Apple Inc.
11921 Freedom Drive
Reston, VA 20190
USA

-Shawn Geddis
TEL: 703-264-5103

CST Lab: NVLAP 200002-0

Apple FIPS Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/09/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Apple Mac OS X 10.6 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1400); DSA (Cert. #453); ECDSA (Cert. #176); HMAC (Cert. #823); RNG (Cert. #767); RSA (Cert. #681); SHS (Cert. #1271); TDES (Cert. #955)

-Other algorithms: ASC; Blowfish; CAST; DES; RC2; RC4; RC5; FEE; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA (non-compliant key generation)

Multi-chip standalone

"Mac OS X's security services are built using the open source Common Data Security Architecture. CDSA is a set of layered security services in which the AppleCSP provides the cryptography for services such as FileVault, Encrypted Disk Images, Keychains, Safari, Mail, etc."
1513 SafeNet, Inc.
1655 N Fort Myer Drive
Suite 1150
Arlington, VA 22209
USA

-SafeNet Government Sales
TEL: 703-647-8408
FAX: 410-290-6506

CST Lab: NVLAP 200002-0

SafeNet Encryptor, Model 600
(Hardware Versions: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10014-00x, 904-10112-00x, 904-10113-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-25005-00x, 904-30013-00x, 904-511i0-00p, 904-511i1-00p, 943-511i0-00p and 943-511i1-00p; Firmware Versions: 4.0.2 and 4.0.3)

(When operated in FIPS mode. Refer to the cryptographic module's security policy for the details on the letter i, p and x designations.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/04/2011;
06/21/2011
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #647); AES (Certs. #713, #725 and #1232); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks."
1512 SafeNet, Inc.
1655 N Fort Myer Drive
Suite 1150
Arlington, VA 22209
USA

-SafeNet Government Sales
TEL: 703-647-8408
FAX: 410-290-6506

CST Lab: NVLAP 200002-0

SafeNet Encryptor, Model 650
(Hardware Versions: 904-53260-007, 904-53261-007, 904-53361-20p, 943-53270-007, 943-53271-007 and 943-53371-20p; Firmware Versions: 4.0.2 and 4.0.3)

(When operated in FIPS mode. Refer to the cryptographic module’s security policy for the details on the letter p designations.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/04/2011;
06/21/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #710, #725 and #1233); Triple-DES (Cert. #647); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
1511 Cavium Networks
805 E. Middlefield Road
Mountain View, CA 94043
USA

-TA Ramanujam
TEL: 650-623-7039
FAX: 650-625-9751

CST Lab: NVLAP 100432-0

NITROX XL 1600-NFBE HSM Family
(Hardware Versions: P/Ns CN1620-NFBE1NIC-2.0-G, CN1620-NFBE2NIC-2.0-G, CN1620-NFBE3NIC-2.0-G, CN1610-NFBE1NIC-2.0-G, CN1620-NFBE1-2.0-G, CN1620-NFBE2-2.0-G, CN1620-NFBE3-2.0-G and CN1610-NFBE1-2.0-G, Version: 2.0; Firmware Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/04/2011 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1265 and #1266); DRBG (Cert. #32); ECDSA (Certs. #150 and #188); HMAC (Cert. #736); KAS (Cert. #5); RNG (Cert. #707); RSA (Certs. #607 and #742); SHS (Certs. #1165 and #1166); Triple-DES (Cert. #898); DSA (Cert. #474)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE

Multi-chip embedded

"The NITROX XL 1600-NFBE HSM adapter family delivers the world’s fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets"
1510 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure Kernel Mode Cryptographic Driver for Linux
(Software Version: 2.3.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/02/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v5 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1556); HMAC (Cert. #908); RNG (Cert. #837); SHS (Cert. #1380); Triple-DES (Cert. #1020)

-Other algorithms: Blowfish; DES; HMAC-MD5; HMAC-RIPEMD-160; MD5; RC2; RIPEMD-160

Multi-chip standalone

"The F-Secure Cryptographic Library is a software module for Red Hat Enterprise Linux v5 . The module provides an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The modules are designed and implemented to meet the Level 1 requirements of FIPS publication 140-2 when running on a GPC under Red Hat Enterprise Linux v5 ."
1509 Code Corporation
14870 S. Pony Express Rd.
Suite 200
Bluffdale, UT 84065
USA

-Tim Jackson
TEL: 801-984-7865
FAX: 801-495-0280

CST Lab: NVLAP 100432-0

CodeXML® FIPS Bluetooth® Modem
(Hardware Version: P/N BTHDFIPS-M2_01; Firmware Version: 0187)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/02/2011;
04/04/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1456)

-Other algorithms: N/A

Multi-chip standalone

"Code Corporation’s CodeXML® FIPS Bluetooth® Modem, when used in conjunction with the Code Reader 2500 FIPS or Code Reader 3500 FIPS bar code readers, provides an encrypted wireless bar code reading solution with a working range of up to 300 feet. The CodeXML® FIPS Bluetooth® Modem employs a FIPS approved AES-256 algorithm with per session keys to ensure that the connection between modem and bar code reader is highly secure. The FIPS code has been optimized to provide line speed communications over the wireless link."
1508 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

ASTRO CDEM Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Version: R01.01.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/02/2011 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #819, #1295 and #1297); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); AES (AES Cert. #819, key wrapping; key establishment methodology provides 256 bits of encryption strength); LFSR; DES

Single-chip

"The ASTRO CDEM MACE provides secure key management and data encryption for the Astro System."
1507 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure Kernel Mode Cryptographic Driver
(Software Version: 2.3.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/02/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 with Service Pack 2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1543); HMAC (Cert. #894); RNG (Cert. #831); SHS (Cert. #1368); Triple-DES (Cert. #1013)

-Other algorithms: Blowfish; DES; HMAC-MD5; HMAC-RIPEMD-160; MD5; PBKDF2; RIPEMD-160

Multi-chip standalone

"The F-Secure Kernel Mode Cryptographic Driver is a FIPS 140-2 Level 1 validated software module, implemented as a 32-bit Windows Server 2008, 2008 R2, and Windows 7 compatible export driver. When loaded into computing system memory, it resides at the kernel mode level of the Windows OS and provides an assortment of cryptographic services that are accessible by other kernel mode drivers through a C-language Application Program Interface."
1506

CST Lab: NVLAP 200658-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/28/2011 Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1505 IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-Carl Buscaglia
TEL: 845-435-6902

CST Lab: NVLAP 100432-0

IBM 4765 Cryptographic Coprocessor Security Module
(Hardware Version: P/Ns 45D6048 Version 1.0 or 41D8612 Version 1.0; Firmware Version: e1ced7a0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/24/2011;
12/21/2012
Overall Level: 4 

-FIPS-approved algorithms: AES (Cert. #1294); RNG (Cert. #722); RSA (Cert. #621); SHS (Cert. #1188)

-Other algorithms: DES MAC

Multi-chip embedded

"The IBM 4765 Cryptographic Coprocessor Security Module, is a tamper responding, programmable, cryptographic PCIe card, containing CPU, encryption hardware, RAM, persistant memory, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is designed as a feature in the IBM System z server."
1504 Data Locker Inc.
7500 College Suite 600
Overland Park, KS 66210
USA

-Jay Kim
TEL: 913-310-9088
FAX: 800-858-4709

CST Lab: NVLAP 200658-0

Data Locker Enterprise, V2.0
(Hardware Versions: P/Ns DL500E2 and DL1000E2; Firmware Version: 2.30)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/24/2011;
03/01/2011
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #250)

-Other algorithms: N/A

Multi-chip standalone

"The Data Locker Enterprise is a fully platform independent, portable encrypted hard drive. Compatible with MAC, Windows and Linux systems, the Data Locker operates without any host based software or drivers. It utilizes an embedded LCD touch screen interface for all authentication and administrative functions. The device is fully 256bit AES CBC Mode encrypted via a dedicated crypto engine."
1503 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 5.0 or 5.0.1)

(When operated in FIPS140_MODE or FIPS140_SSL_MODE and initialized with Level 2 Authentication)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/24/2011;
03/28/2011;
09/19/2011;
01/23/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 with Sun JRE 5.0; Microsoft Windows XP SP3 with Sun JRE 6.0 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1465 and #1766); DRBG (Certs. #57 and #117); DSA (Certs. #464 and #552); ECDSA (Certs. #182 and #236); HMAC (Certs. #863 and #1036); RNG (Certs. #802 and #940); RSA (Certs. #717, #881 and FIPS 186-3, vendor affirmed); SHS (Certs. #1328 and #1549); Triple-DES (Certs. #988 and #1143)

-Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using encryption techniques to provide a persistent level of protection. RSA BSAFE® Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1502 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 5.0 or 5.0.1)

(When operated in FIPS140_MODE or FIPS140_SSL_MODE)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/24/2011;
03/28/2011;
09/19/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 with Sun JRE 5.0; Microsoft Windows XP SP3 with Sun JRE 6.0 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1465 and #1766); DRBG (Certs. #57 and #117); DSA (Certs. #464 and #552); ECDSA (Certs. #182 and #236); HMAC (Certs. #863 and #1036); RNG (Certs. #802 and #940); RSA (Certs. #717, #881 and FIPS 186-3, vendor affirmed); SHS (Certs. #1328 and #1549); Triple-DES (Certs. #988 and #1143)

-Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using encryption techniques to provide a persistent level of protection. RSA BSAFE® Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1501 ActivIdentity, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Jean-Luc Azou
TEL: 510-574-1738
FAX: 510-574-0101

CST Lab: NVLAP 200427-0

Cryptographic Module for F5 and C5
(Software Version: 1.7.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/24/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Technologic Systems® TS-Linux 2.4.26-ts11 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1494); ECDSA (Cert. #186); HMAC (Cert. #879); RNG (Cert. #813); RSA (Cert. #733); SHS (Cert. #1347); Triple-DES (Cert. #1001)

-Other algorithms: N/A

Multi-chip standalone

"ActivIdentity F5 and C5 software development kits are designed to enable vendors to incorporate cryptographic-based technologies into their physical access control applications. The F5 SDK enables physical access strong authentication using FIPS 201 PIV smart cards, in compliance with the authentication modes described in NIST Special Publication 800-116. The C5 SDK enables strong authentication in the case of standalone electronic locks and physical access control systems, by writing digitally signed privileges to and from smart cards."
1500 Pragma Systems, Inc.
13809 Research Boulevard, Suite 675
Austin, TX 78750
USA

-Andrew Tull, Vice President, Sales & Marketing
TEL: 512-219-7270
FAX: 512-219-7110

-David S. Kulwin
TEL: 512-219-7270
FAX: 512-219-7110

CST Lab: NVLAP 200426-0

Pragma Systems Cryptographic Module
(Software Version: 1.0.0.12)

(When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Certs. #1012, #1010 and #1002 operating in FIPS mode and Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) validated to FIPS 140-2 under Certs. #1009, #1003 and #875 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/10/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2003 Server; Microsoft Windows 2008 Server; Microsoft Windows Vista (single-user mode)

-FIPS-approved algorithms: AES (Certs. #739 and #818); Triple-DES (Certs. #656 and #691); HMAC (Certs. #407, #408 and #452); SHS (Certs. #753 and #816); RSA (Certs. #354, #355 and #395); DSA (Certs. #221, #281 and #282); RNG (Certs. #314, #435 and #470); DRNG (SP 800-90, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA KeyGen (non-compliant); MD5

Multi-chip standalone

"The Pragma Systems Cryptographic Module is a dynamically linked library that provides the cryptographic abstraction used in the Pragma Fortress Secure Shell (SSH) products."
1499 Palo Alto Networks
232 E. Java Drive
Sunnyvale, CA 94089
USA

-Nicholas Campagna
TEL: 408-738-7700
FAX: 408-738-7701

CST Lab: NVLAP 100432-0

PA-500, PA-2000 Series and PA-4000 Series Firewalls
(Hardware Versions: HW P/N 910-000006-00D Rev. D with FIPS Kit P/N 920-000005-001 Rev. 1 (PA-500), HW P/N 910-000004-00K Rev. K with FIPS Kit P/N 920-000004-001 Rev. 1 (PA-2020), HW P/N 910-000003-00K Rev. K with FIPS Kit P/N 920-000004-001 Rev. 1 (PA-2050), HW P/N 910-000002-00Q Rev. Q with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4020), HW P/N 910-000001-00P Rev. P with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4050) and HW P/N 910-000005-00G Rev. G with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4060); Firmware Version: 3.1.2 or 3.1.7-h1)

(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/10/2011;
06/21/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1378); Triple-DES (Cert. #950); RSA (Cert. #675); DSA (Cert. #451); HMAC (Cert. #810); SHS (Cert. #1259); RNG (Cert. #760)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; Camellia; RC2; SEED; DES

Multi-chip standalone

"Palo Alto Network's next-generation firewalls provide network security by enabling enterprises to see and control applications, users, and content - not just ports, IP addresses, and packets - using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls."
1498 SafeNet, Inc.
4690 Millenium Drive
Belcamp, MD 21017
USA

-Iain Holness
TEL: 613-221-5049
FAX: 613-723-5079

CST Lab: NVLAP 100432-0

DataSecure Appliance i150 and i450
(Hardware Versions: P/Ns 947-00150-001 and 947-000031-001; Firmware Version: 4.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/01/2011;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #916); AES (Cert. #1315); DSA (Cert. #421); RNG (Cert. #733); RSA (Cert. #629); SHS (Cert. #1185); HMAC (Cert. #751)

-Other algorithms: RSA (key wrapping, key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; DES; SEED; RC4

Multi-chip standalone

"The SafeNet DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
1497 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Secure Access Control Server (ACS) FIPS module (NSS)
(Software Version: 3.12.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/10/2011;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Cisco CARS 1.2.0.182 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1475); DRBG (Cert. #59); DSA (Cert. #466); HMAC (Cert. #868); RSA (Cert. #722); SHS (Cert. #1334); Triple-DES (Cert. #993)

-Other algorithms: Camellia; DES; Diffie-Hellman; EC Diffie-Hellman; MD2; MD5; RC2; RC4; SEED

Multi-chip standalone

"The Cisco Secure Access Control Server (ACS) FIPS module (NSS) Version 3.12.5 is a software cryptographic library that provides cryptographic services to the Cisco Access Control Server (ACS) application. The Cisco ACS FIPS module (NSS) is a general-purpose cryptographic library, with an API based on the industry standard PKCS #11 version 2.20."
1496 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Secure Access Control Server (ACS) FIPS module (cryptolib)
(Software Versions: 1.1, 1.2 and 1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/10/2011;
04/27/2011;
02/23/2012:
06/21/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Cisco CARS 1.2.0.182 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1474); HMAC (Cert. #867); RNG (Cert. #805); RSA (Cert. #721); SHS (Cert. #1333)

-Other algorithms: AES (Cert. #1474, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Secure ACS FIPS Module Version 1.1 is a software cryptographic library that provides cryptographic services to the Cisco Access Control Server (ACS) application. The Secure ACS FIPS module provides FIPS compliant cryptography supporting AAA for IEEE 802.11i security (WPA2) with EAP protocols like EAP-TLS, EAP-FAST, PEAP with RADIUS Key Wrap functionalities, Cisco TrustSec (CTS), and 802.1x-rev."
1495

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/28/2011;
06/08/2012;
10/15/2012
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1494 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81-46-202-8074
FAX: +81-46-202-6304

CST Lab: NVLAP 100432-0

Sony Security Module
(Hardware Version: 1.0.1; Firmware Version: 1.0.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/21/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #901, #902 and #1470); RNG (Certs. #517 and #804); RSA (Cert. #724); SHS (Certs. #882 and #1330); HMAC (Certs. #865 and #866)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; NDRNG

Multi-chip embedded

"The Sony Security Module (SSM) is cryptographic module to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1493 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81-46-202-8074
FAX: +81-46-202-6304

CST Lab: NVLAP 100432-0

Sony Security Module
(Hardware Version: 1.1.0; Firmware Version: 1.1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/21/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #901, #902 and #1470); RNG (Certs. #517 and #804); RSA (Cert. #724); SHS (Certs. #882 and #1330); HMAC (Certs. #865 and #866)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; NDRNG

Multi-chip embedded

"The Sony Security Module (SSM) is cryptographic module to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1492 IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0

IBM® z/OS® Version 1 Release 11 System SSL Cryptographic Module
(Hardware Versions: FC3863 w/System Driver Level 77 and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Software Versions: System SSL level HCPT3B0/JCPT3B1 with APAR OA31595, RACF level HRF7760 with APAR OA30951 and ICSF level HCR7770 with APAR OA32012; Firmware Version: 4765-001 (e1ced7a0))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 02/04/2011;
04/12/2011
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with IBM System z10(TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM System z10(TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 77 and z/OS® V1R11] (single-user mode)

-FIPS-approved algorithms: AES (Certs. #976, #1418 and #1419); Triple-DES (Certs. #769, #968 and #969); DSA (Certs. #458 and #459); RSA (Certs. #691, #692, #693, #694 and #695); SHS (Certs. #946, #1286 and #1287); HMAC (Certs. #836 and #837); RNG (Certs. #775 and #776)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2

Multi-chip standalone

"System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1491 Hughes Network Systems, LLC
11717 Exploration Lane
Germantown, MD 20876
USA

-Shayla Fahey
TEL: 301-548-1239

-Shanti Vedula
TEL: 301-212-1016

CST Lab: NVLAP 200556-0

HX280 Broadband Satellite Router
(Hardware Version: Rev C.; Firmware Versions: 6.6.0.3 or 6.7.0.10)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 01/28/2011;
08/09/2011
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1451 and #1453); SHS (Cert. #1316); HMAC (Cert. #853); DSA (Cert. #463); RNG (Cert. #796)

-Other algorithms: Diffie-Hellman (key agreement providing 80 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"The Hughes HX280 Mesh/Star Broadband Router is a high-performance satellite router that enables carrier-grade broadband Internet Protocol services with enhanced security protecting all data, management, and signaling traffic over the satellite network, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization, and access control capabilities."
1490 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 4000 PIKE2
(Hardware Version: P/N 51009397004; Firmware Version: R01.01.00, R01.01.01, R01.01.04 or R02.03.00)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/28/2011;
06/01/2011;
03/14/2012;
12/07/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); RNG (Cert. #812)

-Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP

Single-chip

"The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1489 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 4000 PIKE2
(Hardware Version: P/N 51009397004; Firmware Version: R01.01.00, R01.01.01, R01.01.04 or R02.03.00)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/28/2011;
06/01/2011;
03/14/2012;
12/07/2012
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); RNG (Cert. #812)

-Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP

Single-chip

"The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1488 Schweitzer Engineering Laboratories, Inc.
2350 NE Hopkins Court
Pullman, WA 99163
USA

-Joe Casebolt
TEL: 509-332-1890
FAX: 509-332-7990

CST Lab: NVLAP 100432-0

SEL-3045
(Hardware Version: 1.0; Firmware Version: R100 or R101)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/28/2011;
02/06/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1272); SHS (Cert. #1170); HMAC (Cert. #739); RNG (Cert. #710); DSA (Cert. #412)

-Other algorithms: AES (Cert. #1272, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The SEL-3045 Secure SCADA Card provides strong cryptographic security to a variety of communications networks. It protects point-to-point, multi-drop, and many-to-many networks. The SEL-3045 secures all byte oriented serial protocols including popular SCADA or PCS protocols like DNP and MODBUS common to PLC, IED and RTU products. It quickly integrates into serial communication networks including modem and data radio."
1487 Athena Smartcard Inc.
20380 Town Center Lane
Suite 240
Cupertino, CA 95014
USA

-Ian Simmons
TEL: 408-865-0112
FAX: 408-865-0333

CST Lab: NVLAP 100432-0

Athena IDProtect Duo PIV
(Hardware Version: P/N AT90SC12872RCFT Revision M; Software Version: P/N Athena PIV Applet Version 2.0; Firmware Version: P/N Athena IDProtect Duo Version 0107.9334.0306)

(PIV Card Application: Cert. #20)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/28/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); RNG (Cert. #368); RSA (Cert. #296); SHS (Cert. #680)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); Triple-DES (Cert. #598, key wrapping; key establishment methodology provides 80 bits of encryption strength)

Single-chip

"The Athena IDProtect Duo PIV cryptographic module is compliant with FIPS 201 as an end point compliant card. The PIV application is hosted by the Athena IDProtect dual interface smart card operating system compliant with the Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
1486 Hewlett-Packard Company
Longdown Avenue
Stoke Grifford, Bristol BS34 8QZ
United Kingdom

-Laura Loredo
TEL: 44 117 312 9341

CST Lab: NVLAP 100432-0

HP LTO-5 Tape Drive
(Hardware Version: AQ273C #912 [1], AQ273D #704 [2], AQ273F #900 [3] and AQ283B #103 [4]; Firmware Version: I3BW [1], I3AS [2], I3AZ [3] and Z39W [4])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/28/2011 Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #1441, #1442, #1443 and #1444); HMAC (Cert. #848); RNG (Certs. #790 and #791); RSA (Certs. #708 and #709); SHS (Certs. #1308 and #1309)

-Other algorithms: MD5; AES (AES Cert. #1441, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"HP LTO-5 Tape Drive sets new standards for capacity, performance, and manageability. The HP LTO-5 represents HP's fifth-generation of LTO tape drive technology capable of storing up to 3TB per cartridge while providing enterprise tape drive monitoring and management capabilities with HP TapeAssure and AES 256-bit hardware data encryption, easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges. Capable of data transfer rates up to 280MB/sec, HP's exclusive Data Rate Matching feature further optimizes performance by matching speed of host to"
1485 Hughes Network Systems, LLC
11717 Exploration Lane
Germantown, MD 20876
USA

-Shayla Fahey
TEL: 301-548-1239

-Shanti Vedula
TEL: 301-212-1016

CST Lab: NVLAP 200556-0

Hughes Crypto Kernel - Firmware
(Firmware Version: 3.1.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 01/11/2011 Overall Level: 1 

-Tested: Hughes HX280 with the VxWorks 5.4 operating system

-FIPS-approved algorithms: AES (Cert. #1453); SHS (Cert. #1316); HMAC (Cert. #853); DSA (Cert. #463); RNG (Cert. #796)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5

Multi-chip standalone

"The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 256 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-256."
1484 Hughes Network Systems, LLC
11717 Exploration Lane
Germantown, MD 20876
USA

-Shayla Fahey
TEL: 301-548-1239

-Shanti Vedula
TEL: 301-212-1016

CST Lab: NVLAP 200556-0

Hughes Crypto Kernel
(Software Version: 3.1.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 01/11/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft® Windows Server® 2008 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1450); SHS (Cert. #1314); HMAC (Cert. #851); DSA (Cert. #461); RNG (Cert. #794)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5

Multi-chip standalone

"The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 256 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-256."
1483 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Amol Kabe
TEL: 415-344-4447

-Gordon Chaffee
TEL: 415-247-7353

CST Lab: NVLAP 200017-0

Steelhead 3020, Steelhead 3520, Steelhead 5520 and Steelhead 6020 Appliances
(Hardware Versions: 3020, 3520, 5520 and 6020; Firmware Version: 4.1.10)

(When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/11/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DSA(FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant)

Multi-chip standalone

"The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1482 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Amol Kabe
TEL: 415-344-4447

-Gordon Chaffee
TEL: 415-247-7353

CST Lab: NVLAP 200017-0

Steelhead 5050 and Steelhead 6050 Appliances
(Hardware Versions: 5050 and 6050; Firmware Version: 4.1.10)

(When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/11/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DSA(FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant)

Multi-chip standalone

"The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1481 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Amol Kabe
TEL: 415-344-4447

-Gordon Chaffee
TEL: 415-247-7353

CST Lab: NVLAP 200017-0

Steelhead 520, Steelhead 1020, Steelhead 1520 and Steelhead 2020 Appliances
(Hardware Versions: 520, 1020, 1520 and 2020; Firmware Version: 4.1.10)

(When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/11/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DSA(FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant)

Multi-chip standalone

"The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1480 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Amol Kabe
TEL: 415-344-4447

-Gordon Chaffee
TEL: 415-247-7353

CST Lab: NVLAP 200017-0

Steelhead 1050 and Steelhead 2050 Appliances
(Hardware Versions: 1050 and 2050; Firmware Version: 4.1.10)

(When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/11/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DSA(FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant)

Multi-chip standalone

"The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1479 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation S200/D200
(Hardware Versions: D2-S200-S01 (Rev 1), D2-S200-S02 (Rev 1), D2-S200-S04 (Rev 1), D2-S200-S08 (Rev 1), D2-S200-S16 (Rev 1), D2-D200-S01 (Rev 1), D2-D200-S02 (Rev 1), D2-D200-S04 (Rev 1), D2-D200-S08 (Rev 1), D2-D200-S16 (Rev 1) or D2-D200-S32 (Rev 1); Firmware Version: 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.1.0, 2.1.1 or 2.1.2)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/07/2011;
08/09/2011;
09/19/2011;
10/04/2011;
10/26/2011;
04/24/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1034); RNG (Certs. #587 and #702); RSA (Cert. #605); SHS (Certs. #987 and #1154); HMAC (Cert. #579)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IronKey Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1478 Juniper Networks, Inc.
1194 Norht Mathilda Ave
Sunnyvale, CA 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

Juniper Networks SRX100, SRX210, SRX240 and SRX650 Services Gateways
(Hardware Version: SRX100B, SRX100H, SRX210B, SRX210H, SRX240B, SRX240H and SRX650-BASE-SRE6-645AP with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.0R4)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 01/05/2011;
01/20/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #937 and #948); AES (Certs. #1362 and #1373); DSA (Cert. #440); SHS (Certs. #1242 and #1255); RNG (Cert. #748); RSA (Cert. #662); HMAC (Certs. #798 and #806)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5

Multi-chip standalone

"Juniper Networks SRX100, SRX210, SRX240 and SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. Supports Firewall, IPsec VPN and IPS."
1477 Juniper Networks, Inc.
1194 Norht Mathilda Ave
Sunnyvale, CA 94089
USA

-Robert Smith
TEL: 978-589-8822

CST Lab: NVLAP 200697-0

Juniper Networks LN1000 Mobile Secure Router
(Hardware Version: LN1000-V with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.0R4)

(The tamper evident seals and security device installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/05/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #936 and #947); AES (Certs. #1351 and #1372); DSA (Cert. #439); SHS (Certs. #1234 and #1254); RNG (Cert. #743); RSA (Cert. #657); HMAC (Certs. #790 and #805)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5

Multi-chip standalone

"Juniper Networks LN1000 Mobile Secure Router is an edge access router that delivers a high-performance routing firewall and intrusion detection service (IDS). The LN1000 addresses the growing demand for a network access presence in military, first responder and transportation vehicles, mining and exploration equipment, unmanned aircraft, and power grids."
1476 3e Technologies International, Inc.
9715 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325

CST Lab: NVLAP 200427-0

3e-525A-3, 3e-525A-3EP, 3e-525A-3MP, 3e-525V-3 and 3e-525Ve-4 AirGuard™ Wireless Access Points
(Hardware Version: 2.0(A) (3e-525A-3, 3e-525A-3MP, 3e-525V-3, 3e-525Ve-4), 2.1 (3e-525A-3, 3e-525A-3EP, 3e-525A-3MP, 3e-525V-3, 3e-525Ve-4) and 90000522-001; Firmware Version: 4.4)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/05/2011 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1021, 1022 and 1023); HMAC (Certs. #571 and #572); RNG (Cert. #583); RSA (Cert. #490); SHS (Certs. #976 and #977); Triple-DES (Cert. #783)

-Other algorithms: AES CFB (non-compliant); MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The AirGuard™ model 525A-3 and model 525V-3/4 Wireless Access Points are packaged in rugged IP 66 weatherproof enclosure and conforms to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking for wireless applications. In access point or gateway mode, the 525A-3 can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps up to 108 Mbps. The 525V-3/4 incorporates an extra video module to provide capability for remote video surveillance and camera control."
1475 Wind River Systems, Inc.
1500 Wind River Way
Alameda, CA 94501
USA

-Millind Kukanur
TEL: 510-749-2494

CST Lab: NVLAP 200658-0

Network Security Services (NSS)
(Software Version: 3.12.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/28/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with Wind River Linux Secure 1.0 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #949); AES (Cert. #1374); DSA (Cert. #450); ECDSA (Cert. #174); SHS (Cert. #1256); RSA (Cert. #673); DRBG (Cert. #49); HMAC (Cert. #807)

-Other algorithms: MD5; MD2; RC2; RC4; DES; SEED; Camellia; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 192 bits of encryption strength)

Multi-chip standalone

"Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards."
1474 Check Point Software Technologies Ltd.
12007 Sunrise Valley Dr.
Suite 130
Reston, VA 20191
USA

-Malcolm Levy
TEL: 703-234-0100 x218

CST Lab: NVLAP 200002-0

Connectra
(Firmware Version: NGX R66.1 with hotfix 1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 12/28/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Connectra-1 3070 General Purpose Computer with Check Point SecurePlatform Operating System, version NGX R66.1 hotfix 1

-FIPS-approved algorithms: Triple-DES (Certs. #944 and #984); AES (Certs. #1369 and #1458); SHS (Certs. #1251 and #1319); HMAC (Certs. #802 and #855); RSA (Certs. #670 and #713); RNG (Cert. #756)

-Other algorithms: CAST 40 bit; CAST 128 bit; DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 202 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength)

Multi-chip standalone

"Check Point Connectra that unifies SSL VPN, IPSec VPN, and integrated intrusion prevention for secure connectivity for mobile and remote workers while protecting enterprise networks and endpoints from external threats. Connectra includes centralized management and DynamicID SMS authentication."
1473 Adara Networks, Inc.
2150 N. First Street
San Jose, CA 95131
USA

-Lillian Withrow
TEL: 408-433-4900
FAX: 408-456-0190

CST Lab: NVLAP 100432-0

OpenSSL NPX Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/28/2010 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with FreeBSD 8.0 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #942); AES (Cert. #1367); DSA (Cert. #447); SHS (Cert. #1248); RNG (Cert. #753); RSA (Cert. #667); HMAC (Cert. #801)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength)

Multi-chip standalone

"The Adara Networks product is an open standards and open architecture based full stack router that provides high performance multipath routing capabilities, end to end QOS, data interoperability, virtualization web services, federation of databases, and a secure cloud computing platform for inter-enterprise collaborations. It can be visualized as a transparent performance overlay network which improves performance and provides innovative features and tightened security over a legacy network infrastructure."
1472 Enova Technology Corporation
1st Floor, No. 11, Research & Development 2nd Road, Science-based Industrial Park
Hsin Chu City, Taiwan 30076
Republic of China

-Robert Wann
TEL: +886 3 577 2767
FAX: +886 3 577 2770

CST Lab: NVLAP 100432-0

X-Wall MX-256C
(Hardware Version: X-Wall MX-256C; Firmware Version: 1.1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/28/2010 Overall Level: 1 

-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #250)

-Other algorithms: N/A

Single-chip

"The patented X-Wall MX-256C (MX-256C) ASIC is the 7th gen of Enova X-Wall real-time Full Disk Encryption technology. Engineered specifically to encrypt entire drive (MBR, FAT, and OS) at SATA wire speed (sustained AES 256-bit throughput of 120MB/sec). MX-256C, a SATA to SATA chip engineered to include the full SATA protocol stacks, is transparent to host/drive. Authentication is separated from the core design of the MX-256C and can be versatile which may include Smartcard, Pre-boot PIN, TPM or Fingerprint. The MX-256C contains no NVM. Therefore at each power on reset authentication is needed."
1471 Enova Technology Corporation
1st Floor, No. 11, Research & Development 2nd Road, Science-based Industrial Park
Hsin Chu, Taiwan 30076
Republic of China

-Robert Wann
TEL: +886 3 577 2767
FAX: +886 3 577 2770

CST Lab: NVLAP 100432-0

X-Wall MX-256
(Hardware Version: X-Wall MX-256; Firmware Version: 1.1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/28/2010 Overall Level: 1 

-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #60)

-Other algorithms: N/A

Single-chip

"The patented X-Wall MX-256 (MX-256) ASIC is the 7th gen of Enova X-Wall real-time Full Disk Encryption technology. Engineered specifically to encrypt entire drive (MBR, FAT, and OS) at SATA wire speed (sustained AES 256-bit throughput of 120MB/sec).MX-256, a SATA to SATA chip engineered to include the full SATA protocol stacks, is transparent to host/drive. Authentication is separated from the core design of the MX-256 and can be versatile which may include Smartcard, Pre-boot PIN, TPM or Fingerprint. The MX-256 contains no NVM. Therefore at each power on reset authentication is needed."
1470 IBM Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010
FAX: 845-433-7510

-James Sweeny
TEL: 845-435-7453
FAX: 845-435-8530

CST Lab: NVLAP 200658-0

IBM® z/OS® Version 1 Release 11 ICSF PKCS#11 Cryptographic Module
(Hardware Versions: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048); Software Versions: APAR OA32012 and APAR OA30951; Firmware Versions: CPACF (FC3863 w/ System Driver Level 77) and optional 4765-001 (e1ced7a0))

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software-Hybrid 12/28/2010;
06/01/2011;
10/4/2011
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with IBM System z10® Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, optional Crypto Express3 Card (Accelerator (CEX3A))] [IBM System z10® Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (aka FC3863) includes FC3863 w/System Driver Level 77 and z/OS® V1R11]; (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1332 and #976); Triple-DES (Certs. #931 and #769); DSA (Cert. #437); ECDSA (Cert. #171); RSA (Certs. #644, #645 and #691); SHS (Certs. #946 and #1218); HMAC (Cert. #780); RNG (Cert. #734)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; Triple-DES (non-compliant); DSA (non-compliant); HMAC (non-compliant); RC4; BLOWFISH; MD5; MD2; RIPE-MD; EC Brainpool

Multi-chip standalone

"The ICSF PKCS #11 module consists of software-based cryptographic algorithms, as well as symmetric and hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF) and RSA Hardware clear key modular math cryptography provided through the Crypto Express3 card (CEX3A). The RSA hardware support is accessed through auxiliary module CSFINPVT which acts as a pipe between ICSF PKCS #11 and the cryptographic cards."
1469 JVC KENWOOD Corporation
1-16-2, Hakusan, Midori-ku
Yokohama-shi, Kanagawa 226-8525
Japan

-Tamaki Shimamura
TEL: +81 45 939 6254
FAX: +81 45 939 7093

-Joe Watts
TEL: 678-474-4700
FAX: 678-474-4730

CST Lab: NVLAP 100432-0

Secure Cryptographic Module (SCM)
(Hardware Version: P/N KWD-AE20, Version 1.0.0; Firmware Version: A2.0.2 or A2.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/28/2010;
12/07/2011;
01/31/2012;
04/02/2012
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #831 and #832); SHS (Cert. #827)

-Other algorithms: DES; DES MAC; LFSR; AES MAC (AES Cert. #831, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption."
1468 SafeNet, Inc.
20 Colonnade Road
Suite 200
Nepean, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCI 7000 Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.8.1 or 4.8.2)

(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/28/2010;
02/10/2011;
12/03/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #510 and #1298); Triple-DES (Certs. #520 and #912); Triple-DES MAC (Triple-DES Certs. #520 and #912, vendor affirmed); SHS (Cert. #1190); DSA (Cert. #420); RSA (Cert. #620); ECDSA (Cert. #154); HMAC (Cert. #755); RNG (Cert. #723)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA X509; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; AES (Certs. #510 and #1298, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #912, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1467 Motorola, Inc.
One Motorola Plaza
Holtsville, NY 11742
USA

-Jay Greenrose
TEL: 631-738-3844
FAX: 631-738-4656

-Mariya Wright
TEL: 914-574-8189
FAX: 631-738-4656

CST Lab: NVLAP 200648-0

Motorola EMS Cryptographic Module
(Firmware Versions: DAABDS00-001-R00 and DAABGS00-001-R00)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 12/21/2010;
11/17/2011
Overall Level: 1 

-Tested: DS6878 with Micrium OS II V2.85; CR0078 with Micrium OS II V2.85; STB2078 with Micrium OS II V2.85; DS3578 with Micrium OS II V2.85; STB3578-CF007WR with Micrium OS II V2.85; FLB3578-CF007WR with Micrium OS II V2.85

-FIPS-approved algorithms: AES (Certs. #1395 and #1397); SHS (Certs. #1266 and #1268); HMAC (Certs. #819 and #821)

-Other algorithms: N/A

Multi-chip standalone

"The Motorola EMS Cryptographic Module provides FIPS 140-2 Level 1 certified encryption and security practices to protect data sensitive transmission between the Motorola Embedded deices which include cordless scanners, cradles and terminals."
1466 Motorola, Inc.
One Motorola Plaza
Holtsville, NY 11742
USA

-Jay Greenrose
TEL: 631-738-3844
FAX: 631-738-4656

-Mariya Wright
TEL: 914-574-8189
FAX: 631-738-4656

CST Lab: NVLAP 200648-0

Motorola EMS Cryptographic Module
(Software Versions: DAABES00-001-R00 and DAABFS00-001-R00)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/21/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with MC9596 with Windows Mobile 6.5; MT2070 with Windows CE 5.0; MT2090 with Windows CE 5.0 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1398 and #1396); SHS (Certs. #1267 and #1269); HMAC (Certs. #820 and #822); RNG (Certs. #764 and #765)

-Other algorithms: N/A

Multi-chip standalone

"The Motorola EMS Cryptographic Module provides FIPS 140-2 Level 1 certified encryption and security practices to protect data sensitive transmission between the Motorola Embedded deices which include cordless scanners, cradles and terminals."
1465 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 4000 PIKE
(Hardware Version: P/N 5175330H04; Firmware Version: R01.00.00)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/21/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1401); ECDSA (FIPS 186-3, vendor affirmed); SHS (Cert. 1272); RNG (Cert. #768)

-Other algorithms: AES MAC (AES Cert. #1401, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1401, key wrapping); DES; DES-XL; DVP-XL; DVI-XL; ADP

Single-chip

"The KVL 4000 PIKE provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1464 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 4000 PIKE
(Hardware Version: P/N 5175330H04; Firmware Version: R01.00.00)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/21/2010 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1401); ECDSA (FIPS 186-3, vendor affirmed); SHS (Cert. 1272); RNG (Cert. #768)

-Other algorithms: AES MAC (AES Cert. #1401, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1401, key wrapping); DES; DES-XL; DVP-XL; DVI-XL; ADP

Single-chip

"The KVL 4000 PIKE provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1463 Symantec Corporation
350 Ellis St, PO Box 7011
Mountain View, CA 94043
USA

-Rama Vissapragada
TEL: 650-527-0217
FAX: 650-527-1984

CST Lab: NVLAP 100432-0

Encryption Plus Cryptographic Library
(Software Version: 1.0.5)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/21/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Mac OS X (32-bit and 64-bit); Windows 7 (32-bit and 64-bit); Windows Vista (32-bit and 64-bit); Windows XP (32-bit and 64-bit); Windows Server 2008 (32-bit and 64-bit) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1420); HMAC (Cert. #838); SHS (Cert. #1288); RNG (Cert. #777)

-Other algorithms: N/A

Multi-chip standalone

"The Encryption Plus Cryptographic Library (EPCL) provides cryptographic services to the Symantec Corporation for Symantec, GuardianEdge, Encryption Anywhere, and Encryption Plus families of data protection products."
1462 Adara Networks, Inc.
2150 N. First Street
San Jose, CA 95131
USA

-Lillian Withrow
TEL: 408-433-4900
FAX: 408-456-0190

CST Lab: NVLAP 100432-0

Kernel NPX Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/21/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with FreeBSD 8.0 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1410); HMAC (Cert. #831); SHS (Cert. #1280); Triple-DES (Cert. #963)

-Other algorithms: N/A

Multi-chip standalone

"The Adara Networks product is an open standards and open architecture based full stack router that provides high performance multipath routing capabilities, end to end QOS, data interoperability, virtualization web services, federation of databases and a secure cloud computing platform for inter-enterprise collaborations. It can be visualized as a transparent performance overlay network which improves performance and provides innovative features and tightened security over a legacy network infrastructure."
1461 Neopost Technologies
113 rue Jean-Marin Naudin
Bagneaux, 92220
France

-Patrick Blanluet
TEL: 33 1 45 36 30 00
FAX: 33 1 45 36 30 10

CST Lab: NVLAP 100432-0

NETSET2 PSD
(Hardware Version: P/N 4129955LD or P/N 4150859LB; Firmware Version: P/N 4149085NA Version 22.19)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/09/2010;
07/05/2011
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS-approved algorithms: AES (Cert. #563); SHS (Cert. #629); RNG (Cert. #328); RSA (Cert. #260); HMAC (Cert. #300)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength)

Multi-chip embedded

"Neopost PSD (Postal Secure Device) for Middle to High Range Franking Machines."
1460 IBM Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, GA 30328
USA

-Scott Sinsel
TEL: 404-236-2722
FAX: 404-236-2632

CST Lab: NVLAP 200416-0

Proventia GX Series Security Appliances
(Hardware Versions: GX4004, GX5008, GX5108, GX5208 and GX6116; Firmware Version: 3.1, 4.1 or 4.3)

(With Firmware Version 3.1, 4.1 or 4.3 and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/29/2010;
12/07/2011;
04/02/2012;
04/24/2012;
02/14/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1182, #1183 and #1184); HMAC (Certs. #682, #683 and #684); RNG (Certs. #653, #654 and #655); RSA (Certs. #563, #564 and #565); SHS (Certs. #1091, #1092 and #1093)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"The IBM Proventia Network Intrusion Prevention System (IPS) stops Internet threats before they impact your business and delivers protection to all three layers of the network: core, perimeter and remote segments. Preemptive protection, or protection that works ahead of the threat, is available from IBM Internet Security Systems through its proprietary combination of line-speed performance, security intelligence and a modular protection engine that enables security convergence."
1459 Morpho - e-Documents Division 
11, Boulevard Galliéni 
Issy Les Moulineaux, 92130
France

-M. Maximilien N’GUYEN 
TEL: +33 (0)1 58 11 88 37 
FAX: +33 (0)1 58 11 89 93 

CST Lab: NVLAP 100432-0

ypsID
(Hardware Version: P/N AT90SC25672RCT-USB; Firmware Version: 01029069 - FFFFFFF or 020000202 - FFFFFFF)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/29/2010;
04/06/2011;
07/19/2011
Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: SHS (Cert. #1113); RSA (Certs. #580 and #581); Triple-DES (Cert. #872); Triple-DES MAC (Triple-DES Cert. #872, vendor affirmed); RNG (Cert. #671)

-Other algorithms: Triple-DES (Cert. #872, key wrapping; key establishment methodology provides 80 bits of encryption strength)

Single-chip

"The ypsid common cryptographic module lies at the core of the Sagem Orga authentication and signature tokens for corporate employees, civil servants, and e-commerce / e-banking online clients. This module is the base for : ypsid SmartCard S2 converged smart card access badges with PKI, minex II approved biometric fingerprint Match-on-card and One time password (OTP) and ypsid Keys: E*, E1, and E2 USB cryptographic keys presenting driverless and zero footprint two factor OTP authentication and digital signature."
1458

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/23/2010 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1457 Motorola Solutions, Inc.
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

ASTRO Subscriber Universal Crypto Module (UCM)
(Hardware Versions: P/Ns 0104020J49, 0104020J50, 0104020J51, 0104024J43, 0104024J44, 0104024J45, 0104025J11, 0104025J12, 0104027J01, NNTN7097A, NTN9801B, NTN9738C, NNTN5032D, NNTN5032F, NNTN5032G, NNTN5032H, NNTN7427A and NNTN7427C; Firmware Versions: R05.06.00, R05.06.01, R05.07.10, R05.07.11, R05.07.12 or R05.07.15)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/29/2010;
01/31/2011;
03/28/2011;
07/05/2011
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS-approved algorithms: AES (Certs. #2 and #1296); Triple-DES (Cert. #82); SHS (Cert. #335); RNG (Cert. #121); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed)

-Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR); AES (Cert. #2, key wrapping; key establishment provides 256 bits of encryption strength)

Multi-chip embedded

"Encryption modules used in Motorola Astro family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
1456 ARX (Algorithmic Research)
10 Nevatim Street
Kiryat Matalon, Petach Tikva 49561
Israel

-Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0

PrivateServer
(Hardware Version: 4.7; Firmware Version: 4.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/29/2010 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1267); Triple-DES (Cert. #899); RSA (Cert. #608); SHS (Cert. #1167); Triple-DES MAC (Cert. #899, vendor affirmed); RNG (Cert. #708); ECDSA (Cert. #151); HMAC (Cert. #737)

-Other algorithms: DES; DES MAC; DES Stream; ISO9796; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES; DES MAC; MD5

Multi-chip standalone

"The PrivateServer is a high-performance cryptographic service provider. PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES-MAC, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capability."
1455 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

7206VXR NPE-G2 with VSA
(Hardware Version: 7206VXR Version: 2.9 with NPE-G2 Version: 1.0 and VSA Version: 1.0; Firmware Version: 12.4(15)T10 or 12.4(15)T14)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/29/2010;
07/27/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #91); HMAC (Cert. #203); RNG (Cert. #786); RSA (Cert. #707); SHS (Certs. #500 and #1303); Triple-DES (Cert. #204)

-Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant); GDOI (key wrapping, key establishment methodology provides 128 or 256 bits of encryption strength)

Multi-chip standalone

"Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
1454 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Version: 3.8.6.5)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 11/29/2010 Overall Level: 1 

-Design Assurance: Level 3

-Tested: BlackBerry 9800 with BlackBerry OS Version 6.0

-FIPS-approved algorithms: Triple-DES (Cert. #956); AES (Certs. #1402 and #1403); SHS (Cert. #1273); HMAC (Cert. #824); RSA (Cert. #682); RNG (Cert. #769); ECDSA (Cert. #177)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1453 SafeNet, Inc.
20 Colonnade Road
Suite 200
Nepean, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCI 7000 Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.8.1 or 4.8.2)

(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/22/2010;
02/10/2011;
12/03/2012
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #510 and #1298); Triple-DES (Certs. #520 and #912); Triple-DES MAC (Triple-DES Certs. #520 and #912, vendor affirmed); SHS (Cert. #1190); DSA (Cert. #420); RSA (Cert. #620); ECDSA (Cert. #154); HMAC (Cert. #755); RNG (Cert. #723)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA X509; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; AES (Certs. #510 and #1298, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #912, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1452 AvaLAN Wireless Systems, Inc.
125A Castle Drive
Madison, AL 35758
USA

-Michael Derby, Founder/CTO
TEL: 650-575-7332
FAX: 650-249-3591

-Jason Hennig
TEL: 650-206-2321
FAX: 650-249-3591

CST Lab: NVLAP 200017-0

AW140
(Hardware Version: AW140 r1.1; Firmware Version: 1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/22/2010 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #1291)

-Other algorithms: N/A

Multi-chip embedded

"The AW140 is a modular AES cryptographic subassembly that can be embedded into finished communications products. AW140's cryptographic boundary is encapsulated within this subassembly and allows finished products to inherit the AW140's NIST FIPS 140-2 validation."
1451 Seagate Technology, LLC
389 Disc Drive
Longmont, CO 80503
USA

-Monty Forehand
TEL: 720-684-2835

CST Lab: NVLAP 200017-0

Seagate® Momentus® Thin Self-Encrypting Drives TCG Opal FIPS 140 Module
(HW 9WC142 [1, 2, 3, 4, 5, 6, 7, 8] or 9WC14C [3, 4, 7, 8]; Firmware Versions: FW 1003HPMA [1], 1002HPBA [2], 1001DEMA [3], 1001SDMA [4], 1004HPMA [5], 1003HPBA [6], 1002DEMA [7] or 1002SDMA [8])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/22/2010;
07/18/2012
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #1392 and #1341); RSA (Cert. #648); SHS (Cert. #1223); RNG (Cert. #737)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate® Momentus® Thin Self-Encrypting Drive (SED) FIPS 140 Module is embedded in Seagate Momentus Thin SED model disk drives. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
1450 Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat, 13705
France

-Arnaud Lotigier
TEL: +33 4 42 36 0 74
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 200427-0

TOP DL V2
(Hardware Version: A1023378; Firmware Version: Build#11 - M1005011+ Softmask V03)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/15/2010 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938)

-Other algorithms: N/A

Single-chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory available. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1449 Patrick Townsend Security Solutions
406 Legion Way SE
Suite 300
Olympia, WA 98501
USA

-Paul Ohmart
TEL: 360-357-8971

-Patrick Townsend
TEL: 800-357-1019

CST Lab: NVLAP 200658-0

Alliance Key Manager
(Software Version: 2.0.0)

(When operated with the Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1320 operating in FIPS mode (approved algorithms retested on listed operating environment))

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/15/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with rPath Linux, Version 2.6.29 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1245 and #1486); RNG (Certs. #692 and #810); SHS (Certs. #1144 and #1342); HMAC (Certs. #728 and #875); RSA (Cert. #729)

-Other algorithms: MD5, RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength)

Multi-chip standalone

"The Alliance Key Manager implements a client/server interface for key administration. The user application has the client role, and the key manager has the server role. The user opens a secure connection to the key server, sends an administrative request (create a key, change a key, etc.), receives a response from the server, and the session is disconnected."
1448 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e and CAP3502i Wireless LAN Access Points
(Hardware Versions: AP1131 Revision S0, AP1142 Revision G0, AP1242 Revision P0, AP1252 Revision F0, AP1262 Revision B0, CAP3502e Revision B0 and CAP3502i Revision B0; FIPS Kit AIRLAP-FIPSKIT=, Version B0; Firmware Versions: 7.0.98.0, 7.0.98.213, 7.0.116.0, 7.0.230.0 or 7.2.103.0)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/15/2010;
02/24/2011;
05/12/2011;
08/22/2011;
02/23/2012;
05/10/2012
Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1352, #1353, #1354, #1355, #1356, #1357, #1358, #1359, #1360 and #1361); HMAC (Certs. #791, #792, #793, #794, #795, #796 and #797); RNG (Certs. #744, #745, #746 and #747); RSA (Certs. #658, #659, #660 and #661); SHS (Certs. #1235, #1236, #1237, #1238, #1239, #1240 and #1241)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); RC4; MD5; HMAC MD5

Multi-chip standalone

"The Cisco Aironet Lightweight 3502i, 3502e, 1262, 1142, 1131, 1252, and 1242 access points deliver the versatility, high capacity and enterprise class security required for small, medium and large Government indoor and outdoor wireless deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11a/g/n, 802.11i & 802.1x standards, IETF CAPWAP standard and are Wi-Fi Alliance certified for WPA2 security."
1447 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco 5508 Wireless LAN Controller
(Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Versions: 7.0.98.0, 7.0.98.213 or 7.0.116.0)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/15/2010;
02/24/2011;
05/12/2011;
08/22/2011;
02/23/2012
Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1446 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Aironet Lightweight AP1522, AP1524PS and AP1524SB Wireless LAN Access Points
(Hardware Versions: AP1522 Outdoor Mesh Revision L0, AP1524PS Revision E0 and AP1524SB Revision B0; FIPS Kit Version AIRLAP-FIPSKIT=; Firmware Versions: 7.0.98.0, 7.0.98.213, 7.0.116.0, 7.0.230.0 or 7.2.103.0)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/15/2010;
02/24/2011;
05/12/2011;
08/22/2011;
02/23/2012;
05/10/2012
Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1356 and #1357); HMAC (Cert. #794); RNG (Cert. #746); RSA (Cert. #660); SHS (Cert. #1238)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); RC4; MD5; HMAC MD5

Multi-chip standalone

"The Cisco Aironet Lightweight 1522 and 1524 access points deliver the versatility, high capacity and enterprise class security required for small, medium and large Government indoor and outdoor wireless deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11a/g/n, 802.11i & 802.1x standards, IETF CAPWAP standard and are Wi-Fi Alliance certified for WPA2 security."
1445 Quantum Corporation
1650 Technology Drive
Suite 700
San Jose, CA 95110-1382
USA

-Steve McKissick
TEL: 425-201-1546
FAX: 425-201-1233

CST Lab: NVLAP 200658-0

Scalar Key Manager
(Software Version: 2.0.3.a)

(When operated with the Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1320 operating in FIPS mode (approved algorithms retested on listed operating environment))

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/15/2010;
12/06/2010;
03/15/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with rPath Linux, Version 2.6.29 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1255 and #1499); RNG (Certs. #698 and #816); SHS (Certs. #1151 and #1350); HMAC (Certs. #734 and #882); RSA (Cert. #736)

-Other algorithms: MD5, RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength)

Multi-chip standalone

"The Scalar Key Manager implements a client/server interface for key administration. The user application has the client role, and the key manager has the server role. The user opens a secure connection to the key server, sends an administrative request (create a key, change a key, etc.), receives a response from the server, and the session is disconnected."
1444 Rajant Corporation
400 E. King Street
Malvern, PA 19355
USA

-Marty Lamb
TEL: 610-873-6788 x209

CST Lab: NVLAP 200416-0

Rajant Corporation BreadCrumb ME3
(Hardware Versions: ME3-24 [1] and ME3-09 [2]; Firmware Versions: 10.13 [1] and 10.13a [2])

(When operated in FIPS mode and the Loctite® 425 material applied as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/15/2010;
04/12/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3

-FIPS-approved algorithms: AES (Certs. #1300 and #1301); RSA (Cert. #622); SHS (Cert. #1191); HMAC (Cert. #756); RNG (Cert. #724)

-Other algorithms: RC4; MD5; Diffie-Hellman; AES (Cert. #1300, key wrapping)

Multi-chip standalone

"The Rajant Corporation's BreadCrumb® ME3-24 is a rugged wireless transmitter-receiver that forms a highly mobile mesh network (using InstaMesh®) when used in conjunction with other BreadCrumb® devices. This portable wireless mesh network node supports an open-standard IEEE 802.11 b/g radio to enable data, voice and video applications."
1443 Cloakware, Inc.
8219 Leesburg Pike
Suite 350
Vienna, VA 22182-2656
USA

-Trevor Brown
TEL: 613-271-9446 x299
FAX: 613-271-9447

-Garney Adams
TEL: 613-271-9446 x307
FAX: 613-271-9447

CST Lab: NVLAP 200017-0

Cloakware Security Kernel
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/08/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux (RHEL) AS 5.0; Solaris 10; Windows Server 2008 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1306 and #1309); Triple-DES (Cert. #914); SHS (Cert. #1197); RNG (Cert. #731); HMAC (Cert. #761); RSA (Cert. #663), DSA (Cert. #441)

-Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength);

Multi-chip standalone

"The Cloakware Security Kernel from Cloakware, Inc. is a module contained in a single library designed to provide cryptographic functionality within calling applications operating on multi-chip standard server platforms. This single library is linked at run-time to a C/C++ library, which can be called by host applications to provide cryptographic services. This library can also be dynamically loaded at runtime by a Java application running within a Java Virtual Machine (JVM) via Java Native Interface (JNI), providing cryptographic services to the Java application."
1442 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation S200/D200
(Hardware Versions: P/Ns D2-S200-S01, D2-S200-S02, D2-S200-S04, D2-S200-S08, D2-S200-S16, D2-D200-S01, D2-D200-S02, D2-D200-S04, D2-D200-S08, D2-D200-S16 and D2-D200-S32; Firmware Versions: 2.0.10, 2.0.11, 2.0.12 or 2.0.13)

(Files distributed with the module mounted within the CD Drive are excluded from the validation.)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/08/2010;
12/06/2010;
01/13/2011;
06/01/2011;
10/26/2011;
04/24/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1034); RNG (Cert. #587); RSA (Cert. #494); SHS (Certs. #986 and #987); HMAC (Cert. #579)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IronKey Secure Flash Drive includes a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1441 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

Atalla Cryptographic Subsystem (ACS)
(Hardware Versions: P/N 610113-001 Rev. A and B; Firmware Version: Loader Version 0.64, PSMCU Version 0.96)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/08/2010;
06/21/2011;
09/19/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1305 and #1311); RNG (Cert. #728); RSA (Cert. #625); SHS (Cert. #1194)

-Other algorithms: N/A

Multi-chip embedded

"The Atalla Cryptographic Subsystem (ACS) is a multi-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1440 Nexus Wireless
Artists Cour
15 Manette Street
London, W1D 4AP
United Kingdom

-Paul Richards
TEL: +44-207-734-0200
FAX: +44-207-734-0210

CST Lab: NVLAP 200416-0

Nexus FIPS 140-2 Crypto Module
(Hardware Version: 1.0; Firmware Versions: ES0408_RL01_R1_01_000 version 1.01.000 and ES0408_RL02_R1_00_000 version 1.00.000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/08/2010 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #914); DSA (Cert. #337); SHS (Certs. #901 and #928); HMAC (Cert. #533); RNG (Cert. #524)

-Other algorithms: DES; AES MAC (AES Cert. #914, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Nexus FIPS140-2 Crypto Module is a single-board security module designed to conform to FIPS140-2 standards and primarily intended for use in P25 radio equipment. The module supports both KFD and KMF management implementations, including a dedicated 3-wire KFD interface. It includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSKEK keys in non-volatile memory within the FIPS module, with protection from unauthorized disclosure or modification. The FIPS Module executes encryption and decryption of P25 Phase 1 voice and data tra"
1439 Secure64 Software Corporation
5600 South Quebec Street
Suite 320D
Greenwood Village, CO 80111
USA

-Christopher Worley
TEL: 303-242-5890
FAX: 720-489-0694

CST Lab: NVLAP 200416-0

Secure64 Cryptographic Module
(Firmware Version: 1.3)

(The tamper evident seals installed as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 11/08/2010 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx2660; Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx3600

-FIPS-approved algorithms: AES (Certs. #882 and #956); Triple-DES (Cert. #722); RNG (Cert. #507); SHS (Certs. #874 and #1198); HMAC (#762); DSA (Cert. #436); RSA (Certs. #495, #426 and #627)

-Other algorithms: N/A

Multi-chip standalone

"The Secure64 Cryptographic Module is a firmware module designed for use only with systems based on Secure64« SourceT«, a limited operational environment running on an Intel Itanium-based server platform. The Secure64 Cryptographic Module provides cryptographic functions that can be used by applications running in this environment. Example applications include DNSSEC signing (secure DNS using digital signatures), certificate management applications, etc. Example functions include key generation, secure key storage, encryption, decryption, hashing, and digital signing."
1438 Kingston Technology, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

-John Terpening
TEL: 714-427-3743
FAX: 714-435-2628

CST Lab: NVLAP 100432-0

DataTraveler 6000
(Hardware Versions: P/Ns (880074002F, 880074003F and 880074004F), Version 02.00.01; Firmware Version: 03.00.0C)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/03/2010 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1259, #1260, #1261, #1262, #1263 and #1264); SHS (Certs. #1155, #1156, #1157, #1158, #1159, #1160, #1161, #1162 and #1163); ECDSA (Certs. #147, #148 and #149); DRBG (Certs. #29, #30 and #31); RNG (Certs. #703, #704 and #705)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength)

Multi-chip standalone

"Kingston's ultra-secure DataTraveler 6000 USB Flash drive protects sensitive data with FIPS 140-2 Level 3 validation and 256-bit AES hardware-based encryption in XTS mode. Secured by SPYRUS, DT6000 uses elliptic curve cryptography encryption algorithms (ECC) that meet the Suite B standards approved by the U.S. government. The drive features complex password protection and locks down after 10 intrusion attempts."
1437 Ian Donnelly Systems, Inc.
17752 Preston Road
Dallas, TX 75252
USA

-Ian Donnelly
TEL: 972-931-7630
FAX: 972-380-8866

CST Lab: NVLAP 100432-0

KEY-UP Cryptographic Module
(Hardware Versions: P/N KEY-UP, Versions II-A and III-A; Firmware Version: 5.1 or 5.1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/03/2010;
07/27/2011
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #900); Triple-DES MAC (Triple-DES Cert. #900, vendor affirmed); SHS (Cert. #359); RNG (Cert. #127)

-Other algorithms: DES; DUKPT; TR-31

Multi-chip standalone

"Hardware Security Module."
1436 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco ASA 5505, 5510, 5520, 5540, 5550, 5580-20 and 5580-40 Security Appliances
(Hardware Versions: 5505 [1,2], 5510 [1], 5520 [1], 5540 [1], 5550 [1], 5580-20 [3], 5580-40 [3], [FIPS Kit (Cisco-FIPSKIT=): Revision -B0] [1], [ASA 5505 FIPS Kit (ASA5505-FIPS-KIT=): Revision -A0] [2] and [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT=)] [3]; Firmware Version: 8.3.2 and 8.3.2.13)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/03/2010;
05/12/2011;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #105, #564, #1394 and #1407); HMAC (Certs. #125, #301, #818 and #828); RNG (Certs. #144, #329, #763 and #772); RSA (Certs. #106, #261, #680 and #684); SHS (Certs. #196, #630, #1265 and #1277); Triple-DES (Certs. #217, #559, #954 and #960)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
1435 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco 4402 and 4404 Wireless LAN Controllers
(Hardware Versions: 4402, Revision Number R0 and 4404, Revision Number R0; FIPS Kit AIRWLC4400FIPSKIT=, Version A0; Opacity Baffle Version 1.0; Firmware Versions: 7.0.98.0, 7.0.98.213 or 7.0.116.0)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/02/2010;
02/24/2011;
05/12/2011;
08/22/2011;
02/23/2012
Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 4400 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1434 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2] and P/N 800-26335 [3, 4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL or WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2.33-SXI3 or Cisco IOS Release 12.2.33-SXH5; WiSM: 7.0.98.0, 7.0.98.213 or 7.0.116.0)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/02/2010;
02/24/2011;
05/12/2011;
08/22/2011;
02/23/2012
Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1433 IBM® Corporation
12 - 14 Marine Parade
Seabank Centre
Southport, QLD 4215
Australia

-Alex Hennekam
TEL: +61 7-5552-4045
FAX: +61 7 5571 0420

-Peter Waltenburg
TEL: +61 - 5552-4016
FAX: +61 7 5571 0420

CST Lab: NVLAP 200658-0

IBM® Crypto for C
(Software Version: 8.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/02/2010;
12/21/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008® 64-bit operating system (x86-64); Microsoft Windows Server 2008® 32-bit operating system (x86-64); AIX® 6.1 64-bit operating system (PowerPC 64); Solaris® 10 64-bit operating system (UltraSparc-64); Red Hat Linux Enterprise Server 5 32-bit operating system (x86-64); Red Hat Linux Enterprise Server 5 64-bit operating system (x86-64, zSeries-64 and PowerPC-64) (single user mode)

-FIPS-approved algorithms: AES (Certs. #1318, #1319, #1320, #1321, #1322, #1323, #1324, #1325, #1326, #1327, #1328, #1329, #1330 and #1331); Triple-DES (Certs. #917, #918, #919, #920, #921, #922, #923, #924, #925, #926, #927, #928, #929 and #930); DSA (Certs. #422, #423, #424, #425, #426, #427, #428, #429, #430, #431, #432, #433, #434 and #435); ECDSA (Certs. #157, #158, #159, #160, #161, #162, #163, #164, #165, #166, #167, #168, #169 and #170); RSA (Certs. #630, #631, #632, #633, #634, #635, #636, #637, #638, #639, #640, #641, #642 and #643); SHS (Certs. #1204, #1205, #1206, #1207, #1208, #1209, #1210, #1211, #1212, #1213, #1214, #1215, #1216 and #1217); HMAC (Cert. #766, #767, #768, #769, #770, #771, #772, #773, #774, #775, #776, #777, #778 and #779); DRBG (Cert. #34, #35, #36, #37, #38, #39, #40, #41, #42, #43, #44, #45, #46 and #47)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); MD2; MD4; MD5; MDC2; RIPEMD; HMAC MD5; DES; CAST; Camellia; Blowfish; RC4; RC2

Multi-chip standalone

"The IBM Crypto for C® v8.0 (ICC) cryptographic module is implemented in the C programming language. It is packaged as dynamic (shared) libraries usable by applications written in a language that supports C language linking conventions (e.g. C, C++, Java, Assembler, etc.) for use on commercially available operating systems. The ICC allows these applications to access cryptographic functions using an Application Programming Interface (API) provided through an ICC import library and based on the API defined by the OpenSSL group."
1432

CST Lab: NVLAP 200802-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/26/2010 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1431 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086-5301
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiOS
(Firmware Version: FortiOS 4.0, build6341, 100617)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 11/03/2010 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested: FortiGate-80C; FortiGate-200B; FortiGate-310B; FortiGate-620B; FortiGate-800; FortiGate-1240B; FortiGate-3016B; FortiGate-3600A; FortiGate-3810A-E4; FortiGate-5001A-DW

-FIPS-approved algorithms: AES (Certs. #1404 and #1409); Triple-DES (Certs. #957 and #962); RNG (Cert. #770); SHS (Certs. #1274 and #1279); HMAC (Certs. #825 and #830); RSA (Cert. #686)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC SHA-256 (non-compliant)

Multi-chip standalone

"The FortiOS is a firmware based operating system that runs exclusively on FortinetÆs FortiGate/FortiWiFi product family (PC-based, purpose built appliances)The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
1430 Security First Corp.
22362 Gilberto #130
Rancho Santa Margarita, CA 92688
USA

-Rick Orsini
TEL: 949-858-7525
FAX: 949-858-7092

CST Lab: NVLAP 100432-0

SecureParser®
(Software Version: 4.7.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/25/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2003 SP2 running on a Dell Optiplex GX620; Microsoft Windows XP Professional SP2 running on a Dell Optiplex GX620; Red Hat Enterprise Linux Version 5.1 running on a SGI Altix XE240

-FIPS-approved algorithms: AES (Certs. #1381 and #1382); RNG (Cert. #754); RSA (Cert. #668); DSA (Cert. #448); SHS (Cert. #1249); HMAC (Cert. #813); ECDSA (Cert. #173)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1381, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength)

Multi-chip standalone

"The SecureParser® is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
1429 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Data Processor Cryptographic Module
(Software Version: 3.2.2.5)

(When operated in FIPS mode per the installation instructions found in the Security Policy section: Approved Mode of Operation)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/25/2010 Overall Level: 2 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2008 running on a Dell Optiplex 755

-FIPS-approved algorithms: AES (Cert. #1449); HMAC (Cert. #850); RNG (Cert. #793); SHS (Cert. #1313)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Data Processor component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication and encryption/decryption between the various components via Central, Data Processor, Data Collector, and Agent that complete the SecureVue software application suite."
1428 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Data Collector Cryptographic Module
(Software Version: 3.2.2.5)

(When operated in FIPS mode per the installation instructions found in the Security Policy section: Approved Mode of Operation)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/25/2010 Overall Level: 2 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2008 running on a Dell Optiplex 755

-FIPS-approved algorithms: AES (Cert. #1449); HMAC (Cert. #850); RNG (Cert. #793); SHS (Cert. #1313)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Data Collector component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication, encryption/decryption, and key generation between the various components via Central, Data Processor, Data Collector, and Agent that complete the SecureVue software application suite."
1427 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Agent Cryptographic Module
(Software Version: 3.2.2.5)

(When operated in FIPS mode per the installation instructions found in the Security Policy section: Approved Mode of Operation)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/25/2010 Overall Level: 2 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2008 running on a Dell Optiplex 755

-FIPS-approved algorithms: AES (Cert. #1449); HMAC (Cert. #850); RNG (Cert. #793); SHS (Cert. #1313)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Agent component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication and encryption/decryption between the various components via Central, Data Processor, Data Collector, and Agent that complete the SecureVue software application suite."
1426 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Central Cryptographic Module
(Software Version: 3.2.2.5)

(When operated in FIPS mode per the installation instructions found in the Security Policy section: Approved Mode of Operation)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/25/2010 Overall Level: 2 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2008 running on a Dell Optiplex 755

-FIPS-approved algorithms: AES (Cert. #1449); HMAC (Cert. #850); RNG (Cert. #793); SHS (Cert. #1313)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Central component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication, encryption/decryption, and key generation between the various components via Central, Data Processor, Data Collector, and Agent that complete the SecureVue software application suite."
1425 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 94002
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Catalyst 3750G Integrated Wireless LAN Controller
(Hardware Versions: P/N WS-C3750G, Version M0 and P/N 69-1707-01 (FIPS Kit); Firmware Versions: 7.0.98.0, 7.0.98.213 or 7.0.116.0)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/25/2010;
02/24/2011;
05/12/2011;
08/22/2011;
02/23/2012
Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 3750G WLAN Controller delivers centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco 3750G Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The 3750G WLAN Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1424 Just Rams PLC
Unit 6 Iron Bridge Close
Iron Bridge Business Park
Off Great Central Way
London, Middelsex NW10 0UF
United Kingdom

-Patrick Warley
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

-Francesco Rivieccio
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

CST Lab: NVLAP 200017-0

Integral 256 bit AES Drive and Integral 256 bit AES MAC Drive
(Hardware Versions: YFD1GBSPLCRYATV1INTL, YFD2GBSPLCRYATV1INTL, YFD4GBSPLCRYATV1INTL, YFD8GBSPLCRYATV1INTL, YFD16GSPLCRYATV1INTL, YFD32GBCRYPTOINTL, YFD2GBCRYPTOMACINTL, YFD4GBCRYPTOMACINTL, YFD8GBCRYPTOMACINTL, YFD16GBCRYPTOMACINTL and YFD32GBCRYPTOMACINTL; Software Version: 4.0; Firmware Version: PS2251-65)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/25/2010;
09/19/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1205); SHA (Cert. #1108); RNG (Cert. #666)

-Other algorithms: RSA (non-compliant); H/W RNG

Multi-chip standalone

"The Integral Crypto Drive offers Premium AES 256 bit security, and is the most secure and durable of all Integral USB Flash Drives. It has Brute-force password attack protection and has a 22 different language interface and zero footprint. Integral 256 bit AES Drive capacities available are 1GB, 2GB, 4GB, 8GB, 16GB, 32GB Integral 256 bit AES MAC Drive capacities available are 2GB, 4GB, 8GB, 16GB, 32GB"
1423 Apani Networks
1800 E. Imperial Hwy., Suite 210
Brea, CA 92821
USA

-Cory Stockhoff
TEL: 714-674-1600
FAX: 714-674-1755

CST Lab: NVLAP 200556-0

Apani Kernel Crypto Module
(Software Version: V1.0.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/25/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 32-bit and 64-bit Microsoft® Windows® XP; 32-bit and 64-bit Microsoft Windows Server® 2003; 32-bit and 64-bit Microsoft Windows Server® 2008 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1313); Triple-DES (Cert. #915); SHS (Cert. #1201); HMAC (Cert. #764)

-Other algorithms: N/A

Multi-chip standalone

"The AKCM is a software library that runs on a wide variety of computing platforms and performs encryption, hashing and message authentication generation functions."
1422 ARX (Algorithmic Research)
10 Nevatim Street
Kiryat Matalon, Petach Tikva 49561
Israel

-Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0

CoSign
(Hardware Version: 7.0; Firmware Version: 5.2 and 6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/25/2010;
01/22/2013
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #939, #940, #1437 and #1438); Triple-DES MAC (Triple-DES Certs. #939 and #1437, vendor affirmed); SHS (Certs. #1244, #1245, #1970 and #1971); HMAC (Certs. #799 and #1405); RNG (Certs. #750 and #1139); RSA (Certs. #665 and #1177)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data."
1421 Juniper Networks, Inc.
1194 North Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206

CST Lab: NVLAP 100432-0

Juniper J-Series Services Routers: J2320, J2350, J4350 and J6350
(Hardware Versions: P/Ns J-2320-JH (J2320), J-2350-JH (J2350), J-4350-JB (J4350) and J-6350-JB (J6350); Firmware Version: JUNOS-FIPS 9.3R3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/25/2010 Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1165, #1166 and #1167); DSA (Cert. #382); ECDSA (Cert. #139); HMAC (Certs. #665, #666, #667 and #668); RNG (Cert. #645); RSA (Cert. #553); SHS (Certs. #1077, #1078, #1079 and #1080); Triple-DES (Certs. #843, #844 and #845)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"Juniper Networks J Series Routers extend enterprise applications and deliver reliable connectivity to remote offices with a powerful blend of high-performance network protection and advanced services. J Series Services Routers leverage the modular JUNOS Software and Juniper's rich product and partner portfolio to consolidate market leading security, application optimization, and voice capabilities onto a single, easy to manage platform. Our innovate security approach inseparably integrates routing and firewalls for exceptional performance."
1420

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2010 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1419

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2010 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1418 Persistent Systems, LLC
303 Fifth Avenue Suite 207
New York, NY 10016
USA

-David Holmer
TEL: 212-561-5895
FAX: 212-202-3625

CST Lab: NVLAP 100432-0

Persistent Systems Wave Relay Quad Radio Router and Man Portable Unit (Generation 2, Generation 3 Single/Dual, and Generation 4)
(Hardware Versions: Man Portable Unit (Generation 2 P/N MPU2 Versions 3.0 or 3.1, Generation 3 Single P/N MPU3S Versions 1.0, 1.1, 1.2, 1.3, 1.4, 1.4.1 or 1.5, Generation 3 Dual P/N MPU3D Versions 1.0, 1.1, 1.2, 1.3, 1.4 or 1.5, Generation 4 P/N MPU4 Versions 1.0, 1.0.1, 1.1, 1.2 or 1.3), Quad Radio Router (P/N QRS Versions 2.1, 2.2 or 2.3); Firmware Versions: 17.3.42 or 18.0.10)

(When operated with the tamper evident material installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/05/2010;
10/29/2010;
04/04/2012
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1241 and #1242); DSA (Cert. #409); HMAC (Certs. #725 and #726); RNG (Cert. #689); RSA (Cert. #595); SHS (Certs. #1140 and #1141); Triple-DES (Cert. #889)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The Wave Relay Mobile Ad Hoc Networking System provides persistent wireless network connectivity between highly mobile users in a true peer-to-peer topology."
1417 Persistent Systems, LLC
303 Fifth Avenue Suite 207
New York, NY 10016
USA

-David Holmer
TEL: 212-561-5895
FAX: 212-202-3625

CST Lab: NVLAP 100432-0

Persistent Systems Wave Relay Single, Dual, and Quad Radio Board
(Hardware Versions: P/N WR-BRD-DUAL Versions 1.0, 1.1, 1.2, 1.3, 1.4, 1.4.1 or 1.5, P/N WR-BRD SINGLE Versions 1.0, 1.0.1, 1.1, 1.2 or 1.3, P/N WR-BRD-QUAD Versions 2.1, 2.2 or 2.3; Firmware Versions: 17.3.42 or 18.0.10)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/05/2010;
04/04/2012
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1241 and #1242); DSA (Cert. #409); HMAC (Certs. #725 and #726); RNG (Cert. #689); RSA (Cert. #595); SHS (Certs. #1140 and #1141); Triple-DES (Cert. #889)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip embedded

"The Wave Relay Mobile Ad Hoc Networking System provides persistent wireless network connectivity between highly mobile users in a true peer-to-peer topology."
1416 Oberthur Technologies
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

ID-One PIV (Type B)
(Hardware Versions: P/Ns BF [1, 2] and C0 [3, 4]; Firmware Version: 0801 (with op-codes (071621 and 070534) [1], (071621 and 071891) [2], (071631 and 070544) [3] or (071631 and 071901) [4]) with ID-One PIV Applet Suite V2.3.2 [*] or V2.3.2-a [**])

(PIV Card Application: Cert. #19 [*] or #26 [**])

(When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/06/2010;
11/24/2010;
12/21/2010;
02/10/2011;
07/05/2011;
10/04/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #770); Triple-DES MAC (Triple-DES Cert. #770, vendor affirmed); AES (Cert. #978); RNG (Cert. #555); RSA (Cert. #471); ECDSA (Cert. #120); SHS (Cert. #949); CVL (Cert. #4)

-Other algorithms: Triple-DES (Triple-DES Cert. #770, key wrapping; key establishment methodology provides 80 bits of encryption strength); AES (AES Cert. #978, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #978; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"This new generation PIV Card addresses current & future needs of both Federal and Corporate customers with built-in support for all the cryptographic algorithms defined in SP800-78-2 including TDEA, AES, RSA, ECDSA, & ECDH with all possible key sizes as well as key history for over 20 retired decryption keys. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption, & secure post issuance management in the PIV system. Its fingerprint match-on-card has been validated in the MINEX II PIV Biometric interoperability program."
1415 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

TZ 100, TZ 100W, TZ 200, TZ 200W, TZ 210 and TZ 210W
(Hardware Versions P/N 101-500267-50, Rev. A (TZ 100); P/N 101-500268-51, Rev. A (TZ 100W); P/N 101-500262-51, Rev. A (TZ 200); P/N 101-500246-53, Rev. A (TZ 200W); P/N 101-500218-51, Rev. A (TZ 210); P/N 101-500214-54, Rev. A (TZ 210W); Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/28/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1200); Triple-DES (Cert. #868); SHS (Cert. #1105); DSA (Cert. #398); RNG (Cert. #664); RSA (Cert. #577); HMAC (Cert. #697)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"SonicWALL's TZ Series is a high performance security platform that combines anti-virus, anti-spyware, intrusion prevention, content filtering, 3G connectivity and redundancy with 802.11 b/g/n wireless for an ultimate SMB security package. These solutions allow remote and branch offices to easily implement network protection from a wide spectrum of emerging threats."
1414 Oberthur Technologies
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

ID-One PIV (Type A)
(Hardware Versions: P/Ns B0 and BA; Firmware Version: FC10 (with op-codes 069778 or 071964) with ID-One PIV Applet Suite V2.3.2 [1], V2.3.2-a [2] or V2.3.4 [3])

(PIV Card Application: Cert. #18 [1], #25 [2] or #36 [3])

(When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/28/2010;
11/24/2010;
12/21/2010;
02/10/2011;
07/05/2011;
10/04/2011;
02/22/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); AES (Cert. #840); RNG (Cert. #480); RSA (Cert. #403); ECDSA (Cert. #94); SHS (Cert. #833); CVL (Cert. #3)

-Other algorithms: Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 80 bits of encryption strength); AES (AES Cert. #840, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #840; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"This new generation PIV Card addresses current and future needs of both Federal & Corporate customers with built-in support for all the cryptographic algorithms defined in SP800-78-2 including TDEA, AES, RSA, ECDSA, & ECDH with all possible key sizes as well as key history for over 20 retired decryption keys. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption, and secure post issuance management in the PIV system. Its fingerprint match-on-card has been validated in the MINEX II PIV Biometric interoperability program."
1413 Icom Inc.
1-1-32, Kamiminami
Hirano-Ku, Osaka 547-0003
Japan

-Masaaki Takahashi
TEL: 425-450-6043

CST Lab: NVLAP 200427-0

UT-125 FIPS #10 Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/28/2010 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #1303); HMAC (Cert. #758); RNG (Cert. #726); SHS (Cert. #1193)

-Other algorithms: AES MAC (AES Cert. #1303, vendor affirmed; P25 AES OTAR); DES; DES-MAC

Multi-chip embedded

"The UT-125 FIPS #10 is an optional unit available for Icom radios that provides secure voice and data capabilities as well as APCO OTAR and advanced key management."
1412 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Bishakha Banerjee
TEL: 408-936-6843
FAX: 408-936-1801

-Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 100432-0

JUNOS-FIPS 9.3 L2 OS Cryptographic Module
(Firmware Version: 9.3R2.8)

(When operated only on the specific platforms specified on the reverse. The routing engine and chassis configured with tamper evident seals installed as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 09/28/2010 Overall Level: 2 

-Design Assurance: Level 3

-Tested: M40e [RE-A-1000-2048], M120 [RE-A-1000-2048], M120 [RE-A-2000-4096], M320 [RE-A-1000-2048], M320 [RE-A-2000-4096], MX240 [RE-S-2000-4096], MX480 [RE-S-2000-4096], MX960 [RE-S-2000-4096], T320 [RE-A-2000-4096], T640 [RE-A-2000-4096] and T1600 [RE-A-2000-4096]

-FIPS-approved algorithms: AES (Certs. #1049, #1050 and #1051); DSA (Cert. #351); ECDSA (Cert. #127); RNG (Cert. #599); RSA (Cert. #501); HMAC (Certs. #590, #591, #592 and #593); SHS (Certs. #998, #999, #1000 and #1001); Triple-DES (Certs. #793, #794 and #795)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"Juniper Networks M, T and MX series routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software, which provides both management and control functions as well as all IP routing."
1411 Security First Corp.
22362 Gilberto #130
Rancho Santa Margarita, CA 92688
USA

-Rick Orsini
TEL: 949-858-7525
FAX: 949-858-7092

CST Lab: NVLAP 100432-0

SecureParser®
(Software Version: 4.7.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/03/2010 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Ubuntu 8; Windows Server 2003; Windows XP (single user mode)

-FIPS-approved algorithms: AES (Certs. #1222 and #1223); RNG (Cert. #678); RSA (Cert. #590); DSA (Cert. #405); SHS (Cert. #1124); HMAC (Cert. #714); ECDSA (Cert. #144)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1222, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength)

Multi-chip standalone

"The SecureParser® is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
1410 AudioCodes
1 Hayarden St.
Airport City, Lod 70151
Israel

-Yair Elharrar
TEL: +972-3-976-4055
FAX: +972-3-976-4223

CST Lab: NVLAP 200002-0

BS-500
(Hardware Version: FASB0885; Firmware Version: 5.80AM.023)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/23/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1114 and #1169); Triple-DES (Certs. #811 and #847); RSA (Cert. #556) HMAC (Cert. #669); SHS (Cert. #1037); RNG (Cert. #646)

-Other algorithms: Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; DES; RC4; MD5

Multi-chip embedded

"Voice-over-IP media gateway"
1409 Open Text Corporation
38 Leek Crescent
Richmond Hill, Ontario L4B 4N8
Canada

-Jonathan Carroll
TEL: 514-281-5551 x222
FAX: 514-281-9958

CST Lab: NVLAP 200017-0

Open Text Cryptographic Module
(Software Version: 14.0.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 09/21/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista with SP1 (32-bit edition); Microsoft Windows Vista with SP1 (64-bit edition) (single-user mode)

-FIPS-approved algorithms: RSA (Cert. #541); DSA (Cert. #371); Triple-DES (Cert. #829); AES (Cert. #1143); HMAC (Cert. #650); SHS (Cert. #1061); RNG (Cert. #633)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; Blowfish; CAST; RC2; RC4; RC5; ECC; MD2; MD4; MD5; MDC2; RIPEMD; Message-digest based PRNG

Multi-chip standalone

"The Open Text Cryptographic Module is a library which provides encryption and decryption services to Hummingbird Connectivity software during SSL or SSH connections. The Open Text Cryptographic Module is used in Exceed, a windows-based X11 server, NFS Maestro, a suite of NFS clients and servers, HostExplorer, a desktop and web-based terminal emulation suite and Connectivity Secure Shell, an implementation of the Secure Shell 2 protocol."
1408 Aladdin Knowledge Systems, Ltd.
35 Efal St.
Kiryat Arie, Petach Tikva Israel

-Chanan Lavi
TEL: 972-3-9781111
FAX: 972-3-9781010

CST Lab: NVLAP 100432-0

Aladdin eToken NG-FLASH (Java) [1], Aladdin eToken NG-FLASH Anywhere [1] and Aladdin eToken NG-OTP (Java) [2]
(Hardware Versions: 5 [1] and 3.0 [2]; Firmware Versions: Athena IDProtect Version 0106.8015.0508, 0106.8015.0808 and Aladdin eToken Version 1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/15/2010;
10/26/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #681); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); SHS (Cert. #789)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"Aladdin eToken NG-FLASH (Java) and Aladdin eToken NG-OTP (Java) offer strong authentication and guaranteed non-repudiation for sensitive applications such as eBanking, stock trading, eCommerce and financial transactions. The modules are based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generation, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
1407 G4S Technology Limited
Challenge House, International Drive
Tewkesbury, Gloucestershire GL20 8UQ
United Kingdom

-Steve Amos
TEL: +44 1684 850977
FAX: +44 1684 294845

-Kevin Hollingworth
TEL: +44 1684 850977
FAX: +44 1684 294845

CST Lab: NVLAP 200427-0

Symmetry Cryptographic Module
(Software Version: 1.2.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/15/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP with SP3; Microsoft Windows 7; Microsoft Windows Vista with SP2; Microsoft Windows Server 2003 with SP2; Microsoft Windows Server 2008 with SP2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1314); HMAC (Cert. #765); SHS (Cert. #1202)

-Other algorithms: N/A

Multi-chip standalone

"The Symmetry Cryptographic Module provides AES 256 bit encryption functionality to enable a client application to provide a secure channel for transmission of data across a network."
1406 Fortinet, Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021

CST Lab: NVLAP 200556-0

FortiAnalyzer
(Firmware Version: v4.0.0,build6087,091105)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 09/15/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Tested: FortiAnalyzer-1000B with the FortiAnalyzer 4.0.0 operating system

-FIPS-approved algorithms: AES (Certs. #1206 and #1213); Triple-DES (Certs. #870 and #874); SHS (Certs. #1109 and #1117); RSA (Cert. #584); HMAC (Certs. #701 and #707); RNG (Cert. #667)

-Other algorithms: Diffie-Hellman (key agreement; key establishment method provides between 80 and 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data."
1405 SECUDE AG
Bergegg
Emmetten, 6376
Switzerland

-Michael Kummer
TEL: 770-360-5530
FAX: 678-659-9429

CST Lab: NVLAP 100432-0

FinallySecure Enterprise Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/7/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 7; Windows XP; Windows Vista (single-user mode)

-FIPS-approved algorithms: AES (Cert. #958); HMAC (Cert. #534); RNG (Cert. #541); SHS (Cert. #930)

-Other algorithms: N/A

Multi-chip standalone

"SECUDE's FinallySecure Enterprise software-only product provides sector-by-sector Full Disk Encryption (FDE) services to the General Purpose Computer (GPC) with hardening Pre-Boot Authentication (PBA) capabilities. The software is able to prevent all unauthorized access to user data including the operating system with varying degrees of security depending on customer preference. The FinallySecure Enterprise cryptographic module is the core underlying component providing cryptographic functionalities for the software in all aspects."
1404 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

SRA EX6000 and SRA EX7000
(Hardware Versions: P/Ns 101-500210-58 Rev. A (SRA EX6000) and 101-500188-58 Rev. A (SRA EX7000); Firmware Version: SRA 10.5.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/15/2010 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #807, #808 and #809); AES (Certs. #1110, #1111 and #1112); SHS (Certs. #1033, #1034 and #1035); RNG (Cert. #617); RSA (Certs. #523 and #524); HMAC (Certs. #622, #623 and #624)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RC4

Multi-chip standalone

"Built on Aventail's powerful, proven SSL VPN platform, the SonicWALL Aventail SRA EX6000 and SRA EX7000 appliances provide granular access control for any type of remote access by first detecting the identity and the security of the end point, protecting applications with granular policy based on who the user is and the trust established for the end point used for access, and then connecting authorized employees and business partners effortlessly from a broad range of cross-platform devices only to authorized resources."
1403 Hewlett Packard®, Inc.
10810 Farnam Drive
NBN02
Omaha, NE 68154
USA

-Nagesh Kuriyavar
TEL: 402-758-7262
FAX: 402-758-7332

-Brad Kenyon
TEL: 402-758-7265
FAX: 402-758-7332

CST Lab: NVLAP 200658-0

HP OpenCall HLR Cryptographic Module
(Software Version: E10.21)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 09/15/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with HP Nonstop v J06.08 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1308); SHS (Cert. #1196), HMAC (Cert. #760); RNG (Cert. #730)

-Other algorithms: HP Proprietary Algorithm

Multi-chip standalone

"The HP OpenCall HLR Cryptographic Module provides cryptographic services that allows the HP OpenCall HLR to protect sensitive application and subscriber data at rest and during transit."
1402 IBM Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, GA 30328
USA

-Scott Sinsel
TEL: 404-236-2722
FAX: 404-236-2632

CST Lab: NVLAP 200416-0

SiteProtector Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/15/2010;
12/07/2011
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2003 R2 Standard, Version 5.2 SP 2 on an IBM eServer 326m running on an AMD Opteron Processor 270

-FIPS-approved algorithms: AES (Cert. #1181); HMAC (Cert. #681); RNG (Cert. #652); RSA (Cert. #562); SHS (Cert. #1090)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"IBM Proventia® Management SiteProtectorTM system is a security management system that provides centralized command and control, analysis, reporting and workflow for all ISS IBM Protection devices and select third-party security solutions including network IPS, Network Multi-Function, Server, Endpoint, Vulnerability Assessment, Application Assessment, and DLP. All of these IBM ISS security components have a common update and policy management system as well. The SiteProtector system provides an in-depth security event analysis capability that is specific to the needs of security analysts."
1401 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086-5301
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiOS
(Firmware Version: FortiOS 4.00, build6204, 091113)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 09/10/2010 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: FortiGate-310B; FortiGate-500A; FortiGate-620B; FortiGate-800; FortiGate-3600; FortiGate-3600A; FortiGate-5001A-DW; FortiWiFi-50B; FortiWiFi-60B

-FIPS-approved algorithms: AES (Certs. #1154, #1155 and #1156); Triple-DES (Certs. #835 and #836); RNG (Cert. #639); SHS (Certs. #1068 and #1069); HMAC (Certs. #657 and #658); RSA (Cert. #546)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"The FortiOS is a firmware based operating system that runs exclusively on FortinetÆs FortiGate/FortiWiFi product family (PC-based, purpose built appliances)The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
1400 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 2400
(Hardware Version: P/N 101-500219-53, Rev. A; Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/30/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1198); Triple-DES (Cert. #866); SHS (Cert. #1103); DSA (Cert. #397); RNG (Cert. #662); RSA (Cert. #575); HMAC (Cert. #695)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
1399 LifeSize Communications, Inc.
901 S. Mopac Expressway
Bldg 3 Suite 300
Austin, TX 78746
USA

TEL: 512-347-9300
FAX: 512-347-9301

CST Lab: NVLAP 200017-0

Cryptographic Security Kernel
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/30/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux kernel 2.4 (single-user mode)

-FIPS-approved algorithms: RSA (Cert. #532); DSA (Cert. #365); AES (Cert. #1123); HMAC (Cert. #634); Triple-DES (Cert. #820); SHS (Cert. #1046); RNG (Cert. #626)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"The LifeSize Room, Team, and Express product lines employ the LifeSize Cryptographic Security Kernel to provide the cryptographic functionality necessary to secure high-definition audio and video conference communications."
1398 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 240
(Hardware Version: P/N 101-500240-54, Rev. A; Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/30/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1196); SHS (Cert. #1102); DSA (Cert. #396); RNG (Cert. #661); Triple-DES (Cert. #865); RSA (Cert. #574); HMAC (Cert. #694)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
1397 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation Secure Flash Drive
(Hardware Versions: P/Ns IK040401, IK040402, IK040404 and IK040408; Firmware Version: 1.3.9)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/30/2010;
10/26/2011;
04/24/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #655); HMAC (Cert. #615); RNG (Cert. #380); RSA (Cert. #494); SHS (Certs. #691 and #986)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IronKey Secure Flash Drive has been designed to be the world's most secure flash drive. The onboard AES, RSA, SHA, and RNG engines deliver the gold standard in data and identity protection for consumers, enterprises, and government users alike. For more information, visit https://www.ironkey.com."
1396 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086-5301
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiMail OS
(Firmware Version: FortiMail OS 3.00, build 529, 091029)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 08/30/2010 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested as meeting Level 1 with FortiMail-100; FortiMail-400; FortiMail-400B; FortiMail-2000A; FortiMail-4000A

-FIPS-approved algorithms: AES (Cert. #1231); Triple-DES (Cert. #884); RNG (Cert. #682); SHS (Cert. #1131); HMAC (Cert. #718); RSA (Cert. #591)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides between 80 and 112 bits of encryption strength);

Multi-chip standalone

"FortiMail OS is a firmware based operating system that runs exclusively on Fortinet's FortiMail product family (PC-based, purpose built appliances). FortiMail offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities."
1395 SafeNet, Inc.
20 Colonnade Road
Suite 200
Nepean, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCM Key Export (KE) Cryptographic Module
(Hardware Version: LTK-02-0501; Firmware Version: 4.6.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2010;
09/02/2010
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #933); SHS (Cert. #917); HMAC (Cert. #522); RSA (Cert. #452); Triple-DES (Cert. #747); Triple-DES MAC (Triple-DES Cert. #747, vendor affirmed); DSA (Cert. #331); ECDSA (Cert. #116); RNG (Cert. #534)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #933; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1394 SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131-2203
USA

-Tom Dickens
TEL: 408-392-9131
FAX: 408-392-0319

CST Lab: NVLAP 100432-0

SPYRUS FIPS Sector-based Encryption Module
(Hardware Versions: P/Ns 880074002F, 880074003F and 880074004F, Version 02.00.01; Firmware Version: 03.00.0C)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2010;
09/07/2010;
03/28/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1259, #1260, #1261, #1262, #1263 and #1264); SHS (Certs. #1155, #1156, #1157, #1158, #1159, #1160, #1161, #1162 and #1163); ECDSA (Certs. #147, #148 and #149); DRBG (Certs. #29, #30 and #31); RNG (Certs. #703, #704 and #705)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength)

Multi-chip standalone

"The SPYRUS FIPS Sector-based Encryption Module provides hardware-based, sector by sector full disk encryption providing the protective military strength of the U. S. Government's Suite B algorithm standards, including AES, ECDSA, SHA-2, and EC-DH. The USB encryption device comes with an easy to use, user-friendly interface that operates on the Microsoft Windows operating systems, Linux, and MAC without installing any drivers."
1393 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-923-3206
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: MAXQ1959B-F50#; Firmware Version: 5.01.01)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2010;
09/13/2010
Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: ECDSA (Cert. #153); HMAC (Cert. #746); RNG (Cert. #715); SHS (Cert. #1177); Triple-DES (Cert. #904); Triple-DES MAC (Triple-DES Cert. #904, vendor affirmed)

-Other algorithms:

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Canda Post Indicia. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
1392 Doremi Cinema LLC
1020 Chestnut St.
Burbank, CA 91506
USA

-Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

-Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 200802-0

Dolphin DCI 1.2
(Hardware Versions: DOLPHIN-DCI-1.2-A0, DOLPHIN-DCI-1.2-A1, DOLPHIN-DCI-1.2-C0 and DOLPHIN-DCI-1.2-C1; Firmware Versions: (2.0.4, 99.03 and 22.03-0) or (2.0.4, 99.03 and 22.03-1))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/12/2010 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #521, #532 and #1252); HMAC (Certs. #271 and #731); SHS (Certs. #593 and #1148); RNG (Certs. #326, #693, #696 and #700); RSA (Certs. #600 and #601)

-Other algorithms: MD5; HMAC-MD5; TRNGs; RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength);

Multi-chip embedded

"The Dolphin DCI 1.2 is a PCI-card that provides a standard definition/high definition serial digital interface. This is a Doremi decoder hardware card that contains a JPEG-2000 decoder hardware and BNC serial digital interface connectors used in Doremi Digital Cinema Servers like the DCP-2000. The Dolphin DCI 1.2 utilizes a dual-link encoded serial digital interface for output of DCI compliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e. trailers, advertisement, etc.)."
1391 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Peter Hayman
TEL: 919-462-1900 x273
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeNet Ethernet Encryptor, Branch Office
(Hardware Version: 943-50200-004; Firmware Version: 1.0.6.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/12/2010 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1243); HMAC (Cert. #740); RNG (Cert. #690); RSA (Cert. #596); SHS (Cert. #1142); Triple-DES (Cert. #890)

-Other algorithms: SEED (CFB with key length 128); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Camellia (CFG with key length 256)

Multi-chip standalone

"The SafeNet Ethernet Encryptor Branch Office provides data privacy and access control for connections between vulnerable public and private networks. It employs a FIPS-approved AES algorithm and can be deployed in 10 Megabit Ethernet networks. The encryptor can be centrally controlled or managed across multiple remote stations using SafeNet's Security Management Center (SMC), a SNMPv3-based security management system."
1390 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX: 919-882-8791

CST Lab: NVLAP 200427-0

Cisco ASR 1002f, ASR 1002 with ESP5 or ESP10, ASR 1004 with RP 1 or RP 2 and ESP10 or ESP20, and ASR 1006 with dual RP 1 or dual RP 2 and dual ESP10 or dual ESP20
(Hardware Versions: ASR1002f, ASR1002, ASR1004 and ASR1006; Embedded Services Processor (ESP) Hardware versions: ASR1000-ESP5, ASR1000-ESP10 and ASR1000-ESP20; Route Processor (RP) Hardware versions: ASR-1000-RP1 and ASR-1000-RP2; Firmware Version: 2.4.2t)

(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/12/2010;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #333 and #1250); HMAC (Certs. #137 and #730); RSA (Cert. #599); RNG (Certs. #154 and #695); SHS (Certs. #408 and #1147); Triple-DES (Certs. #398 and #894)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength); RSA(key wrapping; key establishment methodology provides between 80 and 156-bits of encryption strength)

Multi-chip standalone

"Cisco has reinvented edge routing with the Cisco ASR 1000 Series Aggregation Services Routers. The ASR 1000 Series consists of three different versions: the ASR 1002, the ASR 1004, and the ASR 1006 Router. All three models use the innovative and powerful Cisco QuantumFlow Processor, which provides a huge leap in performance and resiliency for network processors. The Cisco ASR 1000 delivers multiple services embedded in the Cisco QuantumFlow Processor at wire speeds of up to 20 Gbps. The ASR 1000 architecture supports both software redundancy and hardware redundancy (ASR 1006) capabilities."
1389 IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0

IBM® z/OS® Version 1 Release 10 System SSL Cryptographic Module
(Hardware Versions: FC3863 w/System Driver Level 76, CEX2A and CEX2C [CEX2A and CEX2C are separately configured versions of 4764-001 (P/Ns 12R6536, 12R8241, 12R8561 or 41U0438)]; Software Versions: APAR OA26457 and APAR OA26109; Firmware Versions: 4764-001(2096a16d) or 4764-001(c16f4102))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 08/12/2010 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Tested as meeting Level 1 with IBM System z10™ Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, Crypto Express2 Card (Coprocessor (CEX2C)); Crypto Express2 Card (Accelerator (CEX2A)) and Crypto Express2 Cards (Coprocessor (CEX2C) and Accelerator (CEX2A))] [IBM System z10™ Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 76 and z/OS® V1R10] (single-user mode)

-FIPS-approved algorithms: AES (Certs. #976, #1106, and #1107); Triple-DES (Certs. #769, #804, and #805); DSA (Certs. #355 and #356); RSA (Certs. #517, #518, #519, #520, and #521); SHS (Certs. #946, #1029, and #1030); HMAC (Certs. #618 and #619); RNG (Certs. #614 and #615)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2.

Multi-chip standalone

"System SSL is a set of generic services provided in z/OS® to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS® to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS® to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1388 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Momentus® FDE Drives FIPS 140 Module
(Hardware Versions: ST9500422AS [1], ST9250412AS [1, 2], ST9320427ASG [3], ST9250414ASG [3] and ST9160419ASG [3]; Firmware Version: 500 [1], 070 [2] and 030 [3])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/12/2010;
01/25/2013
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #797 and #1341); HMAC (Cert. #594); SHS (Cert. #1223); RNG (Cert. #737); RSA (Cert. #648); Triple-DES (Cert. #697)

-Other algorithms: DES

Multi-chip standalone

"The Momentus® FDE Drives, FIPS 140 Modules are FIPS 140-2 Level 2 modules which provide full disk encryption with user authentication These products are designed to prevent data breaches due to loss or theft on the road, in the office. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms in two FIPS-Approved modes: ATA Enhanced Security Mode and DriveTrust Security Mode. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, and authenticated FW download."
1387 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 5 Kernel Crypto API Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. This module contains the embedded module Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #815 (Approved algorithms retested on listed operating environment) operating in FIPS mode. Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs is automatically verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.4 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1224); Triple-DES (Cert. #882); SHS (Cert. #1125); HMAC (Certs. #715 and #812); RNG (Cert. #679); DSA (Certs. #406 and #449)

-Other algorithms: DES, Triple-DES (CTR mode; non-compliant)

Multi-chip standalone

"The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 5 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator."
1386 Red Hat®, Inc.
314 Littleton Road
Raleigh, NC 27606
USA

-Irina Boverman
TEL: 978 392 1000

-Karl Wirth
TEL: 978 392 1000

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 5 OpenSwan Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9 of the provided Security Policy. This module contains the embedded modules Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1320 operating in FIPS mode and the Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #815 (Approved algorithms retested on listed operating environment) operating in FIPS mode. Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs is automatically verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.4 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #943); AES (Cert. #1368); SHS (Cert. #1250); RSA (Cert. #669); RNG (Cert. #755); DSA (Cert. #449); HMAC (Certs. #661, #662 and #663)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 192 bits of encryption strength); RC2; RC4; DES; MD2; MD5

Multi-chip standalone

"The Red Hat Enterprise Linux 5 OpenSwan Cryptographic Module is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec."
1385 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 5 OpenSSH Client Cryptographic Module
(Software Version: 1.1)

(When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1320 operating in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module.))

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
09/06/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.4 and Red Hat Enterprise Linux 5.8 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1160, #1161 and #1162); Triple-DES (Certs. #839, #840 and #841); DSA (Certs. #378, #379 and #380); RNG (Certs. #642, #643 and #644); RSA (Certs. #549, #550 and #552); HMAC (Certs. #661, #662 and #663)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 5.4 or RHEL 5.8. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1384 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 5 OpenSSH-Server Cryptographic Module
(Software Version: 1.1)

(When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1320 operating in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
09/06/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.4 and Red Hat Enterprise Linux 5.8 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1160, #1161 and #1162); Triple-DES (Certs. #839, #840 and #841); DSA (Certs. #378, #379 and #380); RNG (Certs. #642, #643 and #644); RSA (Certs. #549, #550 and #552); HMAC (Certs. #661, #662 and #663)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The OpenSSH server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 5.4 or RHEL 5.8. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1383 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Bishakha Banerjee
TEL: 408-936-6843
FAX: 408-936-1801

-Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 100432-0

JUNOS-FIPS 9.3 OS Cryptographic Module
(Firmware Version: 9.3R2.8)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 09/13/2010;
10/29/2010
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: M7i [RE-850-1536] and M10i[RE-850-1536]

-FIPS-approved algorithms: AES (Certs. #1049, #1050 and #1051); DSA (Cert. #351); ECDSA (Cert. #127); RNG (Cert. #599); RSA (Cert. #501); HMAC (Certs. #590, #591, #592 and #593); SHS (Certs. #998, #999, #1000 and #1001); Triple-DES (Certs. #793, #794 and #795)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"Juniper Networks M7i and M10i routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software which provides both management and control functions as well as all IP routing."
1382 ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009
USA

-Ed Smith
TEL: 760-476-4995
FAX: 760-476-4703

CST Lab: NVLAP 100432-0

Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module
(Hardware Versions: P/Ns 1010162 [1, 2, 3], 1010162 with ESEM [2, 3], 1075559 [1, 2 3], 1075559 with ESEM [2, 3], 1010163 [1, 2, 3], 1010163 with ESEM [2, 3], 1075560 [1, 2, 3] and 1075560 with ESEM [2, 3], Version 1; Firmware Versions: 01.03.05 [1] and 02.01.04 [2], or 02.01.05 [3])

(The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/12/2010;
10/04/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1203 and #1204); SHS (Cert. #1107); HMAC (Cert. #699); ECDSA (Cert. #143); RNG (Cert. #665)

-Other algorithms: EC Diffie-Hellman (key agreement)

Multi-chip standalone

"The ViaSat Enhanced Bandwidth Efficient Modem (EBEM-500) series Satcom Modem provides the latest in efficient modulation and coding for point-to-point Satcom connections. The EBEM-500 series offers embedded encryption, integrating the security functions into the modem to provide an integrated secure Satcom modem product. The EBEM-500 series is backward compatible with a wide range of legacy Satcom modems currently in use and supports the new improved efficiency modulation and coding. The EBEM-500 series supports user base-band data rates from 64 kbps up to 155.52 Mbps."
1381 Accellion, Inc.
1900 Embarcadero Road, Suite 207
Palo Alto, CA 94303
USA

-Prateek Jain
TEL: 650-739-0095
FAX: 650-739-0561

CST Lab: NVLAP 100432-0

Accellion Secure File Transfer Cryptographic Module
(Software Version: FTALIB_1_0_1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Red Hat Linux Version 5.1 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #843, #844 and #845); Triple-DES (Cert. #771); HMAC (Cert. #639); DSA (Cert. #307); SHS (Certs. #836, #842 and #1051)

-Other algorithms: Triple-DES (Cert. #771, key wrapping; key establishment methodology provides 80 bits of encryption strength); Blowfish; MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Accellion Secure File Transfer Cryptographic Module is a key component of Accellion's secure file transfer solution. This solution enables enterprises to securely transfer large files. It helps eliminate FTP servers and offload file attachments from email resulting in improved email performance and reduced email storage. Extensive tracking and reporting tools are provided to demonstrate compliance with SOX, HIPAA, FDA and GLB regulations. The Accellion solution provide the highest level of security and ease of use of any enterprise file transfer solution."
1380 WinMagic Inc.
200 Matheson Boulevard West
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Alexandr Mazuruc
TEL: 905-502-7000 ext. 225
FAX: 905-502-7001

CST Lab: NVLAP 200017-0

SecureDoc® Disk Encryption Cryptographic Engine
(Software Version: 4.7)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/26/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista; Mac OS X 10.5 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1046 and #1047); SHS (Cert. #996); HMAC (Cert. #588); RNG (Cert. #597);

-Other algorithms: N/A

Multi-chip standalone

"SecureDoc® Disk Cryptographic Engine provides cryptographic services and key management for the SecureDoc« Disk Encryption products employing PKCS-11 cryptographic token standard. SecureDoc® software delivers full disk encryption and other data protection solutions for General Purpose Computers, laptops and removable media."
1379 WinMagic Inc.
200 Matheson Boulevard West
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Alexandr Mazuruc
TEL: 905-502-7000 ext. 225
FAX: 905-502-7001

CST Lab: NVLAP 200017-0

SecureDoc® Disk Encryption Cryptographic Engine
(Software Version: 4.7)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/26/2010 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX620 running Microsoft Windows XP Professional Service Pack (SP) 2

-FIPS-approved algorithms: AES (Certs. #1046 and #1047); SHS (Cert. #996); HMAC (Cert. #588); RNG (Cert. #597)

-Other algorithms: N/A

Multi-chip standalone

"SecureDoc® Cryptographic Engine provides cryptographic services and key management for the SecureDoc« Disk Encryption products employing PKCS-11 cryptographic token standard. SecureDoc® software delivers full disk encryption and other data protection solutions for General Purpose Computers, laptops and removable media."
1378 IBM® Corporation
9032 S Rita Rd
Tucson, AZ 85744
USA

-David L. Swanson
TEL: 520-799-5515

-Christine Knibloe
TEL: 520-799-5719

CST Lab: NVLAP 200427-0

IBM System Storage TS1130 Tape Drive - Machine Type 3592, Model E06
(Hardware Version: 45E8855 EC Level L31095; Firmware Version: 46X1651 EC Level L31096)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/03/2010 Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #918, #919 and #1273); RNG (Cert. #711); RSA (Cert. #611); SHS (Cert. #1173)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The TS1130 / 3592 E06 Tape Drive provides full line speed, fully validated, hardware implemented, AES 256-bit encryption and compression of customer data recorded to tape. It ensures data confidentiality in the event of a lost tape while also supporting additional cryptographic functions for authentication and secure transfer of key material."
1377 GDC Technology (USA), LLC
3500 W. Olive Ave. Suite 940
Burbank, CA 91505
USA

-Arun Kishore
TEL: 877-743-2872
FAX: 877-643-2872

CST Lab: NVLAP 100432-0

DCI Board
(Hardware Versions: Z-OEM-DCI-R0, Z-OEM-DCI-R2 and Z-OEM-DCI-R3; Firmware Versions: 1.0 or 1.1, Security Manager Firmware Version 1.2.11)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/03/2010;
05/11/2011;
12/13/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1278 and #1286); SHS (Certs. #1176, #1178, #1179 and #1180); RNG (Certs. #713 and #716); RSA (Certs. #610 and #613); HMAC (Certs. #743 and #747)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"A digital cinema media block designed to be compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management, ASM communications and logging."
1376 Dolby Laboratories, Inc.
100 Potrero Avenue
San Francisco, CA 94103
USA

-Matthew Robinson
TEL: 415-558-0200
FAX: 415-863-1373

CST Lab: NVLAP 100432-0

CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC
(Hardware Versions: P/N CAT862Z, Revisions FIPS_1.0, FIPS_1.1 and FIPS_1.2; Firmware Version: 4.1.4_FIPS)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #519, #520 and #1067); SHS (Certs. #592 and #1086); RSA (Cert. #233); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The CAT862 Dolby® JPEG2000/MPEG2 Media Block IDC performs all the cryptography, license management, and video decoding functions for the DSS200 Dolby Screen Server, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality and outstanding reliability. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets DCI specifications for security, data rate, storage capacity, and redundancy."
1375 VT iDirect, Inc.
13865 Sunrise Valley Drive
Herndon, VA 20171
USA

-Gregory Quiggle
TEL: 703-259-6405
FAX: 703-648-8015

CST Lab: NVLAP 200556-0

Evolution® e8350 Satellite Router [1], iNFINITI® 7350 Satellite Router [2], iNFINITI® iConnex 700 Satellite Router [3], Evolution® iConnex e800 Satellite Router [4], iNFINITI® M1D1-T Line Card [5], iNFINITI® M1D1-T Line Card w/ 10 MHz [6] and iNFINITI® M1D1-T-IND Line Card [7]
(Hardware Versions: Part #E0000051-0003 [1], Part #9130-0062-0002 [2], Part #9101-2040-0201 [3], Part #E0000403-0201 [4], Part #9101-0040-0008 [5], Part #9101-0040-0108 [6] and Part #9101-0040-0116 [7]; Software Version: iDS version 8.3.12.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/22/2010 Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #528, #1246 and #1251); Triple-DES (Cert. #893); SHS (Cert. #1146); RSA (Cert. #598); RNG (Cert. #694)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"iDirect's AES-based bidirectional link encryption, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical."
1374 AccessData Corp
384 South 400 West
Lindon, UT 84042
USA

-Jeff Looman
TEL: 801-377-5410

CST Lab: NVLAP 200427-0

AccessData Secure Network Communications FIPS 140-2 Module
(Software Version: 1.0)

(This module contains the embedded module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/26/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1307); HMAC (Cert. #759); RNG (Cert. #729); RSA (Cert. #626); SHS (Cert. #1195)

-Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment mechanism provides between 80 and 256-bits of encryption strength)

Multi-chip standalone

"The AccessData Secure Network Communications FIPS 140-2 Object Module is a cryptographic module that operates as a multi-chip component library positioned between the FIPS 140-2 validated OpenSSL FIPS Object Module version 1.1.2 API and a host application. The AccessData Secure Network Communications module provides to any AccessData application that incorporates it, electronic encryption designed to prevent unauthorized access to data transferred across a physical or wireless TCP/IP network."
1373 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Amol Kabe
TEL: 415-344-4447

-Gordon Chaffee
TEL: 415-247-7353

CST Lab: NVLAP 200017-0

Steelhead 250 and Steelhead 550 Appliances
(Hardware Versions: 250 and 550; Firmware Version: 4.1.10)

(When operated in FIPS mode with tamper evident seals and security panels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792)

-Other algorithms: DSA; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); HMAC-Tiger; EC Diffie-Hellman

Multi-chip standalone

"The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1372 KoolSpan, Inc.
4962 Fairmont Avenue
Bethesda, MD 20814
USA

-Bill Supernor
TEL: 240-880-4407
FAX: 240-238-7534

CST Lab: NVLAP 200416-0

KoolSpan TrustChip Developer Kit (TDK) Cryptographic Library
(Software Version: 3.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/21/2010;
04/12/2011
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Fedora 10 running on an Intel Core 2 Duo; MAC OS X 10.5 running on an Intel Core 2 Duo; Windows Mobile 6.1 running on an ARM 32-bit; Windows XP running on an Intel Core 2 Duo; Linux 2.6 (Android) running on an ARM 7 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1108); SHS (Cert. #1031); HMAC (Cert. #641)

-Other algorithms: N/A

Multi-chip standalone

"The KoolSpan TrustChip® Developer Kit (TDK) Cryptographic Library provides cross-platform cryptographic security functions for application developers to integrate cryptographic services into a library, application, or system."
1371 FalconStor Software, Inc.
2 Huntington Quadrangle
Melville, NY 11747
USA

-Yeggy Javadi
TEL: 631-773-6745
FAX: 631-777-6882

-Wai Lam
TEL: 631-962-1116
FAX: 631-501-7633

CST Lab: NVLAP 200427-0

FalconStor Cryptographic Module
(Software Version: 3.12.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/21/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Oracle Enterprise Linux 5.3

-FIPS-approved algorithms: AES (Cert. #1173); DRBG (Cert. #22); DSA (Cert. #384); HMAC (Cert. #674); RSA (Cert. #558); SHS (Cert. #1085); Triple-DES (Cert. #850)

-Other algorithms: Camellia; DES; Diffie-Hellman; MD2; MD5; RC2; RC4; SEED

Multi-chip standalone

"Cryptographic Library for Authentication and Encryption Implementations for All FalconStor Software Products"
1370 Firetide, Inc.
140 Knowles Dr.
Los Gatos, CA 95032
USA

-Murali Repakula
TEL: 408-355-7203
FAX: 408-399-7756

CST Lab: NVLAP 100432-0

HotPort 7000-Series Wireless Mesh Nodes: HotPort 7100 and HotPort 7200
(Hardware Versions: HotPort 7100 Version 1.0 and HotPort 7200 Version 1.0;
Firmware Version: 7.3(F).0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #1114 and #1235); HMAC (Cert. #720); RNG (Cert. #618); RSA (Cert. #592); SHS (Cert. #1133)

-Other algorithms: AES (non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Firetide HotPort 7100 indoor and HotPort 7200 are dual radio mimo mesh nodes that provide wireless backhaul infrastructure, bandwidth needed to expand the reach of the existing networks, and other wireless capabilities for defence, municipal, industrial, and enterprise users, while adding a variety of fixed and mobile applications; city-wide video surveillance, traffic management, and intelligent transportation systems, infrastructure access for mobile city workers, and wireless broadband for underserved areas."
1369 Cavium Networks
805 E. Middlefield Road
Mountain View, CA 94043
USA

-TA Ramanujam
TEL: 650-623-7039
FAX: 650-625-9751

CST Lab: NVLAP 100432-0

NITROX XL 1600-NFBE HSM Family
(Hardware Versions: CN1620-NFBE1NIC-2.0-G [1], CN1620-NFBE2NIC-2.0-G [1], CN1620-NFBE3NIC-2.0-G [1], CN1610-NFBE1NIC-2.0-G [1], CN1620-NFBE1NIC-2.0-FW1.2-G [2], CN1620-NFBE2NIC-2.0-FW1.2-G [2], CN1620-NFBE3NIC-2.0-FW1.2-G [2], CN1610-NFBE1NIC-2.0-FW1.2-G [2], CN1620-NFBE1-2.0-G [1], CN1620-NFBE2-2.0-G [1], CN1620-NFBE3-2.0-G [1], CN1610-NFBE1-2.0-G [1], CN1620-NFBE1-2.0-FW1.2-G [2], CN1620-NFBE2-2.0-FW1.2-G [2], CN1620-NFBE3-2.0-FW1.2-G [2], CN1610-NFBE1-2.0-FW1.2-G [2], CN1620-NFBE1-3.0-FW1.1-G [1], CN1620-NFBE2-3.0-FW1.1-G [1], CN1620-NFBE3-3.0-FW1.1-G [1], CN1620-NFBE1-3.0-FW1.2-G [2], CN1620-NFBE2-3.0-FW1.2-G [2] and CN1620-NFBE3-3.0-FW1.2-G [2]; Firmware Versions: 1.1 [1] and 1.2 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010;
12/06/2010;
12/27/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1265 and #1266); DRBG (Cert. #32); ECDSA (Cert. #150); HMAC (Cert. #736); KAS (Cert. #5); RNG (Cert. #707); RSA (Cert. #607); SHS (Certs. #1165 and #1166); Triple-DES (Cert. #898)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE

Multi-chip embedded

"The NITROX XL 1600-NFBE HSM adapter family delivers the worldÆs fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets"
1368 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Peter Hayman
TEL: 919-462-1900 x273
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeNet Encryptor, Model 650
(Hardware Versions: 904-53260-007 and 943-53270-007; Firmware Versions: 3.5 and 3.5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010;
09/07/2010
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #710, #725 and #1233); Triple-DES (Cert. #647); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
1367 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Peter Hayman
TEL: 919-462-1900 x273
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeNet Encryptor, Model 600
(Hardware Versions: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10014-00x, 904-10112-00x, 904-10113-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-25005-00x, 904-30013-00x, 904-511i0-00x and 943-511i0-00x; Firmware Version: 3.5)

(When operated in FIPS mode)
(Note: Refer to the cryptographic module’s security policy for the details on the letter i and x designations)


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010;
08/12/2010
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #647); AES (Certs. #713, #725 and #1232); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks."
1366 Lexmark International, Inc.
740 West New Circle Rd.
Lexington, KY 40550
USA

-Graydon Dodson
TEL: 859-232-6483

CST Lab: NVLAP 200416-0

Lexmark PrintCryption
(Firmware Versions: 1.3.2a and 1.3.2i)

(Requires Option P/N 30G0829 to enable the PrintCryption firmware.)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 07/21/2010;
08/12/2010
Overall Level: 1 

-Tested: Lexmark X463de Printer with ARM9 processor on Lexmark Linux v2.6; Lexmark X651de Printer with IBM750CL processor on Lexmark Linux v2.6

-FIPS-approved algorithms: AES (Certs. #1208 and #1209); SHS (Certs. #1111 and #1112); RNG (Certs. #669 and #670); RSA (Certs. #578, #579 and FIPS 186-3, vendor affirmed); HMAC (Certs. #703 and #704)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Lexmark PrintCryption is an option for the Lexmark printers that enables the transfer and printing of encrypted print jobs. With the PrintCryption module installed, the printer is capable of decrypting print jobs encrypted with the AES (FIPS 197) algorithm. The Lexmark PrintCryption analyzes the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the confidential document to be printed."
1365 ProStor Systems, Inc.
5555 Central Avenue
Suite 100
Boulder, CO 80301
USA

-Chris Alaimo
TEL: 303-545-2535 x228
FAX: 303-545-2665

CST Lab: NVLAP 200697-0

InfiniVault Server
(Hardware Version: Model 30; Firmware Version: 2.4.0)

(When operated in FIPS mode with the embedded module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/21/2010 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (Cert. #1214); RNG (Cert. #470)

-Other algorithms: Blowfish; Triple-DES (non-compliant); SHA-1 (non-compliant); MD5

Multi-chip standalone

"InfiniVault Server is part of a hardware Network Attached Storage device running on a Windows Storage Server 2003 R2 x64 SP2 OS."
1364 Marvell Semiconductor, Inc.
5488 Marvell Lane
Santa Clara, CA 95054
USA

-Lei Poo
TEL: 408-222-5194
FAX: 408-988-0135

CST Lab: NVLAP 200648-0

Solaris 2
(Hardware Versions: 88i8925, 88i8922, 88i8945 and 88i8946; Firmware Version: Solaris2-FIPS-FW-V1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1153 and #723); SHS (Cert. #1067); HMAC (Cert. #656); RSA (Cert. #545); RNG (Cert. #638)

-Other algorithms: AES (Cert. #1153, key wrapping; key establishment methodology provides 128 bits of encryption strength);

Single-chip

"Solaris 2 is a highly integrated and custom System-on-Chip (SOC) product, customized for high performance hard disk drives. It employs the latest read/write channel technology with advanced detection and correction capabilities suitable for high density drives. Its unique all-in-one security design features enable an efficient and secure implementation of the full drive encryption (FDE) functions that support Trusted Computing Group (TCG) based access control, authentication and FDE key management. FIPS-Approved algorithms supported include AES, SHA, HMAC, RSA and RNG."
1363 Ipswitch, Inc.
10 Maguire Road
Suite 220
Lexington, MA 02421
USA

-Mark Riordan
TEL: 608-824-3632

CST Lab: NVLAP 200427-0

MOVEit Crypto
(Software Version: 1.2.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/12/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5 (x86); Red Hat Enterprise Linux 5 (x64); Windows Server 2008 (x86); Windows Server 2008 (x64) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1226); HMAC (Cert. #716); RNG(Cert. #680); SHS (Cert. #1126)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"MOVEit Crypto is a compact and fast dynamically-linked library for Windows and Linux. It provides AES encryption, SHA-1 and SHA-2 hashing, and pseudo-random number generation. Both 32-bit and 64-bit versions are available for each operating system. MOVEit Crypto is a member of the MOVEit security and file transfer product family."
1362 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

ASTRO PDEG Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Version: R02.03.01 or R02.03.02)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010;
05/12/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #819, #1295 and #1297); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); AES (AES Cert. #819, key wrapping; key establishment methodology provides 256 bits of encryption strength); LFSR

Single-chip

"The ASTRO PDEG MACE provides secure key management and data encryption for the Astro System."
1361 Cavium Networks
805E Middlefield Road
Mountain View, CA 94043
USA

-Michael Scruggs
TEL: 650-623-7005
FAX: 650-625-9751

CST Lab: NVLAP 200427-0

NITROX XL CN15xx-NFBE FIPS Cryptographic Modules
(Hardware Versions: CN1520-VBD-04-0200, CN1510-VBD-04-0200, CN1505-VBD-04-0200, CN1520-VBD-04-0201, CN1510-VBD-04-0201 and CN1505-VBD-04-0201; Firmware Versions: CN1520: 4.7.1(CN1520); CN1510: 4.7.1(CN1510) and CN1505: 4.7.1(CN1505))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #803 and #1135); DSA (Cert. #370); HMAC (Cert. #645); RNG (Cert. #630); RSA (Cert. #539); SHS (Cert. #1056); Triple-DES (Certs. #685 and #827); Triple-DES MAC (Triple-DES Cert. #685, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; RSA X-509; ARIA; MD2; MD5; HAS-160; AES-MAC (AES Cert. #803; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Generic-Secret; SSL PRE-MASTER; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip embedded

"The Cavium Nitrox XL NFBE FIPS Cryptographic Modules are a cryptographic component of the Nitrox XL NFBE cryptographic acceleration boards that provide cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
1360 Cavium Networks
805E Middlefield Road
Mountain View, CA 94043
USA

-Michael Scruggs
TEL: 650-623-7005
FAX: 650-625-9751

CST Lab: NVLAP 200427-0

NITROX XL CN15xx-NFBE FIPS Cryptographic Module
(Hardware Versions: CN1520-VBD-04-0200, CN1510-VBD-04-0200, CN1505-VBD-04-0200, CN1520-VBD-04-0201, CN1510-VBD-04-0201 and CN1505-VBD-04-0201; Firmware Versions: CN1520: 4.7.1(CN1520); CN1510: 4.7.1(CN1510) and CN1505: 4.7.1(CN1505))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #803 and #1135); DSA (Cert. #370); HMAC (Cert. #645); RNG (Cert. #630); RSA (Cert. #539); SHS (Cert. #1056); Triple-DES (Certs. #685 and #827); Triple-DES MAC (Triple-DES Cert. #685, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; RSA X-509; ARIA; MD2; MD5; HAS-160; AES-MAC (AES Cert. #803; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Generic-Secret; SSL PRE-MASTER; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip embedded

"The Cavium Nitrox XL NFBE FIPS Cryptographic Modules are a cryptographic component of the Nitrox XL NFBE cryptographic acceleration boards that provide cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
1359 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto CDC Module for MEAP
(Software Version: 1.1)

(When operated in FIPS140_MODE or FIPS140_SSL_MODE)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/12/2010;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP3 with Java ME SDK 3.0 Runtime Environment (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1244); DSA (Cert. #410); DRBG (Cert. #28); ECDSA (Cert. #146); HMAC (Cert. #727); RNG (Cert. #691); RSA (Cert. #597); SHS (Cert. #1143); Triple-DES (Cert. #891)

-Other algorithms: DES; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC MD-5; MD4; MD5; PBE; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA OAEP

Multi-chip standalone

"RSA BSAFE TLS-J ME security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements"
1358 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto CDC Module
(Software Version: 1.1)

(When operated in FIPS140_MODE or FIPS140_SSL_MODE)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/12/2010;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP3 with Java ME SDK 3.0 Runtime Environment (single user mode)

-FIPS-approved algorithms: AES (Cert. #1244); DSA (Cert. #410); DRBG (Cert. #28); ECDSA (Cert. #146); HMAC (Cert. #727); RNG (Cert. #691); RSA (Cert. #597); SHS (Cert. #1143); Triple-DES (Cert. #891)

-Other algorithms: DES; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC MD-5; MD4; MD5; PBE; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA OAEP

Multi-chip standalone

"RSA BSAFE TLS-J ME security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements"
1357 Unisys Corporation
2470 Highcrest Road
Roseville, MN 55113
USA

-James Heit
TEL: 651-635-7739

-Mary Ann Bucher
TEL: 651-635-7551

CST Lab: NVLAP 200427-0

Unisys OS 2200 Cryptographic Library
(Software Version: 1R1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/12/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Unisys OS 2200 Operating System (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1293); DSA (Cert. #418); HMAC (Cert. #753); RNG (Cert. #721); RSA (Cert. #619); SHS (Cert. #1187); Triple-DES (Cert. #910)

-Other algorithms: DES; Diffie-Hellman; HMAC MD5; MD2; MD5; RC4

Multi-chip standalone

"The Unisys OS 2200 Cryptographic Library provides Unisys OS 2200 programs with access to FIPS-approved cryptographic services."
1356 Texas Instruments
6550 Chase Oaks Blvd
Plano, TX 75023
USA

-Jack Gregory
TEL: 214-567-6526
FAX: 214-567-0070

CST Lab: NVLAP 200802-0

DLP Cinema®, Series 2 Enigma Link Decryptor
(Hardware Version: 2509488 (Rev. G, Rev. H or Rev. I); Software Versions: 1.4(19), 1.5(21), 1.6(22) or 1.7(23); Firmware Version: 2.12(12))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010;
08/12/2010;
01/13/2011;
12/07/2011;
11/30/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #999, #1000, #1001, #1002 and #1014); HMAC (Cert. #568); SHS (Cert. #971); RSA (Cert. #487); RNG (Cert. #581)

-Other algorithms: EC Diffie-Hellman; TI S-box; NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Texas Instruments Enigma Cryptographic Module is a multi-chip embedded cryptographic module designed to protect digital movie content in accordance with Digital Cinema Initiatives V1.2. The Enigma is a Link Decryptor module designed to reside within a host cinema projector."
1355 Schneider Electric
1 High St.
North Andover, MA 01845
USA

-Richard Dubois
TEL: 978-975-9587
FAX: 978-975-9782

-Elvira Chang
TEL: 978-975-9651
FAX: 978-975-9698

CST Lab: NVLAP 200697-0

Continuum Network Security Module
(Firmware Versions: ACX Series v1.100021 and NetController II v2.100021)

(When operated only on the specific platforms specified)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 07/12/2010 Overall Level: 2 

-Tested: [ACX Series Rev 2a (with ACX Series v1.100021 firmware) and NetController II Rev B (with NetController II v 2.100021 firmware)] with Multi-Threaded Real Time OS (ThreadX version G3.0e.3.0b)

-FIPS-approved algorithms: Triple-DES (Cert. #752); SHS (Cert. #924); RNG (Cert. #537); HMAC (Cert. #528)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RNG (non-compliant)

Multi-chip standalone

"The Continuum Network Security module is part of the NetController II or ACX Series of controllers to provide the most secure method of communications amongst peer controllers and Cyberstation Workstations on the Ethernet/IP network by providing FIPS 140-2 certified encryption algorithms that are used by the IPSec/IKE protocol built into these controllers to automate building operations for HVAC, Lighting, and Physical Access Control."
1354 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI 3000 and Luna® PCI 7000 Cryptographic Modules, V3.0
(Hardware Version: VBD-03-0100; Firmware Versions: 4.7.1(3000) and 4.7.1(7000))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #510 and #1135); DSA (Cert. #370); ECDSA (Cert. #135); HMAC (Cert. #645); RNG (Cert. #630); RSA (Cert. #539); SHS (Cert. #1056); Triple-DES (Certs. #520 and #827); Triple-DES MAC (Triple-DES Cert. #520, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; RSA X-509; ARIA; MD2; MD5; HAS-160; AES-MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Generic-Secret; SSL PRE-MASTER; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman

Multi-chip embedded

"Luna® PCI is a family of high-security cryptographic PCI accelerator cards (the same cards that power the acclaimed Luna½ SA Network HSM). Luna PCI offers dedicated hardware-based key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware-secured key generation, storage, secure key backup, and accelerated encryption"
1353 AirMagnet, Inc.
830 E. Arques Ave.
Sunnyvale, CA 94085
USA

-Tony Ho
TEL: 408-400-1255
FAX: 408-744-1250

CST Lab: NVLAP 200648-0

SmartEdge Sensor A5200, A5205, A5220 and A5225
(Hardware Versions: A5200, A5205, A5220 and A5225; Firmware Version: 8.5.0-12097)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/12/2010 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #331); Triple-DES (Cert. #395); SHS (Cert. #406); RSA (Cert. #111); RNG (Cert. #152); HMAC (Cert. #135)

-Other algorithms: RC4; RC2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); DES; Triple-DES (non-compliant); AES (non-compliant); IDEA; Blowfish; Twofish

Multi-chip standalone

"The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
1352 Telephonics Corp.
815 Broad Hollow Road
Farmingdale, NY 11735
USA

-Barry Wernick
TEL: 631-755-7321
FAX: 631-549-6588

CST Lab: NVLAP 100432-0

TruLink Control Logic Module CL6792-M1
(Hardware Version: P/N 010.6792-01 Rev. H1; Firmware Versions: Boot: SW7098 v2.5 and Application: SW7099 v8.12)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #871); HMAC (Cert. #487); SHS (Cert. #865)

-Other algorithms: N/A

Multi-chip embedded

"TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio."
1351 Telephonics Corp.
815 Broad Hollow Road
Farmingdale, NY 11735
USA

-Barry Wernick
TEL: 631-755-7321
FAX: 631-549-6588

CST Lab: NVLAP 100432-0

TruLink Control Logic Module CL6882-M1
(Hardware Version: P/N 010.6882-01 Rev. B1; Firmware Versions Boot: SW7158 v2.4 and Application: SW7151 v1.12)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #872); HMAC (Cert. #488); SHS (Cert. #866)

-Other algorithms: N/A

Multi-chip embedded

"TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio."
1350 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI-e 3000, Luna® PCI-e 3000 Short-Form Factor (SFF), Luna® PCI-e 7000 and Luna® PCI-e 7000 SFF Cryptographic Modules, V3.0
(Hardware Versions: 3000 and 7000: VBD-04-0100; 3000 SFF and 7000 SFF: VBD-04-0102 and VBD-04-0103; Firmware Versions: 3000 and 3000 SFF: 4.7.1(3000); 7000 and 7000 SFF: 4.7.1(7000))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010;
07/27/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #510 and #1135); DSA (Cert. #370); ECDSA (Cert. #135); HMAC (Cert. #645); RNG (Cert. #630); RSA (Cert. #539); SHS (Cert. #1056); Triple-DES (Certs. #520 and #827); Triple-DES MAC (Triple-DES Cert. #520, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; RSA X-509; ARIA; MD2; MD5; HAS-160; AES-MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Generic-Secret; SSL PRE-MASTER; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman

Multi-chip embedded

"For maximum security, Luna PCI-E offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high security design ensures the integrity and protection of encryption keys throughout their life cycle. Luna PCI-E provides hardware secure key generation, storage, secure key backup and accelerated encryption in a range of models and configurations, offering a wide selection of security, performance and operational capabilities. The PCI Express bus on Luna PCI-E easily plugs into the host computer and provides reliable protection for data, applications, and dig"
1349 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI-e 3000, Luna® PCI-e 3000 Short-Form Factor (SFF), Luna® PCI-e 7000 and Luna® PCI-e 7000 SFF Cryptographic Modules, V3.0
(Hardware Versions: 3000 and 7000: VBD-04-0100; 3000 SFF and 7000 SFF: VBD-04-0102 and VBD-04-0103; Firmware Versions: 3000 and 3000 SFF: 4.7.1(3000); 7000 and 7000 SFF: 4.7.1(7000))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010;
07/27/2011
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #510 and #1135); DSA (Cert. #370); ECDSA (Cert. #135); HMAC (Cert. #645); RNG (Cert. #630); RSA (Cert. #539); SHS (Cert. #1056); Triple-DES (Certs. #520 and #827); Triple-DES MAC (Triple-DES Cert. #520, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; RSA X-509; ARIA; MD2; MD5; HAS-160; AES-MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Generic-Secret; SSL PRE-MASTER; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman

Multi-chip embedded

"For maximum security, Luna PCI-E offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high security design ensures the integrity and protection of encryption keys throughout their life cycle. Luna PCI-E provides hardware secure key generation, storage, secure key backup and accelerated encryption in a range of models and configurations, offering a wide selection of security, performance and operational capabilities. The PCI Express bus on Luna PCI-E easily plugs into the host computer and provides reliable protection for data, applications, and dig"
1348 Motorola, Inc.
6480 Via Del Oro
San Jose, CA, CA 95119
USA

-Colin R. Cooper
TEL: 408-528-2871
FAX: 408-528-2903

CST Lab: NVLAP 200648-0

Wireless Access Point AP-7131N-44040-FGR, AP-7131N-44040-FWW, AP-7131N-44040-FIL, AP-7131N-66040-FGR, AP-7131N-66040-FWW and AP-7131N-66040-FIL
(Hardware Versions: AP-7131N-44040-FGR [1], AP-7131N-44040-FWW [1], AP-7131N-44040-FIL [1], AP-7131N-66040-FGR [2], AP-7131N-66040-FWW [2] and AP-7131N-66040-FIL [2]; Firmware Versions: AP7131N v4.0.0.0-035GR [1], AP7131N v4.0.1.0-003GR[1], AP7131N v4.0.0.0-035GRN [2] or AP7131N v4.0.1.0-003GRN[2])

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/22/2010;
09/15/2010;
07/19/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #831 and #832); AES (Certs. #1147, #1148, #1149 and #1150); SHS (Certs. #1063 and #1064); HMAC (Certs. #652 and #653); RSA (Cert. #543); RNG (Certs. #635 and #636)

-Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); AES (non-compliant); SHS (non-compliant)

Multi-chip standalone

"The AP-7131 802.11 Wireless Access Point delivers the throughput, coverage and resiliency required to build an all-wireless enterprise. The dual-radio design provides simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and non-data applications such as Motorola''s Wireless IPS"
1347 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI 3000 and Luna® PCI 7000 Cryptographic Modules, V3.0
(Hardware Version: VBD-03-0100; Firmware Versions: 3000: 4.7.1(3000); 7000: 4.7.1(7000))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/22/2010 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #510 and #1135); DSA (Cert. #370); ECDSA (Cert. #135); HMAC (Cert. #645); RNG (Cert. #630); RSA (Cert. #539); SHS (Cert. #1056); Triple-DES (Certs. #520 and #827); Triple-DES MAC (Triple-DES Cert. #520, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; RSA X-509; ARIA; MD2; MD5; HAS-160; AES-MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Generic-Secret; SSL PRE-MASTER; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman

Multi-chip embedded

"Luna® PCI is a family of high-security cryptographic PCI accelerator cards (the same cards that power the acclaimed Luna+ SA Network HSM). Luna PCI offers dedicated hardware-based key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware-secured key generation, storage, secure key backup, and accelerated encryption"
1346 Tripwire, Inc.
101 SW Main St.
Suite 1500
Portland, OR 97204
USA

-Will Claridge / Sr. Dir. Engineering
TEL: 503-276-7594
FAX: 503-276-7643

CST Lab: NVLAP 200802-0

Tripwire Cryptographic Module
(Software Versions: 1.1 and 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 06/22/2010;
07/02/2010
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Sun Java 1.5 on Windows 2003 Server (32-bit) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1159); RSA (Cert. #548); RNG (Cert. #641); HMAC (Cert. #660); SHS (Cert. #1072); DSA (Cert. #376)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; HMAC-MD5;

Multi-chip standalone

"The Tripwire Cryptographic Module supports many FIPS approved cryptographic operations, providing other Tripwire products and Java-based applications access to these algorithms."
1345 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-8000 S
(Hardware Version: P/N M-8000 S, Version 1.40; Firmware Version: 5.1.15.12)

(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/01/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505)

-Other algorithms: N/A

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network SecurityManagement system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1344 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-8000 P
(Hardware Version: P/N M-8000 P, Version 1.40; Firmware Version: 5.1.15.12)

(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/22/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network SecurityManagement system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1343 AudioCodes
1 Hayarden St.
Airport City, Lod 70151
Israel

-Yair Elharrar
TEL: +972-3-976-4055
FAX: +972-3-976-4223

CST Lab: NVLAP 200002-0

Media Pack Family MP-112 [1] and MP-124 [2]
(Hardware Versions: GGWV00281 [1] and GGWU00022 [2]; Firmware Version: 5.60A.025.001)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/15/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #912, #741 and #740); Triple-DES (Certs. #737 and #657); RSA (Certs. #443 and #346); HMAC (Certs. #508, #403 and #402); SHS (Certs. #899, #755 and #754); RNG (Cert. #430)

-Other algorithms: HMAC-MD5; DES; RC4; MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Voice-over-IP media gateway"
1342 AudioCodes
1 Hayarden St.
Airport City, Lod 70151
Israel

-Yair Elharrar
TEL: +972-3-976-4055
FAX: +972-3-976-4223

CST Lab: NVLAP 200002-0

Trunk Pack Module TPM-6300 D6 [1] and TPM-6300 D21 [2]
(Hardware Versions: FASB00646 [1] and FASB00645 [2]; Firmware Version: 5.60AV.004.002)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/15/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #911, #741 and #740); Triple-DES (Certs. #736 and #657); RSA (Certs. #443 and #346); HMAC (Certs. #403 and #402); RNG (Cert. #430); SHS (Certs. #755 and #754)

-Other algorithms: HMAC-MD5; DES; RC4; MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"Voice-over-IP media gateway"
1341 Chunghwa Telecom Co., Ltd.
12, Lane 551, Min-Tsu Road SEC.5,
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886-3-424-4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200017-0

HICOS PKI Smart Card Chip
(Hardware Versions: HD65257C1 and HD65255C1; Software Version: PKI Applet: 2.1; Firmware Versions: HardMask: 2.1 and SoftMask: 3.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/09/2010 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1220); RSA (Cert. #589); SHS (Cert. #1123); HMAC (Cert. #713); Triple-DES (Cert. #880); Triple-DES MAC (Cert. #880, vendor affirmed); RNG (Cert. #677)

-Other algorithms: MD5; HMAC-MD5; RIPEMD-160; HMAC-RIPEMD-160

Single-chip

"The HICOS PKI Smart Card Chip module is a single chip implementation of a cryptographic module. The HICOS PKI Smart Card Chip module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HICOS PKI Smart Card Chip cryptographic module contains an implementation of the Open Platform (OP) Version 2.1.1 specification defining a secure infrastructure for post-issuance programmable smart card chips."
1340 AEP Networks
Focus 31, West Wing
Cleveland Road
Hemel Hempstead, Hertfordshire HP2 7BW
United Kingdom

-David Miller
TEL: +44-1442458600
FAX: +44-1442458601

CST Lab: NVLAP 200017-0

Advanced Configurable Cryptographic Environment (ACCE) 2
(Hardware Version: 2730-G2; Firmware Version: V2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/09/2010 Overall Level: 4 

-FIPS-approved algorithms: Triple-DES (Certs. #210 and #896); AES (Certs. #96 and #1257); DSA (Cert. #411); SHS (Cert. #1152); RNG (Cert. #699); RSA (Cert. #603); Triple-DES MAC (Cert. #896, vendor affirmed)

-Other algorithms: MD5; DES; Diffie-Hellman (non-compliant)

Multi-chip embedded

"Advanced Configurable Cryptographic Environment (ACCE) 2 crypto module offers the next generation security platform for managing cryptographic keys and protecting sensitive applications. The (ACCE) 2 crypto module is a hardware security module (HSM) designed for managing mission critical applications that demand maximum security. It is ideally suited for companies that need secure key management for certification authorities, registration authorities, OCSP responders, smart card issuers, web servers and other applications."
1339 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Nils Dussart
TEL: 1-800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows Server 2008 R2 BitLocker™ Drive Encryption
(Software Versions: 6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675)

(When operated in FIPS mode with Windows Server 2008 R2 Boot Manager (bootmgr) (Cert. #1321), Windows Server 2008 R2 Winload OS Loader (winload.exe) (Cert. #1333), Windows Server 2008 R2 Code Integrity (ci.dll) (Cert. #1334), Microsoft Windows Server 2008 R2 Kernel Mode Cryptographic Primitives Library (cng.sys) (Cert. #1335) and Microsoft Windows Server 2008 R2 Cryptographic Primitives Library (bcryptprimitives.dll) (Cert. #1336) all validated under FIPS 140-2 and all operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/15/2010;
03/28/2011;
06/01/2011;
10/04/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (x64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

-Other algorithms: Elephant Diffuser

Multi-chip standalone

"Windows BitLocker Drive Encryption is a data protection feature available in Windows Server 2008 R2. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
1338 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows Server 2008 R2 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Version: 6.1.7600.16385)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1334 operating in FIPS mode and Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1335 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
06/01/2011;
06/21/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Microsoft Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4

Multi-chip standalone

"DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1337 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH)
(Software Version: 6.1.7600.16385)

(When operated in FIPS mode with Windows Server 2008 R2 Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1334 operating in FIPS mode and Microsoft Windows Server 2008 R2 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1335 operating in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/19/2010;
06/01/2011;
06/21/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Microsoft Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 256-bits of encryption strength)

Multi-chip standalone

"RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1336 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows Server 2008 R2 Cryptographic Primitives Library (bcryptprimitives.dll)
(Software Version: 6.1.7600.16385 or 6.1.7601.17514)

(When operated in FIPS mode with Windows Server 2008 R2 Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1334 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
06/01/2011;
06/21/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Microsoft Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1168 and #1187); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4

Multi-chip standalone

"BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows components and applications running on Windows. The cryptographic module, bcryptprimitives.dll, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1335 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows Server 2008 R2 Kernel Mode Cryptographic Primitives Library (cng.sys)
(Software Versions: 6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076)

(When operated in FIPS mode with Windows Server 2008 R2 Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1333 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
06/01/2011;
06/21/2011;
02/09/2012;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Microsoft Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1168 and #1187); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4

Multi-chip standalone

"CNG.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Server 2008 R2 kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
1334 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows Server 2008 R2 Code Integrity (ci.dll)
(Software Version: 6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108)

(When operated in FIPS mode with Windows Server 2008 R2 Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1333 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/15/2010;
06/01/2011;
06/21/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Microsoft Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS-approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)

-Other algorithms: MD5

Multi-chip standalone

"This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
1333 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows Server 2008 R2 Winload OS Loader (winload.exe)
(Software Versions: 6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675)

(When operated in FIPS mode with Windows Server 2008 R2 Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #1321 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/15/2010;
06/01/2011;
06/21/2011;
10/17/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)

-Other algorithms: MD5

Multi-chip standalone

"This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
1332 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Nils Dussart
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows 7 BitLocker™ Drive Encryption
(Software Versions: 6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675)

(When operated in FIPS mode with Windows 7 Boot Manager (bootmgr) (Cert. #1319), Windows 7 Winload OS Loader (winload.exe) (Cert. #1326), Windows 7 Code Integrity (ci.dll) (Cert. #1327), Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) (Cert. #1328) and Microsoft Windows 7 Cryptographic Primitives Library (bcryptprimitives.dll) (Cert. #1329) all validated under FIPS 140-2 and all operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/15/2010;
03/28/2011;
06/01/2011;
10/04/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 7 Ultimate Edition (x86 Version); Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

-Other algorithms: Elephant Diffuser

Multi-chip standalone

"Windows BitLocker Drive Encryption is a data protection feature available in Windows 7 Enterprise and Windows 7 Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
1331 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows 7 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Version: 6.1.7600.16385)

(When operated in FIPS mode with Windows 7 Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1327 operating in FIPS mode and Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1328 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
06/01/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4

Multi-chip standalone

"DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1330 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows 7 Enhanced Cryptographic Provider (RSAENH)
(Software Version: 6.1.7600.16385)

(When operated in FIPS mode with Windows 7 Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1327 operating in FIPS mode and Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1328 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/18/2010;
06/01/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 256-bits of encryption strength)

Multi-chip standalone

"RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1329 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 7 Cryptographic Primitives Library (bcryptprimitives.dll)
(Software Version: 6.1.7600.16385 or 6.1.7601.17514)

(When operated in FIPS mode with Windows 7 Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1327 operating in FIPSmode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
06/01/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4

Multi-chip standalone

"The cryptographic module, bcryptprimitives.dll, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1328 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys)
(Software Versions: 6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076)

(When operated in FIPS mode with Windows 7 Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1326 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
06/01/2011;
02/09/2012;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4

Multi-chip standalone

"CNG.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows 7 kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
1327 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows 7 Code Integrity (ci.dll)
(Software Version: 6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108)

(When operated in FIPS mode with Windows 7 Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1326 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/15/2010;
06/01/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)

-Other algorithms: MD5

Multi-chip standalone

"This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
1326 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows 7 Winload OS Loader (winload.exe)
(Software Versions: 6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675)

(When operated in FIPS mode with Windows 7 Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #1319 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/15/2010;
06/01/2011;
10/17/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1168 and 1177); RSA (Cert. #557); SHS (Cert. #1081)

-Other algorithms: MD5

Multi-chip standalone

"This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
1325 PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025
USA

-Vinnie Moscaritolo
TEL: 650-319-9000
FAX: 650-319-9001

CST Lab: NVLAP 200802-0

PGP Cryptographic Engine
(Software Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/22/2010 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 (Kernel Mode); Mac OS X 10.5 (i386) (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #848 and #895); AES (Certs. #1170 and #1253); SHS (Certs. #1082 and #1149); HMAC (Certs. #670 and #732)

-Other algorithms: AES (EME2 mode; non-compliant)

Multi-chip standalone

"The PGP Cryptographic Engine includes a wide range of field-tested and standards-based encryption, and encoding algorithms used by PGP Whole Disk Encryption."
1324 Comtech Mobile Datacom Corporation
20430 Century Boulevard
Germantown, MD 20874
USA

-Sebastian Morana
TEL: 240-686-3353
FAX: 240-686-3301

-John Fossaceca
TEL: 240-686-2146

CST Lab: NVLAP 200427-0

Transceiver Cryptographic Module (TCM)
(Hardware Version: C80101 Rev. 2; Firmware Version: 0.1.L)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #1201); HMAC (Cert. #698); SHS (Cert. #1106); Triple-DES (Cert. #869)

-Other algorithms: DES; Towitko MAC

Multi-chip embedded

"The Transceiver Cryptographic Module is a compact hardware module with a firmware component for implementation of cryptographic algorithms. The Crypto Module, in connetion with Comtech's ASDR Transceiver, enables secure over-the-air communications. The module provides a serial interface for communication over a pair of SPI ports."
1323

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/20/2010;
09/07/2010;
10/26/2010
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip embedded

1322 Thales e-Security
Meadow View House, Crendon Industrial Estate
Long Crendon, AYLESBURY HP18 9EQ
United Kingdom

-Tim Fox
TEL: +44 0 1844-201800
FAX: +44 0 1844-208550

CST Lab: NVLAP 100432-0

TSPP
(Hardware Versions: P/Ns TSPP-A and TSPP-B Version 1.0, Version 1.0.1, 1.0.2, 1.0.3 or 1.0.4; Firmware Version: 1.10.2)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/22/2010;
03/28/2011;
04/12/2011;
11/08/2011;
01/11/2012;
07/09/2012
Overall Level: 3 

-FIPS-approved algorithms: DSA (Cert. #375); SHS (Cert. #1071)

-Other algorithms: N/A

Multi-chip embedded

"Thales' TSPP is the multi-chip embedded cryptographic module in its payShield 9000 family of hardware security modules used in the Banking and Finance sector for securing card-based payment transactions. The product family is also used to provide dedicated functionality for key management and message security using algorithms such as Triple-DES, RSA, SHA, HMAC, and AES. TSPP contains a secure bootstrap that authenticates application loading using DSA 2048, so that only application software written by and "signed" by Thales can be loaded and run on TSPP-based products."
1321 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows Server 2008 R2 Boot Manager (bootmgr)
(Software Version: 6.1.7600.16385 or 6.1.7601.17514)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/22/2010;
06/01/2011;
06/21/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Microsoft Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)

-Other algorithms: MD5

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
1320 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module
(Software Version: 1.1)

(When operated in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/09/2010;
06/14/2012;
09/06/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.4 and Red Hat Enterprise Linux 5.8 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #839, #840 and #841); AES (Certs. #1160, #1161 and #1162); DSA (Certs. #378, #379 and #380); SHS (Certs. #1073, #1074 and #1075); RNG (Certs. #642, #643 and #644); RSA (Certs. #549, #550 and #551); HMAC (Certs #661, #662 and #663)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); MD5

Multi-chip standalone

"The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library version 0.9.8 delivered with RHEL 5.4 or RHEL 5.8."
1319 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows 7 Boot Manager (bootmgr)
(Software Version: 6.1.7600.16385 or 6.1.7601.17514)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/09/2010;
06/01/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)

-Other algorithms: MD5

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
1318 Redline Communications
302 Town Centre Blvd.
Markham, Ontario L3R 0E8
Canada

-Leigh Chang
TEL: 905-479-8344 x2507
FAX: 905-479-5331

CST Lab: NVLAP 200017-0

AN-80i Broadband Wireless Infrastructure Radio
(Hardware Version: AN-80i; Firmware Versions: 4.00.075 and 13.00.135)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/01/2010;
06/14/2010
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #777); AES (Certs. #997 and #944); SHS (Cert. #962); HMAC (Cert. #562); DRBG (Cert. #9); RSA (Cert. #480); DSA (Cert. #343)

-Other algorithms: Redline 64 bit Proprietary Encryption; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The AN-80i system is a broadband wireless infrastructure product designed to provide long range Ethernet connectivity between points of presence spread across a metro or regional area network. It operates in Point-to-Point (PTP) and Point to Multipoint (PMP) configuration in the same hardware platform. Operating in both licensed and unlicensed frequency bands, the AN-80i is a rugged all outdoor system that enables organizations such as government and public safety agencies, schools, large mission critical enterprises including banks, hospitals, utilities, as well as service providers to sol"
1317 Harris Corporation (RF Communications Division)
1680 University Avenue
Rochester, NY 14610
USA

-Elias Theodorou
TEL: 585-720-8790
FAX: 585-241-8459

CST Lab: NVLAP 200017-0

RF-7800W Broadband Ethernet Radio
(Hardware Version: RF-7800W; Firmware Versions: 4.00.72, 4.10.039, 13.00.127 and 13.01.129)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/01/2010;
06/14/2010;
03/14/2012
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #776); AES (Certs. #996 and #930); SHS (Cert. #961); HMAC (Cert. #561); DRBG (Cert. #8); RSA (Cert. #479); DSA (Cert. #342)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The RF-7800W-OU440 Broadband Ethernet Radio (BER) is designed for High Capacity Line of Sight (HCLOS) networks with broadband Ethernet requirements. The radio can be mounted on a mast for quick deployment or on a tower system designed for long haul back bone systems. The BER operates in the 4.4 to 5.0 GHz frequency band. The BER is an ideal wireless networking solution for public safety, first responders, training, and simulation networks, and long haul/short haul battlefield communications. The RF-7800W operates in Point-to-Point (PTP) and Point to Multipoint (PMP) in the same platform."
1316 Kingston Technology, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

-John Terpening
TEL: 714-427-3743
FAX: 714-435-2628

CST Lab: NVLAP 100432-0

DataTraveler 5000
(Hardware Version: P/N 880074001F, Version 02.00.01; Firmware Version: 03.00.04)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/19/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1016 and #1104); SHS (Certs. #973, #974 and #1027); ECDSA (Cert. #129); DRBG (Cert. #14); RNG (Cert. #582)

-Other algorithms: EC Diffie-Hellman[1] (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength); EC Diffie-Hellman[2] (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength)

Multi-chip standalone

"Kingston's ultra-secure DataTraveler 5000 USB Flash drive protects sensitive data with FIPS 140-2 Level 2 certification and 256-bit AES hardware-based encryption. Secured by SPYRUS, DT5000 uses elliptic curve cryptography encryption algorithms (ECC) that meet the Suite B standards approved by the U.S. government. The drive features complex password protection and locks down after 10 intrusion attempts. DT5000 is waterproof (up to 4 feet) and features a rugged, titanium-coated steel casing."
1315 Cimcor, Inc.
8252 Virginia Street
Suite C
Merrillville, IN 46410
USA

-Robert Johnson
TEL: 219-736-4400
FAX: 219-736-4401

CST Lab: NVLAP 100432-0

Cimcor Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/10/2010 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2003 SP2 running on a Dell Optiplex GX620; Solaris 10TM Release 11/06 running on a Dell Precision 650 Workstation; Apple Computer Mac OS X Version 10.3.6 running on a Power Mac G4 Dual Processor; Red Hat Enterprise Linux Version 5.1 running on a SGI Altix XE240; Hewlett-Packard HP-UX 11i Version 3 running on a HP 9000 RP3440; Microsoft Corporation Windows 2000 (Server) SP3 and Q326886 Hotfix running on a Dell Optiplex GX400

-FIPS-approved algorithms: Triple-DES (Cert. #818); AES (Cert. #1121); DSA (Cert. #364); SHS (Cert. #1044); RNG (Cert. #624); RSA (Cert. #530); HMAC (Cert. #632)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); Blowfish; Camellia; DES; Idea; RC2; RC4; RC5; MD2; MD4; MD5; Mdc2; Ripemd

Multi-chip standalone

"The Cimcor Cryptographic Module is a multi-platform library that provides secure FIPS 140-2 validated hashing, encryption, and decryption methods and a variety of other cryptographic functions."
1314 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E7500
(Hardware Version: P/N 101-500226-54, Rev. A; Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/19/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1218); Triple-DES (Cert. #878); SHS (Cert. #1121); DSA (Cert. #404); RNG (Cert. #676); RSA (Cert. #588); HMAC (Cert. #711)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Managment (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
1313 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E6500
(Hardware Version: P/N 101-500163-50, Rev. A; Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/19/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1217); Triple-DES (Cert. #877); SHS (Cert. #1120); DSA (Cert. #403); RNG (Cert. #675); RSA (Cert. #587); HMAC (Cert. #710)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Managment (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
1312 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 4500, NSA 5000 and NSA E5500
(Hardware Versions: P/N 101-500166-50, Rev. B (NSA 4500); P/N 101-500088-50, Rev. B (NSA 5000); P/N 101-500165-50, Rev. A (NSA E5500); Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/19/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1216); Triple-DES (Cert. #876); SHS (Cert. #1119); DSA (Cert. #402); RNG (Cert. #674); RSA (Cert. #586); HMAC (Cert. #709)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"NSA Series: The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
1311 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 3500
(Hardware Version: P/N 101-500073-50, Rev. B; Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/19/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1215); Triple-DES (Cert. #875); SHS (Cert. #1118); DSA (Cert. #401); RNG (Cert. #673); RSA (Cert. #585); HMAC (Cert. #708)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"NSA Series: The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
1310 Cellcrypt Limited
Liberty House
222 Regent Street
London, W1B 5TR
United Kingdom

-Paul Galwas
TEL: +442070995999

CST Lab: NVLAP 200002-0

CCORE Module
(Software Version: 0.6.0-rc3)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/19/2010;
07/08/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Ubuntu Server

-FIPS-approved algorithms: AES (Cert. #1089); RSA (Cert. #514); SHS (Cert. #1022); HMAC (Cert. #612); RNG (Cert. #611)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; EC Diffie-Hellman (non-compliant); ECDSA (non-compliant)

Multi-chip standalone

"Crypto Core for secure communication platform"
1309 BigFix, Inc.
1480 64th Street
Suite 200
Emeryville, CA 94608
USA

-Noah Salzman, Product Manager
TEL: 510-740-0308
FAX: 510-652-6742

-Peter Loer, Director Software Engineering
TEL: 510-740-5128
FAX: 510-652-6742

CST Lab: NVLAP 200017-0

BigFix Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 05/10/2010 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with AIX 5.2 running on IBM P610; HP-UX 11.11 running on HP C3000; SUSE Linux Enterprise Server 9 running on IBM eServer 325; Mac OS X 10.3.6 running on iMac G4; Red Hat Enterprise Linux 4 Update 2 Advanced Server running on HP XW4100 Pentium 4; Red Hat Enterprise Linux 4 Update 2 Advanced Server 64-bit running on HP ProLiant DL145 G2; Solaris 9 SPARC running on Sun Blade 150; Solaris 10 SPARC running on Sun Blade 150; Solaris 10 x86 running on Dell Precision 650; Windows 2000 Pro with SP3 running on Dell Optiplex GX400; Windows 2003 Enterprise Edition with SP1 running on Dell Optiplex GX270; Windows XP Pro with SP2 running on Dell Optiplex GX270

-FIPS-approved algorithms: Triple-DES (Cert. #688); AES (Cert. #806); DSA (Cert. #298); SHS (Cert. #804); HMAC (Cert. #446); RSA (Cert. #388); RNG (Cert. #464)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The BigFix Cryptographic Module 1.0 is a software library that runs on a wide variety of computing platforms and performs encryption, hashing, and random number generation functions."
1308 CipherOptics, Inc.
1550 Coraopolis Heights Drive
Suite 360
Coraopolis, PA 15108
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200017-0

CEP10-R
(Hardware Version: [CEP10-R, A]; Firmware Version: 1.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/10/2010;
06/14/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #673 and #873); AES (Certs. #779 and #1210); SHS (Certs. #781 and #1114); HMAC (Certs. #426 and #705); RSA (Cert. #582); DSA (Cert. #400); RNG (Cert. #672)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 to 150 bits of encryption strength)

Multi-chip standalone

"The CipherOptics CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the CipherOptics CEP10-R has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP's local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1307 CipherOptics, Inc.
1550 Coraopolis Heights Drive
Suite 360
Coraopolis, PA 15108
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200017-0

CEP100, CEP100-XSA and CEP1000
(Hardware Versions: [CEP100, A], [CEP100-XSA, A] and [CEP1000, A]; Firmware Version: 1.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/10/2010;
06/14/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #482, #667 and #873); AES (Certs. #465, #762 and #1210); SHS (Certs. #768, #769 and #1114); HMAC (Certs. #416, #417 and #705); RSA (Cert. #582); DSA (Cert. #400); RNG (Cert. #672)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 to 150 bits of encryption strength)

Multi-chip standalone

"The CipherOptics CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the CipherOptics CEP has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1306 Kingston Technology Company, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

-Joel Tang
TEL: 714-435-2604

CST Lab: NVLAP 200416-0

Kingston DataTraveler DT4000 Series USB Flash Drive
(Hardware Version: AE2251; Software Version: v3.0.0.1 [1] and v3.0.1 [2]; Firmware Version: v3.00.10 [1] and v03.01 [2])

(When operated in FIPS mode. The Software Clients v3.0.0.1 and v3.0.1 distributed with the module are excluded from the validation)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/01/2010;
07/27/2011
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #1081); SHS (Cert. #1016); RSA (Cert. #510); RNG (Cert. #607)

-Other algorithms: HWRNG

Multi-chip standalone

"As the worldÆs leading memory manufacturer, Kingston offers the marketplace a variety of secure USB devices designed to protect data at rest. By utilizing 256 bit AES encryption, the Kingston DataTraveler DT4000 Series USB Flash Drive drive offers a high level of security certified to FIPS 140-2 standards."
1305 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 5 Libgcrypt Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode and when obtained, installed and initialized as assumed by the Crypto Officer role and specified in Section 8.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/26/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.4 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1180, #1192 and #1193); Triple-DES (Certs. #851, #859 and #860); SHS (Certs. #1089, #1098 and #1099); RSA (Certs. #561, #570 and #571); DSA (Certs. #389, #393 and #394); HMAC (Certs. #680, #691 and #692); RNG (Certs. #651, #658 and #659)

-Other algorithms: MD5

Multi-chip standalone

"The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library version 1.4.4 delivered with RHEL 5.4."
1304 ST Electronics (Info-Security) Pte Ltd
100 Jurong East Street 21
ST Electronics Jurong East Building
Singapore, 609602
Singapore

-Yeo Boon Hui
TEL: 65-65687118
FAX: 65-65687226

CST Lab: NVLAP 100432-0

DigiSAFE TrustCrypt
(Hardware Version: P/N 9910-8000-0624; Firmware Versions: Version 1.0.0 (CPLD Glue Code); Version 1.0.0 (Crypto Libraries); Version 2.6.21 (ARM-Linux); Version 1.0.0 (Bootstrap Application))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2010 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #932); RNG (Cert. #533); RSA (Cert. #451); SHS (Cert. #915)

-Other algorithms: AES (Cert. #932, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip embedded

"DigiSAFE TrustCrypt is a programmable cryptographic module designed to support high assurance applications and provide secure cryptographic resources, including secure key generation and storage. It is built upon a secure physical enclosure and contains a secure bootstrap which authenticates application loading."
1303 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

HP Enterprise Secure Key Manager
(Hardware Version: P/N AJ563A, Version 2.0; Firmware Version: 4.8.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2010;
09/19/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (Cert. #1171); DSA (Cert. #383); HMAC (Cert. #671); RNG (Cert. #647); RSA (Cert. #554); SHS (Cert. #1083); Triple-DES (Cert. #849)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5; RC4

Multi-chip standalone

"The HP Enterprise Secure Key Manager (ESKM) automates key generation and management. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the ESKM provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
1302 SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131-2203
USA

-Tom Dickens
TEL: 408-312-4324
FAX: 408-392-0319

-Reid Carlisle
TEL: 727-551-0046
FAX: 408-392-0319

CST Lab: NVLAP 200017-0

SPYCOS® Module
(Hardware Versions: 740100002F and 742100002F; Firmware Version: 2.4)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2010;
05/10/2010
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #699); AES (Cert. #842); RSA (Cert. #404); ECDSA (Cert. #95); SHS (Cert. #834); HMAC (Cert. #463); RNG(Cert. #481); Skipjack (Cert. #18)

-Other algorithms: H/W NDRNG; FWRNG; RSA (key wrapping; key establishment methodology provides 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"The SPYCOS® Module is the latest addition to the SPYRUS family of cryptographic module IC's that enable both smart card and USB cryptographic tokens. The SPYCOS« Module enables security critical capabilities such as user authentication, message privacy and integrity, authentication, and secure storage in rugged, tamper-evident hardware. The SPYCOS« Module communicates with a host computer via the smart card or USB interface."
1301 Fortress Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6499

CST Lab: NVLAP 200416-0

Fortress Mesh Point
(Hardware Versions: ES520: Deployable Mesh Point (V1 and V2) [1,2,3,4,5,6,7], ES300: Inline Network Encryptor [1,2], ES210: Tactical Mesh Point [3,4,5,6,7], ES440: Infrastructure Mesh Point [4] and ES820: Vehicle Mesh Point [4]; Firmware Versions: 5.1 [1], 5.1.1 [2], 5.2.1 [3], 5.3.0 [4], 5.2.1.1162 [5], 5.2.2 [6] or 5.2.2.1011[7])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/26/2010;
05/07/2010;
05/28/2010;
08/02/2010;
12/21/2010;
02/24/2011;
10/04/2011;
05/10/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; Hardware RNG

Multi-chip standalone

"The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1300 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo

CST Lab: NVLAP 200416-0

Datacryptor® 100M Ethernet
(Hardware Version: 1600x439; Firmware Versions: 4.2 and 4.5)

(When configured for firmware version 4.5 with the Point-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/26/2010;
05/07/2010;
01/13/2011;
04/27/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1033 and #1078); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Datacryptor® 100 Mbps Ethernet Layer 2 is a rack-mountable multi-chip standalone cryptographic module designed to secure data in transit across public Ethernet Layer 2 networks. The device uses 100BaseT ports to connect the host and public sides of the network. Datacryptor® employs an automatic key generation and exchange mechanism using X.509v.3 certificates and the Diffie-Hellman key agreement scheme. The algorithm used is AES-256. Configuration and management of the Datacryptor® 100 Mbps units is done through a secure remote management interface application also using the AES algorithm."
1299 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Seagate Secure® Enterprise Self-Encrypting Drives FIPS 140 Module
(Hardware Versions: 9XJ004 [1, 2], 9XH004 [1, 2], 9XG004 [1, 2], 9XJ066 [1, 2, 7], 9XH066 [1, 2, 7], 9XG066 [1, 2, 7], 9PX066 [3, 4, 6, 8, 9, 10], 9PW066 [3, 4, 10], 9PV066 [3], 9XE248 [1, 2], 9XE244 [1, 2], 9XE242 [1, 2], 9ST248 [4, 6, 11], 9ST244 [4, 11], 9XF246 [1], 9SU246 [4], 9XB066 [1], 9XA066 [1], 9LB066 [4], 9WZ066 [1], 9WY066 [1], 9LD066 [4, 6], 9XD066 [2, 5], 9XC066 [2, 5] and 9PP066 [4, 6]; Firmware Versions: 001 [1], 090 [2], 038 [3], 251 [4], 005 [5], 257 [6] 046 [7], EEF3 [8], EEF4 [9], ESF7 [10] and KSF4 [11])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2010;
09/13/2010;
01/13/2011;
06/05/2012;
10/17/2012;
01/25/2013
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #1053 and #1054); SHS (Certs. #812 and #1002); RNG (Cert. #600); RSA (Cert. #502)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure® Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in Seagate Cheetah, Constellation ES, Constellation, and Savvio SED model disk drives. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands, and authenticated FW download. The services are provided through an industry-standard TCG Enterprise SSC interface."
1298 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor N-450
(Hardware Version: P/N N-450, Version 1.50; Firmware Version: 5.1.15.2)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; Blowfish; DES; MD5; TACACS

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network SecurityManagement system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1297 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-60 and AP-61 Wireless Access Points
(Hardware Versions: AP-60-F1 Rev. 01 or AP-61-F1 Rev. 01; Firmware Versions: Aruba OS 3.3.2.18-FIPS, ArubaOS 3.3.2.20-FIPS, ArubaOS 3.3.2.21-FIPS, ArubaOS 3.4.2.3-FIPS, ArubaOS 3.4.4.0-FIPS or ArubaOS 3.4.5.1-FIPS)

(When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2010;
05/05/2010;
10/25/2010;
01/31/2011;
03/14/2011;
07/19/2011;
02/06/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #895 and #900); HMAC (Certs. #500 and #503); RNG (Cert. #516); RSA (Certs. #433 and #436); SHS (Certs. #887, #888 and #892); Triple-DES (Certs. #731 and #734)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1296 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-James Reardon
TEL: 651-628-5346
FAX: 651-628-2701

CST Lab: NVLAP 100432-0

NSM Secure UI Crypto Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/26/2010 Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2003 Standard (SP 2) running on a Dell PowerEdge SC1420

-FIPS-approved algorithms: AES (Cert. #1238); HMAC (Certs. #721 and #722); RNG (Cert. #685); RSA (Cert. #594); SHS (Certs. #1135 and #1136); Triple-DES (Cert. #886)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; RC4; MD5; HMAC-MD5

Multi-chip standalone

"McAfee Network Security Manager (NSM) is a simple, centralized management software for distributed McAfee Network Security Platform intrusion prevention system (IPS) sensors and network access control (NAC) appliances. The NSM console with its intuitive graphical interface gives administrators complete control and real-time data, so that they can manage, configure, administer, and monitor all IPS and NAC appliances across widely distributed, mission-critical deployments. The NSM Secure UI Crypto Module provides cryptographic services for serving the NSM console through a secure TLS session."
1295 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-James Reardon
TEL: 651-628-5346
FAX: 651-628-2701

CST Lab: NVLAP 100432-0

NSM Application Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/26/2010 Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2003 Standard (SP 2) running on a Dell PowerEdge SC1420

-FIPS-approved algorithms: AES (Cert. #1237); HMAC (Cert. #721); RNG (Cert. #684); RSA (Cert. #593); SHS (Cert. #1135)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES; RC4; MD5; HMAC-MD5

Multi-chip standalone

"McAfee Network Security Manager (NSM) is a simple, centralized management software for distributed McAfee Network Security Platform intrusion prevention system (IPS) sensors and network access control (NAC) appliances. The NSM console with its intuitive graphical interface gives administrators complete control and real-time data, so that they can manage, configure, administer, and monitor all IPS and NAC appliances across widely distributed, mission-critical deployments. The NSM Application Crypto Module provides cryptographic services for the Network Security Manager application."
1294 Xceedium, Inc.
30 Montgomery Street, Suite 1020
Jersey City, NJ 07302
USA

-Dave Olander
TEL: 201-536-1000 x121
FAX: 201-536-1200

CST Lab: NVLAP 200556-0

Xceedium GateKeeper™
(Hardware Versions: 5 and 5a; Firmware Version: 5.0.0 SP3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/14/2010;
09/07/2010;
09/30/2010;
04/05/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1151 and #1152); Triple-DES (Certs. #833 and #834); SHS (Certs. #1065 and #1066); RSA (Cert. #544); HMAC (Certs. #654 and #655); RNG (Cert. #637)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DSA (Cert. #373; non-compliant)

Multi-chip standalone

"Xceedium's GateKeeper is a hardened appliance that functions as a secure centralized management platform that enables IT operations to remotely manage data centers as one integrated system. A standardized security model can be developed to mitigate the risks of "untrusted" users; provide centralized access and policy, compartmentalize down to the port, define good and bad behavior, alert and restrict access to applications or commands. GateKeeper provides touch free support and includes all access methods and tools for in-band, out-of-band and power control."
1293 Red Hat®, Inc.
1801 Varsity Drive
Raleigh, NC 27606
USA

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

Network Security Services (NSS) Cryptographic Module (Freebl)
(Software Version: 3.12.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 04/14/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v5 (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #366); SHS (Cert. #1048)

-Other algorithms: MD2; MD5

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1292 Prism Payment Technologies (Pty) Ltd.
4th Floor, President Place, Corner Jan Smuts Avenue & Bolton Road
PO Box 2424, Parklands
Gauteng, 2121
South Africa

-Giovanni Gallus
TEL: +27-31-266-0025
FAX: +27-11-880-7080

-Mr. Shawn O'Neill
TEL: +27-31-267-5500
FAX: +27-31-266-0021

CST Lab: NVLAP 200802-0

Incognito TSM500
(Hardware Version: Part Number 5520-00127 Rev 2; Firmware Version: Part Number 0610-00571 Rev 1.2)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/12/2010 Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #801); Triple-DES MAC (Triple-DES Cert. #801, vendor affirmed); AES (Cert. #1100); RSA (Cert. #515); SHS (Cert. #1023); RNG (Cert. #612)

-Other algorithms: Hardware RNG

Multi-chip embedded

"The Incognito TSM500 is a multi-chip embedded Tamper Responsive Security Module. Fitted on a PCI carrier card, the device offers high-performance, high-security services targeted at EFT switches and mCommerce applications."
1291 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE Crypto-J Software Module
(Software Version: 4.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/12/2010;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 with Sun JRE 5.0; Microsoft Windows XP SP2 with Sun JRE 6.0 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1109); DRBG (Cert. #15); DSA (Cert. #357); ECDSA (Cert. #130); HMAC (Cert. #621); RNG (Cert. #616); RSA (Cert. #522); SHS (Cert. #1032); Triple-DES (Cert. #806)

-Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1290 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-1250, M-1450, M-2750, M-3050, M-4050, and M-6050
(Hardware Versions: P/Ns M-1250 Version 1.10, M-1450 Version 1.10, M-2750 Version 1.50, M-3050 Version 1.20, M-4050 Version 1.20 and M-6050 Version 1.40; Firmware Version: 5.1.15.12)

(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/12/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network SecurityManagement system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1289 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Robert Sisson
TEL: 203-924-3061
FAX: 203-924-3518

CST Lab: NVLAP 100432-0

Cygnus X3 PSD Cryptographic Module
(Hardware Version: P/N 1R84000 Version A; Software Version: 03.00.0064 (PSD Application) and 01.00.0053 (SDU); Firmware Version: 01.00.06)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/12/2010;
05/05/2010
Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS-approved algorithms: DSA (Cert. #374); SHS (Cert. #650); AES (Cert. #1069); Triple-DES (Cert. #572); Triple-DES MAC (Triple-DES Cert. #572, vendor affirmed); DRBG (Cert. #20); KAS (Cert. #3); HMAC (Cert. #601); ECDSA (FIPS 186-3, vendor affirmed)

-Other algorithms: AES (AES Cert. #1069, key wrapping; key establishment methodology provides 128 bits of encryption strength)

Single-chip

"The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The Cygnus X3 PSD Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1288 Oracle Corporation
500 Eldorado Blvd.
Bldg 5
Broomfield, CO 80021
USA

-David Hostetter
TEL: 303-272-7126

CST Lab: NVLAP 100432-0

Sun StorageTek™ T9840D Tape Drive
(Hardware Version: P/N 315479501; Firmware Version: 1.44.710)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/12/2010;
05/05/2010
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-FIPS-approved algorithms: AES (Certs. #495, #1059, #1060, #1061, #1062 and #1063); DRBG (Cert. #11); HMAC (Certs. #597 and #598); RSA (Cert. #503); SHS (Certs. #1005 and #1006)

-Other algorithms: AES (Cert. #1060, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The Sun StorageTek T9840D drive provides 75 GB native capacity and 30 MB/sec throughput using the same media and with backward read compatibility to the non-encrypting T9840 A, B and C. Designed for maximum security and performance, the T9840D uses AES-256 encryption to protect and authenticate customer data and secure, authenticated transmission of key material. Designed for fast access to data, the drive allows the use of multiple keys per tape with a cache memory to minimize key transmission overhead. Works seamlessly with the Sum KMA 2.x for a secure end-to-end management solution."
1287 Vocera Communications, Inc.
525 Race Street
San Jose, CA 95126
USA

-Thirumalai T. Bhattar
TEL: 408-882-5841

-Arun Mirchandani
TEL: 408-880-5100

CST Lab: NVLAP 200017-0

Vocera Cryptographic Module
(Hardware Version: 88W8686; Software Version: 1.0; Firmware Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 03/29/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Vocera Embedded Linux Version 1.0 running on a Texas Instruments OMAP5912 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #835 and #980); SHS (Cert. #950); HMAC (Cert. #551); RNG (Cert. #556)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"The Vocera® Communications System is a breakthrough wireless platform that provides hands-free voice communications throughout an 802.11b/g-networked building or campus."
1286 Bomgar Corporation
578 Highland Colony Parkway
Paragon Centre, Suite 300
Ridgeland, MS 39157
USA

TEL: 601-519-0123
FAX: 601-510-9080

CST Lab: NVLAP 200017-0

B200™ and B300™ Remote Support Appliances
(Hardware Versions: B200 and B300; Software Version: 10.2.8 FIPS; Firmware Version: Base version 3.0.5 FIPS)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/29/2010 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #791); AES (Cert. #1043); SHS (Cert. #993); RSA (Cert. #497); HMAC (Cert. #585); RNG (Cert. #594)

-Other algorithms: RC4; RC4-40; DES; DES-40; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"Bomgar Remote Support Appliances give technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows access to various operating systems, including remote support for smartphones and managing network devices via command shell. In addition, it supports extensive auditing and recording of support sessions."
1285 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Regional Cryptographic Module
(Software Versions: 3.1.2.3 [1] and 3.2.2.5 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 04/15/2010;
09/13/2010
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows Server 2003 R2 with SP2 running on a Dell PowerEdge 1420 and Windows Server 2008 running on a Dell Optiplex 755

-FIPS-approved algorithms: AES (Certs. #1277 [1] and #1449 [2]); HMAC (Certs. #742 [1] and #850 [2]); RNG (Certs. #712 [1] and #793 [2]); SHS (Certs. #1175 [1] and #1313 [2])

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Regional component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication and encryption/decryption between the various components via Central, Regional, Data Collector, and Agent that complete the SecureVue software application suite."
1284 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Data Collector Cryptographic Module
(Software Versions: 3.1.2.3 [1] and 3.2.2.5 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 04/15/2010;
09/13/2010
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows XP Pro x64 with SP2 running on a HP XW9300 Workstation and Windows Server 2008 running on a Dell Optiplex 755

-FIPS-approved algorithms: AES (Certs. #1277 [1] and #1449 [2]); HMAC (Certs. #742 [1] and #850 [2]); RNG (Certs. #712 [1] and #793 [2]); SHS (Certs. #1175 [1] and #1313 [2])

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Data Collector component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication, encryption/decryption, and key generation between the various components via Central, Regional, Data Collector, and Agent that complete the SecureVue software application suite."
1283 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Agent Cryptographic Module
(Software Versions: 3.1.2.3 [1] and 3.2.2.5 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/29/2010;
05/05/2010;
09/13/2010
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows XP Pro with SP2 running on a Dell Optiplex Gx620 and Windows Server 2008 running on a Dell Optiplex 755

-FIPS-approved algorithms: AES (Certs. #695 [1] and #1449 [2]); HMAC (Certs. #373 [1] and #850 [2]); RNG (Certs. #407 [1] and #793 [2]); SHS (Certs. #723 [1] and #1313 [2])

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Agent component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication and encryption/decryption between the various components via Central, Regional, Data Collector, and Agent that complete the SecureVue software application suite."
1282 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Central Cryptographic Module
(Software Versions: 3.1.2.3 [1] and 3.2.2.5 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/29/2010;
05/05/2010;
09/13/2010
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows Server 2003 with SP2 running on a Dell PowerEdge 1800 and Windows Server 2008 running on a Dell Optiplex 755

-FIPS-approved algorithms: AES (Certs. #1277 [1] and #1449 [2]); HMAC (Certs. #742 [1] and #850 [2]); RNG (Certs. #712 [1] and #793 [2]); SHS (Certs. #1175 [1] and #1313 [2])

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Central component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication, encryption/decryption, and key generation between the various components via Central, Regional, Data Collector, and Agent that complete the SecureVue software application suite."
1281 Cimcor, Inc.
8252 Virginia Street, Suite C
Merrillville, IN 46410
USA

-Robert Johnson
TEL: 219-736-4400
FAX: 219-736-4401

CST Lab: NVLAP 100432-0

Cimcor Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/24/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008; Windows Vista (single-use mode)

-FIPS-approved algorithms: Triple-DES (Cert. #818); AES (Cert. #1121); DSA (Cert. #364); SHS (Cert. #1044); RNG (Cert. #624); RSA (Cert. #530); HMAC (Cert. #632)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); Blowfish; Camellia; DES; Idea; RC2; RC4; RC5; MD2; MD4; MD5; Mdc2; Ripemd

Multi-chip standalone

"The Cimcor Cryptographic Module is a multi-platform library that provides secure FIPS 140-2 validated hashing, encryption, and decryption methods and a variety of other cryptographic functions."
1280 Sun Microsystems, Inc., Red Hat®, Inc. and Mozilla Foundation, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Glen Beasley
TEL: 800-555-9SUN

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

Network Security Services (NSS) Cryptographic Module
(Software Version: 3.12.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/29/2010 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Red Hat Enterprise Linux v5 running on an IBM System x3550; Red Hat Enterprise Linux v5 running on an HP ProLiant DL145

-FIPS-approved algorithms: AES (Cert. #1126); DSA (Cert. #366); DRBG (Cert. #16); HMAC (Cert. #636); RSA (Cert. #533); SHS (Cert. #1048); Triple-DES (Cert. #821)

-Other algorithms: Camellia; DES; Diffie-Hellman; EC Diffie-Hellman; MD2; MD5; RC2; RC4; SEED

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1279 Sun Microsystems, Inc., Red Hat®, Inc. and Mozilla Foundation, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Glen Beasley
TEL: 800-555-9SUN

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

Network Security Services (NSS) Cryptographic Module (Extend ECC)
(Software Version: 3.12.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/29/2010 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Sun Solaris 10 5/08 running on a Sun SunBlade 2000 workstation; Sun Solaris 10 5/08 running on a Sun W2100z workstation

-FIPS-approved algorithms: AES (Cert. #1127); DSA (Cert. #367); DRBG (Cert. #17); ECDSA (Cert. #132); HMAC (Cert. #637); RSA (Cert. #534); SHS (Cert. #1049); Triple-DES (Cert. #822)

-Other algorithms: Camellia; DES; Diffie-Hellman; EC Diffie-Hellman; MD2; MD5; RC2; RC4; SEED

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1278 Sun Microsystems, Inc., Red Hat®, Inc. and Mozilla Foundation, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Glen Beasley
TEL: 800-555-9SUN

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

Network Security Services (NSS) Cryptographic Module (Basic ECC)
(Software Version: 3.12.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/29/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP with SP3; Apple Mac OS X 10.5 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1128); DSA (Cert. #368); DRBG (Cert. #18); ECDSA (Cert. #133); HMAC (Cert. #638); RSA (Cert. #535); SHS (Cert. #1050); Triple-DES (Cert. #823)

-Other algorithms: Camellia; DES; Diffie-Hellman; EC Diffie-Hellman; MD2; MD5; RC2; RC4; SEED

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1277 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo

CST Lab: NVLAP 200416-0

Datacryptor® SONET/SDH OC-3/12/48/192C
(Hardware Versions: 1600x435 and 1600x427; Firmware Versions: 4.2 and 4.5)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/29/2010;
05/07/2010;
01/13/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1033, #1079 and #1080); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Datacryptor® SONET/SDH OC-3/12/48/192C are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public SONET or SDH backbone networks. The devices use standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via DSA enabled X.509 v.3 certificates, key management based on a Diffie-Hellman Key Agreement Scheme, and AES encryption of data passing over public networks. Management of the Datacryptor is performed via a remote management interface."
1276 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Version: 5.1f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/29/2010;
05/11/2010;
07/19/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Debian 4.0 with Linux 2.6; OpenSuse 10.3 with Linux 2.6; Solaris 10; Windows Mobile 6.1; Windows CE 5.0; Windows XP; Intel/WindRiver Linux v3; VxWorks 5.5; iPhone OS 3.1.3 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1131, #1132, #1133 and #1134); Triple-DES (Cert. #826); SHS (Cert. #1055); HMAC (Cert. #644); RSA (Cert. #538); DSA (Cert. #369); ECDSA (Cert. #134); RNG (Cert. #629)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1275 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo

CST Lab: NVLAP 200416-0

Datacryptor® Gig Ethernet and 10 Gig Ethernet
(Hardware Versions: 1600x433 and 1600x437; Firmware Versions: 4.2 and 4.5)

(When configured for firmware version 4.5 with the Point-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/29/2010;
05/07/2010;
01/13/2011;
04/27/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1033, #1079 and #1080); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Datacryptor® 1 Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public Ethernet Layer 2 networks. The 1 Gig and 10 Gig units use an standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via DSA enabled X.509 v.3 certificates, key management based on a Diffie-Hellman Key Agreement Scheme, and AES encryption of data passing over public networks. Management of the Datacryptor® is performed via a remote management interface."
1274 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

IPCryptR Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Versions: R01.01.02 and R01.01.03)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/29/2010;
05/07/2010
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #819 and #1013); SHS (Certs. #817 and #963); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); AES (AES Cert. #819, key wrapping; key establishment methodology provides 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); LFSR

Single-chip

"The IPCryptR MACE provides secure key management and data encryption for the IPCryptR in Motorola's Astro™, Dimetra™, and Broadband Systems."
1273 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Loadable Kernel Module
(Software Version: 5.1f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/29/2010;
05/11/2010;
07/19/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Debian 4.0 with Linux 2.6; OpenSuse 10.3 with Linux 2.6; Intel/WindRiver Linux v3 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1131, #1132, #1133 and #1134); Triple-DES (Cert. #826); SHS (Cert. #1055); HMAC (Cert. #644); RNG (Cert. #629)

-Other algorithms: DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Loadable Kernel Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1272

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/09/2010;
07/02/2010
Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1271 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Seyed Safakish
TEL: 408-745-8158

CST Lab: NVLAP 100432-0

Juniper Networks NSM (Network and Security Manager) Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/29/2010 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Red Hat Enterprise Linux Version 5 running on a HP ProLiant DL365 G5 Server

-FIPS-approved algorithms: AES (Certs. #981 and #982); HMAC (Certs. #552 and #553); RNG (Certs. #557 and #558); RSA (Certs. #472 and #473); SHS (Certs. #951 and #952)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Juniper Networks Network and Security Manager (NSM) is a unified device management solution for Juniper's network infrastructure of routing, switching, and security devices. It provides centralized, end-to-end device lifecycle management, granular policy configuration, and comprehensive monitoring, reporting, and investigative tools to enable you to improve IT management and cost efficiencies and to maximize the security of your network. Enterprise customers can leverage NSM globally to scale from branch to data center, and Service Providers can use it for carrier-class deployments."
1270 Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0

Kanguru Defender Elite/Elite+
(Hardware Versions: KDFE-1Ga-y, KDFE-xG, KDFE-xG-y, KDFE-xG-L, KDFE-xG-y-L, KDFEP-xG and KDFEP-xG-y ; Firmware Versions: 1.0, 2.01.10 or 2.01.15)

(Files distributed with the module mounted within the CD Drive, Public Drive, and/or Private Drive are excluded from the validation.)
(Note: Refer to the cryptographic module's Security Policy Appendix 1 for the details on the letter x and y designations)


Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/29/2010;
08/09/2010;
08/12/2010;
08/20/2010;
12/21/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #1066); SHS (Cert. #1009); RSA (Cert. #506); RNG (Cert. #603)

-Other algorithms: NDRNG; RSA-512 (non-compliant)

Multi-chip standalone

"The Kanguru Defender Elite/Elite+ is a FIPS 140-2 Level 2 multi-chip standalone cryptographic module that utilizes AES hardware encryption to secure data at rest. The module is a ruggedized, opaque, tamper-evident USB token/storage device."
1269 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 200556-0

Bluefly Processor
(Hardware Versions: 3.0, Part #950 000 003 R [1] and 4.0, Part #950 000 004 R [2]; Firmware Versions: 2.0 [1], 2.1 [1,2], 2.2 [1,2], 2.3 [1,2] or 2.4 [1,2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/30/2010;
05/05/2010;
09/07/2010;
01/20/2011;
03/15/2011;
05/31/2011;
07/05/2011;
04/24/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #1119, #1292, #1333, #1334, #1452, #1574 and #1661); Triple-DES (Certs. #908, #932, #983, #1031 and #1081); DSA (Certs. #417, #438, #462, #485 and #519); SHS (Certs. #1186, #1220, #1315, #1394 and #1456); RSA (Certs. #618, #646, #710, #767 and #818); HMAC (Certs. #752, #782, #852, #921 and #976); KAS (Certs. #6, #7, #9, #11 and #12); RNG (Certs. #720, #735, #795, #848 and #884)

-Other algorithms: MD5; HMAC-MD5

Single-chip

"The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals."
1268 Senetas Security Pty Ltd.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 (3) 9868 4515
FAX: +61 (3) 9821 4899

CST Lab: NVLAP 200017-0

CypherNET™ 3000 Series Multi-Protocol Encryptor
(Hardware Versions: A5213B, A5214B, A5203B and A5204B; Firmware Version: 1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/29/2010 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #647 and #702); AES (Certs. #710, #717, #725 and #964); SHS (Cert. #743); RNG (Cert. #422); DSA (Cert. #273); RSA (Cert. #340); HMAC (Cert. #391)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The CypherNET™ 3000 Series product is a high-speed, standards based, multi-protocol encryptor specifically designed to secure voice, data and video information transmitted over Synchronous Optical/Synchronous Digital Hierarchy (SONET/SDH) and Ethernet Networks at data rates up to 10 Gigabits per sec. Data privacy is provided by FIPS approved AES and Triple-DES algorithms."
1267 Senetas Security Pty Ltd.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 (3) 9868 4515
FAX: +61 (3) 9821 4899

CST Lab: NVLAP 200017-0

CypherNET™ 1000 Series Multi-Protocol Encryptor
(Hardware Versions: A5101B, A5103B, A5105B, A5107B, A5109B, A5111B, A5113B, A5115B, A5117B, A5119B, A5121B, A5123B, A5125B, A5127B, A5131B, A5133B, A5135B, A5137B, A5139B, A5141B, A5151B, A5153B, A5161B, A5163B and A5165B; Firmware Version: 1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/29/2010 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #639, #640, #647 and #702); AES (Certs. #711, #712, #713, #714, #717, #725 and #863); SHS (Cert. #743); RNG (Cert. #422); DSA (Cert. #273); RSA (Cert. #340); HMAC (Cert. #391)

-Other algorithms: MD5; RSA (Key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (Key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The CypherNET™ 1000 Series product is a high-speed, standards based, multi-protocol encryptor specifically designed to secure voice, data and video information transmitted over Synchronous Optical/Synchronous Digital Hierarchy (SONET/SDH), Asynchronous Transfer Mode (ATM), and Ethernet Networks as well as protocol independent point-to-point networks at data rates up to 1 Gigabit per sec. Data privacy is provided by FIPS approved AES and Triple-DES algorithms."
1266 Broadcom Corporation
3151 Zanker Road
San Jose, CA 95134
USA

-Charles Qi
TEL: 408-501-8439

CST Lab: NVLAP 100432-0

BCM5880 Cryptographic Module
(Hardware Version: P/N BCM5880KFBG, Version C0; Software Version: R0; Firmware Version: C0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/29/2010 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1070); DSA (Cert. #354); ECDSA (Cert. #128); HMAC (Cert. #602); RNG (Cert. #605); RSA (Cert. #507); SHS (Cert. #1011)

-Other algorithms: EC Diffie-Hellman (key agreement)

Single-chip

"The BCM5880 Cryptographic Module is a single-chip encased in hard opaque tamper evident IC packaging. The BCM5880 Cryptographic Module supports a variety of FIPS-validated cryptographic algorithms via a set of service API over a well-defined security boundary. It is developed as a reference design for OEMs to build FIPS140-2 compliant security systems."
1265

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Software 03/03/2010;
04/15/2010;
10/26/2010
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1264 DeltaCrypt Technologies, Inc.
261A, Chemin des Épinettes
Piedmont, Québec J0R 1K0
Canada

-Ann Marie Colizza
TEL: 450-744-0137
FAX: 450-227-9043

-Olivier Fournier
TEL: 450-227-6622
FAX: 450-227-9043

CST Lab: NVLAP 200017-0

DeltaCrypt FIPS Module
(Software Version: 1.0.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/29/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Microsoft Windows 2000; Microsoft Windows Vista; Microsoft Windows XP (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1065); SHS (Cert. #1008); HMAC (Cert. #600); RSA (Cert. #505); DRBG (Cert. #12)

-Other algorithms: N/A

Multi-chip standalone

"DeltaCrypt FIPS Module v1.0.0.0 is a software module providing cryptographic functionality implemented in DeltaCrypt Encryption Applications that complies with FIPS 140-2 level 1 requirements. DeltaCrypt FIPS Module provides data encryption for DeltaCrypt applications protecting files and folders on computer hard disks, mobile data, CD-ROMs and DVDs. It also ensures data protection of removable drives used in combination with DeltaCrypt Mobile Device Control which controls removable drives used on a network, offers audit and tracking capabilities as well as threat detection and policy"
1263 Stonesoft Corporation
Itälahdenkatu 22 A
Helsinki, FIN-00210
Finland

-Jorma Levomaki
TEL: +358 ( 9 ) 4767 11
FAX: +358 ( 9 ) 4767 1234

CST Lab: NVLAP 200626-0

StoneGate Firewall / VPN Core
(Firmware Version: 4.2.2.5708.cc3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 02/16/2010 Overall Level: 1 

-Tested: StoneGate FW-1020 hardware with Debian GNU/Linux 4.0 (Linux kernel 2.6.17.13)

-FIPS-approved algorithms: DSA (Cert. #340); RSA (Cert. #474); AES (Cert. #984); Triple-DES (Cert. #772); SHS (Cert. #953); HMAC (Cert. #554); RNG (Cert. #559)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); Blowfish; Twofish; Cast-128; DES; MD5; HMAC-MD5; AES-XCBC-MAC (non compliant); Triple DES-ECB (non compliant)

Multi-chip standalone

"StoneGate Firewall/VPN Core 4.2.2.5798.cc3.1 provides IPsec compliant VPN connectivity between two firewall clusters (site to site connectivity) and remote IPsec compliant VPN connectivity between VPN clients the firewall cluster."
1262 Silex Technology
157 West 7065 South
Salt Lake City, UT 84047
USA

-Keith Sugawara
TEL: 801-748-1199
FAX: 714-258-0730

CST Lab: NVLAP 200802-0

SX-500 Cryptographic Module
(Hardware Version: STA part number 132-00188-120 rev. B, rev. C, or rev. D; Firmware Version: Version 2.02 main firmware and Version 3.1 boot loader)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/15/2010;
12/13/2011
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #1138, #1139 and #1140); RSA (Cert. #540); HMAC (Certs. #647 and #648); SHS (Certs. #1058 and #1059); DRBG (Cert. #19)

-Other algorithms: MD5; RC4; HMAC-MD5; MD4; DES; non-deterministic hardware RNG; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The FIPS 140-2 Level 1 compliant Silex SX-500 is an excellent solution for applications requiring an easy to implement, secure wireless LAN connection for serial or Ethernet attached peripheral devices."
1261 bTrade, LLC
3500 W. Olive Avenue
Suite 300
Burbank, CA 91505
USA

-Clifton Gonsalves
TEL: 818-334-4036

CST Lab: NVLAP 200002-0

bTrade Security Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 02/15/2010;
04/12/2011;
04/27/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with IBM AIX version 6.1; HP-UX version 11.3; SUN Solaris version 10; Microsoft Windows Vista; IBM Z/OS v1.10 and IBM i 6.1(single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #796); AES (Cert. #1064); DSA (Cert. #352); SHS (Cert. #1007); HMAC (Cert. #599); RSA (Cert. #504); RNG (Cert. #601)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); MD5

Multi-chip standalone

"The bTrade Security Module is a software library supporting FIPS Approved cryptographic algorithms."
1260 Gemalto
ZI Athelia IV, avenue du Jujubier
La Ciotat, Cedex 13705
France

-Jean-baptiste Jazat
TEL: 33-4-4236-5887
FAX: 33-4-4236-5545

CST Lab: NVLAP 100432-0

Smart Guardian FIPS
(Hardware Versions: P/Ns [HWP117762, HWP117763, HWP118770 and HWP118771] Version A; Firmware Version: 1411)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/15/2010 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #877 and #990); HMAC (Cert. #491); RNG (Cert. #503); RSA (Cert. #424); SHS (Certs. #869 and #957); Triple-DES (Cert. #719)

-Other algorithms: AES (Cert. #877, key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"Gemalto introduces Smart Guardian FIPS, a FIPS 140-2 Level 3 Approved secure USB flash drive. The advanced flash drive combines an onboard cryptographic controller that encrypts all data stored on the secure partition by Approved hardware-based AES 256bit, a smartcard chip that provides key management through proven technology, and a ruggedized tamper resistant housing to create a complete portable secure storage solution for all users looking to protect their data."
1259 Renesas Technology America, Inc.
450 Holger Way
San Jose, CA 95134
USA

-Murthy Vedula
TEL: 408-382-7615
FAX: 408-382-7700

CST Lab: NVLAP 100432-0

AE57C1
(Hardware Version: P/N WD65257C1F41TDB0, Version 01; Firmware Version: P/N BOS_AE57C1_v_2_1012)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/15/2010 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #786 and #789); DSA (Cert. #347); SHS (Cert. #982); HMAC (Cert. #577); RNG (Cert. #585); KAS (Cert. #4)

-Other algorithms: N/A

Single-chip

"AE57C1 is a single-chip module that contains a CPU, ROM, EEPROM and RAM. The module contains firmware (Board ID OS or "BOS") that resides in ROM, with key storage and future applet storage functionality in the EEPROM. The module user will be able to load or update an applet to the EEPROM. Board ID OS (or "BOS") is a mask ROM used for prototyping and mass production of embedded smart chip systems based on AE57C1 device. BOS provides authentication and secure program download mechanism. Users can develop embedded applications using the BOS cryptographic, communication, and OS application interf"
1258 Data Encryption Systems Ltd.
Silver Street House
Silver Street
Taunton, Somerset TA1 3DL
United Kingdom

-Julian Baycock
TEL: +44(0)1823 352357
FAX: +44(0)1823 352358

CST Lab: NVLAP 200017-0

DESlock+ Kernel Mode Crypto Core
(Software Version: 1.0.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 02/15/2010 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP with SP2 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #790); AES (Cert. #1042); SHS (Cert. #992); RNG (Cert. #593); HMAC (Cert. #584)

-Other algorithms: Blowfish, MD5

Multi-chip standalone

"The DESlock+ Kernel Mode Crypto Core from Data Encryption Systems Ltd. is a cryptographic module which encapsulates several different cryptographic algorithms. Available as part of the DESlock+ desktop encryption product, the Module is accessible by other kernel mode drivers and user mode applications provided by Data Encryption Systems Ltd."
1257 Comtech Mobile Datacom Corporation
20430 Century Boulevard
Germantown, MD 20874
USA

-Lajuana Johnson
TEL: 240-686-3300

CST Lab: NVLAP 200427-0

Comtech Mobile Datacom Corporation Cryptographic Library (libcmscrypto)
(Software Version: 1.0 [1] and 1.2 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/28/2010;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v5.0[1]; Red Hat Enterprise Linux v6.2 [2] (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1124 [1] and #2288 [2]); HMAC (Certs. #635 [1] and #1404 [2]); SHS (Certs. #1047 [1] and #1969 [2])

-Other algorithms: DES; Triple-DES (non-compliant)

Multi-chip standalone

"libcmscrypto is a library implemented in the Comtech Mobile Datacom Corp. products and provides the basic cryptographic functionality that includes Advanced Encryption Standard (AES) algorithm, SHA1 message digest, HMAC SHA-1 Keyed-Hash message authentication code."
1256 Aastra USA, Inc.
11279 Perry Highway
Suite 500
Wexford, PA 15090
USA

-Lloyd Hucke
TEL: 724-934-1200 x3820
FAX: 724-934-1205

-Keith Huthmacher
TEL: 724-934-1200 x3810
FAX: 724-934-1205

CST Lab: NVLAP 200697-0

ViPr Cryptographic Module
(Hardware Version: BCM5812, rev. A0; Firmware Version: 3.0.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware-Hybrid 01/15/2010;
05/28/2010
Overall Level: 1 

-Operational Environment: Tested: 4402-A ViPr Desktop Terminal running Redhat Linux 2.4.31 OS

-FIPS-approved algorithms: AES (Cert. #1075); RNG (Cert. #563)

-Other algorithms: MD5

Multi-chip standalone

"ViPr Cryptographic Module ver.1.0 is part of ViPr Video Conferencing system comprised of a ViPr Media Center Terminal running ViPr application software version 3.0.5"
1255 SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131-2203
USA

-Tom Dickens
TEL: 408-392-9131
FAX: 408-392-0319

CST Lab: NVLAP 100432-0

Hydra PC FIPS Sector-based Encryption Module
(Hardware Version: P/N 880074001F, Version 02.00.01; Firmware Version: 03.00.04)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/15/2010;
05/05/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1016 and #1104); SHS (Certs. #973, #974 and #1027); ECDSA (Cert. #129); DRBG (Cert. #14); RNG (Cert. #582);

-Other algorithms: EC Diffie-Hellman [1] (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength); EC Diffie-Hellman [2] (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength)

Multi-chip standalone

"The Hydra PC FIPS Sector-based Encryption Module provides hardware-based, sector by sector full disk encryption providing the protective military strength of the U. S. Government's Suite B algorithm standards, including AES, ECDSA, SHA-2, and EC-DH. The USB encryption device comes with an easy to use, user-friendly interface that operates on the Microsoft Windows operating systems without installing any drivers."
1254 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.00.00 or R01.01.03] and [R01.00.00 (AES Cert. #819)])

(When operated in FIPS mode with firmware [R01.00.00 (AES Cert. #819)] installed)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/15/2010;
03/05/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1253 3e Technologies International, Inc.
9715 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-523-F2 and 3e-523-3 Secure Multi-function Wireless Data Points
(Hardware Versions: 1.0, 1.1, 1.2 (3e-523-F2) and 2.0 (3e-523-3); Firmware Version: 4.3.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/28/2010 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1021 and #1022); Triple-DES (Certs. #782 and #783); SHS (Certs. #975 and #976); HMAC (Certs. #570 and #571); RNG (Cert. #583); RSA (Cert. #490)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; DES; AES CFB (non-compliant)

Multi-chip standalone

"The 3e-523-F2 and 3e-523-3 operate as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i."
1252 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Version: 3.8.5.85)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 01/06/2010 Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 9550 with BlackBerry OS Version 5.0

-FIPS-approved algorithms: Triple-DES (Cert. #838); AES (Certs. #1157 and #1158); SHS (Cert. #1070); HMAC (Cert. #659); RSA (Cert. #547); RNG (Cert. #640); ECDSA (Cert. #137)

-Other algorithms: EC Diffie-Hellman (key agreement); ECMQV (key agreement)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1251 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Controller -X (FC-X)
(Hardware Versions: FC-250, FC-250SB, FC500, FC500SB, FC-1500 and FC1500SB; Firmware Versions: 5.1.2, 5.1.2.5100CAJ and 5.1.2.5100CAP)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/06/2010;
01/28/2010;
03/26/2010;
08/02/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #852, #853 and #389); HMAC (Certs. #469, #569 and #371); SHS (Certs. #845, #846, #721, #722 and #715); RNG (Certs. #487, #488 and #189); RSA (Cert. #488); Triple-DES (Cert. #703)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; Hardware RNG

Multi-chip standalone

"The Fortress Controller -X (FC-X) secures wireless devices, users and network infrastructure. It implements Fortress's Mobile Security Protocol (MSP) to provide network authentication, key exchange, and data encryption and integrity checking at layer 2 of the OSI networking model."
1250 CipherOptics, Inc.
701 Corporate Center Drive
Raleigh, NC 27607
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200017-0

CipherOptics ESG100 and CipherOptics ESG1002
(Hardware Versions: ESG100, A and ESG1002, A; Firmware Version: 2.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/29/2009;
06/14/2010
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #209); RNG (Cert. #274)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5; HMAC MD5; DES; NDRNG

Multi-chip standalone

"The CipherOptics ESG100 and ESG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
1249 Oberthur Technologies
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

Oberthur ID-One Cosmo V7-n Lite
(Hardware Version: P/N C6; Firmware Versions: FC10 with op-codes (069778 or 017964))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/29/2009;
02/05/2010;
08/02/2010
Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); RNG (Cert. #480); RSA (Cert. #403); SHS (Cert. #833)

-Other algorithms: Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 80 bits of encryption strength)

Single-chip

"This new generation Oberthur Smart Card programmable modules offers a highly secure architecture with state of the art on board cryptographic services that include Data Encryption Standard (2TDEA and 3TDEA) for symmetric encryption; Secure Hash Algorithm (SHA up to 512) for message digest; Elliptic-Curve Diffie-Hellman (ECDH) for key agreement and Digital Signature Algorithm (ECDSA up to f =521) for digital signatures. Additional features include Logical Channels and Delegated Management. The module supports Java Card 2.2.2 and Global Platform 2.1.1.A and is available in variable EEPROM sizes."
1248 Oberthur Technologies
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

Oberthur ID-One Cosmo V7-a
(Hardware Versions: P/Ns BF [1, 2], C0 [3, 4], C3 [3, 4] and CF [5, 6]; Firmware Versions: 0801 with op-codes (071621 and 070534) [1], (071621 and 071891) [2], (071631 and 070544) [3], (071631 and 071901) [4], (071641 and 070554) [5] or (071641 and 071911) [6])

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/29/2009;
02/05/2010
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #770); Triple-DES MAC (Triple-DES Cert. #770, vendor affirmed); AES (Cert. #978); RNG (Cert. #555); RSA (Cert. #471); SHS (Cert. #949)

-Other algorithms: Triple-DES (Triple-DES Cert. #770, key wrapping; key establishment methodology provides 80 bits of encryption strength)

Single-chip

"This new generation Smart Card programmable module offers a highly secure architecture with state of the art on board cryptographic services that include and even exceed NSA SUITE-B cryptography with Advanced Encryption Standard (AES up to 256); Secure Hash Algorithm (SHA up to 512); Elliptic-Curve Diffie-Hellman (ECDH) and Digital Signature Algorithm (ECDSA up to P-521). The module supports Java Card 2.2.2 and Global Platform 2.1.1.A with Delegated Management, and is available with contact (ISO 7816) and contactless (ISO 14443) communication interfaces."
1247 Good Technology, Inc.
101 Redwood Shores Parkway
Suite 400
Redwood City, CA 94065
USA

-Sriram Krishnan
TEL: 650-486-6000

CST Lab: NVLAP 200002-0

FIPSCrypto on Windows Mobile
(Software Version: 4.7.0.50906)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/29/2009;
02/05/2010;
06/02/2010;
10/25/2010;
01/20/2011;
07/19/2011;
10/18/2011;
04/04/2012;
09/27/2012;
10/25/2012
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows CE 5.2

-FIPS-approved algorithms: AES (Cert. #1219); Triple-DES (Cert. #879); SHS (Cert. #1122); HMAC (Cert. #712)

-Other algorithms: N/A

Multi-chip standalone

"The FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1."
1246 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-923-3206
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: MAXQ1959B-F50#; Firmware Version: 9.01.00; Indicia Type 0, 1, 2, 5, 7 and 8)

(When operated in FIPS mode and configured by Pitney Bowes, Inc.)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/29/2009 Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS-approved algorithms: DSA (Cert. #363); HMAC (Cert. #631); RNG (Cert. #623); SHS (Cert. #1043); Triple-DES (Cert. #817); Triple-DES MAC (Triple-DES Cert. #817, vendor affirmed)

-Other algorithms: RNG (non-compliant)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
1245 Tropos Networks
555 Del Rey Ave.
Sunnyvale, CA 94085
USA

-Michael Ren
TEL: 408-331-6809
FAX: 408-331-6801

-Sreedhar Kamishetti
TEL: 408-331-6881
FAX: 408-331-6801

CST Lab: NVLAP 200427-0

Tropos Wireless IP Mesh Router
(Hardware Versions: 5320-2531, 5320-2631, 5320-3030, 5320-3130, 5320-6000, 5320-6060, 6310-3030, 6320-2531, 6320-3030, 7320-2531, 7320-2631, 7320-3030, 7320-3130, 7320-6000 and 7320-6060; Firmware Version: 7.3)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/15/2010 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #993, #1082, #1083 and #1085); Triple-DES (Cert. #774); SHS (Certs. #959 and #1017); HMAC (Certs. #559 and #607); RNG (Cert. #562); RSA (Cert. #477)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Blowcrypt; MD5; RC4

Multi-chip standalone

"Tropos's single/multi-radio, wireless 802.11 a/b/g/n Wireless IP Mesh routers provide a secure, high-performance, easy to deploy, and cost-effective networking solution for outdoor environments. Tropos routers support IEEE 802.1X and 802.11i with AES encryption and secure EAP types while operating in FIPS 140-2 mode."
1244 Tropos Networks
555 Del Rey Ave.
Sunnyvale, CA 94085
USA

-Michael Ren
TEL: 408-331-6809
FAX: 408-331-6801

-Sreedhar Kamishetti
TEL: 408-331-6881
FAX: 408-331-6801

CST Lab: NVLAP 200427-0

Tropos Wireless IP Mobile Router
(Hardware Version: 4210-2100; Firmware Version: 7.3)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/15/2010 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #993 and #1082); Triple-DES (Cert. #774); SHS (Cert. #959); HMAC (Cert. #559); RNG (Cert. #562); RSA (Cert. #477)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Blowcrypt; MD5; RC4

Multi-chip standalone

"Tropos's single/multi-radio, wireless 802.11 b/g Wireless IP Mobile routers provide a secure, high-performance, easy to deploy, and cost-effective networking solution for outdoor environments. Tropos routers support IEEE 802.1X and 802.11i with AES encryption and secure EAP types while operating in FIPS 140-2 mode."
1243 Secure64 Software Corporation
5600 South Quebec Street
Suite 320D
Greenwood Village, CO 80111
USA

-Christopher Worley
TEL: 303-242-5890
FAX: 720-489-0694

CST Lab: NVLAP 200416-0

Secure64 Cryptographic Module
(Firmware Version: 1.2)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 12/29/2009 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx2660; Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx3600

-FIPS-approved algorithms: AES (Certs. #882 and #956); Triple-DES (Cert. #722); RNG (Cert. #507); SHS (Certs. #874 and #936); HMAC (Cert. #580); DSA (Cert. #350); RSA (Certs. #495 and #426)

-Other algorithms: N/A

Multi-chip standalone

"The Secure64 Cryptographic Module is a firmware module designed for use only with systems based on Secure64 SourceT, a limited operational environment running on an Intel Itanium-based server platform. The Secure64 Cryptographic Module provides cryptographic functions that can be used by applications running in this environment. Example applications include DNSSEC signing (secure DNS using digital signatures), certificate management applications, etc. Example functions include key generation, secure key storage, encryption, decryption, hashing, and digital signing."
1242 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 94002
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM)
(Hardware Versions: Chassis: Catalyst 6506 switch with FIPS Kit P/N 800-27009 [1], Catalyst 6506-E switch with FIPS Kit P/N 800-27009 [2], Catalyst 6509 switch with FIPS Kit P/N 800-26335 [3] and Catalyst 6509-E switch with FIPS Kit P/N 800-26335 [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL and WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2(18)SXF11, Cisco IOS Release 12.2.33-SXH5 and Cisco IOS Release 12.2(18)SXF7; WiSM: 5.2.157.0, 5.2.178.5, 5.2.193.0 and 5.2.193.11; Hardware))

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/29/2009;
07/02/2010;
07/30/2010;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
1241 Bloombase, Inc.
Level 5, Enterprise Place,
Suite 38, Science Park
Hong Kong, People's Republic of China

-USA Certification Team
TEL: +855-256-6622
FAX: +650-618-9898

CST Lab: NVLAP 200427-0

Bloombase Cryptographic Module
(Software Version: 8.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/29/2009;
07/02/2010;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Bloombase SpitfireOS 5 (single-user mode), JRE 1.6

-FIPS-approved algorithms: AES (Cert. #1041); HMAC (Cert. #583); RSA (Cert. #496); RNG (Cert. #591); SHS (Cert. #991)

-Other algorithms: N/A

Multi-chip standalone

"Bloombase Cryptographic Module for multi-platforms is a scalable, generic and multipurpose module used by various Bloombase products, performing a broad range of approved cryptographic operations including encryption, key generation, key storage and zeroization, signature generation and verification, hashing, keyed hashing and random number generation, supporting services including cryptography, authentication, PKCS and key management, etc."
1240 Asigra, Inc.
1120 Finch Avenue West
Suite 400
Toronto, Ontario M3J 3H7
Canada

-David Farajun
TEL: 416-736-8111 ext 100
FAX: 416-736-7120

CST Lab: NVLAP 200427-0

AsigraEncModule Encryption Library
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/12/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (32-bit) Enterprise Edition, 5.2.3790, Service Pack 2; Microsoft Windows Server 2003 (64-bit), Standard Edition, 5.2.3790, Service Pack 1; RedHat Enterprise Linux 5 (32-bit), Update 6; RedHat Enterprise Linux 5 (64-bit), Update 6; Mac OS X, 10.5 (single user mode)

-FIPS-approved algorithms: AES (Cert. #968); SHS (Cert. #938); HMAC (Cert. #541); RNG (Cert. #546)

-Other algorithms: N/A

Multi-chip standalone

"The AsigraEncModule ("Cryptographic Module" or "Module") is a cryptographic library for C++ language users providing hash algorithms, AES symmetric encryption algorithms and random number generation."
1239 Giesecke & Devrient and ActivIdentity Inc.
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Michael Poitner
TEL: 650-312-1241
FAX: 650-312-8129

-Stephane Ardiley
TEL: 510-745-6288
FAX: 510-745-0101

CST Lab: NVLAP 200427-0

Sm@rtCafé Expert 3.2 by Giesecke & Devrient with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV
(Hardware Versions: P5CD080 M8.4 [1], P5CD080 PDM1.1 [1], P5CD144 M8.4 [2] and P5CD144 PDM1.1 [2]; Firmware Versions: CPDIxJC_RSEFI025CD080V402 [1] and CPDYxJC_RSEFI025CD144V503 [2], Applet Versions [1,2]: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.4, SMA applet package v2.6.2B.3)

(PIV Card Application: Cert. #17)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/07/2009;
01/11/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #745 and #746); DSA (Certs. #277 and #278); RSA (Certs. #350 and #351); RNG (Certs. #433 and #434); SHS (Certs. #760 and #761); Triple-DES (Certs. #662 and #663); Triple-DES MAC (Triple-DES Certs. #662 and #663, vendor affirmed)

-Other algorithms: DES; DES MAC; DSA (512-bits and 768-bits; non-compliant)

Single-chip

"This product combines the Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert(SCE) 3.2 and the ActivIdentity(AI) Applet framework v2.6.2b. SCE 3.2 is a JC2.2.1 & GP2.1.1 compliant dual-interface module supporting, at a minimum 2048-bit RSA, SHA-256 hash and 256-bit AES. AI Applet framework works over dual-interface and supports GSC-IS v2.1 & NIST SP800-73-1(for HSPD-12/PIV). The product supports Secure issuance and post-issuance along with SMA protocol(secure messaging) and One Time Password solution. Combined product is suitable for government and corporate deployments"
1238 Nexus Wireless
Artists Cour
15 Manette Street
London, W1D 4AP
United Kingdom

-Paul Richards
TEL: +44-207-734-0200
FAX: +44-207-734-0210

CST Lab: NVLAP 200416-0

Nexus FIPS 140-2 Crypto Module
(Hardware Version: 1.0; Firmware Versions: ES0408_RL01_R1_00_000 version 1.00.000 and ES0408_RL02_R1_00_000 version 1.00.000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/05/2010 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #914); DSA (Cert. #337); SHS (Certs. #901 and #928); HMAC (Cert. #533); RNG (Cert. #524)

-Other algorithms: DES; AES MAC (AES Cert. #914, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Nexus FIPS140-2 Crypto Module is a single-board security module designed to conform to FIPS140-2 standards and primarily intended for use in P25 radio equipment. The module supports both KFD and KMF management implementations, including a dedicated 3-wire KFD interface. It includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSKEK keys in non-volatile memory within the FIPS module, with protection from unauthorized disclosure or modification. The FIPS Module executes encryption and decryption of P25 Phase 1 voice and data."
1237 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Library
(Software Version: 2.0.0.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/07/2009 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional 2002 with SP3, 32-bit edition (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #819); AES (Cert. #1122); SHS (Cert. #1045); HMAC (Cert. #633); RNG (Cert. #625); ECDSA (Cert. #131)

-Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry½ Cryptographic Library is a software module that provides cryptographic services to many BlackBerry½ desktop products such as the BlackBerry½ Enterprise Server, BlackBerry½ Desktop Software, and many other BlackBerry½ products."
1236 Oberthur Technologies
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

-N/A
TEL: N/A
FAX: N/A

CST Lab: NVLAP 100432-0

Oberthur ID-One Cosmo V7-n
(Hardware Versions: P/Ns B0 [1,2], BA [1,2], C8 [1,2], C4 [1,2], C7 [1,2] and CA [1,2]; Firmware Versions: FC10 with op-codes 069778 [1] or 071964 [2])

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/07/2009;
02/05/2010;
08/02/2010
Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); AES (Cert. #840); RNG (Cert. #480); RSA (Cert. #403); SHS (Cert. #833)

-Other algorithms: Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 80 bits of encryption strength)

Single-chip

"This new generation Smart Card programmable module offers a highly secure architecture with state of the art on board cryptographic services that include and even exceed NSA SUITE-B cryptography with Advanced Encryption Standard (AES up to 256); Secure Hash Algorithm (SHA up to 512); Elliptic-Curve Diffie-Hellman (ECDH) and Digital Signature Algorithm (ECDSA up to P-521). The module supports Java Card 2.2.2 and Global Platform 2.1.1.A with Delegated Management, and is available with contact (ISO 7816) and contactless (ISO 14443) communication interfaces."
1235 Advanced Communications Concepts Inc
8831 N.Capital of Texas Highway
Suite 212
Austin, TX 78759
USA

-Eric Sweeney
TEL: 512-275-6245

CST Lab: NVLAP 200427-0

TUCrypt Cryptographic Module
(Software Version: 2.32.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/07/2009;
01/28/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Pro (32-bit edition), Microsoft Windows Vista (32-bit and 64-bit editions), and Microsoft Windows 7 (32-bit and 64-bit editions) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1057, #1058 and #1102); SHS (Certs. #1003, #1004 and #1025); HMAC (Certs. #595, #596 and #616)

-Other algorithms: AES (Certs. #1057, #1058 and #1102, key wrapping)

Multi-chip standalone

"The TUCrypt Cryptographic Module is a multi-chip standalone software module that executes on a IBM compatable personal computer. The software module is intended to be used by other ACCI software to provide FIPS 140-2 approved cryptographic services."
1234 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-923-3206
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: MAXQ1959B-F50#; Firmware Versions: 6.01.02 and 8.01.03; Indicia Type 0, 2 and 5)

(When operated in FIPS mode and configured by Pitney Bowes, Inc.)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2009;
01/06/2010
Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS-approved algorithms: DSA (Cert. #353); RNG (Cert. #604); SHS (Cert. #1010); Triple-DES (Cert. #797); Triple-DES MAC (Triple-DES Cert. #797; vendor-affirmed)

-Other algorithms: RNG (non-compliant)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
1233 Brocade Communications
1745 Technology Drive
San Jose, CA 95110
USA

-Greg Farris
TEL: 408-333-7315
FAX: 408-333-8101

CST Lab: NVLAP 100432-0

Brocade 7500 SAN Extension Switch Cryptographic Module
(Hardware Version: P/N Brocade 7500 Version H; Firmware Version: Fabric OS v6.0.0)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2009 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #731); Triple-DES (Cert. #652); SHS (Cert. #749); HMAC (Cert. #397); RNG (Cert. #426); RSA (Cert. #342)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Brocade 7500 SAN Extension Switch Cryptographic Module provides an enterprise building block for consolidation, data mobility, and business continuity solutions that improve efficiency and cost savings. It combines FCIP extension with Fibre Channel switching and routing to provide local and remote storage and SAN connectivity while isolating SAN fabrics and IP WAN networks."
1232 Brocade Communications
1745 Technology Drive
San Jose, CA 95110
USA

-Greg Farris
TEL: 408-333-7315
FAX: 408-333-8101

CST Lab: NVLAP 100432-0

Brocade DCX Backbone and 48000 Director
(Hardware Version: P/Ns Brocade DCX Version C and Brocade 48000 Version L; Firmware Version: Fabric OS v6.0.0)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2009 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #731); Triple-DES (Cert. #652); SHS (Cert. #749); HMAC (Cert. #397); RNG (Cert. #426); RSA (Cert. #342)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Brocade DCX Backbone consolidates server-to-server, server-to-storage and storage-to-storage traffic into a logical, multiprotocol infrastructure. It is designed to support existing and emerging protocols, including 8Gb Fibre Channel, FICON®, FCIP, IPFC, 10 Gigabit Ethernet, Converged Enhanced Ethernet (CEE), and Fibre Channel over Ethernet (FCoE). The Brocade 48000 Director delivers 4, 8, and 10 Gbit/sec Fibre Channel performance, high availability and multiprotocol connectivity, including Fibre Channel Routing, FCIP, iSCSI, and fabric-based applications."
1231 MeshDynamics, Inc.
2953 Bunker Hill Lane
Suite 400
Santa Clara, CA 95054
USA

-Francis daCosta
TEL: 408-373-7700
FAX: 408-516-8987

CST Lab: NVLAP 200648-0

MD4000-FIPS Structured Mesh™ Module
(Hardware Version: MD4000-FIPS; Firmware Version: 2.5.72)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/30/2009 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #728); SHS (Cert. #746); RNG (Cert. #425); HMAC (Cert. #394)

-Other algorithms: RC4; MD5; HMAC-MD5; AES (Cert. #728; key wrapping; key establishment methodology provides 128 bits of encryption strength)

Multi-chip standalone

"Multi-Radio Wireless Mesh Networking Node. Nodes connect to each other forming a "MESH" network. Data from Client devices connected to the mesh node, is routed according to the destination address. Client devices need to authenticate before they can join the network. All data from client is encrypted using AES-CCM using temporal keys generated using WPA2/802.11i standard."
1230 Tropos Networks
555 Del Rey Ave.
Sunnyvale, CA 94085
USA

-Roman Arutyunov
TEL: 408-331-6825
FAX: 408-331-6801

-Sreedhar Kamishetti
TEL: 408-331-6881
FAX: 408-331-6801

CST Lab: NVLAP 200427-0

Tropos Control Element Management System
(Software Version: 7.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/30/2009 Overall Level: 1 

-Roles, Services, and Authentication: Level 3

-Operational Environment: Tested as meeting Level 1 with CentOS 5 (x86) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1084 and #1086); Triple-DES (Certs. #799 and #800); SHS (Certs. #1018 and #1019); HMAC (Certs. #608 and #609); RNG (Certs. #608 and #609); RSA (Certs. #511 and #512)

-Other algorithms: Blowcrypt; MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Tropos Control is a comprehensive management system that streamlines the deployment, optimization, maintenance, and control of large-scale wireless networks. Tropos Control uses FIPS 140-2 approved algorithms to provide secured communication to Tropos routers and to its web-based client application."
1229 BitArmor Systems, Inc.
Three Gateway Center
401 Liberty Avenue
Suite 1900
Pittsburgh, PA 15222
USA

-Hugh Docherty

CST Lab: NVLAP 200556-0

BitArmor Secure Cryptographic Engine
(Software Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 11/30/2009;
12/11/2009
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (32-bit); SuSE Linux Enterprise Server 10.0 (32-bit); Windows Server 2003 (32-bit); Windows Server 2008 (64-bit); Windows 7 Enterprise (32-bit) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #1101); Triple-DES (Cert. #802); SHS (Cert. #1024); HMAC (Cert. #614); RNG (Cert. #613)

-Other algorithms: DES; MD5; HMAC-MD5

Multi-chip standalone

"BitArmor DataControl is an advanced software solution that provides disk encryption and device independent file/folder encryption. It provides precise access control for data on the Windows operating system. BitArmor DataControl includes automatic key management that is transparent to users and a central console for management of users and access privileges."
1228 Atos Wordline S.A./N.V.
Haachtsesteenweg 1442 ChaussTe de Haecht
Brussels, 1130
Belgium

-Filip Demaertelaere
TEL: +32-2-727-6167
FAX: +32-2-727-6250

-Sam Yala
TEL: +32-2-727-6194
FAX: +32-2-727-6250

CST Lab: NVLAP 200636-0

DEP/PCI v4
(Hardware Versions: PCI card: 033-120010-1.0; Alarm card: 033-120020-2.0; Firmware Versions: Boot firmware: 4.0.l; FPGA firmware: 661442; Alarm firmware: 5.0.m)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/24/2009 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #883); SHS (Cert. #875)

-Other algorithms: N/A

Multi-chip embedded

"The DEP/PCI (a PCI adapter board) is a hardware cryptographic module, also known as a hardware security module (HSM). Its boot software together with its cryptographic coprocessor implements different cryptographic algorithms which are used for secure key entry, secure application loading and secure boot firmware update. The alarm firmware implements the tamper detection and tamper responsive logic."
1227 Kingston Technology, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

-John Terpening
TEL: 714-427-3743
FAX: 714-435-2628

CST Lab: NVLAP 100432-0

DataTraveler 5000 (DT5000)
(Hardware Version: P/N 88007021F, Version 01.00.02; Firmware Version: 03.00.04)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/07/2009 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1015 and #1016); SHS (Certs. #972, #973 and #974); ECDSA (Cert. #122); DRBG (Cert. #10); RNG (Cert. #582); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Kingston's ultra-secure DataTraveler 5000 USB Flash drive protects sensitive data with FIPS 140-2 Level 2 certification and 256-bit AES hardware-based encryption in XEX mode. Secured by Spyrus, DT5000 uses elliptic curve cryptography encryption algorithms (ECC) that meet the Suite B standards approved by the U.S. government. The drive features complex password protection and locks down after 10 intrusion attempts. DT5000 is waterproof (up to 4 feet) and features a rugged, titanium-coated steel casing."
1226 Eastman Kodak Company
343 State Street
Rochester, NY 14650
USA

-Nancy Telfer
TEL: 585-477-8399
FAX: 585-477-8789

CST Lab: NVLAP 200427-0

Eastman Kodak Company® Secure Module 3000
(Hardware Version: 4F6138 Version A; Firmware Version: 1.0-068)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/24/2009 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1071, #1072 and #1076); HMAC (Certs. #603 and #604); RNG (Cert. #606); RSA (Cert. #508); SHS (Certs. #1012 and #1013)

-Other algorithms: HMAC-MD5; MD5; RSA (key wrapping; key establishment methodology provides 112-bits of encryption strength)

Multi-chip embedded

"The Kodak Secure Module 3000 is a fully DCI compliant cryptographic module that is the core of the Kodak Digital Cinema content playback system. The Secure Module converts the packaged, compressed and encrypted data into raw image, sound, subtitles and auxiliary data used in exhibition. It performs security functions such as media decryption, link encryption, forensic watermarking, and key management."
1225 SafeNet, Inc.
20 Colonnade Road
Ottawa, Ontario K2E 7M6
Canada

-Iain Holness
TEL: 613-221-5049
FAX: 613-723-5079

CST Lab: NVLAP 200002-0

SafeEnterpriseTM Encryptor, Model 650
(Hardware Version: 904-23160-007; Firmware Version: 3.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/24/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #268); AES (Certs. #391 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The SafeEnterpriseTM SONET Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network."
1224 BeCrypt Limited
130 Shaftesbury Avenue
London, W1D 5EU
United Kingdom

-Dr. Pali Surhar, Certification Manager
TEL: +44 (0)845 838 2050
FAX: +44 (0)845 838 2060

CST Lab: NVLAP 200017-0

BeCrypt Cryptographic Library
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 11/24/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional 32-bit with SP3; Windows XP Professional 64-bit with SP2; Linux Ubuntu 8.10; MAC OS X (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1087 and #1088); SHS (Certs. #1020 and #1021); RNG (Cert. #610); RSA (Cert. #513); HMAC (Certs. #610 and #611)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; Triple-DES (non-compliant); RC2

Multi-chip standalone

"The BeCrypt Cryptographic Library provides core cryptographic functionality for BeCrypt's Enterprise security products including a range of market leading disk encryption, media encryption and data protection products. The cryptographic library provides a capability to develop complex and flexible security applications that require cryptographic functionality in both pre-OS and 32 bit/64 bit operating environments."
1223 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085-4121
USA

-Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200017-0

ProxySG 510 and ProxySG 810
(Hardware Versions: 100-02639, 106-02838, 106-02868, 100-02641, 106-02834 and 106-02884; Firmware Version: 5.3.1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/17/2009;
12/13/2011
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #859); Triple-DES (Cert. #706); RSA (Cert. #413); DSA (Cert. #310); SHS (Cert. #854); HMAC (Cert. #476); RNG (Cert. #491)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 and 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet), and to provide acceleration and compression of transmitted data. The ProxySG is one of several appliance lines manufactured by Blue Coat"
1222 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085-4121
USA

-Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200017-0

ProxySG 8100
(Hardware Versions: 100-02644, 106-02835 and 106-02883; Firmware Version: 5.3.1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/17/2009;
12/07/2011
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #859); Triple-DES (Cert. #706); RSA (Cert. #413); DSA (Cert. #310); SHS (Cert. #854); HMAC (Cert. #476); RNG (Cert. #491)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 and 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet), and to provide acceleration and compression of transmitted data. The ProxySG is one of several appliance lines manufactured by Blue Coat"
1221 Bull SAS
Rue Jean Jaurès
B.P.68
Les Clayes sous Bois, 78340
France

-Jean-Luc CHARDON
TEL: +33 1 30 80 79 14
FAX: +33 1 30 80 78 87

-Pierre-Jean AUBOURG
TEL: +33 1 30 80 77 02
FAX: +33 1 30 80 78 87

CST Lab: NVLAP 200017-0

CHR Cryptographic Module
(Hardware Version: 003/A [1] or 004/A [2]; Firmware Version: V1.02-00L [1] or V1.03-00L [2])

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/17/2009;
07/05/2011
Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS-approved algorithms: RSA (Cert. #438); SHS (Cert. #893)

-Other algorithms: N/A

Multi-chip standalone

"The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR."
1220 SkyRecon Systems
8 rue La Fayette
Paris, 75009
France

-Patrick Prajs
TEL: +33 (0)1 73 54 02 60

-Jean-Baptiste LERNOUT
TEL: 33 (0)1.73.54.02.72

CST Lab: NVLAP 200697-0

SkyRecon Cryptographic Module (SCM)
(Software Version: 1.04)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/03/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional with SP3 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #931); SHS (Cert. #914); RNG (Cert. #532); HMAC (Cert. #613)

-Other algorithms: N/A

Multi-chip standalone

"SkyRecon Cryptographic Module (SCM) is a software-based dynamically linked cryptographic library containing several validated cryptographic algorithms. Software developers can link the SkyRecon Cryptographic Module (SCM) into their applications to provide FIPS 140-2 compliant cryptographic support."
1219 Check Point Software Technologies Ltd.
12007 Sunrise Valley Dr.
Suite 130
Reston, VA 20191
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972 3-7534561

CST Lab: NVLAP 200002-0

VPN-1 [1] and Security Gateway with firewall and vpn Software Blades [2]
(Firmware Versions: NGX R65 with hot fix HFA 30 [1] and R70.1 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 10/27/2009;
11/20/2009;
07/27/2011
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-Tested: Dell PowerEdge 1750 and Power-1 5070 with Check Point SecurePlatform Operating System, version NGX R65 HFA 30

-FIPS-approved algorithms: Triple-DES (Certs. #338, #733, #824, #825, #1114 and #1115); AES (Certs. #257, #1130 and #1728); SHS (Certs. #332, #890, #1053, #1054, #1511 and #1512); HMAC (Certs. #67, #502, #642, #643, #1003 and #1004); RSA (Certs. #66, #132, #537 and #853); RNG (Certs. #90, #628 and #917)

-Other algorithms: CAST 40 bit; CAST 128 bit; DES (Cert. #314); MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength)

Multi-chip standalone

"Check Point's Security Gateway Software Blades R70.1 and VPN-1 R65 with hot fix HFA 30 provide an integrated software solution combining a firewall, vpn, and the hardened SecurePlatform operating system. Designed to meet the requirements of Internet, intranet, and extranet vpns it provides secure connectivity to corporate networks with remote and mobile users, branch offices, and business partners."
1218 3e Technologies International, Inc.
9715 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-636S-1 Accelerated Crypto Module
(Hardware Version: 1.0(A); Firmware Version: 4.3.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2009 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1022 and #1023); Triple-DES (Certs. #783 and #784); SHS (Certs. #976 and #977); HMAC (Certs. #571 and #572); RNG (Cert. #583); RSA (Cert. #490)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5

Multi-chip embedded

"3eTI's 3e-636S-1 Accelerated Crypto Module provides AES and Triple-DES data encryption, SHS secure hashing, and HMAC keyed hashing at very high levels of sustained bandwidth. The 3e-636S-1 leverages built-in hardware-based cryptography to greatly accelerate device performance. The 3e-636S-1 is a robust, stand-alone inline encryptor which can straightforwardly be inserted into a network where FIPS 140-2 Validation is required. The 3e-636S-1 helps customers meet Federal Cryptography requirements at extremely high levels of performance, where traditional software-based algorithm implementation"
1217 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-546-4744

CST Lab: NVLAP 100432-0

Cygnus X3 PSD Cryptographic Module
(Hardware Version: P/N 1R84000 Version A; Software Version: 01.05.05; Firmware Version: 01.00.06)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2009 Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS-approved algorithms: DSA (Cert. #234); SHS (Cert. #650); AES (Cert. #600); RNG (Cert. #592); HMAC (Cert. #311)

-Other algorithms: N/A

Single-chip

"The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1216 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Peter Hayman
TEL: 919-462-1900 x273
FAX: (919) 462-1933

CST Lab: NVLAP 200002-0

SafeEnterprise™ Encryptor, Model 600
(Hardware Versions: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10014-00x, 904-10112-00x, 904-10113-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-25005-00x, 904-30013-00x, 904-511i0-00x and 943-511i0-00x; Firmware Version: 3.4.0.1)

(Note: Refer to the cryptographic module’s security policy for the details on the letter i and x designations)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2009 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #647); AES (Certs. #711, #713 and #725); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DSA (non-compliant)

Multi-chip standalone

"The SafeEnterprise™ Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks."
1215 SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131-2203
USA

-Tom Dickens
TEL: 408-392-9131
FAX: 408-392-0319

CST Lab: NVLAP 100432-0

Hydra PC FIPS Sector-based Encryption Module
(Hardware Version: P/N 88007021F, Version 01.00.02; Firmware Version: 03.00.04)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2009;
05/05/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #1015 and #1016); SHS (Certs. #972, #973 and #974); ECDSA (Cert. #122); DRBG (Cert. #10); RNG (Cert. #582); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength)

-Other algorithms: EC-Diffie-Hellman (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength)

Multi-chip standalone

"The Hydra PC FIPS Sector-based Encryption Module provides hardware-based, sector by sector full disk encryption providing the protective military strength of the U. S. Government's Suite B algorithm standards, including AES, ECDSA, SHA-2, and EC-DH. The USB encryption device comes with an easy to use, user-friendly interface that operates on the Microsoft Windows operating systems without installing any drivers."
1214 Juniper Networks, Inc.
One Rogers St.
Sixth Floor
Cambridge, MA 02142
USA

-Robert Smith
TEL: 617-949-4067
FAX: 617-547-1031

CST Lab: NVLAP 100432-0

Odyssey Security Component Portable
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/19/2009 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #785 and #786); Triple-DES (Cert. #680); SHS (Cert. #788); HMAC (Cert. #431); DSA (Cert. #294); RSA (Cert. #374); RNG (Cert. #452)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength)

Multi-chip standalone

"The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / Portable is a C language version that can be compiled without modification for a variety of operating systems."
1213 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 94002
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco 4402 and 4404 Wireless LAN Controllers
(Hardware Versions: 4402, Revision Number A0 and 4404, Revision Number A0; with FIPS Kit AIRWLC4400FIPSKIT=, version A0; with Opacity Baffle Version 1.0; Firmware Versions: 5.2.157.0, 5.2.178.5, 5.2.193.0 and 5.2.193.11)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/19/2009;
11/20/2009;
07/02/2010;
07/30/2010;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
1212 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

Voice Processing Module Cryptographic Module (VPMCM) /Telephone Media Gateway Cryptographic Module (TMGCM)
(Hardware Versions: VPMCRYPTO_B or VPMCRYPTO_C; Firmware Versions: R01.01.03, R01.01.04, R01.01.05, R01.02.08 or R01.05.00)

(When operated in FIPS mode with AES Cert. #819)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/19/2009;
12/06/2010;
07/05/2011
Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 2
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); DVP-XL; DVI-XL; DES-XL; LFSR; ADP

Multi-chip embedded

"The Motorola Voice Processing Module Cryptographic Module provides cryptographic services to the Voice Processing Module in which it is embedded. The Voice Processing Module provides dispatch console audio routing between a dispatch operator (e.g., 911 dispatcher), peripherals, and a local network."
1211 Motorola, Inc.
1 Motorola Plaza
Holtsville, NY 11742
USA

-Steven Chew
TEL: 631-738-3507
FAX: 631-738-4164

-Bert Scaramozzino
TEL: 631-738-3215
FAX: 631-738-4164

CST Lab: NVLAP 200648-0

Motorola Wireless Fusion on Windows CE Cryptographic Module
(Hardware Version: CX 55222; Software Version: 3.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 11/18/2009;
05/05/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows CE 6.0

-FIPS-approved algorithms: AES (Certs. #1035 and #1037); SHS (Cert. #988); HMAC (Cert. #581)

-Other algorithms: RC4; TKIP

Multi-chip standalone

"Motorola Wireless Fusion Cryptographic Module is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
1210 Motorola, Inc.
1 Motorola Plaza
Holtsville, NY 11742
USA

-Steven Chew
TEL: 631-738-3507
FAX: 631-738-4164

-Bert Scaramozzino
TEL: 631-738-3215
FAX: 631-738-4164

CST Lab: NVLAP 200648-0

Motorola Wireless Fusion on Windows Mobile Cryptographic Module
(Hardware Version: CX 55222; Software Version: 3.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 11/18/2009;
05/05/2010;
06/02/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Mobile 6.1 and 6.5

-FIPS-approved algorithms: AES (Certs. #1036 and #1038); SHS (Cert. #989); HMAC (Cert. #582)

-Other algorithms: RC4; TKIP

Multi-chip standalone

"Motorola Wireless Fusion Cryptographic Module is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
1209 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Peter Hayman
TEL: 919-462-1900 x273
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeEnterprise™ Encryptor, Model 650
(Hardware Versions: 904-53260-007 and 943-53270-007; Firmware Versions: 3.4.0.1 and 3.4.0.2)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/19/2009;
08/02/2010
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #647); AES (Certs. #710, #725 and #964); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DSA (non-compliant)

Multi-chip standalone

"The SafeEnterprise™ Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
1208 ARX (Algorithmic Research)
10 Nevatim Street
Kiryat Matalon, Petach Tikva 49561
Israel

-Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0

CoSign
(Hardware Version: 4.0; Firmware Version: 4.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/19/2009 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #498 and #523); Triple-DES MAC (Triple-DES Cert. #498, vendor affirmed); SHS (Certs. #554 and #586); HMAC (Cert. #241); RNG (Cert. #265); RSA (Cert. #227)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data."
1207 Juniper Networks, Inc.
One Rogers St.
Sixth Floor
Cambridge, MA 02142
USA

-Robert Smith
TEL: 617-949-4067
FAX: 617-547-1031

CST Lab: NVLAP 100432-0

Odyssey Security Component User Mode and Odyssey Security Component Kernel Mode
(Software Versions: Version 2.0 (Odyssey Security Component User Mode) and Version 2.0 (Odyssey Security Component Kernel Mode))

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/19/2009 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2; Microsoft Windows 2000 SP3 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength)

Multi-chip standalone

"The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / User Mode is a user mode binary module for the Windows operating system. OSC / Kernel Mode is a kernel-mode binary module for the Windows operating system."
1206 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 94002
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Catalyst 3750G Integrated Wireless LAN Controller
(Hardware Versions: P/N WS-C3750G, Version 02 and P/N 69-1707-01 (FIPS Kit); Firmware Versions: 5.2.157.0, 5.2.178.5, 5.2.193.0 and 5.2.193.11)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/19/2009;
11/20/2009;
07/02/2010;
07/30/2010;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 3750G Wireless LAN Controller provides centralized control and scalability for medium to large-scale wireless LAN networks and supports IEEE 802.11i wireless security and is Wi-Fi certified for WPA2. Cisco WLAN Controllers support voice, video, data services, intrusion protection (including Management Frame Protection (MFP), intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the U.S. Department of Defense (DoD)."
1205 Lexar Media, Inc.
47300 Bayside Parkway
Fremont, CA 94538
USA

-Mehdi Asnaashari
TEL: 510-413-1200
FAX: 510-440-3499

CST Lab: NVLAP 100432-0

JumpDrive SAFE S3000
(Hardware Versions: P/Ns LAD2GBCENAG600 [1,2], LAD4GBCENAG600 [1,2], LAD8GBCENAG600 [1,2] and LAD16GCENAG600 [1,2], Versions FC4410-EF-AB [1] and FC4410-EF-AC [2]; Firmware Version: 1511)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/19/2009 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #877 and #990); HMAC (Cert. #491); RNG (Cert. #503); RSA (Cert. #424); SHS (Certs. #869 and #957); Triple-DES (Cert. #719)

-Other algorithms: AES (Cert. #877, key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"Lexar Media introduces JumpDrive SAFE S3000, the world's first FIPS 140-2 Level 3 approved secure USB flash drive. The advanced flash drive combines an onboard cryptographic controller that encrypts all data stored on the secure partition by approved hardware-based AES 256bit, a smartcard chip that provides key management through proven technology, and a ruggedized tamper resistant housing to create a complete portable secure storage solution for all users looking to protect their data. For more information please visit http://www.lexar.com."
1204 Midland Radio Corporation
5900 Parretta Drive
Kansas City, MO 64120
USA

-David Berneking
TEL: 816-462-0421

CST Lab: NVLAP 200427-0

Midland Radio Base Station Cryptographic Module
(Hardware Versions: 91-1060A, 91-1060B, 91-1110A, 91-1110B, 91-4050A, 91-4050B, 91-4100A, 91-4100B, 91-4100C, 91-4100D, 91-7100B and 91-8100B; Firmware Version: FIPS_ver010b)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #485); SHS (Cert. #945); HMAC (Cert. #548); DRBG (Cert. #7)

-Other algorithms: DES

Multi-chip standalone

"The Midland BTIII Base Stations provide Project 25 encrypted and clear voice, data and Short Message Service communications in accordance with the Project 25 Digital Land Mobile Radio standards suite. In addition, conventional analog radio voice communications are supported. It is multi-chip standalone cryptographic module validated at a FIPS 140-2 Security Level 1."
1203 Thales - nCipher
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect
(Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500, nC4033E-030, nC4033E-6K0N, nC4033E-1K5N and nC4033E-500N, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
12/08/2009;
02/17/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, nShield 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1202 Thales - nCipher
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 500 and nShield F2 10 PCI
(Hardware Versions: nC3023P-500, nC3023P-10, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #994 an #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1201 Thales - nCipher
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 4000, nShield F2 2000 and nShield F2 500
(Hardware Versions: nC3023P-4K0, nC3023P-2K0, and nC3123P-500, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1200 Thales - nCipher
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI
(Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10; Build Standard N; Firmware Versions: 2.38.4-2 and 2.83.7-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #994 and #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1199 Thales - nCipher
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 4000, nShield F3 2000, nShield F3 2000 for NetHSM, nShield F3 500 and nShield F3 500 for NetHSM
(Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3 +EFP/EFT
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1198 Thales - nCipher
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI
(Hardware Versions: nC4033P-500, nC4033P-500N, and nC4033P-10, Build Standard N; Firmware Versions: 2.38.4-3 and 2.38.7-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #994 and #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nCipher modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1197 Thales - nCipher
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect
(Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500, nC4033E-030, nC4033E-6K0N, nC4033E-1K5N and nC4033E-500N, Build Standard N; Firmware Versions: 2.38.4-3 and 2.38.7-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
12/08/2009;
02/17/2010
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, nShield 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1196 Thales - nCipher
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e
(Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3032E-030, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1195 Thales - nCipher
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 4000, nShield F3 2000, nShield F3 2000 for NetHSM, nShield F3 500 and nShield F3 500 for NetHSM
(Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Versions: 2.38.4-3 and 2.38.7-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS-approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1194 Juniper Networks, Inc.
One Rogers St.
Sixth Floor
Cambridge, MA 02142
USA

-Robert Smith
TEL: 617-949-4067
FAX: 617-547-1031

CST Lab: NVLAP 100432-0

Juniper Network Connect Cryptographic Module
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/06/2009 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP Professional SP2 running on a Dell Optiplex GX270; Microsoft Windows 2000 Professional SP3 running on a Dell Optiplex GX400

-FIPS-approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength)

Multi-chip standalone

"The Juniper Network Connect Cryptographic Module (JNCCM) is a general purpose cryptographic library. The JNCCM is a user mode binary module for the Windows operating system."
1193 Neopost Technologies
113 Rue Jean Marin Naudin
Bagneux, 92220
France

-Nathalie Tortellier
TEL: 33 1 45 36 30 00
FAX: 33 1 45 36 30 10

CST Lab: NVLAP 100432-0

PSD Models C22, C28, C35 and C56
(Hardware Versions: P/N 4129955LD or P/N 4150859LB; Firmware Versions: P/N 4148747LA Version 22.12.2, P/N 4151948VA Version 23.06 or P/N 4151948VB Version 23.08)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/06/2009;
04/09/2010;
01/13/2011;
03/15/2011;
07/05/2011;
12/01/2011;
04/12/2012
Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS-approved algorithms: AES (Cert. #563); SHS (Cert. #629); RNG (Cert. #328); RSA (Cert. #260); HMAC (Cert. #300); ECDSA (Cert. #62)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength)

Multi-chip embedded

"Neopost Canadian PSD (Postal Secure Device) for Low to High Range Franking machines."
1192 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81-46-202-8074
FAX: +81-46-202-6304

CST Lab: NVLAP 100432-0

Sony Security Module
(Hardware Version: 1.0.0; Firmware Version: 1.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/06/2009;
01/06/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #901 and #902); RNG (Cert. #517); RSA (Cert. #437); SHS (Cert. #882)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Sony Security Module (SSM) is a multi-chip embedded cryptographic module that is encapsulated in a hard opaque commercial grade metal case. The cryptographic boundary is defined as the entire metal case perimeter, including all hardware, software, and firmware encapsulated within. The interfaces are all traces that cross the crypto graphic boundary. The primary purpose of the SSM is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1191 SanDisk Corporation
601 McCarthy Boulevard
Milpitas, CA 95035
USA

-Rotem Sela
TEL: +972-4-9078811
FAX: +972-4-9078777

CST Lab: NVLAP 200427-0

TrustedFlash v1.0 - microSD
(Hardware Versions: HermonS2TM 256MB, HermonS2TM 512MB, HermonS2TM 1GB and HermonS2TM 2GB; Firmware Version: v1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/21/2009;
11/20/2009
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #643); RNG (Cert. #366); RSA (Cert. #294); SHS (Cert. #678); Triple-DES (Cert. #595)

-Other algorithms: AES MAC (AES Cert. #643; non-compliant); DES; RNG; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip embedded

"TrustedFlash(TM) v1.0 - microSD is SanDisk's proprietary TrustedFlash v1.0 security technology implemented on the microSD form factor which provides a platform for the implementation of an advance security technology that complies with FIPS 140-2 level 3 requirements. TrustedFlash provides authentication and data encryption that can be used with secured applications including e-commerce, protected digital content distribution and enabling users to play protected content, services and applications on authorized TrustedFlash-enabled devices, such as mobile phones, portable media players, etc."
1190 Raytheon Oakley Systems, Inc.
2755 E. Cottonwood Parkway
Suite 600
Salt Lake City, UT 84121
USA

-Mindy Gilbert
TEL: 801-733-1443
FAX: 801-944-5800

-Morgan Greenwood
TEL: 801-733-1433
FAX: 801-844-5800

CST Lab: NVLAP 200427-0

FIPS Linux Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/21/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v4 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #943); HMAC (Cert. #524); SHS (Cert. #919)

-Other algorithms: N/A

Multi-chip standalone

"The Raytheon Oakley Systems FIPS Linux Cryptographic Module is a software module providing cryptographic functionality for the Raytheon Oakley Systems InnerView insider threat product. InnerView is an enterprise monitoring, threat detection, and policy enforcement solution."
1189 Juniper Networks, Inc.
One Rogers St.
Sixth Floor
Cambridge, MA 02142
USA

-Robert Smith
TEL: 617-949-4067
FAX: 617-547-1031

CST Lab: NVLAP 100432-0

Odyssey Security Component
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/28/2009 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP Professional SP2 running on a Dell Optiplex GX270; Microsoft Windows 2000 Professional SP3 running on a Dell Optiplex GX400

-FIPS-approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength)

Multi-chip standalone

"The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / User Mode is a user mode binary module for the Windows operating system."
1188 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 94002
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252 and AP1522 Wireless LAN Access Points
(Hardware Versions: AP1131 Revision S0, AP1142 Revision A0, AP1242 Revision P0, AP1252 Revision F0 and AP1522 Outdoor Mesh Revision L0; with FIPS Kit AIRLAP-FIPSKIT=, version B0; Firmware Versions: 5.2.157.0, 5.2.178.5, 5.2.193.0 and 5.2.193.11)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/20/2009;
11/20/2009;
07/02/2010;
07/30/2010;
09/17/2010;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #1005, #1006, #1007, #1008 and #1009); HMAC (Certs. #564, #565 and #566); RNG (Certs. #567, #568 and #569); RSA (Certs. #482, #483 and #484); SHS (Certs. #965, #966 and #967)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); RC4; MD5; HMAC MD5

Multi-chip standalone

"The Cisco Aironet Lightweight 1142, 1131, 1252, 1242, 1522 access points deliver the versatility, high capacity and enterprise class security required for small, medium and large Government indoor and outdoor wireless deployments. In FIPS 140-2 mode of operation, the Cisco APs support the LWAPP, MFP, IEEE 802.11i & IEEE 802.1x standards & AES for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security."
1187 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo
TEL: 954-888-6202
FAX: 954-888-6211

CST Lab: NVLAP 200002-0

Datacryptor® Gig Ethernet v1.0 and v1.1
(Hardware Version: 1600X409 v1.00; Firmware Versions: v1.0 and v1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/21/2009 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #454); DSA (Cert. #184); SHS (Cert. #517); RNG (Cert. #239)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Datacryptor® Gig Ethernet v1.0 and v1.1 are multi-chip standalone cryptographic modules. They secure communications using signed Diffie-Hellman key exchange and AES-256 encryption over Gigabit Ethernet networks. They provide data encryption over 1000baseX (802.3z) with supported media types of 1000BaseSX (short-haul fiber), 1000BaseLX (long-haul fiber) or 1000BaseCX (single twisted-pair copper). The units also provide integrated secure unit management capability employing the same techniques used for traffic encryption."
1186 Midland Radio Corporation
5900 Parretta Drive
Kansas City, MO 64120
USA

-David Kingsolver
TEL: 816-462-0421

CST Lab: NVLAP 200427-0

Syn-Tech III P25 Radio Series
(Hardware Versions: STP105B, STP404A, STP404B, STM1050B, STM1055B, STM1115B, STM4040A, STM4045A, STM4040B, STM4045B, STM4085A, STM4085B, SDT1090, SDT4080A and SDT4080B; Firmware Versions: Control Micro-Processor Boot Firmware Version: 1.00 Build:1080, Control Micro-Processor Firmware Version: MDV 1.01 Build:3320, Digital Signal Processor(DSP) Firmware Version: SPV 1.03 Build:0556;)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/21/2009 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #645); SHS (Cert. #916); HMAC (Cert. #521); DRBG (Cert. #5)

-Other algorithms: DES

Multi-chip standalone

"The Midland Syn-Tech III P25 radios provide Project 25 encrypted and clear voice, data and Short Message Service communications in accordance with the Project 25 Digital Land Mobile Radio standards suite. In addition, conventional analog radio voice communications are supported. It is a multi-chip standalone cryptographic module consisting of production grade components in accordance to FIPS 140-2 security level 1."
1185 RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

-Jim Holthaus
TEL: 402-896-6406
FAX: 785-856-1302

CST Lab: NVLAP 100432-0

FIPSCOM Cryptographic Module
(Hardware Versions: P/N 7011-30967-000, Versions (011111, 071609 or 042009) [1] or (011211, 071709 or 042109) [2]; Firmware Versions: 0722-05072-000 [1] or 0722-05072-001 [2] (bootcodes) and 0722-05073-007 [011x11], 0722-05073-004 [071x09] or 0722-05073-003 [042x09] (application))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/21/2009;
10/16/2009;
05/11/2011
Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #899); RSA (Cert. #139); SHS (Cert. #462)

-Other algorithms: DES; AES (AES Cert. #899, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip embedded

"The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
1184 Fortinet, Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-5050 and FortiGate-5140
(Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5140 (build C4GL51); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Version: FortiOS 3.0, build8931, 081110)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/21/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #490, #742 and #743); RNG (Cert. #530); AES (Certs. #476, #925 and #926); SHS (Certs. #544, #909 and #910); RSA (Cert. #449); HMAC (Certs. #233, #516 and #517)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1183

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Software 08/31/2009;
10/26/2010
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1182 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Suresh Subramanian
TEL: 408-346-5682
FAX: 408-346-3463

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-6050 and M-8000 (M-8000 P and M-8000 S)
(Hardware Versions: P/Ns M-6050 (IAP-M65K-ISA, IFO-M65K-ISA, IIP-M65K-ISA) V1.4 and M-8000 (IAP-M80K-ISA, IFO-M80K-ISA, IIP-M80K-ISA) V1.4; Firmware Version: 4.1.11.26)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Blowfish; DES; MD5; TACACS

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are IPS & IDS systems that protect network infrastructures & endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, & encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments & permits the customer to receive real-time network status updates & alerts, implement customized security policies & incident response plans, & perform forensic analysis of attacks."
1181 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.00.00 or R01.01.03] and [R01.00.00 (AES Cert. #819)])

(When operated in FIPS mode with firmware [R01.00.00 (AES Cert. #819)])

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009;
03/05/2010
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); DES; DES-XL; DVP-XL; ADP; LFSR

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1180 Security First Corp.
22362 Gilberto #130
Rancho Santa Margarita, CA 92688
USA

-Rick Orsini
TEL: 949-858-7525
FAX: 949-858-7092

CST Lab: NVLAP 100432-0

SecureParser®
(Hardware Version: P/N AC2020-S, Version 1.0; Software Version: 4.7.0; Firmware Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 08/31/2009 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Ubuntu 8; Windows 2003 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1017, #1027 and #1028); RNG (Cert. #584); RSA (Cert. #491); DSA (Cert. #346); SHS (Certs. #980 and #981); HMAC (Certs. #575 and #576); ECDSA (Cert. #123)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1027, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength)

Multi-chip standalone

"The SecureParser® is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
1179 SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131-2203
USA

-Tom Dickens
TEL: 408-392-4324
FAX: 408-392-0319

CST Lab: NVLAP 100432-0

Hydra PC FIPS File Encryption Module
(Hardware Versions: P/Ns 880070103F [1], 880070104F [2] and 880070105F [3], Versions 01.00.01 [1,2] and 01.00.02 [3]; Firmware Versions: 01.02.12 [1] and 01.02.13 [2,3])

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 08/31/2009;
10/30/2009;
04/09/2010
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #846, #850 and #858); SHS (Certs. #837 and #852); RNG (Cert. #486); DRBG (Cert. #3); ECDSA (Certs. #96 and #97)

-Other algorithms: EC-Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #846, key wrapping)

Multi-chip standalone

"The Hydra PC FIPS File Encryption Module is a multifunctional security device providing the U. S. Government's Suite B standard algorithms, including AES, ECC, and SHA-2. The Hydra PC FIPS File Encryption Module stores encrypted files on a replaceable miniSD/miniSDHC memory card for almost unlimited storage capacity. An exclusive authentication feature can limit the use of a Hydra PC FIPS File Encryption Module to a specifically designated enclave, preventing all external use even if the user knows the logon PIN. Comes with Microsoft Windows file interface."
1178 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® CA4
(Hardware Version: LTK-02-0501; Firmware Version: 4.6.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009;
05/17/2010
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #933); DSA (Cert. #331); ECDSA (Cert. #116); HMAC (Cert. #522); RNG (Cert. #534); RSA (Cert. #452); SHS (Cert. #917); Triple-DES (Cert. #747); Triple-DES MAC (Triple-DES Cert. #747, vendor affirmed)

-Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; AES-MAC (Cert. #933; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
1177 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCM
(Hardware Version: LTK-02-0501; Firmware Version: 4.6.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009;
05/17/2010
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #933); DSA (Cert. #331); ECDSA (Cert. #116); HMAC (Cert. #522); RNG (Cert. #534); RSA (Cert. #452); SHS (Cert. #917); Triple-DES (Cert. #747); Triple-DES MAC (Triple-DES Cert. #747, vendor affirmed)

-Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; AES-MAC (Cert. #933; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1176 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.6.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #510 and #934); DSA (Cert. #332); ECDSA (Cert. #117); HMAC (Cert. #523); RNG (Cert. #535); RSA (Cert. #453); SHS (Cert. #918); Triple-DES (Certs. #520 and #748); Triple-DES MAC (Triple-DES Certs. #520 and #748, vendor affirmed)

-Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1175

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/13/2009 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip embedded

1174 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

Atalla Cryptographic Subsystem (ACS)
(Hardware Version: P/N 545517-002; Firmware Version: Loader Version 1.02, PSMCU Version 7.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009;
09/19/2011
Overall Level: 4 

-FIPS-approved algorithms: AES (Cert. #406); RNG (Cert. #200); RSA (Cert. #531); SHS (Cert. #473)

-Other algorithms: N/A

Multi-chip embedded

"The Atalla Cryptographic Subsystem (ACS) is a multiple-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1173 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-8200

CST Lab: NVLAP 100432-0

SSG 520M and SSG 550M
(Hardware Versions: P/Ns SSG-520M (SSG 520M) and SSG-550M (SSG 550M); Firmware Version: ScreenOS 6.2.0r3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
01/28/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #712); AES (Cert. #867); DSA (Cert. #315); RNG (Cert. #497); RSA (Cert. #418); SHS (Cert. #861); HMAC (Cert. #483); ECDSA (Cert. #104)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The SSG 500 Series consists of high-performance security platforms for regional branch office and medium-sized, standalone businesses that want to stop internal and external attacks, prevent unauthorized access and achieve regulatory compliance. The SSG 550/SSG 550M provides 1+ Gbps of stateful firewall performance and 500 Mbps of IPSec VPN performance, while the SSG 520/SSG 520M provides 650 Mbps of stateful firewall performance and 300 Mbps of IPSec VPN performance."
1172 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-8200

CST Lab: NVLAP 100432-0

SSG 320M and SSG 350M
(Hardware Versions: P/Ns SSG-320M (SSG 320M) and SSG-350M (SSG 350M); Firmware Version: ScreenOS 6.2.0r3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
01/28/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #713); AES (Cert. #868); DSA (Cert. #316); RNG (Cert. #498); RSA (Cert. #419); SHS (Cert. #862); HMAC (Cert. #484); ECDSA (Cert. #105)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The SSG 300 Series comprises high-performance security platforms that help businesses stop internal and external attacks, prevent unauthorized access, and achieve regulatory compliance. The SSG 350M provides 500 Mbps of stateful firewall performance and 225 Mbps of IPSec VPN performance, while the SSG 320M provides 400 Mbps of stateful firewall performance and 175 Mbps of IPSec VPN performance."
1171 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-8200

CST Lab: NVLAP 100432-0

SSG 140
(Hardware Version: P/N SSG-140; Firmware Version: ScreenOS 6.2.0r3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
01/28/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #714); AES (Cert. #869); DSA (Cert. #317); RNG (Cert. #499); RSA (Cert. #420); SHS (Cert. #863); HMAC (Cert. #485); ECDSA (Cert. #106)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The SSG 140 is a high-performance security platform for branch offices and small/medium sized standalone businesses that want to stop internal and external attacks, prevent unauthorized access, and achieve regulatory compliance. The SSG 140 is a modular platform that delivers more than 350 Mbps of stateful firewall traffic and 100 Mbps of IPSec VPN traffic."
1170 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-8200

CST Lab: NVLAP 100432-0

SSG 5 and SSG 20
(Hardware Versions: P/Ns SSG-5 (SSG 5) and SSG-20 (SSG 20); Firmware Version: ScreenOS 6.2.0r3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
01/28/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #711 and #715); AES (Certs. #866 and #870); DSA (Certs. #314 and #318); RNG (Certs. #496 and #500); RSA (Certs. #417 and #421); SHS (Certs. #860 and #864); HMAC (Certs. #482 and #486); ECDSA (Certs. #103 and #107)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The SSG 5 and SSG 20 are high-performance security platforms for small branch office and standalone businesses that want to stop internal and external attacks, prevent unauthorized access and achieve regulatory compliance. Both the SSG 5 and SSG 20 deliver 160 Mbps of stateful firewall traffic and 40 Mbps of IPSec VPN traffic."
1169 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-8200

CST Lab: NVLAP 100432-0

NetScreen-ISG 1000 and NetScreen-ISG 2000
(Hardware Versions: P/Ns NS-ISG-1000 (NetScreen-ISG 1000) and NS-ISG-2000 (NetScreen-ISG 2000); Firmware Version: ScreenOS 6.2.0r3a)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
01/28/2010;
02/12/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #709); AES (Cert. #864); DSA (Cert. #312); RNG (Cert. #494); RSA (Cert. #415); SHS (Cert. #858); HMAC (Cert. #480); ECDSA (Cert. #101)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks ISG 1000 and ISG 2000 are fully integrated firewall/VPN systems that provide multi-gigabit performance, modular architecture and rich virtualization capabilities. They provide an ideal solution for large enterprise, data center, and service provider networks. The ISG Series firewall/VPN-based systems deliver security features such as Intrusion Prevention System (IPS), anti-spam, Web filtering, and Internet Content Adaptation Protocol (ICAP) antivirus redirection support."
1168 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-8200

CST Lab: NVLAP 100432-0

NetScreen-5200 and NetScreen-5400
(Hardware Versions: P/Ns NS-5200/NS-5000-MGT2 (NetScreen-5200), NS-5200/NS-5000-MGT3 (NetScreen-5200), NS-5400/NS-5000-MGT2 (NetScreen-5400) and NS-5400/NS-5000-MGT3 (NetScreen-5400); Firmware Version: ScreenOS 6.2.0r3a)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
01/28/2010;
02/12/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #710); AES (Cert. #865); DSA (Cert. #313); RNG (Cert. #495); RSA (Cert. #416); SHS (Cert. #859); HMAC (Cert. #481); ECDSA (Cert. #102)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks NetScreen-5000 Series is a line of purpose built, high-performance security systems designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5000 Series consists of two products, the 2-slot NetScreen-5200 and the 4-slot NetScreen-5400. The NetScreen-5000 Series security systems integrate firewall, DoS and DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
1167 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.6.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #510 and #934); DSA (Cert. #332); ECDSA (Cert. #117); HMAC (Cert. #523); RNG (Cert. #535); RSA (Cert. #453); SHS (Cert. #918); Triple-DES (Certs. #520 and #748); Triple-DES MAC (Triple-DES Certs. #520 and #748, vendor affirmed)

-Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1166 Accellion, Inc.
1900 Embarcadero Road, Suite 207
Palo Alto, CA 94303
USA

-Prateek Jain
TEL: 650-739-0095
FAX: 650-739-0561

CST Lab: NVLAP 100432-0

Secure File Transfer Appliance
(Hardware Version: P/N ACFIPS-01 Version 1.0.0; Firmware Versions: FTA_8_0_3, FTA_8_0_136 and FTA_8_0_488)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
10/02/2009;
12/08/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (Certs. #843, #844 and #845); SHS (Certs. #835, #836 and #842); HMAC (Cert. #468); DSA (Cert. #307); Triple-DES (Cert. #771)

-Other algorithms: Triple-DES (Cert. #771, key wrapping; key establishment methodology provides 80 bits of encryption strength); AES (Cert. #845, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Blowfish; MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Accellion Secure File Transfer Appliance is a key component of Accellion's secure file transfer solution that enables enterprises an easy to use solution for securely transferring large files. It helps eliminate FTP servers and offload file attachments from email resulting in improved email performance and reduced email storage. Extensive tracking and reporting tools enable companies to demonstrate compliance with SOX, HIPAA, FDA, and GLB regulations. Accellion appliances provide the highest level of security and ease of use of any enterprise file transfer solution."
1165 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Bridge
(Hardware Versions: ES520V1, ES520V2 and ES300; Firmware Version: 5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 08/18/2009;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; Hardware RNG

Multi-chip standalone

"The Fortress Secure Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1164 Meru Networks
894 Ross Drive
Sunnyvale, CA 94089
USA

-Joe Epstein
TEL: 408-215-5300
FAX: 408-215-5301

CST Lab: NVLAP 100432-0

Meru Networks Security Gateway SG1000 Cryptographic Module
(Hardware Version: P/N MN-SG1000; Firmware Version: 1.0-27)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #720); AES (Certs. #903 and #904); SHS (Cert. #894); HMAC (Cert. #493); RSA (Cert. #440); RNG (Cert. #518); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength)

-Other algorithms: MD5; AES (Cert. #903, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength);

Multi-chip embedded

"The Meru Networks Security Gateway SG1000 Cryptographic Module is a high performance purpose built security solution for Wireless LAN deployments. The Meru Networks Security Gateway SG1000 Cryptographic Module provides a FIPS 140-2 Level 3 security solution conforming to the IEEE 802.11i security standards. The Meru Networks Security Gateway SG1000 Cryptographic Module is installed in a slot in the Meru Networks Security Gateway SG1000 appliance."
1163 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module for Luna® IS
(Hardware Version: VBD-03-0100; Firmware Versions: 5.2.5 and 5.2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #510, #910 and #913); Triple-DES (Certs. #520, #728 and #738); DSA (Certs. #320 and #326); RSA (Certs. #442, #444, #454 and #455); ECDSA (Certs. #110 and #112); SHS (Certs. #898 and #900); HMAC (Certs. #507 and #509); Triple-DES MAC (Triple DES Certs. #520, #728 and #738; vendor affirmed); RNG (Certs. #522 and #523)

-Other algorithms: AES MAC (AES Certs. #510, #910 and #913; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip embedded

"The Luna® PCI for Luna® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
1162 Brocade Communications
1745 Technology Drive
San Jose, CA 95110
USA

-Greg Farris
TEL: 408-333-7315

CST Lab: NVLAP 100432-0

Brocade Encryption Switch/FS8-18 Cryptographic Module
(Hardware Versions: BES [P/Ns 60-1001079-01 Rev. B and C] and FS8-18 [P/Ns 60-1001078-01 Rev. B and C])

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/29/2009;
12/22/2009
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #596 and #851); AES GCM (AES Cert. #851, vendor affirmed); RNG (Cert. #358); HMAC (Cert. #346); SHS (Certs. #645 and #844); RSA (Certs. #337 and #407)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); ECC-CDH (non-compliant); AES (Cert. #596, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip embedded

"Cryptographic module for the Brocade Encryption Switch and FS8-18."
1161 Fortinet, Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-1000A and FortiGate-3600
(Hardware Versions: FortiGate 1000A (build C4WA49) and FortiGate 3600 (build C4KW75); Firmware Version: FortiOS 3.0, build8931, 081110)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/29/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #742, #743, #489 and #490); RNG (Cert. #530); AES (Certs. #925, #926, #475 and #476); SHS (Certs. #909, #910, #543 and #544); RSA (Cert. #449); HMAC (Certs. #516, #517, #232 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1160 Motorola, Inc.
1301 East Algonquin Rd.
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

KVL 3000 Plus
(Hardware Versions: P/N T6717A and T6717B; Firmware Versions: R03.52.45, R03.53.01 and R03.53.02)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/29/2009;
01/31/2011
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); SHS (Cert. #335); RNG (Cert. #121)

-Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; LFSR; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR)

Multi-chip standalone

"The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
1159 RSA, The Security Division of EMC
228 South Street
Hopkinton, MA 01748
USA

-Jeff Stone
TEL: 508-249-1189

-Nirav Mehta
TEL: 508-249-2964

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-Kernel
(Software Versions: 1.3.1 [1] and 1.3.1.1 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/29/2009;
08/20/2010;
09/07/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP2 (x86 Celeron) [1]; Windows Server 2003 SP2 (Itanium 2) [1]; Windows Server 2003 SP2 (x64 AMD Athlon X2) [2] (single-user mode)

-FIPS-approved algorithms: AES (Certs. #1105 [1] and #1415 [2]); HMAC (Certs. #617 [1] and #835 [2]); SHS (Certs. #1028 [1] and #1285 [2])

-Other algorithms: AES-XTS

Multi-chip standalone

"RSA BSAFE® Crypto-Kernel is a cryptographic library from RSA, The Security Division of EMC, to provide symmetric encryption, hashing, and message authentication code creation, in the operating system kernel. It provides Advanced Encryption Standard (AES) cipher, SHA-256 message digest, and HMAC capabilities."
1158 AirMagnet, Inc.
830 E. Arques Ave.
Sunnyvale, CA 94085
USA

-Tony Ho
TEL: 408-400-1255
FAX: 408-744-1250

CST Lab: NVLAP 200648-0

SmartEdge Sensor A5020, A5023, A5120 and A5123
(Hardware Versions: A5020, A5023, A5120 and A5123; Firmware Version: 8.5.0-12047)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/29/2009 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #331); Triple-DES (Cert. #395); SHS (Cert. #406); RSA (Cert. #111); RNG (Cert. #152); HMAC (Cert. #135)

-Other algorithms: RC4; RC2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); DES; Triple-DES (non-compliant); AES (non-compliant); IDEA; Blowfish; Twofish

Multi-chip standalone

"The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
1157 Oracle Corporation
500 Eldorado Blvd.
Bldg 5
Broomfield, CO 80021
USA

-David Hostetter
TEL: 303-272-7126

CST Lab: NVLAP 100432-0

Sun StorageTek™ T10000A Tape Drive
(Hardware Version: P/N 315462802; Firmware Versions: 1.40.108, 1.41.110 and 1.41.111)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/16/2009;
09/02/2009;
05/05/2010
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-FIPS-approved algorithms: AES (Certs. #495, #647, #941, #942 and #967); DRBG (Cert. #6); HMAC (Certs. #398 and #540); SHS (Certs. #736 and #937); RSA (Cert. #334)

-Other algorithms: AES (Cert. #941, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The Sun StorageTek™ T10000A tape drive provides 500 GB native capacity and 120 MB/sec throughput. The T10000A is designed for maximum security and performance in enterprise-level applications. It employs AES-256 encryption to protect and authenticate customer data while also using AES-256 to provide secure and authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Sun KMA 2.x to provide a secure end-to-end management solution."
1156 Oracle Corporation
500 Eldorado Blvd.
Bldg 5
Broomfield, CO 80021
USA

-David Hostetter
TEL: 303-272-7126

CST Lab: NVLAP 100432-0

Sun StorageTek™ T10000B Tape Drive
(Hardware Version: P/N 315488302; Firmware Versions: 1.40.208, 1.41.210 and 1.41.211)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/16/2009;
09/02/2009;
05/05/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #495, #647, #941, #942 and #967); DRBG (Cert. #6); HMAC (Certs. #398 and #540); SHS (Certs. #736 and #937); RSA (Cert. #334)

-Other algorithms: AES (Cert. #941, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The Sun StorageTek™ T10000B tape drive provides 1 TB native capacity and 120 MB/sec throughput using the same media and with backward read compatibility to the T10000A. Designed for maximum security and performance, the T10000B provides AES-256 encryption to protect and authenticate customer data and to provide secure, authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Sun KMA 2.x to provide a secure end-to-end management solution."
1155 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3)
(Hardware Versions: 6506, 6509, 6506-E and 6509-E; Backplane chassis: Hardware Versions 1.1 (6506-E), 1.4 (6509-E), 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 5.7(SUP720-3B), 5.7 (SUP720-3BXL), 2.1 (SUP720-10GbE); IPSec VPN SPA; Hardware Version 1.0; Firmware Versions: Modular IOS 12.2(33)SXI and 12.2(33)SXI1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/16/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert #598); HMAC (Certs. #348 and #550); RNG (Certs. #356 and #554); SHS (Certs. #647 and #948); Triple-DES (Cert #569)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"The Catalyst 6500 series switches with the IPSec VPN SPA offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1154 Digi International, Inc.
11001 Bren Road East
Minnetonka, MN 55343
USA

-Brian O'Rourke
TEL: 952-912-3444
FAX: 952-912-4952

CST Lab: NVLAP 200648-0

Digi Passport 4 FIPS, 8 FIPS, 16 2 AC FIPS, 32 2 AC FIPS and 48 2 AC FIPS
(Hardware Version: Rev. 1.1 [1] or Rev. 1.1.1 [2]; Firmware Version: 1.2.0F [1] or 1.2.0.1F [1][2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/16/2009;
11/27/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #821); Triple-DES (Cert. #693); SHS (Cert. #819); RSA (Cert. #398); DSA (Cert. #301); RNG (Cert. #473); HMAC (Cert. #454)

-Other algorithms: RC4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES

Multi-chip standalone

"The latest entry in Digi's advanced console management line, the Digi Passport provides secure remote access to the console ports of computer systems and network equipment. In addition to conventional serial console connections, the Digi Passport connects to the service processors of the leading server vendors. It also provides SMASH extensions to each of these network-based access protocols."
1153 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3)
(Hardware Versions: 6506, 6509, 6506-E and 6509-E; Backplane chassis: Hardware Versions 1.1(6506-E), 1.4 (6509-E) and 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 5.7 (SUP720-3B), 5.7 (SUP720-3BXL) and 2.1 (SUP720-10GbE); IPSec VPN SPA: Hardware Version 1.0; Firmware Versions: IOS 12.2(33)SXI and IOS 12.2(33)SXI1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/01/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #598); HMAC (Certs. #348 and #549); RNG (Certs. #356 and #553); SHS (Certs. #647 and #947); Triple-DES (Cert. #569)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant)

Multi-chip standalone

"The Catalyst 6500 series switches with the VPN Services Port Adapter offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1152 IBM® Corporation
9032 S Rita Road
Tucson, AZ 85744
USA

-David L. Swanson
TEL: 520-799-5515

-Christine Knibloe
TEL: 520-799-5719

CST Lab: NVLAP 200427-0

IBM System Storage LTO Ultrium 4 Tape Drive
(Hardware Versions: 23R9539 (Fibre Channel), 23R9904 (SAS), and 95P4613 (SCSI); Firmware Versions: df080911bf_89Bb.FC.fips.ro (Fibre Channel), df080911bf_89Bb.SAS.fips.ro (SAS), and df080911bf_89Bb.SCSI.fips.ro (SCSI))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/01/2009 Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #918 and #919); AES GCM (Certs. #918 and #919, vendor affirmed); RNG (Cert. #527); RSA (Cert. #446); SHS (Cert. #906)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IBM LTO Ultrium 4 Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Three different host interface types of the LTO Ultrium 4 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
1151 Rajant Corporation
400 E. King Street
Malvern, PA 19355
USA

-Marty Lamb
TEL: 610-873-6788 x209

CST Lab: NVLAP 200416-0

BreadCrumb® ME2 1S2F
(Hardware Version: ME2 1S2F; Firmware Version: 10.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/01/2009 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #791 and #908); RSA (Cert. #378); SHS (Cert. #792); HMAC (Cert. #434); RNG (Cert. #455);

-Other algorithms: RC4; MD5; Diffie-Hellman; AES (Cert #791, key wrapping)

Multi-chip standalone

"The Rajant BreadCrumb® ME2 1S2F is a rugged wireless transmitter-receiver that forms a mesh network (using InstaMesh®) when used in conjunction with other BreadCrumb® devices. This portable wireless mesh network node supports an open-standard IEEE 802.11 b/g radio with up to two antennas to enable data, voice and video applications."
1150

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/22/2009;
12/11/2009;
05/03/2012
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip embedded

1149 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation S200/D200
(Hardware Versions: P/Ns D2-S200-S01, D2-S200-S02, D2-S200-S04, D2-S200-S08, D2-S200-S16, D2-D200-S01, D2-D200-S02, D2-D200-S04, D2-D200-S08, D2-D200-S16 and D2-D200-S32; Firmware Versions: 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.5, 2.0.6, 2.0.8 and 2.0.9)

(Files distributed with the module mounted within the CD Drive are excluded from the validation.)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2009;
08/28/2009;
10/02/2009;
11/20/2009;
12/22/2009;
03/26/2010;
08/02/2010;
10/26/2011;
04/24/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #1034); RNG (Cert. #587); RSA (Cert. #494); SHS (Certs. #986 and #987); HMAC (Cert. #579)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IronKey Secure Flash Drive includes a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1148 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Unified Wireless IP Phone 7921G and 7925G
(Hardware Versions: 7921G and 7925G; Firmware Version: 1.3(2), 1.4(1) or 1.4(3))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2009;
05/28/2010;
02/09/2012;
02/23/2012;
01/24/2013
Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #987 and #988); HMAC (Certs. #555 and #556); RNG (Cert. #560); RSA (Cert. #475); SHS (Certs. #954 and #955); Triple-DES (Cert. #773)

-Other algorithms: HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); MD5

Multi-chip standalone

"For workers who need to communicate while moving about the workplace or campus, the Cisco Unified Wireless IP Phone 7921G and 7925G provide wired phone capabilities in an easy-to-navigate, menu directed wireless phone. These phones can be programmed with six extensions or a combination of extensions and speed dials. Each have a 2-inch color display; speakerphone capabilities, a new combination charger and speakerphone stand. Additionally, the 7925G provides support for bluetooth headsets."
1147

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/18/2009 Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1146 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Version: 3.8.5.51)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 06/24/2009;
01/28/2010
Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry Storm 9500 with BlackBerry OS Version 4.7

-FIPS-approved algorithms: Triple-DES (Cert. #750); AES (Certs. #946 and #947); SHS (Cert. #921); HMAC (Cert. #526); RSA (Cert. #456); RNG (Cert. #536); ECDSA (Cert. #118)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1145 Oberthur Technologies
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christopher Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

Oberthur ID-One Cosmo 128 v5.5 for DoD CAC
(Hardware Version: B0; Firmware Versions: F310-067735 with ASC library package v2.6.2B.3, ACA applet package v2.6.2B.4, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.4, and SMA applet package v2.6.2B.3)

(PIV Card Application: Cert. #15)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2009;
08/02/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #606); Triple-DES MAC (Triple-DES Cert. #606, vendor affirmed); RSA (Cert. #304); RNG (Cert. #377)

-Other algorithms: RSA (key transport; key establishment methodology provides 80 or 112 bits of encryption strength)

Single-chip

"This module is based on the Oberthur Dual Interface (ISO7816 & ISO14443) ID-One Cosmo family of Smart Cards that provide a secure Javacard platform with data storage and enhanced cryptographic processing capabilities specifically designed to fit the needs of government and enterprise personnel identification applications. This configuration runs ActivIdentity applet suite V 2.6.2B into its 144K EEPROM memory. The Applet Suite provides services for authentication, access control, generic container and PKI. It conforms to SP800-73-1 Transitional & End-Point Card Edge (for HSPD-12/PIV)."
1144 SCsquare Ltd.
2A Habarzel St.
Ramat Hahayal
Tel Aviv, 69710
Israel

-Yossi Fixman
TEL: +972-3-7657-331
FAX: +972-3-649-4975

CST Lab: NVLAP 200636-0

Apollo OS V4.03 on SLE66CX680PE m1534-a13
(Firmware Version 4.03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 06/24/2009 Overall Level: 3 

-Tested: SLE66CX680PE m1534-a13 smart card controller IC

-FIPS-approved algorithms: Triple-DES (Cert. #701); DSA (Cert. #306); SHS (Cert. #839); RNG (Cert.#483); RSA (Cert. #406); HMAC (Cert. #464)

-Other algorithms: ECDSA (non-compliant)

Single-chip

"Apollo OS V4.03 on SLE66CX680PE is a multi-purpose smart card utilizing an ISO 7816 file system. Apollo OS V4.03 is implemented as firmware in ROM of an Infineon SLE66CX680PE smart card controller IC."
1143 Mitsubishi Electric Corporation Kamakura Works
325 Kamimachiya
Kamakura, Kanagawa 247-8520
Japan

-Masanori Sato
TEL: +81-467-41-6640
FAX: +81-467-41-6975

-Koichiro Sasaki
TEL: +81-467-41-6670
FAX: +81-467-41-6975

CST Lab: NVLAP 200017-0

Command Encryption Module
(Firmware Version: 1.1)

(When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 06/24/2009 Overall Level: 2 

-EMI/EMC: Level 3

-Tested: HP Compaq DC 5100 Running Microsoft Windows 2000 SP4 and Zone Labs Zone Alarm Pro Firewall version 7.0.481.000

-FIPS-approved algorithms: Triple-DES (Cert. #759)

-Other algorithms: N/A

Multi-chip standalone

"Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
1142

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/03/2009 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1141 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco ASA 5505, 5510, 5520, 5540 and 5550 Security Appliances
(Hardware Versions: 5505, 5510, 5520, 5540, 5550, FIPS Kit (Cisco-FIPS-KIT=): Revision -B0 and ASA 5505 FIPS Kit (ASA5505-FIPSKIT=): Revision -A0; Firmware Versions: 8.0.4.16, 8.0.4.28, 8.0.5, 8.2.1 and 8.2.2.9)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2009;
07/17/2009;
01/28/2010;
02/12/2010;
05/05/2010;
05/28/2010;
06/02/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #105, #564, #966 and #1258); HMAC (Certs. #125, #301, #539 and #735); RNG (Certs. #144, #329, #545 and #701); RSA (Certs. #106, #261, #467 and #604); SHS (Certs. #196, #630, #935 and #1153); Triple-DES (Certs. #217, #559, #760 and #897)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); ECDH (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
1140 EF Johnson Technologies
1440 Corporate Drive
Irving, TX 75038-2401
USA

-John Oblak
TEL: 507-837-5116
FAX: 507-837-5120

CST Lab: NVLAP 100432-0

Johnson Encryption Machine 2 (JEM2)
(Hardware Version: 023-3900-183; Firmware Versions: 2.0 and 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/25/2009;
07/02/2010
Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #917); SHS (Cert. #904); HMAC (Cert. #512); DSA (Cert. #328); RNG (Cert. #526)

-Other algorithms: AES (Cert. #917, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (AES Cert. #917, vendor affirmed; P25 AES OTAR); DES

Multi-chip standalone

"The EF Johnson Technologies Johnson Encryption Machine 2 (JEM2) is a cryptographic module meeting the FIPS140-2, Level 1 requirement. The JEM2 provides cryptographic operations to support Project 25 infrastructure. The JEM2 supports AES OTAR, AES, DSA, SHA-1, SHA-256, SHA-512, and HMAC FIPS Approved algorithms."
1139 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3271 High Performance Mobile Access Router Card (HMARC)
(Hardware Version: A0; Firmware Version: 12.4(15)T7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/28/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #890 and #945); HMAC (Certs. #497 and #530); RNG (Cert. #511); RSA (Cert. #432); SHS (Certs. #881 and #920); Triple-DES (Certs. #727 and #749)

-Other algorithms: DES; DES-MAC; TDES-MAC (non-compliant); MD5; MD4; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength)

Multi-chip embedded

"The Cisco 3271 Rugged ISR is a high-performance, ruggedized router designed to support multiple applications running concurrently over wired or wireless networks. With onboard hardware encryption, the Cisco 3271 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks."
1138 NitroSecurity Inc
230 Commerce Way
Portsmouth, NH 03801
USA

-Bill Virtue
TEL: 603-570-3936
FAX: 603-766-8169

CST Lab: NVLAP 200427-0

NitroView ESM/Receiver Cryptographic Module
(Hardware Version: NS-ESMRCV-2250-R; Software Versions: 8.0.0.20080605 and 8.2.0)

(When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/28/2009;
10/23/2009
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The NitroView ESM/Receiver is a multi-chip standalone cryptographic module consisting of production grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1137 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

ProtectServer Gold (PSG)
(Hardware Version: Revision B2 and B3 [1], B4 [2] or C [3]; Firmware Version: 2.07.00[2], 2.08.00 [1-3] or 3.00.03 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/22/2009;
07/24/2009;
03/28/2011;
11/08/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #921 and #1582); DSA (Certs. #329 and #488); ECDSA (Certs. #114 and #193); HMAC (Certs. #515 and #928); RNG (Certs. #529 and #851); RSA (Certs. #448 and #772); SHS (Certs. #908 and #1401); Triple-DES (Certs. #741 and #1038); Triple-DES MAC (Triple-DES Certs. #741 and #1038, vendor affirmed)

-Other algorithms: AES MAC (AES Certs. #921 and #1582; non-compliant); ARIA, and ARIA MAC; CAST 128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECIES; IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; SEED MAC

Multi-chip standalone

"The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
1136 Aladdin Knowledge Systems, Ltd.
35 Efal St.
Kiryat Arie, Petach Tikva Israel

-Chanan Lavi
TEL: 972-3-9781111
FAX: 972-3-9781010

CST Lab: NVLAP 100432-0

Aladdin eToken PRO (Java) HD and Aladdin eToken Anywhere HD
(Hardware Versions: P/N Aladdin eToken PRO (Java) HD Version 4.29 or 4.30 and Aladdin eToken Anywhere HD Version 4.33; Firmware Versions: 0106.7130.0207, 0106.8015.0508 or 0106.8015.0808 with Aladdin eToken v1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/22/2009;
07/02/2010;
10/26/2011
Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #681); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); SHS (Cert. #789)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Single-chip

"Aladdin eToken PRO (Java) HD offers strong authentication and guaranteed non-repudiation for sensitive applications such a eBanking, stock trading, eCommerce and financial transactions. Aladdin eToken PRO (Java) HD is based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and Global Platform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
1135 Aladdin Knowledge Systems, Ltd.
35 Efal St.
Kiryat Arie, Petach Tikva Israel

-Chanan Lavi
TEL: 972-3-9781111
FAX: 972-3-9781010

CST Lab: NVLAP 100432-0

Aladdin eToken PRO (Java), Aladdin eToken Anywhere and Aladdin eToken PRO (Java) SC
(Hardware Versions: P/Ns Aladdin eToken PRO (Java) Version 4.29 or 4.30, Aladdin eToken Anywhere Version 4.33 and Aladdin eToken PRO (Java) SC Versions 7 or 8; Firmware Versions: 0106.7130.0207, 0106.8015.0508 or 0106.8015.0808 with Aladdin eToken v1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/22/2009;
07/02/2010;
10/26/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #681); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); SHS (Cert. #789)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Single-chip

"Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC offers strong authentication and guaranteed non-repudiation for sensitive applications such a eBanking, stock trading, eCommerce and financial transactions. Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC are based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and Global Platform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits incl"
1134 Mobile Armor, Inc.
400 South Woods Mill Road
Suite 300
St. Louis, MO 63017
USA

-Brian Wood
TEL: 443-468-1238

CST Lab: NVLAP 200427-0

Mobile Armor Cryptographic Module
(Software Version: 3.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/22/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista; Microsoft Windows Vista 64-bit; Red Hat Enterprise Linux 5.1; Red Hat Enterprise Linux 5.1 64-bit; Fedora Core 8; Fedora Core 8 64-bit; Ubuntu 7.10; Ubuntu 7.10 64-bit; Apple OS X 10.5; Windows Mobile 6 (single user mode)

-FIPS-approved algorithms: AES (Cert. #820); Triple-DES (Cert. #692); SHS (Cert. #818); HMAC (Cert. #453); RNG (Cert. #472)

-Other algorithms: N/A

Multi-chip standalone

"The Mobile Armor Cryptographic Module 3.0 is a multi-chip standalone software module running on a standard IBM compatible personal computer, an Intel-based Mac, or a mobile device. On the PC, the software module can execute within a Linux, Microsoft Windows or Mac OS X operating system; while on a mobile device the module can be executed within a Windows Mobile Operating System."
1133 ViaSat UK Ltd.
Sanford Lane
Wareham, Dorset BH20 4DY
United Kingdom

-Tim D. Stone
TEL: +44 1929 55 44 00
FAX: +44 01929 55 25 25

CST Lab: NVLAP 200556-0

FlagStone Core
(Hardware Versions: V2.0.1.1, V2.0.1.2, V2.0.1.3, V2.0.2.1, V2.0.2.2, V2.0.2.3, V2.0.3.3, V2.0.3.4, V2.0.5.3 and V2.0.5.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/22/2009;
06/01/2009;
01/06/2010;
06/21/2011;
07/27/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #922 and #923); RNG (Cert. #531)

-Other algorithms: N/A

Multi-chip embedded

"The FlagStone Core is a multi-chip embedded cryptographic module used within the Eclypt and the Eclypt Freedom Drives. The FlagStone Core, and subsequently the Eclypt and Eclypt Freedom Drives utilising the FlagStone Core, provide access control and data encryption services to protect access to data stored on a HDD (Hard Disk Drive). All accessible sectors on a HDD connected to a FlagStone Core are encrypted."
1132 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Mike Siegel
TEL: 888-847-8766

CST Lab: NVLAP 100432-0

McAfee Endpoint Encryption for Files and Folders
(Software Versions: 3.1.1.7 and 3.1.2.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/22/2009;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista 32; Microsoft Windows Vista 64; Microsoft Windows XP Professional (single-user mode)

-FIPS-approved algorithms: AES (Cert. #891); DSA (Cert. #323); RNG (Cert. #512); SHS (Cert. #884)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RC5; AES (non-compliant)

Multi-chip standalone

"McAfee Endpoint Encryption for Files and Folders is a user transparent and high performing client software for encryption of files and folders on local drives, network shares, removable media and CD/DVD. E-mail attachments may also be encrypted for both internal and external recipients. In addition, the centralized McAfee Endpoint Encryption management system provides flexible and powerful management of encryption policies and keys, robust recovery tools, policy enforcement and remote deployment."
1131 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Mike Siegel
TEL: 888-847-8766

CST Lab: NVLAP 100432-0

McAfee Endpoint Encryption for PCs
(Software Versions: 5.1.6, 5.1.7 and 5.1.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/22/2009;
07/24/2009;
02/12/2010;
03/28/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista 64; Microsoft Windows Vista 32; Microsoft Windows XP Professional (single-user mode)

-FIPS-approved algorithms: AES (Cert. #893); DSA (Cert. #325); RNG (Cert. #514); SHS (Cert. #886)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"McAfee Endpoint Encryption for PC is a high performance software solution that provides sector-level encryption of a PC's hard drive in a manner that is totally transparent to the user. In addition, the centralized McAfee Endpoint Encryption management system provides robust recovery tools, administration, and implementation."
1130 CommVault Systems, Inc.
2 Crescent Place
Oceanport, NJ 07757
USA

-Zahid Ilkal, Product Manager
TEL: 732-870-4812
FAX: 732-870-4525

CST Lab: NVLAP 200017-0

CommVault Crypto Library
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 05/12/2009 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Intel Core2 Duo w/ Microsoft Windows 2003; Intel Core2 Duo w/ Redhat Linux 5.0; UltraSPARC II w/ Sun Solaris 10 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #700); AES (Cert. #847); SHS (Cert. #838); HMAC (Cert. #465); RSA (Cert. #405); RNG (Cert. #482)

-Other algorithms: DES; Blowfish; Serpent; Twofish; MD5; HMAC-MD5

Multi-chip standalone

"CommVault Crypto Library (CVCL) is a cryptographic software module used in various products by CommVault Systems, Inc. The module provides a collection of FIPS Approved and Non-FIPS Approved cryptographic services for key generation, symmetric and asymmetric encryption, hash, HMAC and signature generation/verification."
1129 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200427-0

Fortress Secure Client
(Software Version: 4.1.1 Build 4278X)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/06/2009;
03/26/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP 4, Windows XP Professional SP 2, Windows 2003 Server SP2, Windows Vista Ultimate Edition (single-user mode)

-FIPS-approved algorithms: AES (Cert. #975); HMAC (Cert. #547); RNG (Cert. #552); SHS (Cert. #944); Triple-DES (Cert. #768)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; RSA (non-compliant)

Multi-chip standalone

"The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
1128 NeoScale Systems, Inc.
1655 McCarthy Blvd
Milpitas, CA 95035
USA

-Marcus Streets
TEL: 011-44-1223-723613
FAX: 011-44-1223-723601

CST Lab: NVLAP 200017-0

CryptoStor Tape FC702R and FC704R
(Hardware Versions: FC702R - P/N FA00005-00, Rev 6 and FC704R - P/N FA00006-00 Rev 8; Firmware Version: 2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/12/2009 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #275 and #516); AES (Certs. #173 and #506); SHS (Certs. #258 and #577); RSA (Cert. #221); HMAC (Certs. #39 and #259); RNG (Cert. #285)

-Other algorithms: N/A

Multi-chip standalone

"NeoScale CryptoStor Tape is a family of readily deployable, high-speed tape security appliances that compress, encrypt and digitally sign data as it goes to tape media or virtual tape without disrupting backup processes. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery. Used in conjunction with the NeoScale CryptoStor KeyVault key management system, CryptoStor Tape provides an automated, secure and open key sharing capability between locations, businesses or applications."
1127 NeoScale Systems, Inc.
1655 McCarthy Blvd.
Milpitas, CA 95035
USA

-Marcus Streets
TEL: 011-44-1223-723613
FAX: 011-44-1223-723601

CST Lab: NVLAP 200017-0

CryptoStor Tape SC702R
(Hardware Version: P/N FAS00004-00 Rev 6; Firmware Version: 2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/12/2009 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #275 and #516); AES (Certs. #173 and #506); SHS (Certs. #258 and #577); RSA (Cert. #221); HMAC (Certs. #39 and #259); RNG (Cert. #285)

-Other algorithms: N/A

Multi-chip standalone

"NeoScale CryptoStor Tape is a family of readily deployable, high-speed tape security appliances that compress, encrypt and digitally sign data as it goes to tape media or virtual tape without disrupting backup processes. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery. Used in conjunction with the NeoScale CryptoStor KeyVault key management system, CryptoStor Tape provides an automated, secure and open key sharing capability between locations, businesses or applications."
1126 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-5050 Chassis with FortiGate-5001A-DW Blade
(Hardware Versions: FortiGate-5001A-DW (P4CJ36), ADM-XB2 (AMC28F), ADM-FB8 (P4FB78) and FG-5050 (C4QP38); Firmware Version: FortiOS 3.00, build8864,080819)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/12/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); AES (Certs. #612, #613 and #614); SHS (Certs. #660, #661 and #662); RSA (Certs. #284 and #285); HMAC (Certs. #315, #316 and #317)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1125 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Bridge
(Hardware Versions: ES520V1 and ES520V2; Firmware Version: 5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/14/2009;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5

Multi-chip standalone

"The Fortress Secure Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1124 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Mike Siegel
TEL: 888-847-8766

CST Lab: NVLAP 100432-0

McAfee Endpoint Encryption for Mobile
(Software Versions: 2.3.0.5 and 2.4.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/01/2009;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Mobile 5 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #892); DSA (Cert. #324); RNG (Cert. #513); SHS (Cert. #885)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"McAfee Endpoint Encryption for Mobile is a security system for smart phones and pocket PCs that prevents the data stored on such devices from being read or used by an unauthorized person. In simple terms, McAfee Endpoint Encryption for Mobile takes control of a user's data away from the operating system."
1123 Mobile Armor, Inc.
400 South Woods Mill Rd.
Suite 300
Chesterfield, MO 63017
USA

-Brian Wood
TEL: 314-590-0900
FAX: 314-590-0995

CST Lab: NVLAP 200427-0

Mobile Armor Cryptographic Module 3.5
(Software Version: 3.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/24/2009 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows XP Professional SP2 running on Dell Optiplex GX270; Windows 2000 Professional SP3 running on Dell Optiplex GX400; Windows Server 2003 SP1 running on Dell Optiplex GX270; Red Hat Enterprise Linux Version 5 running on IBM System x3455; SUSE Linux Enterprise Server 10 SP1 running on IBM System x3455

-FIPS-approved algorithms: AES (Cert. #920); HMAC (Cert. #514); RNG (Cert. #528); SHS (Cert. #907); Triple-DES (Cert. #740)

-Other algorithms: DES

Multi-chip standalone

"The Mobile Armor Cryptographic Module provides the core cryptographic functionality of Mobile Armor's Enterprise Mobile Data Security products which provide enterprise-level data encryption and device management."
1122 Kanguru Solutions
1360 Main St.
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200648-0

Kanguru Biolock
(Software Version: 1.0.1.8)

(This module contains the embedded module Crypto++ validated to FIPS 140-2 under Cert. #819 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/14/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #499); SHS (Cert. #569); HMAC (Cert. #253); RNG (Cert. #279); DSA (Cert. #206); Triple-DES (Cert. #512 )

-Other algorithms: N/A

Multi-chip standalone

"Kanguru Solutions is the leader in portable secure storage devices. Kanguru Biolock addresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
1121 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-924-3406

CST Lab: NVLAP 100432-0

Cygnus X-2 Postal Security Device
(Hardware Versions: 1MEC BBC/BAJ (Canada), 1MES BBC/BAJ (Canada), 1MCT BBC/BAJ (Canada), 1MET BBC/BAJ (Canada), 1M00 BBC/BAJ (US) and 1M05 BBC/BAJ (US))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/14/2009 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: ECDSA (Cert. #48); DSA (Cert. #200); SHS (Cert. #562); Triple-DES (Cert. #503); Triple-DES MAC (Triple-DES Cert. #503, vendor affirmed); RNG (Cert. #272); HMAC (Cert. #246)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1120 TecSec, Atmel, CPI Card Group, and Athena Smartcard
1048 Dead Run Drive
McLean, VA 22101-2121
USA

-Ron Parsons
TEL: 301-639-5510
FAX: 703-506-1484

CST Lab: NVLAP 100432-0

TecSec PIV Eagle Card - Contact
(Hardware Version: P/N Atmel AT90SC144144CT Revision G; Software Version: P/N TecSec Contact PIV Applet Version 1.01 JCT; Firmware Version: P/N Athena IDProtect XL Version 010A.7204.0004)

(PIV Card Application: Cert. #11)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2009 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #592); Triple-DES MAC (Triple-DES Cert. #592, vendor affirmed); AES (Cert. #639); SHS (Cert. #674); RNG (Cert. #364); RSA (Cert. #292)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Single-chip

"The TecSec PIV Eagle Card - Contact cryptographic module provides data security for government and enterprise personnel identification. The primary purpose of this device is to enable the creation of a dual-chip PIV smart card as described in [FIPS201] that is fully compliant with the end-point service specified in SP800-73-1. The CM contains two Java Card applets implementing the PIV functionality (the Software) running on a GlobalPlatform Java Card operating system (the Firmware). The CM is physically connected to a smart card contact plate as defined in [7816-1] and [7816-2]."
1119 LiteScape Technologies, Inc.
1000 Bridge Parkway, Suite 200
Redwood Shores, CA 94065
USA

-Kayvan Alikhani

CST Lab: NVLAP 200427-0

LiteScape SPAR
(Hardware Version: 021013A; Firmware Version: 1.0.7, Bootloader: v52b4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2009 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #822); HMAC (Certs. #455, #456 and #457); SHS (Certs. #820, #821 and #822)

-Other algorithms: N/A

Multi-chip standalone

"SPAR (Secure Personal Authentication Reader) is a multi-factor authentication device that provides RFID, Biometric and Magnetic-card interfaces. Using the SPAR at the edge of VOIP networks when coupled with devices such as IP phone terminals dramatically increases the security, validation and personalization process for business applications."
1118 TecSec, Atmel, CPI Card Group, and Athena Smartcard
1048 Dead Run Drive
McLean, VA 22101-2121
USA

-Ron Parsons
TEL: 301-639-5510
FAX: 703-506-1484

CST Lab: NVLAP 100432-0

TecSec PIV Eagle Card - Contactless
(Hardware Version: P/N Atmel AT90SC12872RCFT Revision M; Software Version: P/N TecSec Contactless PIV Applet Version 1.0 JCL; Firmware Version: P/N Athena ID Protect Duo Version 0107.7099.0105)

(PIV Card Application: Cert. #11)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2009 Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); SHS (Cert. #680); RNG (Cert. #368); RSA (Cert. #296)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Single-chip

"TecSec PIV Eagle Card - Contactless is a cryptographic module that may be configured as a contact or contactless PIV application. With this unique solution, a dual-chip product can be created without changing the user experience that assures the information stored on the contact chip is not compromised through the contactless interface. The CM is based on the Athena OS755 Java Card smart card operating system that is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 2 (Level 4 for physical security)."
1117 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886-3-424-4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200017-0

HiKey - Flash and HiKey PKI Token
(Hardware Versions: 1.5 and 1.8; Software Version: Card OS version 3.1 with GINA Applet: 1.0, PKI Applet: 2.0, FISC II Applet: 1.2; Firmware Version: 1.25)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/07/2009;
11/17/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: RSA (Cert. #434); Triple-DES (Cert. #732); SHS (Cert. #889); RNG (Cert. #515); HMAC (Cert. #501); Triple-DES MAC (Triple-DES Cert. #732, vendor affirmed); AES (Cert. #896);

-Other algorithms: AES MAC (AES Cert. #896; non-compliant)

Multi-chip standalone

"The HiKey Flash and HiKey PKI Token modules are multi-chip standalone implementations of a cryptographic module. The Hikey - Flash and HiKey PKI Token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HiKey - Flash and HiKey PKI Token cryptographic modules contain an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart cards."
1116 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-65, AP-70 and AP-85 Wireless Access Points
(Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 or AP-85TX-F1 Rev. 01; Firmware Versions: ArubaOS 3.3.2.18-FIPS, ArubaOS 3.3.2.19-FIPS, ArubaOS 3.3.2.20-FIPS, ArubaOS 3.3.2.21-FIPS, ArubaOS 3.4.2.3-FIPS, ArubaOS 3.4.4.0-FIPS or ArubaOS 3.4.5.1-FIPS)

(When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2009;
05/18/2009;
07/24/2009;
12/10/2009;
02/12/2010;
05/05/2010;
10/25/2010;
01/31/2011;
03/14/2011;
07/19/2011;
02/06/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #895 and #900); HMAC (Certs. #500 and #503); RNG (Cert. #516); RSA (Certs. #433 and #436); SHS (Certs. #887, #888 and #892); Triple-DES (Certs. #731 and #734)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1115 Safend Ltd.
32 Habarzel Street
Tel Aviv, 69710
Israel

-Alon Barel
TEL: +972-3-644-2662 x225
FAX: +972-3-648-6146

CST Lab: NVLAP 200556-0

Safend Cryptographic Library
(Software Version: 3.3 or 3.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/03/2009;
05/18/2009;
07/05/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional (single-user mode)

-FIPS-approved algorithms: AES (Cert. #879); SHS (Cert. #870); HMAC (Cert. #492); RNG (Cert. #504)

-Other algorithms: DES; SHA-256 (Cert. #870; non-compliant)

Multi-chip standalone

"The Safend Cryptographic Library offers reliable, simple and tamper-proof endpoint monitoring, device identification, and blocking based on administrator-defined policies. Protects all local, physical communications ports including USB, Firewire and PCMCIA, wireless endpoints such as WiFi, Bluetooth and IrDA, and removable and physical storage devices such as CD/DVD-RWs and iPods."
1114 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086-5301
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-310B
(Hardware Version: C4ZF35; Firmware Version: FortiOS 3.00, build8864,080819)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/03/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #612, #613 and #614); Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); SHS (Certs. #660, #661 and #662); HMAC (Certs. #315, #316 and #317); RSA (Certs. #284 and #285)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1113 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-200A/200A-HD; FortiGate-300A/300A-HD; FortiGate-500A/500A-HD; FortiGate-800
(Hardware Versions: FortiGate-200/200A-HD (build C4AY89), FortiGate-300/300A-HD (build C4FK88), FortiGate-500/500A-HD (build C4BE21), FortiGate-800 (build C4UT39); Firmware Version: FortiOS 3.0, build8931, 081110)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/03/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #742, #743, #489 and #490); RNG (Cert. #530); AES (Certs. #925, #926, #475 and #476); SHS (Certs. #909, #910, #543 and #544); RSA (Cert. #449); HMAC (Certs. #516, #517, #232 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1112 Technical Communications Corporation
100 Domino Drive
Concord, MA 01742-2892
USA

-Fidel Camero
TEL: 978- 287-6303
FAX: 978-371-1280

CST Lab: NVLAP 200017-0

CipherTalk® 8000 Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/03/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Mobile 5.0; Windows Mobile 6.1; Windows XP Embedded with SP2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #848); SHS (Cert. #840); RNG (Cert. #484); HMAC (Cert. #466)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 149 bits of encryption strength); Twofish

Multi-chip standalone

"The CipherTalk® 8000 Cryptographic Module is an Operating System Agnostic cipher engine, encapsulating all the cryptographic functions for TCC's CipherTalk family of wireless products. Its functions include encryption and key exchange algorithms, authentication algorithms, and integrity and verification algorithms."
1111 Open Source Software Institute
3610 Pearl Street
Hattiesburg, MS 39401
USA

-Steve Marquess
TEL: 301-524-9915
FAX: 301-831-8447

CST Lab: NVLAP 200648-0

OpenSSL FIPS Runtime Module
(Software Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 04/03/2009;
05/28/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Fedora Linux 9; Microsoft Windows XP SP 2 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #623 and #624); AES (Certs. #681 and #682); SHS (Certs. #711 and #712); HMAC (Certs. #362 and #363); RSA (Certs. #318 and #319); DSA (Certs. #257 and #258); RNG (Certs. #397 and 398)

-Other algorithms: DES; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL v0.9.8 product."
1110 Gesellschaft für sichere Mobile Kommunikation mbH
Marienstrasse 11
Berlin, 10117
Germany

-Bjoern Rupp
TEL: +49 700 2797 8835

-Frank Rieger
TEL: +49 700 2797 8835

CST Lab: NVLAP 200017-0

CryptoPhone Security Kernel
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/26/2009;
07/08/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Mobile 5.0; Windows Mobile 6.1; Windows XP Embedded with SP2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #849); SHS (Cert. #841); RNG (Cert. #485); HMAC (Cert. #467)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 149 bits of encryption strength); Twofish

Multi-chip standalone

"The CryptoPhone Security Kernel is a portable multi-platform cryptographic module that provides strong encryption, authentication, key exchange, message integrity verification, and secure memory abstraction services to GSMK CryptoPhone encryption products. All GSMK products come with full source code for independent review."
1109 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-120 Series Wireless Access Points
(Hardware Versions: AP-124-F1 Rev. 01and AP-125-F1 Rev. 01; Firmware Versions: ArubaOS 3.3.2.18-FIPS, ArubaOS 3.3.2.19-FIPS, ArubaOS 3.3.2.20-FIPS, ArubaOS 3.3.2.21-FIPS, ArubaOS 3.4.2.3-FIPS, ArubaOS 3.4.4.0-FIPS or ArubaOS 3.4.5.1-FIPS)

(When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/26/2009;
05/18/2009;
07/24/2009;
12/10/2009;
02/12/2010;
05/05/2010;
10/25/2010;
01/31/11;
03/14/2011;
07/19/2011;
02/06/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #861 and #900); HMAC (Certs. #478 and #503); RNG (Cert. #516); RSA (Certs. #435 and #436); SHS (Certs. #891, #856 and #892); Triple-DES (Certs. #708 and #734)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1108 Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.)
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200017-0

Secure Firewall (Sidewinder) 1100E
(Hardware Version: 1100; Firmware Version: 7.0.1.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/09/2009 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1107 Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.)
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200017-0

Secure Firewall (Sidewinder) 2150E
(Hardware Version: 2150; Firmware Version: 7.0.1.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/09/2009 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1106 Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.)
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200017-0

Secure Firewall (Sidewinder) 4150E
(Hardware Version: 4150; Firmware Version: 7.0.1.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/09/2009 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1105 AJA Video Systems, Inc.
443 Crown Point Circle
Grass Valley, CA 95945
USA

-Fred Dominikus
TEL: 530-274-2048
FAX: 530-274-9442

CST Lab: NVLAP 100432-0

JPG2K
(Hardware Versions: 102387-00, 102387-02 and 102387-03; Firmware Versions: 1.0, 1.5 and 1.6)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/26/2009;
01/06/2010;
10/13/2011
Overall Level: 3 

-FIPS-approved algorithms: RSA (Cert. #392)

-Other algorithms: N/A

Multi-chip embedded

"The JPG2K is a PCIe card that provides a platform for secure media processing."
1104 NitroSecurity Inc
230 Commerce Way
Portsmouth, NH 03801
USA

-Bill Virtue
TEL: 603-570-3936
FAX: 603-766-8169

CST Lab: NVLAP 200427-0

NitroView Receiver Cryptographic Module
(Hardware Version: NS-RCV-2250-R; Software Versions: 8.0.0.20080605 and 8.2.0)

(When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/26/2009;
10/23/2009
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The NitroView Receiver is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1103 NitroSecurity Inc
230 Commerce Way
Portsmouth, NH 03801
USA

-Bill Virtue
TEL: 603-570-3936
FAX: 603-766-8169

CST Lab: NVLAP 200427-0

NitroView ESM Cryptographic Module
(Hardware Versions: NS-ESM-4245-R, NS-ESMR-4200-R and NS-ESM-5750-R; Software Versions: 8.0.0.20080605 and 8.2.0)

(When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/26/2009;
10/23/2009
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The NitroView ESM is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1102 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

HP StorageWorks Secure Key Manager
(Hardware Version: P/N AJ087B, Version 1.1; Firmware Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/14/2009;
09/19/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (Cert. #653); DSA (Cert. #244); HMAC (Cert. #470); RNG (Cert. #375); RSA (Cert. #302); SHS (Cert. #847); Triple-DES (Cert. #604)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); KAS (vendor affirmed, key establishment methodology provides 80 bits of encryption strength); DES; MD5; RC4

Multi-chip standalone

"The HP Secure Key Manager automates encryption key generation and management based on security policies. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
1101 PGP Corporation, a division of Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-Vinnie Moscaritolo
TEL: 650-527-8000
FAX: 650-527-1984

CST Lab: NVLAP 200802-0

PGP Software Developer's Kit (SDK) Cryptographic Module
(Software Versions: 4.0.0 and 4.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/26/2009;
07/02/2010;
07/30/2010;
01/13/2011
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Mac OS X 10.6; Linux, 32-bit: CentOS 5.4 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #905, #906 and #907); AES (Certs. #1288, #1289 and #1290); RSA (Certs. #614, #615 and #616); DSA (Certs. #414, #415 and #416); SHS (Certs. #1182, #1183 and #1184); HMAC (Certs. #748, #749 and #750); RNG (Certs. #717, #718 and #719)

-Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD60; ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1100 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200427-0

Check Point Crypto Core
(Software Version: 1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/26/2009;
05/28/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Mobile 6.0 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #430); Triple-DES (Cert. #459); SHS (Cert. #499); RSA (Cert. #162); HMAC (Cert. #202); RNG (Cert. #222); Triple-DES MAC (Triple-DES Cert. #459; vendor-affirmed)

-Other algorithms: Blowfish; CAST-128; CAST-256; DES; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows Mobile 6. The module provides cryptographic services accessible user mode on the respective platforms through implementation of platform specific binaries."
1099 Gemalto
Austin Arboretum Plaza II 9442
Capital of Texas Hwy North
Suite 4
Austin, TX 78759
USA

-Pedro Martinez
TEL: 512-257-3871
FAX: 512-257-3881

CST Lab: NVLAP 100432-0

Gemalto .NET Smart Card
(Hardware Version: Infineon SLE 88CFX4000P; Firmware Versions: .Net Platform and Content Manager v2.2; FIPS Assembly v1.1; FIPS Access Manager v1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/10/2009;
03/19/2009
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #719); AES (Cert. #877); RNG (Cert. #503); RSA (Cert. #424); SHS (Cert. #869); HMAC (Cert. #491)

-Other algorithms: AES (key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Single-chip

"The Gemalto .NET v2.2 Smart Card Platform implements a subset of the .NET Framework with high end cryptographic capabilities, including Random Number Generation, on Board Key Generation, and encryption and hashing algorithms such as 3DES, AES, SHA, and 2048 bit RSA. The combination of advanced programmability provided by the .NET Framework and the high end security features make .NET v2.2 a perfect support for Enterprise and Government security solutions."
1098 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-3016B, FortiGate-3600A and FortiGate-3810A-E4
(Hardware Versions: C4XA14, V3BU94 and C3GV75; Firmware Version: FortiOS 3.00, build8785, 080605)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/10/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #612, #613 and #614); Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); SHS (Certs. #660, #661 and #662); HMAC (Certs. #315, #316 and #317); RSA (Certs. #284 and #285)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1097 NitroSecurity Inc.
230 Commerce Way
Portsmouth, NH 03801
USA

-Bill Virtue
TEL: 603-570-3936
FAX: 603-766-8169

CST Lab: NVLAP 200427-0

NitroGuard IPS cryptographic module
(Hardware Versions: NS-IPS-620R-4C-B, NS-IPS-1220R-6C-B, NS-IPS-1220R-4C-2F-B, NS-IPS-620R-4C-BFS, NS-IPS-4245-R-4BTX, NS-IPS-4245-R-4BSX; Software Versions: 8.0.0.20080605 and 8.2.0)

(When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/03/2009;
10/23/2009
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The NitroGuard IPS is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device. The network interface cards do not contain any security-relevant functionality. They are within the cryptographic boundary but are excluded from the evaluation."
1096

CST Lab: NVLAP 200002-0


Validated to FIPS 140-2

Security Policy

Certificate

Firmware 02/24/2009;
04/03/2009
Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1095 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086-5301
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiWiFi-50B
(Hardware Version: C5WF27; Firmware Version: FortiOS 3.00, build8802,080626)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/03/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #489, #583 and #584); AES (Certs. #475, #613; #614 and #758); SHS (Certs. #543, #661 and #662); HMAC (Certs. #232, #316 and #317); RSA (Cert. #285); RNG (Cert. #345)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5; DES

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1094 ERUCES, Inc.
11142 Thompson Ave.
Lenexa, KS 66219
USA

-Dr. Bassam Khulusi
TEL: 913-310-0888
FAX: 913-859-9797

-Oggy Vasic
TEL: 913-310-0888
FAX: 913-859-9797

CST Lab: NVLAP 200017-0

Tricryption Cryptographic Module
(Software Version: 7.0)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/03/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 R2; Red Hat Enterprise Linux 5 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #684); AES (Cert. #796); SHS (Cert.#795); HMAC (Cert. #437); RSA (Cert. #380); RNG (Cert. #457); ECDSA (Cert. #88)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength)

Multi-chip standalone

"Tricryption Cryptographic Module is a software library providing cryptographic services for ERUCES' Tricryption family of high volume encryption & key management products including key servers, file, database, executables encryption, and special services (anonymization, de-identification, & privacy protection)."
1093 Vertex Standard Co., Ltd.
4-8-8 Nakameguro
Meguro-Ku, Tokyo 153-8644
Japan

-Yukimasa Tomita
TEL: 81-3-5725-6112
FAX: 81-3-5725-6201

CST Lab: NVLAP 100432-0

Vertex Standard Cryptographic Module 001
(Hardware Version: P/N 013790D; Firmware Version: 71.72)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/03/2009 Overall Level: 1 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #813); SHS (Cert. #813)

-Other algorithms: DES; LFSR

Multi-chip embedded

"The Vertex Standard Cryptographic Module 001 (VSCM) is a cryptographic module (also processes digital data) that is to be incorporated into two-way digital radio products. These digital radios are for use in communication with other APCO Project 25 compatible devices."
1092 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Versions: 3.0.0.1 [1], 3.0.0.14 [2], 3.0.0.15 [3] and 3.0.0.19 [4])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/24/2009;
03/06/2009;
09/07/2010;
03/28/2011;
10/04/2011;
04/02/2012;
12/12/2012;
01/24/2013
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux AS 4.0 (x86 32-bit) with LSB 3.0.3 [1]; Windows Vista Ultimate (x86 32-bit) - Visual Studio 2005 SP1 /MD option [1]; Windows XP Professional SP2 (x86 32-bit) - Visual Studio 2005 SP1 /MT option [1]; Linux 2.6.28-rt16 PowerPC (32-bit) [2, 4]; NetBSD v2.0.3 (x86 32-bit) [3]; NetBSD v2.0.3 MIPS (RM7035c 32-bit) [3] (single user mode)

-FIPS-approved algorithms: AES (Certs. #860 [1], #1771 [2, 4] and #1951 [3]); AES GCM (Certs. #860 [1], #1771 [2, 4] and #1951 [3], vendor affirmed: SP 800-38D); DRBG (Certs. #4 [1], #122 [2, 4] and #172 [3]); DSA (Certs. #311 [1], #554 [2, 4] and #623 [3]); ECDSA (Certs. #98 [1], #100 [1], #239 [2, 4], #240 [2, 4], #281 [3] and #282 [3]); HMAC (Certs. #477 [1], #1040 [2, 4] and #1177 [3]); RNG (Certs. #492 [1], #943 [2, 4] and #1027 [3]); RSA (Certs. #412 [1], #887 [2, 4] and #1012 [3]); SHS (Certs. #855 [1], #1555 [2, 4] and #1713 [3]); Triple-DES (Certs. #707 [1], #1147 [2, 4] and #1268 [3])

-Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1091 Kanguru Solutions
1360 Main St.
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200648-0

KanguruLock
(Software Version: 1.0.4.25)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/24/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single user mode)

-FIPS-approved algorithms: AES (Cert. #243); SHS (Cert. #321); HMAC (Cert. #51); RNG (Cert. #78)

-Other algorithms: N/A

Multi-chip standalone

"Kanguru Solutions is the leader in portable secure storage devices. KanguruLockaddresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
1090 Proxim Wireless Corporation
1561 Buckeye Drive
Milpitas, CA 95035
USA

-Cor van de Water
TEL: 408-383-7626
FAX: 408-383-7680

-Kishore Gandham
TEL: 408-383-7665

CST Lab: NVLAP 200556-0

Tsunami MP.11 HS 245054_R, Tsunami MP.11 HS 245054_RC and Tsunami MP.11 HS 245054_S
(Hardware Version: 2.0.0; Firmware Version: 1.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/24/2009;
09/18/2009
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #794 and #830); Triple-DES (Cert. #695); SHS (Cert. #826); DSA (Cert. #302); RSA (Cert. #400); HMAC (Cert. #461); RNG (Cert. #477)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Proxim Tsunami MP.11 HS 245054_R, 245054_RC, and 245054_S wireless products offer fixed and mobile WiMAX capabilities to distribute wireless broadband access supporting video, voice, and data applications. In FIPS mode, the modules support proprietary WORP protocol for wireless transmission and serial, TLS, SSH, and SNMP for management."
1089 Motorola, Inc.
6480 Via Del Oro
San Jose, CA, CA 95119
USA

-Colin R. Cooper
TEL: 408-528-2871
FAX: 408-528-2903

CST Lab: NVLAP 200648-0

RFS7000 RF Switch
(Hardware Version: RFS7000; Firmware Versions: RFS7000-1.0.0.0-020GR and RFS7000-1.0.0.0-022GR)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 02/09/2009;
06/01/2009
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"Designed for large scale, high bandwidth deployments, the RFS7000 Wireless Switch from Motorola provides robust, highly scalable support for seamless enterprise mobility. Motorola's Wi-NG architecture, optimized for enterprise mobility and multimedia applications, simplifies network deployment and management, provides superior performance, security and scalability, and supports emerging RF technologies. Built on this platform, the RFS7000 enables campus wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service (QoS) and increased voice capacity."
1088 Motorola, Inc.
6480 Via Del Oro
San Jose, CA, CA 95119
USA

-Colin R. Cooper
TEL: 408-528-2871
FAX: 408-528-2903

CST Lab: NVLAP 200648-0

WS5100 Wireless Switch
(Hardware Version: WS5100; Firmware Versions: WS5100-3.0.0.0-020GR and WS5100-3.0.0.0-022GR)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/09/2009;
06/01/2009
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #648 and #649); AES (Certs. #726, #727 and #772); SHS (Certs. #744 and #745); HMAC (Certs. #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The WS5100 Wireless Switch from Motorola provides enhanced support for enterprise mobility and multimedia applications, as well as security and manageability. Based on Motorola's Wi-NG (Wireless Next Generation) architecture, the WS5100 enables seamless campus-wide roaming, more robust failover capabilities, enhanced security, improved mobile client battery life, and increased voice capacity. Robust security features includes an IPSec VPN gateway, and secure guest access provisioning. The WS5100 supports 48 802.11 a/b/g Access Ports/Points for L2/L3 adoption and mobility."
1087 Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, NY 14534
USA

-Robert Pethick
TEL: 585-248-9720
FAX: 585-248-9185

CST Lab: NVLAP 100432-0

FIPS Key Generator
(Software Version: 2.1)

(When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode), (Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) or (Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #382 operating in FIPS mode)])

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/09/2009;
03/14/2012
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1; Windows 7; Windows Server 2008 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #327 and #1650); RNG (Certs. #149 and #882)

-Other algorithms: N/A

Multi-chip standalone

"The FIPS Key Generator module's primary purpose is to provide a cryptographically secure means for generating 128-bit AES keys to be used as Master Keys within Lenel's Communication Server module. The FIPS Key Generator module is part of the Lenel advanced access control and alarm monitoring system which is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, biometrics and smart card support, is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1086 Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, NY 14534
USA

-Robert Pethick
TEL: 585-248-9720
FAX: 585-248-9185

CST Lab: NVLAP 100432-0

Communication Server
(Software Versions: 5.11.216 + Hot Fix 2.0.3 and 5.12.012 + Hot Fix 2.0.3)

(When operated in FIPS mode with Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #382 operating in FIPS mode and FIPS Key Generator validated to FIPS 140-2 under Cert. #1087)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/09/2009 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #327); RNG (Cert. #149); RSA (Cert. #81); SHS (Cert. #364); RNG (vendor affirmed)

-Other algorithms: RC2

Multi-chip standalone

"The Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1085 Gemalto and ActivIdentity Inc.
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

-James McLaughlin
TEL: 512-257-3954
FAX: 512-257-3881

-Stephane Ardiley
TEL: 510-745-6288
FAX: 510-745-0101

CST Lab: NVLAP 200427-0

SafesITe TOP DL GX4 - FIPS with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV
(Hardware Versions: A1005291 - CHIP.P5CD144.MPH051B, A1011108 - CHIP.P5CD144.MPH051B and A1047808 - CHIP.P5CD144.MPH051B; Firmware Version: GX4-FIPS EI08, Applet Versions: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.3, SMA applet package v2.6.2B.3)

(PIV Card Application: Cert. #14)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/03/2009;
02/23/2009;
02/24/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #782); RNG (Cert. # 450); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed)

-Other algorithms: N/A

Single-chip

"This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (128K EEPROM) memory, with a cryptographic applet suite V 2.6.2b developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container, PKI, One Time password and Secure Messaging (SMA). The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2"
1084 NetLib®
A Subsidiary of Communication Horizons, LLC
65 High Ridge Road
Suite 428
Stamford, CT 06905
USA

-Neil Weicher
TEL: 203-321-1278 x91

CST Lab: NVLAP 200416-0

NetLib® Encryptionizer® for SQL Server
(Software Version: 8.601.1)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 02/03/2009;
06/04/2009;
04/12/2011
Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server; Windows 2003 Server; Windows 2003 x64 Server (single user mode)

-FIPS-approved algorithms: AES (Cert. #857); SHS (Cert. #851); HMAC (Cert. #474)

-Other algorithms: N/A

Multi-chip standalone

"The NetLib® Encryptionizer® for SQL Server 8.601.1 provides encryption of data stored in MS SQL Server databases and backups. It can be deployed without programming and without adding any administrative overhead. The purpose of whole database encryption is to make a database unusable if it is stolen, copied, downloaded, lost, or otherwise improperly accessed."
1083 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Versions: 3.8.5.42[1], 3.8.5.48[1] and 3.8.5.50a[2])

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 01/22/2009;
01/30/2009;
02/24/2009
Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 9000 with BlackBerry OS Versions 4.6[1][2] and 4.6.1[2]

-FIPS-approved algorithms: Triple-DES (Certs. #717, #718 and #739); AES (Certs. #873, #874, #875, #876, #915 and #924); SHS (Certs. #867, #868 and #902); HMAC (Certs. #489, #490 and #511); RSA (Certs. #422, #423 and #445); RNG (Certs. #501, #502 and #525); ECDSA (Certs. #108, #109 and #113)

-Other algorithms: EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1082 Teletec Corporation
5617-107 Departure Drive
Raleigh, NC 27616
USA

-Diane Hunter
TEL: 919-954-7300
FAX: 919-954-7500

-Harry Taji
TEL: +962 65824941
FAX: +962 65844950

CST Lab: NVLAP 200427-0

"Guardian" Subscriber Encryption Module
(Hardware Version: R2; Firmware Versions: Main firmware: 1.00.02, Bootloader firmware: 1.00.01)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/22/2009 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #826); SHS (Cert. #825); HMAC (Cert. #460); RNG (Cert. #476)

-Other algorithms: N/A

Multi-chip embedded

""Guardian" Subscriber Encryption Module (SEM) is a multi-chip embedded cryptographic module intended to be installed in conventional FM radio equipment to provide digital level of encryption with 256-bit AES cipher. Key and configuration are loaded using programming cable and specific software executed on a generic Windows personal computer. Module supports secure update of internal firmware, providing a mean for future enhancements."
1081 IBM® Corporation
11400 Burnet Road
Austin, TX 78758
USA

-Tom Benjamin
TEL: 512-286-5319
FAX: 512-436-8009

CST Lab: NVLAP 200427-0

IBM Java JCE FIPS 140-2 Cryptographic Module
(Software Version: 1.3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/22/2009;
03/13/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 using IBM JVM 1.6 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #805); DSA (Cert. #297); HMAC (Cert. #445); RNG (Cert. #463); RSA (Cert. #387); SHS (Cert. #803); Triple-DES (Cert. #687)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits and greater than 256-bits of encryption strength); MD5

Multi-chip standalone

"The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.6 level and higher."
1080 BigFix, Inc.
1480 64th St.
Suite 200
Emeryville, CA 94608
USA

-Noah Salzman
TEL: 510-740-0308
FAX: 510-652-6742

-Peter Loer
TEL: 510-740-5158
FAX: 510-652-6742

CST Lab: NVLAP 200017-0

BigFix Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 01/07/2009 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-Operational Environment: Tested as meeting Level 2 with AIX 5.2 running on IBM P610; HP-UX 11.11 running on HP C3000; SUSE Linux Enterprise Server 9 running on IBM eServer 325; Mac OS X 10.3.6 running on iMac G4; Red Hat Enterprise Linux 4 Update 2 Advanced Server running on HP XW4100 Pentium 4; Red Hat Enterprise Linux 4 Update 2 Advanced Server 64-bit running on HP ProLiant DL145 G2; Solaris 9 SPARC running on Sun Blade 150; Solaris 10 SPARC running on Sun Blade 150; Solaris 10 x86 running on Dell Precision 650; Windows 2000 Pro with SP3 running on Dell Optiplex GX400; Windows 2003 Enterprise Edition with SP1 running on Dell Optiplex GX270; Windows XP Pro with SP2 running on Dell Optiplex GX270

-FIPS-approved algorithms: Triple-DES (Cert. #688); AES (Cert. #806); DSA (Cert. #298); SHS (Cert. #804); HMAC (Cert. #446); RSA (Cert. #388); RNG (Cert. #464)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The BigFix Cryptographic Module 1.0 is a software library that runs on a wide variety of computing platforms and performs encryption, hashing, and random number generation functions."
1079 Secuware
Torre Picasso
Plaza Pablo Ruiz Picasso, s/n.
Madrid, 28020
Spain

-Jorge López Hernández-Ardieta
TEL: +34 915-649-149
FAX: +34 915-629-697

TEL: +34 608-271-936

CST Lab: NVLAP 200658-0

Secuware Security Framework - Crypt4000 Module
(Software Version: 4.0)

(When obtained, built, installed, protected and initialized as assumed by the Crypto Officer role and specified in Section 8.2 of the provided Security Policy. Section 8.2 of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files shall be obtained via secure FTP. Any deviation from the specified verification, protection, installation and initialization procedures will result in a FIPS 140-2 non-compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/24/2008;
01/26/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single user mode)

-FIPS-approved algorithms: AES (Cert. #792); SHS (Cert. #905); HMAC (Cert. #513)

-Other algorithms: N/A

Multi-chip standalone

"The SCM is a function library implementing crypto services which is delivered to the final user as a SW cryptographic object module, running on Windows operating system in a General Purpose Computer. The logical cryptographic boundary for the SCM is the discrete block of object code containing the machine instructions and data generated from the SCM FIPS source, which will be allocated continuously in a main memory address space, as used by the calling application."
1078 MRV Communications
295 Foster St.
Littleton, MA 01460
USA

-Nicholas Minka
TEL: 978-952-5742

-Tim Bergeron
TEL: 978-952-5647

CST Lab: NVLAP 200427-0

LX-4000T Series Console Servers
(Hardware Versions: 600-R3265 RevB through 600-R3288 RevB (inclusive) [1] and 600-R3265 RevC through 600-R3288 RevC (inclusive) [2]; Firmware Versions: linuxito Versions: (5.3.1 [1] and 5.3.5 [2]) and ppciboot Versions: (5.3.1 [1] and 5.3.5 [2]))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
12/11/2009
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #854 and #855); DSA (Cert. #308); RNG (Cert. #489); RSA (Cert. #408); SHS (Certs. #848 and #849); Triple-DES (Certs. #704 and #705); HMAC (Certs. #471 and #472)

-Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RNG (non-compliant)

Multi-chip standalone

"The LX-4000T Series Console Servers are a key component of MRV's Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization's networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV's Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access."
1077 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba 200, 800, and 6000/SCII Mobility Controllers with ArubaOS FIPS Firmware
(Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS or 800-16-SX-AOS-STD-FIPS; 6000: (6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS) with [(minimum one: LC-2G-1, LC-2G24F-1 or LC-2G24FP-1) and (minimum one: SC-48-C1-1, SC-128-C1-1 or SC-256-C2-1)] (no more than four total); Firmware Versions: 200: A200_3.3.2.0-FIPS, A200_3.3.2.11-FIPS, A200_3.3.2.14-FIPS, A200_3.3.2.18-FIPS, A200_3.3.2.19-FIPS, A200_3.3.2.20-FIPS A200_3.3.2.21-FIPS, A200_3.4.2.3-FIPS, A200_3.4.4.0-FIPS or A200_3.4.5.1-FIPS; 800: A800_3.3.2.0-FIPS, A800_3.3.2.11-FIPS, A800_3.3.2.14-FIPS, A800_3.3.2.18-FIPS, A800_3.3.2.19-FIPS, A800_3.3.2.20-FIPS, A800_3.3.2.21-FIPS, A800_3.4.2.3-FIPS, A800_3.4.4.0-FIPS or A800_3.4.5.1-FIPS; 6000: A5000_3.3.2.0-FIPS, A5000_3.3.2.11-FIPS, A5000_3.3.2.14-FIPS, A5000_3.3.2.18-FIPS, A5000_3.3.2.19-FIPS, A5000_3.3.2.20-FIPS, A5000_3.3.2.21-FIPS, A5000_3.4.2.3-FIPS, A5000_3.4.4.0-FIPS or A5000_3.4.5.1-FIPS)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
03/30/2009;
07/29/2009;
10/23/2009;
10/25/2010;
01/07/2011;
03/14/2011;
07/19/2011;
02/06/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Cert. #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631)

-Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1076 JVC KENWOOD Corporation
1-16-2, Hakusan, Midori-ku
Yokohama-shi, Kanagawa 226-8525
Japan

-Tamaki Shimamura
TEL: +81 45 939 6254
FAX: +81 45 939 7093

-Joe Watts
TEL: 678-474-4700
FAX: 678-474-4730

CST Lab: NVLAP 100432-0

Secure Cryptographic Module (SCM)
(Hardware Version: P/N KWD-AE20, Version 1.0.0; Firmware Versions: A2.0.0 and A.2.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
01/26/2009;
02/19/2010;
12/07/2011;
01/31/2012
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #831 and #832); SHS (Cert. #827)

-Other algorithms: DES; DES MAC; LFSR; AES MAC (AES Cert. #831, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption."
1075 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS FIPS Firmware
(Hardware Versions: 3200: 3200-8-AOS-STD-FIPS-US; 3400: 3400-32-AOS-STD-FIPS-US; 3600: 3600-64-AOS-STD-FIPS-US; 6000: (6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS) with [(minimum one: LC-2G-1, LC-2G24F-1 or LC-2G24FP-1) and (one or two: M3mk1-G10X-10G2X)] (no more than four total); Firmware Versions: 3200, 3400 and 3600: (A3000_3.3.2.0-FIPS, A3000_3.3.2.11-FIPS, A3000_3.3.2.14-FIPS, A3000_3.3.2.18-FIPS, A3000_3.3.2.19-FIPS, A3000_3.3.2.20-FIPS, A3000_3.3.2.21-FIPS, A3000_3.4.2.3-FIPS, A3000_3.4.4.0-FIPS or A3000_3.4.5.1-FIPS); 6000: (ArubaOS_MMC_3.3.2.0-FIPS, ArubaOS_MMC_3.3.2.11-FIPS, ArubaOS_MMC_3.3.2.14-FIPS, ArubaOS_MMC_3.3.2.18-FIPS, ArubaOS_MMC_3.3.2.19-FIPS, ArubaOS_MMC_3.3.2.20-FIPS, ArubaOS_MMC_3.3.2.21-FIPS, ArubaOS_MMC_3.4.2.3-FIPS, ArubaOS_MMC_3.4.4.0-FIPS or ArubaOS_MMC_3.4.5.1-FIPS))

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
03/30/2009;
07/29/2009;
10/23/2009;
10/25/2010;
01/07/2011;
03/14/2011;
07/19/2011;
02/06/2013
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #465 and #823); HMAC (Certs. #416 and #458); RNG (Cert. #475); RSA (Cert. #399); SHS (Certs. #768 and #823); Triple-DES (Certs. #482 and #694)

-Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security stan"
1074 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Nokia VPN Appliance
(Hardware Versions: IP390 and IP560; Firmware Versions: IPSO v4.1 and Check Point VPN-1 NGX (R60) [HFA-03])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
05/28/2009
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #397, #342, #442 and #497); Triple-DES (Certs. #507, #510, #465, #466, #435 and #406); HMAC (Certs. #248, #251, #207, #208, #176 and #146); SHS (Certs. #564, #567, #508, #509, #469 and #417); DSA (Certs. #202 and #204); RSA (Certs. #211, #213, #215 and #167); RNG (Certs. #275, #277, #229 and #230)

-Other algorithms: CAST; DES (Cert. #314); HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Triple-DES (K3 mode; non-compliant)

Multi-chip standalone

"The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1073 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Dave Norton
TEL: 978-288-7079
FAX: 978-288-4004

-Dragon Grebovich
TEL: 978-288-8069
FAX: 978-288-8153

CST Lab: NVLAP 200427-0

VPN Router 1750, 2700, 2750 and 5000 with VPN Router Security Accelerator
(Hardware Versions: 1750, 2700, 2750 and 5000 with DM0011085; Firmware Version: 07_05.100)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #102, #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #143, #738 and #739); Triple-DES (Certs. #158, #641 and #642)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access"
1072 RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

-Jim Holthaus
TEL: 402-896-6406
FAX: 785-856-1302

CST Lab: NVLAP 100432-0

FIPSCOM Cryptographic Module
(Hardware Versions: P/N 7011-30967-000, Versions 100808 and 100908; Firmware Versions: 0722-05072-001 and 0722-05073-002)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #899); RSA (Cert. #139); SHS (Cert. #462)

-Other algorithms: DES

Multi-chip embedded

"The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
1071 CipherMax, Inc.
3 Results Way
Cupertino, CA 95014
USA

-Steven Tan
TEL: 408-777-8090
FAX: 408-861-3650

CST Lab: NVLAP 100432-0

CM140T
(Hardware Version: P/N 81-00048-01 Version ELC 9.2; Firmware Version: 5.4.0.36)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
02/23/2009
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #633); Triple-DES (Cert. #590); DSA (Cert. #241); RNG (Cert. #360); RSA (Cert. #289); SHS (Cert. #670); HMAC (Cert. #326)

-Other algorithms: MD5; Diffie-Hellman (key wrapping; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"CM140T provides a scalable, easy-to-manage storage security solution for tape backup in a compact 1U chassis. With support for 16 FC-port, any-to-any connectivity, storage access control, line-speed data compression, data integrity authentication, and automated key management, the CM140T delivers a complete solution for all tape-based applications."
1070 CipherMax, Inc.
3 Results Way
Cupertino, CA 95014
USA

-Steven Tan
TEL: 408-777-8090
FAX: 408-861-3650

CST Lab: NVLAP 100432-0

CM180D
(Hardware Version: P/N 81-00038-01 Version ILC 6.11; Firmware Version: 5.4.0.36)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
02/23/2009
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #629); Triple-DES (Cert. #590); DSA (Cert. #241); RNG (Cert. #360); RSA (Cert. #289); SHS (Cert. #670); HMAC (Cert. #326)

-Other algorithms: MD5; Diffie-Hellman (key wrapping; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"CM180D delivers a complete solution for all primary and secondary disk-based storage application, with in-line encryption processing, discrete security administration controls, and a comprehensive, automated key management system. The integration of powerful encryption processing and high port count, any-to-any connectivity allows for CM180D to deliver an enormous amount of functionality with far less consumption space, power, and cooling than first generation in-line encryption appliances."
1069

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/09/2008;
12/11/2009
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

1068 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Dave Norton
TEL: 978-288-7079
FAX: 978-288-4004

-Dragon Grebovich
TEL: 978-288-8069
FAX: 978-288-8153

CST Lab: NVLAP 200427-0

VPN Router 1750, 2700, 2750 and 5000 with Hardware Accelerator
(Hardware Versions: 1750, 2700, 2750 and 5000 with DM0011052; Firmware Version: 07_05.100)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/15/2008 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #101, #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #51, #738 and #739);Triple-DES (Certs. #29, #641 and #642)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); HMAC MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access"
1067 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Dave Norton
TEL: 978-288-7079
FAX: 978-288-4004

-Dragan Gribovich
TEL: 978-288-8069
FAX: 978-288-4004

CST Lab: NVLAP 200427-0

Nortel VPN Router 1010, 1050 and 1100
(Hardware Versions: 1010, 1050 and 1100; Firmware Version: 07_05.100)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/15/2008 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-FIPS-approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #738 and #739); Triple-DES (Certs. #641 and #642)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provide 80 or 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ECDH (non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The FIPS 140-2 Level 1 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
1066 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Dave Norton
TEL: 978-288-7079
FAX: 978-288-4004

-Dragon Grebovich
TEL: 978-288-8069
FAX: 978-288-8153

CST Lab: NVLAP 200427-0

Nortel VPN Router 600, 1750, 2700, 2750 and 5000
(Hardware Versions: 600, 1750, 2700, 2750 and 5000; Firmware Version: 07_05.100)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/15/2008 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #738 and #739); Triple-DES (Certs. #641 and #642)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provide 80 or 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ECDH (non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
1065 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e
(Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3032E-030, Build Standard N; Firmware Version: 2.33.82-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/15/2008;
08/28/2009
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #397 and #754); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435 and #666); Triple-DES MAC (Triple-DES Certs. #435 and #666, vendor affirmed); DSA (Cert. #280); ECDSA (Cert. #81); SHS (Cert. #764); HMAC (Cert. #410); RSA (Cert. #356); RNG (Cert. #436)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1064 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7]
(Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Version: 2.33.82-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/15/2008;
08/28/2009;
01/28/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #397 and #754); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435 and #666); Triple-DES MAC (Triple-DES Certs. #435 and #666, vendor affirmed); DSA (Cert. #280); ECDSA (Cert. #81); SHS (Cert. #764); HMAC (Cert. #410); RSA (Cert. #356); RNG (Cert. #436)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1063 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7]
(Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Version: 2.33.82-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/15/2008;
08/28/2009;
01/28/2010
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #397 and #754); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435 and #666); Triple-DES MAC (Triple-DES Certs. #435 and #666, vendor affirmed); DSA (Cert. #280); ECDSA (Cert. #81); SHS (Cert. #764); HMAC (Cert. #410); RSA (Cert. #356); RNG (Cert. #436)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1062 BeCrypt Limited
130 Shaftesbury Avenue
London, W1D 5EU
United Kingdom

-Pali Surdhar
TEL: +44 (0)845 838 2050
FAX: +44 (0)845 838 2060

CST Lab: NVLAP 200648-0

BeCrypt DISK Protect
(Software Version: 4.2.10.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/15/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with real mode pre-boot environment (single-user mode)

-FIPS-approved algorithms: AES (Certs. #247 and #667); SHS (Certs. #324 and #700); HMAC (Cert. #351); RSA (Cert. #309); RNG (Cert. #386)

-Other algorithms: N/A

Multi-chip standalone

"BeCrypt DISK Protect is a full-disk encryption product that provides up to three layers of security: full disk encryption, strong pre-boot authentication, and optional removable media encryption."
1061 Sybase iAnywhere, A subsidiary of Sybase
One Sybase Drive
Dublin, CA 94568
USA

-Pali Surdhar
TEL: +44 (0)845 838 2050
FAX: +44 (0)845 838 2060

CST Lab: NVLAP 200648-0

DISK Protect for Afaria Security Manager
(Software Version: 4.2.10.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/15/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with real mode pre-boot environment (single-user mode)

-FIPS-approved algorithms: AES (Certs. #247 and #667); SHS (Certs. #324 and #700); HMAC (Cert. #351); RSA (Cert. #309); RNG (Cert. #386)

-Other algorithms: N/A

Multi-chip standalone

"DISK Protect for Afaria Security Manager is a full-disk encryption product that provides up to three layers of security: full disk encryption, strong pre-boot authentication, and optional removable media encryption."
1060 Secured User Inc.
11490 Commerce Park Drive
Suite 240
Reston, VA 20191
USA

-Ken Hetzer
TEL: 703-964-3164
FAX: 703-783-0446

-Bruce Mitchell
TEL: 703-964-3167; 647-477-7892
FAX: 647-477-5052

CST Lab: NVLAP 200697-0

SUSK Security Module
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/01/2008;
12/15/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2003 Server Service Pack 1; SuSe 10; Fedora 6; Red Hat 2.6; HP-UX B.11.11 and Windows Server 2003 X64 with SP1 (single user mode)

-FIPS-approved algorithms: AES (Certs. #474 and #770); SHS (Cert. #542); HMAC (Cert. #231); RNG (Cert. #257)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The SUSK Security Module is a software-based cryptographic module. Secured UserÆs product performs all of its work by transparently intercepting and transforming the data stream between entities. All of the cryptographic functionalities of the Secured User product are provided by the central shared library, SUSK Security Module. The cryptographic module offers Transport Layer Security (TLS) services along with bulk encryption and hashing services exclusively to Secured User application. This application is considered as host application to the module."
1059 ViaSat UK Ltd.
Sandford Lane
Wareham, BH20 4DY
United Kingdom

-Tim D. Stone
TEL: +44 01929 55 44 00
FAX: +44 01929 55 25 25

CST Lab: NVLAP 100432-0

PICOfreedom
(Hardware Versions: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/01/2008;
07/27/2011
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555)

-Other algorithms: RSA (encrypt/decrypt)

Multi-chip standalone

"The PICOfreedom provides FIPS 140-2 Approved security functionality to DiskOnKey USB flash drives. The PICOfreedom employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on FLASH memory. The module is a multi-chip standalone cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
1058 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Version: 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/01/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with AIX 5L v5.3 (PowerPC 32-bit); AIX 5L v5.3 (PowerPC 64-bit); HP-UX 11.11 (PA-RISC 2.0 32-bit); HP-UX 11.23 (PA-RISC 2.0W 64-bit); HP-UX 11.31 (Itanium2 32-bit); HP-UX 11.31 (Itanium2 64-bit); Red Hat Enterprise Linux AS 4.0 (x86 32-bit) with LSB 3.0.3; Red Hat Enterprise Linux AS 5.0 (x86_64 64-bit) with LSB 3.0.3; Solaris 10 (SPARC v8 32-bit); Solaris 10 (SPARC v8+ 32-bit); Solaris 10 (SPARC v9 64-bit); Solaris 10 (x86_64 64-bit); VxWorks 5.5 (PowerPC 603 32-bit); VxWorks 5.5 (PowerPC 604 32-bit); VxWorks General Purpose Platform 6.0 (PowerPC 604); Windows Mobile 2003/Pocket PC (ARM 32-bit); Windows Mobile 5.0 (ARM 32-bit); Windows Mobile 6.0 Professional (ARM 32-bit); Windows 2003 Server SP2 (x86_64 64-bit) - Visual Studio 2005 SP1 build /MT option; Windows 2003 Server SP2 (Itanium 2 64-bit) - Visual Studio 2005 SP1 build /MT option; Windows 2003 Server SP2 (Itanium 2 64-bit) - Visual Studio 2005 SP1 build /MD option; Windows Vista Ultimate (x86 32-bit) - Visual Studio 2005 SP1 /MD option; Windows Vista Ultimate (x86_64 64-bit) - Visual Studio 2005 SP1 /MD option; Windows XP Professional SP2 (x86 32-bit) - Visual Studio 2005 SP1 /MT option (single user mode)

-FIPS-approved algorithms: AES (Cert. #810); AES GCM (Cert. #810, vendor affirmed: SP 800-38D); DRBG (Cert. #2); DSA (Cert. #300); ECDSA (Certs. #92 and #93); HMAC (Cert. #449); RNG (Cert. #466); RSA (Cert. #390); SHS (Cert. #807); Triple-DES (Cert. #690)

-Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1057 Vormetric Inc.
3131 Jay Street
Santa Clara, CA 95054
USA

-Phil Scott
TEL: 408-961-2509
FAX: 408-844-8638

-Frank Teruel
TEL: 408-961-6132
FAX: 408-844-8638

CST Lab: NVLAP 200017-0

NetBackup Media Server Encryption Option (MSEO) Driver
(Software Version: 6.1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/25/2008 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Advanced Server SP4; Windows 2003 Server Enterprise SP2 32-bit; Windows 2003 Server Enterprise SP2 64-bit; Windows 2003 Server Enterprise SP2 X64 Edition; Solaris 8 64-bit; Solaris 9 64-bit; Solaris 10 64-bit; Red Hat Linux Enterprise 4 Update 4 64-bit (single-user mode)

-FIPS-approved algorithms: AES (Cert. #809); SHS (Cert. #806); HMAC (Cert. #448);

-Other algorithms: N/A

Multi-chip standalone

"The "Powered by Vormetric", NetBackup Media Server Encryption Option (MSEO) product from Symantec, provides a cost-effective, easy to manage data encryption solution for securing enterprise backup tapes. It is based on robust encryption methods and provides a centralized approach for the encryption process and key management."
1056 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder FIPS Java Module
(Software Versions: 2.2 and 2.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/25/2008;
03/06/2009;
10/02/2009;
12/08/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.6.0 running on Solaris 10, 32-bit; Solaris 10, 64-bit; Red Hat Linux AS 5.0, 32-bit; Red Hat Linux AS 5.0, 64-bit; Windows Vista, 32-bit; Windows Vista, 64-bit; Windows 2008 Server, 64-bit; NetBSD 2.0.3, 32-bit (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #686); AES (Cert. #804); SHS (Cert. #802); HMAC (Cert. #444); RNG (Cert. #462); DSA (Cert. #296); ECDSA (Cert. #91); RSA (Cert. #386); DRBG (Cert. #1)

-Other algorithms: ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
1055 Keycorp Limited
Level 5, Keycorp Tower
799 Pacific Highway
Chatswood NSW
Sydney, MD 2067
Australia

-Graeme Bradford
TEL: 703-635-7723
FAX: 301-948-1233

CST Lab: NVLAP 200416-0

Keycorp MULTOS I4F 80K with MULTOS PIV Card Application
(Hardware Version: SLE66CLX800PEM; Firmware Version: 1.0)

(PIV Card Application: Cert. #5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/25/2008;
05/28/2010
Overall Level: 2 

-Physical Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #605); RSA (Cert. #303); RNG (Cert. #376)

-Other algorithms: RSA-AHASH; DES; Hardware RNG

Multi-chip standalone

"The Keycorp MULTOS I4F 80K Smart Card with MULTOS PIV Card Application can be employed in a wide range of solutions. The smart card provides a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Combined with the PIV Card Application it provides enhanced I&A functionality."
1054 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tony Ureche
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

BitLocker™ Drive Encryption
(Software Version: 6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 or 6.0.6002.22596)

(When operated in FIPS mode with Microsoft Kernel Mode Security Support Provider Interface and Microsoft Windows Cryptographic Primitives Library (Bcrypt.dll) validated to FIPS 140-2 under Cert. #1007 and Cert. #1008 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/25/2008;
07/29/2009;
01/20/2011;
10/04/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 (x86 version); Windows Server 2008 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #739 and #760); HMAC (Cert #415); SHS (Cert #753)

-Other algorithms: Elephant Diffuser

Multi-chip standalone

"Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
1053 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tony Ureche
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

BitLocker™ Drive Encryption
(Software Version: 6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861,6.0.6002.18005, 6.0.6002.18411 or 6.0.6002.22596)

(When operated in FIPS mode with Microsoft Kernel Mode Security Support Provider Interface and Microsoft Windows Cryptographic Primitives Library (Bcrypt.dll) validated to FIPS 140-2 under Cert. #1000 and Cert. #1001 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/25/2008;
07/29/2009;
05/28/2010;
10/04/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Vista Ultimate Edition SP1 (x86 Version); Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #739 and #760); HMAC (Cert #415); SHS (Cert #753)

-Other algorithms: Elephant Diffuser

Multi-chip standalone

"Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
1052 Gemalto
1140 Welsh Road
Suite 200
North Wales, PA 19454
USA

-Nick Hislop
TEL: 215-390-2805
FAX: 215-390-2825

CST Lab: NVLAP 100432-0

TOP IM CY2 with ACS PKI applet (formerly Cyberflex Access 64K V2 with PKI applets)
(Hardware Version: P/N A1002631; Firmware Versions: Hardmask 1V3, PKI Applet 1.11, PIN Manager Applet 1.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/17/2008;
11/21/2008
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64); Triple-DES (Cert. #312); Triple-DES MAC (Triple-DES Cert. #312, vendor affirmed)

-Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Single-chip

"The Cyberflex Access 64K V2 with PKI applets provides secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K V2 serves as a highly portable, secure device for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K V2 supports on-card Triple-DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K V2 smart card fits well into physical and logical access, e-transactions and other applications."
1051 Open Source Software Institute
3610 Pearl Street
Hattiesburg, MS 39401
USA

-John Weathersby
TEL: 601-427-0152
FAX: 601-427-0156

CST Lab: NVLAP 200017-0

OpenSSL FIPS Object Module
(Software Version: 1.2, 1.2.1, 1.2.2, 1.2.3 or 1.2.4)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 2.3 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a FIPS 140-2 non-compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 11/17/2008;
11/20/2009;
12/08/2010;
05/12/2011;
03/07/2012;
03/14/2012;
05/29/2012;
06/21/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with OpenSuSE Linux 32-bit Version 10.2 (gcc Compiler Version 4.1.2 20061115 prerelease); OpenSuSE Linux 64-bit Version 10.2 (gcc Compiler Version 4.1.2 20061115 prerelease); Windows XP Pro SP2 32 bit (Microsoft Visual C++ version 8); Windows XP Pro SP2 64 bit (Microsoft Visual C++ version 8); µClinux Kernel Version 2.4.32 (gcc Compiler Version 3.4.4); Android 2.2 (gcc Compiler Version 4.4.0); VxWorks 6.7 (gcc Compiler Version 4.1.2); Wind River 1.4 (gcc Compiler Version 3.4.4); Wind River 4.0 (gcc Compiler Version 4.4.1); Apple iOS 5.0 (gcc Compiler Version 4.2.1); Apple OS X 11 32 bit (gcc Compiler Version 4.2.1); Apple OS X 11 64 bit (gcc Compiler Version 4.2.1) (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #627, #1011, #1066, #1259 and #1297); AES (Cert. #695, #1534, #1630, #1933 and #2011); DSA (Cert. #264, #475, #512, #616 and #637); SHS (Cert. #723, #1362, #1435, #1698 and #1761); HMAC (Cert. #373, #892, #957, #1167 and #1216); RSA (Cert. #323, #745, #804, #999 and #1040); RNG (Cert. #407, #826, #873, #1018 and #1053)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from www.openssl.org/source/"
1050 Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Mehdi Bonyadi
TEL: 858-625-5163
FAX: 858-926-9020

-Ling Qin
TEL: 408-276-0097
FAX: 858-526-9020

CST Lab: NVLAP 200427-0

Sun Crypto Accelerator 6000
(Hardware Versions: 375-3424, Revisions -02, -03 and -04; Firmware Versions: Bootstrap version 1.0.1 or 1.0.10, Operational firmware version 1.1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/04/2008;
12/17/2008;
05/18/2009
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #397 and #862); DSA (Cert. #319); ECDSA (Cert. #99); HMAC (Certs. #475 and #479); RNG (Cert. #493); RSA (Certs. #411 and #414); SHS (Certs. #853 and #857); Triple-DES (Cert. #435)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2

Multi-chip embedded

"The SCA-6000 is a high performance hardware security module for Sun SPARC, x86, x64 platforms in a lowprofile, short PCI-E (X8) card. Supported on Linux and Solaris-10, it provides on-board cryptographic acceleration hardware and key store. It supports remote management with serial and USB ports for local administration. It enhances performance by off-loading compute intensive cryptographic calculations, accelerating IPsec and SSL processing and performs many financial service functions. The SCA6000 performs primary cryptographic functions for the Sun KMS 2.X Key Management System."
1049 PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025
USA

-Vinnie Moscaritolo
TEL: 650-319-9000
FAX: 650-319-9001

CST Lab: NVLAP 200802-0

PGP Software Developer's Kit (SDK) Cryptographic Module
(Software Version: 3.10.3 and 3.11.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/27/2008;
12/03/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Mac OS X 10.5 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #471); AES (Cert. #453); RSA (Cert. #172); DSA (Cert. #183); SHS (Cert. #516); HMAC (Cert. #216); RNG (Cert. #238)

-Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD60; ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1048 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JCE Provider Module
(Software Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/27/2008;
01/26/2009;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.4.2; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.5; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.6 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389 and vendor affirmed: SP 800-90); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614)

-Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman; DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (SHA1 and Triple-DES); RIPEMD 160; RNG (X9.31 non-compliant, MD5 and SHA1); RC2; RC4; RC5; RSA OAEP (for key transport); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1047 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J Software Module
(Software Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/27/2008;
01/26/2009;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.4.2; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.5; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.6 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #670); DSA (Cert. #252); ECDSA (Cert. #73); HMAC (Cert. #354); RNG (Cert. #390 and vendor affirmed: SP 800-90); RSA (Cert. #312); SHS (Cert. #703); Triple-DES (Cert. #615)

-Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman; DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (SHA-1 and Triple-DES); RIPEMD 160; RNG (X9.31 non-compliant, MD5 and SHA-1); RC2; RC4; RC5; RSA OAEP (for key transport); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1046 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Wireless Access Bridge (SWAB) ES520
(Hardware Versions: ES520V1 and ES520V2; Firmware Versions: 2.6.11, 2.6.12 and 2.6.12.2500LR)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/08/2008;
07/09/2009;
07/28/2009;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #686); SHS (Cert. #714); HMAC (Cert. #365); RNG (Cert. #400)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (non-compliant); MD5; Hardware RNG

Multi-chip standalone

"The Fortress Secure Wireless Access Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1045 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

-Yu-Ling Cheng
TEL: +886 3 424-5883
FAX: +886 3 424-4167

CST Lab: NVLAP 200017-0

HiPKI SafGuard 1000 HSM
(Hardware Version: HSM-HW-10; Firmware Version: HSM-SW-T8051.10)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/16/2008 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #668); AES (Cert. #763); SHS (Cert. #770); RSA (Cert. #362); RNG (Cert. #439); Triple-DES MAC (Triple-DES Cert. #668, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Hi PKI SafGuard 1000 HSM is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed math accelerator for 1024-2048 bit public key signatures, and hashing). The HiPKI SafGuard 1000 HSM provides secure identity-based challenge-response authentication using smart cards and data encryption using FIPS approved Triple-DES and AES encryption."
1044 Gemalto
Arboretum Plaza II
9442 Capital of Texas Highway North, Suite 400
Austin, TX 78759
USA

-James McLaughlin
TEL: 512-257-3954
FAX: 512-257-3881

CST Lab: NVLAP 200427-0

Protiva PIV Applet v1.55 on Protiva TOP DL Card
(Hardware Versions: A1005291- CHIP.P5CD144.MPH051B, A1011108 - CHIP.P5CD144.MPH051B and A1047808 -CHIP.P5CD144.MPH051B; Firmware Version: GX4-FIPS EI08, Applet Version: Protiva PIV Applet v1.55)

(PIV Card Application: Cert. #22)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/15/2008;
02/23/2009;
06/09/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #782); RNG (Cert. #450); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed);

-Other algorithms: N/A

Single-chip

"This module is based on a Java platform (GemCombiXpresso R4) with 144K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. Module Ref# A1005963 - Card Ref# M1002255."
1043 Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

-Entrust Sales
TEL: 888-690-2424

CST Lab: NVLAP 200017-0

Entrust Entelligence™ Kernel-Mode Cryptomodule
(Software Version: 1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/15/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2; Microsoft Windows Vista Enterprise, 32-bit edition; Microsoft Windows Vista Ultimate SP1; 64-bit edition (single-user mode)

-FIPS-approved algorithms: AES (Cert. #738); Triple-DES (Cert. #655); Triple-DES MAC (Triple-DES Cert. #655, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The Entrust Entelligence Kernel-Mode Cryptomodule is a software module that implements AES encryption and decryption functions suitable for use in kernel-mode drivers on Windows platforms."
1042 SafeNet, Inc.
4690 Millennium Drive
Suite 400
Belcamp, MD 21017
USA

-Davin Baker
TEL: 443-327-1488

CST Lab: NVLAP 200017-0

SafeNet HighAssurance 4000 Gateway
(Hardware Version: A; Firmware Version: 5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/15/2008 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #209); RNG (Cert. #274)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5; HMAC MD5; DES

Multi-chip standalone

"The SafeNet HighAssurance 4000 Gateway is a high performance, integrated security appliance that offers Gigabit IPSec encryption. Housed in a tamper evident chassis, have two gigabit ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
1041 Optica Technologies Incorporated
2051 Dogwood Street
Suite 210
Louisville, CO 80027
USA

-William Colvin
TEL: 905-876-3147
FAX: 905-876-3479

-Gil Fisher
TEL: 720-214-2800 x12
FAX: 720-214-2805

CST Lab: NVLAP 200017-0

Optica Technologies Eclipz ESCON Tape Encryptor
(Hardware Version: 44200-04; Firmware Version: 1.3.10)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/15/2008 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #670); AES (Certs. #771 and #266); SHS (Certs. #776 and #345); HMAC (Certs. #422 and #78); RSA (Cert. #366); DSA (Cert. #289); RNG (Cert. #442); ECDSA (Cert. #84)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength)

Multi-chip standalone

"The Optica Technologies Eclipz ESCON Tape Encryptor is an inline encryption appliance that directly integrates hardware accelerated encryption into native ESCON channels. It provides fully transparent, high performance data encryption for legacy ESCON tape systems. Eclipz preserves legacy ESCON tape device investments and interoperates with leading appliance-based key management solutions. . It supports 4 ESCON channels within a single appliance. The encryptor provides encryption for tape backup and recovery operations, and tape-based information sharing with business partners."
1040 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3825 and Cisco 3845 Integrated Services Routers
(Hardware Versions: 3825 and 3845; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #96, #795 [1] and #1199 [2]); HMAC (Certs. #50, #436 [1] and #696 [2]); RNG (Certs. #456 [1] and #663 [2]); RSA (Certs. #379 [1] and #576 [2]); SHS (Certs. #317, #794 [1] and #1104 [2]); Triple-DES (Certs. #210, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard."
1039 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2851 Integrated Services Router
(Hardware Version: 2851; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #96, #795 [1] and #1199 [2]); HMAC (Certs. #50, #436 [1] and #696 [2]); RNG (Certs. #456 [1] and #663 [2]); RSA (Certs. #379 [1] and #576 [2]); SHS (Certs. #317, #794 [1] and #1104 [2]); Triple-DES (Certs. #210, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
1038 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2811 and Cisco 2821 Integrated Services Routers
(Hardware Versions: 2811and 2821; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #265, #795 [1] and #1199 [2]); HMAC (Certs. #77, #436 [1] and #696 [2]); RNG (Certs. #456 [1] and #663 [2]); RSA (Certs. #379 [1] and #576 [2]); SHS (Certs. #344, #794 [1] and #1104 [2]); Triple-DES (Certs. #347, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
1037 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1841 and Cisco 2801 Integrated Services Routers
(Hardware Versions: 1841, 280 and SDN-L V(3) BBM; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode with the tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2008;
08/28/2009;
10/23/2009;
05/28/2010;
06/07/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #181, #795 [1] and #1199 [2]); HMAC (Certs. #27, #436 [1] and #696 [2]); RNG (Certs. #456 [1] and #663 [2]); RSA (Certs. #379 [1] and 576 [2]); SHS (Certs. #267, #794 [1] and #1104 [2]); Triple-DES (Certs. #283, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard."
1036 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1841 Integrated Services Routers with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Routers with AIM-VPN/EPII-Plus
(Hardware Versions: 1841 and 2801; AIM-VPN/BPII-Plus Version: 1.0, Board Version: C1; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #100, #181, #795 [1] and #1192 [2]); HMAC (Certs. #27, #38, #436 [1] and #696 [2]); RNG (Certs. #80, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #383 and #576 [2]); SHS (Certs. #267, #401, #794 [1] and #1104 [2]); Triple-DES (Certs. #213, #283, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/BPII-Plus and AIM-VPN/EPII-Plus)."
1035 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2811 and Cisco 2821 Integrated Services Routers with AIM-VPN/EPII-Plus
(Hardware Versions: 2811 and 2821; AIM Version: 1.0, Board Version: D0; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #100, #265, #795 [1] and #1199 [2]); HMAC (Certs. #38, #77, #436 [1] and #696 [2]); RNG (Certs. #80, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #383 and #576 [2]); SHS (Certs. #344, #401, #794 [1] and #1104 [2]); Triple-DES (Certs. #213, #347, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2811 and 2821 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus)."
1034 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2851 Integrated Services Router with AIM-VPN/EPII-Plus
(Hardware Version: 2851, AIM Version: 1.0, Board Version: D0; Firmware Version: Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #96, #100, #795 [1] and #1199 [2]); HMAC (Certs. #38, #50, #436 [1] and #696 [2]); RNG (Certs. #80, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #383 and #576 [2]); SHS (Certs. #317, #401, #794 [1] and #1104 [2]); Triple-DES (Certs. #210, #213, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2851 router features the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus)."
1033 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3825 Integrated Services Routers with AIM-VPN/EPII-Plus and Cisco 3845 Integrated Services Routers with AIM-VPN/HPII-Plus
(Hardware Versions: 3825 and 3845; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; AIM-VPN/HPII-Plus Version: 1.0, Board Version: D0; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #96, #100, #795 [1] and #1199 [2]); HMAC (Certs. #38, #50, #436 [1] and #696 [2]); RNG (Certs. #80, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #383 and #576 [2]); SHS (Certs. #317, #401, #794 [1] and #1104 [2]); Triple-DES (Certs. #210, #213, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 3825 and 3845 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus and AIM-VPN/HPII-Plus)."
1032 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Dave Norton
TEL: 978-288-7079

-Dragan Grebovich
TEL: 978-288-8069
FAX: 978-670-8153

CST Lab: NVLAP 200427-0

VPN Client Software
(Software Version: 7_11.101)

(When operated in FIPS mode with Microsoft® Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/07/2008 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #721); HMAC (Cert. #389); RNG (Cert. #421); SHS (Cert. #740); Triple-DES (Cert. #644)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; 40-bit DES; MD5; ECDH (non-compliant); HMAC-MD5

Multi-chip standalone

"The Contivity VPN Client provides stable, secure network access via Nortel VPN routers and VPN gateways. The client can be preconfigured and customized by IT administrators for quick install and connect, or easily configured by end users via the connection wizard. The VPN client works over all IP infrastructures including all wireless, broadband, and satellite services. The VPN client also supports seamless roaming, enabling a user to roam wirelessly without losing the virtual connection."
1031 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1841 with AIM-VPN/SSL-1 and Cisco 2801 with AIM-VPN/SSL-2 Integrated Services Routers
(Hardware Versions: 1841 and 2801, AIM-VPN/SSL-1 Version: 1.0, Board Version: 01, AIM-VPN/SSL-2 Version: 1.0, Board Version: 01; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #173, #181, #795 [1] and #1199 [2]); HMAC (Certs. #27, #39, #436 [1] and #696 [2]); RNG (Certs. #83, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #382 and #576 [2]); SHS (Certs. #258, #267, #794 [1] and #1104 [2]); Triple-DES (Certs. #275, #283, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-1 and AIM-VPN/SSL-2)."
1030 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2811 and Cisco 2821 Integrated Services Routers with AIM-VPN/SSL-2
(Hardware Versions: 2811 and 2821, AIM Version: 1.0, Board Version: 01; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #173, #265, #795 [1] and Cert. #1199 [2]); HMAC (Certs. #39, #77, #436 [1] and Cert. #696 [2]); RNG (Certs. #83, #456 [1] and Cert. #663 [2]); RSA (Certs. #379 [1], #382 [1] and Cert. #576 [2]); SHS (Certs. #258, #344, #794 [1] and Cert. #1104 [2]); Triple-DES (Certs. #275, #347, #683 [1] and Cert. #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2811 and 2821 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-2)."
1029 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3825 and Cisco 3845 Integrated Services Routers with AIM-VPN/SSL-3
(Hardware Versions: 3825 and 3845, AIM-VPN/SSL-3 Version: 1.0, Board Version: 01; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #96, #173, #795 [1] and Cert. #1199 [2]); HMAC (Certs. #50, #39, #436 [1] and Cert. #696 [2]); RNG (Certs. #83, #456 [1] and Cert. #663 [2]); RSA (Certs. #379 [1], #382 and Cert. #576 [2]); SHS (Certs. #258, #317, #794 [1] and Cert. #1104 [2]); Triple-DES (Certs. #210, #275, #683 [1] and Cert. #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 3825 and 3845 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-3)."
1028 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2851 Integrated Services Router with AIM-VPN/SSL-2
(Hardware Version: 2851, AIM Version: 1.0, Board Version: 01; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #96, #173, #795 [1] and Cert. #1199 [2]); HMAC (Certs. #50, #39, #436 [1] and Cert. #696 [2]); RNG (Certs. #83, #456 [1] and Cert. #663 [2]); RSA (Certs. #379 [1], #382 and Cert. #576 [2]); SHS (Certs. #258, #317, #794 [1] and Cert. #1104 [2]); Triple-DES (Certs. #210, #275, #683 [1] and Cert. #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2851 router features the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-2)."
1027 Attachmate Corporation
1500 Dexter Ave N
Seattle, WA 98109
USA

-Diane Agemura
TEL: 206-217-7500
FAX: 206-272-1346

-Kjell Swedin
TEL: 206-217-7332
FAX: 206-272-1345

CST Lab: NVLAP 200427-0

Attachmate Cryptographic Module
(Software Version: 2.0.40)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/07/2008 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2003 Server SP2 (x86); Red Hat Enterprise Linux 4.0 (x86); Sun Solaris 10 (x86); Microsoft Windows 2003 Server SP2 (x64); SuSE Linux Enterprise Server 9.0 (x64); Solaris 10 (x64); Microsoft Windows 2003 Server SP2 (IA64); Red Hat Enterprise Linux 4.0 (IA64); HP-UX 11iv3 (IA64); Solaris 8 (UltraSPARC); HP-UX 11iv1 (PA-RISC); AIX 5.2 (Power5); SuSE Linux Enterprise Server 9.0 (s390); Red Hat Enterprise Linux 4.0 on Hercules 3.05 s390 Emulator on Red Hat Enterprise Linux 5.0 (s390x) (single user mode)

-FIPS-approved algorithms: AES (Cert. #808); DSA (Cert. #299); HMAC (Cert. #447); RNG (Cert. #465); RSA (Cert. #389); SHS (Cert. #805); Triple-DES (Cert. #689)

-Other algorithms: Arcfour; Blowfish; CAST; DES; RIPEMD-160; MD4; MD5; MD2; RC5; RC2; HMAC-MD5; HMAC-MD4; HMAC-MD2; HMAC-RIPEMD-160; SHA-224 (non-compliant); SHA-384 (non-compliant); HMAC SHA-224 (non-compliant); HMAC SHA-384 (non-compliant); CBC-DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The Attachmate Crypto Module is used in a range of solutions from Attachmate, provider of host connectivity, secure communications and systems and security management."
1026 Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Mehdi Bonyadi
TEL: 858-625-5163
FAX: 858-926-9020

-Ling Qin
TEL: 408-276-0097
FAX: 858-526-9020

CST Lab: NVLAP 200427-0

Sun Crypto Accelerator 6000
(Hardware Version: 375-3424, Revisions -02, -03 and -04; Firmware Version: Bootstrap versions 1.0.1 and 1.0.10, Operational firmware version 1.0.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/07/2008;
12/17/2008;
05/18/2009
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #397 and #856); DSA (Cert. #309); HMAC (Cert. #473); RNG (Cert. #490); RSA (Certs. #409 and #410); SHS (Certs. #469 and #850); Triple-DES (Cert. #435)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2

Multi-chip embedded

"The Sun Cryptographic Accelerator 6000 (SCA-6000) is a high performance hardware security module for Sun platforms (SPARC, x86, x64). It is a low-profile, short PCI-E (X8) card consisting of on-board cryptographic acceleration hardware and a secure cryptographic key store. SCA-6000 supports remote management functions. It has serial and USB ports for local administration. It enhances platform performance by off-loading compute intensive cryptographic calculations by accelerating both IPsec and SSL processing, and by performing many financial service functions. Supported on Linux and Solaris-10"
1025 BeCrypt Limited
130 Shaftesbury Avenue
London, W1D 5EU
United Kingdom

-Dr. Pali Surdhar, Certification Manager
TEL: +44 (0)845 838 2050
FAX: +44 (0)845 838 2060

CST Lab: NVLAP 200017-0

BeCrypt Cryptographic Library
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/07/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Linux Ubuntu 8.0.4 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #764 and #765); SHS (Certs. #771 and #772); RNG (Cert. #440); RSA (Cert. #363); HMAC (Certs. #418 and #419)

-Other algorithms: N/A

Multi-chip standalone

"The BeCrypt Cryptographic Library provides core cryptographic functionality for BeCrypt's Enterprise security products including a range of market leading disk encryption, media encryption and data protection products. The cryptographic library provides a capability to develop complex and flexible security applications that require cryptographic functionality in both pre-OS and 32 bit operating environments."
1024 Inter-4, A Division of Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

-Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

-Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0

STS Secure for Linux
(Software Version: 1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/24/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux 2.6 (single user mode)

-FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: N/A

Multi-chip standalone

"The STS Secure for Linux is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NetFilter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
1023 3e Technologies International, Inc.
9715 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277

CST Lab: NVLAP 200427-0

3e-525A-3, 3e-525A-3 BASIC, 3e-525A-3 BASIC with TEC, 3e-525A-3MP, 3e-525A-3MP with TEC, 3e-525V-3, 3e-525Ve-3 and 3e-525Ve-4 AirGuard™ Wireless Access Points
(Hardware Versions: 2.0(A): (3e-525A-3 [2], 3e-525A-3 BASIC [2], 3e-525A-3 BASIC with TEC [2], 3e-525A-3MP [2], 3e-525A-3MP with TEC [2], 3e-525V-3 [2], 3e-525Ve-3 [2] and 3e-525Ve-4 [1]); and 2.1: (3e-525A-3 [2], 3e-525A-3MP [2], 3e-525V-3 [2] and 3e-525Ve-4 [1]); Firmware Versions: 4.3.2 [1] and 4.3.3 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/24/2008;
12/09/2008;
02/05/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #238); CCM (Cert. #1); HMAC (Cert. #13); RNG (Cert. #22); SHS (Cert. #278); Triple-DES (Cert. #292)

-Other algorithms: AES CFB (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The AirGuard™ model 525A-3 and model 525V-3/4 Wireless Access Points are packaged in rugged IP 66 weatherproof enclosure and conforms to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking for wireless applications. In access point or gateway mode, the 525A-3 can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps up to 108 Mbps. The 525V-3/4 incorporates an extra video module to provide capability for remote video surveillance and camera control."
1022 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 200556-0

Outbacker MXP
(Hardware Versions: 1.0 Outbacker MXP 80 GB, 1.0 Outbacker MXP 120 GB, 1.0 Outbacker MXP 160 GB, 1.0 Outbacker MXP 250 GB, 1.0 Outbacker MXP 320 GB and 1.0 Outbacker MXP 500 GB with MXI AES: Part # 933000334R Version 1.0; Firmware Version: 4.23 with Version 2.1 of Boot loader)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/10/2008;
02/24/2009;
05/31/2011;
04/24/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190)

-Other algorithms: N/A

Multi-chip standalone

"Outbacker MXP is a USB Portable Security Device with authentication and cryptographic services. It provides up to 320 gigabytes of encrypted portable storage and digital identity operations for enterprise security and user authentication via biometric and password."
1021 CoCo Communications Corporation
999 3rd Ave, Suite 3700
Seattle, WA 98104
USA

-Jeff Meyer
TEL: 206-284-9387
FAX: 206-770-6461

-Mikhail Voloshin
TEL: 206-812-5735
FAX: 206-770-6461

CST Lab: NVLAP 200427-0

The CoCo Crypto Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/02/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP with SP2, Debian GNU/Linux 4.0 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #693); DSA (Cert. #263); HMAC (Cert. #370); RNG (Cert. #405); SHS (Cert. #720)

-Other algorithms: Diffie-Hellman; SSLeay RNG

Multi-chip standalone

"The CoCo Crypto Module provides cryptographic services for the core components of CoCo Communications' tactical and military product lines. With the CoCo Crypto Module, users of CoCo's mobile digital network systems can be assured that their communications are safe from spoofing, eavesdropping, and other forms of information attack. As used within the CoCo Communications product suite, the CoCo Crypto module is interchangeable with the OpenSSL DLL, allowing for easy deployment-time transition to suit the needs of the problem domain."
1020 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Harsha Nagaraja
TEL: 408-754-3010

CST Lab: NVLAP 200427-0

Aruba 200, 800 and 6000 Mobility Controller with ArubaOS FIPS Firmware
(Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, SC-48-C1-1, SC-128-C1-1, SC-256-C2-1, LC-2G-1, LC-2G24F-1, LC-2G24FP-1; Firmware Versions: A200_2.4.8.22-FIPS, A800_2.4.8.22-FIPS, A5000_2.4.8.22-FIPS, A200_2.4.8.23-FIPS, A800_2.4.8.23-FIPS, A5000_2.4.8.23-FIPS, A200_2.4.8.24-FIPS, A800_2.4.8.24-FIPS, A5000_2.4.8.24-FIPS, A200_2.4.8.25-FIPS, A800_2.4.8.25-FIPS, A5000_2.4.8.25-FIPS, A200_2.4.8.26-FIPS, A800_2.4.8.26-FIPS, A5000_2.4.8.26-FIPS, A200_2.4.8.27-FIPS, A800_2.4.8.27-FIPS or A5000_2.4.8.27-FIPS)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/02/2008;
10/16/2008;
03/19/2009;
02/12/2010;
09/07/2010;
03/14/2011;
06/09/2011
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Certs. #298, #299, #300 and #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631)

-Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength).

Multi-chip standalone

"Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1019 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Harsha Nagaraja
TEL: 408-754-3010

CST Lab: NVLAP 200427-0

Aruba 200, 800 and 6000 Mobility Controller with ArubaOS FIPS Firmware
(Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, SC-48-C1-1, SC-128-C1-1, SC-256-C2-1, LC-2G-1, LC-2G24F-1, LC-2G24FP-1; Firmware Versions: A200_3.1.1.7-FIPS, A200_3.1.1.29-FIPS, A800_3.1.1.7-FIPS, A800_3.1.1.29-FIPS, A5000_3.1.1.7-FIPS and A5000_3.1.1.29-FIPS)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/02/2008;
12/15/2008;
03/14/2011
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Certs. #298, #299, #300 and #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631)

-Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength).

Multi-chip standalone

"Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1018 Inter-4, A Division of Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

-Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

-Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0

STS Secure for Windows XP, Embedded XP
(Software Version: 1.2 5/30/2008)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/02/2008;
12/15/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2, Windows XP Professional Embedded SP2 (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #157); RNG (Cert. #167); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: N/A

Multi-chip standalone

"The STS Secure for Windows XP, Embedded XP is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's Tactinet networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless/wired traffic. In addition to data in transit (DIT), file based encryption protects files transferred to/from the platform via external USB drives."
1017 Inter-4, A Division of Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

-Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

-Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0

STS Secure for Windows CE
(Software Version: 1.2 5/30/2008)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/02/2008;
12/15/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: N/A

Multi-chip standalone

"The STS Secure for Windows CE is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) & AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's Tactinet networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless/wired traffic. In addition to data in transit (DIT), file based encryption protects files tranferred to/from the platform via external USB drives, and sensitive data at rest (DAR) stored internally is also encrypted and zeroizable."
1016 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Secure Services Client FIPS Module
(Software Version: 1.0.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/22/2008;
08/22/2011;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP and Microsoft Windows 2000 (single-user mode)

-FIPS-approved algorithms: RSA (Cert. #325); AES (Cert. #699); HMAC (Cert. #377); SHS (Cert. #727); Triple-DES (Cert. #630); RNG (Cert. #410)

-Other algorithms: RC4; DES; MD4; MD5; HMAC-MD5; DSA (non-compliant); AES (Cert. #699; key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman

Multi-chip standalone

"The Cisco Secure Services Client FIPS Module is a self contained crypto module that supports IEEE 802.11i (WPA2) key exchange and IEEE 802.1X wired and wireless authentication. The module provides cryptographic support for 802.1X EAP types such as EAP-TLS, EAP-FAST and PEAP as well as WPA2-PSK (Pre-shared key)."
1015 Lexmark International, Inc.
740 West New Circle Road
Lexington, KY 40550
USA

-Sean Gibbons
TEL: 859-232-2000
FAX: 859-232-3120

CST Lab: NVLAP 200416-0

Lexmark Encryption Plug-In
(Software Version: 1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/22/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #767); SHS (Cert. #774); HMAC (Cert. #420); RNG (Cert. #441)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"A secure rendering plug-in that provides AES encryption of print data from the host through a print server with the AES encrypted data continuing on to a Lexmark decryption-enabled device. The rendering plug-in uses the Lexmark device's public key such that only the target device will be able to decrypt the data."
1014 Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196
USA

-Scot Bennett
TEL: 847-576-6935

CST Lab: NVLAP 100432-0

Motorola Network Router (MNR) S2500
(Hardware Version: S2500 Base Unit P/N ST2500B Tanapa Number CLN1713E Revision B with S2500 Encryption Module P/N ST2516A Tanapa Number CLN8262C Revision C; Firmware Versions: XS-15.1.0.75, XS-15.1.0.76, XS-15.2.0.20, XS-15.4.0.60, XS-15.6.0.27 and XS-15.7.0.60)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/22/2008;
01/26/2009;
07/28/2009;
12/23/2009
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #581 and #588); AES (Certs. #611 and #625); DSA (Cert. #237); SHS (Certs. #659 and #693); HMAC (Certs. #322 and #342); RNG (Cert. #349); RSA (Cert. #283)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5

Multi-chip standalone

"MNR S2500 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S2500 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S2500 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1013 Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196
USA

-Scot Bennett
TEL: 847-576-6935

CST Lab: NVLAP 100432-0

Motorola Network Router (MNR) S6000
(Hardware Versions: S6000 Base Unit P/N ST6000C Tanapa Number CLN1780D Revision B with S6000 Encryption Module P/N ST6016A Tanapa Number CLN8261D Revision H [1] and S6000 Base Unit ST6000C Tanapa Number CLN1780C Revision A with S6000 Encryption Module P/N ST6016A Tanapa Number CLN8261D Revision H [2]; Firmware Versions: PS-15.1.0.75 [1, 2], GS-15.1.0.75 [1, 2], PS-15.1.0.76 [1, 2], GS-15.1.0.76 [1, 2], PS-15.2.0.20 [1, 2], GS-15.2.0.20 [1, 2], PS-15.4.0.60 [1, 2], GS-15.4.0.60 [1, 2], PS-15.6.0.27 [1, 2], GS-15.6.0.27 [1, 2], PS-15.7.0.60 [1, 2] and GS-15.7.0.60 [1, 2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/22/2008;
01/26/2009;
07/28/2009;
12/23/2009
Overall Level: 1 

-FIPS-approved algorithms: Triple-DES (Certs. #275 and #580); AES (Certs. #173 and #609); DSA (Cert. #236); SHS (Certs. #258 and #658); HMAC (Certs. #39 and #323); RNG (Cert. #348); RSA (Cert. #282)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5

Multi-chip standalone

"MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1012 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH)
(Software Version: 5.2.3790.4313)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/22/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #818); HMAC (Cert. #452); RNG (Cert. #470); RSA (Cert. #395); SHS (Cert. #816); Triple-DES (Cert. #691)

-Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA X9.31 signature verification (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module.RSAENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
1011 Francotyp-Postalia
Triftweg 21-26
Birkenwerder, 16547
Germany

-Hasbi Kabacaoglu
TEL: +49-3303-525-656
FAX: +49-3303-525-669

CST Lab: NVLAP 100432-0

Revenector2008
(Hardware Versions: P/Ns 58.0036.0001.00/07 and 58.0036.0006.00/04; Firmware Version: 8.20)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS-approved algorithms: RSA (Cert. #365); SHS (Cert. #765)

-Other algorithms: N/A

Multi-chip embedded

"Revenector2008 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the Revenector2008 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
1010 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2008 Enhanced Cryptographic Provider (RSAENH)
(Software Versions: 6.0.6001.22202 and 6.0.6002.18005)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip standalone

"RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1009 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2008 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Versions: 6.0.6001.18000 and 6.0.6002.18005)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

Multi-chip standalone

"DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1008 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Microsoft Windows Server 2008 Cryptographic Primitives Library (bcrypt.dll)
(Software Versions: 6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009;
09/06/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant provides less than 80 bits of encryption strength)

Multi-chip standalone

"BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1007 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows Server 2008 Kernel Mode Security Support Provider Interface (ksecdd.sys)
(Software Versions: 6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869)

(When operated in FIPS mode with Windows Server 2008 OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
02/23/2009;
07/30/2009;
10/16/2009;
02/09/2012;
09/27/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip standalone

"KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
1006 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2008 Code Integrity (ci.dll)
(Software Versions: 6.0.6001.18000 and 6.0.6002.18005)

(When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS-approved algorithms: RSA (Cert. #355); SHS (Cert. #753)

-Other algorithms: MD5

Multi-chip standalone

"This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
1005 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2008 Winload OS Loader (winload.exe)
(Software Versions: 6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596)

(When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #1004 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009;
01/20/2011;
10/17/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)

-Other algorithms: MD5

Multi-chip standalone

"This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
1004 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2008 Boot Manager (bootmgr)
(Software Versions: 6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009;
01/20/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)

-Other algorithms: N/A

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
1003 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Versions: 6.0.6001.18000 and 6.0.6002.18005)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

Multi-chip standalone

"DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1002 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Enhanced Cryptographic Provider (RSAENH)
(Software Versions: 6.0.6001.22202 and 6.0.6002.18005)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip standalone

"RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1001 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Microsoft Windows Vista Cryptographic Primitives Library (bcrypt.dll)
(Software Versions: 6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009;
09/06/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant provides less than 80 bits of encryption strength)

Multi-chip standalone

"BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1000 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows Vista Kernel Mode Security Support Provider Interface (ksecdd.sys)
(Software Versions: 6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869)

(When operated in FIPS mode with Windows Vista OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #979 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009;
10/16/2009;
02/09/2012;
09/27/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip standalone

"KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
999 Hewlett-Packard Company
19091 Pruneridge Ave., MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

HP StorageWorks Secure Key Manager
(Hardware Version: P/N AJ087A, Version 1.0; Firmware Version: 1.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008;
09/19/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (Cert. #653); DSA (Cert. #244); HMAC (Cert. #338); RNG (Cert. #375); RSA (Cert. #302); SHS (Cert. #686); Triple-DES (Cert. #604)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES; MD5; RC4; RC2

Multi-chip standalone

"The HP Secure Key Manager automates encryption key generation and management based on security policies. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
998 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-745-9600
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E7500
(Hardware Version: P/N 101-500163-50, Rev. A; Firmware Version: SonicOS v5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #636); AES (Cert. #705); DSA (Cert. #270); RNG (Cert. #416); RSA (Cert. #331); SHS (Cert. #733); HMAC (Cert. #383)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
997 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Microsoft Windows XP Kernel Mode Cryptographic Module (FIPS.SYS)
(Software Version: 5.1.2600.5512)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (single-user mode)

-FIPS-approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

-Other algorithms: DES; MD5; HMAC MD5

Multi-chip standalone

"FIPS.sys is a general-purpose, software-based, cryptographic module residing at the Kernel level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode services."
996 Alcatel-Lucent
600-700 Mountain Avenue
Murray Hill, NJ 07974
USA

-Paul Fowler
TEL: 908-582-1734

CST Lab: NVLAP 200427-0

Alcatel-Lucent VPN Firewall Bricks® 150, 700 AC and 700 DC
(Hardware Versions: 150, 700 AC and 700 DC; Firmware Version: 9.1.299)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #101, #672 and #747); DSA (Certs. #253 and #256); HMAC (Certs. #220, #356, #359 and #405); RNG (Cert. #391); SHS (Certs. #193, #705, #708 and #762); Triple-DES (Certs. #214, #617, #620 and #664)

-Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant)

Multi-chip standalone

"The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
995 Alcatel-Lucent
600-700 Mountain Avenue
Murray Hill, NJ 07974
USA

-Paul Fowler
TEL: 908-582-1734

CST Lab: NVLAP 200427-0

Alcatel-Lucent VPN Firewall Brick® 1200
(Hardware Versions: 1200 AC, 1200HS AC and 1200HS DC; Firmware Version: 9.1.299)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #266 and #672); DSA (Certs. #253 and #256); HMAC (Certs. #78, #356 and #359); RNG (Cert. #391); SHS (Certs. #345, #705 and #708); Triple-DES (Certs. #348, #617 and #620)

-Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant)

Multi-chip standalone

"The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
994 Alcatel-Lucent
600-700 Mountain Avenue
Murray Hill, NJ 07974
USA

-Paul Fowler
TEL: 908-582-1734

CST Lab: NVLAP 200427-0

Alcatel-Lucent VPN Firewall Brick® 50
(Hardware Version: 50; Firmware Version: 9.1.299)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #671 and #672); DSA (Certs. #253 and #256); HMAC (Certs. #355, #356 and #359); RNG (Cert. #391); SHS (Certs. #704, #705 and #708); Triple-DES (Certs. #616, #617 and #620)

-Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant)

Multi-chip standalone

"The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
993 Oracle Corporation
500 Eldorado Blvd.
Bldg 5
Broomfield, CO 80021
USA

-David Hostetter
TEL: 303-272-7126

CST Lab: NVLAP 100432-0

Key Token
(Hardware Version: P/N 314478004 Version G; Firmware Version: 1.20)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/06/2008;
05/05/2010
Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #636)

-Other algorithms: N/A

Multi-chip standalone

"The Key Token is a part of the larger Encrypted Data-At-Rest Solution (EDRS). The primary purpose for this device is to provide secure key storage and key transport between the two other EDRS components. The additional two components that the EDRS includes are the Key Management Station (KMS) and the Encrypting Tape Drive (ETD)."
992 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-745-9600
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 4500, NSA 5000 and NSA E5500
(Hardware Versions: P/N 101-500166-50, Rev. A (NSA 4500); P/N 101-500088-50, Rev. A (NSA 5000); P/N 101-500165-50, Rev. A (NSA E5500); Firmware Version: SonicOS v5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #634); AES (Cert. #703); DSA (Cert. #268); RNG (Cert. #414); RSA (Cert. #329); SHS (Cert. #731); HMAC (Cert. #381)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
991 Athena Smartcard Inc.
20380 Town Center Lane
Suite 240
Cupertino, CA 95014
USA

-Ian Simmons
TEL: 408-865-0112
FAX: 408-865-0333

CST Lab: NVLAP 100432-0

Athena IDProtect Duo PIV
(Hardware Version: P/N AT90SC12872RCFT Revision M; Firmware Version: P/N Athena IDProtect Duo Version 0107.7099.0105; Software Version: P/N Athena PIV Applet Version 1.0)

(PIV Card Application: Cert. #12)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); RNG (Cert. #368); RSA (Cert. #296); SHS (Cert. #680)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Single-chip

"The Athena IDProtect Duo PIV cryptographic module is compliant with FIPS 201 as an end point compliant card. The PIV application is hosted by the Athena IDProtect dual interface smart card operating system compliant with the Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 2 (Level 4 for Physical Security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
990 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows XP Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Version: 5.1.2600.5507)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/24/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP3 (in single user mode)

-FIPS-approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

-Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits); MD5; RC2; RC4

Multi-chip standalone

"The Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider, designed for FIPS 140-2 compliance, is a software-based, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, DES, TDES, DSA) in a cryptographic module accessible via the Microsoft CryptoAPI."
989 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows XP Enhanced Cryptographic Provider (RSAENH)
(Software Version: 5.1.2600.5507)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/24/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

-Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits)

Multi-chip standalone

"The Microsoft Enhanced Cryptographic Provider, designed for FIPS 140-2 compliance, is a software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHS, DES, TDES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
988 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 200556-0

Stealth MXP Passport
(Hardware Versions: 4.3 Stealth MXP Passport Versions MUS3083C-FIPS, MUS3083D-FIPS, MUS3083E-FIPS, MUS3083F-FIPS, MUS3083G-FIPS, MUS3083E-MLCFIPS, MUS3083F-MLC-FIPS, MUS3083G-MLC-FIPS and MUS3083H-MLC-FIPS and 4.4 Stealth MXP Passport Versions MUS3086C-FIPS, MUS3086D-FIPS, MUS3086E-FIPS, MUS3086F-FIPS, MUS3086G-FIPS, MUS3086E-MLC-FIPS, MUS3086F-MLC-FIPS, MUS3086G-MLC-FIPS and MUS3086H-MLC-FIPS in Plastic (PL), Metal (ME) and Liquid Metal (LM) enclosures; Firmware Version: 4.21 with Version 2.1 of Boot loader)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/24/2008;
08/22/2008;
05/31/2011;
04/24/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190)

-Other algorithms:

Multi-chip standalone

"Stealth MXP Passport is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services"
987 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 200556-0

Stealth MXP
(Hardware Versions: 4.3 Stealth MXP Versions MUS3082C-FIPS, MUS3082D-FIPS, MUS3082E-FIPS, MUS3082F-FIPS, MUS3082G-FIPS, MUS3082E-MLCFIPS, MUS3082F-MLC-FIPS, MUS3082G-MLC-FIPS and MUS3082H-MLC-FIPS and 4.4 Stealth MXP Versions MUS3085C-FIPS, MUS3085D-FIPS, MUS3085E-FIPS, MUS3085F-FIPS, MUS3085G-FIPS, MUS3085E-MLCFIPS, MUS3085F-MLC-FIPS, MUS3085G-MLC-FIPS and MUS3085H-MLC-FIPS in Plastic (PL), Metal (ME) and Liquid Metal (LM) enclosures; Firmware Version: 4.21 with Version 2.1 of Boot loader)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/24/2008;
08/22/2008;
05/31/2011;
04/24/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190)

-Other algorithms:

Multi-chip standalone

"Stealth MXP is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
986 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Version: 3.8.5.32a)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 07/24/2008 Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 8300 with BlackBerry OS Version 4.5

-FIPS-approved algorithms: Triple-DES (Cert. #671); AES (Certs. #774 and #775); SHS (Cert. #777); HMAC (Cert. #423); RSA (Cert. #367); RNG (Cert. #444); ECDSA (Cert. #85)

-Other algorithms: EC Diffie-Hellman; ECMQV

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
985 Route1® Inc.
155 University Avenue
Suite 1920
Toronto, Ontario M5H 3B7
Canada

-Jerry S. Iwanski
TEL: 416-848-8391

-Jeff Denberg
TEL: 416-848-8391

CST Lab: NVLAP 200427-0

Route1® FIPS Cryptographic Module
(Software Version: 2.1.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/17/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2003 SP1 (32-bit x86 - VC8.0 build) (in single-user mode)

-FIPS-approved algorithms: AES (Cert. #673); DSA (Cert. #254); ECDSA (Cert. #74); HMAC (Cert. #357); RNG (Cert. #392); RSA (Cert. #314); SHS (Cert. #706); Triple-DES (Cert. #618)

-Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES (non-compliant); RSA (key wrapping, key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG SP 800-90 (non-compliant)

Multi-chip standalone

"The Route1 FIPS Cryptographic Module lies at the core of Route1®'s MobiNET™ a communications and service delivery platform focused on identity management and entitlement-based access to systems and resources. MobiNET™services are delivered on a number of digital form factors, such as mobile phones, handheld devices and Route1 MobiKEY™ an ultra-portable, smart-card enabled USB device. The Route1 FIPS Cryptographic Module's functionality includes a wide range of data encryption and asymmetric algorithms including AES, the RSA Public Key Cryptosystem, DSA, and the SHA family of message digests."
984 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-745-9600
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 3500
(Hardware Version: P/N 101-500073-50, Rev. A; Firmware Version: SonicOS v5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/17/2008 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #633); AES (Cert. #702); DSA (Cert. #267); RNG (Cert. #413); RSA (Cert. #328); SHS (Cert. #730); HMAC (Cert. #380)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
983 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-745-9600
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E6500
(Hardware Version: P/N 101-500164-50, Rev. C; Firmware Version: SonicOS v5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/17/2008 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #635); AES (Cert. #704); DSA (Cert. #269); RNG (Cert. #415); RSA (Cert. #330); SHS (Cert. #732); HMAC (Cert. #382)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
982 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-745-9600
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

TZ 180, TZ 180W, TZ 190 and TZ 190W
(Hardware Versions: P/N 101-500161-50, Rev. A (TZ 180); P/N 101-500160-50, Rev. A (TZ 180W); P/N 101-500080-52, Rev. A (TZ 190); P/N 101-500101-52, Rev. A (TZ 190W); Firmware Version: SonicOS v5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/17/2008 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #632); AES (Cert. #701); DSA (Cert. #266); RNG (Cert. #412); RSA (Cert. #327); SHS (Cert. #729); HMAC (Cert. #379)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"SonicWALLÆs TZ Series is a high performance security platform that combines a deep packet inspection firewall, anti-virus, anti-spyware, intrusion prevention, content filtering, optional modular modem backup, and optional 802.11 b/g WLAN. These solutions allow small, remote, and branch offices to implement protection from the wide spectrum of emerging network threats."
981 FRAMA AG
Unterdorf
Lauperswil, CH-3438
Switzerland

-Beat C. Waelti
TEL: +41 34 496 98 98
FAX: +41 34 496 98 00

-Markus Arn
TEL: +41 34 496 98 98
FAX: +41 34 496 98 00

CST Lab: NVLAP 200636-0

FRAMA PSD-I
(Hardware Version: 2.4; Firmware Version: 1.0.6)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/17/2008 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #450); RSA (Cert. #157); SHS (Cert. #489); RNG (Cert. #215)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); CRC32

Multi-chip embedded

"The cryptographic module (called Postal Security Device, PSD) supports booking processes within postal meters as well as value loading processes in order to increase the postage credits. The postage credits are kept as CSPs within the PSD. In detail the use of cryptographic services, like the production of cryptographic keys, the encoding, decoding or signature and signature verification is part of PSD internal purposes to the booking processes mentioned above. The PSD uses the following algorithms in the approved mode of operation: Triple-DES; RSA; SHA-1; RNG acc. to FIPS 186-2."
980 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Code Integrity (ci.dll)
(Software Versions: 6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120 and 6.0.6002.18005)

(When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #979 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/21/2008;
07/29/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: RSA (Cert. #354); SHS (Cert. #753)

-Other algorithms: MD5

Multi-chip standalone

"This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
979 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Winload OS Loader (winload.exe)
(Software Versions: 6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596)

(When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #978 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/21/2008;
07/29/2009;
10/17/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #739 and 760); RSA (Cert. #354); SHS (Cert. #753)

-Other algorithms: MD5

Multi-chip standalone

"This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
978 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Boot Manager (bootmgr)
(Software Versions: 6.0.6001.18000 and 6.0.6002.18005)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/21/2008;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #739 and 760); HMAC (Cert.#415); RSA (Cert. #354); SHS (Cert. #753)

-Other algorithms: N/A

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
977 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 4000, nShield F2 2000, nShield F2 500
(Hardware Versions: nC3023P-4K0, nC3023P-2K0, and nC3123P-500, Build Standard N; Firmware Version: 2.33.60-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/31/2008 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
976 SafeNet Inc.
350 Convention Way
Redwood City, CA 94063
USA

-Eric Murray
TEL: 650-261-2400
FAX: 650-261-2401

CST Lab: NVLAP 100432-0

DataSecure Appliance i430, i426, and i116
(Hardware Versions: P/N DS-0116-0100-00 (i116); P/Ns DS-0430-0100-00 and DS-0430-01NP-00 (i430); P/N DS-0426-0100-00 (i426); Firmware Version: 4.6.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2008;
11/06/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #565); AES (Cert. #588); DSA (Cert. #231); RNG (Cert. #335); RSA (Cert. #269); SHS (Cert. #640); HMAC (Cert. #306); Diffie-Hellman (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; SEED; MD5; RC4

Multi-chip standalone

"The Ingrian Networks DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
975 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3201 Wireless Mobile Interface Card with thermal plates
(Hardware Version: 800-25522-02; Firmware Version: S3201W7K9-12308JK)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2008;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #370 and #799); CCM (Cert. #11); SHS (Cert. #797); HMAC (Cert. #439); RNG (Cert. #459)

-Other algorithms: HMAC MD5; MD5; RC4; RSA (non-compliant)

Multi-chip embedded

"The C3201WMIC-TPAK9 provides wireless connectivity for the Cisco 3200 Series Mobile Access Router. The module can be configured as 802.11g Wireless Access Point, 802.11g Wireless Root Bridge or 802.11g Wireless Work Group Bridge and supports the 802.11b/g wi-fi standards for communications, and 802.11i for security."
974 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Michael Poitner
TEL: 650-312-1241
FAX: 650-312-8129

-Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

CST Lab: NVLAP 200427-0

Sm@rtCafé Expert 3.2
(Hardware Versions: P5CC073 M8.4 [1], P5CD080 M8.4 [2], P5CD080 PDM1.1 [2], P5CD144 M8.4 [3] and P5CD144 PDM1.1 [3]; Firmware Versions: CPDHxJC_RSEFI025CC073V202 [1], CPDIxJC_RSEFI025CD080V402 [2] and CPDYxJC_RSEFI025CD144V503 [3])

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2008;
01/11/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #744, #745 and #746); DSA (Cert. #276, #277 and 278); RSA (Certs. #349, #350 and #351); RNG (Certs. #432, #433 and #434); SHS (Certs. #759, #760 and #761); Triple-DES (Certs. #661, #662 and #663); Triple-DES MAC (Triple-DES Certs. #661, #662 and #663, vendor affirmed)

-Other algorithms: DES; DES MAC; DSA (512-bits and 768-bits); RSA (encrypt/decrypt)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert 3.2 is a Java Card 2.2.1 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), SEED(128 bit), AES(up to 256 bits), DSA(up to 1024 bits), OAEP Padding and Triple-DES. The Sm@rtCafé Expert 3.2 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
973 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 500 and nShield F2 10 PCI
(Hardware Versions: nC3023P-500, nC3023P-10, Build Standard N; Firmware Version: 2.33.60-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/30/2008 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength).

Multi-chip embedded

"The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
972 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock
(Hardware Versions: nC4031Z-10, nC4031U-10 and TSMC200; Build Standard N; Firmware Version: 2.33.60-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2008;
05/28/2010
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #685); AES GCM (Cert. #685 vendor affirmed); Triple-DES (Cert. #625); Triple-DES MAC (Triple-DES Cert. #625 vendor affirmed); DSA (Cert. #259); ECDSA (Cert. #76); SHS (Cert. #713); HMAC (Cert. #364); RSA (Cert. #320); RNG (Cert. #399)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength).

Multi-chip embedded

"The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
971 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3]
(Hardware Versions: nC4031Z-10 [1], nC3021U-10 [2] and TSMC200 [3]; Build Standard N; Firmware Version: 2.33.60-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2008;
05/28/2010;
07/02/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #685); AES GCM (Cert. #685 vendfor affirmed); Triple-DES (Cert. #625); Triple-DES MAC (Triple-DES Cert. #625 vendor affirmed); DSA (Cert. #259); ECDSA (Cert. #76); SHS (Cert. #713); HMAC (Cert. #364); RSA (Cert. #320); RNG (Cert. #399)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength).

Multi-chip embedded

"The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
970 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI
(Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10; Build Standard N; Firmware Version: 2.33.60-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/24/2008 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
969 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco MDS 9506, 9509, 9216i and 9513 Multi-Layer SAN Switches
(Hardware Versions: 9216i: 1, 9506: 1, 9509: 2, 9513: 1; Supervisor: 13, Supervisor 1: 16, Supervisor 2: 4; Firmware Versions: 3.2 (2c) [1] and 4.1(3a) [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2008;
10/16/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES ([Certs. #662 and #663] [1] and Cert. #1188 [2]); DSA ([Certs. #245 and #246] [1] and Cert. #392 [2]); HMAC ([Certs. #344 and #345] [1] and Cert. #688 [2]); RNG ([Certs. #382 and #383] [1] and Cert. #656 [2]); RSA ([Certs. #306 and #307] [1] and Cert. #569 [2]); SHS ([Certs. #695 and #696] [1] and Cert. #1095 [2]); Triple-DES ([Certs. #609 and #610] [1] and #856 [2])

-Other algorithms: DES; RC4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Cisco MDS 9506, 9509, 9513, and 9216i deliver intelligent network services such as virtual storage-area networks (VSANs), comprehensive security, advanced traffic management, sophisticated diagnostics, and unified SAN management. In addition, these modules provide multiprotocol and multitransport integration and an open platform for embedding intelligent storage services such as network-based virtualization; as well as a multilayer approach to network and storage intelligence."
968 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500 and nShield F3 500 for netHSM
(Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Version: 2.33.60-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/24/2008 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3 +EFP/EFT
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for netHSM, nShield 500 and nShield 500 for netHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
967 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nToken
(Hardware Version: nC2023P-000, Build Standard N; Firmware Version: 2.33.60)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2008 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #599); Triple-DES (Cert. #570); DSA (Cert. #233); SHS (Cert. #648); HMAC (Cert. #309); RNG (Cert. #340)

-Other algorithms: N/A

Multi-chip embedded

"The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
966 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI
(Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10, Build Standard N; Firmware Version: 2.33.60-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/24/2008 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
965 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500 and nShield F3 500 for netHSM
(Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Version: 2.33.60-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/24/2008 Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS-approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for netHSM, nShield 500, and nShield 500 for netHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
964 Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

Motorola Gold Elite Gateway Secure Card Crypto Engine (MGEG SCCE)
(Hardware Version: R01.00.00; Firmware Versions: R01.07.05, R01.07.06 and R01.13.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2008;
12/08/2010
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121)

-Other algorithms: DES-XL; DVI-XL; DVI-SPFL; DVP-XL; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR); DES; ADP; LFSR

Multi-chip embedded

"The MGEG Secure Card is a cPCI device which performs encryption and decryption for all voice traffic through the Motorola Gold Elite Gateway (MGEG)."
963 Gemalto and ActivIdentity, Inc.
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

-James McLaughlin
TEL: 512-257-3954
FAX: 512-257-3881

-Stephane Ardiley
TEL: 510-745-6288

CST Lab: NVLAP 200427-0

SafesITe TOP FIPS DM GX4 with ActivIdentity Digital Identity Applet Suite v2 for PIV
(Hardware Versions: GCX4-M2569422 and GCX4-A1004155; Firmware Versions: GCX4-FIPS EI07 and GCX4-FIPS EI08, Applet Versions: ACA v2.6.2.2 [1,2] and v2.6.2.3 [3], PKI/GC v2.6.2.3, ASC library package v2.6.2.2, PIV EP packages v2.6.2.6 [1], v2.6.2.7 [2] and 2.6.2.9 [3])

(PIV Card Application: Cert. #10)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2008;
07/09/2008;
11/18/2008;
05/11/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119); Triple-DES MAC (Triple-DES Cert. #412, vendor affirmed); RNG (Cert. # 168)

-Other algorithms: N/A

Single-chip

"This module is based on a Gemalto Dual Interface (ISO7816 & ISO14443) Open OS Smart Card with a large (72K EEPROM) memory, with a cryptographic applet suite V 2.6.2 developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite provides services for authentication, access control, generic container and PKI. The module conforms to SP800-73-1 Transitional & End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
962 ActivIdentity, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Stephane Ardiley
TEL: 510-745-6288
FAX: 510- 574-0101

CST Lab: NVLAP 100432-0

ActivIdentity Digital Identity Applet Suite V2 for Extended PIV
(Hardware Versions: P/N 77 Versions E303-063683 and E303-063684; Firmware Versions: ACA applet package v2.6.2.A3, PKI/GC applet package v2.6.2.A1, ASC library package v2.6.2.A1, PIV End-Point package v2.6.2.A1 and v2.6.2.A2, SKI applet package v2.6.2.A2)

(PIV Card Application: Cert. #7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/12/2008;
06/23/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Triple-DES Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Single-chip

"This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured for use with ActivIdentity applet suite v2.6.2 for the support of GSC-IS v2.1, NIST SP800-73-1 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model. The validated product is similar to Applet v2.6.2a (FIPS 140-2 Cert. #880), but added the One Time Password applet."
961 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-5050 and FortiGate-5140
(Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5140 (build C4GL51); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Version: FortiOS 3.00, build 8317, 061121)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/05/2008;
06/13/2008
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #486, #487 and #490); RNG (Cert. #251); AES (Certs. #471, #472 and #476); SHS (Certs. #539, #540 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
960 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-924-3406

CST Lab: NVLAP 100432-0

Cygnus X3 PSD Cryptographic Module
(Hardware Version: 1R84000 Version A; Firmware Version: 01.00.06; Software Version: 01.04.07)

(When configured with the listed FIPS-Approved algorithms)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
05/18/2009
Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS-approved algorithms: DSA (Cert. #234); SHS (Cert. #650); AES (Cert. #600); RNG (Cert. #592)

-Other algorithms: N/A

Single-chip

"The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The Cygnus X3 PSD Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
959 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Peter Hayman
TEL: 919-462-1900 x273
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeEnterpriseTM Encryptor, Model 650
(Hardware Versions: 904-20044-004, 904-20055-004 and 904-21005-007; Firmware Version: 3.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
08/28/2009
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #268); AES (Certs.#391, and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76)

-Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The SafeEnterpriseTM SONET Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network."
958 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Catalyst 3750G Integrated Wireless LAN Controller
(Hardware Version: 02; Firmware Versions: 4.1.171.0[1] and 4.1.185.10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
11/17/2008;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #554[1], #555 and #906[2]); HMAC (Cert. #294); RNG (Certs. #322[1] and #519[2]); RSA (Certs. #249 and #250); SHS (Certs. #619 and #620)

-Other algorithms: AES-CTR (non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Triple-DES (non-compliant); AES (Cert. #555; key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 3750G Wireless LAN Controller provides centralized control and scalability for medium to large-scale wireless LAN networks and supports IEEE 802.11i wireless security and is Wi-Fi certified for WPA2. Cisco WLAN Controllers support voice, video, data services, intrusion protection (including Management Frame Protection (MFP), intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the U.S. Department of Defense (DoD)."
957 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM)
(Hardware Versions: Chassis: 6506, 6509, 6506-E, 6509-E; Backplane: Hardware Versions 1.0, 1.1, 1.2 (6506-E), 1.0, 1.1, 1.2, 1.3, 1.4 (6509-E), 3.0, 3.2, 3.3 (6506, 6509); Supervisor Blade: Hardware Versions 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9 (SUP720-3B), 4.0, 4.5, 4.6, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9 (SUP720-3BXL); WiSM: Hardware Versions 1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.1, 2.2, 2.3; Firmware Version: 12.2(18)SXF7, Build adventerprisek9 (Supervisor); 4.1.171.0[1] and 4.1.185.10[2] (WiSM))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
11/17/2008;
03/06/2009;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #554[1], #555 and #906[2]); HMAC (Cert. #294); RNG (Certs. #322[1] and #519[2]); RSA (Certs. #249 and #250); SHS (Certs. #619 and #620)

-Other algorithms: AES (AES Cert. #555, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES-CTR (non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Triple-DES (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
956 AEP Networks
Focus 31, West Wing
Cleveland Road
New Hempstead, Herts HP2 7BW
United Kingdom

-David Miller
TEL: 011-44-1442458600
FAX: 44-1442458601

CST Lab: NVLAP 200017-0

AEP Advanced Configurable Cryptographic Environment (ACCE)
(Hardware Version: 2730_G1; Firmware Version: 1.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/05/2008 Overall Level: 4 

-FIPS-approved algorithms: Triple-DES (Cert. #599); AES (Cert. #648); DSA (Cert. #243); SHS (Cert. #681); RNG (Cert. #369); RSA (Cert. #297); Triple-DES MAC (Triple-DES Cert. #599, vendor affirmed).

-Other algorithms: MD5; DES; Diffie-Hellman

Multi-chip embedded

"AEP Advanced Configurable Cryptographic Environment (ACCE) crypto module offers the next generation security platform for managing cryptographic keys and protecting sensitive applications. The ACCE crypto module is a hardware security module (HSM) designed for managing mission critical applications that demand maximum security. It is ideally suited for companies that need secure key management for certification authorities, registration authorities, OCSP responders, smart card issuers, web servers and other applications."
955 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco 4402 and 4404 Wireless LAN Controllers
(Hardware Versions: 4402 and 4404, Revision Number: A0; Opacity Baffle Version: 1.0; Firmware Versions: 4.1.171.0[1] and 4.1.185.10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/05/2008;
11/17/2008;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #554[1], #555 and #906[2]); HMAC (Cert. #294); RNG (Certs. #322[1] and #519[2]); RSA (Certs. #249 and #250); SHS (Certs. #619 and #620)

-Other algorithms: AES (Cert. #555, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES-CTR (non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Triple-DES (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
954 Trapeze Networks
5753 W. Las Positas Blvd.
Pleasanton, CA 94588
USA

TEL: 925-474-2602
FAX: 925-251-0642

CST Lab: NVLAP 100432-0

MX-200R-GS/MX-216R-GS Mobility Exchange WLAN Controllers
(Hardware Versions: P/Ns MX-200R-GS/MX-216R-GS Rev. A; Firmware Versions: MSS 6.1.0.3, MSS 6.1.0.4 and MSS 6.1.1.2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
11/13/2008;
08/28/2009
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #594); AES (Cert. #642); RNG (Cert. #365); RSA (Cert. #293); SHS (Cert. #677); HMAC (Cert. #331)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"Trapeze Networks delivers Smart Mobile WLAN network solutions, enabling govt. agencies and enterprises to deploy and manage scalable, secure, mobile applications. It supports the IEEE 802.11i security specification and wireless IDS, application-aware switching, location tracking, voice and seamless indoor/outdoor mobility. The Smart Mobile family of wireless products includes high-performance Mobility Exchange® WLAN controllers and Mobility Point® access points for secure indoor and outdoor wireless networks, Mobility System Software« and RingMaster® lifecycle WLAN management software."
953 Semtek Innovative Solutions Corporation
12777 High Bluff Drive
San Diego, CA 92130
USA

-Patrick Farrell
TEL: 858-436-2270
FAX: 858-436-2280

CST Lab: NVLAP 100432-0

Cipher Cryptographic Module
(Hardware Version: P/N 7000-0008; Firmware Version: 1.00)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
06/23/2008
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #720); Triple-DES (Cert. #643)

-Other algorithms: N/A

Single-chip

"The Cipher Cryptographic Module is a hardware module that provides physical protection for cryptographic keys and sensitive application code. The module can be used by point-of-sale manufacturers as a secure, drop-in solution to provide cardholder data encryption."
952 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

MCC7500 Secure Card Crypto Engine Cryptographic Module
(Hardware Version: R01.00.00; Software Versions: R02.01.10, R02.01.11, R01.11.00 and R02.07.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
06/05/2009;
12/06/2010
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121)

-Other algorithms: DES; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; LFSR; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The MCC7500 Secure Card Crypto Engine is a multiprocessor, cryptographic PCI card that provides encryption services for up to 60 audio streams for the Secure Operator Position (B1908) and Secure Archiving Interface Server (B1918). Each Secure Operator Position will contain one Secure Card providing encryption services for 60 simultaneous audio streams. Each Secure AIS will contain 1 or 2 Secure Cards providing encryption services for 60 or 120 audio streams, respectively. The Spare Crypto Card (B1924) may be used to upgrade an Operator Position or AIS."
951 TANDBERG Telecom AS
Philip Pedersens Vei 20
1366 Lysaker
Oslo, Norway

-Stig Ame Olsen
TEL: +47 67838418
FAX: +47 67125234

CST Lab: NVLAP 200697-0

TANDBERG MXP Codec
(Firmware Version: F6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 05/22/2008 Overall Level: 1 

-Tested: TANDBERG 6000 MXP server running Nucleus RTOS version 1.13.5 (PowerPC Freescale MPC8270), pSOS version 254 (video processor Phillips PNX1500) and DSP/BIOS version 5.20.05 (audio processor TI6713)

-FIPS-approved algorithms: Triple-DES (Cert. #514); AES (Cert. #504); DSA (Cert. #208); SHS (Cert. #574); RNG (Cert. #282); RSA (Cert. #218); HMAC (Cert. #257)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The TANDBERG MXP Codec is the firmware installed on nineteen various TANDBERG codec servers supporting a full line of videoconferencing systems designed for medium-to-large groups, as well as individual desktops. The firmware provides secure video conferencing through encryption and authentication for point-to-point calls and multipoint calls with the speed of up to 768 kbps."
950 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiClient Crypto Module
(Software Version: 3.0.470)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 05/22/2008;
06/13/2008
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional, SP2 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #679 and #680); Triple-DES (Certs. #621 and #622); SHS (Certs. #709 and #710); HMAC (Certs. #360 and #361); RNG (Cert. #396); RSA (Cert. #317)

-Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 110 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip embedded

"The FortiClient Crypto Module provides cryptographic services for Fortinet's FortiClient Host Security product (hereafter referred to as FortiClient). The primary purpose of the module is providing cryptographic support for FortiClient's IPSec feature. The module also provides cryptographic support for protecting FortiClient's critical security parameters, passwords and configuration information. The module is distributed as part of the FortiClient software package."
949 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiClient Crypto Module
(Software Version: 3.0.470)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 05/22/2008;
06/13/2008
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX270 runnning Windows XP Professional; SP2 with security patches 907865, 27802, 928255, 885835, 888302, 885250, 873333, 890859, 896422, 899587, 899588, and 896423

-FIPS-approved algorithms: AES (Certs. #679 and #680); Triple-DES (Certs. #621 and #622); SHS (Certs. #709 and #710); HMAC (Certs. #360 and #361); RNG (Cert. #396); RSA (Cert. #317)

-Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 110 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip embedded

"The FortiClient Crypto Module provides cryptographic services for Fortinet's FortiClient Host Security product (hereafter referred to as FortiClient). The primary purpose of the module is providing cryptographic support for FortiClient's IPSec feature. The module also provides cryptographic support for protecting FortiClient's critical security parameters, passwords and configuration information. The module is distributed as part of the FortiClient software package."
948 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Secure ACS FIPS Module
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/22/2008;
08/22/2011;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server Service Pack 4; Windows 2003 Service Pack 1 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #566); HMAC (Cert. #303); RNG (Cert. #331); RSA (Cert. #263); SHS (Cert. #632)

-Other algorithms: AES (AES Cert. #566, vendor affirmed; key wrapping; key establishment methodology provides 128 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength)

Multi-chip standalone

"Cisco Secure ACS FIPS Module is a software library that supports WPA2 security and is contained within a defined cryptographic boundary. It provides FIPS 140-2 validated support for EAP-TLS, EAP-FAST, PEAP and AES key wrap for 802.11i PMK transfer."
947 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tony Ureche
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

BitLocker™ Drive Encryption
(Software Version: 6.0.6000.16386)

(When operated in FIPS mode with Microsoft Kernel Mode Security Support Provider Interface and Microsoft Windows Cryptographic Primitives Library (Bcrypt.dll) validated to FIPS 140-2 under Cert. #891 and Cert. #892 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/22/2008;
08/22/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Vista Ultimate Edition (x86 Version) and Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Cert #715); HMAC (Cert #386); SHS (Cert #737)

-Other algorithms: Elephant Diffuser

Multi-chip standalone

"Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
946 Authernative, Inc.
201 Redwood Shores Parkway
Suite 275
Redwood City, CA 94065
USA

-Len L. Mizrah
TEL: 650-587-5263
FAX: 650-587-5259

CST Lab: NVLAP 200427-0

Authernative® Cryptographic Module
(Software Version: 1.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 05/16/2008;
06/23/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 with Sun JRE 1.5 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #697); HMAC (Cert. #375); RNG (Cert. #408); SHS (Cert. #725); Triple-DES (Cert. #629)

-Other algorithms: MD5

Multi-chip standalone

"The Authernative Cryptographic Module is a software cryptographic module that is implemented as a software library. This software library provides cryptographic services for all Authernative products. The module provides FIPS-Approved cryptographic services for encryption, decryption, key generation, secure hashing, and random number generation."
945 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-50B
(Hardware Version: FortiGate-50B (C5GB38); Firmware Version: FortiOS 3.00, build 8568,070918)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/16/2008 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #489, #583 and #584); AES (Certs. #475, #613 and #614); SHS (Certs. #543, #661 and #662); HMAC (Certs. #232, #316 and #317); RSA (Cert. #285); RNG (Cert. #345)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
944 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

Oberthur ID-One Cosmo 128 v5.5 D
(Hardware Version: P/N B0; Firmware Version: F310-067735)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/16/2008;
05/20/2008;
06/23/2008;
08/02/2010;
12/07/2011
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #657); Triple-DES (Cert. #606); Triple-DES MAC (Triple-DES Cert. #606, vendor affirmed); SHS (Cert. #688); RSA (Cert. #304); RNG (Cert. #377); ECDSA (Cert. #70)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); AES MAC (AES Cert. #657; non-compliant)

Single-chip

"This new generation Oberthur Smart Card programmable module offers a highly secure architecture with state of the art on board cryptographic services that includes NSA SUITE-B cryptography for Top Secret classified information (symmetric encryption, message digest, and digital signature). Additional features include Logical Channels and Delegated Management. The module supports Java Card 2.2.2 and Global Platform 2.1.1.A and offers a full 128KB of EEPROM for customer data and keys. It is available with two communication interfaces (ISO 7816 for contact and ISO 14443 for contactless)."
943 SafeNet, Inc.
4690 Millenium Drive
Belcamp, MD 21017
USA

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

iKey 4000 USB Token
(Hardware Version: 909-40002-000 and 909-40002-006; Firmware Version: 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/16/2008 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #455 and #755); Triple-DES (Cert. #472); SHS (Cert. #519); RSA (Cert. #174); RNG (Cert. #241)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DSA (non-compliant)

Multi-chip standalone

"The iKey 4000 is a powerful and portable two-factor authentication USB device suited for applications demanding high security. The iKey 4000 offers wide range of authentication services together with the highest levels of security. It offers powerful implementations for public and secret key encryption supporting RSA, Diffie-Hellman, SHA-1, Triple-DES, and AES."
942 Guidance Software, Inc.
215 North Marengo Avenue
Suite 250
Pasadena, CA 91101
USA

-Ken Basore
TEL: 626-229-9191
FAX: 626-229-9199

CST Lab: NVLAP 200017-0

EnCase Enterprise Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/16/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Intel Pentium 4 running Windows XP Professional SP2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #666); DSA (Cert. #248); SHS (Cert. #698); HMAC (Cert. #350); RNG (vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"EnCase Enterprise has changed the landscape of enterprise and computer investigations by providing complete network visibility, immediate response and comprehensive, forensic-level analysis of servers and workstations anywhere on a network. EnCase« Enterprise is a scalable platform that integrates seamlessly with your existing systems to create an enterprise investigative infrastructure. This cutting-edge solution can be tailored to meet your unique needs, including the automation of time-consuming investigative processes, incident response and eDiscovery."
941 Ericsson, Inc.
6300 Legacy Drive
Plano, TX 75024
USA

-Robert Walls
TEL: 972-583-3592
FAX: 972-583-1848

CST Lab: NVLAP 100432-0

AUC-10 GARP Cryptographic Module
(Hardware Version: P/N ROJ 208 16/3 R1A/1; Firmware Version: CXC 106 0272 R1C)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/16/2008 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #678); RNG (Cert. #394)

-Other algorithms: N/A

Multi-chip embedded

"The AUC-10 GARP Cryptographic Module (CM) is a multi-chip embedded module composed of the AGEN2R WCDMA Authentication Vectors Generation application executing on an Ericsson proprietary Generic Application Regional Processor (GARP) board. The 3rd Generation Partner Project (3GPP) organization defines standards followed by the telephony industry for 3G networks (GSM and WCDMA). The Authentication Center (AUC) is the specific entity that provides authentication and ciphering data to the WCDMA system."
940 IBM® Corporation
9032 S Rita Rd
Tucson, AZ 85744
USA

-James Karp

-Paul Greco

CST Lab: NVLAP 200427-0

IBM System Storage TS1120 Tape Drive - Machine Type 3592, Model E05
(Hardware Version: 23R6564 EC level H82149; Firmware Version: 95P5203 EC level H82669)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/16/2008 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #631 and #632); RNG (Cert. #362); RSA (Cert. #291); SHS (Cert. #671)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG

Multi-chip embedded

"The TS1120 / 3592 E05 Tape Drive provides full line speed, fully validated, hardware implemented, AES 256 bit encryption and compression of customer data recorded to tape. It ensures data confidentiality in the event of a lost tape while also supporting additional cryptographic functions for authentication and secure transfer of key material."
939 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Versions: 3.8.5.11b and 3.8.5.11c)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 04/23/2008 Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 8300 with BlackBerry OS Version 4.3

-FIPS-approved algorithms: Triple-DES (Certs. #653 and #654); AES (Certs. #734, #735, #736 and #737); SHS (Certs. #751 and #752); HMAC (Certs. #400 and #401); RSA (Certs. #344 and #345); RNG (Certs. #428 and #429); ECDSA (Certs. #78 and #79)

-Other algorithms: EC Diffie-Hellman key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
938 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation Secure Flash Drive Cryptographic Module
(Hardware Versions: P/Ns 46.012.001.01 Version 1.0, 46.012.001.02 Version 1.0, 46.012.001.04 Version 1.0, and 46.012.001.08 Version 1.0; Firmware Versions: 1.3 and 1.33)

(Files distributed with the module mounted within the CD Drive are excluded from the validation.)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/17/2008;
02/24/2009;
10/26/2011;
04/24/2012
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #655); RNG (Cert. #380); RSA (Cert. #305); SHS (Certs. #689 and #691)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant)

Multi-chip standalone

"The IronKey Secure Flash Drive has been designed to be the world's most secure flash drive. The onboard AES, RSA, SHA, and RNG engines deliver the gold standard in data and identity protection for consumers, enterprises, and government users alike. For more information, visit https://www.ironkey.com."
937 Imation Corp.
Discovery Bldg. 1A-041
One Imation Place
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

MXI Cryptographic NAND Controller (CNC)
(Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/17/2008;
06/23/2008;
06/01/2011;
04/24/2012
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555)

-Other algorithms: RSA (encrypt/decrypt)

Multi-chip embedded

"The MXI Cryptographic NAND Controller (CNC) provides FIPS 140-2 Approved security functionality to DiskOnKey USB flash drives. The CNC employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on FLASH memory. The module is a multi-chip embedded cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
936 Verbatim Americas LLC
1200 West WT Harris Blvd.
Charlotte, NC 28262
USA

-Mark Rogers
TEL: 704-547-6600
FAX: 704-547-6522

CST Lab: NVLAP 100432-0

Store 'n' Go Corporate Secure FIPS
(Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/17/2008;
06/23/2008
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555)

-Other algorithms: RSA (encrypt/decrypt)

Multi-chip embedded

"The Store 'n' Go Corporate Secure FIPS provides FIPS 140-2 Approved security functionality to DiskOnKey flash drives. The Store 'n' Go Corporate Secure FIPS employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on DiskOnKey FLASH memory. The module is a multi-chip embedded cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
935 Tait Electronics Ltd
175 Roydvale Avenue
Christchurch, New Zealand

-Werner Hoepf
TEL: + 64 3 358 6613

CST Lab: NVLAP 200002-0

TEL_crypto_module
(Firmware Version: 1.1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 04/17/2008 Overall Level: 1 

-Tested: Texas Instruments TMS320C5509 and TNS320C5510 Digital Signal Processors

-FIPS-approved algorithms: AES (Cert. #537); TDES (Cert. #539); SHS (Cert. #672); HMAC (Cert. #327); RNG (Cert. #343)

-Other algorithms: N/A

Single-chip

"Firmware implementation of the Tait FIPS 140-2 Crypto module used in the Tait Electronics Ltd digital product range."
934 Neopost Technologies
113 rue Jean-Marin Naudin
Bagneaux, 92220
France

-Patrick Blanluet
TEL: 33 1 45 36 30 00
FAX: 33 1 45 36 30 10

CST Lab: NVLAP 100432-0

PSD Model 105, 106, 115, 116, 125, 126, 127, 128, 101, 102, 111, 112, 121, 122, 130, 132, 137, 138
(Hardware Versions: P/Ns 4129955L, 4129955LD or 4150859LB; Firmware Versions: P/N 4145524DA Version 22.4.3, P/N 4148361JA Version 22.17, P/N 4149089SA Version 22.17.1, P/N 4151502FA Version 23.06 or P/N 4152277NB Version 23.08)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/17/2008;
09/12/2008;
01/26/2009;
06/18/2009;
04/09/2010;
07/02/2010;
03/15/2011;
07/05/2011;
02/23/2012;
04/12/2012
Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS-approved algorithms: Triple-DES (Cert. #558); Triple-DES MAC (Triple-DES Cert. #558, vendor affirmed); AES (Cert. #563); SHS (Cert. #629); RNG (Cert. #328); RSA (Cert. #260); HMAC (Cert. #300)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength)

Multi-chip embedded

"Neopost PSD (Postal Secure Device) for Middle to High Range Franking Machines."
933 Trapeze Networks
5753 W. Las Positas Blvd.
Pleasanton, CA 94588
USA

-Ted Fornoles
TEL: 925-474-2602
FAX: 925-251-0642

CST Lab: NVLAP 100432-0

MP-422F Mobility Point
(Hardware Version: P/N MP-422F Rev. A; Firmware Versions: MSS 6.1.0.3, MSS 6.1.0.4 and MSS 6.1.1.2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/08/2008;
11/06/2008;
08/28/2009
Overall Level: 2 

-FIPS-approved algorithms: AES CCM (Cert. #641); HMAC (Cert. #330); SHS (Cert. #676)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RNG (non-compliant)

Multi-chip standalone

"Trapeze Networks delivers Smart Mobile WLAN network solutions, enabling govt. agencies and enterprises to deploy and manage scalable, secure, mobile applications. It supports the IEEE 802.11i security specification and wireless IDS, application-aware switching, location tracking, voice and seamless indoor/outdoor mobility. The Smart Mobile family of wireless products includes high-performance Mobility Exchange® LAN controllers and Mobility Point® access points for secure indoor and outdoor wireless networks, Mobility System Software® and RingMaster® lifecycle WLAN management software."
932 SanDisk Corporation
601 McCarthy Boulevard
Milpitas, CA 95035-0459
USA

-Daniel Shefer
TEL: 408-801-1563
FAX: 408-801-8508

CST Lab: NVLAP 100432-0

S2 FIPS DiskOnKey Controller
(Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600, 6.612 and 6.615)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/08/2008;
05/08/2008;
06/23/2008;
10/16/2008
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555)

-Other algorithms: RSA (encrypt/decrypt)

Multi-chip embedded

"The SanDisk S2 FIPS DiskOnKey Controller provides FIPS 140-2 Approved security functionality to SanDisk DiskOnKey USB flash drives. The S2 FIPS DiskOnKey Controller employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on DiskOnKey FLASH memory. The module is a multi-chip embedded cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
931 Secure Computing Corporation
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Chuck Monroe
TEL: 651-628-2799
FAX: 651-628-2701

CST Lab: NVLAP 200017-0

Cryptographic Module for SecureOS® v9.7.1
(Software Version: 9.7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/31/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SecureOS® v6.1 and v7.0 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #548); AES (Cert. #552); DSA (Cert. #225); SHS (Cert. #617); HMAC (Cert. #293); RSA (Cert. #248); RNG (Cert. #320)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The Cryptographic Module for SecureOS® is software providing cryptographic services for applications on versions of Sidewinder® and Sidewinder G2® Security Appliance™. Sidewinder is a line of comprehensive network gateway security appliances consolidating a variety of Internet security functions including TrustedSource™, IPS, firewall, VPN, anti-virus, anti-spam, SSL decryption, and more. Sidewinder G2® is Common Criteria EAL4+ certified as compliant with the US DoD Application-level Firewall Protection Profile for Medium Robustness."
930 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

Atalla Cryptographic Subsystem (ACS)
(Hardware Version: P/N 543856-001; Firmware Versions: Loader Version 1.0, PSMCU Version 7.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/14/2008;
09/19/2011
Overall Level: 4 

-FIPS-approved algorithms: AES (Cert. #406); RNG (Cert. #200); RSA (Cert. #148); SHS (Cert. #473)

-Other algorithms: N/A

Multi-chip embedded

"The ACS is a multi-chip embedded cryptographic module. It consists of a secure hardware platform (a full length PCI Card) and a secure firmware loader. The purpose of the module is to load application programs, called "personalities," in a secure manner."
929 Kingston Technology Company
17600 Newhope Street
Fountain Valley, CA 92708
USA

-Mark Akoubian
TEL: 714-438-2719
FAX: 714-427-3598

CST Lab: NVLAP 100432-0

Kingston S2 CM
(Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2008;
04/04/2008;
06/23/2008
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555)

-Other algorithms: RSA (encrypt/decrypt)

Multi-chip embedded

"The Kingston S2 CM is the core component of this performance secure USB Flash Drive. All data stored in the userÆs private partition is encrypted in hardware without reducing performance. The Kingston S2 CM provides encryption, user authentication and access control independent of the host software and hardware."
928 Comtech Mobile Datacom Corporation
20430 Century Blvd.
Gaithersburg, MD 20874
USA

-John Fossaceca
TEL: 240-686-2146
FAX: 240-686-3301

-Bill Vaughan
TEL: 240-686-3300
FAX: 240-686-3301

CST Lab: NVLAP 200427-0

MTM-203 Satellite Mobile Transceiver
(Hardware Version: P/N CMDC-203-X0GA1, Revision A2; Firmware Versions: Commercial Firmware: C.3.7.Y and C.3.7.Z, and Boot Code: 2.3.E)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/18/2008;
04/29/2008;
12/03/2008
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #626); HMAC (Cert. #245); RNG (Cert. #271); SHS (Cert. #561); Triple-DES (Cert. #502)

-Other algorithms: AES (key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; RNG (non-compliant); Triple-DES (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"CMDC's MTM-203 is a small, low power L-Band satellite transceiver for power, weight and space-restrictive applications. The MTM-203 is designed for easy integration into systems that benefit from secure, near real-time, over-the-horizon communications. The MTM-203 is based on battlefield proven technology that enables many new applications, such as handheld and covert devices. The module provides messaging connectivity worldwide with other mobile and terrestrial connected users of CMDC's proprietary network. CMDC's products operate on a variety of satellite providers without reconfiguration."
927 Mocana Corporation
350 Sansome Street
Suite 210
San Francisco, CA 94104
USA

-Lee Cheng
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Module
(Software Versions: 3.06.1, 3.06.1a and 4.2f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/14/2008;
05/08/2008;
06/05/2009;
11/20/2009;
12/08/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows CE 4.2; Linux Kernel 2.6; uCLinux Kernel 2.4; VxWorks 5.5 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #665); Triple-DES (Cert. #611); SHS (Cert. #697); HMAC (Cert. #349); RSA (Cert. #308); DSA (Cert. #247); RNG (Certs. #384 and #443)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength)

Multi-chip standalone

"The Mocana Cryptographic Module is used in conjunction with Mocana's scalable, high performance embedded security solutions. These include: Mocana EAP supplicant/authenticator, Mocana SSL/TLS Client & Server, Mocana SSH Client & Server and Mocana IPsec/IKE."
926

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/11/2008;
12/03/2008
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

925 Athena Smartcard Inc.
20380 Town Center Lane
Suite 240
Cupertino, CA 95014
USA

-Ian Simmons
TEL: 408-865-0112
FAX: 408-865-0333

CST Lab: NVLAP 100432-0

Athena IDProtect
(Hardware Version: P/N AT90SC25672RCT Revision D; Firmware Version: 0106.6340.0101)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/14/2008 Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #560); Triple-DES MAC (Triple-DES Cert. #560, vendor affirmed); AES (Cert. #577); SHS (Cert. #633); RNG (Cert. #332); RSA (Cert. #264)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Single-chip

"Athena Smartcard Solutions is a global smart card company offering a wide range of smart card products and solutions for Government, Enterprise and Financial institutions. Athena's products include advanced smart card operating systems, cross-platform cryptographic middleware and innovative biometric and card management solutions as well as advanced smart card readers. Athena offers FIPS and VISA certified Java Card solutions for ID and Finance on various smart card silicon and in a variety of form-factors."
924 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder® FIPS Module
(Firmware Versions: 4.0 B and 4.0 S)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 03/14/2008;
03/06/2009
Overall Level: 1 

-Tested: ARM 920T processor, running Hand Held Products BASE firmware 31205423-052; Hand Held Products Scanner firmware 31205480-025

-FIPS-approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
923 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200427-0

AirFortress® Wireless Security Gateways
(Hardware Versions: AF2100 and AF7500; Firmware Version: 3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/29/2008;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #550); HMAC (Cert. #291); RNG (Cert. #318); SHS (Cert. #615); Triple-DES (Cert. #546)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5

Multi-chip standalone

"The AirFortress® Wireless Security Gateways are electronic encryption modules that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress« Wireless Security Gateways provide encryption, data integrity checking, authentication, access control, and data compression."
922 Software House
6 Technology Park Drive
Westford, MA 01886
USA

-Rick Focke
TEL: 978-577-4266
FAX: 978-577-4392

CST Lab: NVLAP 200697-0

iSTAR eX Controller
(Hardware Version: STAREX004W-64; Firmware Version: 4.1.1.12045)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 02/29/2008;
03/07/2008;
02/10/2011
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #433); RNG (Cert. #283); SHS (Cert. #575); RSA (Cert. #219)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The iSTAR eX controller is a security door controller which is connected to at least one card reader and a door. The iSTAR eX controller works from a database stored internally in memory for determining access privilege of an individual. When a card is swiped by a reader the data goes to the iSTAR eX controller. The controller then sends a notify message to the access database to determine if access is allowed. If access is granted then the iSTAR eX controller sends an open command back to the door and access is granted. If access is not granted the door remains closed and locked."
921 Sterling Commerce, Inc.
4600 Lakehurst Court
Dublin, OH 43016-2000
USA

-Shryl Tidmore
TEL: 469-524-2681
FAX: 972-953-2690

-Terrence Shaw
TEL: 469-524-2413
FAX: 972-953-2816

CST Lab: NVLAP 200556-0

Sterling Crypto-C
(Software Version: 1.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/29/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Sun Solaris 10; IBM AIX 5L(TM) 5.3; and HP-UX 11i v2 (single-user mode)

-FIPS-approved algorithms: SHS (Cert. #655); HMAC (Cert. #312); RSA (Cert. #280); DSA (Cert. #235); RNG (Cert. #403); Triple-DES (Cert. #578); AES (Cert. #605)

-Other algorithms: DES; RC2; RC4; Blowfish; CAST; MD2; MD4; MD5; RIPEMD; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"Sterling Crypto-C is a software module implemented as two dynamic libraries. Sterling Crypto-C provides security capabilities, such as encryption, authentication, and signature generation and verification for Sterling Commerce's managed file transfer solutions."
920 Security First Corp.
22362 Gilberto Suite 130
Rancho Santa Margarita, CA 92688
USA

-Rick Orsini
TEL: 949-858-7525
FAX: 949-858-7092

CST Lab: NVLAP 100432-0

SecureParser
(Software Versions: 4.5.0 and 4.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/29/2008 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3-Operational Environment: Tested as meeting Level 1 with Windows XP, Window Server 2003, Red Hat Linux Enterprise v4, SUSE Linux Enterprise v10 (single user mode)

-FIPS-approved algorithms: AES (Certs. #594 and #687); RNG (Certs. #330 and #401); RSA (Certs. #262 and #321); DSA (Certs. #229 and #260); SHS (Certs. #631and #716); HMAC (Certs. #302 and #366); ECDSA (Certs. #63 and #77)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength)

Multi-chip standalone

"The SecureParser is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
919 Hughes Network Systems
11717 Exploration Lane
Germantown, MD 20876
USA

-Vivek Gupta
TEL: 301-548-1292
FAX: 301-428-1868

CST Lab: NVLAP 200556-0

Hughes Crypto Kernel
(Firmware Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 02/29/2008 Overall Level: 1 

-Tested: Hughes 7700S Satellite Router running VxWorks 5.4

-FIPS-approved algorithms: AES (Cert. #616); SHS (Cert. #664); HMAC (Cert. #319); DSA (Cert. #239); RNG (Cert. #351)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 128 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-1."
918 Open Source Software Institute
Administrative Office
P.O. Box 547
Oxford, MS 38655
USA

-John Weathersby
TEL: 601-427-0152
FAX: 601-427-0156

CST Lab: NVLAP 200017-0

OpenSSL FIPS Object Module
(Source Content Version: 1.1.2; Resultant Compiled Software Version: 1.1.2)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files, including the specified OpenSSL distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a FIPS 140-2 non-compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 02/29/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SuSE Linux Version 10.2 (gcc Compiler Version 4.1.2)

-FIPS-approved algorithms: Triple-DES (Cert. #613); AES (Cert. #668); SHS (Cert. #701); HMAC (Cert. #352); RSA (Cert. #310); RNG (Cert. #387)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DSA (Cert. #250; non-compliant)

Multi-chip standalone

"The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from http://www.openssl.org/source/"
917 CardLogix Corporation
16 Hughes, Suite 100
Irvine, CA 92618
USA

-Ken Indorf
TEL: 949-380-1312
FAX: 949-380-1428

CST Lab: NVLAP 100432-0

CardLogix Credentsys-J
(Hardware Version: P/N AT90SC12872RCFT Rev. J; Firmware Version: Credentsys-J PIV applet Version 2.3.0.8, OS755 Version 07.0107.04)

(PIV Card Application: Cert. #9)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 02/13/2008;
04/29/2008
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #566); Triple-DES MAC (Triple-DES Cert. #566, vendor affirmed); AES (Cert. #595); RNG (Cert. #339); RSA (Cert. #272); SHS (Cert. #644)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Single-chip

"CREDENTSYS-J is a secure smart card that is designed for National ID systems and multi-use enterprise security environments. The CREDENTSYS-J card is based on Java Card TM 2.2.1 and Global Platform 2.1.1 architectures and is readily deployable into existing or new PKI environments. CREDENTSYS-J cards offer a combination of high performance and cost-effectiveness by running on advanced 32-bit RISC processor cores with TDES and PKI cryptographic accelerations."
916 SafeNet Inc.
350 Convention Way
Redwood City, CA 94063
USA

-Eric Murray
TEL: 650-261-2400
FAX: 650-261-2401

CST Lab: NVLAP 100432-0

DataSecure Appliance i416, i426 and i116
(Hardware Versions: P/N DS-0116-0100-00 (i116); P/N DS-0416-0100-00 (i416); P/N DS-0426-0100-00 (i426); Firmware Version: 4.6.2p01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/29/2008;
11/06/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #565); AES (Cert. #588); DSA (Cert. #231); RNG (Cert. #335); RSA (Cert. #269); SHS (Cert. #640); HMAC (Cert. #306)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES; SEED; MD5; RC4

Multi-chip standalone

"The SafeNet DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
915 Hughes Network Systems
11717 Exploration Lane
Germantown, MD 20876
USA

-Vivek Gupta
TEL: 301-548-1292
FAX: 301-428-1868

CST Lab: NVLAP 200556-0

Hughes Crypto Kernel
(Software Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 02/13/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #616); SHS (Cert. #664); HMAC (Cert. #319); DSA (Cert. #239); RNG (Cert. #351)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 128 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-1."
914 SBI Net Systems Co., Ltd.
Meguro Tokyu Bldg.
5th Floor
2-13-17
Kamiosaki Shinagawa-ku,, Tokyo 141-0021
Japan

-Hidemitsu Noguchi
TEL: +81 3 5447 2551
FAX: +81 3 5447 2552

CST Lab: NVLAP 200427-0

C4CS Lite and CSL software cryptographic modules
(Software Versions: 2.1.0 (C4CS Lite) and 2.1.0 (CSL))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/07/2008;
08/29/2008
Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 with SP3 and Q326886 Hotfix running on a Dell Optiplex GX400

-FIPS-approved algorithms: AES (Cert. #360); SHS (Cert. #435); RNG (Cert. #173); HMAC (Cert. #160); RSA (Cert. #207)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); C4Custom (C4CS Lite only); SSS

Multi-chip standalone

"C4CS Lite and CSL are software cryptographic modules that provide symmetric/asymmetric ciphers, hash functions, and secret sharing schemes in FIPS mode."
913 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Aironet LWAPP AP1131AG and AP1242AG Wireless LAN Access Points
(Hardware Versions: 1131 Revision C0, 1242 Revision A0; Firmware Versions: 4.1.171.0[1] and 4.1.185.10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/07/2008;
03/07/2008;
11/06/2008;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #370, #591[1] and #592[1], #905[2] and #907[2]); HMAC (Certs. #308[1] and #498[2]); RNG (Certs. #337[1] and #520[2]); RSA (Certs. #270[1] and #441[2]); SHS (Certs. #642[1] and #895[2])

-Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"The Cisco LWAPP Aironet 1131 & 1242 access points deliver the versatility, high capacity, security, and enterprise-class features required for small, medium and large Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the LWAPP, MFP, IEEE 802.11i & IEEE 802.1x standards & AES for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security. The Cisco APs are also Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
912 Sterling Commerce, Inc.
4600 Lakehurst Court
PO Box 8000
Dublin, OH 43016-2000
USA

-Shryl Tidmore
TEL: 469-524-2681

-Adrian Glanvill
TEL: 614-793-3757

CST Lab: NVLAP 200017-0

Sterling FIPS Crypto-J Module
(Software Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/12/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1, 1.4.2 and 1.5.0 running on Windows XP 32-bit; Windows XP 64-bit; Red Hat Linux Application Server 3.0 32-bit; Red Hat Linux Application Server 4.0 64-bit; Solaris 9 32-bit; Solaris 9 64-bit; Solaris 10 32 bit SPARC (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #485); AES (Cert. #469); SHS (Cert. #537); HMAC (Cert. #227); RNG (Cert. #254); DSA (Cert. #193); ECDSA (Cert. #41); RSA (Cert. #191)

-Other algorithms: ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC MQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The Sterling FIPS Crypto-J Module is a cryptographic toolkit for Java language users, providing services of various cryptographic algorithms such as hash algorithms, encryption schemes, message authentication, and public key cryptography."
911 Harris Corporation
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Dennis L. Warheit
TEL: 434-455-9205

CST Lab: NVLAP 200427-0

Harris Corporation Wireless Systems Cryptographic Library (SECLIB)
(Software Version: R1A)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/07/2008;
07/02/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Windows Server 2003 SP2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #637); Triple-DES (Cert. #591); SHS (Cert. #673); HMAC (Cert. #328); RNG (Cert. #363)

-Other algorithms: AES MAC (AES Cert. #637; non-compliant); DES; DES MAC

Multi-chip standalone

"The Harris Corporation Wireless Systems Cryptographic Library is a software-based cryptographic module that provides encryption, authentication, and other security support services to various M/A-Com product applications. It specifically satisfies FIPS 140-2 Level 1 requirements."
910 IBM® Corporation
Nymollevej 91
Lyngby, DK-2800
Denmark

-Crypto Competence Center Copenhagen
TEL: +45 4523 4441
FAX: +45 4523 6802

CST Lab: NVLAP 200427-0

IBM CryptoLite for Java
(Software Version: 4.2)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/07/2008;
03/07/2008;
06/24/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista with Sun Java JRE 1.6.0 (single user mode)

-FIPS-approved algorithms: AES (Cert. #659); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECDSA (Cert. #71); HMAC (Cert. #341); RNG (Cert. #379); SHS (Cert. #692)

-Other algorithms: N/A

Multi-chip standalone

"The IBM CryptoLite for Java (CLiJ) v4 is a Java Cryptographic Extension (JCE) compliant cross-platform software library which provides APIs for the cryptographic functions specified in NSA Suite B. CLiJ includes specific high performance implementations of a number of cryptographic algorithms and services. CliJ has highly optimized elliptic curve operations and very efficient implementation of finite field arithmetic.CLiJ can be used on any JVM running Java version 1.5 or higher. CLiJ is compliant with ANSI X9.62, ANSI X9.63 and IEEE 1363."
909 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Kostas Vassilakis
TEL: 203-924-3610
FAX: 203-924-3409

CST Lab: NVLAP 100432-0

Pitney Bowes Cryptographic Coprocessor for Virtual Meter (CCV)
(Hardware Versions: P/Ns 41U0438 and 12R8561, Model 4764-001; Firmware Version: Miniboot FW v1.25, Segment 2 FW v1.3, CCV Application FW v3.02.05)

(When operated with module IBM eServer Cryptographic Coprocessor Security Module validated to FIPS 140-2 under Cert. #661 and operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/07/2008 Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #215); Triple-DES MAC (Triple-DES Cert. #215, vendor affirmed); SHS (Cert. #194); DSA (Cert. #147); RNG (Cert. #132)

-Other algorithms: DES MAC

Multi-chip embedded

"The Pitney Bowes Cryptographic Coprocessor for Virtual Meter (CCV) module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
908 GlobalSCAPE, Inc.
6000 Northwest Parkway
Suite 100
San Antonio, TX 78249
USA

-Mike Hambidge
TEL: 210-293-7921
FAX: 210-690-8824

CST Lab: NVLAP 200556-0

GlobalSCAPE® Cryptographic Module
(Software Version: 1.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/07/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #618); Triple-DES (Cert. #586); DSA (Cert. #240); SHS (Cert. #666); RSA (Cert. #287); HMAC (Cert. #320); RNG (Cert. #388)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; MD2; MD4; MD5; MDC2; RIPEMD160; Blowfish; CAST5; RC2; RC4; RC5; IDEA

Multi-chip standalone

"The GlobalSCAPE® Cryptographic Module (GSCM) provides cryptographic services for the GlobalSCAPE family of software products such as Secure FTP Server and EFT Server. The services include symmetric/asymmetric encryption/decryption, digital signatures, message digest, message authentication, random number generation, and SSL/TLS support. The GSCM is intended for use by applications through the moduleÆs Application Programming Interface (API), which is based on the OpenSSL API defined by the OpenSSL Project."
907 SBI Net Systems Co., Ltd.
Meguro Tokyu Bldg.
5th Floor
2-13-17
Kamiosaki Shinagawa-ku,, Tokyo 141-0021
Japan

-Hidemitsu Noguchi
TEL: +81 3 5447 2551
FAX: +81 3 5447 2552

CST Lab: NVLAP 200427-0

C4CS Lite and CSL software cryptographic modules
(Software Versions: 1.1.0 (C4CS Lite) and 1.1.0 (CSL))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/07/2008;
08/29/2008
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #360); SHS (Cert. #435); RNG (Cert. #173); HMAC (Cert. #160); RSA (Cert. #207)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); C4Custom (C4CS Lite only); SSS

Multi-chip standalone

"C4CS Lite and CSL are software cryptographic modules that provide symmetric/asymmetric ciphers, hash functions, and secret sharing schemes in FIPS mode."
906 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

ASA 5505 and ASA 5550
(Hardware Versions: 5505 and 5550; Firmware Versions: 7.2.2.18[1], 7.2.4.18[2] and 7.2.4.30[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/25/2008;
03/06/2009;
05/18/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #105, #536[1], #564 and #1010[2]); HMAC (Certs. #125, #283[1], #301 and #567[2]); RNG (Certs. #144, #309[1], #329 and #570[2]); RSA (Certs. #106, #242[1], #261 and #485[2]); SHS (Certs. #196, #606[1], #630 and #968[2]); Triple-DES (Certs. #217, #538[1], #559 and #779[2])

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
905 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-200A/200A-HD, FortiGate-300A/300A-HD, FortiGate-500A/500A-HD and FortiGate-800
(Hardware Versions: FortiGate-200/200A-HD (build C4AY89); FortiGate-300/300A-HD (build C4FK88); FortiGate-500/500A-HD (build C4BE21); FortiGate-800 (build C4UT39); Firmware Version: FortiOS 3.00, build 8317, 061121)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/25/2008;
02/21/2008
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #486, #487, #489 and #490); RNG (Cert. #251); AES (Certs. #471, #472, #475 and #476); SHS (Certs. #539, #540, #543 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229, #232 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
904 Foundry Networks
4980 Great America Pkwy
Santa Clara, CA 95054
USA

-Michael Hong
TEL: 408-207-1700

CST Lab: NVLAP 200427-0

Foundry Networks FIPS 140-2 Cryptographic Module
(Hardware Versions: FN1120-VBD-03-0200, FN1010-VBD-03-0200 and FN1005-VBD-03-0200; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/23/2008 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed)

-Other algorithms: AES-MAC (Certs. #551 and #189; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"The Foundry Networks FIPS 140-2 Cryptographic Modules resides on PCI card and provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
903 Foundry Networks
4980 Great America Pkwy
Santa Clara, CA 95054
USA

-Michael Hong
TEL: 408-207-1700

CST Lab: NVLAP 200427-0

Foundry Networks FIPS 140-2 Cryptographic Module
(Hardware Versions: FN1120-VBD-03-0200, FN1010-VBD-03-0200 and FN1005-VBD-03-0200; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/23/2008 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-Des Certs. #547 and #286, vendor affirmed)

-Other algorithms: AES-MAC (Certs. #551 and #189; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"The Foundry Networks FIPS 140-2 Cryptographic Module resides on a PCI card and provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
902 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Su-Chen Lin (Sue)
TEL: 408-936-8447
FAX: 408-936-3032

-Tim Stahlke
TEL: 408-936-7261
FAX: 408-936-3032

CST Lab: NVLAP 200697-0

Juniper Networks NetScreen-5GT
(Hardware Version: NS-5GT; Firmware Versions: 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/23/2008;
07/10/2008;
05/18/2009;
01/20/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #532); AES (Cert. #525); DSA (Cert. #216); SHS (Cert. #598); RNG (Cert. #301); RSA (Cert. #235); HMAC (Cert. #276)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The NetScreen-5GT appliance is a feature-rich, enterprise-class, network security solution that integrates a complete set of best-in-class UTM security features including IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering which allow the NetScreen-5GT to defend the network against worms, Spyware, Trojans, malware and other emerging attacks. The NetScreen-5GT Ethernet solution is ideal for environments that need hardwired connectivity backed by robust network, application and payload level security."
901 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Su-Chen Lin (Sue)
TEL: 408-936-8447
FAX: 408-936-3032

-Tim Stahlke
TEL: 408-936-7261
FAX: 408-936-3032

CST Lab: NVLAP 200697-0

Juniper Networks NetScreen-500
(Hardware Version: NS-500; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/16/2008;
07/10/2008;
05/18/2009;
01/20/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3

-FIPS-approved algorithms: DSA (Cert. #214); SHS (Cert. #590); Triple-DES (Cert. #527); AES (Cert. #517); HMAC (Cert. #268); RSA (Cert. #231); RNG (Cert. #293)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The NetScreen-500 is a purpose-built, security system designed to provide a flexible, high performance solution for medium and large enterprise central sites and service providers. The NetScreen-500 security system integrates firewall, DoS, VPN and traffic management functionality in a low-profile, modular chassis. It provides high levels of total throughput for firewall and VPN plus support for virtual systems and security zones."
900 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Su-Chen Lin (Sue)
TEL: 408-936-8447
FAX: 408-936-3032

-Tim Stahlke
TEL: 408-936-7261
FAX: 408-936-3032

CST Lab: NVLAP 200697-0

Juniper Networks SSG 5 and SSG 20
(Hardware Versions: P/N SSG-5 and SSG-20; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/16/2008;
07/10/2008;
05/18/2009;
01/20/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #533); AES (Cert. #526); DSA (Cert. #217); SHS (Cert. #599); RNG (Cert. #302); RSA (Cert. #236); HMAC (Cert. #277)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks Secure Services Gateway 5 (SSG 5) and Secure Services Gateway 20 (SSG 20) are purpose-built security appliances that deliver a perfect blend of performance, security and LAN\WAN connectivity for small branch office and small business deployments. Traffic flowing in and out of the branch office can be protected from worms, Spyware, Trojans, and malware by a complete set of Universal Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering."
899 IBM® Corporation
Nymøllevej 91
Lyngby, DK-2800
Denmark

-Crypto Competence Center Copenhagen
TEL: +45-4523-4441
FAX: +45-4523-6802

CST Lab: NVLAP 200427-0

IBM CryptoLite for C
(Software Version: 4.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 01/16/2008 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Vista Ultimate; Red Hat Enterprise Linux v4 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #615); Triple-DES (Cert. #585); SHS (Cert. #663); DSA (Cert. #238); RSA (Cert. #286); RNG (Cert. #350); HMAC (Cert. #318); ECDSA (Cert. #66)

-Other algorithms: DES; CAST-5; CAST-6; RC2; ArcFour; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ECDH (key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 to 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD2; MD5; Whirlpool; HMAC MD5

Multi-chip standalone

"IBM CryptoLite is a C software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance."
898 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Su-Chen Lin (Sue)
TEL: 408-936-8447
FAX: 408-936-3032

-Tim Stahlke
TEL: 408-936-7261
FAX: 408-936-3032

CST Lab: NVLAP 200697-0

Juniper Networks NetScreen-204 and NetScreen-208
(Hardware Versions: NS-204 and NS-208; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/16/2008;
07/10/2008;
05/18/2009;
01/20/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA (Cert. #215); SHS (Cert. #591); Triple-DES (Cert. #528); AES (Cert. #518); HMAC (Cert. #269); RSA (Cert. #232); RNG (Cert. #294)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks NetScreen-200 Series is one of the most versatile pair of security appliances available today. They easily integrate and secure many different network environments, including medium and large enterprise offices, e-business sites, data centers, and carrier infrastructure. Complete with either four or eight auto-sensing 10/100 Base-T Ethernet ports, the NetScreen-200 Series performs firewall functions at wire speed (375 Mbps on the NetScreen-204 and NetScreen-208)."
897 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Su-Chen Lin (Sue)
TEL: 408-936-8447
FAX: 408-936-3032

-Tim Stahlke
TEL: 408-936-7261
FAX: 408-936-3032

CST Lab: NVLAP 200697-0

Juniper Networks NetScreen-5200 and NetScreen-5400
(Hardware Versions: NS-5200 and NS-5400; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/16/2008;
07/10/2008;
05/18/2009;
01/20/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA (Cert. #212); SHS (Cert. #587); Triple-DES (Cert. #524); AES (Cert. #514); HMAC (Cert. #265); RSA (Cert. #228); RNG (Cert. #290)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks NetScreen-5000 series is a line of purpose-built, high-performance firewall/VPN security systems designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5000 series consists of two products: the 2-slot NetScreen-5200 system and the 4-slot NetScreen-5400 system. NetScreen-5000 security systems integrate firewall, VPN, DoS and DDoS protection, and traffic-management functionality, in a low-profile modular chassis."
896 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Su-Chen Lin (Sue)
TEL: 408-936-8447
FAX: 408-936-3032

-Tim Stahlke
TEL: 408-936-7261
FAX: 408-936-3032

CST Lab: NVLAP 200697-0

Juniper Networks ISG 1000 and ISG 2000
(Hardware Versions: P/N NS-ISG-1000 and NS-ISG-2000; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/16/2008;
07/10/2008;
05/18/2009;
01/20/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA (Cert. #213); SHS (Cert. #588); Triple-DES (Cert. #525); AES (Cert. #515); HMAC (Cert. #266); RSA (Cert. #229); RNG (Cert. #219)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks NetScreen ISG 1000 and ISG 2000 are Internet security devices that integrate firewall, virtual private networking (VPN), and traffic shaping functions. Through the VPN, the NetScreen ISG devices provide the following: IPSec standard security, Triple-DES, and Advanced Encryption Standard (AES) encryption, Manual and automated IKE (ISAKMP), and Use of RSA and DSA certificates."
895 Xirrus, Inc.
370 N. Westlake Blvd.
Suite 200
Westlake Village, CA 91362
USA

-Patrick Parker
TEL: 805-497-0955
FAX: 866-462-3980

CST Lab: NVLAP 100432-0

Xirrus Wireless LAN Array
(Hardware Versions: Models: XS-3900 P/Ns 190-0001-001, 190-0001-002, 190-0001-003, 190-0001-004 Version B1; XS-3700 P/Ns 190-0005-001, 190-0005-002, 190-0005-003, 190-0005-004 Version B1; XS-3500 P/Ns 190-0004-001, 190-0004-003 Version A1; WFX-3900 P/N 190-0016-001 Version A1; WFX-3700 P/N 190-0017-001 Version A1; WFX 3500 P/N 190-0018-001 Version A; XS4 P/N 190-0092-001 Version A; XS8 P/N 190-0091-001 Version A; XS16 P/N 190-0090-001 Version A; Firmware Version: 3.2-0477)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/10/2008 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #470); RNG (Cert. #255); HMAC (Cert. #304); SHS (Cert. #638); RSA (Cert. #290)

-Other algorithms: RC4; MD5

Multi-chip standalone

"The Xirrus Wireless LAN Array represents the next generation in enterprise wireless LAN architecture - combining the functionality of a WLAN switch and Integrated Access Points (IAPs) in a single device. The WLAN Array delivers Gigabit-class Wi-Fi bandwidth to an extended coverage area simplifying the wireless LAN setup."
894 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Version: 6.0.6000.16386)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

Multi-chip standalone

"DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
893 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Enhanced Cryptographic Provider (RSAENH)
(Software Version: 6.0.6000.16386)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
892 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Microsoft Windows Cryptographic Primitives Library (bcrypt.dll)
(Software Version: 6.0.6000.16386)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #553); DSA (Cert. #227); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4

Multi-chip standalone

"BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
891 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Microsoft Kernel Mode Security Support Provider Interface (ksecdd.sys)
(Software Versions: 6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008;
10/16/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 50 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5

Multi-chip standalone

"KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
890 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Code Integrity (ci.dll)
(Software Version: 6.0.6000.16386)

(When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #889 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS-approved algorithms: RSA (Cert. #255); SHS (Cert. #618)

-Other algorithms: N/A

Multi-chip standalone

"This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
889 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Winload OS Loader (winload.exe)
(Software Versions: 6.0.6000.16386, 6.0.6000.16476 and 6.0.6000.20586)

(When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #888 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #424); RSA (Cert. #255); SHS (Cert. #618)

-Other algorithms: N/A

Multi-chip standalone

"This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
888 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Boot Manager (bootmgr)
(Software Version: 6.0.6000.16386)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #424); HMAC (Cert.#298); RSA (Cert. #255); SHS (Cert. #618)

-Other algorithms: N/A

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
887 ARX (Algorithmic Research)
10 Nevatim Street
Kiryat Matalon, Petach Tikva 49561
Israel

-Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0

CoSign
(Hardware Version: 4.0; Firmware Version: 4.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/07/2008;
03/07/2008;
10/02/2009
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #498 and #523); Triple-DES MAC (Triple-DES Cert. #498, vendor affirmed); SHS (Certs. #554 and #586); HMAC (Cert. #241); RNG (Cert. #265); RSA (Cert. #227)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organizationÆs end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data."
886 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Client Bridge
(Hardware Version: 1.0; Firmware Version: 2.1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/07/2008;
03/26/2010
Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #545); Triple-DES (Cert. #541); SHS (Cert. #609); RNG (Cert. #312); HMAC (Cert. #286)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DSA (non-compliant); RSA (non-compliant); MD2; MD5; Blowfish; CAST; IDEA; RC2; RC4; RC5

Multi-chip standalone

"The Fortress Secure Client Bridge is a hardware module designed to deliver security on wireless and wired devices that cannot run the Fortress Secure Client software. A plug-and-play solution, the Secure Client Bridge encrypts and decrypts communication across the WLAN and LAN and protects the device against attacks without user intervention."
885 L-3 Communications Linkabit
3033 Science Park Road
San Diego, CA 92121
USA

-Rick Roane
TEL: 858-597-9097
FAX: 858-552-9660

CST Lab: NVLAP 100432-0

MPM-1000, 70 MHz Layout 1; MPM-1000, 70 MHz Layout 2; and MPM-1000, L-Band
(Hardware Versions: P/N 119811-1, 119903-30 and 119903-3; Firmware Version: 121423-00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/07/2008;
02/23/2009
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #439, #440 and #441); RNG (Cert. #228); DSA (Cert. #180); HMAC (Cert. #206); SHS (Cert. #507)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The MPM-1000 is a dual-use civilian/military modem used to transport IP data traffic over satellite communication links using a secure Multi-Frequency Time Division Multiple Access (MF-TDMA) protocol. The MPM-1000 also functions as a MIL-STD-165A modem for use in Single Channel Per Carrier (SCPC) Frequency Division Multiple Access (FDMA) satellite communications."
884 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Su-Chen Lin (Sue)
TEL: 408-936-8447
FAX: 408-936-3032

-Tim Stahlke
TEL: 408-936-7261
FAX: 408-936-3032

CST Lab: NVLAP 200697-0

Juniper Networks SSG 520M and SSG 550M
(Hardware Versions: P/N SSG 520M and SSG 550M; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/14/2007;
07/10/2008;
05/18/2009;
01/20/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA (Cert. #218); SHS (Cert. #601); Triple-DES (Cert. #535); AES (Cert. #529); HMAC (Cert. #278); RSA (Cert. #239); RNG (Cert. #304)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks Secure Services Gateway 500 Series (SSG) represents a new class of purpose-built security appliance that delivers a perfect mix of performance, security and LAN/WAN connectivity for regional and branch office deployments. Traffic flowing in and out of the branch office is protected from worms, Spyware, Trojans, and malware by a complete set of Unified Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering."
883 TriCipher, Inc.
1900 Alameda de las Pulgas
Suite 112
San Mateo, CA 94403
USA

-Tim Renshaw
TEL: 650-372-1300

CST Lab: NVLAP 200416-0

TriCipher Common Core Cryptographic Module
(Software Version: 3.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/14/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun JDS Linux 2.4.19 and Microsoft Windows XP (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #571); RSA (Cert. #273); HMAC (Cert. #310); SHS (Cert. #649); RNG (Cert. #341)

-Other algorithms: DES; MD5; RSA (PKCS #5); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The CCCM provides all cryptographic functionality used by TriCipher's ID Tool, APIs and other client-side products."
882 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder® FIPS Module
(Software Version: 2.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/14/2007;
11/06/2008;
03/06/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Yellow Dog Linux 2.6 and Maemo Linux 5 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #545); AES (Cert. #549); SHS (Cert.#614); HMAC (Cert. #290); RNG (Cert. #317); DSA (Cert. #223); ECDSA (Cert. #57); RSA (Cert. #246)

-Other algorithms: DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-complaint less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; ECNR; ECQV; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-complaint less than 80 bits of encryption strength); ECIES

Multi-chip standalone

"The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
881 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress® Wireless Security Gateway
(Hardware Version: AF7500; Firmware Version: 2.5.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/30/2007;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188)

-Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment provides 56 bits of encryption strength); DES; MD5; RSA (non-compliant); RNG (non-compliant)

Multi-chip standalone

"The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
880 ActivIdentity, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Stephane Ardiley
TEL: 510-745-6288
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivIdentity Digital Identity Applet Suite V2 for PIV
(Hardware Version: HW P/N 77 Versions E303-063683 and E303-063684; Firmware Versions: ACA applet package v2.6.2.2 and 2.6.2.A3; PKI/GC applet package v2.6.2.3 and 2.6.2.A1; ASC library package v2.6.2.2 and 2.6.2.A1; PIV End-Point packages v2.6.2.6, v2.6.2.A1 and v2.6.2.A2)

(PIV Card Application: Cert. #7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2007;
12/18/2007;
01/25/2008;
04/29/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Triple-DES Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES; DES MAC

Single-chip

"This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured to use with ActivIdentity applet suite v2.6.2 for the support of GSC-IS v2.1, NIST SP800-73-1 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
879 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

PIX 515 and PIX 515E
(Hardware Versions: 515 and 515E; Firmware Version: 7.2.2.18)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2007;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #209 and #536); HMAC (Certs. #15 and #283); RNG (Cert. #309); RSA (Certs. #107 and #242); SHS (Certs. #285 and #606); Triple-DES (Certs. #298 and #538)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
878 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200427-0

Fortress Secure Client
(Software Versions: 3.1 [1], 3.1.1 [1], 3.2 [2], 3.2.1 [3] and 3.2.2 [3])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/30/2007;
04/04/2008;
08/11/2009;
11/20/2009;
03/26/2010;
08/20/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional with SP2 [1]; Windows 2000 Professional with SP4 [1]; Windows 2003 Server with SP2 [1]; Windows CE 3.0 [1]; Windows CE 4.0 [1 and 2]; Windows CE 5.0 [1, 2 and 3] (single-user mode)

-FIPS-approved algorithms: AES (Certs. #607 [1], #1136 [2] and #1207 [3]); HMAC (Certs. #313 [1], #646 [2] and #702 [3]); RNG (Certs. #346 [1], #631 [2] and #668 [3]); SHS (Certs. #656 [1], #1057 [2] and #1110 [3]); Triple-DES (Certs. #579 [1], #828 [2] and #871 [3])

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5

Multi-chip standalone

"The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
877 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

7206VXR NPE-G1, 7206VXR NPE-G2 and 7301 with VAM2+ and 7206VXR NPE-G2 with VSA
(Hardware Versions: 7206VXR Version: 2.9, NPE-G1 Version: 2.1, NPE-G2 Version: 1.0, VAM2+ Version: 1.0, VSA Version: 1.0, C7200-JC-PA Version: 1.0, 7301 Version: 2.0; Firmware Version: 12.4(11)T1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2007;
12/18/2007;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #91 and #173); HMAC (Certs. #39 and #203); RNG (Certs. #83, #266 and #267); SHS (Certs. #258, #500, #556 and #557); Triple-DES (Certs. #204 and #275)

-Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; RSA (non-compliant); AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant)

Multi-chip standalone

"Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
876 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196-1078
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

KVL 3000 Plus
(Hardware Version: P/N CLN7493D Version 8; Firmware Version: R3.52.42)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2007 Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); SHS (Cert. #335); RNG (Cert. #121)

-Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR)

Multi-chip standalone

"The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
875 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Version: 5.2.3790.3959)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/30/2007;
12/18/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

-Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; RC2; RC4

Multi-chip standalone

"The Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) is a FIPS 140-2 compliant, software-based, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, DSA and Diffie-Hellman) in a cryptographic module accessible via the Microsoft CryptoAPI (CAPI)."
874 3e Technologies International, Inc.
9715 Key West Avenue
5th Floor
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

-Chris Guo
TEL: 301-944-1294
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e Cryptographic Kernel Library
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/30/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #640); HMAC (Cert. #329); SHS (Cert. #675); Triple-DES (Cert. #593)

-Other algorithms:

Multi-chip standalone

"The Cryptographic Kernel Library (CKL) is a software module that implements a set of cryptographic algorithms for use by a software application. The 3eTI CKL is a binary dynamic link library that is compiled from source code written in C, C++. This binary library resides in Windows kernel space."
873 Rockwell Collins, Inc.
400 Collins Road NE
Cedar Rapids, IA 52498
USA

-Jack Edington
TEL: 319-295-5997

-Robert Shreve
TEL: 319-295-2611

CST Lab: NVLAP 200002-0

Common Crypto Circuit Card Assembly
(Hardware Version: 944-2541-004; Software Version: 091-3186-006)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2007 Overall Level: 1 

-Physical Security: Level 2
-EMI/EMC: Level 2
-Design Assurance: Level 2

-FIPS-approved algorithms: AES (Cert. #169)

-Other algorithms: Serpent; Twofish; Triple-DES (non-compliant)

Multi-chip embedded

"The Common Crypto Circuit Card Assembly is a module designed for use in Link 16 communication platforms. The module can be used in an external cryptographic application or embedded in an internal application. The module hosts four commercial cryptographic algorithms for data encryption/decryption. The algorithms are stored in memory. One of the four algorithms is selected for use and loaded. The module accepts up to eight keys which are externally generated and loaded. The AES algorithm operates in a FIPS-approved mode."
872 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

PIX 525 and PIX 535
(Hardware Versions: 525 and 535; Firmware Version: 7.2.2.18)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/27/2007;
05/28/2010;
02/23/2012
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-FIPS-approved algorithms: AES (Certs. #209 and #536); HMAC (Certs. #15 and #283); RNG (Cert. #309); RSA (Certs. #107 and #242); SHS (Certs. #285 and #606); Triple-DES (Certs. #298 and #538)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
871 Cavium Networks
805 East Middlefield Road
Mountain View, CA 94043
USA

-Mike Scruggs
TEL: 650-623-7000

CST Lab: NVLAP 200427-0

Nitrox XL NFB FIPS Cryptographic Modules
(Hardware Versions: CN1120-VBD-03-0200, CN1010-VBD-03-0200 and CN1005-VBD-03-0200; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/27/2007 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed)

-Other algorithms: AES-MAC (Certs. #551 and #189; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength)

Multi-chip embedded

"The Nitrox XL NFB FIPS Cryptographic Module is a cryptographic module integrated into a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
870 Cavium Networks
805 East Middlefield Road
Mountain View, CA 94043
USA

-Mike Scruggs
TEL: 650-623-7000

CST Lab: NVLAP 200427-0

Nitrox XL NFB FIPS Cryptographic Modules
(Hardware Versions: CN1120-VBD-03-0200, CN1010-VBD-03-0200, and CN1005-VBD-03-0200; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/27/2007 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed)

-Other algorithms: AES-MAC (Certs. #551 and #189; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength)

Multi-chip embedded

"The Cavium Nitrox NFB Cryptographic Modules are a cryptographic component of the Nitrox PCI acceleration board that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
869 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS)
(Software Version: 5.2.3790.3959)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/27/2007;
12/18/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64, and IA64) (single user mode)

-FIPS-approved algorithms: HMAC (Cert. #287); RNG(Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

-Other algorithms: DES; HMAC-MD5

Multi-chip standalone

"Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-2 Level 1 compliant, general-purpose, software-based, cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-2 Level 1 compliant cryptography."
868 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH)
(Software Version: 5.2.3790.3959)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/19/2007;
12/18/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

-Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
867 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886-3-424-4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200017-0

HICOS PKI Smart Card Chip
(Hardware Version: HD65257C1; Software Versions: GINA Applet: 1.0, PKI Applet: 2.0, FISC II Applet: 1.2, and GSM Applet 1.0; Firmware Versions: HardMask: 2.0 and SoftMask: 3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/19/2007 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: RSA (Cert. #234); Triple-DES (Cert. #530); SHS (Cert. #594); RNG (Cert. #298); AES (Cert. #522); HMAC (Cert. #272); Triple-DES MAC (Triple-DES Cert. #530, vendor affirmed)

-Other algorithms: COMP-128; AES-MAC (AES Cert. #522; non-compliant)

Single-chip

"The HICOS PKI Smart Card Chip module is a single chip implementation of a cryptographic module. The HICOS PKI Smart Card Chip module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HICOS PKI Smart Card Chip cryptographic module contains an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart card chips."
866 3e Technologies International, Inc.
9715 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-527A3 AirGuard™ Wireless Access Point, 3e-527A3 AirGuard™ Wireless Access Point with Outdoor Option and 3e-527A3MP AirGuard™ Wireless Access Point with Mobile Power
(Hardware Versions: 1.1, 1.1 and 1.1; Firmware Version: 4.0.10.23)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/27/2007 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #627); HMAC (Cert. #325); RNG (Cert. #359); SHS (Cert. #669); Triple-DES (Cert. #589)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; DES; AES CFB (non-compliant)

Multi-chip standalone

"The 3e-527A3 is a device that consists of electronic hardware, firmware, and a strong metal case. For purposes of FIPS 140-2, the module is considered to be a multi-chip standalone product. The 3e-527A3 operates as either a gateway connecting a local area network to wide area network (WAN) or as an access point within a local area network."
865 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition (ME)
(Software Versions: 2.1.0.2 [1], 2.1.0.3 [2], 2.1.0.6 [3] and 2.1.0.7 [4])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/19/2007;
12/20/2007;
01/04/2008;
10/16/2008;
04/03/2009;
08/20/2010;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with [1]: AIX 5L v5.2 (32-bit PowerPC); AIX 5L v5.2 (64-bit PowerPC); AIX 5L v5.3 (32-bit PowerPC); AIX 5L v5.3 (64-bit PowerPC); HP-UX 11.11 PA-RISC 2.0 (32-bit); HP-UX 11.23 PA-RISC2.0W (64-bit); HP-UX 11.23 Itanium 2 (32-bit); HP-UX 11.23 Itanium 2 (64-bit); Red Hat Enterprise Linux AS 4.0 (32-bit x86); Red Hat Enterprise Linux AS 4.0 (64-bit x86_64); Solaris 10 (32-bit SPARC v8); Solaris 10 (32-bit SPARC v8+); Solaris 10 (64-bit SPARC v9); Solaris 10 (64-bit x86_64); SuSE Linux Enterprise Server 9.0 (32-bit x86); SuSE Linux Enterprise Server 9.0 (64-bit x86_64); VxWorks 5.4 (PPC 604); VxWorks 5.5 (PPC 603); VxWorks 5.5 (PPC 604); VxWorks General Purpose Platform 6.0 (PPC 604); Windows Mobile 2003; Windows Mobile 2003 Phone Edition; Windows Mobile 5.0; Windows Mobile 5.0 Phone Edition; Windows 2003 Server SP1 (32-bit x86 - VS8.0 build); Windows 2003 Server SP1 (64-bit x86_64); Windows 2003 Server SP1 (Itanium 2). Tested as meeting Level 1 with [1] and [2]: Windows 2003 SP1 (32-bit x86 - VS6.0 build). Tested as meeting Level 1 with [3] Windows Vista Ultimate (32-bit x86). Tested as meeting Level 1 with [4] Red Hat Enterprise Linux v5 (64-bit IBM PowerPC Power3) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #644 [1], #673 [2] #1031 [3] and #1406 [4]); DSA (Certs. #242 [1], #254 [2], #348 [3] and #454 [4]); ECDSA (Certs. #68 [1], #74 [2], #124 [3] and #178 [4]); HMAC (Certs. #333 [1], #357 [2], #578 [3] and #827 [4]); RNG (Certs. #367 [1], #392 [2], #586 [3], #771 [4] and vendor affirmed: SP 800-90); RSA (Certs. #295 [1], #314[ 2], #493 [3] and #683 [4]); SHS (Certs. #679 [1], #706 [2], #984 [3] and #1276 [4]); Triple-DES (Certs. #596 [1], #618 [2], #788 [3] and #959 [4])

-Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES (non-compliant); RSA (key wrapping; key establishment methodology provides at least 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides at least 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 285 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
864 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

Key Management Facility Crypto Card (KMF CC)
(Hardware P/N T6722A Versions CLN7612B and CLN8306C; Firmware Version: R01.09)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/13/2007;
02/10/2011
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); RNG (Cert. #121); SHS (Cert. #335)

-Other algorithms: DES; DES-XL; DVI-XL; DVP-XL; DES MAC; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR); HCA; LFSR; NDRNG

Multi-chip embedded

"The KMF CC provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola's Key Management Facility (KMF). The KMF and KMF CC combine to provide these cryptographic services for Motorola's APCO-25 compliant Astro radio systems."
863

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/16/2007;
12/07/2007;
03/07/2008;
02/17/2012
Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

862

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/07/2007 Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

861 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Shaun Lee
TEL: +44 1189 243860

CST Lab: NVLAP 200583-0

Oracle Cryptographic Libraries for SSL
(Software Version: 10g (10.1.0.5))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/18/2007 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Sun Solaris 8.0 with Admin Suite 3.0.1 on Sun Ultra 60 Server

-FIPS-approved algorithms: Triple-DES (Cert. #573); AES (Cert. #608); SHS (Cert. #657); HMAC (Cert. #314); RSA (Cert. #281); RNG (Cert. #347)

-Other algorithms: RC4; RSA-MD5 (PKCS#1); HMAC-MD5; RSA (PKCS#5); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The Oracle Cryptographic Libraries for SSL 10g (10.1.5) is a generic module used by the Oracle Corporation in a variety of its application suites. The module is used to provide support to cryptography, authentication, PKCS and certificate management for applications like the Oracle database server (Server and Client), Oracle Applications Server, Oracle Internet Directory, Web Cache and Apache. It provides a rich set of functionality and uses PKCS wallet structures for managing identities and trustpoints."
860 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

Digital Interface Unit Crypto Module (DIU CM)
(Hardware Version: T6721A, Version CLN7611C; Firmware Versions: R82.01.02, R82.01.03 and R82.01.05)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/06/2007 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82; vendor affirmed); AES (Cert. #2); RNG (Cert. #121); SHS (Cert. #335)

-Other algorithms: DES; DES-XL; DVI-XL; DVP-XL; HCA; ADP; LFSR; NDRNG; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The DIU CM provides secure voice and Over-the-Air-Rekeying (OTAR) advanced key management for Motorola's Digital Interface Unit (DIU). The DIU and DIU CM combine to provide these cryptographic services for Motorola's APCO-25 compliant family of console and base station radio infrastructure equipment."
859 VMware, Inc.
3145 Porter Drive
Palo Alto, CA 94304
USA

-Eric Masyk
TEL: 650-798-5820
FAX: 650-475-5001

CST Lab: NVLAP 200427-0

ACE Encryption Engine
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/06/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional with SP2; Microsoft Windows Vista Ultimate (single-user mode)

-FIPS-approved algorithms: AES (Certs. #533 and #534); DSA (Cert. #220); HMAC (Certs. #280 and #281); RNG (Certs. #306 and #307); RSA (Cert. #241); SHS (Certs. #603 and #604); Triple-DES (Cert. #536)

-Other algorithms: Diffie-Hellman (key agreement; not allowed in FIPS mode); DSA signature generation (non-compliant); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (sign/verify 512 bits; non-compliant)

Multi-chip standalone

"The ACE Encryption Engine allows virtual machines to be encapsulated into files which can be saved, copied, and provisioned. VMware Software Cryptographic Implementation is the kernel implementation that enables the VMware ACE application to perform its cryptographic functions such as hashing, encryption, digital signing, etc."
858 Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

Radio Network Controller Encryption Module Controller (RNC EMC)
(Hardware Version: T7289A; Firmware Version: R03.04.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/06/2007 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #530)

-Other algorithms: AES MAC (AES Cert. #530; vendor affirmed; P25 AES OTAR); DES; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ANSI X9.17 DRNG; 64 bit LFSR

Multi-chip standalone

"The RNC 3000 provides data communications between mobile data and host applications in an ASTRO integrated voice and data system. The RNC Encryption Module Controller provides data encryption services for the RNC 3000."
857 Tumbleweed Communications Corp.
700 Saginaw Drive
Redwood City, CA 94063
USA

-Stefan Kotes
TEL: 650-216-2082
FAX: 650-216-2565

CST Lab: NVLAP 100432-0

Tumbleweed Security Kernel
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/26/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2003 Server SP2; SuSE Linux 9 Enterprise Server SP3; Windows XP SP2; SunOS 5.10; IBM AIX 5.2.0.0 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #524 and #543); Triple-DES (Certs. #531 and #540); RSA (Certs. #237 and #244); ECDSA (Certs. #54 and #56); SHS (Certs. #597 and #608); RNG (Certs. #300 and #311); HMAC (Certs. #275 and #285)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The Tumbleweed Security Kernel is a software module implemented as two dynamic libraries that provide all security functionalities for several products of Tumbleweed Communications Corp., including Validation Authority, SecureTransport, and MailGate."
856 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module V2.2
(Hardware Version: VBD-03-0100; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/26/2007;
11/20/2009
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #510 and #551); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #520 and #547); Triple-DES MAC (Triple-DES Certs. #520 and #547, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
855 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module for Luna® IS
(Hardware Version: VBD-03-0100; Firmware Version: 5.1.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/26/2007 Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #510 and #511); Triple-DES (Certs. #520 and #521); DSA (Cert. #211); RSA (Cert. #224); ECDSA (Cert. #52); SHS (Cert. #581); HMAC (Cert. #263); Triple-DES MAC (Triple-DES Certs. #520 and #521, vendor affirmed); RNG (Cert. 288)

-Other algorithms: AES MAC (AES Certs. #510 and #511; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip embedded

"The Luna® PCI for Luna ® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
854 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module V2.2
(Hardware Version: VBD-03-0100; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/26/2007;
11/20/2009
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #510 and #551); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #520 and #547); Triple-DES MAC (Triple-DES Certs. #520 and #547, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curve Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
853 Aladdin Knowledge Systems, Ltd.
35 Efal St.
Kiryat Arye, Petach Tikva 49511
Israel

-Yaniv Shor
TEL: +972.(0)3.978.1342
FAX: +972.(0)3.978.1010

CST Lab: NVLAP 200556-0

eToken PRO HD
(Hardware Version: (32K and 64K) 4.28; Firmware Version: 2.7 on CardOS 4.2B)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/24/2007 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #555); Triple-DES MAC (Cert. #555, vendor affirmed); SHS (Cert. #627); RSA (Cert. #256); RNG (Cert. #325)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The eToken product offering provides a robust and flexible framework for integration with many of today's leading security solutions, providing a solution for strong authentication and password management needs. The eToken provides a complete set of easy-to-use password management applications that enable the user to securely store and manage all of their logon credentials on a single eToken device. They no longer need to remember numerous passwords for all of their applications and accounts - just the single eToken password."
852 Aladdin Knowledge Systems, Ltd.
35 Efal St.
Kiryat Arye, Petach Tikva 49511
Israel

-Yaniv Shor
TEL: +972-(0)3-978-1342
FAX: +972-(0)3-978-1010

CST Lab: NVLAP 200556-0

eToken PRO, eToken NG-OTP and eToken NG-FLASH (128 MB, 512 MB and 1 GB)
(Hardware Versions: PRO (32K and 64K) 4.28, NG-OTP (32K and 64K) 2.25, NG-FLASH (32K) 4.27; Firmware Version: 2.7 on CardOS 4.2B)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/24/2007 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #555); Triple-DES MAC (Cert. #555, vendor affirmed); SHS (Cert. #627); RSA (Cert. #256); RNG (Cert. #325)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The eToken product offering provides a robust and flexible framework for integration with many of today's leading security solutions, providing a solution for strong authentication and password management needs. The eToken provides a complete set of easy-to-use password management applications that enable the user to securely store and manage all of their logon credentials on a single eToken device. They no longer need to remember numerous passwords for all of their applications and accounts - just the single eToken password."
851 QUALCOMM Inc.
5775 Morehouse Drive
San Diego, CA 92121
USA

-QGOV Sales & Marketing
TEL: 877-461-4411

CST Lab: NVLAP 200017-0

Cryptographic Extension for BREW® Cryptographic Engine
(Software Version: 2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/24/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with LG Firmware OS T98VZV05 with BREW 3.1 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #488); AES (Cert. #473); SHS (Cert.#541); HMAC (Cert. #230); RNG (Cert. #256); DSA (Cert. #194); ECDSA (Cert. #42); RSA (Cert. #194)

-Other algorithms: DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ARC4; MD2; MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"QUALCOMMs Binary Runtime Environment for Wireless (BREW®) provides an integrated platform for developing, selling, and distributing wireless applications. The Cryptographic Extension for BREW® is a general-purpose, software-based cryptographic module packaged as a BREW® extension that can be invoked by BREW® applications to permit FIPS 140-2 Level 1 validated general-purpose cryptography."
850 Doremi Cinema LLC
1020 Chestnut Street
Burbank, CA 91506
USA

-Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

-Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 100432-0

Dolphin Board
(Hardware Version: P/N Version DOLPHIN-DCI-F; Firmware Versions: 22.00-0 and 22.00-1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007;
10/29/2007;
11/12/2008;
11/13/2008
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #521 and #532); HMAC (Cert. #271); SHS (Cert. #593); RNG (Certs. #297 and #326)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of strength)

Multi-chip standalone

"The Dolphin Board is a PCI-card that provides a standard definition/high definition serial digital interface. This is the Doremi decoder card that contains the JPEG-2000 decoder hardware and BNC serial digital interface connectors used in the Doremi DCP-2000 Digital Cinema Server. The Dolphin Board utilizes a dual-link encoded serial digital interface for output of DCIcompliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e., trailers, advertisements, etc.)."
849 Comtech Mobile Datacom Corporation
20430 Century Blvd.
Gaithersburg, MD 20874
USA

-John Fossaceca
TEL: 240-686-2146
FAX: 240-686-3301

-Bill Vaughan
TEL: 240-686-3300
FAX: 240-686-3301

CST Lab: NVLAP 200427-0

MTM-203 Satellite Mobile Transceiver
(Hardware Version: P/N CMDC-203-X0GA1, Revision A2; Firmware Version: C.3.6.T)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/18/2007;
04/29/2008
Overall Level: 2 

-FIPS-approved algorithms: HMAC (Cert. #245); RNG (Cert. #271); SHS (Cert. #561); Triple-DES (Cert. #502)

-Other algorithms: DES

Multi-chip standalone

"CMDC's MTM-203 is a small, low power L-Band satellite transceiver for power, weight and space-restrictive applications. The MTM-203 is designed for easy integration into systems that benefit from secure, near real-time, over-the-horizon communications. The MTM-203 is based on battlefield proven technology that enables many new applications, such as handheld and covert devices. The module provides messaging connectivity worldwide with other mobile and terrestrial connected users of CMDC's proprietary network. CMDC's products operate on a variety of satellite providers without reconfiguration."
848 NetApp
495 East Java Drive
Sunnyvale, CA 94089
USA

-Ajay Singh
TEL: 408-822-9000
FAX: 408-822-4501

CST Lab: NVLAP 100432-0

Decru DataFort SCSI SEP v1.0
(Hardware Version: P/N 60-000343/A; Software Version: 27.8; Firmware Version: dccp_2_2_8_secure)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007;
02/23/2009
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511)

-Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2

Multi-chip embedded

"Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
847 NetApp
495 East Java Drive
Sunnyvale, CA 94089
USA

-Ajay Singh
TEL: 408-822-6000
FAX: 408-822-4501

CST Lab: NVLAP 100432-0

Decru DataFort LKM SEP v1.0
(Hardware Version: P/N 60-000388/A; Software Versions: 40.3 and 40.4; Firmware Version: dccn_1_7_10_secure)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007;
12/18/2007;
02/23/2009
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #445 and #523); ECDSA (Cert. #53); HMAC (Certs. #273, #274 and #212); RNG (Cert. #299); SHS (Certs. #595, #596 and #511)

-Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2

Multi-chip embedded

"Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
846 NetApp
495 East Java Drive
Sunnyvale, CA 94089
USA

-Ajay Singh
TEL: 408-822-6000
FAX: 408-822-4501

CST Lab: NVLAP 100432-0

Decru DataFort NAS SEP v1.0
(Hardware Version: P/N 60-000340/A; Software Version: 26.10; Firmware Version: dccn_1_7_10_secure)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007;
02/23/2009
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511)

-Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2

Multi-chip embedded

"Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
845 Utimaco® Safeware AG
Hohemarkstrasse 22
Oberursel, Hessen D-61440
Germany

-US Corporate Headquarters
TEL: 508-543-1008
FAX: 508-543-1009

-Dr. Christian Tobias
TEL: +49-6171-88-1711
FAX: +49-6171-88-1933

CST Lab: NVLAP 200017-0

SafeGuard Cryptographic Engine
(Software Version: 5.00)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/18/2007 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2; Microsoft Windows Server 2003 SP1; Free-BSD Version 5.4 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #512 and #513); Triple-DES (Cert. #522); HMAC (Cert. #264); SHS (Certs. #582, #583 and #584); RNG (Cert. #289)

-Other algorithms: N/A

Multi-chip standalone

"SafeGuard Cryptographic Engine (SGCE) is a high-performance cryptographic library. It provides cryptographic services to the following products from the SafeGuard solutions: SafeGuard Enterprise, SafeGuard PrivateDisk, SafeGuard LAN Crypt and SafeGuard PrivateCrypto."
844 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Michael Poitner
TEL: 571-236-6942

CST Lab: NVLAP 200427-0

Sm@rtCafé Expert Embedded Security
(Hardware Version: HD65246C1A05BQBC; Firmware Versions: CH463JC_ITIGERRSA_V101 and CH463JC_ITIGERRSA_V102)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHS (Certs. #216 and #536); DSA (Cert. #102); RSA (Cert. #7); Triple-DES MAC (Cert. #239, vendor affirmed); RNG (Cert. #253)

-Other algorithms: DES; DES MAC

Single-chip

"Sm@rtCafé Expert Embedded Security was developed by G&D and constitutes a complete operating system for smart cards. Providing a complete set of International Organization for Standardization (ISO), Europay, MasterCard and Visa (EMV) and proprietary enhanced commands, the Sm@rtCafé Expert Embedded Security incorporates standards-based functionality along with its own optimized command set."
843 iDirect
13865 Sunrise Valley Drive
Herndon, VA 20171
USA

-Chris Burdick
TEL: 703-648-8000
FAX: 703-648-8014

CST Lab: NVLAP 200556-0

7350 iNFINITI Satellite Router [1], iConnex-700 [2], iConnex-100 [3], M1D1-T Universal Line Card [4] and 8350 iNFINITI Satellite Router [5]
(Hardware Versions: 9130-0062-0002 [1], 9101-2040-0201 [2], 9101-2040-0202 [3], 9101-0040-0008 [4] and 9000-0040-0013 [5]; Software Versions: iDS version 7.1.2 [1, 2, 3 and 4] and iDS version 7.1.3 [5])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/18/2007;
02/06/2008;
12/23/2008
Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #527 and #528); Triple-DES (Cert. # 534); SHS (Cert. #600); RNG (Cert. # 303); RSA (Cert. #238)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"An iDirect Time Division Multiple Access (TDMA) network is composed of a single outroute Single Channel Per Carrier (SCPC) and multiple inroute TDMA carriers. The iDirect TDMA network is optimized for satellite transmissions, squeezing the maximum performance out of the bandwidth provided by satellite links. The system is fully integrated with iDirectÆs Network Management System that provides configuration and monitoring functions. The iDirect network components consist of the Protocol Processor, Hub Line Card (also known as Universal Line Card), and the Ethernet switch with remote modem."
842 Dolby Laboratories, Inc.
100 Potrero Ave.
San Francisco, CA 94103
USA

-Matthew Robinson
TEL: 415-558-0200
FAX: 415-645-4000

CST Lab: NVLAP 100432-0

CAT904 Dolby® JPEG2000/MPEG2 Processor
(Hardware Version: P/N CAT904Z Versions FIPS_1.0, FIPS_1.0.1, FIPS_1.0.2 and FIPS_1.1; Firmware Version: 3.1.0.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007;
03/19/2008;
10/16/2008
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #519 and #520); SHS (Cert. #592); RNG (Cert. #296); HMAC (Cert. #270); RSA (Cert. #233)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The CAT904 Dolby® JPEG2000/MPEG2 processor performs all the cryptography, license management, and video decoding functions for the DSP100 Dolby Show Player, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality, outstanding reliability, and the highest level of security in the business. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets other key DCI specifications for security, data rate, and storage capacity."
841 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Mr. Greg Farmer
TEL: 434-455-9577

CST Lab: NVLAP 200002-0

P7170IP System Portable Two-Way FM Radios
(Hardware Versions: RU101219V22, RU101219V42, RU101219V52, RU101219V62, RU101219V72; Firmware Versions: [H8 version: J2R14B02; DSP version: F7R06A01] and [H8 versions: J2R15E05 and J2R16F01; DSP version: F7R06F03])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/21/2007;
04/29/2008;
03/06/2009
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #155 and #623)

-Other algorithms: DES; VGE (M/A-Com proprietary digital voice encryption algorithm), AES MAC (Cert. #623; vendor affirmed; P25 AES OTAR)

Multi-chip standalone

"The P7170IP is M/A COM's premier portable radio for critical communications. Guided by customer feedback, M/A COM designed the P7170IP to excel in the challenging environments that critical communications users encounter. The P7170IP provides a superior combination of features, functions, and physical attributes. It is light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the P7170IP provides exceptional performance even under adverse conditions."
840 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Mr. Greg Farmer
TEL: 434-455-9577

CST Lab: NVLAP 200002-0

P7130IP Select, P7150IP Scan Portable and M7100IP Mobile Two-Way FM Radio
(Hardware Versions: RU101188V1, RU101188V12, RU101188V22, RU101188V231, RU101188V21, KRY1011632/13, KRY1011632/11, RU101219V21, RU101219V61, RU101219V41, RU101219V71, RU101219V51, RU101219V73, RU101219V63; Firmware Versions: [H8 version: J2R14B02; DSP version: F7R06A01] and [H8 versions: J2R15E05 and J2R16F01; DSP version: F7R06F03])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/21/2007;
04/29/2008;
03/06/2009
Overall Level: 1 

-FIPS-approved algorithms: AES (Certs. #155 and #623)

-Other algorithms: DES; VGE (M/A-Com proprietary digital voice encryption algorithm), AES MAC (Cert. #623; vendor affirmed; P25 AES OTAR)

Multi-chip standalone

"P7130IP Select, P7150IP Scan Portable and M7100IP Mobile are M/A COM's premier radios for critical communications. Guided by customer feedback, M/A COM designed the P7130IP, P7150IP and M7100IP to excel in the challenging environments that critical communications users encounter. The radios provide a superior combination of features, functions, and physical attributes. They are light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the radios provide exceptional performance even under adverse conditions."
839 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: DS1955B PB6 - 6.00.02)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/21/2007;
10/29/2007
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185; vendor affirmed); RNG (Cert. #86)

-Other algorithms: RSA (non-compliant)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
838 Mitsubishi Electric Corporation Kamakura Works
325 Kamimachiya
Kamakura, Kanagawa 247-8520
Japan

-Masanori Sato
TEL: +81-467-41-6717
FAX: +81-467-41-6975

-Daizoh Funamoto
TEL: +81-467-41-6116
FAX: +81-467-41-6951

CST Lab: NVLAP 200017-0

Command Encryption Module
(Firmware Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 09/11/2007 Overall Level: 2 

-EMI/EMC: Level 3

-Operational Environment: Tested: as meeting Level 1 with HP Compaq DC 5100 Running Microsoft Windows 2000 SP4 and Zone Labs ZoneAlarm Pro Firewall version 6.1

-FIPS-approved algorithms: Triple-DES (Cert. #504)

-Other algorithms: N/A

Multi-chip standalone

"Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
837 MRV Communications
295 Foster St.
Littleton, MA 01460
USA

-Nicholas Minka

-Tim Bergeron

CST Lab: NVLAP 200427-0

LX-4000T and LX-8000S Series Console Servers
(Hardware Versions: 600-R3248 RevB, 600-R3249 RevB, 600-R3250 RevB, 600-R3251 RevB, 600-R3252 RevC, 600-R3253 RevC, 600-R3254 RevB, 600-R3255 RevB, 600-R3256 RevB, 600-R3257 RevB, 600-R3258 RevC, 600-R3259 RevC, and 600-R3265 RevA through 600-R3288 RevA (inclusive); Firmware Version: linuxito Version: 4.1.4 and ppciboot Version: 4.1.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/11/2007 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #348); DSA (Cert. #156); RNG (Cert. #166); RSA (Cert. #226); SHS (Cert. #423); Triple-DES (Cert. #408); HMAC (Cert. #151)

-Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 178 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 112 bits of encryption strength)

Multi-chip standalone

"The LX-4000T and LX-8000S Series Console Servers are a key component of MRV¦s Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization¦s networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV¦s Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access."
836 Thales e-Security
Meadow View House
Crendon Industrial Estate
Long Crendon
Aylesbury, Buckinghamshire HP18 9EQ
United Kingdom

-Tim Fox
TEL: +44 (0)1844 201800

CST Lab: NVLAP 200002-0

Secure Generic Sub-System (SGSS), Version 3.4
(Hardware Versions: 1213D130 Issue 6 [1], 1213H130 Issue 6B [1], 1213G130 Issue 6A [1] and 1213L130 Issue 6 [2]; Software Versions: 2.5.7 [1] and 2.5.14 [2])

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/11/2007;
09/25/2007;
12/23/2008
Overall Level: 3 

-FIPS-approved algorithms: DSA/SHS (Cert. #24)

-Other algorithms: N/A

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000, Datacryptor® Advanced Performance and Small Form Factor family (Link, Frame Relay, E1/T1, E3/T3, and IP models), WebSentry™ family, HSM 8000 family, P3™ CM family, 3D Security Module and the SafeSign® Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and SHA-1 hashing."
835 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna®PCM
(Hardware Versions: LTK-02-0301 and LTK-02-0501; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/05/2007 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #508); Triple-DES (Cert. #518); SHS (Cert #579); DSA (Cert #210); RSA (Cert #223); ECDSA (Cert #51); HMAC (Cert #261); Triple-DES MAC (Triple-DES Cert. #518, vendor affirmed); RNG (Cert #287)

-Other algorithms: DES; AES MAC (AES Cert. #508; non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
834 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Nokia VPN Appliance
(Hardware Versions: IP260, IP265, IP1220, and IP1260; Firmware Versions: IPSO v3.9 and Check Point VPN-1 NGX (R60) [HFA-03] and IPSO v4.1 and Check Point VPN-1 NGX (R60) [HFA-03])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/05/2007;
09/26/2007;
05/28/2009
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #442, #226 and #91); Triple-DES (Certs. #465, #466, #317 and #204); HMAC (Certs. #207, #208, #19 and #203); SHS (Certs. #508, #509, #291 and #500); DSA (Certs. #181 and #204); RSA (Certs. #166, #167 and #215); RNG (Certs. #229 and #201)

-Other algorithms: Cast; DES (Certs. #314 and #297); Triple-DES (K3 mode; non-compliant); MD5HMAC; MD5; Arcfour; Blowfish; Twofish; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
833 NetApp
495 East Java Drive
Sunnyvale, CA 94089
USA

-Ajay Singh
TEL: 408-822-6000
FAX: 408-822-4501

CST Lab: NVLAP 100432-0

Decru DataFort SAN SEP v2.0
(Hardware Versions: P/Ns 60-000191/A, 60-000337/A and 60-000337/B; Software Version: 27.8; Firmware Version: dcch2_4_2_10_secure)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/05/2007;
01/26/2009;
02/23/2009
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511)

-Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2

Multi-chip embedded

"Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
832 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® CA4
(Hardware Version: LTK-02-0501; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/05/2007 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #508); Triple-DES (Cert. #518); SHS (Cert. #579); DSA (Cert. #210); RSA (Cert. #223); ECDSA (Cert. #51); HMAC (Cert. #261); Triple-DES MAC (Triple-DES Cert. #518, vendor affirmed); RNG (Cert. #287)

-Other algorithms: DES; AES MAC (AES Cert. #508; non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
831 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Client
(Software Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 09/05/2007;
03/26/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP, Microsoft Windows 2000 (single user mode)

-FIPS-approved algorithms: AES (Certs. #427 and #437); Triple-DES (Certs. #457 and #463); SHS (Certs. #498, #505 and #573); RNG (Certs. #221 and #227); HMAC (Certs. #201, #205 and #256)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; MD5; RSA (non-compliant)

Multi-chip standalone

"The Fortress Secure Client identifies network devices and encrypts and decrypts traffic transmitted to and from those devices. A plug-and-play solution, the Client encrypts and decrypts communication across the network and protects the device against attacks without user intervention."
830 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166-9309
USA

-Michael Teal
TEL: 571-434-2000
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

CA100
(Software Version: 2.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/05/2007 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #340); SHS (Cert. #334); HMAC (Cert. #69); RNG (Cert. #92)

-Other algorithms: DES; DES MAC; MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"CA100 is a centrally managed software IPSec client with VPN and firewall functionality. Unlike traditional IPSec software clients that have both the software client and associated policy locally stored on the client's system, the Cryptek CA100 user policies are stored and dynamically downloaded from our manager, the Cryptek CC200."
829 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder FIPS Module for Palm OS 5
(Software Version: 2.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 09/05/2007;
03/06/2009
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Palm OS 5 (in single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #509); AES (Cert. #496); SHS (Cert. #566); HMAC (Cert. #250); RNG (Cert. #276); DSA (Cert. #203); RSA (Cert. #212)

-Other algorithms: DES; DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); ARC4; MD5; HMAC-MD5

Multi-chip standalone

"The Security Builder+ FIPS Module is a standards-based cryptographic toolkit that provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
828 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition (ME)
(Software Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/27/2007;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with AIX 5L v5.2 (32-bit PowerPC); AIX 5L v5.2 (64-bit PowerPC); AIX 5L v5.3 (32-bit PowerPC); AIX 5L v5.3 (64-bit PowerPC); HP-UX 11.11 PA-RISC 2.0 (32-bit); HP-UX 11.23 PA-RISC2.0W (64-bit); HP-UX 11.23 Itanium 2 (32-bit); HP-UX 11.23 Itanium 2 (64-bit); Red Hat Enterprise Linux AS 4.0 (32-bit x86); Red Hat Enterprise Linux AS 4.0 (64-bit x86_64); Solaris 10 (32-bit SPARC v8); Solaris 10 (32-bit SPARC v8+); Solaris 10 (64-bit SPARC v9); Solaris 10 (64-bit x86_64); SuSE Linux Enterprise Server 9.0 (32-bit x86); SuSE Linux Enterprise Server 9.0 (64-bit x86_64); VxWorks 5.4 (PPC 604); VxWorks 5.5 (PPC 603); VxWorks 5.5 (PPC 604); VxWorks General Purpose Platform 6.0 (PPC 604); Windows Mobile 2003; Windows Mobile 2003 SE; Windows Mobile 5.0 PocketPC; Windows Mobile 5.0 PocketPC Phone Edition; Windows 2003 Server SP1 (32-bit x86 - VS8.0 build); Windows 2003 SP1 (32-bit x86 - VS6.0 build); Windows 2003 Server SP1 (64-bit x86_64); Windows 2003 Server SP1 (Itanium 2) (in single-user mode)

-FIPS-approved algorithms: AES (Cert. #490); DSA (Cert. #199); ECDSA (Cert. #47); HMAC (Cert. #244); RNG (Cert. #270); RSA (Cert. #203); SHS (Cert. #560); Triple-DES (Cert. #501)

-Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECDRBG (non-compliant); RSA (key wrapping; key establishment methodology provides at least 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides at least 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 285 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
827 Research in Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry® Cryptographic Kernel
(Firmware Versions: 3.8.4.34 and 3.8.4.47)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 08/27/2007 Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 8700c with BlackBerry OS Version 4.2

-FIPS-approved algorithms: Triple-DES (Cert. #474); AES (Cert. #457); SHS (Cert. #521); HMAC (Cert. #217); RSA (Cert. #175); RNG (Cert. #242); ECDSA (Cert. #38)

-Other algorithms: EC Diffie-Hellman; ECMQV

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
826 Giritech
Herstedøstervej 27-29 C2
2620 Albertslund, Denmark

-Lars S. Christensen
TEL: +45 30 763 652
FAX: +45 43 47 54 87

CST Lab: NVLAP 200427-0

Cryptographic Support Library CryptFacility
(Software Version: 1.0.485)

(When operated in FIPS mode. This module contains the embedded module Crypto++ validated to FIPS 140-2 under Cert. #562 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/27/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional (in single-user mode)

-FIPS-approved algorithms: AES (Cert. #216); Triple-DES (Cert. #309); Skipjack (Cert. #14); ECDSA (Cert. #5); DSA (Cert. #79); SHS (Cert. #134); HMAC (Cert. #26); RNG (Cert. #61)

-Other algorithms: N/A

Multi-chip standalone

"The Girtech Cryptographic Support Library CryptFacility is a library implemented in the Giritech G/ON product line that performs all of its cryptographic functionality using a FIPS 140-2 validated library called Crypto++ (Cert #562)."
825 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Kevin Michelizzi
TEL: 425-707-1227
FAX: 425-936-7329

-Chien-Her Chin
TEL: 425-706-5116
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Microsoft Windows CE and Windows Mobile Enhanded Cryptographic Provider 6.00.1937 and Microsoft Windows Embedded Compact Enhanced Cryptographic Provider 7.00.1687
(Software Version: 6.00.1937 [1] and 7.00.1687 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/27/2007;
11/26/2007;
02/21/2008;
01/16/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows CE 6.0 [1], Microsoft Windows CE 6.0 R2 [1] and Microsoft Windows Embedded Compact 7 [2] (single user mode)

-FIPS-approved algorithms: AES (Cert. #516 [1] and #2024 [2]); HMAC (Cert. #267 [1] and #1227 [2]); RNG (Cert. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Cert. #589 [1] and # 1774 [2]); Triple-DES (Cert. #526 [1] and #1308 [2])

-Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES

Multi-chip standalone

"Microsoft Windows Embedded Compact Enhanced Cryptographic Provider 7.00.1687 and the Microsoft Windows CE and Windows Mobile Enhanced Cryptographic Provider 6.00.1937 (RSAENH) are general-purpose, software-based, cryptographic modules for Windows Embedded Compact. Like cryptographic providers that ship with Microsoft Windows Embedded Compact, RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose cryptography. RSAENH meets the Level 1 FIPS 140-2 Validation requirements."
824 Hummingbird Connectivity, a Division of Open Text Corporation
38 Leek Crescent
Richmond Hill, Ontario L4B 4N8
Canada

-Xavier Chaillot
TEL: 514-281-5551 x261
FAX: 514-281-9958

CST Lab: NVLAP 200017-0

Hummingbird Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/27/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Pro with SP2 (single-user mode)

-FIPS-approved algorithms: RSA (Cert. #206); DSA (Cert. #201); Triple-DES (Cert. #505); AES (Cert. #492); HMAC (Cert. #247); SHS (Cert. #563); RNG (Cert. #273)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; Blowfish; CAST; RC2; RC4; RC5; ECC; MD2; MD4; MD5; MDC2; RIPEMD

Multi-chip standalone

"The Hummingbird Cryptographic Module is a library which provides encryption and decryption services to Hummingbird Connectivity software during SSL or SSH connections. The Hummingbird Cryptographic Module is used in Exceed, a windows-based X11 server, NFS Maestro, a suite of NFS clients and servers, HostExplorer, a desktop and web-based terminal emulation suite and Connectivity Secure Shell, an implementation of the Secure Shell 2 protocol. The Hummingbird Cryptographic Module is available from Hummingbird Connectivity, a division of Open Text Corporation."
823 SafeNet, Inc.
4690 Millenium Drive
Belcamp, MD 21017
USA

-Hazem Hassan
TEL: 952-223-3139

-Wayne Whitlock
TEL: 443-327-1489

CST Lab: NVLAP 200427-0

Model 400 Smart Card
(Hardware Version: P5CT072EV7/TOPBC150 Version 1.0; Firmware Version: 3.0, EXFs: PIV application executable Version 19)

(PIV Card Application: Cert. #6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/22/2007 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #455); Triple-DES (Cert. #472); SHS (Cert. #519); RSA (Cert. #174); RNG (Cert. #241)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DSA (non-compliant)

Single-chip

"SCCOS is a state-of-the-art operating system that offers wide range of authentication services together with the highest levels of security. It offers powerful implementaions for public and secret key encryption supporting RSA, DSA, Diffie-Hellman, SHA-1, Triple-DES, and AES."
822 VIACK Corporation
16701 NE 80th St.
Suite 100
Redmond, WA 98052
USA

-Peter Eng
TEL: 425-605-7400
FAX: 425-605-7405

CST Lab: NVLAP 100432-0

VIA3 VkCrypt Cryptographic Module
(Software Versions: 4.2 and 6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/17/2007;
03/07/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #478); RNG (Cert. #258); RSA (Cert. #195); SHS (Cert. #546); HMAC (Cert. #235)

-Other algorithms: RC2; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The VIA3 VkCrypt Cryptographic Module is a software cryptographic module that implements symmetric and public key encryption, digital signatures, and hashing. VIA3 is a secure online collaboration solution integrating real-time audio and video, instant messaging, application sharing, and access to workspaces."
821 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

ASA 5510, ASA 5520 and ASA 5540
(Hardware Versions: 5510, 5520, and 5540; Firmware Versions: 7.2.2.18[1], 7.2.2.27[2], 7.2.4.18[3] and 7.2.4.30[3])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/17/2007;
06/23/2008;
03/06/2009;
05/18/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #105, #536[1], #789[2] and #1010[3]); HMAC (Certs. #125, #283[1], #432[2] and #567[3]); RNG (Certs. #144, #309[1], #454[2] and #570[3]); RSA (Certs. #106, #242[1], #376[2] and #485[3]); SHS (Certs. #196, #606[1], #790[2] and #968[3]); Triple-DES (Certs. #217, #538[1], #682[2] and #779[3])

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80-bits or 112-bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
820 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JCE Provider Module
(Software Version: 3.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/13/2007;
10/12/2007;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium 4 w/ Windows XP SP2 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Windows XP SP2 with Sun JDK 1.5; 32-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 64-bit SPARC v9 w/ Solaris 10 with Sun JDK 1.5; 32-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 64-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 32-bit x86 Intel Pentium 4 w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 32-bit x86 Intel Pentium 4 w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit x86_64 AMD Opteron w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 32-bit SPARC v8+ w/ Solaris 10 with Sun JDK 1.5 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #489); DSA (Cert. #198); HMAC (Cert. #243); RNG (Cert. #269); RSA (Cert. #202); SHS (Cert. #559); Triple-DES (Cert. #500)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 and SHA1; non-compliant, MD5); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
819 Wei Dai
13440 SE 24th Street
Bellevue, WA 98005
USA

-Wei Dai
TEL: 425-562-9677

-Donna Shaw
TEL: 978-720-2351

CST Lab: NVLAP 200002-0

Crypto++™ Library
(Software Version: 5.3.0 [32-bit and 64-bit])

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/13/2007;
08/17/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional with SP2 and Windows Server 2003 X64 with SP1 (single user mode)

-FIPS-approved algorithms: Skipjack (Cert. #17 ); Triple-DES (Cert. #512 ); AES (Cert. #499 ); SHS (Cert. #569 ); DSA (Cert. #206 ); RSA (Cert. #216 ); ECDSA (Cert. #49 ); HMAC (Cert. #253 ); RNG (Cert. #279 ); Triple-DES MAC (Cert #512 vendor afffirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. Both 32-bit and 64-bit variants of the dynamic link library (DLL) are FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
818 Arcot Systems, Inc.
455 West Maude Ave.
Suite 210
Sunnyvale, CA 94085-3517
USA

-Geoffrey Hird
TEL: 408-969-6100
FAX: 408-969-6290

CST Lab: NVLAP 200648-0

Arcot Core Security Module
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/10/2007;
10/16/2008;
12/03/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2; Microsoft Windows Server 2003 Service Pack 1 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #499); SHS (Cert. #558); HMAC (Cert. #242); RSA (Cert. #201); RNG (Cert. #268)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD2; MD4; MD5; RIPEMD-160

Multi-chip standalone

"The Arcot Core Security Module provides FIPS-certified cryptographic functionality to Arcot's authentication, encryption/decryption and digital signing products -- ArcotID "software smart card", Arcot WebFort Authentication Server, Arcot SignFort, and Arcot TransFort for 3-D Secure compliance."
817 RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

-Jim Spence
TEL: 785-856-1300
FAX: 785-856-1302

CST Lab: NVLAP 100432-0

DPHx Radio with LZA0577 or LZA0577/LZA0578 Cryptographic Module
(Hardware Versions: P/N DPHX5102X Versions 110504, 120104, 040805, 052005, 011606, 030206, 010507, 020707, 072007, 080407, 091207, 110507, 051308 and 091708; Firmware Versions: 722-05058-0000, 722-05059-0000, 722-05058-0001, 722-05059-0001, 722-05059-0002, 722-05059-0003, 722-05060-0000 and 722-05061-0000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/08/2007;
10/15/2007;
12/18/2007;
04/29/2008;
11/06/2008
Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #436); RSA (Cert. #31); SHS (Cert. #504)

-Other algorithms: DES

Multi-chip standalone

"The DPHx Radio with OTAR is a multi-chip standalone cryptographic module encased in an opaque commercial grade enclosure. As a secure radio, the primary purpose for this device is to provide encrypted digital communication."
816 Neopost Industrie
113, Rue Jean-Marin Naudin
Bagneux, 92220
France

-Jean-Frantois Le Pottier
TEL: +00 33 1 36 45 30 37
FAX: +00 33 1 36 45 3010

CST Lab: NVLAP 100432-0

N95i/255 Secure Metering Module (SMM)
(Hardware Version: 4127410K Version B; Firmware Versions: 4130379C Version E41 (SH1) and 4126898B Version A (SH2))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/08/2007;
08/29/2007
Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS-approved algorithms: DSA (Cert. #120); SHS (Cert. #41); RNG (Cert. #38); ECDSA (Cert. #12)

-Other algorithms: N/A

Multi-chip embedded

"The IJ40/50/60 are Neopost mid range of Franking products that incorporate the N95i secure metering module for producing highly secure franking impressions to meet USPS postal requirements. These products are connected to Neopost online services server for greater customer options including E-confirmation for mail tracking."
815 Red Hat®, Inc. and Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Glen Beasley
TEL: 800-555-9SUN

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200648-0

Network Security Services (NSS) Cryptographic Module
(Software Version: 3.11.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/08/2007;
12/07/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 4 x86; Microsoft Windows XP SP 2; 64-bit Solaris 10; HP-UX B.11.11 with HP-UX Strong Random Number Generator (KRNG11i) bundle; Mac OS X 10.4 (single user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #410 and #469); AES (Cert. #352); SHS (Cert. #426); HMAC (Cert. #152); RSA (Cert. #152); DSA (Cert. #172); ECDSA (Certs. #30 and #37); RNG (Cert. #208)

-Other algorithms: RC2; RC4; MD2; DES; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 201 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
814 Red Hat®, Inc. and Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Glen Beasley
TEL: 800-555-9SUN

-Wan-Teh Chang
TEL: 650-567-9039
FAX: 650-567-9041

CST Lab: NVLAP 200648-0

Network Security Services (NSS) Cryptographic Module
(Software Version: 3.11.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/27/2007 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Red Hat Enterprise Linux Version 4 Update 1 AS on IBM xSeries 336 with Intel Xeon CPU; Trusted Solaris 8 4/01 on Sun Blade 2500 Workstation with UltraSPARC IIIi CPU

-FIPS-approved algorithms: Triple-DES (Cert. #469); AES (Cert. #352); SHS (Cert. #426); HMAC (Cert. #152); RSA (Cert. #152); DSA (Cert. 172); ECDSA (Cert. #30); RNG (Cert. #208)

-Other algorithms: RC2; RC4; MD2; DES; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 201 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
813 Xceedium, Inc.
30 Montgomery St., Suite 1020
Jersey City, NJ 07302
USA

-Marjo F. Mercado
TEL: 201-536-1000 x121
FAX: 201-536-1200

CST Lab: NVLAP 200556-0

GateKeeper
(Hardware Version: 4a; Firmware Version: 4.0.0f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/07/2007 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: AES (Cert. #480); Triple-DES (Cert. #493); SHS (Cert. #549); HMAC (Cert. #236); RSA (Cert. #197); RNG (Cert. #260)

-Other algorithms: Diffie-Hellman (key agreement; key establishment method provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment method provides between 80 and 160 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DSA (non-compliant)

Multi-chip standalone

"Xceedium's GateKeeper is a hardened appliance that functions as a secure centralized management platform that enables IT operations to remotely manage data centers as one integrated system. A standardized security model can be developed to mitigate the risks of "untrusted" users; provide centralized access and policy, compartmentalize down to the port, define good and bad behavior, alert and restrict access to applications or commands. GateKeeper provides touch free support and includes all access methods and tools for in-band, out-of-band and power control."
812 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J Software Module
(Software Version: 3.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/07/2007;
10/12/2007;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium 4 w/ Windows XP SP2 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Windows XP SP2 with Sun JDK 1.5; 32-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 64-bit SPARC v9 w/ Solaris 10 with Sun JDK 1.5; 32-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 64-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 32-bit x86 Intel Pentium 4 w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 32-bit x86 Intel Pentium 4 w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit x86_64 AMD Opteron w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 32-bit SPARC v8+ w/ Solaris 10 with Sun JDK 1.5 (in single-user mode)

-FIPS-approved algorithms: AES (Cert. #487); DSA (Cert. #197); HMAC (Cert. #240); RNG (Cert. #264); RSA (Cert. #199); SHS (Cert. #553); Triple-DES (Cert. #497)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 and SHA1; non-compliant, MD5); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
811 Utimaco® Safeware AG
Germanusstrasse 4
Aachen, D-52080
Germany

-Rainer Herbertz
TEL: +49-241-1696-240
FAX: +49-241-1696-199

CST Lab: NVLAP 100432-0

CryptoServer CS
(Hardware Version: P/N CryptoServer CS, Version 2.0.2.0; Firmware Version: 2.0.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/31/2007 Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #492); Triple-DES MAC (Cert. #492, vendor affirmed); AES (Cert. #479); SHS (Cert. #547); RSA (Certs. #196 and #204); RNG (Cert. #259); ECDSA (Cert. #44)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); IDEA; Safer; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; MDC-2; RIPEMD-160; Retail-TDES MAC; AES MAC (Cert. #479; non-compliant); DES

Multi-chip embedded

"The CryptoServer CS is an encapsulated, highly tamper protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verifying of data, random number generation, on-board secure key generation, key storage, and further key management functionality."
810 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-1000A and FortiGate-3600
(Hardware Versions: FortiGate-1000A (build C4WA49); FortiGate-3600 (build C4KW75); Firmware Version: FortiOS 3.00, build 8317, 061121)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/31/2007;
02/21/2008
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #486, #487, #489 and #490); RNG (Cert. #251); AES (Certs. #471, #472, #475 and #476); SHS (Certs. #539, #540, #543 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229, #232 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
809 AirMagnet, Inc.
1325 Chesapeake Terrace
Sunnyvale, CA 94089
USA

-Tony Ho
TEL: 408-400-1255
FAX: 408-744-1250

CST Lab: NVLAP 200648-0

SmartEdge Sensor AM-5010-11-AG, AM-5012-11AG, A5020 and A5023
(Hardware Versions: AM-5010-11-AG, AM-5012-11AG, A5020 and A5023; Firmware Version: 7.5.0-6285)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/31/2007 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #331); Triple-DES (Cert. #395); SHS (Cert. #406); RSA (Cert. #111); RNG (Cert. #152); HMAC (Cert. #135)

-Other algorithms: RC4; RC2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); DES; Triple-DES (non-approved mode; non-compliant); AES (non-approved mode; non-compliant); IDEA; Blowfish; Twofish

Multi-chip standalone

"The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
808 CipherOptics Inc.
701 Corporate Center Drive
Raleigh, NC 27607
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200017-0

CipherOptics SG100 and CipherOptics SG1002
(Hardware Version: A; Firmware Version: 5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/31/2007;
06/14/2010
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #209); RNG (Cert. #274)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5; HMAC MD5; DES

Multi-chip embedded

"The CipherOptics SG100 and SG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
807 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-200A/200A-HD, 300A/300A-HD and 500A/500A-HD
(Hardware Versions: FortiGate-200A/200A-HD, FortiGate 300A/300A-HD, and FortiGate 500A/500A-HD; Firmware Version: FortiOS 3.00, build 8317, 061121)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/31/2007;
02/21/2008
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #486, #487, #489 and #490); RNG (Cert. #251); AES (Certs. #471, #472, #475 and #476); SHS (Certs. #539, #540, #543 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229, #232 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
806 Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196-1078
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

ASTRO Subscriber Universal Crypto Module (UCM)
(Hardware Versions: P/Ns 0104020J49, 0104020J50, 0104020J51, 0104024J43, 0104024J44, 0104024J45, 0104025J11, 0104025J12, 0104027J01, NNTN7097A, NTN9801B, NTN9738C, NNTN5032D, NNTN5032F, NNTN5032G, NNTN5032H, NNTN7427A; Firmware Versions: R05.05.02 and R05.05.03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/31/2007;
04/04/2008
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121)

-Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"Encryption modules used in Motorola Astro family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
805 NetWeave Integrated Solutions, Inc.
490 Rt 33 W
Millstone Twp, NJ 08535
USA

-Scott Uroff
TEL: 805-583-2874
FAX: 805-583-0124

-Ron Byer
TEL: 732-786-8830 x120
FAX: 732-786-8832

CST Lab: NVLAP 200427-0

NetWeave Distributed Services NSK/D30
(Software Version: 2.2v1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/26/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Guardian D39 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #505); DSA (Cert. #209); HMAC (Cert. #258); RNG (Cert. #284); RSA (Cert. #220); SHS (Cert. #576); Triple-DES (Cert. #515)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); HMAC MD5; IDEA; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"NetWeave Distributed Services (NWDS) is a heterogeneous middleware product that provides a broad base of cross-platform computing services built on a secure high-performance messaging core. While NWDS runs on a variety of platforms, HP systems, particularly the HP NonStopTM Kernel can be found at the core of many NWDS implementations. Specifically, the NWDS NSK/D30 implementation supports HP NSK D39 environments. In all environments, NWDS was standardized on the XYGATE® Encryption Software Development Kit by XYPRO® for its cryptographic services, performance, flexibility and platform coverage."
804 XYPRO® Technology Corporation
3325 Cochran Street, Suite 200
Simi Valley, CA 93063
USA

-Sheila Johnson
TEL: 805-583-2874
FAX: 805-583-0124

-Scott Uroff
TEL: 805-583-2874
FAX: 805-583-0124

CST Lab: NVLAP 200427-0

XYGATE® /ESDK
(Software Version: 2.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/26/2007:
08/17/2007;
11/26/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP with SP 2; HP-UX 11.11; Solaris 10; HP Nonstop Server G06; HP Nonstop Server H06 (in single user mode)

-FIPS-approved algorithms: AES (Cert. #505); DSA (Cert. #209); HMAC (Cert. #258); RNG (Cert. #284); RSA (Cert. #220); SHS (Cert. #576); Triple-DES (Cert. #515)

-Other algorithms: Blowfish; CAST-128; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ElGamal; HMAC MD5; HMAC RIPE-MD; IDEA; MD2; MD4; MD5; RC2; RC4; RC5; RIPE-MD; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Skipjack (non-compliant)

Multi-chip standalone

"The XYGATE Encryption Software Development Kit [XESDK] is a dynamically linked software library that supplies: symmetric key encryption including the approved AES and TripleDES; hashing algorithms including the approved SHA-1 and SHA-256; public key encryption including RSA; signature algorithms including the approved RSA and DSA; secure session protocols such as SSH, SSL and TLS; and e-mail protocols such as PGP and S/MIME."
803 KoolSpan, Inc.
4962 Fairmont Ave.
2nd Floor
Bethesda, MD 20814
USA

-Tony Fascenda
TEL: 240-880-4400

CST Lab: NVLAP 200416-0

SecurEdge Lock
(Hardware Version: LRF05123; Firmware Version: 3.1.1)

(This module contains the embedded module Axalto Cryptoflex e-Gate 32 smart card validated to FIPS 140-2 under Cert. #242 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/26/2007;
08/29/2007
Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #388); SHS (Cert. #464); Triple-DES (Cert. #97; key wrapping; key establishment methodology provides 80-bits of encryption strength); RNG (vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The KoolSpan Lock is a VHS-Cassette sized device that authenticates users and bridges their Ethernet traffic onto the network. It contains an embedded Smart Card and cryptographic processor. The case is tamper-resistant. Each Lock can support up to 512 simultaneous users each with 256-bit AES encryption. The Lock supports a "Keyless Exchange" and provides both Wi-Fi security and Remote Access (VPN) connections."
802 Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

-Mike McLaughlin, Corporate Triage/CRM Manager
TEL: 613-270-3788

-Entrust Sales
TEL: 888-690-2424

CST Lab: NVLAP 200017-0

Entrust Authority™ Security Toolkit 7.2 for the Java® Platform
(Software Version: 7.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 07/26/2007;
08/07/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Pro SP1 running Sun JRE 5.0 and Solaris 10 running Sun JRE 5.0 (Single-user mode)

-FIPS-approved algorithms: AES (Cert. #443); Triple-DES (Cert. #467); Triple-DES MAC (Cert. #467, vendor affirmed); DSA (Cert. #187); ECDSA, (Cert. #34); SHS (Cert. #510); HMAC (Cert. #209); RNG (Cert. #231); RSA (Cert. #168)

-Other algorithms: CAST128; CAST3; DES; IDEA; RC2; RC4; Rijndael; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); SPEKE; ElGamal; MD2; MD5; DES MAC; IDEA MAC; CAST128 MAC; HMAC-MD2; HMAC-MD5

Multi-chip standalone

"Entrust Authority™ Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet security architecture across multiple applications and platforms."
801 Secured User Inc.
11490 Commerce Park Drive
Suite 240
Reston, VA 20191
USA

-Ken Hetzer
TEL: 703-964-3164
FAX: 703-783-0446

-Bruce Mitchell
TEL: 703-964-3167
TEL: 647-477-7892
FAX: 647-477-5052

CST Lab: NVLAP 200697-0

SUSK Security Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/23/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single user mode)

-FIPS-approved algorithms: AES (Cert. #474); SHS (Cert. #542); HMAC (Cert. #231); RNG (Cert. #257)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The SUSK Security Module is a software-based cryptographic module. Secured User's product performs all of its work by transparently intercepting and transforming the data stream between entities. All of the cryptographic functionalities of the Secured User product are provided by the central shared library, SUSK Security Module. The cryptographic module offers Transport Layer Security (TLS) services along with bulk encryption and hashing services exclusively to Secured User application. This application is considered as host application to the module."
800 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-924-3406

CST Lab: NVLAP 100432-0

Cygnus X-2 Postal Security Device
(Hardware Versions: 1MEC BAC/BAE/BAF (Canada) and 1MES BAC/BAE/BAF (Canada Specimen))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/23/2007 Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS-approved algorithms: ECDSA (Cert. #48); DSA (Cert. #200); SHS (Cert. #562); Triple-DES (Cert. #503); Triple-DES MAC (Cert. #503, vendor affirmed); RNG (Cert. #272); HMAC (Cert. #246)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
799 Polycom, Inc.
4750 Willow Road
Pleasanton, CA 94588-2708
USA

-Robert V. Seiler
TEL: 978-292-5452
FAX: 928-292-5943

CST Lab: NVLAP 200427-0

VSX 7000e and VSX 8000
(Firmware Version: 8.5.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/23/2007 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #431); DSA (Cert. #178); RNG (Cert. #224); SHS (Cert. #501); Triple-DES (Cert. #460)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Polycom VSX products are state of the art video-conferencing nodes. These systems provide video-conferencing facilities using all the popular telecommunication protocols such as H.320 H.323, and Session Initiation Protocol (SIP) and include support of Integrated Services Digital Network (ISDN), Primary rate and Basic rate as well as serial interfaces for V.35, RS-499 and RS-530."
798 Polycom, Inc.
4750 Willow Road
Pleasanton, CA 94588-2708
USA

-Robert V. Seiler
TEL: 978-292-5452
FAX: 928-292-5943

CST Lab: NVLAP 200427-0

VSX 3000, VSX 5000, and VSX 7000s
(Firmware Version: 8.5.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/23/2007 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #431); DSA (Cert. #178); RNG (Cert. #224); SHS (Cert. #501); Triple-DES (Cert. #460)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Polycom VSX products are state of the art video-conferencing nodes. These systems provide video-conferencing facilities using all the popular telecommunication protocols such as H.320 H.323, and Session Initiation Protocol (SIP) and include support of Integrated Services Digital Network (ISDN), Primary rate and Basic rate as well as serial interfaces for V.35, RS-499 and RS-530."
797 Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

-Entrust Sales
TEL: 888-690-2424

CST Lab: NVLAP 200017-0

Entrust Security Kernel
(Software Version: 7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/03/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #495); AES (Cert. #484); DSA (Cert. #196); SHS (Cert. #551); RNG (Cert. #261); RSA (Cert. #198); HMAC (Cert. #238); ECDSA (Cert. #45)

-Other algorithms: DES; DES MAC; CAST; CAST3; CAST5; RC2; RC4; IDEA; MD2; MD5; RIPEMD-160; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 201 bits of encryption strength); PAKE; AES MAC (non-compliant); NIST 800-90 DRBG RNG (non-compliant)

Multi-chip standalone

"The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and the runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PCKS #11, is used as the internal interface to hardware-based cryptographic tokens."
796 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Security Controller (FC-X)
(Hardware Version: FC-X; Firmware Versions: 4.1.1, 4.1.3, 4.1.4, 4.1.5 and 4.1.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/02/2007;
11/26/2007;
04/04/2008;
05/09/2008;
01/26/2009;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #389 and #390); SHS (Cert. #465 and #538); RNG (Certs. #189 and #190); HMAC (Cert. #174)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; RSA (non-compliant); SHS (non-compliant; FPGA); HMAC (non-compliant; FPGA)

Multi-chip standalone

"The Fortress Security Controller (FC-X) is a high performance electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a custom built multiple processor hardware platform and deployable on any LAN or WAN, the Fortress Security Controller (FC-X) provides encryption, data integrity checking, authentication, access control, and data compression."
795 ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009
USA

-Ed Smith
TEL: 760-476-4995
FAX: 760-476-4703

CST Lab: NVLAP 100432-0

Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module
(Hardware Versions: P/N 1010162, Version 1, P/N 1010163, Version 1, P/N 1075559, Version 1 and P/N 1075560, Version 1; Firmware Version: 01.03.05)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/26/2007;
08/31/2007;
07/09/2008;
07/08/2009
Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #448, #449, #619 and #620); SHS (Cert. #800); HMAC (Cert. #441); ECDSA (Cert. #90); RNG (Cert. #461); KAS (SP 800-56A, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The ViaSat Enhanced Bandwidth Efficient Modem (EBEM-500) series Satcom Modem provides the latest in efficient modulation and coding for point-to-point Satcom connections. The EBEM-500 series offers embedded encryption, integrating the security functions into the modem to provide an integrated secure Satcom modem product. The EBEM-500 series is backward compatible with a wide range of legacy Satcom modems currently in use and supports the new improved efficiency modulation and coding. The EBEM-500 series supports user base-band data rates from 64 kbps up to 155.52 Mbps."
794 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress® Wireless Security Gateway
(Hardware Version: AF2100; Firmware Version: 2.5.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/02/2007;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62)

-Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; DES; RSA (non-compliant); ANSI X9.31 RNG (non-compliant); non-Approved RNG

Multi-chip standalone

"The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
793 Sagem Orga
Heinz-Nixdorf-Ring 1
33106 Paderborn, Germany

-Swantje Missfeldt
TEL: +49 52 51 88 90

CST Lab: NVLAP 100432-0

J-IDMark 64 Open
(Hardware Version: HW P/N 01016221; FW Versions: FFFFFFFF, 01016221, 02016247, 03016251)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/26/2007;
04/29/2008
Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: SHS (Cert. #525); RSA (Certs. #179 and #180); Triple-DES (Cert. #480); Triple-DES MAC (Cert. #480, vendor affirmed); AES (Cert. #459); RNG (Cert. #244)

-Other algorithms: N/A

Single-chip

"The J-IDMark 64 Open is a single chip cryptographic module, which combines an implementation of the latest Sun Java Card TM (Rev 2.2.1) [JCS] / Global Platform (Rev 2.1.1)[GP] specifications with a dual interface chip (with both ISO 7816 contact and ISO 14443 contactless protocols). The module meets the requirements to the FIPS 140-2, Level 4 for physical security, and to the Level 3 for other areas. The module loads and runs applets written in Java programming language. Additional features include biometric & PKI APIs in order to run "Match On Card" and cryptographic services properly."
792 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder® FIPS Java Module
(Software Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 06/26/2007;
07/20/2007;
10/12/2007;
03/06/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1, 1.4.2 and 1.5.0 running on Windows XP 32-bit; Windows XP 64-bit ; Red Hat Linux Application Server 3.0 32-bit; Red Hat Linux Application Server 4.0 64-bit ; Solaris 9 32-bit ; Solaris 9 64-bit; and Solaris 10 32-bit with 32 bit SPARC processor (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #485); AES (Cert. #469); SHS (Cert. #537); RSA (Cert. #191); HMAC (Cert. #227); RNG (Cert. #254); DSA (Cert. #193); ECDSA (Cert. #41)

-Other algorithms: ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC MQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip standalone

"The Security Builder® FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder® FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder® PKI and Security Builder® SSL."
791 Research in Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry® Cryptographic Kernel
(Firmware Versions: 3.8.4.27 and 3.8.4.28)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 06/21/2007;
06/21/2007
Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 8700c with BlackBerry OS Version 4.2

-FIPS-approved algorithms: Triple-DES (Cert. #474); AES (Cert. #457); SHS (Cert. #521); HMAC (Cert. #217); RSA (Cert. #175); RNG (Cert. #242); ECDSA (Cert. #38)

-Other algorithms: EC Diffie-Hellman; ECMQV

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry® ."
790 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

Oberthur ID-One Cosmo 64 v5.4 D
(Hardware Version: P/N 77; Firmware Versions: E910-066491, E910-065972, E910-066421)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/19/2007 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #425); Triple-DES (Certs. #454 and #455); Triple-DES MAC (Certs. #454 and #455, vendor affirmed); SHS (Cert. #496); RSA (Cert. #160); RNG (Cert. #219)

-Other algorithms: AES MAC (Cert. #425; non-compliant); ECDSA (Cert. #32; non-compliant)

Single-chip

"This single chip module offers a highly secure architecture with state of the art on board cryptographic services such as Triple DES (128 and 192), AES (up to 256 bits), RSA (up to 2048) with ANSI X9.31 on board key generation, SHA1 & SHA 256, ISO 9796, ISO 9797, PKCS#1.5, OAEP, OSS, etc. Additional features include fingerprint Match on Card (ISO 19794-2), Logical Channels and Delegated Management. The module supports Java Card 2.2.1 and Global Platform 2.1.1.A. It is available with up to three communication interfaces (ISO 7816, ISO 14443 & USB)."
789 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-5050
(Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Versions: FortiOS 3.00, build 8317, 061121)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/19/2007;
02/21/2008
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #486, #487 and #490); RNG (Cert. #251); AES (Certs. #471, #472 and #476); SHS (Certs. #539, #540 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
788 Neopost Industrie
113, rue Jean-Marin Naudin
Bagneaux, 92220
France

-Jerome Modolo
TEL: +33 1 45 36 34 02
FAX: +33 1 45 36 30 10

CST Lab: NVLAP 100432-0

IJ25 Secure Metering Module (SMM)
(Hardware Version: 4127925W A; Firmware Version: 4130171L K01)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/19/2007 Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS-approved algorithms: DSA (Cert. #149); ECDSA (Cert. #17); RNG (Cert. #142); SHS (Cert. #392); HMAC (Cert. #123)

-Other algorithms: N/A

Multi-chip embedded

"The module provides services to a small office postal meter. The system's features include hand postage printing using ink jet technology, weighing scale interface, internal modem for remote recrediting, memory card for slogan and rate loading."
787 Attachmate Corporation
1500 Dexter Avenue North
Seattle, WA 98109
USA

-Steve Poole
TEL: 206-217-7500
FAX: 206-217-7515

CST Lab: NVLAP 100432-0

Attachmate Security Component for Java
(Software Version: 1.32)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/21/2007;
04/29/2008
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Red Hat Linux 4 x 64 and Sun Java Runtime 1.5.0; Mac OS X 10.4.3 and Apple Java Runtime 1.5.0; Windows XP and Sun Java Runtime 1.5.0 (single user)

-FIPS-approved algorithms: Triple-DES (Cert. #449); AES (Cert. #419); DSA (Cert. #174); RNG (Cert. #213); RSA (Cert. #156); SHS (Cert. #488); HMAC (Cert. #193)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"Attachmate Security Component for Java provides SSL/TLS and cryptographic services for the Attachmate Reflection for the Web product. Reflection for the Web provides centrally managed terminal emulation within a web browser. This cross-platform, server-based solution connects users to applications on IBM, HP, Unix, and OpenVMS hosts, meeting host access needs while minimizing management costs, maximizing IT flexibility, and ensuring high-level security for administrative, terminal emulation, printer emulation, and file transfer operations."
786 L-3 Communications Linkabit
3033 Science Park Road
San Diego, CA 92121
USA

-Rick Roane
TEL: 858-597-9097
FAX: 858-552-9660

CST Lab: NVLAP 100432-0

MPM-1000
(Hardware Version: 119811-1; Firmware Version: 120435-03/119881-05)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/19/2007 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #439, #440 and #441); RNG (Cert. #228); DSA (Cert. #180); HMAC (Cert. #206); SHS (Cert. #507)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The MPM-1000 is a dual-use civilian/military modem used to transport IP data traffic over satellite communication links using a secure Multi-Frequency Time Division Multiple Access (MF-TDMA) protocol. The MPM-1000 also functions as a MIL-STD-165A modem for use in Single Channel Per Carrier (SCPC) Frequency Division Multiple Access (FDMA) satellite communications."
785 Siemens PLM Software Inc.
5800 Granite Parkway
Suite 600
Plano, TX 75024
USA

-Kevin White
TEL: 515-956-6849

CST Lab: NVLAP 200427-0

Teamcenter Cryptographic Module
(Software Version: 1.1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/14/2007;
04/09/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (x86), Solaris 8 (64-bit SPARC) and Solaris 10 (64-bit SPARC) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #410); DSA (Cert. #170); HMAC (Cert. #183); RNG (Cert. #204); RSA (Cert. #150); SHS (Cert. #477); Triple-DES (Cert. #443)

-Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"Teamcenter powers innovation and productivity by connecting people and processes with knowledge. Teamcenter is the de facto standard for PLM deployment, providing solutions to drive business performance goals. This includes the need to increase the yield of innovation, compress time-to-market, meet business and regulatory requirements, optimize operational resources and maximize globalization advantages. With this FCAP-FIPS certification status, Teamcenter now offers the best in class and highest levels of encryption to our security-conscious customers."
784 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200626-0

Reflex Magnetics Cryptographic Library
(Software Version: 1.0.0.61103)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/14/2007;
05/02/2008;
05/28/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP with SP2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #466); SHS (Cert. #534); RNG (Cert. #250); RSA (Cert. #188); HMAC (Cert. #225)

-Other algorithms: N/A

Multi-chip standalone

"The Reflex Magnetics Cryptographic Library v1.0 provides cryptographic support for the Check Point Software Technologies Ltd software products. The module is used to perform various cryptographic services including pseudo random number generation, and encryption/decryption using symmetric and asymmetric algorithms."
783 Global Relief Technologies, LLC.
40 Congress Street, Suite 300
Portsmouth, NH 03801
USA

-Chip Peter
TEL: 603-422-7333
FAX: 603-422-7331

CST Lab: NVLAP 200556-0

Rapid Data Management Software (RDMS)
(Software Version: 2.3.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/14/2007 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows© Mobile 5.0 (in single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #444); SHS (Cert. #478); HMAC (Cert. #184); RNG (Cert. #205)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Rapid Data Management Software (RDMS) is a software application developed by Global Relief Technologies (GRT) designed for installation on a Personal Digital Assistant (PDA) and cellular communications devices. The device is used during humanitarian and relief efforts in order to gather data and information quickly about the surrounding area to better decide where to allocate resources and what resources are needed."
782 Schweitzer Engineering Laboratories, Inc.
2545 NE Hopkins Court
Pullman, WA 99163-5603
USA

-Joe Casebolt
TEL: 509-336-2408
FAX: 509-336-2406

CST Lab: NVLAP 100432-0

SEL-3021 Serial Encrypting Transceiver
(Hardware Version: P/N SEL-3021 Versions (00016A10), (00016A10, ver. D) and (00006A10); Firmware Versions: SEL-3021-1-R101-V0-Z001001-D20070521, SEL-3021-1-R102-V0-Z001001-D20080505, SEL-3021-1-R103-V0-Z001001-D20081216, SEL-3021-1-R104-V0-Z001001-D20090319 and SEL-3021-1-R105-V0-Z001001-D20091120)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/14/2007;
06/20/2007;
05/20/2008;
01/26/2009;
03/30/2009;
12/08/2009;
11/16/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #447); DSA (Cert. #182); SHS (Cert. #512); HMAC (Cert. #213); RNG (Cert. #234)

-Other algorithms: N/A

Multi-chip standalone

"The SEL-3021 Serial Encrypting Transceiver is a bump-in-the-wire encryption device providing strong cryptographic security to new serial communications links and an easy and effective security solution for existing serial communications networks. It is for use on both point-to-point byte oriented communications links and multi-drop networks. The SEL-3021 has preset configuration settings for popular SCADA or PCS protocols like DNP and MODBUS common to PLCs and RTUs. The SEL-3021 also has support for standard MODEM communications."
781 ARX (Algorithmic Research)
10 Nevatim Street
Kiryat Matalon, Petach Tikva 49561
Israel

-Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0

PrivateServer
(Hardware Version: 4.0; Firmware Version: 4.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/14/2007 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #349); Triple-DES (Cert. #409); RSA (Cert. #118); SHS (Cert. #424); Triple-DES MAC (Cert. #409, vendor affirmed); RNG (Cert. #185)

-Other algorithms: DES; DES MAC; DES Stream; MD5; ISO9796; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The PrivateServer is a high-performance cryptographic service provider. The PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include DES, Triple-DES, AES, DES-MAC, Triple-DES-MAC, RSA, SHA-1, SHA-256, SHA-512, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities."
780 Gemalto
101 Park Drive
Montgomeryville, PA 18936-9618
USA

-Nick Hislop
TEL: 215-390-2805
FAX: 215-390-2915

-David Teo
TEL: 512-257-3895
FAX: 512-257-3881

CST Lab: NVLAP 200427-0

SafesITe Large Memory Dual Interface Open Platform card
(Hardware Version: A1002878; Firmware Version: HM 4v1, SM 1v1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/31/2007 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #463); Triple-DES (Cert. #479); SHS (Cert. #531); RSA (Cert. #183); Triple-DES MAC (Cert. #479, vendor affirmed); RNG (Cert. #248)

-Other algorithms: DES

Multi-chip embedded

"The SafesITe Large Memory Dual Interface Open Platform card provides powerful features that drive PKI applications, digital signature and access control. With a large data storage capacity and two communication interfaces (contact and contactless), the SafesITe smartcard serves as a highly portable credential for securing personal identity, fraud prevention and supporting issuers' e-services strategies"
779 ViaSat UK Ltd.
Sandford Lane
Wareham, Dorset BH20 4DY
United Kingdom

-Tim D. Stone
TEL: 01929 55 44 00
FAX: 01929 55 25 25

CST Lab: NVLAP 200556-0

FlagStone Core
(Hardware Versions: 1.0.1.1a, 1.0.1.2a, 1.0.1.3, 1.0.2.1a, 1.0.2.2a and 1.0.2.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/18/2007;
09/12/2007;
07/27/2011
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #403 and #630); RNG (Certs. #198 and #361)

-Other algorithms:

Multi-chip embedded

"The FlagStone Core is a multi-chip embedded cryptographic module used within the FlagStone Corporate and the FlagStone Freedom Drives. The FlagStone Core and subsequently the FlagStone Drives utilising the FlagStone Core provide access control and data encryption services to protect access to data stored on a HDD (Hard Disk Drive). All accessible sectors on a HDD connected to a FlagStone Core are encrypted."
778 Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Mehdi Bonyadi
TEL: 858-625-5163

-Gary Morton
TEL: 303-272-4738

CST Lab: NVLAP 200427-0

Sun Cryptographic Accelerator 6000
(Hardware Version: 375-3424, Revisions -02 and -03; Firmware Version: 1.0.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/18/2007 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #435); AES (Cert. #397); DSA (Cert. #92); SHS (Certs. #171 and #469); HMAC (Certs. #88 and #176); RSA (Cert. #142); RNG (Cert. #108)

-Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2

Multi-chip embedded

"The Sun Cryptographic Accelerator 6000 (SCA-6000) is a high performance hardware security module for Sun platforms (SPARC, x86, x64). It is a low-profile, short PCI-E (X8) card consisting of on-board cryptographic acceleration hardware and a secure cryptographic key store. SCA-6000 supports remote management functions. It has serial and USB ports for local administration. It enhances platform performance by off-loading compute intensive cryptographic calculations by accelerating both IPsec and SSL processing, and by performing many financial service functions. Supported on Linux and Solaris-10"
777 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 200556-0

Stealth MXP Passport
(Hardware Versions: 4.1 StealthMXP Passport 128MB, 4.1 StealthMXP Passport 256MB, 4.1 StealthMXP Passport 512MB, 4.1 StealthMXP Passport 1GB, 4.1 StealthMXP Passport 2GB, 4.1 StealthMXP Passport 4GB, 4.2 StealthMXP Passport 128MB, 4.2 StealthMXP Passport 256MB, 4.2 StealthMXP Passport 512MB, 4.2 StealthMXP Passport 1GB, 4.2 StealthMXP Passport 2GB, 4.2 StealthMXP Passport 4GB, 4.2 StealthMXP: Liquid Metal Passport 512MB, 4.2 StealthMXP: Liquid Metal Passport 1GB,4.2 StealthMXP: Liquid Metal Passport 2GB and 4.2 StealthMXP: Liquid Metal Passport 4GB with Version 2.3 of FPGA; Firmware Versions: 4.18, 4.19, 4.20 and 4.21 with Version 2.0 of Boot loader)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/18/2007;
08/07/2007;
09/25/2007;
11/06/2007;
12/20/2007;
01/28/2008;
06/23/2008;
05/31/2011;
04/24/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #416); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190)

-Other algorithms:

Multi-chip standalone

"Stealth MXP Passport is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
776 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure® Kernel Mode Cryptographic Driver™ for Linux
(Software Version: 1.1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/18/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux RH EL 4 (in single user mode)

-FIPS-approved algorithms: AES (Cert. #462); SHS (Cert. #529); HMAC (Cert. #223); RNG (Cert. #247)

-Other algorithms: DES; Triple-DES (Cert. #478; non-compliant); Blowfish; MD5; HMAC-MD5; RC2; RIPEMD-160; HMAC-RIPEMD-160

Multi-chip standalone

"The F-Secure« Cryptographic LibraryÖ is a family of software modules for a number of Windows and Unix platforms. The modules provide an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The modules are designed and implemented to meet the Level 1 requirements of FIPS publication 140-2 when running on a GPC under various popular versions of Windows and Unix operating systems."
775 IBM® Corporation
IBM/Tivoli
PO Box 3499
Australia Fair
Southport, Queensland 4215
Australia

-Mike Thomas
TEL: +61 7 5552 4030
FAX: +61 7 5571 0420

-Peter Waltenberg
TEL: +61 7 5552 4016
FAX: +61 7 5571 0420

CST Lab: NVLAP 200427-0

IBM® Crypto for C
(Software Version: 1.4.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/18/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SUN Solaris 9 (UltraSparc), HPUX 11i (PA-RISC 2.0), AIX 5.2 (PowerPC), RHEL v4 (IA-32, AMD64, PowerPC, zSeries), SLES 9.1 (IA-32, PowerPC, zSeries), SLES 9.0 (AMD64), Windows Server 2003 with SP1 (AMD64, IA-32) (single-user mode)

-FIPS-approved algorithms: AES (Certs. #426 and #468); Triple-DES (Certs. #456 and #484); SHS (Certs. #497 and #535); DSA (Certs. #177 and #192); RSA (Certs. #184 and #189); RNG (Certs. #220 and 252); HMAC (Certs. #200 and #226)

-Other algorithms: RC2; RC2-40; RC2-60; RC4; Blowfish; CAST; MD2; MD4; MD5; RIPEMD; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides a minimum of 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; RSA (encrypt/decrypt)

Multi-chip standalone

"The ICC is a C language implementation of cryptographic functions which uses the cryptographic library provided by the OpenSSL project. This enables IBM products to use an open source solution for cryptography and a FIPS 140-2 certified cryptographic provider."
774 Sagem Orga
Heinz-Nixdorf-Ring 1
33106 Paderborn, Germany

-Swantje Missfeldt
TEL: +49 52 51 88 90

CST Lab: NVLAP 100432-0

J-IDMark 64 PIV
(Hardware Version: P/N AT58803-H-AA; Firmware Version: 01016221/FFFFFFFF, PIV applet A0000002430015010100010601 V01)

(PIV Card Application: Cert. #8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/18/2007;
04/29/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: SHS (Cert. #525); RSA (Certs. #179 and #180); Triple-DES (Cert. #480); Triple-DES MAC (Cert. #480, vendor affirmed); AES (Cert. #459); RNG (Cert. #244)

-Other algorithms:

Single-chip

"The J-IDMark 64 PIV is a single chip cryptographic module, which combines a PIV FIPS 201 compliant applet (SP 800-73) loaded on J-IDMark 64 Open, a dual (contact & contactless) interface platform compliant with the latest Java CardTM 2.2/Global Platform 2.1.1 specifications, FIPS 140-2 Level 3 Approved and Level 4 Approved for physical security. Thus J-IDMark 64 PIV module is a reliable and standardized solution for PIV systems, which allow managing physical and logical access to Federal government facilities and systems, by help of identity credentials."
773 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Client
(Software Versions: 2.5.6 and 2.5.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 05/18/2007;
06/20/2007;
03/26/2010
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP, 2000, CE 3.0, CE 4.0 and Linux Kernel 2.4.21-37:EL (in single-user mode)

-FIPS-approved algorithms: AES (Certs. #427 and #437); Triple-DES (Certs. #457 and #463); SHS (Certs. #498 and #505); RNG (Certs. #221 and #227); HMAC (Certs. #201 and #205)

-Other algorithms: DES; MD5; Blowfish; GUAVA; IDEA; Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength)

Multi-chip standalone

"The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
772

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/08/2007 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

771 Gemalto
Avenue du Pic de Bretagne
BP 100
Gemenos Cedex, 13881
France

-Anthony Vella
TEL: +33 4 42 36 61 38
FAX: +33 4 42 36 52 36

CST Lab: NVLAP 200427-0

GemXpresso R4 E36/E72 PK - MultiApp ID 36K/72K - TOP IM GX4
(Hardware Versions: GXP4-M2612410 and GXP4-A1007591; Firmware Version: GX4-S_E005 (MSA029))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/08/2007;
02/23/2009
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #435); Triple-DES (Cert. #462); SHS (Cert. #503); RSA (Cert. #164); Triple-DES MAC (Cert. #462, vendor affirmed); RNG (Cert. #226)

-Other algorithms:

Single-chip

"GemXpresso R4 E36/E72 PK is based on a Gemplus Open OS Smart Card with a large EEPROM memory. The Smart Card platform provides Random Number generation, 3DES, AES, SHA-1 and RSA up to 2048 bits key length as well as RSA On Board Key generation up to 2048 bits long. The module conforms to Java Card 2.2.1 and Global Platform 2.1.1 standards, and is particularly designed to support any application dedicated to meet the very demanding requirements of multi-application government & enterprise security programs."
770 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200427-0

Check Point Crypto Core
(Software Versions: 1.2 (Win 2000/Win XP/Check Point Pre-Boot/Win Mobile 5/Symbian9) and 1.3 (Win 2003/Vista/Mac OS X 10.5))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/08/2007;
04/29/2008;
09/02/2008;
05/28/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 with SP4 (x86), Windows XP with SP2 (x86), Windows Mobile 5 (ARM and TI OMAP), Symbian 9 (ARM), Microsoft Windows Server 2003 SP2, Windows Vista Ultimate and Mac OS X v10.5 (single user mode)

-FIPS-approved algorithms: AES (Certs. #429 and #430); Triple-DES (Certs. #458 and #459); SHS (Cert. #499); RSA (Cert. #162); HMAC (Cert. #202); RNG (Cert. #222)

-Other algorithms: Blowfish; CAST-128; CAST-256; DES; MD5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); SHA-224 (non-compliant)

Multi-chip standalone

"Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Win 2K/XP/2K3/Vista, Check Point Pre-Boot, Win Mobile 5, Symbian 9 and Mac OS X. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries."
769 Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

-Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200427-0

Novell International Cryptographic Infrastructure (NICI)
(Software Version: 2.7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/04/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 with SP4; Microsoft Windows XP with SP 2; Red Hat Advanced Server 3.0 (in single-user mode)

-FIPS-approved algorithms: AES (Cert. #432); DSA (Cert. #179); HMAC (Cert. #204); RNG (Cert. #225); RSA (Cert. #163); SHS (Cert. #502); Triple-DES (Cert. #461);

-Other algorithms: ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192-bits of encryption strength); DES; MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; PKCS#12 PBE; UNIX Crypt; LMdigest (CIFS); TLS-KeyExchange-RSASign; NetWarePassword; X9.62 RNG (non-compliant)

Multi-chip standalone

"Novell International Cryptographic Infrastructure (NICI) is a cryptographic module written in C that employs the BSAFE library to provides keys, algorithms, key storage and usage mechanisms, and a key management system."
768 Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

-Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200427-0

Novell International Cryptographic Infrastructure (NICI)
(Software Version: 2.7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/04/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Novell Netware 6.5 SP3 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #432); DSA (Cert. #179); HMAC (Cert. #204); RNG (Cert. #225); RSA (Cert. #163); SHS (Cert. #502); Triple-DES (Cert. #461);

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192-bits of encryption strength); DES; MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; PKCS#12 PBE; UNIX Crypt; LMdigest (CIFS); TLS KeyExchange-RSASign; NetWarePassword; X9.62 PRNG (non-compliant)

Multi-chip standalone

"Novell International Cryptographic Infrastructure (NICI) is a cryptographic module written in C that employs the BSAFE library to provides keys, algorithms, key storage and usage mechanisms, and a key management system."
767 Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

-Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200427-0

Novell International Cryptographic Infrastructure (NICI)
(Software Version: 2.7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/04/2007 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 Server with SP3 and Q326886 (on Dell Optiplex GX400); Trusted Solaris 8 (on Sunblade 100); SuSE Linux Enterprise Server 8 (on IBM eServer e325)

-FIPS-approved algorithms: AES (Cert. #432); DSA (Cert. #179); HMAC (Cert. #204); RNG (Cert. #225); RSA (Cert. #163); SHS (Cert. #502); Triple-DES (Cert. #461);

-Other algorithms: ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192-bits of encryption strength); DES; MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; PKCS#12 PBE; UNIX Crypt; LMdigest (CIFS); TLS-KeyExchange-RSASign; NetWarePassword; X9.62 RNG (non-compliant)

Multi-chip standalone

"Novell International Cryptographic Infrastructure (NICI) is a cryptographic module written in C that employs the BSAFE library to provides keys, algorithms, key storage and usage mechanisms, and a key management system."
766 Attachmate Corporation
1500 Dexter Ave N
Seattle, WA 98109
USA

-Zeke Evans
TEL: 206-301-6891
FAX: 206-272-1346

-Joe Silagi
TEL: 206-217-7655
FAX: 206- 272-1346

CST Lab: NVLAP 200427-0

Attachmate Crypto Module
(Software Version: 1.0.170)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/04/2007 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Intel Itanium w/ HP-UX 11iv2 (IA64); Intel Itanium w/ Windows 2003 Server SP1 (IA64); Intel Pentium D w/ Windows 2003 Server SP1 (x64); Intel Pentium 4 w/ Windows 2003 Server SP1; AMD Opteron w/ Solaris 10; UltraSPARC w/ Solaris 8; AMD Opteron w/ SuSE Linux Enterprise Server 9.0 (x64); Intel Pentium 4 w/ SuSE Linux Enterprise Server 9.0; Intel Itanium w/ Red Hat Enterprise Linux 4.0 (IA64); Intel Pentium D w/ Red Hat Enterprise Linux 4.0 (x64); Intel Pentium 4 w/ Red Hat Enterprise Linux 4.0; PA-RISC w/ HP-UX 11iv1; Intel Pentium 4 w/ Sun Solaris 10 (used in single-user mode)

-FIPS-approved algorithms: AES (Cert. #417); Triple-DES (Cert. #447); SHS (Cert. #486); DSA (Cert. #173); RSA (Cert. #208); RNG (Cert. #212); HMAC (Cert. #191)

-Other algorithms: Arcfour; Blowfish; CAST; DES; RIPEMD-160; MD4; MD5; MD2; RC5; RC2; HMAC-MD5; HMAC-MD4; HMAC-MD2; HMAC-RIPEMD-160; DES MAC; RSA (key wrapping, key establishment methodology provides between 80 and 152 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The Attachmate Crypto Module is used in a range of solutions from Attachmate, provider of host connectivity, systems and security management, and PC lifecycle management products."
765 PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025
USA

-Vinnie Moscaritolo
TEL: 650-319-9000
FAX: 650-319-9001

CST Lab: NVLAP 100432-0

PGP Software Developer's Kit (SDK) Cryptographic Module
(Software Versions: 3.7.1 and 3.8.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/04/2007;
05/08/2007;
10/22/2007;
03/07/2008;
07/28/2008;
08/21/2008;
12/03/2008
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.4.8; Windows XP Professional SP2 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #471); AES (Cert. #453); DSA (Cert. #183); SHS (Cert. #516); HMAC (Cert. #216); RSA (Cert. #172); RNG (Cert. #238)

-Other algorithms: AES (EME mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; ARC4-128; MD5; RIPEMD60; HMAC-MD5; Blow-Fish; ElGamal (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
764 Futurex, LLC
864 Old Boerne Road
Bulverde, TX 78163
USA

-Jason Anderson
TEL: 830-980-9782
FAX: 830-438-8782

CST Lab: NVLAP 100432-0

Excrypt Cryptographic Module
(Hardware Version: P/N 9750-0235-R, Version 1.1; Firmware Version: 2.4.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/04/2007 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #369); SHS (Cert. #369); RSA (Cert. #86); RNG (Cert. #122); HMAC (Cert. #133)

-Other algorithms: DES (Cert. #327); MD5

Multi-chip embedded

"The Excrypt Cryptographic Module (ECM) is a tamper-resistant / responding PCI compatible universal module that provides secure cryptographic processing. The ECM features an Ethernet 10 / 100 interface supporting up to 999 sockets, a serial port, and 1000 3DES / 1000 4096-bit RSA battery backed key storage. The ECM provides TDES and PKI support for key management and electronic payment / funds transfer security. The ECM is used in the ExcryptTM SSP, RMC, PCE, KMS, and SKI Series products."
763 Atmel
Maxwell Building
Scottish Enterprise Technology Park
East Kilbride, G75 0QG
Scotland

-Steve Mitchell
TEL: 00-44-1355-803000
FAX: 00-44-1355-242744

CST Lab: NVLAP 100432-0

jNet Citadel-OS on Atmel AT90SC144144CT
(Hardware Version: P/N AT90SC144144CT, Version AdvX V01.01; Firmware Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/04/2007 Overall Level: 3 

-Physical Security: Level 4 +EFP

-FIPS-approved algorithms: Triple-DES (Cert. #437); Triple-DES MAC (Cert. #437, vendor affirmed); SHS (Cert. #470); RSA (Cert. #144); AES (Cert. #399); RNG (Cert. #214)

-Other algorithms: NDRNG

Single-chip

"The jNet Citadel-OS on Atmel AT90SC144144CT is a Personal Identity Verification Smart Card, HSPD-12 implementation with dual interface I/O. The secure, smart card native OS is fully compliant with NIST 800-73-1 and FIPS PUB 201-1 requirements. The module is used for physical and logical access control to government resources. The AT90SC144144CT is a low-power, high-performance, 8/16-bit microcontroller with Flash program memory and EEPROM data memory, based on the secureAVR enhanced RISC architecture."
762 Data-Pac Mailing Systems Corp.
1217 Bay Road
Webster, NY 14580
USA

-Ken Yankloski
TEL: 585-787-7074
FAX: 585-671-1409

-John Keirsbilck
TEL: 585-787-7077
FAX: 585-671-1409

CST Lab: NVLAP 200427-0

AMERICA2 (PSD)
(Hardware Version: 1.0.25.5; Firmware Version: 1.0.20.5)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/04/2007 Overall Level: 2 

-Physical Security: Level 3 +EFT

-FIPS-approved algorithms: Triple-DES (Cert. #453); SHS (Cert. #492); HMAC (Cert. #196)

-Other algorithms:

Multi-chip embedded

"The AMERICA2 (PSD) is a cryptographically secure, tamper proof device capable of storing customer postal credit and then dispensing valid postal indicia. As an embedded multi-chip Cryptographic Device, the AMERICA2 is enclosed within a tamper-response envelope that prevents all physically invasive attacks while still ensuring the retention of all postal data. The AMERICA2 (PSD) generates HMAC indicia as part of Data-Pac's IBI Light Symmetric postage system, which obviates the need for the digital signature used in traditional IBI franking. Data-Pac embeds the AMERICA2 into its line of Digit"
761 Gemalto
8311 North FM 620 Road
Austin, TX 78726
USA

-David Teo
TEL: 512-257-3895
FAX: 512-257-3881

CST Lab: NVLAP 100432-0

Cyberflex Access E-gate V3
(Hardware Version: P/N A1002431, Version A.12; Firmware Version: HardMask 3v1; SoftMask 1v1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/04/2007 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #451); Triple-DES (Cert. #468); Triple-DES MAC (Cert. #468, vendor affirmed); RNG (Cert. #236); RSA (Certs. #169 and #170); SHS (Cert. #514)

-Other algorithms: NDRNG; DES; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Single-chip

"The Cyberflex Access E-gate V3 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. The Cyberflex Access E-gate V3 serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. The card incorporates the conventional ISO 7816-3 interface, as well as the USB interface normally resident in the smart card reader, making it especially suitable for usage as a USB token."
760 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress® Wireless Security Gateway
(Hardware Version: AF7500; Firmware Version: 2.5.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/23/2007;
05/22/2007;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; RSA (non-compliant); RNG (non-compliant)

Multi-chip standalone

"The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
759 Icom Inc.
1-1-32 Kamiminami
Hirano-ku
Osaka 547-0003
Japan

-Chris Lougee
TEL: 425-454-8155
FAX: 425-450-1509

CST Lab: NVLAP 200427-0

Digital Unit UT-120 #10 and #11
(Hardware Version: 1.1; Firmware Version: 3.0 version 2.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/13/2007;
11/26/2007;
12/03/2007
Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #422); SHS (Cert. #493); HMAC (Cert. #197)

-Other algorithms: DES; RNG (non-compliant)

Multi-chip embedded

"The UT-120 is an optional unit available for Icom radios that provides digital transmission and reception capabilities, as well as, providing secure communication with FIPS approved AES and non-FIPS approved DES."
758 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

PIX 525 and PIX 535
(Hardware Versions: 525 and 535; Firmware Version: 7.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/11/2007;
05/28/2010;
02/23/2012
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-FIPS-approved algorithms: Triple-DES (Certs.#298 and #384); AES (Certs. #209 and #320); RNG (Cert. #143); SHS (Certs. #285 and #393); HMAC (Certs. #15 and #124), RSA (Certs. #105 and #107), DSA (Certs. #150 and #152)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 112 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
757 Lexmark International, Inc.
740 West Circle Road
Lexington, KY 40550
USA

-Sean Gibbons
TEL: 859-232-2000

CST Lab: NVLAP 200416-0

Lexmark PrintCryption
(Firmware Version: 1.3.1)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 04/11/2007;
05/22/2007
Overall Level: 1 

-Tested: T640, T642, T644, C920, W840, C534, T630, T632, T634, C760, C762, C912, W820, X644e, X646e, X646dte, X850e, X852e, X854e, C772, C782, C935 and X945e; Lexmark ver. 2.4 O/S

-FIPS-approved algorithms: Triple-DES (Certs. #356, #357, #358, #359, #360, and #470); AES (Certs. #273, #274, #275, #276, #277, and #452); RSA (Certs. #73, #74, #75, #76, #77, and #171); SHS (Certs. #350, #351, #352, #353, #354, and #515); HMAC (Certs. #89, #90, #91, #92, #93, and #215); RNG (Certs. #100, #101, #102, #103, #104, and #237)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Lexmark PrintCryption Card is an option for the Lexmark T, C, W, and X series of output devices that enables the printing of host encrypted data. With this option installed, the printer is capable of decrypting print jobs encrypted with the AES algorithm. The Lexmark PrintCryption Card analyses the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the confidential document to be printed."
756 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Wireless Access Bridge ES520
(Hardware Version: ES520; Firmware Versions: 2.6.1, 2.6.3 and 2.6.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/11/2007;
05/22/2007;
12/07/2007;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #423); SHS (Cert. #494); HMAC (Cert #198); RNG (Cert. #218)

-Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); RSA (non-compliant); Blowfish; DES; RC2; RC4; RC5; Safer; Skipjack; DSA (non-compliant); MD2; MD4; MD5; GUAVA; IDEA; Triple-DES

Multi-chip standalone

"The Fortress Secure Wireless Access Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
755 Sharp Corporation
1-9-2, Nakase
Mihama-ku, Chiba-shi, Chiba 251-8520
Japan

-Kazuhiro Yaegawa
TEL: +81-43-299-8368
FAX: +81-43-299-8741

CST Lab: NVLAP 100432-0

SHARP JCOP31ID FIPS
(Hardware Version: P/N SM4128(V3)A7; Firmware Version: HAL v1.1.06, IBM JCOP31IDv2.2OS Release Level 0400)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/11/2007 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #439); Triple-DES MAC (Cert. #439, vendor affirmed); AES (Cert. #402); RSA (Cert. #147); RNG (Cert. #197); ECDSA (Cert. #33); SHS (Cert. #472)

-Other algorithms: DES; AES MAC (non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ECSVDP

Single-chip

"The single-chip module is a 16-bit Sharp processor and a specifically modified version of the IBM JCOP 31-ID Java Card software satisfying the FIPS 140-2 requirements. The single-chip module provides an operational environment with up to 640 kBytes of Cryptographic Officer/Issuer available non-volatile memory. The defined user space allows for multiple validated applets to be concurrently loaded and used, as well as supporting re-issuance capability. The primary purpose for this device is to provide data security for Personnel Identification."
754

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/02/2007 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

753

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/02/2007 Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

752 SecureLogix Corporation
13750 San Pedro
Suite 230
San Antonio, TX 78232
USA

-Jane Byrne
TEL: 210-402-9669
FAX: 210-402-6996

CST Lab: NVLAP 200556-0

ETM® System Software Application Java Comm Crypto Module, Version 5.0
(Software Version: 5.0.2 build 12-9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/23/2007 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (in single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #374); SHS (Cert. #376); HMAC (Cert. #110)

-Other algorithms: DES, Triple-DES (ECB, CBC, and OFB modes; non-compliant)

Multi-chip standalone

"The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. Some of the key components of the ETM System are: the Management Server, Report Server, Performance Manager, and Usage Manager. These components are written in the Java programming language and are used in a distributed architecture across an enterprise LAN or WAN. These components utilize a library of Triple DES encryption routines to secure their network communications."
751 SecureLogix Corporation
13750 San Pedro
Suite 230
San Antonio, TX 78232
USA

-Jane Byrne
TEL: 210-402-9669
FAX: 210-402-6996

CST Lab: NVLAP 200556-0

ETM® System Software Application C Comm Crypto Module, Version 5.0
(Software Version: 2.0 build 11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/23/2007 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (in single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #375); SHS (Cert. #377); HMAC (Cert. #111)

-Other algorithms: DES

Multi-chip standalone

"The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. The ETM System's C Language Applications Dynamic Link Library provides Triple DES encryption routines for Windows-based ETM Applications. The C Language DLL is used to secure network communications between the ETM Collection Server and ETM Call Recorder Cache Appliances."
750 IBM® Corporation
11505 Burnet Rd.
Austin, TX 78758
USA

-Jacqueline Wilson
TEL: 512-838-2702
FAX: 512-838-3509

-Martin Clausen
TEL: +45 45 23 33 38

CST Lab: NVLAP 200427-0

IBM CryptoLite for C
(Software Version: 3.23)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/23/2007 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with AIX 5200-07 (32-bit kernel), AIX 5200-07 (64-bit kernel), AIX 5300-03 (32-bit kernel), AIX 5300-03 (64-bit kernel) (single-user mode)

-FIPS-approved algorithms: AES (Cert. #498); Triple-DES (Cert. #511); SHS (Cert. #568); DSA (Cert. #205); RSA (Cert. #214); RNG (Cert. #278); HMAC (Cert. #252)

-Other algorithms: RC2; CAST-5; CAST-6; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; MD2; HMAC-MD2; HMAC-MD5; Whirlpool; Arc-Four; DES

Multi-chip standalone

"IBM CryptoLite is a C software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance."
749 Hitachi, Ltd.
Hitachi System Plaza Shin-Kawasaki
890 Kashimada, Saiwai-ku
Kawasaki, Kanagawa 212-8567
Japan

-Yoshiaki Kawatsura
TEL: 81-44-549-1755
FAX: 81-44-549-1756

-Manabu Natsume
TEL: 81-44-549-1755
FAX: 81-44-549-1756

CST Lab: NVLAP 100432-0

Hitachi One-Passport PKI Card Application on Athena Smartcard Solutions OS755 for Renesas XMobile Card Module
(Hardware Version: P/N AE46C1 Version 0.1; Firmware Version: OS755 Version 2.4.7; Application Program Product C-9550-702 One-Passport PKI Card Application Versions 03-00 and CX 03-00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/23/2007;
04/26/2007
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #428; key wrapping; key establishment methodology provides 80 bits of encryption strength); Triple-DES MAC (Cert. #428, vendor affirmed); SHS (Certs. #315 and #458); RSA (Certs. #57 and #135); RNG (Certs. #75 and #209)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Raw RSA; RSA cipher only with ISO9796 padding; DES (with ISO9797 m1/m2 padding); Triple-DES (with ISO9797 m1/m2 padding; non-compliant)

Single-chip

"The One-Passport PKI solution provides a remote access environment through the Internet for general commercial uses by private companies. It consists of XMC Cards, PC Software, and PDA Software. Under the One-Passport PKI environment, employees such as sales persons can access their corporate mail servers and other corporate information from their satellite office, home, or other places outside the office. In order to avoid unexpected leakage of information during such remote access, the One-Passport PKI solution uses the VPN technique and PKI based authentication method."
748 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 200556-0

Stealth MXP
(Hardware Versions: 4.0 StealthMXP 128MB, 4.0 StealthMXP 256MB, 4.0 StealthMXP 512MB, 4.0 StealthMXP 1GB, 4.0 StealthMXP 2GB, 4.0 StealthMXP 4GB, 4.1 StealthMXP 128MB, 4.1 StealthMXP 256MB, 4.1 StealthMXP 512MB, 4.1 StealthMXP 1GB, 4.1 StealthMXP 2GB, 4.1 StealthMXP 4GB, 4.2 StealthMXP 128MB, 4.2 StealthMXP 256MB, 4.2 StealthMXP 512MB, 4.2 StealthMXP 1GB, 4.2 StealthMXP 2GB, 4.2 StealthMXP 4GB, 4.2 StealthMXP: Liquid Metal 512MB, 4.2 StealthMXP: Liquid Metal 1GB, 4.2 StealthMXP: Liquid Metal 2GB and 4.2 StealthMXP: Liquid Metal 4GB with Version 2.3 of FPGA; Firmware Versions: 4.16, 4.18, 4.19, 4.20 and 4.21 with Version 2.0 of Boot loader)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/14/2007;
05/01/2007;
08/07/2007;
09/25/2007;
11/06/2007;
12/20/2007;
01/28/2008;
06/23/2008;
05/31/2011;
04/24/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #416); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190)

-Other algorithms:

Multi-chip standalone

"Stealth MXP is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
747 SecureLogix Corporation
13750 San Pedro
Suite 230
San Antonio, TX 78232
USA

-Timothy J. Barton
TEL: 210-402-9669
FAX: 210-402-6996

-Jane Byrne
TEL: 210-402-9669
FAX: 210-402-6996

CST Lab: NVLAP 200556-0

ETM® System Firmware Appliance C Comm Crypto Module, Version 5.0
(Firmware Version: 5.02.20)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 03/23/2007 Overall Level: 1 

-Tested: ETM® System Appliance Model 3200 with Linux 2.6 (locked down)

-FIPS-approved algorithms: Triple-DES (Cert. #373); SHS (Cert. #375); HMAC (Cert. #109)

-Other algorithms: DES

Multi-chip embedded

"The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. Primary components of the ETM System are the ETM Appliances, custom designed devices installed inline on the telecommunication circuits to monitor and control VoIP, PRI, CAS, SS7, and analog voice traffic. The system uses a C library of TDES encryption routines to secure their network communications."
746 Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

-Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

-Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0

STS Secure for Linux
(Software Version: 1.0.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/23/2007;
06/13/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux 2.6 (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: NDRNG

Multi-chip standalone

"The STS Secure for Linux is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) and the Netfilter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
745 Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

-Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

-Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0

STS Secure for Windows CE
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/23/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: NDRNG

Multi-chip standalone

"The STS Secure for Windows CE is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
744 Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

-Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

-Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0

STS Secure for Windows XP, Embedded XP
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/22/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2, Windows XP Professional Embedded SP2 (single-user mode)

-FIPS-approved algorithms: DSA (Cert. #157); RNG (Cert. #167); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: NDRNG

Multi-chip standalone

"The STS Secure for Windows XP, Embedded XP is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
743 Encryption Solutions, Inc.
1740 E. Garry Ave.
Suite 110
Santa Ana, CA 92705
USA

-Frederick C. Meyer
TEL: 949-660-0102
FAX: 949-660-0202

CST Lab: NVLAP 100432-0

SkyLOCK™ Encryption Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/09/2007 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows XP Professional SP2 running on an HP Pavilion dv8210us computer; Windows XP Professional SP2 running on an HP Pavilion zt1175 computer; Windows XP Professional SP2 running on a Dell Optiplex GX270 computer

-FIPS-approved algorithms: AES (Cert. #413); SHS (Cert. #482); HMAC (Cert. #187)

-Other algorithms: SkyLOCK™ Data Protection Scheme

Multi-chip standalone

"The SkyLOCK cryptographic module will be used by Encryption Solutions, Inc. to provide clients with a fast, efficient, and secure solution for protecting information, data and files. The SkyLOCK cryptographic module is the core of all products in the SkyLOCK family. With uses including data storage, file transfer, streaming, and email, SkyLOCK products cover a wide range of security applications and needs. These robust software products provide security in both wired and wireless environments."
742 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder® FIPS Module for ADS 1.2
(Software Version: 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/01/2007;
07/20/2007;
03/06/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Phillips RTK-E OS (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #452); AES (Cert. #421); SHS (Cert.#491); HMAC (Cert. #195); RNG (Cert. #217); DSA (Cert. #176); ECDSA (Cert. #31); RSA (Cert. #159)

-Other algorithms: DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 57 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides between 57 and 256 bits of encryption strength)

Multi-chip standalone

"The Security Builder® FIPS Module for ADS 1.2 is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
741 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-nCipher Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

Ultralock Symmetric Module
(Hardware Version: 010-00007 a.00)

(When operated in FIPS mode and using the nForce Ultra Asymmetric Module validated to FIPS 140-2 under Cert. #740 and nCipher MiniHSM validated to FIPS 140-2 under Cert. #672 when operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/01/2007 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #345); AES (Cert. #263); SHS (Cert. #342); HMAC (Cert. #75)

-Other algorithms: DES; RC4; MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip embedded

"The Ultralock Symmetric Module performs all the cryptography required for SSL/TLS applications. This module is a common element of the Britestream BN2010 SSL Security ASIC, the industry's first single-chip solution for completely off-loading SSL/TLS processing from host systems. The innovative in-line architecture combines TCP."
740 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce Ultra Asymmetric Module
(Hardware Version: 010-00007 a.00; Firmware Version: 610-00014 1.0.0.)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/01/2007 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #346); AES (Cert. #264); SHS (Cert. #343); RSA (Cert. #103); HMAC (Cert. #76); RNG (Cert. #96); DSA (Cert. #138)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The nForce Ultra Asymmetric Module performs various tasks associated with cryptographic key management including key generation, key wrapping, secure key storage and secure key transport as well as key zeroization. These functions comply with requirements for archieving FIPS 140-2 certification of the overall system that the module is used in."
739 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa,, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

ProtectServer Gold
(Hardware Version: Revisions B2, B3 and B4; Firmware Version: 2.03.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/01/2007;
03/20/2007;
04/26/2007;
01/26/2009
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #382); Triple-DES (Cert. #426); SHS (Cert. #457); HMAC (Cert. #171); RNG (Cert. #184); RSA (Cert. #134); DSA (Cert. #166); ECDSA (Cert. #26); Triple-DES MAC (Cert. #426, vendor affirmed)

-Other algorithms: DES; DES MAC; AES MAC (non-compliant); CAST 128; CAST MAC; IDEA; IDEA MAC; RC2; RC2 MAC; SEED; SEED MAC; MD2; MD5; HMAC MD5; RC4; RIPEMD-128; RIPEMD-160; HMAC RMD128; HMAC RMD160; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip embedded

"The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
738 3e Technologies International, Inc.
700 King Farm Blvd.
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-030-2 Security Server Cryptographic Core
(Software Version: 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/08/2007 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Server with SP4 and Windows 2003 with SP1 (in single user mode)

-FIPS-approved algorithms: AES (Certs. #415 and #428); HMAC (Cert. #189); RNG (Cert. #210); RSA (Cert. #153); SHS (Cert. #484)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5

Multi-chip standalone

"The 3e-030-2 Security Server Cryptographic Core (Version 3.0) provides FIPS 140-2 validated cryptographic functionality for the 3eTI Security Server product, a RADIUS-like back-end Authentication Server, capable of dynamic key exchange, support of JITC DoD-signed certificates for PKI usage, and full 802.11i support. The 3e-030-2 provides the following FIPS-approved cryptographic algorithms: AES (ECB mode; 256-bit key size), SHA-1, HMAC-SHA1, RSA sign/verify, FIPS 186-2 (Appendix 3.1 and 3.2 3.3) PRNG. The 3e-030-2 also supports the following non-FIPS cryptographic algorithms: Diffie Hellman"
737 TriCipher, Inc.
1900 Alameda de las Pulgas
Suite 112
San Mateo, CA 94403
USA

-Tim Renshaw
TEL: 650-372-1300

CST Lab: NVLAP 200416-0

TriCipher Armored Credential System (TACS)
(Hardware Versions: 1000 and 2000; Firmware Versions: 3.1, build 255 and 3.1.1, build 261)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/08/2007 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #413); RSA (Cert. #120); SHS (Cert. #430); HMAC (Cert. #159); RNG (Cert. #170)

-Other algorithms: MD5; RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The TriCipher Armored Credential System (TACS) provides a single platform that can issue and support a flexible range of credentials from a single infrastructure."
736 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Simon Gerraty
TEL: 408-745-2348
FAX: 408-745-8905

CST Lab: NVLAP 100432-0

JUNOS-FIPS-L2 Cryptographic Module
((Chassis Model Numbers nnnn (T640, T320, M320 and M40e); Hardware P/Ns [nnnnBASE Rev A, RE-600 (RE3) Rev A,DOC-FIPS-140-2-L2-KIT Rev A] and [nnnnBASE Rev A, RE-1600 (RE4) Rev A, DOC-FIPS-140-2-L2-KIT Rev A]; Firmware Versions 7.2R1.7 and 7.4R1.7)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/06/2007 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Certs. #259 and #260); HMAC (Certs. #70, #71, #72, #73 and #79); DSA (Cert. #137); RNG (Cert. #93); RSA (Cert. #69); SHS (Certs. #336, #337, #338, #339 and #340); Triple-DES (Certs. #341, #342, #343 and #344)

-Other algorithms: DES (Certs. #316, #317, #318 and #319); MD5; Diffie-Hellmann (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The JUNOS-FIPS-L2 Cryptographic Module is a multi-chip standalone cryptographic module (for Juniper Networks T-Series and M-Series routers) that executes JUNOS-FIPS firmware. JUNOS-FIPS is a release of the JUNOS operating system, the first routing operating system designed specifically for the Internet. JUNOS is currently deployed in the largest and fastest-growing networks worldwide. A full suite of industrial-strength routing protocols, flexible policy language, and leading MPLS implementation efficiently scale to large numbers of network interfaces and routes."
735 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo
TEL: 954-888-6202
FAX: 954-888-6211

CST Lab: NVLAP 200002-0

Datacryptor® SONET/SDH v1.00
(Hardware Version: 1600X40 (Options 4 and 6) v1.00; Firmware Version: v1.00 (Rev43))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/06/2007 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #366); DSA (Cert. #159); SHS (Cert. #439); RNG (Cert. #175)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Datacryptor« SONET/SDH v1.00 is a multi-chip standalone cryptographic module. It secures communications using signed Diffie-Hellman key exchange and AES-256 encryption over SONET/SDH networks. It provides data encryption and OC-3, OC-12 and OC-48 data rates. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
734 Thales Communications, Inc
22605 Gateway Center Drive
Clarksburg, MD 20871
USA

-George Korus
TEL: 240-864-7646

CST Lab: NVLAP 200002-0

Thales 25 Portable Radio
(Hardware Version: PRC6894; Firmware Version: 8.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/06/2007 Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS-approved algorithms: AES (Cert# 347); SHS (Cert# 421); HMAC (Cert# 150)

-Other algorithms: DES

Multi-chip standalone

"The Thales 25 portable radio (T25) is a small, light, and rugged radio that meets the requirements of the Association of Public Safety Communications Officials (APCO) Project 25 Common Air Interface (CAI) Standard. The T25 supports Project (P25) digital voice and data encryption operation, as well as Motorola Key Variable Loader (KVL). It supports full multi-mode operation over a frequency range of 136 to 174 MHz and features high quality, error-corrected, digital voice and AES Encryption."
733 Open Source Software Institute
Administrative Office
P.O. Box 547
Oxford, MS 38655
USA

-John Weathersby
TEL: 601-427-0152
FAX: 601-427-0156

CST Lab: NVLAP 200017-0

OpenSSL FIPS Object Module
(Source Content Version: opensslfips1.1.1.tar.gz; Resultant Compiled Software Version: 1.1.1)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files, including the specified OpenSSL distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a FIPS 140-2 non-compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 02/06/2007;
11/30/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SuSE Linux Version 9.0 (gcc Compiler Version 3.3.1), and HPUX Version 11i (gcc Compiler Version 3.4.2) (in single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #451); AES (Cert. #420); SHS (Cert. #490); HMAC (Cert. #194); RSA (Cert. #177); DSA (SigVer, Cert. #175);

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RNG (Cert. #216; non-compliant. This RNG shall not be used for any services requiring the use of random bits); DSA (SigGen and KeyGen, Cert. #175; non-compliant);

Multi-chip standalone

"The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from http://www.openssl.org/source/"
732 Hitachi, Ltd.
Hitachi System plaza Shinkawasaki,
890 Kashimada,
Saiwai
Kawasaki, Kanagawa Perfecture 212-8567
Japan

-Yutaka Takami
TEL: +81-44-549-1755
FAX: +81-44-549-1756

-Tomomi Haruna
TEL: +81-44-549-1755
FAX: +81-44-549-1756

CST Lab: NVLAP 200017-0

Personal Identity Verification Application on Hitachi MULTOS Smart Chip
(Hardware Version: AE45X1; Firmware Version: 1.0)

(PIV Card Application: Cert. #3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/25/2007 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: RNG (Cert. #186); Triple-DES (Cert. #429)

-Other algorithms: RSA (non-compliant)

Single-chip

"The HITACHI MULTOS Smart Chip is a single chip for smart cards with a dual interface (contact and contactless), which is compliant with MULTOS. The MULTOS OS is a high-security multi-application smart card operating system and Key Management Infrastructure which provides Card Issuers with the opportunity to define their own card programmes, delivering services with their own smart card applications or those of other third-party Application Providers."
731 Taua Biomatica S/A
Rua do Rosario 103 / 13 andar
Rio de Janeiro, RJ 20041-004
Brazil

-Marcio Lima
TEL: 55-21-2232-1321
FAX: 55-21-2531-0255

CST Lab: NVLAP 100432-0

Zyt Cryptographic Module
(Hardware Version: P/N PM400002-9, Version 3; Firmware Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/08/2007 Overall Level: 3 

-FIPS-approved algorithms: RSA (Certs. #36 and #37); SHS (Certs. #282 and #283); RNG (Cert. #47) Triple-DES (Cert. #294);

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5

Multi-chip embedded

"Taua Biomatica has developed an innovative product, the Zyt, created to offer the highest security level for Internet transactions. It was designed to digitally sign documents and transactions, integrating the most modern biometrical technologies, digital certification and cryptography. It is composed of a fingerprint sensor for the user's positive identification, a smart card reader for private key and digital certificate storage, a liquid crystal for transaction display, and a USB port for communication with the PC."
730 Blue Ridge Networks
14120 Parke Long Court
Suite 101
Chantilly, VA 20151
USA

-Tom Gilbert
TEL: 703-631-0700
FAX: 703-631-9588

CST Lab: NVLAP 200416-0

BorderGuard X.509 VPN Client
(Software Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 01/08/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (in single user mode)

-FIPS-approved algorithms: AES (Certs. #386 and #418); Triple-DES (Certs. #432 and #448); HMAC (Certs. #173 and #192); SHS (Certs. #463 and #487)

-Other algorithms: MD5; DES; IDEA; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (non-compliant); RNG (non-compliant)

Multi-chip standalone

"The BorderGuard VPN Client is a security enhanced VPN Client which is used for establishment of secure Virtual Private Network with a BorderGuard network security appliance and individual remote access users."
729 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM)
(Hardware Versions: Chassis: 6506, 6506-E, 6509 and 6509-E; Backplane: Hardware Versions 1.0 (6506-E), 1.1 (6509-E) and 3.0 (6506, 6509); Supervisor Blade: Hardware Versions: 4.1 (SUP720-3B) and 4.0 (SUP720-3BXL); WiSM: Hardware Version 1.2; Firmware Versions: 12.2(18)SXF4, Build adventerprisek9 (Supervisor) and 3.2.116.21 (WiSM))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/21/2006;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #369 and #368); SHS (Certs. #442 and #441); HMAC (Cert. #164); RSA (Certs. #124 and #123); RNG (Cert. #177); CCM (Cert. #10)

-Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
728 Extreme Networks
3585 Monroe Street
Santa Clara, CA 95051
USA

-Prasad Yerneni
TEL: 408-579-3379

CST Lab: NVLAP 200017-0

Sentriant CE150
(Hardware Version: A; Firmware Version: 4.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/21/2006 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #79); RNG (Cert. #112)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; HMAC MD5; DES

Multi-chip standalone

"The Sentriant CE150 is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, it has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
727 Ceragon Networks, Ltd.
24 Raoul Wallenberg Street
Tel-Aviv, 69719
Israel

-Yossi Sarusi
TEL: 972 3 7666436
FAX: 972 3 6455559

-Boris Radin
TEL: 972 3 76668160
FAX: 972 3 6455559

CST Lab: NVLAP 200427-0

FibeAir®1500P™ Secure Basic Indoor Unit
(Hardware Version: mux_fal2_4.084.s.frx; Firmware Version: idc_swr_4.80s28.s.idn)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/21/2006 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #395 and #396); RNG (Cert. #192); RSA (Cert. #141); SHS (Cert. #467)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"High capacity broadband wireless system which provide FIPS compliant secure operation."
726 3e Technologies International, Inc.
700 King Farm Blvd.
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-523-F2 Secure Multi-function Wireless Data Point
(Hardware Versions: HW V1.0 and V1.1; Firmware Version: 4.1.7.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/18/2006;
09/25/2007;
01/28/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #238); Triple-DES (Certs. #292 and #892); SHS (Certs. #278 and #1145); HMAC (Certs. #13 and #729); RNG (Cert. #22); RSA (Cert. #129); CCM (Cert. #1)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; DES; AES CFB (non-compliant)

Multi-chip standalone

"The 3e-523-F2 operates as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i."
725

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/15/2006 Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip embedded

724

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/15/2006 Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip embedded

723 Thales e-Security
Meadow View House
Crendon Industrial Estate, Long Crendon,
Aylesbury, Buckinghamshire HP18 9EQ
United Kingdom

-Tim Fox
TEL: +44 (0)1844 201800

CST Lab: NVLAP 200002-0

Secure Generic Sub-System (SGSS), Version 3.3
(Hardware Version: 1213B130, Rev 2 and 1213D130, Rev 3a; Software Version: 2.5.7)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/18/2006;
09/25/2007
Overall Level: 3 

-FIPS-approved algorithms: DSA/SHS (Cert. #24)

-Other algorithms:

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000 family, WebSentry™ family, HSM 8000 family, P3™CM family, PaySentry™, 3D Security Module and SafeSign® Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and SHA-1 hashing."
722 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

VPN-1
(Firmware Version: NGX (R60) with hot fix HFA-03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 12/08/2006;
01/04/2007;
05/02/2008;
05/28/2009
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 2

-Tested: Check Point SecurePlatform Operating System, version NGX (R60) HFA-03 on General Purpose Computing platform with single and dual Intel XEON® and single and dual AMD Opteron® processor configurations

-FIPS-approved algorithms: Triple-DES (Cert. #338); AES (Cert. #257); SHS (Cert. #332); HMAC (Cert. #67); RSA (Certs. #66 and #132); RNG (Cert. #90)

-Other algorithms: DES (Cert. #314); CAST 40 bit; CAST 128 bit; MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 70 and 202 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"Check Point's VPN-1 version NGX (R60) with hot fix HFA-03 is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point's Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
721 Neopost Technologies
113 rue Jean-Marin Naudin
Bagneaux, 92220
France

-Thierry Le Jaoudour
TEL: 01 45 36 30 00
FAX: 01 45 36 30 10

CST Lab: NVLAP 100432-0

N30i/N30ig - 135/136 Meter
(Hardware Version: P/N 4127205W; Firmware Versions: P/N 4132525N V50.0, P/N 4134515L/A V50.02 and P/N 4134515L/B V50.03)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/08/2006;
12/19/2006;
09/12/2008
Overall Level: 3 

-Physical Security: Level 3 +EFT

-FIPS-approved algorithms: DSA (Cert. #61); Triple-DES (Cert. #119); Triple-DES MAC (Cert. #119, vendor affirmed); SHS (Certs. #391 and #455); RNG (Cert. #141)

-Other algorithms:

Multi-chip embedded

"Cryptographic software module used in the N30i/N30ig - 135/136 Postage Meter."
720 Sterling Commerce, Inc.
4600 Lakehurst Court
Dublin, OH 43016-2000
USA

-Garry Mayo
TEL: 469-524-2663
FAX: 469-524-2357

-Dean Vallas
TEL: 469-524-2103
FAX: 469-524-2357

CST Lab: NVLAP 200556-0

Connect:Direct Secure+ Option
(Software Version: Version 4.5 on z/OS)

(When operated in FIPS mode using IBM eServer zSeries 900 CMOS Cryptographic Coprocessor validated to FIPS 140-1 under Cert. #118 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 11/15/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with IBM z/OS 1.6 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #423 and #28); SHS (Certs. #451 and #37); ECDSA (Cert. #25); DSA (Cert. #37)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Connect:Direct Secure+ Option provides server-based software file-transfer solutions for high-volume applications. Connect:Direct installations typically perform periodic, high-capacity file transfers between specific servers, often for financial services or federal government applications. This software supports multiple server platforms, including mainframe operating systems, UNIX platforms, and Windows servers."
719 Sterling Commerce, Inc.
4600 Lakehurst Court
Dublin, OH 43016-2000
USA

-Garry Mayo
TEL: 469-524-2663
FAX: 469-524-2357

-Dean Vallas
TEL: 469-524-2103
FAX: 469-524-2357

CST Lab: NVLAP 200556-0

Connect:Direct Secure+ Option
(Software Version: Version 3.7 on UNIX)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/15/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Solaris 10, IBM AIX 5.3, and HP-UX 11i (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #288, #423, and #424); AES (Certs. #192 and #380); SHS (Certs. #272, #451, #452, and #453); HMAC (Certs. #7 and #168); DSA (Cert. #164); RNG (Certs. #39 and #182)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES; MD5

Multi-chip standalone

"Connect:Direct Secure+ Option provides server-based software file-transfer solutions for high-volume applications. Connect:Direct installations typically perform periodic, high-capacity file transfers between specific servers, often for financial services or federal government applications. This software supports multiple server platforms, including mainframe operating systems, UNIX platforms, and Windows servers."
718 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Security Controller (FC-X)
(Hardware Version: FC-X; Firmware Versions: FC-X 4.0.3 and 4.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/15/2006;
08/31/2007;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #389 and #390); SHS (Cert. #465); RNG (Certs. #189 and #190); HMAC (Cert. #174)

-Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; RSA (non-compliant); SHS (non-compliant; FPGA); HMAC (non-compliant; FPGA)

Multi-chip standalone

"The Fortress Security Controller (FC-X) is a high performance electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a custom built multiple processor hardware platform and deployable on any LAN or WAN, the Fortress Security Controller (FC-X) provides encryption, data integrity checking, authentication, access control, and data compression."
717 High Density Devices AS
Vestre Strandgate 26
Kristiansand, N-4611
Norway

-Aage Kalsaeg
TEL: +47 38 10 44 80
FAX: +47 38 10 44 99

CST Lab: NVLAP 100432-0

SecureD v.1.6.1
(Hardware Version: HW P/N SecureD v.1.6.1 Version 1.6.6; Firmware Version: 1.6.3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/15/2006;
01/05/2007
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #427); AES (Cert. #383)

-Other algorithms:

Multi-chip embedded

"SecureD is a hardware based encryption device that offers optimal, fully integrated, protection for stored data in IDE data bus based computer systems. SecureD operates fully transparent at the speed of ATA-6 AT API. SecureD is using AES 128/192/256 bits encryption/decryption, and is 100% operating system independent. No SW is installed. Ideal for encryption of disks in Desktop environment, Laptop, and USB/Firewire connected disks."
716 D'Crypt Private Limited
20 Ayer Rajah Crescent
#08-08 Technopreneur Centre
Singapore, 139964
Singapore

-Quek Gim Chye
TEL: (65) 6776-9210
FAX: (65) 6873-0796

CST Lab: NVLAP 100432-0

d'Cryptor ZE Cryptographic Module
(Hardware Version: P/N DC-ZEN2-41 v4.1, DC-ZEN4-41 v4.1; Firmware Version: Kernel v4.5, LFM v2.1, AFM v2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/06/2006 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #332); Triple-DES (Cert. #396); SHS (Cert. #407); RSA (Cert. #113); HMAC (Cert. #136); RNG (Cert. #153)

-Other algorithms: DES (Cert. #328; v3.0)

Multi-chip embedded

"The d'Cryptor ZE Cryptographic Module is a micro-token targeted at high security embedded applications. Central to the next generation of d'Cryptor products where it serves as a secure coprocessor, the ZE provides cryptographic/key management services, secure key storage and supports interfaces such as UARTs, SSP, infrared, contact/contactless Smartcard and GPIOs."
715 RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

-Jim Spence
TEL: 785-856-1300
FAX: 785-856-1302

CST Lab: NVLAP 100432-0

FIPSCOM Cryptographic Module
(Hardware Version: P/N 7011-30967-000 Versions 050306, 030207 and 051208; Firmware Versions: 0722-05072-000, 0722-05073-000 and 0722-05073-001)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/06/2006;
04/26/2007;
12/18/2007;
06/23/2008
Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #385); RSA (Cert. #139); SHS (Cert. #462)

-Other algorithms: DES; NDRNG

Multi-chip embedded

"The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
714 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE Crypto-J JCE Provider Module
(Software Version: 3.5.2 [1] and 3.5.3 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 11/02/2006;
12/18/2006;
10/12/2007;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode).

-FIPS-approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Certs. #71 [1] and #186 [2]); RNG (Cert. #106); HMAC (Cert. #86)

-Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 non-compliant, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
713 Sagem Orga
Am Hoppenhof 33
Paderborn, 33104
Germany

-Fabien Guichon
TEL: 49 52 51 88 90

CST Lab: NVLAP 100432-0

J-IDMark 64
(Hardware Version: HW P/N AT58829-C-AA, Version 01; Firmware Version: FW Version J-IDMark 64 IDT 005)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/02/2006 Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: SHS (Certs. #459 and #460); RSA (Certs. #136 and #137); Triple-DES (Cert. #430); Triple-DES MAC (Cert. #430, vendor affirmed); RNG (Cert. #187)

-Other algorithms: RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength)

Single-chip

"The J-IDMark 64 is a single chip cryptographic module, compliant with Global Platform 2.0.1 and Sun Java Card TM 2.1.1. It runs a proprietary Applet, ID v1, which includes the following features: - A PKI-based digital signature for secure transactions and digital certificate management. - Secure storage of data and identification management rights (driving licenses, health care entitlement, car certificate, etc.). - A Match On Card mechanism which performs fingerprint verification. The J-IDMark 64 module meets the requirements to the Level 4 of FIPS 140-2 for physical security."
712

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/27/2006;
07/28/2009
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

711 JVC KENWOOD Corporation
1-16-2, Hakusan, Midori-ku,
Yokohama-shi, Kanagawa 226-8525
Japan

-Tamaki Shimamura
TEL: +81 45 939 6254
FAX: +81 45 939 7093

-Joe Watts
TEL: 678-474-4700
FAX: 678-474-4730

CST Lab: NVLAP 100432-0

Secure Cryptographic Module (SCM)
(Hardware Version: P/N KWD-AE20, Version 1.0.0; Firmware Version: A1.0.0 and A1.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/16/2006;
12/07/2011;
01/31/2012
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #363); SHS (Cert. #437)

-Other algorithms: DES; LFSR

Multi-chip embedded

"The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES (non-compliant) encryption."
710 Ecutel Systems, Inc.
2300 Corporate Park Drive
Suite 410
Herndon, VA 20171
USA

-Dzung Tran
TEL: 571-203-8300

CST Lab: NVLAP 200416-0

Ecutel Cryptographic Service Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/16/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP; Windows Mobile for Pocket PC 2003; Linux RedHat Kernel 2.6 (in single-user mode)

-FIPS-approved algorithms: AES (Cert. #381); Triple-DES (Cert. #425); SHS (Cert. #456); HMAC (Cert. #170); RNG (Cert. #183)

-Other algorithms:

Multi-chip standalone

"The Ecurtel Cryptographic Service Module (ECSM) is a cryptographic library that offers cryptographic functionalities to Ecutel products only. It is installed on a machine as a constituent of host application."
709 Phoenix Technologies, Ltd.
915 Murphy Ranch Road
Milpitas, CA 95035
USA

-Karen Zelenko
TEL: 408-570-1418
FAX: 408-570-1350

CST Lab: NVLAP 100432-0

TrustConnector 2 v2.0 with StrongClient v4.0 and StrongROM v3.1
(Software Version: TrustConnector 2 v2.0, StrongClient v4.0; Firmware Version: StrongROM v3.1)

(When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-1 under Cert. #238 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 10/17/2006 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #343 and #344); RSA (Certs. #114 and #115); SHS (Certs. #83, #418, and #419); HMAC (Certs. #105 and #147); HMAC (Cert. #83, vendor affirmed); RNG (Certs. #118 and #164); Triple-DES (Cert. #81)

-Other algorithms: DES (Cert. #156); DES MAC (Cert. #156, vendor affirmed); RC2; RC4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The Phoenix Technologies "TrustConnector 2" product is a FIPS 140-2 Level 1 compliant module that implements a standard Cryptographic Service Provider (CSP) for Microsoft CryptoAPI. Phoenix TrustConnector enables built-in device authentication and transparently enhances the way Windows protects identity credentials associated with digital certificates and binds the credentials to the platform to which they are issued."
708 Phoenix Technologies, Ltd.
915 Murphy Ranch Road
Milpitas, CA 95035
USA

-Karen Zelenko
TEL: 408-570-1418
FAX: 408-570-1350

CST Lab: NVLAP 100432-0

TrustConnector 2 v2.0 with StrongClient v4.0
(Software Version: TrustConnector 2 v2.0, StrongClient v4.0)

(When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-1 under Cert. #238 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/11/2006 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #344); RSA (Cert. #115); SHS (Certs. #83 and #419); HMAC (Cert. #147); HMAC (Cert. #83, vendor affirmed); RNG (Cert. #164); Triple-DES (Cert. #81)

-Other algorithms: DES (Cert. #156); DES MAC (Cert. #156, vendor affirmed); RC2; RC4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The Phoenix Technologies "TrustConnector 2" product is a FIPS 140-2 Level 1 compliant module that implements a standard Cryptographic Service Provider (CSP) for Microsoft CryptoAPI. Phoenix TrustConnector enables built-in device authentication and transparently enhances the way Windows protects identity credentials associated with digital certificates and binds the credentials to the platform to which they are issued."
707 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 871, 876, 877 and 878 Integrated Services Routers
(Hardware Versions: 1.0 (871), 1.0 (876), 1.0 (877) and 1.0 (878); Firmware Version: 12.4(4)T2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/11/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #389 and #390); AES (Certs. #324 and #325); RNG (Cert. #147); SHS (Certs. #398 and #399); HMAC (Certs. #131 and #134)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant)

Multi-chip standalone

"Cisco 870 Series fixed-configuration integrated services routers support multiple types of DSL technologies, broadband cable, and Metro Ethernet connections in small offices. They run concurrent services, including firewall, intrusion prevention, and encryption for VPNs; optional 802.11b/g for WLAN networking; and quality of service (QoS) features for optimizing voice and video applications. These routers also offer Stateful Inspection Firewall, IP security (IPSec) VPNs, intrusion prevention system (IPS), antivirus support, and secure WLAN 802.11b/g option with use of multiple antennas."
706 Britestream Networks, Inc.
12401 Research Boulevard
Bldg 2, Suite 275
Austin, TX 78759
USA

-Rick Hall
TEL: 512-250-2129 x135
FAX: 512-250-9068

CST Lab: NVLAP 200017-0

Britestream nCipher Asymmetric Module
(Hardware Version: 010-00007 a.00; Firmware Version: 610-00014 1.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/27/2006 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #346); AES (Cert. #264); SHS (Cert. #343); RSA (Cert. #103); HMAC (Cert. #76); RNG (Cert. #96); DSA (Cert. #138)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Britestream nCipher Asymmetric Module performs various tasks associated with cryptographic key management including key generation, key wrapping, secure key storage and secure key transport as well as key zeroization. These functions comply with requirements for achieving FIPS 140-2 certification of the overall system that the module is used in."
705 SETECS Inc. and Gemalto
8070 Georgia Avenue
Silver Spring, MD 20910
USA

-Sead Muftic
TEL: 301-587-3000
FAX: 301-587-7877

-Nick Hislop
TEL: 610-202-4942
FAX: 215-390-2915

CST Lab: NVLAP 200427-0

SETECS Inc. OneCARD™ PIV-II Java Card Applet on Gemalto GemCombi'Xpresso R4 E72K PK card
(Hardware Version: GCX4-M2569420; Firmware Version: GCX4-FIPS EI07, Applet Version: SETECS Inc. OneCARD™ PIV-II Java Card Applet Version 1.2)

(PIV Card Application: Cert. #4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/20/2006 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119); Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. #168)

-Other algorithms: N/A

Single-chip

"SETECS OneCARD(TM) is the smart card created as the combination of SETECS OneCARD(TM) PIV-II Java Card Applet and Gemalto GemCombi'Xpresso R4 E72K PK card. SETECS OneCARD(TM) Card (PIV Card) is the full implementation of the FIPS 201 card application (PIV applet) with all required access rules and protocols. The PIV Card contains all mandatory and optional data objects, as specified in the NIST Special Publication 800-73-1. The GCX4 is based on a Java platform with 72K EEPROM memory. The module provides dual interfaces (i.e. contact and contactless) where the same security level is achieved."
704 Utimaco® Safeware AG
Hohemarkstraße 22
Oberursel, D-61440
Germany

-US Corporate Headquarters
TEL: 508- 543-1008
FAX: 508- 543-1009

-Dr. Christian Tobias
TEL: +49 6171 88 1711

CST Lab: NVLAP 200017-0

SafeGuard Easy
(Software Version: 4.20)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/15/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 SP4, Windows Server 2000 SP4, Windows XP SP2, and Windows 2003 SP1 (All in single-user mode)

-FIPS-approved algorithms: AES (Cert. #364); Triple-DES (Cert. #416); HMAC (Cert. #162); SHS (Cert. #438)

-Other algorithms: Idea; Blowfish; XOR; Rijndael-256; Stealth-40; DES

Multi-chip standalone

"SafeGuard Easy (SGE) is a software product designed to protect user data on all types of Personal Computers (PCs) running Microsoft Windows 2000 or Microsoft Windows XP as operating system. SafeGuard Easy is installed on a PC to prevent unauthorised access to user data stored on hard disk partitions. In this context, user data means all files on hard disk partitions, i.e. data files, program files and even files of the operating system. The protection of the user data stored on hard disk partitions is realised by encryption. Encryption is done on sector level - not on file level."
703 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-924-3406

CST Lab: NVLAP 100432-0

Cygnus X-2 Postal Security Device
(Hardware Versions: (US) 1M00
AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF,
(US Specimen) 1M03
AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF,
(US Gov.) 1M05
AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF,
(UN) 1M08
AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF,
(Royal Mail) 1M20
AAA/AAC/AAD/BAA/ABA/ ABB/BAB/BAE/BAF,
(Royal Mail Specimen) 1M23
AAA/AAC/AAD/BAA/ABA/ABB/BAB/BAE/BAF)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/05/2006;
04/26/2007;
05/14/2007
Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: DSA (Cert. #153); SHS (Cert. #395); Triple-DES (Cert. #386); Triple-DES MAC (Cert. #386, vendor affirmed); RNG (Cert. #146)

-Other algorithms:

Multi-chip standalone

"The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
702 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1801, 1802, 1803, 1811 and 1812 Integrated Services Routers Fixed Configuration Models
(Hardware Versions: 2:0 (1801), 4.0 (1802), 3.0 (1803) and 3.0 (1811) and 3.0 (1812); Firmware Version: 12.4(4)T2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/05/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #414 and 415); AES (Certs. #357 and 358); RNG (Cert. #171); SHS (Certs. #432 and 433); HMAC (Certs. #156 and 157)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant)

Multi-chip standalone

"Cisco 1800 Series fixed-configuration integrated services routers enable a network infrastructure for SMBs and enterprise small branch offices. They enable deployment of a single device to provide multiple services, including integrated router with redundant link, LAN switch, firewall, VPN, IPS, wireless technology, and quality of service (QoS). The Cisco IOS Software Advanced IP Services feature set facilitates hardware-based IPSec encryption and features such as Cisco IOS Firewall, URL Filtering, IPS support, IPSec VPNs, Dynamic Multipoint VPN (DMVPN), anti-virus support, SSH 2.0, and SNM"
701 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Aironet AP1131AG, AP1232AG, and AP1242AG Wireless Access Points and BR1310G Wireless Bridge
(Hardware Versions: AP1131AG: C0; AP1232AG: A0; AP1242AG: A0; BR1310G: C0; Firmware Version: 12.3(8)JA2(ED))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/23/2006;
12/19/2006;
02/27/2007;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #356 and #370); CCM (Cert. #11); SHS (Cert. #428); HMAC (Cert. #154); RNG (Cert. #169)

-Other algorithms: MD5; HMAC MD5; RSA (non-compliant); RC4

Multi-chip standalone

"The Cisco Aironet 1131AG, 1242AG, 1232AG, and 1310G access points deliver the versatility, high capacity, security, and enterprise-class features required for autonomous based Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11i standard and Advanced Encryption Standard (AES). The Cisco APs are Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
700 Blue Ridge Networks
14120 Parke Long Court
Suite 101
Chantilly, VA 20151
USA

-Nancy Canty
TEL: 703-633-7331
FAX: 703-631-9588

CST Lab: NVLAP 200416-0

BorderGuard 5000 and 6000 Series
(Hardware Versions: BorderGuard 5100, 5200, 5400, 5500, 5600, 6100, 6200, 6400, 6500 and 6600; Firmware Version: DPF1 V7.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/22/2006 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #116 and #173); Triple-DES (Certs. #57 and #275 ); SHS (Certs. #49 and #258); HMAC (Certs. #21 and #22)

-Other algorithms: DES (Certs. #119 and #271); DES MAC (Certs. #119 and #271, vendor affirmed); IDEA; HMAC-MD5; MD5; RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength for Models 5100, 5200, 5400, 6100, 6200, and 6400; and between 80 and 150 bits of encryption strength for Models 5500, 5600, 6500, and 6600; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"The BorderGuard hardware models 5100, 5200, 5400, 5500, 5600, 6100, 6200, 6400, 6500, and 6600 version DPF 7.3 firmware are standalone hardware security appliances (routers) used to secure Internet traffic. The module is a multi-chip-standalone device."
699 WinMagic Incorporated
200 Matheson Blvd W.
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Thi Nguyen-Huu
TEL: 905-502-7000 x218

CST Lab: NVLAP 200017-0

SecureDoc® Disk Encryption Cryptographic Engine
(Software Version: 4.5)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/14/2006;
07/02/2007;
07/05/2007
Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Pro with Service Pack 3; Windows XP Pro with Service Pack 2; Windows 2000 Advanced Server; Windows 2000 Server; Windows 2003; Windows Vista

-FIPS-approved algorithms: AES (Cert. #359); SHS (Cert. #434); RNG (Cert. #172); HMAC (Cert. #158)

-Other algorithms:

Multi-chip standalone

"The SecureDoc® Cryptographic Engine is the heart of all SecureDoc® products. It provides all cryptographic services as well as the services required for key management and to maintain the user key files."
698 WinMagic Incorporated
200 Matheson Blvd W. 200 Matheson Blvd W.
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Thi Nguyen-Huu
TEL: 905-502-7000 x218

CST Lab: NVLAP 200017-0

SecureDoc® Disk Encryption Cryptographic Engine
(Software Version: 4.5)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/14/2006;
07/02/2007
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 Professional, Server and Advanced Server with Service Pack 3 and Q326886 Hotfix running on a Dell OptiPlex GX400 PC

-FIPS-approved algorithms: AES (Cert. #359); SHS (Cert. #434); RNG (Cert. #172); HMAC (Cert. #158)

-Other algorithms:

Multi-chip standalone

"The SecureDoc® Cryptographic Engine is the heart of all SecureDoc® products. It provides all cryptographic services as well as the services required for key management and to maintain the user key files."
697 Secure Computing Corporation
4810 Harwood Road
San Jose, CA 95124-5206
USA

-Secure Computing
TEL: 800-379-4944 (Option 3)

CST Lab: NVLAP 200017-0

SafeWord SecureWire 2500 Identity and Access Management Appliance
(Hardware Version: Rev 100-000002; Firmware Version: R2.6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/10/2006 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #319, #320, #323, #325 and #326); AES (Certs. #229, #230, #233, #234 and #235); SHS (Certs. #308, #309, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #69, #70, #73 and #74); HMAC (Certs. #41, #42 and #45); DSA (Certs. #129, #130 and #131)

-Other algorithms: DES (Certs. #299, #300, #303 and #304); Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 110 bits of encryption strength); MD5; HMAC-MD5; RC4

Multi-chip standalone

"SafeWord® SecureWire™ is a powerful identity and access management (IAM) appliance that provides lightning fast, ultra-secure access to every application and data resource in your network -- for all remote AND internal connections. SecureWire is ideal for Microsoft environments, plugging right into Active Directory, and it provides complete endpoint device security, a single point for policy enforcement and reporting, and comes standard with SafeWord strong authentication."
696 Secure Computing Corporation
4810 Harwood Road
San Jose, CA 95124-5206
USA

-Secure Computing
TEL: 800-379-4944 (Option 3)

CST Lab: NVLAP 200017-0

SafeWord SecureWire 500 Identity and Access Management Appliance
(Hardware Version: Rev. 100-000001; Firmware Version: R2.6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/10/2006 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #321, #323, #325 and #326); AES (Certs. #231, #233, #234 and #235); SHS (Certs. #310, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #71, #73 and #74); HMAC (Certs. #43 and #45); DSA (Certs. #129, #130 and #131)

-Other algorithms: DES (Certs. #301, #303 and #304); Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 110 bits of encryption strength); MD5; HMAC-MD5; RC4

Multi-chip standalone

"SafeWord® SecureWire™ is a powerful identity and access management (IAM) appliance that provides lightning fast, ultra-secure access to every application and data resource in your network -- for all remote AND internal connections. SecureWire is ideal for Microsoft environments, plugging right into Active Directory, and it provides complete endpoint device security, a single point for policy enforcement and reporting, and comes standard with SafeWord strong authentication."
695 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Aironet LWAPP AP1131AG, Cisco Aironet LWAPP AP1231G, Cisco Aironet LWAPP AP1232AG, and Cisco Aironet LWAPP AP1242AG Wireless Access Points
(Hardware Version: 1131, Revision C0; 1231, Revision A0; 1232, Revision A0; 1242, Revision A0; Firmware Version: 3.2.116.21)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 08/04/2006;
06/11/2007;
08/07/2007;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #370 and #373); CCM (Certs. #11 and #12); SHS (Cert. #443); HMAC (Cert. #165); RNG (Cert. #178); RSA (Cert. #125)

-Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"The Cisco LWAPP Aironet 1131, 1232, 1231, and 1242 access points deliver the versatility, high capacity, security, and enterprise-class features required for small, medium and large Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11i and IEEE 802.1x standards and Advanced Encryption Standard (AES) for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security. The Cisco APs are also Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
694 3e Technologies International, Inc.
700 King Farm Blvd.
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-523 and 3e-523-F1 WLAN Products
(Hardware Versions: 3e-523 V1.0, 3e-523-F1 V1.0; Firmware Version: 3.4, Build 5)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2006;
08/01/2006
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #200); Triple-DES (Cert. #292); SHS (Cert. #278); HMAC (Cert. #13); RNG (Cert. #22)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The 3e-523 and 3e-523-F1 WLAN products provide wired connections for Ethernet and Serial devices. This connection can be over an Ethernet 10/100 baseT RJ-45 and/or via RS-232/422/485 interface. The 3e-523 and 3e-523-F1 wireless connection can be configured to use IEEE 802.11a/b/g with Layer 2 AES or TDES encryption. The wireless connectivity is a wireless bridging function to, for example, another 523, a 3e-525A-3 Wireless Access Point, or similar device. The 3e-523 and 3e-523-F1 are ideal for connecting RFID readers, sensors, and other data devices (printers, terminals, etc.) into a secur"
693 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco 4402 and 4404 Wireless LAN Controllers
(Hardware Version: 4402 and 4404; Revision Number: A0; Opacity Baffle Version: 1.0; Firmware Version: 3.2.116.21)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/20/2006;
10/10/2006;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #368 and #369); CCM (Cert. #10); SHS (Certs. #441 and #442); HMAC (Cert. #164); RNG (Cert. #177); RSA (Certs. #123 and #124)

-Other algorithms: RC4; MD5; HMAC MD5; Triple-DES; AES-CTR (non-compliant); RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength)

Multi-chip standalone

"The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
692 Federal Reserve Bank of Boston
600 Atlantic Avenue
Boston, MA 02210
USA

-Peggy Li
TEL: 617-973-3917
FAX: 617-573-5417

CST Lab: NVLAP 100432-0

FRBB ePurse v2 on ActivCard Applet v2 on Cyberflex Access 64k v1
(Hardware Version: SLE66CX640P; Firmware Versions: OS Hardmask n5 v1, OS Softmask n4 v2, ACA Applet v2.3.0.5, ASCLib v2.3.0.3, PKI/GC Applet v2.3.1.2, ePurse v2 Version 2.0.12)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/20/2006 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (Cert. #58); RNG (vendor affirmed)

-Other algorithms: DES (Cert. #179, not available for use); DES MAC (Cert. #179, vendor affirmed, not available for use);

Single-chip

"The ePurse is a secure payment module which enables a Common Access Card to be used as a payment mechanism at designated locations."
691 Gemalto
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

-James McLaughlin
TEL: 512-257-3954
FAX: 512-257-3881

CST Lab: NVLAP 200427-0

Protiva PIV Applet v1.55 on Protiva TOP DM Card
(Hardware Versions: GCX4-M2569420, GXP4-M2569430, GCX4-M2569422, GCX4-A1004155 and GCX4-A1026517; Firmware Versions: GCX4-FIPS EI07 (MPH051), GCX4-FIPS EI08, GXP4-FIPS EI07 (MPH052) and GXP4-FIPS EI08; Applet Version: Protiva PIV Applet v1.55)

(PIV Card Application: Cert. #23 and #24)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/20/2006;
12/19/2006;
08/29/2007;
12/20/2007;
07/28/2008;
02/24/2011;
06/09/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119), Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. # 168)

-Other algorithms:

Single-chip

"This module is based on a Java platform (GemCombiXpresso R4 E72 PK ) with 72K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. The module has on board the following FIPS approved security functions used specifically by the SafesITe FIPS201 applet :P-RNG, Triple DES, SHA-1, RSA algorithms up to 2048 bits key length, and X9.31 RSA On Board Key generation up to 2048 bits long. The module conforms to Java Card 2.1.1, Global Platform 2.1.1, NITS SP-800-73-1, and is very well suited for US Government and Federal projects where FIPS-201, PIV-II compliance is required."
690

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/19/2006;
08/30/2006;
02/17/2012
Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms:

Single-chip

689 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0

C95i Secure Metering Module (SMM)
(Hardware Version: 4126736H B; Firmware Version: 4130379C G10 (SH1), 4126898B A (SH2))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/14/2006;
10/03/2006;
04/26/2007
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS-approved algorithms: DSA (Cert. #120); SHS (Cert. #389); RNG (Cert. #38); ECDSA (Cert. #15); HMAC (Cert. #119)

-Other algorithms:

Multi-chip embedded

"The IJ40/50/60 are Neopost mid range of Franking products that incorporate a secure metering module for producing a highly secure franking impressions to meet CPC requirements."
688 DigitalGlobe Inc.
1900 Pike Road
Longmont, CO 80501-6700
USA

-Skip Cubbedge
TEL: 303-684-4516
FAX: 303-684-4048

CST Lab: NVLAP 200427-0

WorldView Wideband Transmitter FPGA
(Hardware Version: 668515-1)

(Bypass capability excluded from FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/13/2006 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #296)

-Other algorithms:

Single-chip

"The WorldView Wideband Tramsmitter FPGA provides AES encryption services."
687 TecSec Incorporated
Accounts Payable
1953 Gallows Road
Suite 220
Vienna, VA 22182
USA

-Lisa Liedel

-Roger Butler

CST Lab: NVLAP 200416-0

CKM® Cryptographic Module
(Software Version: 2.0.0.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/13/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (in single user mode)

-FIPS-approved algorithms: AES (Certs. #345 and #379); Triple-DES (Certs. #407 and #422); SHS (Certs. #420 and #450); HMAC (Certs. #149 and #167); RNG (Certs. #165 and #181); RSA (Certs. #116 and #131); DSA (Certs. #155, #163, and #165)

-Other algorithms: DES; Twofish; Blowfish; P-Squared; RSA Key Establishment (key wrapping; key establishment methodology provides between 69 bits and 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; HMAC-MD5; CKM Key Construction

Multi-chip standalone

"TecSec® IncorporatedÆs Constructive Key Management« (CKM®) Cryptographic Module (CKMCRYPTO_FIPS.DLL) (Software version 2.0.0.11) is a FIPS 140-2 Level 1 compliant, general purpose, software based cryptographic module running upon the Microsoft« Windows« Operating System (in single user mode)."
686 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Mel Snyder
TEL: 919-462-1900 x208
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeEnterprise™ Encryptor, Model 600
(Hardware Version: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10112-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-30013-00x, 904-10014-00x, 904-10014-00x, 904-10113-00x, 904-25005-00x, 904-25005-00x, 904-25005-00x; Firmware Version: 3.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/11/2006;
04/09/2007;
04/26/2007;
12/07/2007;
03/07/2008
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #268); AES (Certs.#262 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76)

-Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The SafeEnterprise™ Encryptor, Model 600 provides data privacy and access control for connections between vulnerable public and private networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in 155Mbps (OC-3), 622Mbps (OC-12), 1.0Gbps, and 2.4Gbps (OC-48) networks."
685 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna®PCI Cryptographic Module V2
(Hardware Version: VBD-01-0104; Firmware Version: 4.5.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/26/2006 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #361); Triple-DES (Cert. #419); DSA (Cert. #158); RSA (Cert. #126); ECDSA (Cert. #21); SHS (Cert. #436); HMAC (Cert. #4); Triple-DES MAC (Cert. #419, vendor affirmed); RNG (Cert. #37)

-Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES; RC2; RC5; CAST; CAST3; and CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curver Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength)

Multi-chip embedded

"The Luna PCI-1200 is a high assurance cryptographic accelerator PCI card contained in a secure enclosure that provides physical resistance to tampering and zeroization of plaintext keys in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card. The Luna PCI-1200 provides over 1200 asymmetric 1024-bit RSA signing operations per second and is ideally suited to high-volume digital signing, encryption, and key generation applications."
684 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module V2
(Hardware Version: VBD-01-0104; Firmware Version: 4.5.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/26/2006 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #361); Triple-DES (Cert. #419); DSA (Cert. #158); RSA (Cert. #126); ECDSA (Cert. #21); SHS (Cert. #436); HMAC (Cert. #4); Triple-DES MAC (Cert. #419, vendor affirmed); RNG (Cert. #37)

-Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES; RC2; RC5; CAST; CAST3; and CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curver Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength)

Multi-chip embedded

"The Luna PCI-1200 is a high assurance cryptographic accelerator PCI card contained in a secure enclosure that provides physical resistance to tampering and zeroization of plaintext keys in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card. The Luna PCI-1200 provides over 1200 asymmetric 1024-bit RSA signing operations per second and is ideally suited to high-volume digital signing, encryption, and key generation applications."
683 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nToken
(Hardware Version: nC2033P-000; Build Standards C & N; Firmware Version: 2.22.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/26/2006;
06/24/2008
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HAS 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength)

Multi-chip embedded

"The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
682 Kanguru Solutions
1360 Main St.
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200648-0

KanguruLock
(Software Versions: 1.0.4.7, 1.0.4.15 and 1.0.4.24)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/26/2006;
04/26/2007;
04/30/2007;
06/21/2007;
02/21/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single user mode)

-FIPS-approved algorithms: AES (Cert. #243); SHS (Cert. #321); HMAC (Cert. #51); RNG (Cert. #78)

-Other algorithms:

Multi-chip standalone

"Kanguru Solutions is the leader in portable secure storage devices. KanguruLock, featured in the KanguruMicro Drive AES USB 2.0 Flash Drive, addresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
681 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, and nCipher 800 PCI
(Hardware Version: nC3033P-1K6, nC3033P-1K6N and nC3033P-800 Build Standard C; Firmware Version: 2.22.6-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/19/2006 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
680 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 800 PCI, nCipher 1600 PCI, and nCipher 1600 PCI for NetHSM
(Hardware Version: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, Build Standard C; Firmware Version: 2.22.6-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/19/2006 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HAS 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength).

Multi-chip embedded

"The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
679 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 100432-0

LYNKS Series II
(Hardware Version: Models PC500 P/N 906-160001-01, PC530 P/N 906-162001-01, PC530J P/N 906-162002-01, PC530S P/N 906-162004-01, PC600 P/N 906-160002-01, PC700 P/N 906-161001-01, PC730 P/N 906-162005-01, PC730J P/N 906-162006-01, PC730S P/N 906-162008-01, PC800 P/N 906-161002-01; Firmware Version: 2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/19/2006 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #372); AES (Certs. #299 and #300); Skipjack (Cert. #16); DSA (Cert. #142); ECDSA (Cert. #10); RSA (Cert. #88); SHS (Certs. #373 and #374); RNG (Cert. #126)

-Other algorithms: MD5; DES; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); KEA

Multi-chip standalone

"The LYNKS Series II Hardware Security Module (HSM) supports the new "Suite B" algorithms, including elliptic curve cryptography with ECDSA signatures, AES, and the "SHA-2" algorithms. Available with either PCMCIA or USB interfaces."
678 MRV Communications
295 Foster St.
Littleton, MA 01460
USA

-Nicholas Minka

-Tim Bergeron

CST Lab: NVLAP 200427-0

LX-8020S and LX-8040S Series Console Servers
(Hardware Versions: B/L 350-6003 Rev: D, P/N 500-8722 Rev: A and B/L 350-6003 Rev: D, P/N 500-8724 Rev: A and B/L 350-6005 Rev: G, P/N 500-8732 Rev: A and B/L 350-6004 Rev: C, P/N 500-8730 Rev: A and B/L 350-6003 Rev: D, P/N 500-8723 Rev: B and B/L 350-6003 Rev: D, P/N 500-8725 Rev: B and B/L 350-6005 Rev: G, P/N 500-8733 Rev: A and B/L 350-6004 Rev: C, P/N 500-8731 Rev: A and B/L 350-6003 Rev: D, P/N 500-8726 Rev: A and B/L 350-6003 Rev: D, P/N 500-8728 Rev: A and B/L 350-6005 Rev: G, P/N 500-8736 Rev: A and B/L 350-6004 Rev: C, P/N 500-8734 Rev: A and B/L 350-6003 Rev: D, P/N 500-8727 Rev: B and B/L 350-6003 Rev: D, P/N 500-8729 Rev: B and B/L 350-6005 Rev: G, P/N 500-8737 Rev: A and B/L 350-6004 Rev: C, P/N 500-8735 Rev: A; Firmware Version: linuxito Version: 3.7.2 and ppciboot Version: 3.7.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/19/2006 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #348); DSA (Cert. #156); RNG (Cert. #166); RSA (Cert. #117); SHS (Cert. #423); Triple-DES (Cert. #408); HMAC (Cert. #151)

-Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 194-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80-bits and 194-bits of encryption strength)

Multi-chip standalone

"The LX-8000S 20 and 40 port Dual AC and DC units with an optional internal modem add high-end NEBS console management to MRV's LX Series Console Servers. The Linux based system is tuned for optimal performance, security and reliability. The LX-8000S models are designed for telco and data center applications that demand high quality and reliability standards, dual power and NEBS Level-3 Certification."
677 Gemalto
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

-Jerome Denis
TEL: 512-257-3808

CST Lab: NVLAP 200427-0

SafesITe TOP DM GX4 - FIPS with ActivIdentity Digital Identity Applet Suite v2
(Hardware Versions: GCX4-M2569420, GXP4-M2569430, GCX4-M2569422 and GCX4-A1004155; Firmware Versions: GCX4-FIPS EI07 and GXP4-FIPS EI07, Applet Versions: ACA v2.6.1, PKI/GC v2.6.1, ASC library package v2.6.1; ACA v2.6.2, PKI/GC v2.6.2, ASC library package v2.6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/12/2006;
12/19/2006;
03/01/2007;
07/28/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119), Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. # 168)

-Other algorithms: N/A

Single-chip

"This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (72K EEPROM) memory, with a cryptographic applet suite V 2.6.1 developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container and PKI . The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2.1 standards."
676 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506, 6509, 6506(E), 6509(E), 7606 and 7609 Routers With VPN Services Module
(Hardware Version: Chassis:6506, 6509, 6506-E, 6509-E,7606,7609; Backplane chassis: Hardware Version 1.0 (6505(E), 7606, 7609), 1.1 (6509(E)), 3.0 (6506, 6509); Supervisor Blade: Hardware Version 4.1 (SUP720-3B), 4.0 (SUP720-3BXL); VPNSM Blade: Hardware Version 1.3; Firmware Version: 12.2(18)SXE2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/22/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #132 and 155); SHS (Cert. #117); HMAC (Cert. #33); RNG (Cert. #123)

-Other algorithms: DES; AES (non-compliant); Triple-DES; SHA-1 (non-compliant); HMAC-SHA-1 (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 96-bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers with the VPN Services Module offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
675 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite
(Hardware Version: nC4033P-300, nC4132P-300, nC4032P-300N, nC4232P-300, nC4232P-300N, nC4032P-150, nC4232P-150, nC4032P-150, and nC4032P-10 Build Standard ER; Firmware Version: 2.22.6-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/22/2006 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength)

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
674 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite
(Hardware Version: nC4033P-300, nC4132P-300, nC4032P-300N, nC4232P-300, nC4232P-300N, nC4032P-150, nC4232P-150, nC4032P-150 and nC4032P10 Build Standard ER; Firmware Version: 2.22.6-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/22/2006 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength)

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
673 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

7206VXR NPE-G1and 7301 with VAM2+
(Hardware Version: 7206VXR; NPE-G1 Version: 2.1, Board Version A0; VAM2+ Version: 1.0, Board Version: C0; 7301 Version: 5.0, Board Version: A0; Firmware Version: 12.3(11)T10)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/15/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #173); Triple-DES (Cert. #275); SHS (Certs. #404 and #258); HMAC (Cert. #39); RNG (Certs. #150 and #83)

-Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; RSA (non-compliant); AES (non-compliant); Triple-DES; HMAC (non-compliant)

Multi-chip standalone

"Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
672 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

MiniHSM
(Hardware Version: nC4033z-10 Build Standards A, B & N; Firmware Versions: 2.22.17-2 and 2.22.34-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/11/2006;
08/29/2006;
06/24/2008;
04/05/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert. #68, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength).

Multi-chip embedded

"The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
671 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

MiniHSM
(Hardware Version: nC4033z-10 Build Standards A, B & N; Firmware Versions: 2.22.17-3 and 2.22.34-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/11/2006;
08/29/2006;
06/24/2008
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert.#68, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength)

Multi-chip embedded

"The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
670 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield 4000 [1], nShield 2000 [2], nShield 2000 for netHSM [3], nShield 800 [4], nShield 500 [5], nShield 500 for netHSM [6] and nShield Plus [7]
(Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-800 [4], nC4133P-500 [5], nC4133P-500N [6] and nC4033P-50 [7], Build Standards L & N; Firmware Versions: 2.22.6-2, 2.22.34-2 and 2.22.43-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/11/2006;
06/14/2006;
12/20/2006;
04/29/2008;
06/24/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3 +EFP/EFT
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
669 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield 4000 [1], nShield 2000 [2], nShield 2000 for netHSM [3], nShield 800 [4], nShield 500 [5], nShield 500 for netHSM [6] and nShield Plus [7]
(Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-800 [4], nC4133P-500 [5], nC4133P-500N [6] and nC4033P-50 [7], Build Standards L & N; Firmware Versions: 2.22.6-3, 2.22.34-3 and 2.22.43-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/11/2006;
06/14/2006;
12/20/2006;
06/24/2008
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert. #68, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength).

Multi-chip embedded

"The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
668 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

Oberthur PIV EP v1 on ID-One Cosmo 64 v5 D
(Hardware Version: HW P/N 77; Firmware Version: FW Version E303-063684 with PIV Applet Suite v1 (PIV Applet v1.08 or v1.09 and SSO Applet v1.08)

(PIV Card Application: Cert. #1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/02/2006;
07/27/2007
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); RSA KeyGen

Single-chip

"The PIV EP v1 is a fully validated PIV-II « End Point » smart card to answer HSPD12. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption and secure post issuance management. To increase flexibility and customization capabilities, the card supports all PIV optional data containers from SP800-73-1, plus additional non-PIV containers and keys configurable during manufacturing. A built-in Card Single Sign-On application allows multiple on card applications to share the same Card Holder Verification Method (Global PIN)."
667 Francotyp-Postalia
Triftweg 21-26
Birkenwerder, 16547
Germany

-Clemens Heinrich
TEL: +49-3303-525-619
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0

Postal Revenector Canada
(Hardware Version: 58.0036.0001.00 Version 06; Firmware Version: 90.0036.0009.00/01)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/02/2006;
06/26/2007
Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: Triple-DES (Cert. #391); SHS (Cert. #400); RSA (Cert. #109); ECDSA (Cert. #20); HMAC (Cert. #132); RNG (Cert. #148)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip embedded

"The Postal Revenector Canada is an embedded hardware module which provides security critical services for postage meters in the Canadian market. It is used to support new secure methods of applying postage."
666 Francotyp-Postalia
Triftweg 21-26
D-16547 Birkenwerder
Germany

-Hasbi Kabacaoglu
TEL: +49-3303-525-656
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0

Revenector
(Hardware Version: P/N 58.0036.0001.00/06; 58.0036.0006.00/03; Firmware Version: 5.46)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/02/2006;
05/30/2006
Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: RSA (Cert. # 109); SHS (Cert. #400)

-Other algorithms:

Multi-chip embedded

"Revenector is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of Revenector is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
665 Francotyp-Postalia
Triftweg 21-26
16547 Birkenwerder
Birkenwerder, 16547
Germany

-Hasbi Kabacaoglu
TEL: +49/3303/525/656
FAX: +49/3303/525/609

CST Lab: NVLAP 100432-0

Postal Revenector
(Hardware Version: P/N 58.0036.0001.00 Version 06; Firmware Version: 90.0036.0006.00/03)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/02/2006 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: Triple-DES (Cert. #391); SHS (Cert. #400); RSA (Cert. #109); ECDSA (Cert. #19); HMAC (Cert. #132); RNG (Cert. #148)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip embedded

"The Francotyp-Postalia Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal Revenector has been designed in compliance with the United States Postal Services (USPS), Information-Based Indicia Program (IBIP)."
664 Zix Corporation
2711 N. Haskell Avenue
Suite 2300
Dallas, TX 75204-2960
USA

-Dena Bauckman
TEL: 214-370-2008
FAX: 214-370-2071

CST Lab: NVLAP 200017-0

ZixCorp Crypto Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 04/26/2006;
06/04/2009;
07/08/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Linux Red Hat Enterprise 3 Operating System (in single user mode)

-FIPS-approved algorithms: AES (Cert #321); Triple-DES (Cert #385); RSA (Cert #108); SHS (Cert #394); HMAC (Cert #127); RNG (Cert #145)

-Other algorithms: DSA (non compliant); Diffie-Hellman (key agreement); Elliptic Curve (non compliant); MD2; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides between 80-bits and 112-bits of encryption strength)

Multi-chip standalone

"The ZixCorp Crypto Module provides email encryption using a FIPS 140-2 level 1 validated cryptographic module. As part of the Zix Email Encryption Service, the ZixCorp Crypto Module provides highly secure email communication between Zix customers and their business partners. The approved cryptographic algorithms included in the module are: AES, Triple- DES, RSA, SHA-1, HMAC SHA-1 and FIPS 186-2 Appendix 3.1 RNG."
663 3e Technologies International, Inc.
9175 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-010F-A-2 Cryptomodule and 3e-010F-C-2 Cryptomodule
(Software Version: 3e-010F-A-2 Version 2.0, Build 18; 3e-010F-C-2 Version 2.0, Build 15; and 3e-010F-C-2 Version 2.0, Build 15, Revision 1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/26/2006;
08/01/2006;
08/29/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Professional with SP4 and Microsoft Windows XP with SP2 (single-user mode)

-FIPS-approved algorithms: AES (Certs. #225, #287 and #288); Triple-DES (Cert. #316); RNG (Cert. #67); CCM (Certs. #5 and #6); HMAC (Cert. #32); SHS (Cert. #306); RSA (Cert. #112)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The 3e-010F-A-2 and 3e-010F-C-2 Crypto Clients provide standard 802.11a/b/g wireless access along with enhanced protection through a variety of cryptographic features, providing a high level of security for wireless environments. In FIPS 140-2 mode (highly secure), encryption can be set for None, Static AES, Static 3DES, Dynamic Key Exchange and WPA2 Enterprise and Personal (AES-CCM). In non-FIPS mode, one can select None, Static AES, Static 3DES, Dynamic Key Exchange, Static WEP, WPA-Enterprise and Personal (TKIP or AES-CCM) and WPA2-Enterprise and Personal (TKIP or AES-CCM)."
662 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress ® AF1100 Wireless Cryptographic Module
(Hardware Version: AF-1100; Firmware Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2006;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: DES (Cert. #23); Triple-DES (Cert. #19); AES (Cert. #14); SHS (Cert. #316); HMAC (Cert. #62)

-Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; IDEA, ANSI X9.31 RNG (formerly ANSI X9.17; non-compliant)

Multi-chip standalone

"The AirFortress® AF1100 Wireless Cryptographic Module is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware and deployable on any LAN or WAN, the AirFortress® AF1100 Wireless Cryptographic Module provides encryption, data integrity checking, authentication, access control, and data compression."
661 IBM® Corporation
2455 South Road / P330
Poughkeepsie, NY 12601
USA

-Barry Ward
TEL: 845-435-4881
FAX: 845-435-5540

CST Lab: NVLAP 100432-0

IBM eServer Cryptographic Coprocessor Security Module
(Hardware Version: P/Ns 12R6536, 12R8241, 12R8561, 41U0438, Model 4764-001; Firmware Versions: 2096a16d and c16f4102)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2006;
06/14/2006;
04/30/2007;
09/25/2007
Overall Level: 4 

-FIPS-approved algorithms: AES (Cert. #103); Triple-DES (Cert. #215); SHS (Cert. #194); DSA (Cert. #147); RNG (Cert. #132)

-Other algorithms: DES (Cert. #237); MD5, RSA (ISO 9796; non-compliant)

Multi-chip embedded

"The IBM eServer Cryptographic Coprocessor Security Module, is a tamperresponding, programmable, cryptographic PCIX card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is designed as a feature in IBM eServer zSeries and iSeries servers; and for use in IBM eServer xSeries."
660 Authenex, Inc.
1489 Salmon Way
Hayward, CA 94544
USA

-Harry Lee
TEL: 510-324-0230 x114
FAX: 510-324-0251

CST Lab: NVLAP 100432-0

Authenex A-Key
(Hardware Version: P/N AKEY2T0-01, Version 2.0.0; Firmware Version: 3.6.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2006 Overall Level: 3 

-FIPS-approved algorithms: RSA (Cert. #84); AES (Cert. #294); SHS (Cert. #367); RNG (Cert. #119)

-Other algorithms: RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The Authenex A-Key provides two factor strong authentication for the mobile user, with an embedded suite of applications."
659 Neopost Technologies
113 rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0

C20ND-C21ND Secure Metering Module
(Hardware Version: 4124558P Version B; Firmware Versions: 30.20 and 30.24)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2006;
10/03/2006;
12/19/2006
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS-approved algorithms: DSA (Cert. #61); ECDSA (Cert. #16); HMAC (Cert. #122); Triple-DES (Cert. #119); SHS (Cert. #391); RNG (Cert. #141)

-Other algorithms:

Multi-chip embedded

"The C20ND module is a postage meter supporting accounting and cryptographic functions including the generation of 2D barcodes with ECDSA signatures for secure electronic transactions. Associated with a document transport system and an inkjet print-head, the module is capable of processing up to 250 envelopes per minute."
658 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506, 6509, 6506(E), 6509(E), 7606 and 7609 Routers With IPSec VPN SPA
(Hardware Versions: 6506, 6509, 6506-E, 6509-E, 7606, 7609; Backplane chassis: Hardware Versions 1.0 (6505(E), 7606, 7609), 1.1 (6509(E)), 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 4.1 (SUP720-3B), 4.0 (SUP720-3BXL); IPSec VPN SPA: Hardware Version 1.0; Firmware Version: 12.2(18)SXE2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/20/2006;
05/16/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #258 and #298); SHS (Certs. #285 and #422); HMAC (Certs. #15 and #153); RNG (Cert. #123); AES (Certs. #156 and #209)

-Other algorithms: DES; AES (non-compliant); Triple-DES; SHA-1 (non-compliant); HMAC-SHA-1 (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers with the IPSec VPN SPA offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
657 Tutarus Corporation
6767 Old Madison Pike
Suite 292
Huntsville, AL USA

-Ray Clayton
TEL: 256-922-1555

CST Lab: NVLAP 200427-0

TRAKRON
(Software Version: 2.2)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/13/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (in single user mode)

-FIPS-approved algorithms: AES (Cert. #313); SHS (Cert. #383); RSA (Cert. #99); RNG (Cert. #133)

-Other algorithms: N/A

Multi-chip standalone

"The TRAKRON module is a software module packaged as a Dynamic-link Library (DLL) on Windows. The library can be used on Microsoft Windows NT, 2000, and XP operating systems. The TRAKRON module provides high-level encryption for Tutarusªs security products."
656 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

PIX 515 and PIX 515E
(Hardware Versions: 515 and 515E; Firmware Version: 7.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/14/2006;
03/20/2007;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #298 and #384); AES (Certs. #209 and #320); RNG (Cert. #143); SHS (Certs. #285 and #393); HMAC (Certs. #15 and #124); RSA (Certs. #105 and #107); DSA (Certs. #150 and #152)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-todeploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
655 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

ASA 5510, ASA 5520 and ASA 5540
(Hardware Versions: 5510, 5520, and 5540; Firmware Version: 7.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/14/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #217 and #384); AES (Certs. #105 and #320); RNG (Certs. #143 and #144); SHS (Certs. #196 and #393); HMAC (Certs. #124 and #125); RSA (Certs. #105 and #106); DSA (Certs. #150 and #151)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
654 Tutarus Corporation
6767 Old Madison Pike
Suite 292
Huntsville, AL USA

-Ronn Cochran
TEL: 256-922-1555

CST Lab: NVLAP 200427-0

SRKCRYPTO
(Software Version: 3.4.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/06/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (in single user mode)

-FIPS-approved algorithms: AES (Cert. #314); SHS (Cert. #384); RSA (Cert. #100); RNG (Cert. #134)

-Other algorithms: N/A

Multi-chip standalone

"SRKCRYPTO is a digital data encryption library that provides encryption services for Tutarus products. SRKCRYPTO is a unique encryption engine in that it generates a new random key each time data needs to be encrypted. This provides a higher level of security required for the most sensitive data protection."
653 CipherOptics Inc.
701 Corporate Center Drive
Raleigh, NC 27607
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200416-0

CipherOptics SG100 and CipherOptics SG1002
(Hardware Version: A; Firmware Versions: 3.1 and 3.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/06/2006;
08/16/2006;
06/14/2010
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #79); RNG (Cert. #112)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; HMAC MD5; DES

Multi-chip standalone

"The CipherOptics SG100 and SG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
652 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield 500 [1], nShield 500 for netHSM [2] and nShield Lite [3]
(Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3]; Build Standards M & N; Firmware Versions: 2.22.6-2, 2.22.34-2 and 2.22.43-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/06/2006;
06/29/2006;
12/20/2006;
06/24/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339; vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield 500 & nShield Lite family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
651 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield 500 [1], nShield 500 for netHSM [2] and nShield Lite [3]
(Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30; Build Standards M & N; Firmware Versions: 2.22.6-3, 2.22.34-3 and 2.22.43-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/06/2006;
06/29/2006;
12/20/2006;
06/24/2008
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339; vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 256 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield 500 & nShield Lite family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
650 Ian Donnelly Systems, Inc.
17752 Preston Road
Dallas, TX 75252
USA

-Ian B. Donnelly
TEL: 888-980-8887
FAX: 972-380-8866

CST Lab: NVLAP 100432-0

KEY-UP
(Hardware Version: P/N KEY-UP Version II-A; Firmware Versions: 5.0 and 5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2006;
05/18/2009;
05/18/2009
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #361); Triple-DES MAC (Cert. #361; vendor affirmed); SHS (Cert. #359); RNG (Cert. #127)

-Other algorithms: DES; DUKPT

Multi-chip standalone

"KEY-UP V5.0 security encryption devices for electronic funds transfer applications utilize the latest security specifications mandated by the American National Standard Institute (ANSI) while offering significant performance improvements and lower cost per transaction."
649 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Douglas
TEL: 571-334-4300

CST Lab: NVLAP 200427-0

Aruba 800, 5000 and 6000™ Mobility Controller with ArubaOS FIPS Software
(Hardware Versions: (Aruba 800) HW-800-CHAS-SPOE-SX, HW-800-CHAS-SPOE-T; (Aruba 5000) HW-CHASF (3300028 Rev. 01), HW-FTF (3300031 Rev. 01), LC-2G24F (3300026 Rev. 01), LC-2G (3300029-01), LC-2G24FP (3300024 Rev. 01), SC-48-C1 (3300025- 01), SC-128-C1 (3300025-01), HW-PSU-200, HW-PSU-400; (Aruba 6000) HW-CHASF (3300028 Rev. 01), HW-FTF (3300031 Rev. 01), LC-2G24F (3300026 Rev. 01), LC-2G (3300029-01), LC-2G24FP (3300024 Rev. 01), SC-256-C2 (3300027 Rev. 01), SC-48-C1 (3300025- 01), SC-128-C1 (3300025-01), HW-PSU-200, HW-PSU-400; Software Versions: A800_2.4.1.0-FIPS, A800_2.4.8.2-FIPS, A800_2.4.8.3-FIPS, A800_2.4.8.8-FIPS, A800_2.4.8.9-FIPS, A800_2.4.8.10-FIPS, A800_2.4.8.11-FIPS, A800_2.4.8.12-FIPS, A800_2.4.8.14-FIPS, A800_2.4.8.15-FIPS, A5000_2.4.1.0-FIPS, A5000_2.4.8.2-FIPS, A5000_2.4.8.3-FIPS, A5000_2.4.8.8-FIPS, A5000_2.4.8.9-FIPS, A5000_2.4.8.10-FIPS, A5000_2.4.8.11-FIPS, A5000_2.4.8.12-FIPS, A5000_2.4.8.14-FIPS and A5000_2.4.8.15-FIPS)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2006;
08/10/2006;
03/01/2007;
04/30/2007;
06/21/2007;
08/31/2007;
10/12/2007;
10/22/2007;
04/04/2008;
05/09/2008;
03/14/2011
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #315 and #159); Triple-DES (Certs. #382 and #261); SHS (Certs. #386 and #244); HMAC (Certs. #116 and #118); RNG (Cert. #135); RSA (Certs. #101 and #102); CCM (Cert. #4)

-Other algorithms: DES (Cert. #262); MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
648 3Com Corporation
350 Campus Drive
Marlborough, MA 01752-3064
USA

-Victoria Van Spyk
TEL: 408-326-8581

CST Lab: NVLAP 200427-0

3Com Embedded Firewall PCI Cards
(Hardware Versions: 03-0229-501 and 03-0347-501; Firmware Version: Runtime: 03.101.015, Diagnostic: 03.101.015, Sleep: 03.101.015)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2006 Overall Level: 1 

-FIPS-approved algorithms: Triple-DES (Cert. #212); RNG (Cert. #139); SHS (Certs. #188 and #189); HMAC (Certs. #120 and #130)

-Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip embedded

"Offers hardware embedded encryption and authentication and Fast Ethernet Connectivity for fiber and copper cabled lan."
647 Gemalto
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

-Jerome Denis
TEL: 512-257-3808

CST Lab: NVLAP 100432-0

ActivIdentity Digital Identity Applet Suite V2 on Gemalto SafesITe TOP IM CY2 (aka Cyberflex Access 64K V2)
(Hardware Versions: P/Ns A1002057, A1002631 and A1006577, Hardmask 1v3; Firmware Versions: V2.3.0c suite: ACA applet package version 2.3.0c, PKI/GC applet package version 2.3.0c, ASC library package version 2.3.0c; V2.6.1 suite: ACA applet package version 2.6.1, PKI/GC applet package version 2.6.1, ASC library package version 2.6.1; V2.6.2 suite: ACA applet package version 2.6.2, PKI/GC applet package version 2.6.2, ASC library package version 2.6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2006;
05/26/2006;
08/29/2006;
07/28/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #312); Triple-DES MAC (Cert. #312, vendor affirmed); AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64)

-Other algorithms: DES (Cert. #293); DES MAC (Cert. #293, vendor affirmed)

Single-chip

"This product can be configured to use with suite V2.3.0c for GSC-IS v2.1 support, and with suite V2.6.1 for both GSC-IS v2.1 support and SP800-73 Transitional Card Edge support (for HSPD12/PIV)."
646 PostX Corporation
3 Results Way
Cupertino, CA 95014-5924
USA

-Robert Olson
TEL: 408-861-3513

CST Lab: NVLAP 200427-0

PostX FIPS Cryptography Kernel
(Software Version: 3.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/03/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode)

-FIPS-approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Cert. #71); RNG (Cert. #106); HMAC (Cert. #86)

-Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"The PostX Messaging Application Platform is a trusted email solution that is an enterprise-class platform for encrypting ad hoc emails internal and external to the customer's network. As a compliance and enterprise solution, PostX MAP provides companies the options of deployment, when and how to encrypt, and policy enforcement from 100% on the desktop, 100% at the gateway, or any combination of gateway and desktop. The PostX FIPS Cryptography Kernel is the software module that provides the basic cryptographic functionality for the Messaging Application Platform."
645 SafeNet, Inc.
8029 Corporate Drive
Baltimore, MD 21236
USA

-Joel Rieger
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200416-0

CGX Cryptographic Module
(Software Version: 3.21.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/03/2006 Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Solaris 8 2/02 on Sun Blade 2000

-FIPS-approved algorithms: Triple-DES (Cert. #393); AES (Cert. 329); HMAC (Cert. #148); RNG (Cert. #49); SHS (Cert. #403)

-Other algorithms: DES; MD5; MD2; RSA (non-compliant); RC5; RIPEMD-128; RIPEMD-160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength))

Multi-chip standalone

"Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel(tm) VPN acceleration chips, cards, and EmbeddedIP(tm) intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms."
644 SafeNet, Inc.
8029 Corporate Drive
Baltimore, MD 21236
USA

-Joel Rieger
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200416-0

CGX Cryptographic Module
(Software Version: 3.21.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/03/2006 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Linux 2.4.18-3 and Solaris 8.2/02

-FIPS-approved algorithms: Triple-DES (Cert. #393); AES (Cert. 329); HMAC (Cert. #148); RNG (Cert. #49); SHS (Cert. #403)

-Other algorithms: DES; MD5; MD2; RSA (non-compliant); RC5; RIPEMD-128; RIPEMD-160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength))

Multi-chip standalone

"Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel(tm) VPN acceleration chips, cards, and EmbeddedIP(tm) intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms."
643 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeNet Enterprise ATM Encryptor II, Model 600
(Hardware Versions: 901-11001-00x, 901-27001-00x, 901-37001-00x, 901-77001-00x, 901-41001-00x, 901-61001-00x, 901-51001-00x, 901-81001-00x; Firmware Version: 3.0)

(Note: Refer to the cryptographic module’s security policy for the details on the letter x designation)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/22/2006 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #268, #269 and #270); AES (Certs. #166, #167 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The SafeEnterpriseTM ATM Encryptor II provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in ATM T1, E1, T3, E3, OC-3c and OC-12c networks."
642 Open Source Software Institute
Administrative Office
P.O. Box 547
Oxford, MS 38655
USA

-John Weathersby
TEL: 601-427-0152
FAX: 601-427-0156

CST Lab: NVLAP 200017-0

OpenSSL FIPS Object Module
(Source Content Version: OpenSSLfips1.0.tar.gz; Resultant Compiled Software Version: 1.0)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a FIPS 140-2 non-compliant module.)

Validated to FIPS 140-2
Not Available

Security Policy

Certificate

Software 03/22/2006;
03/29/2006;
06/21/2006
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SuSE Linux Version 9.0 (gcc Compiler Version 3.3.1), and HPUX Version 11i (gcc Compiler Version 3.4.2)

-FIPS-approved algorithms: Triple-DES (Cert. #256); AES (Cert. #146); DSA (Cert. #108); SHS (Certs. #235 and #360); HMAC-SHA-1 (Cert. #95); RSA (Cert. #78); RNG (Cert. #111)

-Other algorithms: DES ((Cert. #258); Diffie-Hellman (key agreement, key establishment methodology provides between 80-bits and 256-bits of encryption strength)

Multi-chip standalone

641 Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

-Entrust Sales
TEL: 888-690-2424

CST Lab: NVLAP 200017-0

Entrust TruePass™ Applet Cryptographic Module
(Software Version: 8.0)

(When operated in FIPS mode with FIPS validated browser services operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/22/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 SP4 and Windows XP SP2 running Microsoft VM for Java 5.0.0.3810 or Sun plug-in version 1.4.1; and Netscape Navigator Browser 7.0, (Certs. #7, #45, #47) or Microsoft Internet Explorer 6.0 SP1, (Certs. #76, #103); (operated in single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #377); SHS (Cert. #379); RNG (Cert. #129); RSA (Cert. #91)

-Other algorithms: CAST 128; RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength)

Multi-chip standalone

"The Entrust TruePass Applet Cryptographic Module 8.0 performs low level cryptographic operations - encryption, decryption and hashes - implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
640 3e Technologies International, Inc.
700 King Farm Blvd.
Suite 600
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-525A-3 and 3e-525V-3 AirGuard™ Wireless Access Point
(Hardware Versions: 3e525A-3: HW V1.0(A), HW V1.0(B), HW V1.0(C), HW V1.0(D), and HW V1.0(E); 3e-525V-3: HW V1.0(E))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/22/2006;
08/01/2006;
02/12/2007;
04/26/2007
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #292); AES (Cert. 238); HMAC (Cert. #13); SHA-1 (Cert. #278); RNG (Cert. #22); CCM (Cert. #1)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; DES; AES CFB (non-compliant)

Multi-chip standalone

"The AirGuardTM model 525A-3 and model 525V-3 Wireless Access Points are packaged in rugged IP 66 weatherproof enclosure and conforms to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking for wireless applications. In access point or gateway mode, the 525A-3 can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps up to 108 Mbps. The 525V-3 incorporates an extra video module to provide capability for remote video surveillance and camera control."
639 ActivIdentity, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-745-6211
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivIdentity Digital Identity Applet Suite v1/v2 on OCS ID-One Cosmo 64 v5
(Hardware Versions: P/N 77, Versions E302, E303-063683, E303-063684, E303-063792; Firmware Versions: ActivIdentity Applet Suite V1.1.6: ID applet v1.0.0.23, PKI applet v1.0.0.29, GC applet v1.0.0.27, SKI applet v1.0.0.16; ActivIdentity Applet Suite V1.1.6p: ID applet v1.0.0.25, PKI applet v1.0.0.32, GC applet v1.0.0.29, SKI applet v1.0.0.18; ActivIdentity Applet Suite V2.6.1: ACA applet v2.6.1, PKI/GC applet v2.6.1, ASC library v2.6.1; ActivIdentity Applet Suite V2.6.2: ACA applet v2.6.2, PKI/GC applet v2.6.2, ASC library v2.6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/22/2006;
05/26/2006;
08/29/2006;
10/03/2006;
07/24/2007
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed)

Single-chip

"This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured to use with ActivIdentity applet suite v1.1.6 for enterprise deployment or with v2.6.1for the support of GSC-IS v2.1 and NIST SP800-73 Transitional Card Edge (for HSPD-12/PIV)."
638 Secure Computing Corporation
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Chuck Monroe
TEL: 651-628-2799
FAX: 651-628-2701

CST Lab: NVLAP 200017-0

Cryptographic Module for SecureOS®
(Software Version: 9.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/22/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SecureOS® V6.1 by Secure Computing Corporation

-FIPS-approved algorithms: Triple-DES (Cert. #368); AES (Cert. #295); DSA (Cert. #141); SHS (Cert. #368); HMAC (Cert. #106); RSA (Cert. #85); RNG (Cert. #120)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); MD5; DES; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"The Cryptographic Module for SecureOS® is software providing cryptographic services for applications on versions of Sidewinder G2® Security Appliance™ and Sidewinder G2 Enterprise Manager(tm). Sidewinder G2 is a line of comprehensive unified threat management (UTM) security appliances consolidating a variety of Internet security functions including Application Defenses™ firewall, anti-virus, anti-spam, traffic anomaly detection, IDS/IPS, and more. It is Common Criteria EAL4+ certified as compliant with the US DoD Application-level Firewall Protection Profile for Medium Robustness."
637 D'Crypt Private Limited
20 Ayer Rajah Crescent
#08-08 Technopreneur Centre
Singapore, 139964
Singapore

-Quek Gim Chye
TEL: (65) 6776-9210
FAX: (65) 6873-0796

CST Lab: NVLAP 100432-0

d'Cryptor ZE Cryptographic Module
(Hardware Versions: P/N DC-ZEN2-30 v3.0, DC-ZEN4-30 v3.0; Firmware Versions: Kernel v3.0, LFM v1.0, AFM v1.0 (builds 1124783674, 1124783679)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/14/2006 Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #298); Triple-DES (Cert. #371); SHS (Cert. #372); RSA (Cert. #90); HMAC (Cert. #108); RNG (Cert. #125)

-Other algorithms: DES (Cert. #328)

Multi-chip embedded

"d'Cryptor ZE is a micro-token targeted at high security embedded applications. Central to the next generation d'Cryptor products, the ZE provides cryptographic/key management services, secure key storage and supports interfaces such as UARTs, SSP, infrared, contact/contactless Smartcard and GPIOs."
636 Renesas Technology Corporation
450 Holger Way
San Jose, CA 95134-1368
USA

-Victor Tsai
TEL: 408-382-7735
FAX: 408-382-7490

CST Lab: NVLAP 100432-0

Aspects Software OS755 for Renesas XMobile Card Module
(Hardware Version: P/N AE46C1 Version 0.1; Firmware Version: OS755 Version 2.4.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/14/2006 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #327); Triple-DES MAC (Cert. #327; vendor affirmed); RNG (Cert. #75); RSA (Cert. #57); SHS (Cert. #315)

-Other algorithms: DES (Cert. #305); DES MAC (Cert. #305; vendor affirmed); Raw RSA; RSA cipher only with ISO9796 padding; DES (with ISO9797 m1/m2 padding); Triple-DES (with ISO9797 m1/m2 padding; non-compliant)

Single-chip

"Aspects OS755 for Renesas XMobile Card Module is the combination of a Java Card compliant Operating System that implements FIPS Approved cryptographic functions and a secure Single Chip Silicon hardware. This module is a flexible platform capable of post-issuance customization and updates, and that offers Java Card 2.1.1 technology and GlobalPlatform 2.1 services in addition to a range of FIPS Approved on-board random-number generator, hardware accelerated Triple-DES and RSA algorithms, especially designed for the XMobile Card."
635 TLC-Chamonix, LLC
120 Village Square
Suite 11
Orinda, CA 94563
USA

-Phil Smith
TEL: 877-479-4500
FAX: 877-639-3470

CST Lab: NVLAP 100432-0

WirelessWall Client
(Software Version: 3.3)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/03/2006;
05/20/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode), Windows 2000 SP4 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #301); AES (Cert. #211); SHS (Cert. #288); HMAC (Cert. #18); RSA (Cert. #41); RNG (Cert. #55)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); MD5

Multi-chip standalone

"The Cranite WirelessWall Client enables laptop, desktop, and handheld computer users to securely connect to WirelessWall-protected networks. The Client authenticates users, encrypts wireless network traffic, and blocks malicious attacks. Additionally, the Client optionally seamlessly roam from subnet to subnet without re-authenticating. The Client optionally integrates with the Windows logon, providing secure single signon functionality. Cranite's WirelessWall Client is simple to use and is validated to the government's rigorous FIPS-2 security standard."
634 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

VPN-1
(Firmware Version: NG with Application Intelligence R54)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 03/03/2006;
05/02/2008;
05/28/2009
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 2

- Tested: Dell Optiplex GX-1 running Secure Platform Operating System version NG with Application Intelligence R54

-FIPS-approved algorithms: Triple-DES (Cert. #333); AES (Cert. #88); SHS (Cert. #325); HMAC (Cert. #56); RSA (Cert. #63); RNG (Cert. #30)

-Other algorithms: DES (Cert. #311); CAST 40 bit; CAST 128 bit; MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 70 and 97 bits of encryption strength); RSA (PKCS #1, key wrapping, key establishment methodology provides between 80 and 150 bits of encryption strength)

Multi-chip standalone

"Check Point's VPN-1 version NG with Application Intelligence R54 is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point's Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
633 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3251 Mobile Access Router Card
(Hardware Version: 3.2; Firmware Version: 12.3(14)T2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/03/2006;
12/06/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #285); Triple-DES (Cert. #362); SHS (Cert. #361); HMAC (Cert. #96); RNG (Cert. #113)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant)

Multi-chip embedded

"The module is a high-performance router card, which offers secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The unique functionality of this router card is that always on IP connectivity for networks in motion. This allows IP hosts on a mobile network to connect transparently to the parent network while the router is in motion."
632 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3220 Mobile Access Router Card
(Hardware Version: 3.2; Firmware Version: 12.3(14)T2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/03/2006;
12/06/2006;
05/28/2010;
02/23/2012
Overall Level: 1 

-Cryptographic Module Specification: Level 2
-Cryptographic Module Ports and Interfaces: Level 2
-Roles, Services, and Authentication: Level 2
-Finite State Model: Level 2
-Cryptographic Key Management: Level 2
-EMI/EMC Level 2
-Self-Tests: Level 2
-Design Assurance: Level 2

-FIPS-approved algorithms: AES (Cert. #285); Triple-DES (Cert. #362); SHS (Cert. #361); HMAC (Cert. #96); RNG (Cert. #113)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant)

Multi-chip embedded

"The module is a high-performance router card, which offers secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The unique functionality of this router card is that always on IP connectivity for networks in motion. This allows IP hosts on a mobile network to connect transparently to the parent network while the router is in motion."
631 Good Technology, Inc.
101 Redwood Shores Parkway
Redwood City, CA 94065
USA

-Sriram Krishnan
TEL: 650-486-6000

CST Lab: NVLAP 200002-0

FIPSCrypto on Windows Mobile
(Software Version: 4.7.0.50906)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/03/2006;
05/18/2009;
01/28/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 Operating System

-FIPS-approved algorithms: AES (Cert. #134); Triple-DES (Cert. #240); SHS (Cert. #217); HMAC (Cert. #126)

-Other algorithms:

Multi-chip standalone

"The FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1."
630 PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025
USA

-Vinnie Moscaritolo
TEL: 650-319-9000
FAX: 650-319-9001

CST Lab: NVLAP 100432-0

PGP Software Developer's Kit (SDK) Cryptographic Module
(Software Version: 3.5.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/03/2006;
05/08/2007;
03/07/2008;
07/28/2008;
08/21/2008;
12/03/2008
Overall Level: 1 

-Cryptographic Module Specification:Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with MAC OSX 10.4.2; Windows XP SP2 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #379); AES (Cert. 308); DSA (Cert. #144); SHS (Cert. #381); HMAC (Cert. #114); RSA (Cert. #97); RNG (Cert. #131)

-Other algorithms: CAST-5; IDEA; Two-Fish; MD5; RIPEMD60; HMAC-MD5; Blow-Fish; ElGamal Encrypt/Decrypt (key wrapping; key establishment methodology provides between 112 to 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 to 128 bits of encryption strength); Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
629 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-3032

CST Lab: NVLAP 100432-0

Juniper NetScreen-5GT
(Hardware Version: P/N NS-5GT Version 1010; Firmware Versions: ScreenOS 5.0.0r9a.t and 5.0.0r9b.t)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/07/2006;
05/16/2006;
06/14/2006;
06/20/2006
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #239); Triple-DES (Cert. #329); DSA (Cert. #125); SHS (Cert. #286); RSA (Cert. #59); HMAC (Cert. #16); RNG (Cert. #58)

-Other algorithms: DES (Cert. #307); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The NetScreen-5GT appliance is a feature-rich, enterprise-class, network security solution that integrates multiple security functions - Stateful and Deep Inspection firewall, IPSec VPN, denial of service protection, antivirus and Web filtering. The NetScreen-5GT Ethernet solution is ideal for environments that need hardwired connectivity backed by robust network, application and payload level security. The NetScreen-5GT Ethernet is available with five Ethernet interfaces that can be deployed in a wide variety of configurations."
628 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166-9309
USA

-Michael Teal
TEL: 571-434-2129
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

DiamondLink/CL100
(Hardware Versions: P/Ns 5010D26200-4 Rev. C, 5010D26200-4 Rev. D, 5010D26200-5 Rev. D and 5010D26200-5 Rev. E; Firmware Versions: 2.1.9 and 2.4.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/27/2006 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24)

-Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"DiamondLink is a managed secure network appliance that features DiamondTEK's self protecting security computer. DiamondLink automatically identifies and authenticates the user to the network, encrypts communications and determines which data and servers the user is authorized to access. Security functions include token based user I&A, firewall filtering, IPSec, Data Driven Access Control (DDAC) capabilities and centralize management using the DiamondTEK DiamondCentral."
627 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166-9309
USA

-Michael Teal
TEL: 571-434-2129
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

DiamondVPN/CV100
(Hardware Versions: P/Ns 5010D27450 Rev. D and 5010D27450 Rev. F; Firmware Versions: 2.1.9 and 2.4.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/27/2006 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24)

-Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"DiamondVPN is a rack-mounted network security appliance that can be installed to enforce a single security policy for a workgroup or department operating on your enterprise network. The DiamondVPN can also be deployed at the edge of a corporate LAN for outbound communications security and control of access to the LAN. The DiamondVPN supports secure pass-through to devices protected by other DiamondTEK products. This allows full-path, end-to-end security in combination with conventional site-to-site and remote-to-site tunneled communications."
626 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166-9309
USA

-Michael Teal
TEL: 571-434-2129
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

DiamondPak/CP106
(Hardware Versions: P/Ns 5010D27630 Rev. C and 5010D27630 Rev. D; Firmware Versions: 2.1.9 and 2.4.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/27/2006 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24)

-Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"DiamondPak is a rack-mounted network appliance designed for protecting multiple servers, each having DiamondTEK's self-protecting security computer with a single security profile. With DiamondPak's advanced access-control system for protecting critical backend systems, DiamondPak provides the same security protection that is used for our governement's most sensitive information."
625 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-David Norton
TEL: 978-288-7079
FAX: 978-288-4004

-David Passamonte
TEL: 978-288-8973
FAX: 978-288-4004

CST Lab: NVLAP 200427-0

VPN Router 1750, 2700 and 5000 with VPN Router Security Accelerator
(Hardware Versions: 1750, 2700 and 5000 with DM0011085; Firmware Version: 5.05_150)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/24/2006;
05/16/2006;
02/12/2007;
06/21/2007
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #158 and #367); AES (Certs. #48 and #292); SHS (Certs. #143 and #366); HMAC (Certs. #102 and #103); RSA (Cert. #83); RNG (Cert. #116)

-Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); ANSI X9.31 RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RC2; RC4; MD2; MD5; HMAC MD5

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
624 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-David Norton
TEL: 978-288-7079
FAX: 978-288-4004

-David Passamonte
TEL: 978-288-8973
FAX: 978-288-4004

CST Lab: NVLAP 200427-0

VPN Router 1700, 1750, 2700 and 5000 with Hardware Accelerator
(Hardware Versions: 1700, 1750, 2700 and 5000 with DM0011052; Firmware Version: 5.05_150)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/24/2006;
05/16/2006;
04/26/2007;
06/21/2007
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #29 and #367); AES (Cert. #292); SHS (Certs. #51 and #366); HMAC (Certs. #101 and #103); RSA (Cert. #83); RNG (Cert. #116)

-Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RC2; RC4; MD2; MD5; HMAC MD5

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
623 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-David Norton
TEL: 978-288-7079
FAX: 978-288-4004

-David Passamonte
TEL: 978-288-8973
FAX: 978-288-4004

CST Lab: NVLAP 200427-0

VPN Router 600, 1700, 1750, 2700 and 5000
(Hardware Versions: 600, 1700, 1750, 2700 and 5000; Firmware Version: 5.05_150)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/24/2006;
05/16/2006;
04/26/2007;
06/21/2007
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #367); AES (Cert. 292); SHS (Cert. #366); HMAC (Cert. #103); RSA (Cert. #83); RNG (Cert. #116)

-Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); ANSI X9.31 RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RC2; RC4; MD2; MD5; HMAC MD5

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
622 Lexmark International, Inc.
740 West Circle Road
Lexington, KY 40550
USA

-Sean Gibbons
TEL: 859-232-2000

CST Lab: NVLAP 200416-0

Lexmark PrintCryption
(Firmware Version: 1.3.0)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 01/19/2006;
12/13/2006;
01/04/2007
Overall Level: 1 

-Tested: T630, T632, T634, T640, T642, T644, C534, C760, C762, C912, C920, W820, W840, Lexmark ver. 2.4 O/S

-FIPS-approved algorithms: Triple-DES (Certs. #356, #357, #358, #359, #360 and #470); AES (Certs. #273, #274, #275, #276, #277 and #452); RSA (Certs. #73, #74, #75, #76, #77 and #171); SHS (Certs. #350, #351, #352, #353, #354 and #515); HMAC (Certs. #89, #90, #91, #92, #93 and #215); RNG (Certs. #100, #101, #102, #103, #104 and #237)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Lexmark PrintCryption Card is an option for the Lexmark series of output devices that enables the printing of host encrypted data. With this option installed, the printer is capable of decrypting print jobs encrypted with the AES algorithm. The Lexmark PrintCryption Card analyzes the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the confidential document to be printed."
621 NeoScale Systems, Inc.
1655 McCarthy Blvd.
Milpitas, CA 95035
USA

-Rose Quijano-Nguyen
TEL: 408-473-1313
FAX: 408-473-1307

-Chris Winter
TEL: 408-473-1393
FAX: 408-473-1307

CST Lab: NVLAP 200017-0

CryptoStor Tape 702 and 704
(Hardware Versions: FC702 - P/N 820-0004-01 Rev 2 and FC704 - P/N 820-0005-01 Rev 1; Firmware Version: 2.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/19/2006 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #275 and #285); AES (Certs. #173 and #183); SHS (Certs. #258 and #269); RSA (Cert. #26); HMAC (Cert. #25); RNG (Certs. #35 and #83)

-Other algorithms: N/A

Multi-chip standalone

"NeoScale CryptoStor Tape is a readily deployable, high-speed tape security appliance that compresses, encrypts and digitally signs data as it goes to tape media or virtual tape--without disrupting backup processes. CryptoStor dynamically intercepts backup/restore communications between hosts and tape libraries-centrally managing and fully off-loading tape media security functions. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery with the appliance or with a software-only utility."
620 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1841 Integrated Services Router with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Router with AIM- VPN/EPII-Plus
(Hardware Versions: 1841 and 2801; AIM-VPN/BPII-Plus Version: 1.0, Board Version: C1; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/06/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #219, #181 and #100); Triple-DES (Certs. #311, #283 and #213); SHS (Certs. #300, #267 and #401); HMAC (Certs. #29, #27 and #38); RNG (Cert. #31)

-Other algorithms: DES (Certs. #292, #275 and #235); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant); RC4

Multi-chip standalone

"The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
619 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2851 Integrated Services Router with AIM-VPN/EPII-Plus
(Hardware Version: 2851; AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/06/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #219, #96 and #100); Triple-DES (Certs. #311, #210 and 213); SHS (Certs. #300, #317 and #401); HMAC (Certs. #84, #50 and #38); RNG (Cert. #97)

-Other algorithms: DES (Certs. #292, #233 and #235); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant); RC4

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance the Cisco 2800 Series features the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
618 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3825 Integrated Services Router with AIM-VPN/EPII-Plus and Cisco 3845 Integrated Services Router with AIM-VPN/HPII-Plus
(Hardware Versions: 3825 and 3845; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; AIM-VPN/HPII-Plus Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/06/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #210, #213 and #311); AES (Certs. #96, #100 and #219); RNG (Cert. #97); SHS (Certs. #300, #317 and #401); HMAC (Certs. #38, #50 and #84)

-Other algorithms: DES (Certs. #233, #235 and #292); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant)

Multi-chip standalone

"The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance the Cisco 3800 Series features the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
617 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2811 and Cisco 2821 Integrated Services Router with AIMVPN/ EPII-Plus
(Hardware Versions: 2811 and 2821; AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/06/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #219 and #100); Triple-DES (Certs. #311 and #213); SHS (Certs. #300 and #401); HMAC (Certs. #84 and #38); RNG (Cert. #97)

-Other algorithms: DES (Certs. #292 and #235); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96-bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant); RC4

Multi-chip Standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance the Cisco 2800 Series features the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
616 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1841 and Cisco 2801 Integrated Services Router
(Hardware Versions: 1841 and 2801; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/06/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #219 and #181); Triple-DES (Certs. #311 and #283); SHS (Certs. #300 and #267); HMAC (Certs. #29 and #27); RNG (Cert. #31)

-Other algorithms: DES (Certs. #292 and #275); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96-bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant); RC4

Multi-chip standalone

"The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard."
615 WRQ, Inc.
1500 Dexter Avenue North
Seattle, WA 98109
USA

-Donovan Deakin
TEL: 206-217-7500
FAX: 206-217-7515

CST Lab: NVLAP 100432-0

Reflection Security Component for Java
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/06/2006 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Professional SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; Microsoft Windows 2000 Server SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; Mac OS X 10.3.5 and Apple Java Runtime Environment 1.4.2 (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #305); AES (Cert. #213); RSA (Cert. #45); DSA (Cert. #126); SHS (Cert. #293); RNG (Cert. #57); HMAC (Cert. #20)

-Other algorithms: DES (Cert. #288); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80-bits and 112-bits of encryption strength)

Multi-chip Standalone

"Reflection® for the Web provides terminal emulation from a web browser. With this server-based solution you can connect local or remote users to applications on IBM, HP, UNIX, and OpenVMS hosts. You can also use its comprehensive management, security, and customization features to boost IT efficiency and user productivity."
614 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan
Taiwan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886-3-424-4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200017-0

HICOS PKI Smart Card
(Hardware Version: HD65145C1; Software Version: GINA Applet: 1.0, PKI Applet: 1.0, FISC II Applet: 1.2; Firmware Version: HardMask: 1.0, SoftMask: 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/06/2006 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: RSA (Cert. #72); Triple-DES (Cert. #355); SHS (Cert. #357); RNG (Cert. #107); AES (Cert. #272); HMAC (Cert. #87); Triple-DES MAC (Cert. #355, vendor affirmed)

-Other algorithms:

Single-chip

"The HICOS PKI smart card module is a single chip implementation of a cryptographic module. The HICOS PKI smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HICOS PKI Smart Card cryptographic module contains an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart card chips."
613 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2851 Integrated Services Router
(Hardware Version: 2851, AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/23/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #219 and #96); Triple-DES (Certs. #311 and #210); SHS (Certs. #300 and #317); HMAC (Certs. #84 and #50); RNG (Cert. #97)

-Other algorithms: DES (Certs. #292 and #233); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC MD5; RSA (non-compliant); RC4

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
612 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2811 and Cisco 2821 Integrated Services Router
(Hardware Versions: 1841 and 2801; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/23/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #219 and #181); Triple-DES (Certs. #311 and #283); SHS (Certs. #300 and #267); HMAC (Certs. #29 and #27); RNG (Cert. #31)

-Other algorithms: DES (Certs. #292 and #275); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant); RC4

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
611 Litronic, Inc.
17861 Cartwright
Irvine, CA 92614
USA

-Cameron Durham
TEL: 949-851-1085
FAX: 949-851-8588

CST Lab: NVLAP 100432-0

jForté/HAT Cryptographic Module
(Hardware Version: P/N 078-2010-02 Version J002; Firmware Version: 3.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/23/2005 Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #306); Triple-DES MAC (Cert. #306, vendor affirmed); SHS (Cert. #294); RSA (Cert. #46); RNG (Cert. #59); Skipjack (Cert. #15)

-Other algorithms: DES (Cert. #289); DES MAC (Cert. #289, vendor affirmed)

Single-chip

"The high assurance jForté/HAT module is a multi-function, secure device, specifically engineered to provide expanded storage and accelerated processing of complex cryptographic functions. jForté/HAT also provides high data throughput via its dual I/O interface, supporting both ISO7816-3 and Full Speed USB. The module is available in several different packaging configurations - smart card module, 24-pin SOIC or bare die. Our patented smart card packaging provides access to both 7816-3 and USB interfaces so the same smart card will work in both standard readers, at 7816 speeds, and in high-speed USB readers and Full Speed USB."
610 Avaya, Inc.
Atidim Technology Park
Tel Aviv, 61131
Israel

-Pesah Spector
TEL: 972-3-6459162
FAX: 972-3-6458462

CST Lab: NVLAP 100432-0

G250 and G250-BRI Branch Office Media Gateways w/FIPS
(Hardware Versions: 700356231 and 700356223 Version 1.0; Firmware Version: 24.16.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/23/2005 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #330); AES (Cert. #242); SHS (Cert. #320); HMAC (Cert. #60); RSA (Cert. #60); RNG (Cert. #77)

-Other algorithms: DES (Cert. #308); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; H.248 Link Encryption; Avaya Media Encryption; SSHv2

Multi-chip standalone

"The Avaya G250 Branch Office Media Gateway w/FIPS and G250-BRI Branch Media Gateway w/FIPS are complete branch office business communications systems that integrate an IP telephony gateway, an advanced IP WAN router, and a PoE LAN switch into a compact (2U) chassis. Ideally suited for enterprise with distributed branch office locations of 2-10 extensions, the G250 and G250-BRI Gateways replace the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
609 Snapshield, Ltd.
1 Research Court
Suite 450
Rockville, MD 20850
USA

-Uri Naor
TEL: 301-216-3805
FAX: 301-519-8001

-Rolando Rosas - Snap Defense Systems, LLC
TEL: 703-766-6540
FAX: 703-766-6501

CST Lab: NVLAP 100432-0

SNAPfone
(Hardware Versions: P/N Snapfone Versions E and F; Firmware Versions: 7.10.1 v_7101 and 7.10.1 v_7101p2p)

Snapfone
(Hardware Versions: P/N Snapfone Versions E and F, Firmware Versions: 7.10.1v 7101 and 7.10.1v-l101p2p)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/23/2005;
01/13/2006;
01/27/2006
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #302); SHS (Cert. #289); RNG (Cert. #53)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"SNAPfone is a compact encryption termination unit capable of securing voice communications over analog telephone lines. SNAPfone performs high level encryption process with a new key draw for each session using Asymmetric Public Key Cryptography (1024 bit Diffie-Hellman) for key exchanging and Symmetric block cipher (192-bit 3DES) algorithm for session encryption. SNAPfone requires minimum user intervention with seamless operation."

"The Snapfone is a plug-n-play encryption device for securing communications over regular analog (POTS) or fax lines. Snapfone is designed for compatibility among major telephone and PBX brands. It can also be deployed as a shared resource device when connected to a PBX. Its small footprint and 1101220v connectivity allows for easy transport and maximum flexibility. The cryptographic core engines are optimized for minimal voice latency providing superior voice quality. Snapfones can also be configured as a distributed secure voice network solution among groups and between multiple locations."

608 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition (ME)
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/13/2005;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Linux 7.2; Red Hat Enterprise Linux AS3.0; Solaris 8 (Sun OS 5.8) Sparc V8; Solaris 8 (Sun OS 5.8) Sparc V8+; Solaris 8 (Sun OS 5.8) Sparc V9; Microsoft Windows Mobile 2003; Microsoft Windows XP SP2; IBM AIX 5L 5.3; HP-UX 11.23 Itanium 2; HP-UX 11.23 PA-RISC 2.0W; HP-UX 11.11 PA-RISC 2.0; VxWorks 5.4 PPC 604; VxWorks 5.5 PPC 603; VxWorks 5.5 PPC 604

-FIPS-approved algorithms: DSA (Cert. #143); Triple-DES (Cert. #378); AES (Cert. #303); CCM (Cert. #7); SHS (Cert. #380); RSA (Cert. #96); RNG (Cert. #130); ECDSA (Cert. #11); HMAC (Cert. #113)

-Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECDRBG (non-compliant); RSA (key wrapping, key establishment methodology provides at least 80 bits of encryption strength); Diffie-Hellman (key agreement, key establishment methodology provides at least 80 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 285 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
607 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-3032

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-204 and 208
(Hardware Version: P/N NS-204 and NS-208 Version 0110; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/12/2005;
01/26/2006;
05/16/2006;
06/14/2006;
06/20/2006
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. 118); DSA (Cert. #132); SHS (Cert. 103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Juniper Networks NetScreen-204 and 208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
606 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-3032

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-5XT
(Hardware Version: P/N NS-5XT Version 1010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/12/2005;
01/26/2006;
05/16/2006;
06/14/2006;
06/20/2006
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Juniper Networks NetScreen-5XT is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10 Base-T Ethernet ports (trust and untrusted), the Juniper Networks NetScreen-5XT performs at near wirespeed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
605 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-3032

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-5400
(Hardware Version: P/N NS-5400 Version 3010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/12/2005;
01/26/2006;
05/16/2006;
06/14/2006;
06/20/2006
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); DSA (Cert. #132); RNG (Cert. #33)

-Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Juniper Networks NetScreen-5400 is a purpose-built, high-performance security system designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5400 security system integrates firewall, DoS, DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
604 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-3032

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-500
(Hardware Version: P/N NS-500 Version 4110; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/12/2005;
01/26/2006;
05/16/2006;
06/14/2006;
06/20/2006
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #244); Triple-DES (Cert. #50); DSA (Cert. #134); SHS (Cert. #47); RSA (Cert. #23); HMAC (Cert. #54); RNG (Cert. #32)

-Other algorithms: DES (Cert. #115); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80-bits of encryption strength)

Multi-chip standalone

"The Juniper Networks NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
603 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-3032

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-5200
(Hardware Version: P/N NS-5200 Version 3010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/12/2005;
01/26/2006;
05/16/2006;
06/14/2006;
06/20/2006
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"The Juniper Networks NetScreen-5200 is a purpose-built, high-performance security system designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5200 security system integrates firewall, DoS and DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
602 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Simon Gerraty
TEL: 408-745-2348
FAX: 408-745-8905

CST Lab: NVLAP 100432-0

JUNOS-FIPS
(Firmware Versions: 7.2R1.7 and 7.4R1.7)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 12/12/2005;
05/16/2006
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Routing Engine RE 3.0, Routing Engine RE 4.0, Routing Engine 5.0, Routing Engine RE 5.0+

-FIPS-approved algorithms: AES (Certs. #259 and #260); HMAC (Certs. #70, #71, #72, #73 and #79); DSA (Cert. #137); RNG (Cert. #93); RSA (Cert. #69); SHS (Certs. #336, #337, #338, #339 and #340); Triple-DES (Certs. #341, #342, #343 and #344)

-Other algorithms: DES (Certs. #316, #317, #318 and #319); MD5; Diffie-Hellmann (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength)

Multi-chip standalone

"JUNOS firmware is the first routing operating system designed specifically for the Internet. It runs on all Juniper Networks T-series, M-series, and Jseries routers, and is currently deployed in the largest and fastest growing networks worldwide. Its full suite of industrial strength routing protocols, flexible policy language, and leading MPLS implementation efficiently scale to large numbers of network interfaces and routes. As well, JUNOS firmware supports the industry's first production-ready GMPLS implementation."
601 Avaya, Inc.
Atidim Technology Park
Bldg. 3
Tel Aviv, 61131
Israel

-Pesah Spector
TEL: 972-3-6459162
FAX: 972-3-6458462

CST Lab: NVLAP 100432-0

G350 Branch Office Media Gateway w/FIPS
(Hardware Version: P/N 700356249 Version 1.0; Firmware Version: 24.16.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/08/2005 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #273); AES (Certs. #171 and #251); SHS (Cert. #256); HMAC (Cert. #61); RSA (Cert. #17); RNG (Cert. #21)

-Other algorithms: DES (Cert. #269); Diffie-Hellman (key agreement; key establishment methodology provides at least 80 bits of encryption strength); MD5; H.248 Link Encryption; Avaya Media Encryption; SSHv2; DSA (non-compliant)

Multi-chip standalone

"The Avaya G350 Branch Office Media Gateway w/FIPS is a complete branch office business communications system that integrates an IP telephony gateway, an advanced IP WAN router, and a high-performance LAN switch into a compact (3U) modular chassis. Ideally suited for enterprise with distributed branch office locations of 8-40 extensions, the G350 replaces the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
600 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-924-3500
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: DS1955B PB4 4.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/08/2005 Overall Level: 3 

-Physical Security: Level 3 +EFT

-FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185; vendor affirmed); RNG (Cert. #86)

-Other algorithms: RSA (encrypt/decrypt); HMAC (non-compliant)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
599 Blue Ridge Networks
14120 Parke Long Court
Suite 101
Chantilly, VA 20151
USA

-Nancy Canty
TEL: 703-633-7331
FAX: 703-631-9588

CST Lab: NVLAP 200416-0

BorderGuard 5000
(Hardware Versions: BorderGuard 5100, 5200, 5400, 5500 and 5600; Firmware Version: DPF1 V7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/08/2005 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #173 and #116); Triple-DES (Certs. #275 and #57); SHS (Certs. #258 and #49); HMAC (Certs. #21 and #22)

-Other algorithms: DES (Certs. #271 and #119); DES MAC (Cert. #119; vendor affirmed); IDEA; HMAC-MD5; MD5; RSA (non-compliant); RSA BSAFE Crypto-C RNG; HiFn 7855 RNG; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength for Models 5100, 5200 and 5400; and between 80 and 150 bits of encryption strength for Models 5500 and 5600; non-compliant less than 80-bits of encryption strength))

Multi-chip standalone

"The BorderGuard hardware models 5100, 5200, 5400, 5500 and 5600 version DPF1 7.1 firmware are standalone hardware security appliances (routers) used to secure Internet traffic. The cryptographic module consists of firmware running on a dedicated hardware device. The module is a multi-chip-standalone device."
598 Mobile Armor, LLC
400 South Woods Mill Rd.
Chesterfield, MO 63017
USA

-Bryan Glancey
TEL: 636-449-0239
FAX: 314-205-2303

-Chand Vyas
TEL: 636-449-0239
FAX: 314-205-2303

CST Lab: NVLAP 200427-0

Mobile Armor Warp Drive
(Software Version: 2.1.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/01/2005 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (in single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #349); AES (Cert. #267); SHS (Cert. #346); HMAC (Cert. #81)

-Other algorithms: N/A

Multi-chip standalone

"Mobile Armor's highly optimized Microsoft Windows Certified Driver for Windows XP provides reliable high speed strong cryptographic services for systems running Mobile Armor's DataArmor Enterprise Mobile Data Protection software."
597 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151
USA

-Christophe Goyet
TEL: 310-884-7900
FAX: 310-884-7904

CST Lab: NVLAP 100432-0

ID-One Cosmo 32 v5
(Hardware Version: P/N 90; Firmware Version: E311-063842)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/01/2005 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #303); Triple-DES MAC (Cert. #303, vendor affirmed); SHS (Cert. #290); RSA (Cert. #42); RNG (Cert. #99)

-Other algorithms: DES (Cert. #286); DES MAC (Cert. #286, vendor affirmed); MD5

Single-chip

"The ID-One Cosmo 32 v5 is a JavaCard cryptographic module specifically designed for identity and government market needs. It offers a full 32K Byte of EEPROM space available for customer discretionary use, together with on-card cryptographic services such as TDES (using double and triple length DES keys), and 2048-bit RSA with on-card key generation. The cryptographic module loads and runs applets written in Java programming language. It includes a native implementation of the latest Java Card TM (Version 2.2) and Open Platform (Version 2.1.1A) specifications, with full support for Delegated Management and DAP / Mandated DAP, that define a secure infrastructure for post-issuance programmable platforms. Additional features include On-Card fingerprint matching and Logical Channels."
596 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3825 and Cisco 3845 Integrated Services Router
(Hardware Versions: 3825 and 3845; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/01/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs.#210 and #311); AES (Certs. #96 and #219); RNG (Cert. #97); SHS (Certs. #300 and #317); HMAC (Certs. #50 and #84)

-Other algorithms: DES (Certs. #233 and #292); Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant)

Multi-chip standalone

"The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. By integrating security functions directly into the router itself, Cisco can provide unique intelligent security solutions, such as network admissions control (NAC) for antivirus defense; Voice and Video Enabled VPN (V3PN) for quality-of-service (QoS) enforcement when combining voice, video, and VPN; and Dynamic Multipoint VPN (DMVPN) and Easy VPN."
595 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE Crypto-J JCE Provider Module
(Software Version: 3.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/01/2005;
03/06/2006;
10/12/2007;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode)

-FIPS-approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Cert. #71); RNG (Cert. #106); HMAC (Cert. #86)

-Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (ANSI X9.31, MD5, SHA1; non-compliant); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
594 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196
USA

-Mike French
TEL: 847-435-5219

CST Lab: NVLAP 100432-0

MCC7500 Secure Card Crypto Engine Cryptographic Module
(Hardware Version: P/N CLN8131 Version B; Firmware Version: R02.00.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/01/2005;
06/14/2006
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121)

-Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; ADP; DVI-SPFL; DVP-XL

Multi-chip embedded

"The MCC7500 Secure Card Crypto Engine Cryptographic Module is a multiprocessor, cryptographic PCI card that provides encryption services for up to 60 audio streams for the Secure Operator Position (B1908) and Secure Archiving Interface Server (B1918). Each Secure Operator Position will contain one Secure Card providing encryption services for 60 simultaneous audio streams. Each Secure AIS will contain 1 or 2 Secure Cards providing encryption services for 60 or 120 audio streams, respectively. The Spare Crypto Card (B1924) may be used to upgrade an Operator Position or AIS."
593 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry® Cryptographic Kernel
(Firmware Versions: 3.8.3.3, 3.8.3.5, 3.8.3.6 and 3.8.3.7)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 12/01/2005 Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 7290 with BlackBerry OS Version 4.1

-FIPS-approved algorithms: Triple-DES (Cert. #366); AES (Cert. #291); SHS (Cert. #365); HMAC (Cert. #100); RSA (Cert. #82); RNG (Cert. #115); ECDSA (Cert. #9)

-Other algorithms: EC Diffie-Hellman (key agreement); ECMQV (key agreement)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
592 High Density Devices AS
Vestre Strandgate 26
Kristiansand, N-4611
Norway

-Aage Kalsaeg
TEL: +47 38 10 44 80
FAX: +47 38 10 44 99

CST Lab: NVLAP 100432-0

SecureD v.1.6
(Hardware Version: HW P/N SecureD v.1.6 Version 1.6.4; Firmware Version: 1.6.1)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/01/2005;
01/05/2007
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #324); AES (Cert. #174)

-Other algorithms:

Multi-chip embedded

"SecureD is a hardware based encryption device that offers optimal, fully integrated, protection for stored data in IDE data bus based computer systems. SecureD operates fully transparent at the speed of ATA-6 AT API. SecureD is using AES 128/192/256 bits encryption/decryption, and is 100% operating system independent. No SW is installed. Ideal for encryption of disks in Desktop environment, Laptop, and USB/Firewire connected disks."
591 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-888-6906

CST Lab: NVLAP 200017-0

BlackBerry Enterprise Server™ Cryptographic Kernel
(Software Versions: 1.0.2.5, 1.0.2.7, 1.0.2.8, 1.0.2.9 and 1.0.2.10)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/01/2005;
05/10/2007;
06/08/2007
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server SP4

-FIPS-approved algorithms: Triple-DES (Cert. #364); AES (Cert. #289); SHS (Cert. #363); HMAC (Cert. #98); RNG (Cert. #114); ECDSA (Cert. #8)

-Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic ryptographic functionality for the BlackBerry® Enterprise Server."
590 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE Crypto-J Software Module
(Software Versions: 3.5 [1], 3.5.2 [2] and 3.5.3 [3])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 11/18/2005;
03/06/2006;
05/17/2006;
12/18/2006;
10/12/2007;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with Java JRE 1.4.2. (in single user mode)

-FIPS-approved algorithms: DSA (Cert. #139); Triple-DES (Cert. #353); AES (Cert. #270); SHS (Cert. #355); RSA (Certs. #70 [1] and #185 [2]); RNG (Cert. #105); HMAC (Cert. #85)

-Other algorithms: DES (Cert. #325); Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
589 Mobile Armor, LLC
400 South Woods Mill Rd.
Chesterfield, MO 63017
USA

-Bryan Glancey
TEL: 636-449-0239
FAX: 314-205-2303

-Chand Vyas
TEL: 636-449-0239
FAX: 314-205-2303

CST Lab: NVLAP 200427-0

Mobile Armor Crypto Module
(Software Version: 2.1.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/18/2005 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 and Red Hat Enterprise Linux 3.0 (in single user mode); Pocket PC 2003

-FIPS-approved algorithms: Triple-DES (Cert. #351); AES (Cert. #268); SHS (Cert. #348); RNG (Cert. #98); HMAC (Cert. #83)

-Other algorithms:

Multi-chip standalone

"Mobile Armor's Cross platform implementation of Cryptographic Services for use in Enterprise Mobile Data Security products on the Linux, Windows XP, and Windows CE platform."
588 Bluesocket, Inc.
10 North Avenue
Burlington, MA 01803
USA

-Mike Puglia
TEL: 781-328-0888

CST Lab: NVLAP 200002-0

Bluesocket WG-5000 Wireless Gateway
(Hardware Versions: 870-500FF-002, 870-500FT-002, 870-500TF-002 and 870-500TT-002; Firmware Versions: 3.1.1.8.fips.13, 4.1.0.11.fips.6 and 4.1.0.11.fips.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/18/2005;
12/08/2006
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #76 and #254); Triple-DES (Certs. #335 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #329); HMAC (Certs. #12 and #63)

-Other algorithms: DES (Cert. #313); Diffie-Hellman (key agreement); MD5; HMAC MD5

Multi-chip standalone

"The Bluesocket WG-5000 Wireless Gateway provides a single scalable solution to the security, quality of service (QoS), and management issues facing institutions, enterprises, and service providers who deploy 802.11 and Bluetooth-based wireless networks."
587 Bluesocket, Inc.
10 North Avenue
Burlington, MA 01803
USA

-Mike Puglia
TEL: 781-328-0888

CST Lab: NVLAP 200002-0

Bluesocket WG-2100 Wireless Gateway
(Hardware Versions: 870-212FF-002, 870-212FT-002, 870-212TF-002 and 870-212TT-002; Firmware Versions: 3.1.1.8.fips.13, 4.1.0.11.fips.6 and 4.1.0.11.fips.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/03/2005;
12/08/2006
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #76 and #253); Triple-DES (Certs. #187 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #229); HMAC (Certs. #11 and #12)

-Other algorithms: DES (Cert. #223); Diffie-Hellman (key agreement, key establishment methodology provides 80-bits of encryption strength); RSA (PKCS#1, key wrapping, key establishment methodology provides 80-bits of encryption strength); MD5; HMAC MD5

Multi-chip standalone

"The Bluesocket WG-2100 Wireless Gateway provides a single scalable solution to the security, quality of service (QoS), and management issues facing institutions, enterprises, and service providers who deploy 802.11 and Bluetooth-based wireless networks."
586 E.F. Johnson Co.
123 N. State St.
Waseca, MN 56093
USA

-John Oblak
TEL: 507-837-5116
FAX: 507-837-5120

CST Lab: NVLAP 100432-0

Subscriber Encryption Module (SEM)
(Hardware Versions: 023-5000-980, 023-5000-982, 023-5000-984 and 039-575-1200; Firmware Versions: 4.0, 4.1 and 4.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/03/2005 Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #217); SHS (Cert. #238); HMAC (Cert. #80); DSA (Cert. #110); RNG (Cert. #5)

-Other algorithms: DES (Cert. #291); SecureNet DES 1 bit CFB with differential encoding and decoding

Multi-chip embedded

"The E.F. Johnson Co. Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the E.F. Johnson Co. 5100 series radio with secure and encrypted voice communication. The SEM supports AES OTAR, AES, DES, DSA, and SHA-1 FIPS Approved algorithms. These algorithms are used for data or voice communication and protection of SEM firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2 Level 1 security."
585 Bluefire Security Technologies
1040 Hull Street
#101
Baltimore, MD 21230
USA

-Phil Smith
TEL: 410-637-8160
FAX: 410-637-8172

CST Lab: NVLAP 200427-0

Bluefire Mobile Security™ FIPS Cryptographic Module
(Software Version: 1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/02/2005 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Service Pack 4, PocketPC 2003 (single user mode)

-FIPS-approved algorithms: DSA (Cert. #121); Triple-DES (Cert. #288); AES (Cert. #192); SHS (Cert. #272); RSA (Cert. #29); RNG (Cert. #39); HMAC (Cert. #7)

-Other algorithms: DES (Cert. #278); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 150 bits of encryption strength)

Multi-chip standalone

"The Bluefire Mobile Security™ FIPS Cryptographic Module is Bluefire Security Technologies' cryptographic library designed for securing mobile devices such as personal digital assistants (PDA’s) and Smart Phones based on the Microsoft Windows Mobile platform. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
584 Credant Technologies Corporation
15303 Dallas Parkway
Suite 1420
Addison, TX 75001
USA

-Chris Burchett
TEL: 972-458-5407
FAX: 972-458-5454

CST Lab: NVLAP 200002-0

Credant Cryptographic Kernel[1] and CmgCryptoLib[2]
(Software Versions: 1.5[1] and 1.7[2])

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/02/2005;
11/04/2005;
12/07/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Version 1.5 tested as meeting Level 1 with Palm OS 5.4.5. Version 1.7 tested as meeting Level 1 with Windows Mobile 5; Windows Mobile 6; Windows XP SP2; Windows Vista 32-bit; Symbian Series 60 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #336); AES (Cert. #255); SHS (Cert. #330); HMAC (Cert. #65); RNG (Cert. #88)

-Other algorithms: N/A

Multi-chip standalone

"CREDANT CmgCryptoLib (previosuly known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library that implements Triple-DES, AES, ANSI X9.31 RNG, SHA-1, and HMAC-SHA-1 algorithms for CREDANT Mobile Guardian (CMG). CMG provides centrally managed mobile data protection via strong authentication, Intelligent Encryption and usage controls with guaranteed data recovery for laptops, desktops, removable media, PDAs and smart phones."
583 NeoScale Systems, Inc.
1655 McCarthy Blvd.
Milpitas, CA 95035
USA

-Rose Quijano-Nguyen
TEL: 408-473-1313

-Chris Winter
TEL: 408-473-1393

CST Lab: NVLAP 200017-0

CryptoStor FC2002W SAN Security Appliance
(Hardware Version: 820-0001-06 Rev2; Firmware Version: 2.2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/27/2005;
11/07/2005
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #275 and #285); AES (Certs. #173 and 183); SHS (Cert. #269); RSA (Cert. #26); HMAC (Cert. #25); RNG (Cert. #35)

-Other algorithms: N/A

Multi-chip standalone

"The NeoScale CryptoStor FC2002 appliance, is a Fibre Channel Storage Area Network (SAN) data security appliance that provides data flow control and encryption based on configured policy rules. Operating as a fully transparent, in-line storage appliance, the FC2002 inspects storage traffic and applies information flow controls and strong encryption to the data payload at gigabit rates. Storage data privacy policies are centrally managed, employing access and encryption rules which are easily modified to suit current and evolving storage infrastructures. Deep frame inspection allows access and encryption policies to be dynamically applied at wirespeed. True gigabit throughput with low latency and transparent operation ensures uninterrupted, scalable storage data protection."
582 Oceana Sensor Technologies, Inc.
1632 Corporate Landing Parkway
Virginia Beach, VA 23454
USA

-Alex Kalasinski
TEL: 757-426-3678
FAX: 757-426-3633

-Don Kennamer
TEL: 757-426-3678
FAX: 757-426-3633

CST Lab: NVLAP 200017-0

Fortress Cryptographic Library
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/27/2005 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.4.2 running on Windows 2000 Service Pack 4 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #256); Triple-DES (Cert. #337); RSA (Cert. #65); SHS (Cert. #331); HMAC (Cert. #66); RNG (Cert. #89)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); Rijndael

Multi-chip standalone

"The Oceana Sensor Technologies Fortress Cryptographic LibraryTM (FCL) is a cryptographically secure interface to applications both internal and external to the OST product. It has many features and supports AES, Triple DES and RSA. It is entirely a software product."
581 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress™ Wireless Security Gateway
(Hardware Version: Model AF2100; Firmware Versions: 2.5 and 2.1.0.AFG1178ag)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/27/2005;
04/26/2007;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; RSA (non-compliant)

Multi-chip standalone

"The AirFortress ™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
580 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Simon Gerraty
TEL: 408-745-2348
FAX: 408-745-8905

CST Lab: NVLAP 100432-0

AS2-FIPS PIC
(Hardware Versions: PB-AS2-FIPS, PE-AS2-FIPS, Rev. A and B; Software Versions: 7.2R1.7 and 7.4R1.7; Firmware Version: 560-011740 (Rev. 4.008))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/25/2005;
12/02/2005;
01/27/2006;
06/14/2006;
12/19/2006
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: RSA (Cert. #69); Triple-DES (Certs. #341 and #350); SHS (Certs. #336 and #347); HMAC (Cert. #71); RNG (Cert. #93)

-Other algorithms: MD5; DES (Cert. #324); RSA (key wrapping, key establishment methodology provides 80-bits of encryption strength)

Multi-chip standalone

"The Adaptive Services (AS) Physical Interface Card (PIC) is a multi-chip embedded cryptographic module, which supports a new level of services integration and performance. The AS2-FIPS PIC supports compressed real time protocol (CRTP), high-speed Network Address Translation (NAT), stateful firewall, tunnel services, IPSec encryption and J-Flow accounting today while having built-in headroom to support additional services in the future. With high-speed NAT and stateful firewall, providers can protect their networks and simultaneously deploy network-based security and VPN solutions."
579 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Greg Farmer
TEL: 434-455-9577

CST Lab: NVLAP 200002-0

P7130IP Select, P7150IP Scan Portable and M7100IP Mobile Two-Way FM Radio
(Hardware Versions: RU101188V1, RU101188V21, RU101188V12, RU101188V22, RU101188V31, KRY1011632/13, KRY1011632/11, RU101219V21, RU101219V51, RU101219V61, RU101219V63, RU101219V41, RU101219V71 and RU101219V73; Firmware Version: H8 version: J2R06B03; DSP version: F7R01A16)

(When operated in FIPS mode)

Revoked

Security Policy

Certificate

Hardware 10/25/2005;
08/16/2006;
10/22/2007
Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #155)

-Other algorithms: DES (Cert. #241); DES MAC (Cert. #241, vendor affirmed); VGE (M/A-Com proprietary digital voice encryption algorithm)

Multi-chip standalone

"The P7150IP Scan Portable/M7100IP Mobile are M/A COM's premier radios for critical communications. Guided by customer feedback, M/A COM designed the P7150IP and M7100IP to excel in the challenging environments that critical communications users encounter. The radios provide a superior combination of features, functions, and physical attributes. They are light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the radios provide exceptional performance even under adverse conditions."
578 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder FIPS Java Module
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/25/2005;
07/20/2007;
03/06/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1 and 1.4.2 running on Windows 2003 x86 (Binary compatible to Windows 98/2000/XP); Red Hat Linux Application Server 3.0 x86 (Binary compatible to AS 2.1); Solaris 2.9 32-bit SPARC; Solaris 2.9 64-bit SPARC

-FIPS-approved algorithms: Triple-DES (Cert. #318); AES (Cert. #227); SHS (Cert. #307); HMAC (Cert. #37); RNG (Cert. #68); DSA (Cert. #128); ECDSA (Cert. #6); RSA (Cert. #54)

-Other algorithms: DES (Cert. #298); ARC2; ARC4; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement); EC MQV (key agreement); RSA (Cert. #52, key wrapping)

Multi-chip standalone

"The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
577 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Greg Farmer
TEL: 434-455-9577

CST Lab: NVLAP 200002-0

P7170IP System Portable Two-Way FM Radios
(Hardware Versions: RU101219V22, RU101219V42, RU101219V52, RU101219V62, RU101219V72; Firmware Version: H8 version: J2R06B03; DSP version: F7R01A16)

(When operated in FIPS mode)

Revoked

Security Policy

Certificate

Hardware 10/25/2005;
08/16/2006;
10/22/2007
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #155);

-Other algorithms: DES (Cert. #241); DES MAC (Cert. #241, vendor affirmed); VGE (M/A-Com proprietary digital voice encryption algorithm)

Multi-chip standalone

"The P7170IP is M/A COM's premier portable radio for critical communications. Guided by customer feedback, M/A COM designed the P7170IP to excel in the challenging environments that critical communications users encounter. The P7170IP provides a superior combination of features, functions, and physical attributes. It is light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the P7170IP provides exceptional performance even under adverse conditions."
576 PalmSource, Inc.
1188 East Arques Avenue
Sunnyvale, CA 94085
USA

-Laurent Sanchez
TEL: 408-400-3000
FAX: 408-400-1510

CST Lab: NVLAP 200416-0

Cryptographic Provider Module + FIPS Provider
(Software Version: 5.2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/25/2005 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Palm Tungsten™ C running Palm OS version 5.2.1

-FIPS-approved algorithms: AES (Cert. #114); Triple-DES (Cert. #226); HMAC (Cert. #46); RNG (Cert. #63); SHS (Certs. #303 and #202)

-Other algorithms: N/A

Multi-chip standalone

"The PalmSource Cryptographic Provider Module + FIPS Provider version 5.2.2 is a software library that implements cryptographic functions and is contained within a defined cryptographic boundary using the PalmOS version 5.2.1."
575 ActivCard, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-745-6211
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5
(Hardware Versions: P/N 77, Version E302, E303-063683, E303-063792; Firmware Versions: ACA v2.5.1, PKI/GC/SKI v2.5.1, SMA v2.5.1, ASC v2.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/25/2005;
05/26/2006
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed)

Single-chip

"The ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5: Provides enhanced functionality, flexibility, and security based on the ActivCard Applet v2 frameworks; Is backward compatible with earlier versions of ActivCard applets; Offers a more open, stable, and flexible platform on which developers can build and deploy smart card applications; Is compliant with GSC-IS 2.1 virtual machine comman interface; Supports GSC-IS 2.1 data model; Can be configured for Level and Level 3 modes."
574 RedCannon Security
42808 Christy Street
Suite #108
Fremont, CA 94538
USA

-Kurt Lennartsson
TEL: 510-498-4104
FAX: 510-498-4109

-Brian Wood
TEL: 410-902-9779

CST Lab: NVLAP 200427-0

RedCannon Cryptographic Module
(Software Version: 1.3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/19/2005 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional with Service Pack 2 (single user mode)

-FIPS-approved algorithms: AES (Cert. #249); Triple-DES (Cert. #334); SHS (Cert. #327); HMAC (Cert. #58); RSA (Cert. #64); RNG (Cert. #87)

-Other algorithms: DES (Cert. #312); TwoFish; BlowFish; Serpent; CAST; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 150-bits of encryption strength); RSA (key generation; non-compliant); RSA (PKCS#1; key transport; key establishment methodology provides 80-bits of encryption strength)

Multi-chip standalone

"The RedCannon Crypto Module provides cryptographic support for the RedCannon line of products. The crypto module is used to create, manage and delete cryptographic keys as well as to perform cryptographic operations. The crypto module can be used for multiple functions within the RedCannon applications. It provides a structured set of APIs, which can be called to perform these functions. This provides flexibility for the module and the ability to add new applications for the crypto module functions in the future without changing the module itself."
573 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-924-3500
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: DS1955B PB2 - 2.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/20/2005 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed)

-Other algorithms: DES (Cert. #222); RSA (PKCS#1, key wrapping); RSA (OAEP, key wrapping)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
572 Gemalto
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

-Jerome Denis
TEL: 512-257-3808

CST Lab: NVLAP 100432-0

SafesITe TOP IM CY2 (aka Cyberflex Access 64K V2) Cryptographic Module
(Hardware Versions: P/N A1002057, A1002631 and A1006577; Firmware Version: Hardmask 1V3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/15/2005;
10/31/2005;
05/25/2006;
07/28/2008
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #312); Triple-DES MAC (Cert. #312, vendor affirmed); AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64)

-Other algorithms: DES (Cert. #293); DES MAC (Cert. #293, vendor affirmed);

Single-chip

"The Cyberflex Access 64K V2 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K V2 serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K V2 supports on-card Triple DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K V2 smart card is part of a range of Axalto highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
571 AirMagnet, Inc.
1325 Chesapeake Terrace
Sunnyvale, CA 94089
USA

-Tony Ho
TEL: 408-400-1255
FAX: 408-744-1250

CST Lab: NVLAP 200648-0

SmartEdge Sensor AM-5010-11-AG and AM-5012-11AG
(Hardware Versions: AM-5010-11-AG and AM-5012-11AG; Firmware Version: 5.2.0-2928)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/12/2005 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #214); Triple-DES (Cert. #307); SHS (Cert. #295); RSA (Cert. #47); RNG (Cert. #60); HMAC (Cert. #23)

-Other algorithms: RC4; MD5; Diffie-Hellman (key agreement); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength); DSA (non-compliant); DES; RC2; IDEA

Multi-chip standalone

"The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
570 Thales e-Security
Meadow View House,
Crendon Industrial Estate,
Long Crendon
Aylesbury, Buckinghamshire HP18 9EQ
United Kingdom

-Tim Fox
TEL: +44 1844 201800
FAX: +44 1844 202170

CST Lab: NVLAP 200002-0

Secure Generic Sub-System (SGSS), Version 3.2
(Hardware Versions: 1213B130, Rev 2 and 1213D130, Rev 3a; Software Version: 2.0.2)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/07/2005;
10/13/2005
Overall Level: 3 

-FIPS-approved algorithms: DSA/SHS (Cert. #24); RSA (Cert. #53)

-Other algorithms:

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor 2000 family, WebSentry family, HSM 8000 family, P3CM family, PaySentry, 3D Security Module and SafeSign Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and the RSA algorithm."
569 Funk Software, Inc.
222 Third Street
Cambridge, MA 02142
USA

-Steven Erickson
TEL: 978-371-3980 x112
FAX: 978-371-3990

CST Lab: NVLAP 200648-0

Odyssey Security Component and Odyssey Security Component/Portable
(Software Version: 1.2)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/31/2005;
01/13/2006;
02/24/2006
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP, Red Hat Linux 9.0 (single user mode)

-FIPS-approved algorithms: AES (Certs. #245 and #246); Triple-DES (Certs. #331 and #332); SHS (Certs. #322 and #323); HMAC (Certs. #53 and #55); RSA (Certs. #61 and #62); DSA (Certs. #133 and #135); RNG (Certs. #79 and #84); CCM (Certs. #2 and #3)

-Other algorithms: DES (Certs. #309 and #310); Diffie-Hellman (key agreement)

Multi-chip standalone

"The Odyssey Security Component/Portable is Funk Software, Inc.'s general purpose cryptographic library. Wide-ranging algorithm support is provided, making the library suitable for use in applications such as wireless LAN, IPsec, SSL/TLS, EAP, and so on. Assembly language optimizations allow high-speed operation on specific platforms, while the portable (C) version can be used on a large variety of platforms."
568 Caymas Systems Inc.
1179-A N. McDowell Blvd.
Petaluma, CA 94954
USA

-Joe Howard
TEL: 707-283-5000
FAX: 707-283-5001

CST Lab: NVLAP 200017-0

Caymas Systems 525 Identity-Driven Access Gateway
(Hardware Version: Rev. 100-000002; Firmware Version: R2.6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 08/30/2005 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #319, #320, #323, #325 and #326); AES (Certs. #229, #230, #233, #234 and #235); SHS (Certs. #308, #309, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #69, #70, #73 and #74); HMAC (Certs. #41, #42 and #45); DSA (Certs. #129, #130 and #131)

-Other algorithms: DES (Certs. #299, #300, #303 and #304); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RC4

Multi-chip standalone

"The Caymas 318 and Caymas 525 are the world's first Identity-Driven Access Gateways, combining universal access, Identity-Based access control, integrated application security and federated policy enforcement. Caymas products are hardened, purpose-built appliances, with custom acceleration hardware allowing them to scale to thousands of users and multi-gigabit speeds in a single platform. With no per user or per feature pricing, Caymas gateways deliver radical price/performance for enterprises extending their information assets to internal and external users."
567 Caymas Systems Inc.
1179-A N. McDowell Blvd.
Petaluma, CA 94954
USA

-Joe Howard
TEL: 707-283-5000
FAX: 707-283-5001

CST Lab: NVLAP 200017-0

Caymas Systems 318 Identity-Driven Access Gateway
(Hardware Version: Rev. 100-000001; Firmware Version: R2.6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 08/30/2005 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #321, #323, #325 and #326); AES (Certs. #231, #233, #234 and #235); SHS (Certs. #310, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #71, #73 and #74); HMAC (Certs. #43 and #45); DSA (Certs. #129, #130 and #131)

-Other algorithms: DES (Certs. #301, #303 and #304); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RC4

Multi-chip standalone

"The Caymas 318 and Caymas 525 are the world's first Identity-Driven Access Gateways, combining universal access, Identity-Based access control, integrated application security and federated policy enforcement. Caymas products are hardened, purpose-built appliances, with custom acceleration hardware allowing them to scale to thousands of users and multi-gigabit speeds in a single platform. With no per user or per feature pricing, Caymas gateways deliver radical price/performance for enterprises extending their information assets to internal and external users."
566 WRQ, Inc.
1500 Dexter Avenue North
Seattle, WA 98109
USA

-Donovan Deakin
TEL: 206-217-7500
FAX: 206-217-7515

CST Lab: NVLAP 100432-0

Reflection Security Component for Java
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/19/2005 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX 400 running Microsoft Windows 2000 Professional SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; HP Proliant ML 330 running Microsoft Windows 2000 Server SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1 (configured in single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #305); AES (Cert. #213); RSA (Cert. #45); DSA (Cert. #126); SHS (Cert. #293); RNG (Cert. #57); HMAC (Cert. #20)

-Other algorithms: DES (Cert. #288); MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Reflection® for the Web provides terminal emulation from a web browser. With this server-based solution you can connect local or remote users to applications on IBM, HP, UNIX, and OpenVMS hosts. You can also use its comprehensive management, security, and customization features to boost IT efficiency and user productivity."
565 Schweitzer Engineering Laboratories, Inc.
2545 NE Hopkins Court
Pullman, WA 99163-5603
USA

-David Whitehead
TEL: 509-336-2417
FAX: 509-336-2406

CST Lab: NVLAP 100432-0

SEL-3021 Serial Encrypting Transceiver
(Hardware Version: P/N SEL-3021, Version 00004CA8; Firmware Version: SEL-3021-R105-V0-Z002001-D20050701)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/19/2005 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #202); SHS (Cert. #279); HMAC (Cert. #14); RNG (Cert. #46)

-Other algorithms: N/A

Multi-chip standalone

"The SEL-3021 Serial Encrypting Transceiver is a bump-in-the-wire encryption device designed to add strong cryptographic security to new serial communications links and to provide an easy and effective security solution for existing serial communications networks. It is designed for use on both point-to-point byte oriented communications links and multidrop SCADA networks."
564 SkyTel Corp.
500 Clinton Center Drive
Bldg. 2, Floor 4
Clinton, MS 39056
USA

-Mike Sheffield
TEL: 601-460-3627
FAX: 888-944-7396

CST Lab: NVLAP 100432-0

SkyTel ST900 Secure 2Way
(Hardware Version: P/N ST900, Version 2.0; Firmware Versions: 20050624 ver.f.2.9 and 20050705 ver.f.3.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/19/2005;
10/13/2005
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #261); RNG (Cert. #95); HMAC (Cert. #74); SHS (Cert. #341)

-Other algorithms: Elliptic Curve Diffie-Hellman (key agreement)

Multi-chip standalone

"SkyTel ST900 Secure 2Way is a wireless product for agencies transmitting sensitive and critical communications. The device, an ST900 2Way pager, operates on narrowband PCS, recommended for reliability and superior inbuilding penetration. It is password-protected, with AES encryption and encryption key establishment based on ANSI X9.63."
563 Snapshield, Ltd.
1 Research Court
Suite 450
Rockville, MD 20850
USA

-Uri Naor
TEL: 301-216-3805
FAX: 301-519-8001

-Rolando Rosas - Snap Defense Systems, LLC
TEL: 703-766-6540
FAX: 703-766-6501

CST Lab: NVLAP 100432-0

SNAPcell
(Hardware Version: P/N Snapcell, Version 1.5; Firmware Versions: 5133 050322.2 SnapP2P.2 and 5133 050322.2 SnapP2MP.2)

Snapcell
(Hardware Version: P/N Snapcell-F, Version 1.5; Firmware Versions: SnapP2P.2 and SnapP2MP.2)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/19/2005;
12/02/2005;
12/22/2005;
01/13/2006
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #212); SHS (Cert. #289); RNG (Cert. #53)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"SNAPcell is a plug-in cellular accessory for Sony Ericsson handsets which enable secure end-to-end GSM communications. SNAPcell draws a new key for each session. SNAPcell requires minimum user intervention with seamless operation and due to the efficient implementation of the encryption algorithms it has minimum impact on the handset battery life. SNAPcell can be used across all four GSM frequency bands and the handset or the subscriber cannot be identifiable within the network. SNAPcell can be easily transferred from one device to another."

"Snapcell is a high assurance, lightweight, micro-adapter that secures cellular communications, end-to-end on any GSM frequency (850/900/1800/1900). Snapcell is compatible with standard Sony-Ericsson (GSM) mobile phones. Snapcell is approved for exporting outside the USA. Snapcell is also available with an optional centralized enterprise manager gateway (CEMG) that provides a secure single-point of administration for networking up to several thousands of users over public and private networks. Snapcell is currently deployed by the U.S. Special Forces, U.S. Navy, Coalition partners and financial institutions in over 30 countries."

562 Wei Dai
13440 SE 24th Street
Bellevue, WA 98005
USA

-Wei Dai
TEL: 425-562-9677

CST Lab: NVLAP 200002-0

Crypto++ Library
(Software Version: 5.2.3)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 07/29/2005;
08/24/2005;
10/28/2005
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional, Service Pack 1 (single user mode)

-FIPS-approved algorithms: Skipjack (Cert. #14); Triple-DES (Cert. #309); AES (Cert. #216); SHS (Certs. #134 and #298); DSA (Cert. #79); RSA (Cert. #50); ECDSA (Cert. #5); HMAC (Cert. #26); RNG (Cert. #61); Triple-DES MAC (Cert. #309, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. The dynamic link library (DLL) is FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
561 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Bill Bialick
TEL: 410-964-6400
FAX: 410-964-5154

CST Lab: NVLAP 200017-0

LYNKS Privacy Card
(Hardware Version 2.0; Firmware Version: 1.c)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/29/2005 Overall Level: 2 

-FIPS-approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1)

-Other algorithms: DES (Cert. #50); RSA (non-compliant); Triple-DES; Diffie-Hellman (key agreement)); MD5; KEA

Multi-chip standalone

"The SPYRUS family of LYNKS Privacy Card tokens provides high performance, high assurance cryptographic processing in a personal, portable PC card form factor. The LYNKS Privacy Card product enables security- critical capabilities such as user authentication, message privacy and integrity, authentication, and secure storage in rugged, tamper-evident hardware."
560 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Klorida Miraj
TEL: 425-421-5229

-Katharine Holdsworth
TEL: 425-706-7923

CST Lab: NVLAP 200427-0

Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH)
(Software Versions: 5.01.01603 [1], 5.00.911762 [1], 5.04.17228 [2], 5.05.19202 [2] and 5.05.21840 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/29/2005
08/24/2005;
06/21/2006;
06/28/2006;
06/29/2006;
12/08/2006;
05/14/2007;
02/21/2008;
04/04/2008;
10/30/2009
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows CE 5.01, Windows CE 5.00, Windows Mobile 6.0, Windows Mobile 6.1 and 6.5

-FIPS-approved algorithms: AES (Certs. #224 [1] and #507 [2]); Triple-DES (Certs. #315 [1] and #517 [2]); RSA (Certs. #52 [1] and #222 [2]); RNG (Certs. #66 [1] and #286 [2]); SHS (Certs. #305 [1] and #578 [2]); HMAC (Certs. #31 [1] and #260 [2])

-Other algorithms: DES (Cert. #296 [1]); MD5; HMACMD5; RC2; RC4; DES [2]

Multi-chip standalone

"Microsoft Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) is a general-purpose, software-based, cryptographic module for Windows CE and Windows Mobile. It can be dynamically linked into applications by software developers to permit the use of generalpurpose cryptography."
559 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

-David Passamonte
TEL: 978-288-8973
FAX: 978-288-4004

CST Lab: NVLAP 200427-0

Contivity® VPN Client
(Software Version: 5.11_021)

(When operated in FIPS mode with Microsoft® Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 07/25/2005;
08/24/2005;
08/29/2005
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional Service Pack 2 (in single-user mode)

-FIPS-approved algorithms: AES (Cert. #218); Triple-DES (Cert. #310); SHS (Cert. #299); HMAC (Cert. #28); RNG (Cert. #62)

-Other algorithms: Diffie-Hellman (key agreement); DES; 40-bit DES; MD5; ECDH (key agreement); HMAC-MD5

Multi-chip standalone

"The Contivity VPN Client provides stable, secure network access via Nortel VPN routers and VPN gateways. The client can be preconfigured and customized by IT administrators for quick install and connect, or easily configured by end users via the connection wizard. The VPN client works over all IP infrastructures including all wireless, broadband, and satellite services. The VPN client also supports seamless roaming, enabling a user to roam wirelessly without losing the virtual connection."
558 ActivCard, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-745-6211
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5
(Hardware Versions: P/N 77, Version E302, E303-063683, E303-063792; Firmware Versions: ACA v2.5.1, PKI/GC/SKI v2.5.1, SMA v2.5.1, ASC v2.5.1)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/25/2005;
05/26/2006
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed);

Single-chip

"The ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5: Provides enhanced functionality, flexibility, and security based on the ActivCard Applet v2 frameworks; Is backward compatible with earlier versions of ActivCard applets; Offers a more open, stable, and flexible platform on which developers can build and deploy smart card applications; Is compliant with GSC-IS 2.1 virtual machine command interface; Supports GSC-IS 2.1 data model."
557 Telkonet Communications, Inc.
20374 Seneca Meadows Pkwy
Germantown, MD 20876-7004
USA

-Jill Parlett
TEL: 410-627-3994
FAX: 240-912-1839

CST Lab: NVLAP 200416-0

Telkonet G3 Series iBridge and Telkonet G3 Series eXtender
(Hardware Versions: iBridge: IB8000, IB8001, IB8011, IB8200, IB8201, IB8211; eXtender: X7000, X7001, X7011, X7200, X7201, X7211; Firmware Versions: 2.12, 2.41 and 2.53)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/25/2005;
04/04/2006;
08/29/2007
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #223)

-Other algorithms: RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength); MD5

Multi-chip standalone

"The Telkonet system uses power line communications (PLC) technology to deliver broadband internet to a building's existing electrical wiring. The system consists of four components: The Telkonet Gateway, Telkonet iBridge, Telkonet eXtender and Telkonet Coupler."
556 JP Mobile, Inc.
12000 Ford Road
Suite 400
Dallas, TX 75234
USA

-Kishore Kankipati
TEL: 972-277-8340
FAX: 972-484-4154

CST Lab: NVLAP 200427-0

SureWave Mobile Defense Security Kernel
(Software Version: 5.0.050107)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/07/2005 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft PocketPC 2003 Premium

-FIPS-approved algorithms: AES (Cert. #221); SHS (Cert. #302); Triple-DES (Cert. #313); Triple-DES MAC (Cert. #313, vendor affirmed); RNG (Cert. #65)

-Other algorithms: DES (Cert. #294); Blowfish; MD5

Multi-chip standalone

"The SureWave Mobile Defense Security Kernel controls the cryptographic functions of various versions of the SureWave Mobile Defense 4.0 software for Palm, Pocket PC, and Symbian OS enabled devices. Although the same kernel is used in all versions of PDA Defense 4.0, it has only been tested and validated for use on the Pocket PC 2003 Premium."
555 Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Javier Lorenzo
TEL: 858-625-5020

-Hui Chen
TEL: 510-936-4839

CST Lab: NVLAP 200427-0

Sun Cryptographic Accelerator 4000
(Hardware Versions: 501-6040-02 and 501-6040-03 (Fiber), 501-6039-05 and 501-6039-06 (UTP/Copper); Firmware Versions: 2.0 and 2.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/07/2005;
07/28/2005;
09/16/2005
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #190); AES (Cert. #79); SHS (Certs. #171 and #172); HMAC (Certs. #34 and #88); DSA (Cert. #92); RNG (Cert. #108); RSA (Cert. #95)

-Other algorithms: DES (Cert. #225); MD5; HMAC-MD5; RC2

Multi-chip embedded

"The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software."
554 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-924-3500
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Versions: DS1955B PB3 - 3.02 and DS1955B PB5 - 5.00)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/29/2005;
10/18/2005;
03/29/2006
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #185, vendor affirmed); RNG (Cert. #86)

-Other algorithms: DES (Cert. #222); HMAC (non-compliant)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the Canada Post Corporations Digital Indicia Standard. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digitial metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
553 Telkonet Communications, Inc.
20374 Seneca Meadows Pkwy
Germantown, MD 20876-7004
USA

-Jill Parlett
TEL: 410-627-3994
FAX: 240-912-1839

CST Lab: NVLAP 200416-0

Telkonet G3 Series Gateway
(Hardware Versions: G3001 and G3201; Firmware Versions: GAF4.1.0, GAF4.2.0 and GAF4.2.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/27/2005;
07/07/2005;
03/29/2006;
08/29/2007
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #223)

-Other algorithms: RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength); MD5

Multi-chip standalone

"The Telkonet system uses power line communications (PLC) technology to deliver broadband internet to a building's existing electrical wiring. The system consists of four components: The Telkonet Gateway, Telkonet iBridge, Telkonet eXtender and Telkonet Coupler."
552 Gemplus Corp.
Avenue du Pic de Bretagne
BP 100
Gemenos Cedex, 13881
France

-Anthony Vella
TEL: +33 (0) 4 42 36 61 38

CST Lab: NVLAP 200427-0

GemXpresso Pro R3 E64 PK - FIPS with DAL C3 Applet Suite
(Hardware Version: GP92; Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR, Applets: Access Control Applet Version 1.0 and GSC Service Applet Version 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/20/2005 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #95); SHS (Cert. #82); RSA (Cert. #33); Triple-DES MAC (Cert. #95, vendor affirmed); RNG (Cert. #44)

-Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed);

Single-chip

"This module is based on a Gemplus Open OS Smart Card with a large 64K EEPROM memory, and on a cryptographic applet suite developed by Dreifus Associates LTD. Inc. The SmartCard platform has on board Triple DES and RSA algorithms and provides on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container and PKI . The module conforms to Java Card 2.1.1, Global Platform 2.0.1', and GSC-IS v2.1 standards-Card Edge Interface for VM cards, and is very well suited for US Government and Federal projects."
551 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0

N94i/155 SMM
(Hardware Version: 3000186T A; Firmware Versions: 3800157W Version L4 (SH1), 3800159Y Version F (SH2))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/16/2005;
10/03/2006
Overall Level: 3 

-FIPS-approved algorithms: DSA (Cert. #120); SHS (Cert. #41); RNG (Cert. #38); ECDSA (vendor affirmed)

-Other algorithms:

Multi-chip embedded

"The N94i/155 module is a postage meter supporting accounting and cryptographic functions for secure electronic transactions. Associated to a document transport system and an inkjet printhead, the module is capable of producing up to 110 envelopes per minute."
550 Priva Technologies, Inc.
1054 S. De Anza Blvd.
Suite 201
San Jose, CA 95129
USA

-William Sibert
TEL: 312-560-5317
FAX: 208-330-3470

CST Lab: NVLAP 100432-0

Priva Technologies Cleared IC
(Hardware Version: P/N PC1002SC-2 Version 3.0; Firmware Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/09/2005 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #299)

-Other algorithms:

Single-chip

"This tamper protected custom integrated circuit provides secure cryptographic and multi-factor authentication services, including encryption/decryption, secure transactions, data verification, key storage, and further key management and non-repudiation functions as part of the Priva Technologies Cleared Security Platform."
549 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151
USA

-Chrisophe Goyet
TEL: 703-263-0100
FAX: 703-263-7134

CST Lab: NVLAP 100432-0

ID-One Cosmo 64 v5
(Hardware Version: P/N 77; Firmware Version: E303-063792)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/09/2005;
09/23/2005;
08/16/2006;
04/30/2007
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed);

Single-chip

"The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government market needs. It offers a full 64K Byte of EEPROm space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, Elliptic Curve and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional feature include On-Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
548 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-7134

CST Lab: NVLAP 100432-0

ID-One Cosmo 64 v5
(Hardware Version: P/N 77; Firmware Versions: E303-063683 and E303-063684)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/09/2005;
09/23/2005;
05/16/2006;
08/16/2006;
04/30/2007;
10/15/2007
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed)

Single-chip

"The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government market needs. It offers a full 64K Byte of EEPROM space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, Elliptic Curve and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional features include On- Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
547 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Dennis Crowe
TEL: 203-924-3500
FAX: 203-924-3352

CST Lab: NVLAP 100432-0

Compliant Meter Postal Security Device (CoMet PSD)
(Hardware Versions: US: 1A00ABA Revision A and 1A0TAAA Revision A; German: 1A51AAA Revision B; Canada: 1AECABA Revision A and 1ACTAAA.)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005;
02/24/2006
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #98); Triple-DES MAC (Cert. #98, vendor affirmed); DSA (Cert. #58); SHS (Cert. #86); HMAC-SHA-1 (Cert. #86, vendor affirmed); Skipjack (Cert. #6); ECDSA (ANSI X9.62, vendor affirmed); RNG (vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1, key wrapping)

Multi-chip standalone

"The Pitney Bowes Compliant Meter Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Canada Post Corporations Digital Indicia Standard, and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
546 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-3032

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen 204 and 208
(Hardware Version: P/N NS-204 and NS-208, Version 0110; Firmware Version ScreenOS 5.0 r9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005;
06/10/2005
12/02/2005;
01/26/2006;
06/20/2006
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Juniper Networks NetScreen-204 and 208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
545 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-3032

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-5400
(Hardware Version: P/N NS-5400 Version 3010; Firmware Version ScreenOS 5.0 r9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005;
06/10/2005
12/02/2005;
01/26/2006;
06/20/2006
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert #33)

-Other algorithms: DES (Certs. #174 and #184) ; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Juniper Networks NetScreen-5400 is a purpose-built, highperformance security system designed to deliver a new level of highperformance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5400 security system integrates firewall, DoS, DDoS protection, VPN, and traffic management functionality in lowprofile modular chassis."
544 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-3032

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-5200
(Hardware Version: P/N NS-5200 Version 3010; Firmware Version ScreenOS 5.0 r9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005;
06/10/2005
12/02/2005;
01/26/2006;
06/20/2006
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Juniper Networks NetScreen-5200 is a purpose-built, highperformance security system designed to deliver a new level of highperformance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5200 security system integrates firewall, DoS and DDoS protection, VPN, and traffic management functionality in lowprofile modular chassis."
543 Utimaco® Safeware AG
Germanusstr. 4
Aachen, 52080
Germany

-Rainer Herbertz
TEL: +49 241 1696 240
FAX: +49 241 1696 222

CST Lab: NVLAP 100432-0

CryptoServer® 2000
(Hardware Version: P/N CryptoServer® 2000, Version 1.0.2.0; Firmware Version: 1.0.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005 Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #284); Triple-DES MAC (Cert. #284, vendor affirmed); AES (Cert. #182); SHS (Certs. #268 and #297); RSA (Certs. #25 and #49); RNG (Cert. #34)

-Other algorithms: Diffie-Hellman (key agreement); IDEA; Safer; MD5; MDC-2; RIPEMD-160; Retail-TDES MAC; AES MAC; DES

Multi-chip embedded

"The CryptoServer® 2000 is an encapsulated, highly tamper protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verifying of data, random number generation, on-board secure key generation, key storage, and further key management functions."
542 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder FIPS Module
(Software Versions: 2.0 and 2.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/02/2005;
03/16/2006;
08/29/2006;
11/06/2006;
07/20/2007;
09/12/2007;
04/29/2008;
06/24/2008;
03/06/2009;
10/16/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Red Hat Linux Application Server 3.0, x86; Solaris 2.9, SPARC 32- bit; SPARC; Solaris 2.9, SPARC 64-bit; SPARC; HP-UX 11.00, 32-bit PA-RISC; HP-UX 11.00, 64-bit PA-RISC; Windows 2003, x86; Windows 2003, Itanium; AIX 5.2, 32-bit Power PC; AIX 5.2, 64-bit Power PC; Red Hat Linux Application Server 3.0, Itanium; HP-UX 11i, Itanium; Windows CE 3.0, ARM; Symbian 9, ARM; Linux 64-bit; Windows 64-bit, x86; Windows Vista, x86; Windows Vista 64 bit, 64 bit x86; HPUX B11 32-bit IA64; Solaris 8 32 Bit; Solaris 10 64 Bit; and Red Hat Linux AS 4.0 32 bit and 64 bit on an IBM PowerPC 5 (all in single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #276); AES (Cert. #175); SHS (Cert. #260); RSA (Cert. #20); HMAC (Cert. #9); RNG (Cert. #25); DSA (Cert. #115); ECDSA (Cert. #1)

-Other algorithms: DES (Cert. #272); DES-X; Diffie-Hellman (key agreement); ECDH (key agreement); ECMQV (key agreement); ARC2; ARC4; MD2; MD5; HMAC-MD5

Multi-chip standalone

"The Security Builder FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API. The module can also be used in conjunction with other C."
541 AEP Networks
Focus 31, West Wing
Cleveland Rd
New Hempstead, Herts HP2 7BW
United Kingdom

-Paul Goffin
TEL: +44 1442 458624

-David Miller
TEL: +44 1442 458600
FAX: +44 1442 458601

CST Lab: NVLAP 200017-0

AEP Enterprise CM
(Hardware Version: 2731_G1; Firmware Version: 1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/02/2005 Overall Level: 4 

-FIPS-approved algorithms: Triple-DES (Cert. #290); AES (Cert. #196); DSA (Cert. #123); SHS (Cert. #275); RNG (Cert. #41); RSA (Cert. #32); Triple-DES MAC (Cert. #290, vendor affirmed)

-Other algorithms: DES (Cert. #281); MD5; Diffie-Hellman (key agreement); XOR

Multi-chip embedded

"The AEP Enterprise CM by AEP Networks offers the next generation security platform for managing cryptographic keys and protecting sensitive applications. The AEP Enterprise CM is a hardware security module (HSM) designed for managing mission critical applications that demand maximum security. It is ideally suited for companies that need secure key management for certification authorities, registration authorities, OCSP responders, smart card issuers, web servers and other applications."
540 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-3032

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-500
(Hardware Version: P/N NS-500 Version 4110; Firmware Version ScreenOS 5.0 r9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005;
06/10/2005
12/02/2005;
01/26/2006;
06/20/2006
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #244); Triple-DES (Cert. #50); DSA (Cert. #134); SHS (Cert. #47); RSA (Cert. #23); HMAC (Cert. #54); RNG (Cert. #32)

-Other algorithms: DES (Cert. #115); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Juniper Networks NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
539 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Mike Kouri
TEL: 408-936-8206
FAX: 408-936-3032

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-5XT
(Hardware Version: P/N NS-5XT Version 1010; Firmware Version ScreenOS 5.0 r9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005;
06/10/2005
12/02/2005;
01/26/2006;
06/20/2006
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Juniper Networks NetScreen-5XT is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10 Base-T Ethernet ports (trust and untrusted), the Juniper Networks NetScreen-5XT performs at near wirespeed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
538 Rockwell Collins, Inc.
400 Collins Road NE
Cedar Rapids, IA 52498
USA

TEL: 319-295-5997

CST Lab: NVLAP 200002-0

Common Crypto Circuit Card Assembly
(Hardware Version: 944-2541-002; Software Version: 091-3186-001)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005 Overall Level: 1 

-Physical Security: Level 2
-Design Assurance: Level 2

-FIPS-approved algorithms: AES (Cert. #169)

-Other algorithms: Serpent; Twofish; Triple-DES

Multi-chip embedded

"The Common Crypto Circuit Card Assembly is a module designed for use in Link 16 communication platforms. The module can be used in an external cryptographic application or embedded in an internal application. The module hosts four commercial cryptographic algorithms for data encryption/decryption. The algorithms are stored in memory. One of the four algorithms is selected for use and loaded. The module accepts up to eight keys which are externally generated and loaded. The AES algorithm operates in a FIPS-approved mode."
537 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI
(Hardware Versions: nC4033P-4K0, nC4033P-800, and nC4033P-50 Build Standard C; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3 +EFP
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware module that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
536 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI
(Hardware Versions: nC4033P-4K0, nC4033P-800, and nC4033P-50 Build Standard C; Firmware Version: 2.18.15-3)

(When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware module that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
535 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nToken
(Hardware Version: nC2022P-000 Build Standard E; Firmware Version: 2.18.15)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: N/A

Multi-chip embedded

"The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
534 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI, nForce 1600 PCI, and nForce 800 PCI
(Hardware Versions: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, nC3033P-1K6, and nC3033P-800 Build Standard C; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers.. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
533 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI, nForce 1600 PCI, and nForce 800 PCI
(Hardware Versions: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, nC3033P-1K6, and nC3033P-800 Build Standard C; Firmware Version: 2.18.15-3)

(When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
06/06/2005;
03/09/2006;
03/15/2006
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
532 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 PCI and nForce 300 PCI
(Hardware Versions: nC3022P-150 and nC3022P-300 Build Standard E; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
531 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 SCSI and nForce 400 SCSI
(Hardware Versions: nC3022W-150 and nC3022W-400 Build Standard D; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
530 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 SCSI and F2 Ultrasign SCSI
(Hardware Versions: nC4022W-150 and nC4022W-400 Build Standard DR; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
529 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 PCI and nShield F2 Ultrasign PCI
(Hardware Versions: nC4022P-150 and nC4022P-300 Build Standard ER; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
528 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher F3 PCI for NetHSM, nShield F3 PCI, nShield Lite, nShield F3 Ultrasign 32 PCI, nShield F3 Ultrasign PCI, payShield PCI, payShield Ultra PCI, and payShield Ultra PCI for NetHSM
(Hardware Versions: nC4032P-300N, nC4032P-150, nC4032P-30, nC4132P-300, nC4032P-300, nC4232P-150, nC4232P-300, and nC4232P-300N Standard ER Build; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
527 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher F3 PCI for NetHSM, nShield F3 PCI, nShield Lite, nShield F3 Ultrasign 32 PCI, nShield F3 Ultrasign PCI, payShield PCI, payShield Ultra PCI, and payShield Ultra PCI for NetHSM
(Hardware Versions: nC4032P-300N, nC4032P-150, nC4032P-30, nC4132P-300, nC4032P-300, nC4232P-150, nC4232P-300, and nC4232P-300N Standard ER Build; Firmware Version: 2.18.15-3)

(When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
526 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI, nShield F3 Ultrasign 32 SCSI, nShield F3 Ultrasign SCSI, payShield SCSI, and payShield Ultra SCSI
(Hardware Versions: nC4032W-150, nC4132W-400, nC4032W-400, nC4232W-150, and nC4232W-400 Build Standard DP; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
525 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI, nShield F3 Ultrasign 32 SCSI, nShield F3 Ultrasign SCSI, payShield SCSI, and payShield Ultra SCSI
(Hardware Versions: nC4032W-150, nC4132W-400, nC4032W-400, nC4232W-150, and nC4232W-400 Build Standard DP; Firmware Version: 2.18.15-3)

(When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
524 IBM® Corporation
2455 South Road
P330
Poughkeepsie, NY 12601
USA

-Barry Ward
TEL: 845-435-4881
FAX: 845-435-5540

-Kevin Gotze
TEL: 845-435-1056

CST Lab: NVLAP 100432-0

IBM eServer Cryptographic Coprocessor Security Module
(Hardware Version: P/N 16R0911, Model 4764-001; Firmware Version: 1.16)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/27/2005 Overall Level: 4 

-FIPS-approved algorithms: Triple-DES (Cert. #215); AES (Cert. #103); SHS (Cert. #194); DSA (Cert. #106); RNG (Cert. #36)

-Other algorithms: DES (Cert. #237); DES MAC (Cert. #237, vendor affirmed); MD5; RSA (ISO 9796)

Multi-chip embedded

"The IBM eServer Cryptographic Coprocessor Security Module, is a tamperresponding, programmable, cryptograhpic PCIX card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is available for use as a feature in IBM eServer, zSeries990 and zSeries890 servers."
523 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166-9309
USA

-Michael Teal
TEL: 571-434-2129
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

Cryptek Common Security Module (CSM)
(Hardware Versions: 5110N0017-1, 5110N0017-2, 5110N0017-3, 5110N0017-4; Firmware Versions: 2.1.9 and 2.4.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/27/2005;
06/29/2005;
10/13/2005
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24)

-Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5, Diffie-Hellman (key agreement)

Multi-chip embedded

"The CSM is a secure network product designed to enforce three distinct information flow policies: Mandatory Access Control (MAC), Discretionary access Control (DAC), and Packet filtering. The design can support multiple security domains on a single network infrastructure by combining cryptography and labeling technology. The Cryptek CSM hardware and firmware constitute the core technology used in the DiamondLink, DiamondVPN, DiamondPAK, DiamondSAT, DiamondUTC, CL100, CL150, CL100-F, CP102, CP104, CP106, CV100, CS101, CS102, and CT100."
522 Voltage Security, Inc.
1070 Arastradero Road
Suite 100
Palo Alto, CA 94304
USA

-Matt Pauker
TEL: 650-543-1280
FAX: 650-543-1279

CST Lab: NVLAP 100432-0

Voltage IBE Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/27/2005 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server, Windows 2003 Server, Windows XP Service Pack 2 (in single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #291); AES (Cert. #199); DSA (Cert. #124); SHS (Cert. #277); RNG (Cert. #43)

-Other algorithms: DES (Cert. #282); MD5; Identity Based Encryption (IBE)

Multi-chip standalone

"The Voltage IBE Cryptographic Module is a component of the Voltage IBE Toolkit, a set of development tools that enable any application to quickly and easily use Identity Based Encryption (IBE) to secure data. IBE uses simple strings like email or IP addresses as public keys, eliminating the need for certificates and associated management. The Voltage IBE Cryptographic Module also contains implementations of 3DES, AES, SHA- 1, and DSA. The Voltage IBE Toolkit is available for download at http://developer.voltage.com"
521 Communication Devices, Inc.
#1 Forstmann Court
Clifton, NJ 07011
USA

-Donald Snook
TEL: 973-772-6997
FAX: 973-772-0740

CST Lab: NVLAP 200002-0

Port Authority 88
(Hardware Version: 01-03-0780; Firmware Version: 2.15)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/07/2005 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #297); Triple-DES MAC (Cert. #297, vendor affirmed)

-Other algorithms:

Multi-chip standalone

"The Port Authority 88 is designed to protect firewall/router console port access. The device was designed to overcome the weaknesses of RADIUS and TACACS+ for remote access authentication. The Port Authority 88 stores its own database of up to 150 users right on board. The Port Authority 88 supports speeds up to 115.2 Kbps and has a built in V.34 internal modem. Full Triple-DES encryption is supported."
520 Communication Devices, Inc.
#1 Forstmann Court
Clifton, NJ 07011
USA

-Donald Snook
TEL: 973-772-6997
FAX: 973-772-0740

CST Lab: NVLAP 200002-0

Port Authority 44
(Hardware Version: 01-03-0782; Firmware Version: 2.15)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/07/2005 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #297); Triple-DES MAC (Cert. #297, vendor affirmed)

-Other algorithms:

Multi-chip standalone

"The Port Authority 44 is designed to protect firewall/router console port access. The device was designed to overcome the weaknesses of RADIUS and TACACS+ for remote access authentication. The Port Authority 44 stores its own database of up to 150 users right on board. The Port Authority 44 supports speeds up to 115.2 Kbps and has a built in V.34 internal modem. Full Triple-DES encryption is supported."
519 Avaya, Inc.
Atidim Technology Park
Tel Aviv, 61131
Israel

-Pesah Spector
TEL: +972 3645 9162
FAX: +972 3645 8462

CST Lab: NVLAP 100432-0

G350 Branch Office Media Gateway w/FIPS
(Hardware Version: P/N 700356249 Version 1.0; Firmware Version: 23.18.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/07/2005;
05/05/2005
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #273); AES (Cert. #171); SHS (Cert. #256); HMAC-SHA-1 (Cert. #256, vendor affirmed); RSA (Cert. #17); RNG (Cert. #21)

-Other algorithms: DES (Cert. #269); Diffie-Hellman (key agreement); MD5; H248 Link Encryption; Avaya Media Encryption; SSHv2

Multi-chip standalone

"The Avaya G350 Branch Office Media Gateway is a complete branch office business communications system that integrates an IP telephony gateway, an advanced IP WAN router, and a high performance LAN switch into a compact (3U) modular chassis. Ideally suited for enterprise with distributed branch office locations of 8-40 extensions, the G350 replaces the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
518 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 831 Secure Broadband Router
(Hardware Version: 831; Firmware Version: 12.3(8)T5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/07/2005;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #271); AES (Cert. #46); RNG (Cert. #31); SHS (Cert. #252); HMAC-SHA-1 (Cert. #252; vendor affirmed)

-Other algorithms: DES (Cert. #267); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RSA (non-compliant)

Multi-chip standalone

"Branch office networking requirements are dramatically evolving, driven by web and e-commerce applications to enhance productivity and merging the voice and data infrastructure to reduce costs. The Cisco 831 Secure Broadband Router provides a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
517 SafeNet Canada, Inc. and Cavium Networks
One Chrysalis Way
Ottawa, Ontario K2G 6P9
Canada

-Randy Kun
TEL: 613-723-5076 x3427
FAX: 613-274-6365

-Rajneesh Gaur
TEL: 408-844-8420 x212
FAX: 408-844-8418

CST Lab: NVLAP 200427-0

Luna K4 Cryptographic Module / NITROX XL CN1120-NFB Acceleration Board, NITROX XL CN1010-NFB Acceleration Board, NITROX XL CN1005-NFB Acceleration Board
(Hardware Versions: VBD-02-0200 and VBD-02-0201; Firmware Version: 4.3.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/22/2005;
12/02/2005
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #189 and #191); Triple-DES (Certs. #286 and #287); DSA (Cert. #119); RSA (Certs. #27 and #28); ECDSA (Cert. #3); SHS (Cert. #270); HMAC (Cert. #4); Triple-DES MAC (Certs. #286 and #287, vendor affirmed); RNG (Cert. #37)

-Other algorithms: DES (Certs. #276 and #277); DES MAC (Certs. #276 and #277, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; DH-1024; CAST-MAC; CAST3-MAC; CAST5-MAC; HMAC-MD5; KCDSA; AES MAC; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement)

Multi-chip embedded

"The SafeNet K4 Cryptographic Module is a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
516 SafeNet Canada, Inc. and Cavium Networks
One Chrysalis Way
Ottawa, Ontario K2G 6P9
Canada

-Randy Kun
TEL: 613-723-5076 x3427
FAX: 613-274-6365

-Rajneesh Gaur
TEL: 408-844-8420 x212
FAX: 408-844-8418

CST Lab: NVLAP 200427-0

Luna K4 Cryptographic Module / NITROX XL CN1120-NFB Acceleration Board, NITROX XL CN1010-NFB Acceleration Board, NITROX XL CN1005-NFB Acceleration Board
(Hardware Versions: VBD-02-0200 and VBD-02-0201; Firmware Version: 4.3.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/22/2005;
12/02/2005
Overall Level: 3 

-FIPS-approved algorithms: AES (Certs. #189 and #191); Triple-DES (Certs. #286 and #287); DSA (Cert. #119); RSA (Certs. #27 and #28); ECDSA (Cert. #3); SHS (Cert. #270); HMAC (Cert. #4); Triple-DES MAC (Certs. #286 and #287, vendor affirmed); RNG (Cert. #37)

-Other algorithms: DES (Certs. #276 and #277); DES MAC (Certs. #276 and #277, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; DH-1024; CAST-MAC; CAST3-MAC; CAST5-MAC; HMAC-MD5; KCDSA; AES MAC; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement)

Multi-chip embedded

"The SafeNet K4 Cryptographic Module is a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
515 GuardianEdge Technologies, Inc.
475 Brannan Street
Suite 400
San Francisco, CA 94107
USA

-Seth Ross
TEL: 415-683-2240
FAX: 415-683-2349

CST Lab: NVLAP 100432-0

Encryption Plus Cryptographic Library
(Software Versions: 1.0.1, 1.0.2 and 1.0.4)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/22/2005;
02/23/2006;
02/24/2006;
02/27/2006;
11/28/2007;
04/29/2008;
05/08/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 for Versions 1.0.1 and 1.0.2 with Microsoft Windows 2000 Service Pack 4 (in single-user mode) and Version 1.0.4 with Microsoft Windows Vista Ultimate Service Pack 1 and Microsoft Windows XP Service Pack 2 (in single-user mode)

-FIPS-approved algorithms: AES (Certs. #154 and #759); HMAC-SHA-1 (Cert. #239, vendor affirmed); HMAC (Cert. #414); SHS (Certs. #239 and #766); RNG (Certs. #45 and #437)

-Other algorithms: N/A

Multi-chip standalone

"The Encryption Plus Cryptographic Library is a compact and fast encryption module that provides cryptographic services to the following products: GuardianEdge Data Protection Framework, GuardianEdge Hard Disk Encryption, GuardianEdge Removable Storage Encryption, Encryption Anywhere Hard Disk, Encryption Anywhere Removable Storage, Encryption Anywhere CD-DVD, Encryption Plus Hard Disk, Encryption Plus Email, and Encryption Plus Folders."
514 WRQ, Inc.
1500 Dexter Avenue North
Seattle, WA 98109
USA

-Eric Raisters
TEL: 206-217-7100
FAX: 206-217-7515

CST Lab: NVLAP 100432-0

Reflection Security Component (RSC)
(Software Version: 12.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/15/2005 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 SP3 (in single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #278, #279 and #280); AES (Cert. #176); RSA (Cert. #21); DSA (Cert. #116); SHS (Certs. #261, #262 and #263); HMAC-SHA-1 (Certs. #261, #262 and #263, vendor affirmed); RNG (#26)

-Other algorithms: DES (Certs. #273 and #274); Diffie-Hellman (key agreement); Blowfish; Arcfour; CAST; RIPEMD 160; MD4; MD5; HMAC-MD5

Multi-chip standalone

"WRQ Reflection software provides a complete range of terminal-emulation and PC X-server solutions for host access from Windows PCs. Each solution is specifically designed to boost IT efficiency and user productivity and includes full support for popular network security protocols such as Secure Shell, TLS/SSL, and Kerberos."
513 RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

-Jim Spence
TEL: 785-856-1300
FAX: 785-856-1302

CST Lab: NVLAP 100432-0

DPHx Radio with LZA0577 Cryptographic Module
(Hardware Version: P/N DPHX5102X Versions 110504, 120104, 040805, 052005, 011606 and 030206; Firmware Versions: 722-05058-0000, 722-05059-0000, 722-05060-0000, 722-05061-0000)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/15/2005;
04/20/2005;
06/06/2005;
01/31/2006;
03/29/2006
Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #195); RSA (Cert. #31); ShA-1 (Cert. #274)

-Other algorithms: DES (Cert. #280); NDRNG

Multi-chip standalone

"The DPHx Radio with LZA0577 Cryptographic Module is a public safety radio that provides secure, encrypted digital communication."
512 E.F. Johnson Co.
123 N. State St.
Waseca, MN 56093
USA

-John Oblak
TEL: 507-837-5116
FAX: 507-837-5120

CST Lab: NVLAP 100432-0

Communication Cryptographic Library (CCL)
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/15/2004;
05/05/2005
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP1; Pocket PC 2003 (in single-user mode)

-FIPS-approved algorithms: AES (Cert. #131); SHS (Cert. #215); DSA (Cert. #101); HMAC-SHA-1 (Cert. #215, vendor affirmed); RNG (Cert. #6)

-Other algorithms: DES (Cert. #248); SecureNet DES 1 bit CFB with differential encoding and decoding; DES 8 bit CFB; DES 8 bit OFB; DES 1 bit CFB

Multi-chip standalone

"The E.F. Johnson Co. Communication Cryptographic Library (CCL) is a Microsoft Windows 2000/2003/XP and Pocket PC 2003 Dynamic Link Library that performs security related functions. The CCL is packaged as a Software Development Kit which makes available an Application Programming Interface (API) for all the security functions of the CCL. The security functions available via the APIs are: AES 128 bit, AES 192 bit, AES 256 bit, DES, DSA 1024 bit Signature Generation and Verification, HMAC, PRNG, and SHA-1. The CCL is used in the E.F. Johnson Subscriber Management Assistant key loader."
511 Forum Systems, Inc.
45 West 10000 South
Suite 415
Sandy, UT 84070
USA

-Bruce Herron
TEL: 425 882 9808
FAX: 801-313-4401

CST Lab: NVLAP 200017-0

Forum FIA Gateway 1504G
(Hardware Version: 1504; Firmware Version: 4.3)

(When operated in FIPS mode and using the nCipher 1600 PCI card (Cert. #402))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/28/2005;
03/02/2005
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #267); AES (Cert. #165); SHS (Cert. #249); HMAC-SHA-1 (Cert. #249, vendor affirmed); DSA (Cert. #60); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #265); Diffie-Hellman (key agreement); MD5; RC4

Multi-chip standalone

"Forum FIA Gateway provides the foundation infrastructure that drives a return on investment by enabling secure XML and Web services communications for mission critical applications. Forum FIA Gateway industry specific solutions include: government compliance, secure electronic forms, secure partner integration, secure partner collaboration, electronic notary, evidence repository as well as secure Service Oriented Architectures."
510 AEP Networks
40 West Gude Drive
Suite 100
Rockville, MD 20850
USA

-Chris Brook
TEL: 240-399-1214
FAX: 240-399-1250

CST Lab: NVLAP 200648-0

SmartGate
(Software Version: 4.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/28/2005;
03/02/2005;
05/23/2006
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux RedHat 7.2; Sun Solaris 8

-FIPS-approved algorithms: AES (Cert. #35); Triple-DES (Cert. #263); SHA-1 (Cert. #87); RSA (Cert. #11); RNG (Cert. #9)

-Other algorithms: DES (Cert. #159); DES MAC (Cert. #159, vendor affirmed); RC4; MD5

Multi-chip standalone

"SmartGate is one of the most comprehensive security products on the market. It is a virtual private network (VPN) software that provides secure encrypted channels between users outside your network and the applications and data contained within your network. Fine-grain access control ensures that authorized users are allowed access to specific applications only."
509 Dreifus Associates Limited, Inc.
3300 W. Lake Mary Blvd.
Suite 300
Lake Mary, FL 32746
USA

-Nicholas D. Pileggi Jr.
TEL: 407-585-2840
FAX: 407-531-9932

CST Lab: NVLAP 100432-0

DAL C32 Applet Suite on Axalto Cyberflex Access 64Kv1 Smart Card Chip
(Hardware Version: Cyberflex Access 64Kv1 P/N M512LACC1; Firmware Version: OS HardMask 5 v1, OS SoftMask 4 v1, AC Applet v1.0, GSC Service Applet v1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/28/2005;
03/23/2005
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (Cert. #58)

-Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed);

Single-chip

"The DAL C3 suite of Applets on the Axalto Cyberflex 64k smart card module provides digital signature, key generation, and secure storage of data. The smart card module conforms to Java Card 2.1.1, Open Platform 2.0.1, and GSC-ISv2.1. End users can utilize the module services for network authentication, physical access, digital signature, and secure storage."
508 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition (ME)
(Software Version: 1.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/28/2005;
10/07/2005;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Service Pack 4, Solaris 8 32-bit, Solaris 8 64-bit, Red Hat Linux 7.2, Red Hat Enterprise Linux Advanced Server 3.0, PocketPC 2003, AIX 5L 5.2, HP-UX 11.0 PARISC2.0, HP-UX 11.0 PARISC 2.0W, HP-UX 11.11 PARISC2.0, HP-UX 11.11 PARISC2.0W, VxWorks 5.4 PowerPC750, VxWorks 5.5 PowerPC7410, VxWorks 5.5 PowerQuicc II

-FIPS-approved algorithms: DSA (Cert. #121); Triple-DES (Cert. #288); AES (Cert. #192); SHS (Cert. #272); RSA (Cert. #29); RNG (Cert. #39); HMAC (Cert. #7)

-Other algorithms: DES (Cert. #278); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
507 ALERTCO RF/RFID
217 New Brighton Lane SE
Calgary, Alberta T2Z 0E3
Canada

-Gerry Smalley
TEL: 403-719-6249

CST Lab: NVLAP 100432-0

TIMAC Cryptographic Module
(Hardware Version: P/N EM01-01 Rev. 1.1; Firmware Version; 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/11/2005;
04/07/2005;
01/11/2012
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #149)

-Other algorithms:

Multi-chip embedded

"The TIMAC module is a 17 pin header mounted multi-chip embedded firmware microprocessor module used to encrypt and decrypt point-to-point or point-to-multipoint serial data. The device is a FIPS 140-2 Level 3 compliant and certified, high performance device implementing the AES algorithm operating in 128 bit ECB, CBC, and CFB modes. This encryption engine can be incorporated into OEM projects and products with the addition of a simple API to their hardware, for both hardwired and wireless applications, as well as any other highly secured applications such as Government and Financial Institutions. It can be used in other data transmission applications requiring NSA approved serial data encryption."
506 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Mike Siegel
TEL: 888-847-8766

CST Lab: NVLAP 200002-0

McAfee Endpoint Encryption for PCs Client (formerly SafeBoot Client)
(Software Version: 4.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/24/2005;
04/30/2007;
06/23/2008
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 withWindows 2000 Professional (Service Pack 2) and Windows XP Professional in single-user mode

-FIPS-approved algorithms: DSA (Certs. #53 and #112); AES (Certs. #21 and #170); RNG (Cert. #15); SHS (Certs. #71 and #254)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"McAfee Endpoint Encryption for PCs Client is a high performance software solution that provides sector-level encryption of a PC's hard drive in a manner that is totally transparent to the user. In addition, the centralized McAfee Endpoint Encryption management system provides robust recovery tools, administration, and implementation."
505 Meganet Corporation
350 South Figueroa Street
Suite 450
Los Angeles, CA 90071
USA

-Saul Backal
TEL: 213-620-1666
FAX: 213-620-1655

CST Lab: NVLAP 100432-0

VME Crypto Engine
(Version 4.4.0.0/M145)

(When operated with the Microsoft® Base Cryptographic Provider validated to FIPS 140-1 under Certificate #238 operating in FIPS mode for the operating systems specified)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/24/2005;
02/04/2005;
05/04/2005;
12/07/2007
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Version 2002 SP1. The following operating systems must use the Microsoft® Base Cryptographic Provider validated to FIPS 140-2 under Certificate #238 operating in FIPS mode: Windows 98, Second Edition, Windows ME Build 4.90.3000, Windows NT 4.0 Workstation SP 6, Windows NT 4.0 Server SP 6, Windows 2000 Professional SP4, Windows 2000 Server SP 4, Windows 2000 Advanced Server SP 4, Windows XP Home Edition SP 1, Windows Server 2003 Enterprise Edition (all in single-user mode)

-FIPS-approved algorithms: AES (Cert. #77); Triple-DES (Cert. #188); SHA-1 (Cert. #83); RSA (PKCS #1, vendor affirmed)

-Other algorithms: VME

Multi-chip standalone

"VME Crypto Engine is a suite of tools that make data encryption and decryption easy and reliable. VME Crypto Engine also provides tools that allow you to encrypt and decrypt email messages, chat sessions, files transmitted ftp, and more."
504 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo
TEL: 954-888-6200 x6202
FAX: 954-888-6211

CST Lab: NVLAP 200002-0

DC2K Security Module
(Hardware Version: 3.411 (build 1213B130_PL_Iss002); Software Version: v3.411, Magazines: Triple-DES magazine version DHDES3_V1_81, AES magazine versions DHAES128_V1_19, DHAES192_V1_10 and DHAES256_V1_10)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/24/2005;
10/13/2005
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #251); AES (Certs. #151, #152 and #153); SHS (Cert. #230); DSA (Cert. #104); RNG (Cert. #17)

-Other algorithms:

Multi-chip embedded

"The DC2K Security Module is a multiple-chip embedded cryptographic module installed in the Datacryptor® 2000 that secures communications using signed Diffie-Hellman key exchange and Triple-DES or AES encryption over point-to-point links, X.25, Frame Relay, and IP networks. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
503 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo
TEL: 954-888-6200 x6202
FAX: 954-888-6211

CST Lab: NVLAP 200002-0

DCAP Security Module
(Hardware Version: v3.511 (build 1213E130_PL_Iss003); Software Version: v3.511, Magazines: Triple-DES magazine version DHDES3_V1_95, AES magazine versions DHAES128_V1_31, DHAES192_V1_22 and DHAES256_V1_21)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/24/2005;
03/14/2005;
10/13/2005
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #282); AES (Certs. #178, #179 and #180); SHS (Cert. #266); DSA (Cert. #117); RNG (Cert. #29)

-Other algorithms:

Multi-chip embedded

"The DCAP Security Module is a multiple-chip embedded cryptographic module installed in the Datacryptor® Advanced Performance Cryptographic Module (known as the Datacryptor® AP). It secures communications using signed Diffie-Hellman key exchange and Triple- DES or AES encryption over IP networks. It provides data encryption rates of up to 100 Megabits per second (Mbps). The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
502 3e Technologies International, Inc.
700 King Farm Blvd.
Suite 600
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1403

CST Lab: NVLAP 200427-0

3e-525A, 3e-525N and 3e-519 Wireless Gateway
(Hardware and Firmware Versions: 3e-525A ([Hardware Version 1; Firmware Version 3.0.18.14] and [Hardware Version 2; Firmware Version 3.0.18.16]), 3e-525N ([Hardware Version 1; Firmware Version 3.0.18.14] and [Hardware Version 2; Firmware Version 3.0.18.16]) and 3e-519 ([Hardware Version 1; Firmware Version 3.0.18.14] and [Hardware Version 2; Firmware Version 3.0.18.16]))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/18/2005;
10/31/2005
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #292); AES (Cert. #200); HMAC (Cert. #13); SHS (Cert. #278); RNG (Cert. #22)

-Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1; non-compliant); MD5; RC4; DES; AES (non-compliant)

Multi-chip standalone

"A problem of increasing concern in the deployment of Wireless LANs throughout enterprise environments is security. 3e Technologies International meets this need by providing a secure, accessible, highperformance WLAN end-to-end solution, through its family of Secure Wireless Gateway/Access Points and Secure Client solutions. The 3e family of Secure Wireless Gateways implements a cryptographic suite including AES, 3DES, SHA-1, HMAC SHA-1, Diffie-Hellman, and HTTPS/TLS. These algorithms are used in combination to protect the main Gateway services of bridging from wired uplink LAN to the wire."
501 Dreifus Associates Limited, Inc.
3300 W. Lake Mary Blvd.
Suite 300
Lake Mary, FL 32746
USA

-Nicholas D. Pileggi Jr.
TEL: 407-585-2840
FAX: 407-531-9932

CST Lab: NVLAP 100432-0

DAL C3 Applet Suite on Axalto Cyberflex Access 64Kv1 Smart Card Chip
(Hardware Version: Cyberflex Access 64Kv1 P/N M512LACC1; Firmware Version: OS HardMask 5 v1, OS SoftMask 4 v1, AC Applet v1.0, GSC Service Applet v1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/18/2005 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed)

Single-chip

"The DAL C3 suite of Applets on the Axalto Cyberflex 64k smart card module provides digital signature, key generation, and secure storage of data. The smart card module conforms to Java Card 2.1.1, Open Platform 2.0.1, and GSC-ISv2.1. End users can utilize the module services for network authentication, physical access, digital signature, and secure storage."
500 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry® Cryptographic Kernel
(Firmware Versions: 3.8.0.18[1], 3.8.0.20[1], 3.8.0.23[1], 3.8.0.23b [1,2], 3.8.0.24[1], 3.8.0.24b[1,2], 3.8.0.26[1], 3.8.0.26b[1,2], 3.8.0.27[1] and 3.8.0.27b[1,2])

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 01/18/2005;
01/31/2005;
03/11/2005;
06/30/2005;
08/24/2005;
09/09/2005;
10/07/2005
Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry® 7230 with BlackBerry OS® Versions 3.8[1], 4.0[1] and 4.1[2]

-FIPS-approved algorithms: Triple-DES (Cert. #281); AES (Cert. #177); SHS (Cert. #264); HMAC (Cert. #1); RSA (Cert. #22); RNG (Cert. #27)

-Other algorithms: EC Diffie-Hellman (key agreement); ECMQV (key agreement)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
499 E.F. Johnson Co.
123 N. State St.
Waseca, MN 56093
USA

-John Oblak
TEL: 507-837-5116
FAX: 507-837-5120

CST Lab: NVLAP 100432-0

Subscriber Encryption Module (SEM)
(Hardware Versions: 023-5000-980, 023-5000-982; Firmware Version: 3.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/18/2005;
05/05/2005
Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #143); SHS (Cert. #238); HMAC-SHA-1 (Cert. #238, vendor affirmed); DSA (Cert. #110); RNG (Cert. #5 and FIPS 186-2 - general purpose, vendor affirmed)

-Other algorithms: DES (Cert. #253); SecureNet DES 1 bit CFB with differential encoding and decoding

Multi-chip embedded

"The E.F. Johnson Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the E.F. Johnson 5100 series radio with secure encrypted voice communication. The SEM supports AES OTAR, AES, DES, DSA, and SHA-1 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security."
498 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Dennis Crowe
TEL: 203-924-3612
FAX: 203-924-3352

CST Lab: NVLAP 100432-0

Compliant Meter Postal Security Device (CoMet PSD)
(Hardware Version: P/Ns 1A00 Version BAA, 1AEC Version AAA, 1APC Version ABC)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/18/2005 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #98); Triple-DES MAC (Cert. #98, vendor affirmed); DSA (Cert. #58); SHS (Cert. #86); Skipjack (Cert. #6); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert #86, vendor affirmed); ECDSA (vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Pitney Bowes Compliant Meter Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP) and with the Canada Post Corporation’s Digital Meter Indicia Specification 3457. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes IBIP Metering products. The PSD is a secure module employed within the metering product which performs high-speed cryptographic functions, funds management, and printer administration functions that preclude unauthorized disbursing of indicia. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
497 IBM® Corporation
11400 Burnet Road
Austin, TX 78758
USA

-Tom Benjamin
TEL: 512-436-1223
FAX: 512-436-8009

CST Lab: NVLAP 200427-0

IBM Java JCE 140-2 Cryptographic Module
(Software Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/07/2005;
01/11/2005;
09/07/2005
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional using IBM JVM 1.4.2 (single-user mode)

-FIPS-approved algorithms: AES (Cert. #78); Triple-DES (Cert. #189); DSA (Cert. #114); SHS (Cert. #259); HMAC-SHA-1 (Cert. #259, vendor affirmed); RSA (Cert. #18); RNG (Cert. #23)

-Other algorithms: Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.4.0 level and higher."
496 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Enterprise Server™ Cryptographic Kernel
(Software Version: 1.0.1.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/07/2005;
01/11/2005;
08/24/2005
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows NT Server 4.0 SP 6a

-FIPS-approved algorithms: Triple-DES (Cert. #216); AES (Cert. #104); SHS (Cert. #265); HMAC (Cert. #2); RNG (Cert. #28)

-Other algorithms: Rijndael

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
495 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo
TEL: 888-744-4976 x6202
FAX: 954-888-6211

CST Lab: NVLAP 200017-0

Thales Datacryptor Gigabit
(Hardware Version: C; Firmware Version: 2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/07/2005;
10/13/2005
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The Datacryptor Gigabit is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Datacryptor Gigabit has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it. Fully compatible with existing IP networks, the Datacryptor Gigabit can be seamlessly deployed into Gigabit Ethernet environments, including IP siteto-site VPNs and storage over IP networks. Its high-speed AES and 3DES IPSec processing eliminates bottlenecks while providing data authentication, confidentiality, and integrity."
494 F-Secure Corporation
Tammasaarenkatu 7
PL 24, Helsinki 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure® Cryptographic Library
(Software Versions: 2.2.5, 2.2.7 and 2.2.12 (Windows) and 1.1.8, 1.1.9 and 1.1.15 (Solaris))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/22/2004;
02/03/2005;
12/20/2006
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows 2000 Professional with Service Pack 3 and Q326886 Hotfix EAL 4 on Dell Optiplex GX 400 Personal Computer System, Trusted Solaris 8 7/03 EAL 4 on SunBlade 100

-FIPS-approved algorithms: Triple-DES (Certs. #255 and #257); AES (Certs. #145 and #148); SHS (Certs. #234 and #237); HMAC-SHA-1 and HMAC-SHA-256 (Certs. #234 and #237, vendor affirmed); DSA (Certs. #107 and #109); RSA (Certs. #190 and #192); RNG (Certs. #2 and #4)

-Other algorithms: DES (Certs. #257 and #259); DES (CTR); Blowfish; CAST-128; MD5; HMAC-MD5; Diffie-Hellman (key agreement)); RC2

Multi-chip standalone

"The F-Secure(R) Cryptographic Library(TM) is a family of software modules for a number of Windows and Unix platforms. The modules provide an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The Windows and Solaris versions are designed and implemented to meet the Level 2 requirements of FIPS publication 140-2 when running on an appropriate hardware under Windows 2000, Solaris 8 and Trusted Solaris 8 operating systems."
493 F-Secure Corporation
Tammasaarenkatu 7
PL 24, Helsinki 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure® Cryptographic Library
(Software Versions: 2.2.5, 2.2.7, 2.2.8 and 2.2.12 (Windows) and 1.1.8, 1.1.9, 1.1.10, 1.1.12 and 1.1.15 (Solaris/Linux/AIX/HP-UX))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/22/2004;
02/03/2005;
12/22/2005;
07/10/2006;
12/19/2006
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 98, Windows XP Professional, Windows ME, Windows 2000, HP-UX B.11.11, AIX 5, Trusted Solaris 8 7/03 and Linux RHEL 3 (all in single user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #255 and #257); AES (Certs. #145 and #148); SHS (Certs. #234 and #237); HMAC-SHA-1 and HMAC-SHA-256 (Certs. #234 and #237, vendor affirmed); DSA (Certs. #107 and #109); RSA (Certs. #190 and #192); RNG (Certs. #2 and #4)

-Other algorithms: DES (Certs. #257 and #259); DES (CTR); Blowfish; CAST-128; MD5; HMAC-MD5; Diffie-Hellman (key agreement); RC2; RIPEMD-160 (v1.1.10 and 1.1.12 only); RSA (specified in RFC 2409)

Multi-chip standalone

"The F-Secure(R) Cryptographic Library(TM) is a family of software modules for a number of Windows and Unix platforms. The modules provide an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The modules are designed and implemented to meet the Level 1 requirements of FIPS publication 140-2 when running on a GPC under various popular versions of Windows and Unix operating systems."
492 ITServ Inc.
Six Montgomery Village Avenue
Suite 405
Gaithersburg, MD 20879
USA

TEL: 301-948-1111
FAX: 301-948-7582

CST Lab: NVLAP 200416-0

RideWay Station
(Hardware Version: FGC; Firmware Version: 5.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/22/2004;
01/24/2005
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #247); SHS (Cert. #186); HMAC-SHA-1 (Cert. #186, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); RC4; MD5; CRYPT(3)

Multi-chip standalone

"RideWay Station FGC integrates powerful firewall protection and VPN capabilities to safeguard computer networks from the threat of Internet attacks and intrusions. Each computer or server on the LAN must follow a strict authorization procedure in order to gain access to the network. In addition, the module uses Triple-DES encryption in its IPSec VPN to allow multiple offices to securely communicate over the Internet or to allow a remote client to securely connect to its office network. The highperforming hardware efficiently conducts encryption and decryption tasks without sacrificing throughput."
491 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Kenneth Jensen
TEL: 408-227-4500
FAX: 408-227-4550

-Keerti Melkote
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba 5000/6000 WLAN Switch with AirOS Software
(Hardware Versions: Configuration A, Configuration B, Configuration C, Configuration D; Firmware Version: A5000_2.1.0.0_7862)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/22/2004;
01/07/2005;
12/22/2005;
03/14/2011
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #158 and #159); Triple-DES (Certs. #260 and #261); SHA-1 (Certs. #243 and #244); HMAC-SHA-1 (Certs. #243 and #244, vendor affirmed); RNG (Cert. #8); RSA (Cert. #9)

-Other algorithms: DES (Cert. #262); MD5; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"Aruba Wireless Networks’ FIPS validated WLAN switching platform is a purpose-built Wireless LAN voice and data switching solution designed to specifically address the needs and reduce the cost of large scale WiFi network deployments for Government and large enterprise. Aruba’s WLAN switching platform is a highly scalable and redundant solution that provides centralized intelligence to secure and manage the corporate RF environment, enforce identity based user security and policies, enable service creation and provide secure mobility management to hundreds of simultaneously connected users."
490 SBI Net Systems Co., Ltd.
Meguro Tokyu Bldg.
5th Floor
2-13-17
Kamiosaki Shinagawa-ku, Tokyo 141-0021
Japan

-Hidemitsu Noguchi
TEL: +81 3 5447 2551
FAX: +81 3 5447 2552

CST Lab: NVLAP 100432-0

C4CS
(Software Versions: 1.0.0 and 1.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/22/2004;
02/25/2005;
08/21/2008
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Service Pack 3 with Hotfix 326886 and Microsoft Windows XP Service Pack 1

-FIPS-approved algorithms: SHS (Cert. #222); HMAC-SHA-1 (Cert. #222, vendor affirmed); AES (Cert. #133); RNG (Cert. #1); RSA (Cert. #1); ECDSA (vendor affirmed)

-Other algorithms: C4Custom; RSAES_PKCS_v1_5; RSAES_OAEP; Diffie-Hellman (key agreement); SSS

Multi-chip standalone

"C4CS is a software cryptographic module providing symmetric/asymmetric ciphers, hash functions, and secret sharing schemes in FIPS mode."
489 Bluesocket, Inc.
7 New England Executive Park
Burlington, MA 01803
USA

-Mike Puglia
TEL: 781-328-0888

CST Lab: NVLAP 200002-0

Bluesocket WG-2100 Wireless Gateway
(Hardware Versions: 870-212FF-002, 870-212FT-002, 870-212TF-002, 870-212TT-002, Software Version: 3.1.1.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/10/2004;
08/30/2005
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #76); Triple-DES (Certs. #187 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #229); HMAC-SHA-1 (Certs. #228 and #229, vendor affirmed)

-Other algorithms: DES (Cert. #223); Diffie-Hellman (key agreement); MD5; HMAC MD5

Multi-chip standalone

"The Bluesocket WG-2100 Wireless Gateway provides a scalable solution with security, quality of service (QoS), Mobility, Role/Policy Enforcement and Management for today's highly-secure 802.11 Government wireless networks."
488 E.F. Johnson Co.
123 N. State St.
Waseca, MN 56093
USA

-John Oblak
TEL: 507-837-5116
FAX: 507-837-5120

CST Lab: NVLAP 200427-0

EFJohnson Encryption Module
(Software Version: 1.0.0.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/10/2004;
05/05/2005
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 2 with Windows 2000 Professional with Service Pack 3 and Q326886 Hotfix on Dell OptiPlex GX400

-FIPS-approved algorithms: AES (Cert. #26); DSA (Cert. #72); SHS (Cert. #121); Triple-DES (Cert. #135); RNG (Cert. #14)

-Other algorithms: DES (Cert. #186); AES-MAC (Cert #26; non-compliant)

Multi-chip standalone

"The EFJohnson Encryption Module is a software cryptographic module that serves both as a key store and a cryptographic service provider. The module is accessible through an API, and provides an easy-to-use yet secure means of storing sensitive cryptographic keys. The Encryption Module meets level 1 FIPS 140-2 requirements and achieves level 2 in the "Roles, Services, and Authentication" and "Operation Environment" sections of FIPS 140-2."
487 Kasten Chase Applied Research, Ltd.
Orbitor Place
5100 Orbitor Drive
Mississauga, Ontario L4W 4Z4
Canada

-Steve Demmery
TEL: 905-238-6900 x3303
FAX: 905-212-2003

CST Lab: NVLAP 200556-0

Kasten Chase Cryptographic Engine
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/10/2004 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server, Red Hat 7.3 with Linux kernel 2.4; AIX 5L for POWER V5.2; Sun Trusted Solaris™ Version 8 4/01; Sun Solaris™ 9 (all in user and kernel modes and single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #265); AES (Cert. #163); SHS (Cert. #246); HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 (Cert. #246, vendor affirmed); RSA (Cert. #12); ECDSA (vendor affirmed); RNG (Cert. #10)

-Other algorithms: MD5; HMAC-MD5; KEA; ECDH (key establishment)

Multi-chip standalone

"KCCE is an independent, executable cryptographic module that exists variously as a dynamic linked library (dll), a shared library and a driver. KCCE provides software designers with a comprehensive API that ensures secure cryptographic application development, for a wide range of operating systems, without undue complexity."
486 Kasten Chase Applied Research, Ltd.
Orbitor Place
5100 Orbitor Drive
Mississauga, Ontario L4W 4Z4
Canada

-Steve Demmery
TEL: 905-238-6900 x3303
FAX: 905-212-2003

CST Lab: NVLAP 200556-0

Kasten Chase Cryptographic Engine
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/10/2004 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server with SP3 and Hotfix Q326886 on a 650 MHz Pentium III platform; AIX 5L for POWER V5.2 on a IBM p630-6C4 with a POWER4 CPU; Sun Trusted Solaris™ Version 8 4/01 on a SunBlade 100 with a 500 MHz UltraSPARC Iie

-FIPS-approved algorithms: Triple-DES (Cert. #265); AES (Cert. #163); SHS (Cert. #246); HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384; HMAC- SHA-512 (Cert. #246, vendor affirmed); RSA (Cert. #12); ECDSA (vendor affirmed); RNG (Cert #10)

-Other algorithms: MD5; HMAC-MD5; KEA, ECDH (key establishment)

Multi-chip standalone

"KCCE is an independent, executable cryptographic module that exists variously as a dynamic linked library (dll), a shared library and a driver. KCCE provides software designers with a comprehensive API that ensures secure cryptographic application development, for a wide range of operating systems, without undue complexity."
485 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Michael Poitner
TEL: 650-312-1241
FAX: 650-312-8129

-Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

CST Lab: NVLAP 200427-0

Sm@rtCafé Expert FIPS 64
(Hardware Version: HD65246C1A05NB, Firmware Versions: CH463JC_INABFOP003901_V101 and CH463JC_INABFOP003901_V102)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/10/2004;
04/04/2008
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHS (Cert. #216); DSA (Cert. #102); RSA (Cert. #7); Triple-DES MAC (Cert. #239, vendor affirmed)

-Other algorithms: DES (Cert. #249); DES MAC (Cert. # 249, vendor affirmed)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert FIPS 64 is a Java Card 2.2 and Open Platform v2.0.1' compliant smart card module. It supports, at a minimum, Triple-DES, AES, DSA, and RSA algorithms with on-card key generation. The Sm@rtCafé Expert FIPS 64 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
484 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Hazem Hassan
TEL: 952-808-2372
FAX: 952-890-2726

CST Lab: NVLAP 200427-0

Model 330G3 Smart Card
(Hardware Version: 1.0, Firmware Version: 2.0, EXFs: GSC-IS and Biometric authentication application executable (G3 EXF) Version 21)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/10/2004;
02/22/2005
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #35); RSA (PKCS #1, vendor affirmed); Triple-DES (Cert. #236); RNG (vendor affirmed)

-Other algorithms: DES (Cert. #88); Diffie-Hellman (key agreement)

Single-chip

"The 330G3 is a biometrically-enabled ISO 7816 and GSC-IS compliant cryptographic smart card designed for identification and access control applications. The card provides a secure, mobile platform for strong user authentication and single sign on when integrated with SAFENET Axis software. The card supports creating, storing and using keys, certificates, passwords and other digital credentials. Security services include: Multiapplication secure storage and retrieval of data and digital credentials; Strong authentication of the cardholder using fingerprint biometrics; Cryptographic services including SHA-1, DES, 3DES, RSA Sign/Verify, RSA Encrypt/Decrypt and DSA Sign/Verify with on board key generation including RSA 2048-bit key generation."
483 Symantec Corporation
1 Symantec Way
Suite 200
Newport News, VA 23602
USA

-William L. Stewart
TEL: 757-880-7782
FAX: 757-249-7124

CST Lab: NVLAP 200002-0

Symantec Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/10/2004;
07/27/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional, Windows 2000

-FIPS-approved algorithms: AES (Cert. #164); Triple-DES (Cert. #266); SHS (Cert. #248); HMAC (Cert. #5); RNG (Cert. #12)

-Other algorithms: N/A

Multi-chip standalone

"The Symantec Cryptographic Module is a software library that contains FIPS-approved cryptographic algorithms. This module provides encryption functionality for selected Symantec products."
482 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-924-3406

CST Lab: NVLAP 100432-0

Cygnus X-1 Postal Security Device
(Hardware Versions: P/N 1L00, Versions AAA, AAC and AAD (US); P/N 1LEC, Versions AAA, AAC and AAD (Canada))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/10/2004;
02/03/2005;
03/14/2005
Overall Level: 3 

-FIPS-approved algorithms: DSA (Cert. #105); SHS (Cert. #232); Triple-DES (Cert. #252); Triple-DES MAC (Cert. #252, vendor affirmed); HMAC-SHA-1 (Cert. #232, vendor affirmed); ECDSA (vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Pitney Bowes Cygnus X-1 Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP) and with the Canada Post Corporation's Digital Meter Indicia Specification 3457. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes IBIP Metering products."
481 Realia Technologies S.L.
Orense, 68 11th floor
Madrid, 28020
Spain

-Sebastián Muñoz
TEL: +34 91 449 03 30
FAX: +34 91 579 56 06

-Luis Jesús Hernández
TEL: +34 91 449 03 30
FAX: +34 91 579 56 06

CST Lab: NVLAP 200416-0

Cryptosec 2048
(Hardware Version: Model 1.0, Firmware Version: 01.04.0010)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/10/2004 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #262); RSA (Cert. #10); SHS (Cert. #242); RNG (Cert. #11)

-Other algorithms: DES (Cert. #263); CRC-32; MD5; RIPEMD-128; RIPEMD-160

Multi-chip embedded

"The Cryptosec 2048 is a high-end PCI cryprographic accelerator card that provides cryptographic services and secure storage of cryptographic keys. The module is built to perform general cryptographic processing (RSA, DES, SHA-1, MD5,...) and features a tamper-protective case to physically protect sensitive information contained within the card."
480 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196-1078
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 3000 Plus
(Hardware Version: P/N CLN7493D, Version 8, Firmware Version: U239AC, X795AH, Versions R3.52.17, R3.52.22 and R3.52.31.)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/10/2004;
02/25/2005
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82)

-Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVP-XL; HCA; DVI-SPFL; SHA-1 (non-compliant); AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip standalone

"The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
479 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Alan Myrvold
TEL: 613-270-3009

CST Lab: NVLAP 200017-0

Entrust Authority™ Security Toolkit for Java™
(Software Version: 7.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/16/2004 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Intel Pentium 4 running Windows XP SP1 in single user mode running Sun JRE 1.4.2 and UltraSPARC-11i 300 MHz processor running Solaris 9 in single user mode running Sun JRE 1.4.2

-FIPS-approved algorithms: AES (Cert. #193); Triple-DES (Cert. #289); Triple-DES MAC (Cert. #289, vendor affirmed); DSA (Cert. #122); ECDSA, (vendor affirmed); SHS (Cert. #273); HMAC (Cert. #8); RNG (Cert. #40); RSA (Cert. #30)

-Other algorithms: DES (Cert. #279); DES MAC (Cert. #279, vendor affirmed); CAST 128; IDEA; RC2; RC4; Diffie-Hellman (key agreement); SPEKE; Rijndael 256; CAST128 MAC; MD2; MD5; HMAC- MD5; IDEA MAC

Multi-chip standalone

"Authority Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet security architecture across multiple applications and platforms. By minimizing the need for separate administration modules with every deployed application, these Toolkits provide a reduction in administrative duplication and help to reduce the cost to deploy across multiple platforms."
478 Carrier Access Corporation (a wholly owned subsidiary of Force10 Networks, Inc.) and Team F1
350 Holger Way
San Jose, CA 95134
USA

-Thomas Gormley
TEL: 408-571-3550
FAX: 303-443-5908

-Mukesh Lulla
TEL: 510-505-9931
FAX: 510-505-9941

CST Lab: NVLAP 100432-0

Broadmore/SSHield Management Module
(Software Versions: 4.0.0, 4.1.0, 4.1.1, 4.6.0 and 5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/08/2004;
12/01/2004;
02/24/2005;
12/22/2005;
03/07/2008;
03/19/2008;
09/18/2009
Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Cryptographic Key Management: Level 3

-Operational Environment: Tested as meeting Level 1 with WindRiver pSOS operating system version 2.2.7 and ATM configuration

-FIPS-approved algorithms: DSA (Cert. #100); Triple-DES (Cert. #238); AES (Cert. #129); SHA-1 (Cert. #214); HMAC-SHA-1 (Cert. #214, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip embedded

"The Broadmore family of products offer a unique economical means of provisioning, grooming, and routing TDM DS3, DS1, E3, E1 services and mixed-speed serial data to logical ATM connections. The Broadmore/SSHield Management Module controls the Broadmore configuration parameters using SSHield, an implementation of the IETF SECSH protocol, which provides an authenticated, encrypted data communications channel for secure management. More information can also be found on www.teamf1.com and www.carrieraccess.com."
477 Secure Systems Limited
80 Hasler Road
Osborne Part, Western Australia 6017
Australia

-Michael J Wynne
TEL: +61 8 9202 8333
FAX: +61 8 9202 8334

-Christine Rainwater
TEL: 703-535-7999

CST Lab: NVLAP 200416-0

Silicon Data Vault® (SDV®)
(Hardware Versions: SDV201B Rev B and SDV18A Rev A, Firmware Version: SDV2_Ver_1.3.4, Embedded_AA_1.07)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/04/2004 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #136); SHS (Cert. #219)

-Other algorithms: CRC-32

Multi-chip embedded

"The Silicon Data Vault® (SDV®) is a cryptographic hardware security device which asserts absolute control over the hard disk drive (HDD) at the earliest stage of boot up, ensuring the user is authenticated before any data can be accessed. The SDV® is operating system independent, works with any standard ATA HDD, and resides in the IDE channel, blocking and controlling all access to the HDD."
476 Prism Payment Technologies (Pty) Ltd.
PO Box 901
Witkoppen, Gauteng 2068
South Africa

-Wayne Donnelly
TEL: +27 11 5481000
FAX: +27 11 4673424

CST Lab: NVLAP 100432-0

Incognito TSM410
(Hardware Version: P/N 5520-00091, Version 2, Firmware Version: 1.1.1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/04/2004 Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #259); SHA-1 (Cert. #241); Triple-DES MAC (Cert. #259, vendor affirmed); RSA (ANSI X9.31, vendor affirmed)

-Other algorithms: DES (Cert. #261); Enhanced Security DES MAC (Cert. #261, vendor affirmed); DES MAC (Cert. #261, vendor affirmed);

Multi-chip embedded

"The Incognito TSM410 is a multi-chip embedded Tamper Responsive Security Module. Fitted on a PCI carrier card, the device offers highperformace, high-security services targeted at EFT switches and mCommerce applications."
475 Trust Digital, Inc.
1600 International Drive
Suite 100
McLean, VA 22102
USA

-Norm Laudermilch
TEL: 703-760-9400
FAX: 703-760-9415

CST Lab: NVLAP 200416-0

Trust Digital Crypto Library Cryptographic Module
(Software Versions: 3.0, 3.0.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/02/2004;
03/02/2005;
07/29/2005;
09/21/2005;
10/26/2006;
11/06/2006;
02/21/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows NT SP6, 2000; XP Pro; Palm OS 4.1, 5.2.1, 5.2.1H, 5.4.5; Pocket PC 3.0, 4.20; Symbian 7.0; Smartphone 2002; Windows Mobile v5.0 and v6.0; and v5.0 Smartphone edition.

-FIPS-approved algorithms: AES (Certs. #69 and #456); Triple-DES (Certs. #177 and #473); SHS (Certs. #164 and #520); HMAC-SHA-1 (Certs. #164 and #520, vendor affirmed)

-Other algorithms: Blowfish; TwoFish; RC4; TEA; Fast XOR; MD5

Multi-chip standalone

"Trust Digital’s Cryptographic Module is a 32-bit Windows library compatible with Palm, Pocket PC, RIM, Symbian and other related operating systems. This module provides cryptographic services accessible from software programs written in C/C++ through Application Program Interfaces (APIs). The DLL (dynamically linked library) format of this module allows it to be embedded in existing applications targeted for Palm, Pocket PC, RIM and Symbian operating systems."
474 L-3 Communications Government Services, Inc.
3750 Centerview Drive
Chantilly, VA 20151
USA

-Suma Shastry
TEL: 703-375-6598

CST Lab: NVLAP 200002-0

Hand Held Monitor Module (HHM)
(Hardware Version: Rev B, Part No: 1500, Firmware Version: 5.7)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2004 Overall Level: 1 

-FIPS-approved algorithms: Triple-DES (Cert. #181); Triple-DES MAC (Cert. #181, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The Hand Held Monitor Module (HHM) device is a component of the Tactical Automated Security System (TASS). The HHM is used to detect, monitor, and access intrusions in secured areas. The HHM works in conjunction with the Communications Module (CM), which receives, and forwards intrusion alerts to the HHM."
473 L-3 Communications Government Services, Inc.
3750 Centerview Drive
Chantilly, VA 20151
USA

-Suma Shastry
TEL: 703-375-6598

CST Lab: NVLAP 200002-0

Communications Module (CM)
(Hardware Version: Rev B, Part No: 1550, Firmware Version: 5.7)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2004 Overall Level: 1 

-FIPS-approved algorithms: Triple-DES (Cert. #181); Triple-DES MAC (Cert. #181, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The Communications Module (CM) device is a component of the Tactical Automated Security System (TASS). The Communications Module (CM) works in conjunction with the HHM to receive and forward intrusion alerts."
472 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-924-3500
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: DS1955B PB1 - 1.50)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2004 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #185); SHA-1 (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed)

-Other algorithms: DES (Cert. #222);

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
471 SafeNet, Inc.
4690 Millennium Drive
Suite 400
Belcamp, MD 21017
USA

-George L. Heron
TEL: 410-933-5883
FAX: 410-931-7524

CST Lab: NVLAP 200017-0

SafeNet HighAssurance 4000 Gateway
(Hardware Version: C, Firmware Versions: 2.2 and 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2004;
05/04/2005
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The SafeNet HighAssurance 4000 Gateway is a high performance, integrated security appliance that offers Gigabit Ethernet IPSEC encryption. Housed in a tamper evident chassis, the Security Gateway has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it. With the implementation of firmware version 2.2, the SafeNet HA 4000 can now be set-up and configured with the Safe Enterprise Security Management Center (SMC)."
470 CipherOptics Inc.
701 Corporate Center Drive
Raleigh, NC 27607
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200017-0

CipherOptics SG100 and CipherOptics SG1002
(Hardware Version: A, Firmware Version: 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2004;
06/14/2010
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The CipherOptics SG100 and SG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
469 CipherOptics Inc.
701 Corporate Center Drive
Raleigh, NC 27607
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200017-0

CipherOptics SG1001
(Hardware Version: C, Firmware Version: 2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2004;
06/14/2010
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The CipherOptics Security Gateway is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Security Gateway has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
468 Fortinet, Inc.
920 Stewart Drive
Sunnyvale, CA 94085
USA

-Alan Kaye
TEL: 613-225-2951

CST Lab: NVLAP 200017-0

FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-800
(Hardware Versions: FortiGate-300 (build x20), FortiGate-400 (build x20), FortiGate-500 (build x20) and FortiGate-800 (build x20), Firmware Version: 2.50, build 219,040616)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2004 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #237); AES (Cert. #128); SHS (Cert. #213); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #213, vendor affirmed)

-Other algorithms: DES; DDiffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Antivirus Firewalls are dedicated, hardware-based units that deliver complete, real-time network protection services at the network edge."
467 Fortinet, Inc.
920 Stewart Drive
Sunnyvale, CA 94085
USA

-Alan Kaye
TEL: 613-225-2951

CST Lab: NVLAP 200017-0

FortiGate-3000 and FortiGate-3600
(Hardware Versions: FortiGate-3000 (build xx20) and FortiGate-3600 (build xx20), Firmware Version: 2.50, build 219,040616)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2004 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #237); AES (Cert. #128); SHS (Cert. #213); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #213, vendor affirmed)

-Other algorithms: DES; Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Antivirus Firewalls are dedicated, hardware-based units that deliver complete, real-time network protection services at the network edge."
466 Francotyp-Postalia
Triftweg 21-26
D-16547 Birkenwerder, Germany

-Volker Baum
TEL: +49 3303 525 668
FAX: +49 3303 525 609

CST Lab: NVLAP 100432-0

FrankIT Postal Revenector
(Hardware Version: 58.0036.0001.00/05, Firmware Version: 90.0036.0007.00/00)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2004 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: Triple-DES (Cert. #39); RSA (PKCS #1, vendor affirmed); SHA-1 (Cert. #43); HMAC-SHA-1 (Cert. #43, vendor affirmed)

-Other algorithms: DES (Cert. #108); DES MAC (Cert. #108, vendor affirmed); Diffie-Hellman (key agreement)

Multi-chip embedded

"The Francotyp-Postalia FrankIT Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The FrankIT Postal Revenector has been designed in compliance with the Deutsche Post AG (DPAG), FrankIT Specification."
465 D'Crypt Pte Ltd.
20 Ayer Rajah Crescent
#08-08 Technopreneur Centre, Singapore 139964
Singapore

-Quek Gim Chye
TEL: +65-6773-9016
FAX: +65-6873-0796

CST Lab: NVLAP 100432-0

d'Cryptor QE Cryptographic Module
(Hardware Versions: P/N DC/QE-L.8.1024 Versions 3.0L and 3.1L and P/N DC/QE-S.4.512 versions 3.0S and 3.1S, Firmware Version: 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2004;
06/06/2005
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #159); SHA-1 (Cert. #139); RSA (FIPS 186-2 and PKCS#1, vendor affirmed); AES (Cert. #49); HMAC-SHA-1 (Cert. #139, vendor affirmed)

-Other algorithms: DES (Cert. #205)

Multi-chip embedded

"The d'Cryptor QE is a programmable cryptographic coprocessor designed for high security assurance applications and features in the d'Cryptor line of products such as d'Cryptor XE, d'Cryptor HSM and TelePort. It contains a secure high-performance cryptographic core that comprises a CPU, Flash ROMs, NVRAM, UTC clock, firmware and a host of useful and cryptographic APIs. The QE provides strong physical security through an opaque, hard epoxy potting and a tamper response mesh that zeroizes all keys in event of tamper. Application loading is authenticated using an approved digital signature scheme."
464 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

CST Lab: NVLAP 200427-0

Contivity 1700, 2700 and 5000 Secure IP Services Gateways
(Hardware Versions: 1700, 2700 and 5000, Firmware Version: V04_85.121)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2004;
01/06/2006
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #29 and #183); AES (Cert. #50); SHA-1 (Certs. #31 and #51); HMAC-SHA-1 (Certs. #31 and #51, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #48 and #101); DES MAC (Certs. #48 and #101, vendor affirmed); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD5; HMAC-MD5

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant Contivity 1700, 2700 and 5000 Secure IP Services Gateways are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The Contivity 1700, 2700 and 5000 provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
463 VIACK Corporation
16701 NE 80th St.
Suite 100
Redmond, WA 98052
USA

-Peter Eng
TEL: 425-605-7400
FAX: 425-605-7405

CST Lab: NVLAP 100432-0

VIA3 VkCrypt Cryptographic Module
(Software Version: 3.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/20/2004 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server SP4

-FIPS-approved algorithms: RNG (Cert. #3); AES (Cert. #147); RSA (Cert. #5); SHA-1 (Cert. #236); HMAC-SHA-1 (Cert. #236, vendor affirmed)

-Other algorithms: RSA (PKCS #1); RC2

Multi-chip standalone

"The VIA3 VkCrypt Cryptographic Module is a software cryptographic module that implements symmetric and public key encryption, digital signatures, and hashing for VIA3 E-meeting products. VIA3 is a secure and confidential E-meeting solution integrating live audio and video, instant messaging, and real-time information sharing."
462 3e Technologies International, Inc.
700 King Farm Blvd.
Suite 600
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1403

CST Lab: NVLAP 200427-0

3e-521NP, 3e-522FIPS, 3e-530NP and 3e-531AP Wireless Gateways
(Hardware Versions: 3e-521NP, 3e-522FIPS, 3e-530NP and 3e-531AP, Firmware Version: 2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/20/2004 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #136 and #161); AES (Cert. #27); SHA-1 (Cert. #140); HMAC-SHA-1 (Cert. #140, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1); MD5; RC4; DES

Multi-chip standalone

"The 3e family of Secure Wireless Gateways implements a cryptographic suite including AES, 3DES, SHA-1, HMAC SHA-1, Diffie-Hellman, and HTTPS/TLS. These algorithms are used in combination to protect the main Gateway services of bridging from wired uplink LAN to the wireless LAN, NAT routing from the wired uplink LAN to the wireless LAN, and DHCP service to the local LAN allowing a wired local LAN to exist over the local wireless LAN interface. The cryptographic suite is implemented in an innovative manner so that critical performance is not sacrificed in providing a rugged FIPS 140-2 Level 2 secure wireless solution."
461 Lucent Technologies, Inc.
600 Mountain Ave
Murray Hill, NJ 07974
USA

-Kim Tourigny
TEL: 978-952-1504
FAX: 978-952-1120

-Dan Buczala
TEL: 978-952-1512
FAX: 978-952-1516

CST Lab: NVLAP 200427-0

VPN Firewall Brick® 350, Brick® 1000 and Brick® 1100 with Encryption Accelerator Cards
(Hardware Versions: Brick® 350, Brick® 1000 and Brick® 1100, and Encryption Accelerator Card v2: Version 1.0, Board Version 1, Firmware Versions: Lucent LVF v7.2.292 and EAC v2: 7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/08/2004;
02/03/2005
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #75 and #245); SHA-1 (Certs. #65 and #225); HMAC-SHA-1 (Certs. #65 and #225, vendor affirmed); DSA (Cert. #62)

-Other algorithms: DES (Certs. #135 and #250); MD5; ARC4; Diffie-Hellman (key agreement); HMAC- MD5

Multi-chip standalone

"The VPN Firewall Brick is a high-speed packet-processing appliance, oriented towards providing security functions. The Brick is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industry-leading performance."
460 Lucent Technologies, Inc.
600 Mountain Ave
Murray Hill, NJ 07974
USA

-Kim Tourigny
TEL: 978-952-1504
FAX: 978-952-1120

-Dan Buczala
TEL: 978-952-1512
FAX: 978-952-1516

CST Lab: NVLAP 200427-0

VPN Firewall Brick® 350 and Brick® 1000
(Hardware Versions: Brick® 350 and Brick® 1000, Firmware Version: Lucent LVF v7.2.292)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/08/2004;
02/03/2005
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #245); SHA-1 (Cert. #225); HMAC-SHA-1 (Cert. #225, vendor affirmed); DSA (Cert. #62)

-Other algorithms: DES (Cert. #250); MD5; ARC4; Diffie-Hellman (key agreement); HMAC-MD5

Multi-chip standalone

"The VPN Firewall Brick is a high-speed packet-processing appliance, oriented towards providing security functions. The Brick is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industry-leading performance."
459 Backbone Security.com, Inc.
701 Main Street
Suite 300
Stroudsburg, PA 18360
USA

-Glenn Watt
TEL: 570-422-7900
FAX: 570-422-7940

CST Lab: NVLAP 200556-0

Ribcage 1100 and Ribcage 2800
(Hardware Version: 3.0, Software Version: 2.2 FIPS)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/08/2004 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #208); AES (Cert. #94); SHA-1 (Cert. #184); HMAC-SHA-1 (Cert. #184, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); HMAC-SHA-256; HMAC-SHA-512; HMAC-MD5

Multi-chip standalone

"Ribcage is a secure IPSec Virtual Private Network that provides secure connectivity deployed on a shared infrastructure with the same privacy and performance as a leased network. Ribcage is a solution that is flexible as both a secure virtual private network and as a remote access, with straightforward administration tools that allow rapid set-up and administration remotely or locally."
458 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-962-6248

CST Lab: NVLAP 100432-0

SonicWALL TZ 170
(Hardware Version: P/N 101-5000072-00 rev A, Firmware Versions: SonicOS Enhanced Versions 2.0, v2.5 and v3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/08/2004;
02/24/2005;
05/17/2006;
04/25/2007
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #121 and #140); Triple-DES (Certs. #231 and #248); SHA-1 (Cert. # 208); HMAC-SHA-1 (Cert. #208, vendor affirmed); DSA (Cert. #98); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #245 and #251); RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The SonicWALL TZ 170 is an internet security appliance with a WAN interface, a flexible Optional interface, and a LAN interface incorporating a 5-port Fast-Ethernet switch. The SonicWALL TZ 170 provides stateful packet inspection firewall services, accelerated IPSec VPN, bandwidth management, and can be upgraded to offer ISP failover and traffic loadbalancing. The SonicWALL TZ 170 also serves as a platform for extensible security services such as Content Filtering Services (CFS), Network Anti - Virus, and E-mail filtering."
457 Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Javier Lorenzo
TEL: 858-625-5020

-Irfan Khan
TEL: 510-936-4840

CST Lab: NVLAP 200427-0

Sun Cryptographic Accelerator 4000
(Hardware Versions: Fiber: 501-6040-02 and 501-6040-03, UTP/Copper: 501-6039-05 and 501-6039-06, Firmware Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/12/2004 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert.# 190); AES (Cert. #79); SHA-1 (Certs. #171 and #172); HMAC-SHA-1 (Certs. #171 and #172, vendor affirmed); DSA (Cert. #92); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #225); MD5; HMAC-MD5; RC2

Multi-chip embedded

"The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software. The SCA 4000 meets or exceeds all FIPS 140-2 Level 3 requirements."
456 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Michael Poitner
TEL: 650-312-1241
FAX: 650-312-8129

-Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

CST Lab: NVLAP 200427-0

Sm@rtCafé Expert FIPS 64 with ActivCard Applet v2
(Hardware Version: HD65246C1A05NB, Firmware Versions: CH463JC_INABFOP003901_V101 and CH463JC_INABFOP003901_V102, Applet Versions: AC Applet Versions 2.3.0.2 and 2.3.0.5; ASC Library 2.3.0.2 and 2.3.0.3; and PKI/GC Applet Versions 2.3.0.2 and 2.3.1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/11/2004;
09/07/2005;
04/04/2008
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHA-1 (Cert. #216); DSA (Cert. #102); RSA (Cert. #7, PKCS#1); Triple-DES MAC (Cert. #239, vendor affirmed)

-Other algorithms: DES (Cert. #249); DES MAC (Cert. #249, vendor affirmed)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert FIPS 64 is a Java Card 2.2 and Open Platform v2.0.1' compliant smart card module. It supports, at a minimum, Triple-DES, AES, DSA, and RSA algorithms with on-card key generation. The Sm@rtCafé Expert FIPS 64 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
455 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-962-6248

CST Lab: NVLAP 100432-0

SonicWALL PRO 3060/4060
(Hardware Versions: 3060 101-500078-00 rev. A and 4060 101-500067-00 rev. A, Firmware Versions: SonicOS Enhanced Versions v2.0, v2.5 and v3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/11/2004;
02/24/2005;
05/17/2006;
05/31/2006;
04/25/2007
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Certs. #105 and #121); Triple-DES (Certs. #217 and #231); SHA-1 (Cert. #208); HMAC-SHA-1 (Cert. #208, vendor affirmed); DSA (Cert. #98); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #245); RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The PRO 4060 and PRO 3060 are internet security appliances offering stateful packet inspection firewall services, accelerated IPSec VPN, bandwidth management, and dual-WAN port support with ISP failover and load-balancing capabilities, all via six configurable 10/100 Ethernet interfaces."
454 iDirect
13865 Sunrise Valley Drive
Suite 100
Herndon, VA 20171
USA

-Chris Burdick
TEL: 703-648-8000
FAX: 703-648-8014

CST Lab: NVLAP 200556-0

Protocol Processor
(Hardware Version: 5.0, Firmware Version: 5.0.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/02/2004;
12/23/2008
Overall Level: 1 

-FIPS-approved algorithms: Triple-DES (Cert. #243); SHA-1 (Cert. #220); HMAC-SHA-1 (Cert. #220, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms:

Multi-chip standalone

"iDirect Technologies provides solutions that allow enterprises of any size, in virtually any location, to access broadband TCP/IP communications via satellite. Our technology provides the flexibility, capability, and reliability that enterprise and government customers need to support critical business applications. The Protocol Processor is the central component of iDirect’s TDMA star network product and is responsible for network wide functions such as: TCP acceleration, QoS, 3DES encryption, TDMA management and dynamic time slot allocation."
453 iDirect
13865 Sunrise Valley Drive
Suite 100
Herndon, VA 20171
USA

-Chris Burdick
TEL: 703-648-8000
FAX: 703-648-8014

CST Lab: NVLAP 200556-0

NetModem II Plus
(Hardware Version: 5.0, Firmware Version: 5.0.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/28/2004;
12/23/2008
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #242); SHA-1 (Cert. #220); HMAC-SHA-1 (Cert. #220, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms:

Multi-chip standalone

"iDirect Technologies provides solutions that allow enterprises of any size, in virtually any location, to access broadband TCP/IP communications via satellite. Our technology provides the flexibility, capability, and reliability that enterprise and government customers need to support critical business applications. The iDirect NetModem II Plus broadband router is a compact, set-top terminal that routes IP traffic over satellite networks."
452 Credant Technologies Corporation
15305 Dallas Parkway
Suite 1010
Addison, TX 75001
USA

-Chris Burchett
TEL: 972-458-5407
FAX: 972-458-5454

CST Lab: NVLAP 200002-0

Credant Cryptographic Kernel
(Versions 1.3 and 1.4)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/28/2004;
09/21/2004;
09/24/2004
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP 1 and Windows CE 3.0 (single user mode)

-FIPS-approved algorithms: AES (Certs. #117 and #168); Triple-DES (Certs. #229 and #272); SHA-1 (Certs. #206 and #253); HMAC-SHA-1 (Certs. #206 and #253, vendor affirmed); RNG (Cert. #19)

-Other algorithms:

Multi-chip standalone

"Credant Cryptographic Kernel is a FIPS 140-2 compliant, software-based cryptography library that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1 algorithms for the Credant Mobile Guardian product. Credant Mobile Guardian enables enterprise-wide control of security for mobile and wireless users of laptops, tablet PCs, PDAs and smart phones."
451 Good Technology
101 Redwood Shores Parkway
Redwood City, CA 94065
USA

-Sriram Krishnan
TEL: 650-486-6000

CST Lab: NVLAP 200002-0

FIPSCrypto
(Software Versions: Pocket PC 20040220 and Symbian 4.9.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/28/2004;
01/11/2007;
04/09/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Symbian 9.1 and Windows CE 4.2

-FIPS-approved algorithms: AES (Certs. #134 and #477); Triple-DES (Certs. #240 and #491); SHA-1 (Certs. #217 and #545); HMAC-SHA-1 (Certs. #217, vendor affirmed and #234)

-Other algorithms:

Multi-chip standalone

"The Good FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements the Triple-DES; AES; SHA-1; HMAC-SHA-1 algorithms."
450 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Nokia VPN Appliance
(Hardware Versions: IP350, IP355, IP380 and IP385, Software Versions: (IPSO v3.7.99 and Check Point NG with Application Intelligence R54) and (IPSO v3.9 and Check Point NG with Application Intelligence R60))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/28/2004;
07/28/2005;
09/21/2006;
11/06/2006;
05/28/2009
Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #88 and #407); Triple-DES (Certs. #41, #80, #132, #234, #235, #333 and #440); SHA-1 (Certs. #42, #69, #210, #211, #212, #325 and #474); HMAC-SHA-1 (SHA-1 Certs. #42, #56, #69, #210, #211, #212, vendor affirmed and HMAC-SHA-1 #179 and #180); DSA (Cert. #99); RSA (PKCS #1 vendor affirmed and #63, #146 and #149); RNG (#30, #196 and #201)

-Other algorithms: DES (Certs. #110, #142, #183, #247, #311 and #314); CAST; DES (40 bits); HMAC-MD5; MD5; Arcfour; Blowfish

Multi-chip standalone

"The Nokia IP350, IP355, IP380 and IP385 are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1/FW-1, these platforms provide reliable, easy to manage distributed security and access."
449 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-7134

CST Lab: NVLAP 100432-0

ID-One Cosmo 64 v5
(Hardware Version: P/N: 77, Firmware Version: E302)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/28/2004;
02/25/2005;
03/01/2005;
06/29/2005;
09/23/2005
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHA-1 (Cert. #209); RSA (FIPS 186-2, PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed);

Single-chip

"The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government needs. It offers a full 64K Byte of EEPROM space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional features include On-Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
448 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei
Taoyuan, Taiwan 326
Republic of China

-Yu-Ling Cheng
TEL: +886 3 424-5883
FAX: +886 3 424-4167

CST Lab: NVLAP 200017-0

SafGuard 200 HSM
(Hardware Version: HSM-HW-0312.02, Firmware Version: HSM-SW-ARM-FRTO.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2004 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #224); AES (Cert. #111); SHA-1 (Cert. #201); RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: RC6

Multi-chip standalone

"SafGuard200 is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed math accelerator for 1024-4096 bit public key signatures, and hashing). The SafGuard 200 HSM provides secure identity-based challenge-response authentication using smart cards and data encryption using FIPS approved 3DES and AES encryption."
447 Oracle Corporation
500 Oracle Parkway
Redwood Shores
California, CA 94065
USA

-Shaun Lee
TEL: +44 1189 243860

CST Lab: NVLAP 200583-0

Oracle Cryptographic Libraries for SSL 10g (9.0.4)
(Software Version 10g (9.0.4))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/30/2004;
08/06/2004
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Sun Solaris Version 8 running on a Sun Ultra 60 UltraSparc workstation

-FIPS-approved algorithms: Triple-DES (Cert. #170); SHA-1 (Cert. #154); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #154, vendor affirmed)

-Other algorithms: DES (Cert. #215); RSA-MD5 (PKCS#1); RC4; HMAC-MD5; Diffie-Hellman (key agreement); RSA (PKCS#5)

Multi-chip standalone

"The Oracle Cryptographic Libraries for SSL 10g (9.0.4) is a generic module used by Oracle Corporation in a variety of its application suites. The module is used to provide support to cryptography, authentication, PKCS and certificate management for applications like the Oracle Database Server, Oracle Applications Server, Oracle Internet Directory, Web Cache and Oracle HTTP Server. It provides a rich set of functionality and uses PKCS wallet structures for managing identities and trustpoints."
446 3Com Corporation
5500 Great America Parkway
Santa Clara, CA 95052
USA

-Rahul Jain
TEL: 408-326-3518

-Annette Davis
TEL: 408-326- 8954

CST Lab: NVLAP 200427-0

3Com 10/100 Secure NIC (3CR990B-97) and 3Com 100 Secure Fiber NIC (3CR990B-FX-97)
(Hardware Versions: 03-0229-100 and 03-0347-000, Firmware Versions: Runtime: 03.001.008, Diagnostic: 03.001.008, Sleep: 03.001.007)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2004 Overall Level: 1 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #212); SHA-1 (Certs. #188 and #189); HMAC-SHA-1 (Certs. #188 and #189, vendor affirmed)

-Other algorithms: DES (Cert. #234); MD5; HMAC-MD5

Multi-chip embedded

"3Com® 10/100 Secure NICs offers IPSec and TCP/IP offloading, upgradability to the embedded firewall technology while also offering advanced intrusion resistance to protect your LAN, without sacrificing throughput performance. In addition, the NICs incorporate advanced server features and remote management capabilities to accelerate application response and lower IT administration time."
445 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry® Enterprise Server Cryptographic Kernel
(Software Version: 1.0.0.2)

(When operated in FIPS mode with FIPS validated Microsoft® Base Cryptographic Providers Certificates #76 or #103 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/30/2004;
08/24/2005
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows NT Server 4.0 SP6a

-FIPS-approved algorithms: Triple-DES (Cert. #216); AES (Cert. #104); SHA-1 (Cert. #195); HMAC-SHA-1 (Cert. #195, vendor affirmed)

-Other algorithms: Rijndael

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete endtoend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®"
444 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Hazem Hassan
TEL: 952-808-2372
FAX: 952-890-2726

CST Lab: NVLAP 200427-0

Model 330G2 Smart Card
(Hardware Version: 1.0, Firmware Version: 2.0, EXFs: GSC-IS application executable (G2 EXF) Version 22)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2004;
02/22/2005
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #236); DSA/SHA-1 (Cert. #35);RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #88); Diffie-Hellman (key agreement)

Single-chip

"The 330G2 is an ISO 7816 and GSC-IS compliant cryptographic smart card designed for identification and access control applications. The card provides a secure, mobile platform for creating, storing and using keys, certificates, passwords and other digital credentials. Security services include: Multiapplication secure storage and retrieval of data and digital credentials. Authentication of the cardholder and the security officer. Cryptographic services including SHA-1, DES, 3DES, RSA Sign/Verify, RSA Encrypt/Decrypt and DSA Sign/Verify with on board key generation including RSA 2048-bit key generation."
443 ActivCard, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-745-6211
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivCard Digital Identity Applet Suite v1.1.5 on Cyberflex Access 64k v2
(Hardware Version: Cyberflex Access 64k v2, OS Hard Mask no01 v01 Firmware Version: OS Soft Mask no02 v03, ID Applet v1.0.0.23, PKI Applet v1.0.0.29, GC Applet v1.0.0.27, SKI Applet v1.0.0.16)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/23/2004;
05/26/2006
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #193); Triple-DES MAC (Cert. #193, vendor affirmed); SHA-1 (Cert. #173); RSA (PKCS#1, vendor affirmed); AES (Cert. #81)

-Other algorithms: DES (Cert. #227); DES MAC (Cert. #227, vendor affirmed)

Single-chip

"ActivCard Digital Identity Applet Suite v1.1.5 on Cyberflex Access 64k v2 provides the following services:
- Card Holder verification using PIN
- Secure storage of data and private information
- RSA based Digital Signature (1024 and 2048 bits)
- DES/TDES based One Time Password (OTP) generation"
442 Vormetric, Inc.
3131 Jay Street
Santa Clara, CA 95054
USA

-Suhel Khan
TEL: 408-961-6114
FAX: 408-844-8638

-Paulus Weemaes
TEL: 408-961-6117
FAX: 408-844-8638

CST Lab: NVLAP 100432-0

CoreGuard Security Server
(Hardware Version: P/N 30 Release 1.0 Version 3.0, Firmware Versions: VN.3.0SP1- Build0060 and VN.3.0SP1-Build0064)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/16/2004;
07/27/2004;
01/27/2006
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #241); AES (Cert. #135); SHA-1 (Cert. #218); HMAC-SHA-1 (Cert. #218, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"Vormetric CoreGuard Security Server is a comprehensive security solution that combines protection of data at rest, application integrity and host protection. CoreGuard integrates a software module loaded on a server, and a FIPS compliant appliance with user-defined security policies allowing fine-grain data access control and selective encryption of data at rest (AES 128/256 and 3DES), application digital signatures, enforced user authentication, host protection and central management. CoreGuard installs transparently and does not require changes to applications, databases or storage architectures allowing the security to extend to any data across the enterprise."
441 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00181
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure® and Pointsec® Windows Mobile Cryptographic Library
(Software Version: 1.1.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/16/2004;
05/20/2008
Overall Level: 1 

-EMI/EMC: Level 3
-Self-Tests: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows CE 4.20.1081

-FIPS-approved algorithms: AES (Cert. #4); SHA-1 (Cert. #224); HMAC-SHA-1 (Cert. #224, vendor affirmed)

-Other algorithms: Passphrase-based key derivation (PBKDF2 as specified in PKCS#5); AES (IWEC)

Multi-chip standalone

"The F-Secure Pocket PC Cryptographic Library is a software module, implemented as a 32-bit Windows CE compatible DLL for Windows Mobile 2003 and Pocket PC 2002 platforms. It provides an assortment of cryptographic services to any client process that attaches an instance of the module DLL. The services are accessible for the client through a Clanguage Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
440 Proofpoint Inc.
892 Ross Drive
Sunnyvale, CA 94089
USA

-Stephen Lewis
TEL: 408-517-4710
FAX: 408-517-4711

CST Lab: NVLAP 200427-0

Proofpoint Security Library
(Software Version 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/16/2004;
11/06/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP1, Java Runtime Environment 1.4.2-b28

-FIPS-approved algorithms: Triple-DES (Cert. #94); AES (Cert. #22); SHA-1 (Cert. #78); HMAC-SHA-1 (Cert. #78, vendor affirmed); DSA (Cert. #56); RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); Secure Remote Password (SRP); Extended Secure Remote Password (ESRP); Triple-DES (ECB mode); DSA (Signing and Key Generation)

Multi-chip standalone

"The module is a JAVA language cryptographic component to be used by the various Proofpoint security products. The module is designed to meet Level 1 requirements of FIPS 140-2 standard. The module is a cryptographic library that provides variety of cryptographic services (both approved as well as non-approved). The module can be executed on any general-purpose PC and operating system capable of running JRE 1.4 or later."
439 Decru, A NetApp Company
275 Shoreline Drive
Fourth Floor
Redwood City, CA 94065
USA

-Michele Borovac
TEL: 650-413-6700
FAX: 650-413-6790

CST Lab: NVLAP 100432-0

Decru DataFort SEP
(Hardware PN/Rev 60-000109/A, Firmware PN NAS 29.4 and SAN 29.4, Software PN 23.3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/16/2004;
06/21/2007
Overall Level: 3 

-FIPS-approved algorithms: SHA-1 (Certs. #190, #191 and #192); AES (Certs. #97, #98 and #99); ECDSA (vendor affirmed); HMAC-SHA-1 (Cert. #192, vendor affirmed); SHA-256 (Cert. #223); HMAC-SHA-256 (Cert. #223, vendor affirmed)

-Other algorithms:

Multi-chip embedded

"Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
438 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

2621XM and 2651XM Modular Access Routers with AIM-VPN/EP
(Hardware Versions: 2621XM and 2651XM with AIM-VPN/EP Version 1.0 and Board Version B0, Firmware Version: IOS 12.3(3d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/16/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #32 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Cert. #26 and DSA Cert. #38); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #100 and #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
437 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure® Cryptographic Library™ for Windows
(Software Version 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/16/2004 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 98, Windows XP and Windows ME (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #202); AES (Cert. #89); SHA-1 (Cert. #178); HMAC-SHA-1 (Cert. #178, vendor affirmed); DSA (Cert. #94); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #231); DES (CTR); Blowfish; CAST 128; MD5; SHA-256; HMAC- MD5, HMAC-SHA-256, Diffie-Hellman (key agreement); Passphrase-based key derivation (PBKDF2 as specified in PKCS#5)

Multi-chip standalone

"The F-Secure Cryptographic Library for Windows (the Module) is a software module, implemented as a 32-bit Windows 'NT/2000/XP/98/ME' compatible DLL (FSCLM.DLL). The Module provides an assortment of cryptographic services to any client process that attaches an instance of the Module DLL. The Module is designed and implemented to meet the level 1 requirements of FIPS publication 140-2 when running on appropriate hardware under Windows 98, ME or XP operating system."
436 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5076
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Chrysalis-ITS K3 Cryptographic Engine
(Hardware Versions: 2.0, 3.0 and 4.0, Firmware Version 4.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/10/2004;
10/18/2004;
12/22/2005
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Cryptographic Key Management: Level 3
-Self-Tests: Level 3
-Mitigation of Other Attacks: Level 3

-FIPS-approved algorithms: AES (Cert. #41); Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); RSA (FIPS 186-2 and PKCS #1, vendor affirmed); Triple-DES MAC (Cert. #73, vendor affirmed); HMAC-SHA-1 (Cert. #64, vendor affirmed)

-Other algorithms: DES (Cert. #32); DES MAC (Cert. #32, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; Diffie-Hellman 1024; CAST MAC; CAST3 MAC; CAST5 MAC; SSL3-MD5 MAC; SSL3-SHA-1 MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; AES MAC; RC2 MAC; RC5 MAC

Multi-chip embedded

"The K3 Chrysalis-ITS Cryptographic Engine is a hardware cryptographic module in the form of a PCI card that resides within a secured generalpurpose computing appliance. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
435 SafeNet, Inc.
951 Aviation Pkwy
Suite 300
Morrisville, NC 27560
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Link Encryptors NRZ - H[1], NRZ - L[2], T1[3], E1 75ohm[4], E1 120ohm[5], RS-232[6], T3[7] and HSSI[8]
(Hardware Versions: SE-SLE-HNxAC[1], SE-SLE-LNxAC[2], SE-SLE-1ExAB[3], SE-SLE-27xAB[4], SE-SLE-2ExAB[5], SE-SLE- LRxAB[6], SE-SLE-37xAB[7] and SE-SLE-VVxAB[8], Firmware Version: 4.01)

(When operated in FIPS mode)
(Note: Refer to the cryptographic module’s security policy for the details on the letter x designation)


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/28/2004;
06/10/2004
Overall Level: 2 

-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #22 and #139); AES (Cert. #32); DSA/SHA-1 (Cert. #5)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet™ SafeEnterprise™ Link Encryptor's (SLE's) secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 8 Mbps, and employs FIPS approved AES or Triple-DES algorithms. The SLE can be locally controlled or managed using the SafeNet™ SafeEnterprise™ Security Management Center (SMC), an SNMP-based security management system."
434 Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

-Entrust Sales
TEL: 888-690-2424

CST Lab: NVLAP 200017-0

Entrust TruePass™ Applet Cryptographic Module
(Software Version: 7.0)

(When operated in FIPS mode with FIPS validated browser services operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/27/2004 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 SP3 running Microsoft VM for Java 5.0.0.3810 or Sun plug-in version 1.4.1, and Netscape Navigator 7.0 (Certs. #7, #45 and #47) or Microsoft Internet Explorer 6.0 SP1 (Certs. #103 and #106) (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS#1, vendor affirmed)

-Other algorithms: CAST 128

Multi-chip standalone

"The module performs low level cryptographic operations - encryption, decryption and hashes - implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
433 Enterasys Networks
50 MinuteMan Rd.
Andover, MA 01810
USA

-Damon Hopley
TEL: 978-684-1083

CST Lab: NVLAP 200002-0

XSR-1805, XSR-1850 and XSR-3250
(Hoftware Version: REL 6.3, Firmware Version: REL 6.3, Hardware Version: REV 0A-G)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/26/2004 Overall Level: 2 

-FIPS-approved algorithms: AES (Certs. #48, 106 and #107); Triple-DES (Certs. #158, #218, #219 and #220); SHA-1 (Certs. #143, #197, #198 and #199); HMAC-SHA-1 (Certs. #143, #197, #198 and #199, vendor affirmed); DSA (Cert. #97); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Certs. #204, #238, #239 and #240); HMAC-MD5; MD5; MD4; 40-bit and 128-bit RC4; CAST; Blowfish; Twofish; ARCfour; Diffie-Hellman (key agreement)

Multi-chip standalone

"Enterasys Networks X-Pedition Security Routers (XSR), the XSR-1805, XSR-1850, and XSR-3250 modules are networking devices that combine a broad range of IP routing features, a broad range of WAN interfaces and a rich suite of network security functions, including site-to-site and remote access VPN connectivity and policy managed, stateful-inspection firewall functionality."
432 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3220 and 3251 Mobile Access Router Cards
(Hardware Version 3.2, Firmware Version 12.2(11r) YQ4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/26/2004;
10/01/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 1 

-Cryptographic Module Specification: Level 2
-Roles, Services, and Authentication: Level
-EMI/EMC: Level 2
-Design Assurance: Level 2
-Cryptographic Module Ports and Interfaces: Level 2
-Finite State Model: Level 2
-Cryptographic Key Management: Level 2
Self-Tests: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Cert. #26); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; Diffie-Hellman (key agreement); HMAC-MD5

Multi-chip embedded

"The module is a high-performance router card, which offers secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The unique functionality of this router card is that always on IP connectivity for networks in motion. This allows IP hosts on a mobile network to connect transparently to the parent network while the router is in motion."
431 Gemplus Corp.
Avenue du Pic de Bretagne
BP 100, GTmenos Cedex 13881
France

-Luc Astier
TEL: +33 (0) 4 42 36 50 00

CST Lab: NVLAP 200427-0

GemXpresso Pro R3 E64 PK - FIPS
(GP92, Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/26/2004;
07/27/2004;
08/05/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #95); SHA-1 (Cert. #82); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert. #95, vendor affirmed)

-Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed)

Single-chip

"GemXpresso Pro R3 E64 PK - FIPS is based on a Gemplus Open OS Smart Card with 64K of EEPROM.. The SmartCard platform has on board Triple DES and RSA algorithms and can provide on board key generation. The module conforms to Java Card V2.1.1 and Global Platform V2.0.1 standards"
430 SafeNet, Inc.
951 Aviation Parkway
Suite 300
Morrisville, NC 27560
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Frame Encryptor II[1] and SafeEnterprise™ Frame Encryptor HSSI[2]
(SE-SFE-LixAC[1], SE-SFE-HixAC[1], and SE-SFE-VVxAC[2], Firmware Version: 5.00)

(When operated in FIPS mode)
(Note: Refer to the cryptographic module’s security policy for the details on the letter (i and x) designations)


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/26/2004;
06/10/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #22 and #139); AES (Cert. #32); DSA/SHA-1 (Cert. #5)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SFE protects information flowing between nodes or sites of a frame relay network. It can be configured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through AES/TDES encryption or passed without encryption. The SFE II supports Full-Duplex throughput of up to 8m Mbps and 922 active secure connections."
429 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6509 Switch, 7606 and 7609 Routers with VPN Services Module
(Hardware Versions: 6509, 7606 and 7609, Backplane Chassis Version 3.0 (6509), 1.0 (7606) and 1.0 (7609), Supervisor Blade Version 3.2, VPN Accelerator Blade Version 1.2, Firmware Version: 12.2(14)SY3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #132, #155 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); SHA-1 (Certs. #26 and #117); HMAC-SHA-1 (Certs. #26 and #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #183, #201 and #202); DES MAC (Cert. #202, vendor affirmed); AES (Cert #46); MD4; MD5; Diffie-Hellman (key agreement); HMAC-MD5

Multi-chip standalone

"The Cisco Catalyst 6509 Switch, 7606 and 7609 Routers offer versatility, integration, and security to branch offices. With numerous Network Modules (NMs) available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Cisco 6509, 7606 and 7609 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
428 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

7206 VXR NPE-G1 Router with Single and Dual VPN Acceleration Module 2 (VAM2)
(Hardware Versions: 7206 VXR NPE-G1 Version 1.1, Fab Version 05 and VAM2 Version 2.0, Board Version A0, and Firmware Version: IOS 12.3(3d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
11/29/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #156 and #158); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Certs. #46 and #48); SHA-1 (Certs. #26 and #143); HMAC-SHA-1 (Certs. #26 and #143, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #202 and #204); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
427 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

2691 and 3725 Modular Access Routers with AIM-VPN/EPII and 3745 Modular Access Router with AIM-VPN/HPII
(Hardware Versions: 2691, 3725 and 3745 with AIM-VPN/EPII Version 1.0, Board Version A0 and AIM-VPN/HPII Version 1.0, Board Version A0, and Firmware Version: IOS 12.3(3d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
05/25/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #156 and #160); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Certs. #46 and #51); SHA-1 (Certs. #26 and #144); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #202 and #206); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
426 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

1721 and 1760 Modular Access Routers with MOD1700-VPN
(Hardware Versions: 1721 and 1760 with MOD1700-VPN Version 2.1, Board Version A0 and Firmware Version: IOS 12.3(3d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
05/25/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #32 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); DSA/SHA-1 (Cert. #38); HMAC-SHA-1 (SHA-1 Cert. #26 and DSA/SHA-1 Cert. #38, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #100 and #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
425 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-924-3500
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware version: DS1955B PBO-1.00c)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: Triple-DES (Cert. #185); SHA-1 (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed)

-Other algorithms: DES (Cert. #222);

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information- Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
424 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress® Client Cryptographic Module
(Software Version: 2.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/06/2004;
02/07/2006;
12/20/2006;
03/26/2010
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Pro SP1, Windows 2000 SP2, Windows NT 4.0 SP2, Windows 98 2nd ed., Windows CE 3.0, PalmOS 4.1, MS DOS 6.20 and Windows CE v4.0 (single user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #19 and #457); SHS (Certs. #34 and #498); AES (Certs. #14 and #427); HMAC-SHA-1 (Cert. #34, vendor affirmed)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement)

Multi-chip standalone

"The AirFortress(tm) Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
423 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

7206-VXR NPE-400 Router with VPN Acceleration Module (VAM)
(Hardware Version: 7206-VXR with VAM Version 1.0 and Board Version A0, Firmware Version: IOS 12.3(3d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
11/29/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #29 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Certs. #26 and #51); HMAC-SHA-1 (Certs. #26 and #51, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #101 and #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
422 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

1721, 1760, 2621XM, 2651XM, 2691, 3725 and 3745 Modular Access Routers and 7206-VXR NPE-400 Router
(HW Versions: 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745 and 7206-VXR, Firmware Version: IOS 12.3(3d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
05/25/2004;
11/29/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #156); Triple-DES- MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Cert. #26); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
421 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco VPN 3000 Series Concentrators - 3005, 3015, 3030, 3060 and 3080
(Hardware Version: 3005, 3015, 3030, 3060 and 3080, Firmware Version: FIPS 3.6.7.F)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #32 and #168); Triple-DES MAC (Certs. #32 and #168, vendor affirmed); AES (Cert. #56); SHA-1 (Cert. #152); HMAC-SHA-1 (DSA/SHA-1 Cert. #38 and SHA-1 Cert. #152, vendor affirmed); DSA/SHA-1 (Certs. #38 and #85); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #100 and #210); DES MAC (Certs. #100 and #210, vendor affirmed); RC4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco VPN 3000 Series Concentrators are hardware appliances that operate as concentrators in Virtual Private Networking (VPN) environments. They combine the best features of a software concentrator, including scalability and easy deployment, with the stability and independence of a hardware platform."
420 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

VPN-1
(Version NG with Application Intelligence)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 05/06/2004;
05/19/2004;
10/12/2005;
11/17/2005;
01/06/2006;
05/02/2008;
05/28/2009
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 2

-Tested: Secure Platform Operating System version NG with Application Intelligence

-FIPS-approved algorithms: AES (Cert. #88); Triple-DES (Certs. #41 and #80); SHA-1 (Certs. #42 and #69); HMAC-SHA-1 (Certs. #42 and #69, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Certs. #110 and #142); CAST 40; CAST 128; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Check Point’s VPN-1 version NG with Application Intelligence is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point’s Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
419 Blue Ridge Networks
14120 Parke Long Court
Chantilly, VA 20151
USA

-Tom Gilbert
TEL: 703-631-0700
FAX: 703-631-9588

CST Lab: NVLAP 200416-0

BorderGuard 4000 and BorderGuard 3140
(BorderGuard 4000 & 3140, Firmware Version: BG4000 DPF1 6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004 Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #116); Triple-DES (Certs. #227 and #228); SHS (Certs. #49 and #203); HMAC-SHS (Cert. #49, vendor affirmed)

-Other algorithms: DES (Certs. #119 and #243); DES MAC (Cert. #119, vendor affirmed); Diffie-Hellman (key agreement); IDEA; MD5; HMAC-MD5; RSA (non-compliant)

Multi-chip standalone

"The BG4000 and BG3140 are network security appliances for the construction of secure Virtual Private Networks between Internet sites, and between Internet sites and individual remote users."
418 ActivCard, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-745-6211
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivCard Applet v2 on Cyberflex Access 64k v1
(Firmware Versions: OS Hard Mask no5 v01 and OS Soft Mask no 4 v01 and 4v2, Applet Versions: ACA Applet v2.3.0.1, v2.3.0.4, and v2.3.0.5, ASC Library v2.3.0.1 and v2.3.0.3 and PKI/GC Applet v2.3.0.1, v2.3.1.1, and v2.3.1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/19/2004;
01/13/2005;
06/06/2005;
08/22/2005;
05/26/2006
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHA-1 (Cert. #108); RSA (PKCS#1, vendor affirmed);

-Other algorithms: DES (Cert. #179, not available for use); DES MAC (Cert. #179, vendor affirmed, not available for use)

Single-chip

"ActivCard Applet v2 provides significant enhancement over the ActivCard v1 Applet in service, security, and flexibility. The v2 framework is backward compatible with earlier versions of ActivCard Applets and offers a more open, stable, and flexible platform for developers to build and deploy smart card applications. ActivCard Applet v2 also complies with GSC-IS 2.1 standard."
417 Encotone Ltd.
Bldg. 5, Har Hotzvim Scientific Park
P.O.B. 45094, Jerusalem 91450
Israel

-Marc Houri
TEL: +972 2586 6570 x4
FAX: +972 2581 6871

-Dr. Isaac Labaton
TEL: +972 25866570 x2
FAX: +972 25816871

CST Lab: NVLAP 100432-0

Tele-ID
(Hardware P/N 567-2.6.6 Version 6.2, Firmware HardMask Version 6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/09/2004 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: SHA-1 (Cert. #141); ECDSA (vendor affirmed)

-Other algorithms:

Multi-chip standalone

"The Tele-ID is a portable, phone and PC compatible signature tool able to digitally sign messages, either locally entered on the module or whose Hash value has been transmitted to the module. The digital signature is encoded to sound and, hence, can be sent through any phone, cellular or fixed, or any PC microphone. The Tele-ID has capabilities to create an ECDSA K-163 key pair and enroll the public key with most of the PKI vendors RA-CA. The Tele-ID includes an autarkic GMT Time Stamp in each digital signature to enable CRL/OCSP on-line checking, after signature execution time-stamp corroboration, and with it, to strongly enhance the legal defense of the relying party."
416 Real Time Logic, Inc.
8591 Prairie Trail Drive
Suite 500
Englewood, CO 80112
USA

-Bela Szabo
TEL: 303-703-3834
FAX: 303-703-4058

CST Lab: NVLAP 100432-0

RTL-TDEA Crypto Module
(Hardware P/N RTL-P200006 Rev A Version 1.0, Firmware Version 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/09/2004 Overall Level: 2 

-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #222)

-Other algorithms:

Multi-chip embedded

"The RTL-TDEA Crypto Module is a PCI card developed to encrypt and decrypt serial user data using Triple Data Encryption (TDEA) algorithms certified to FIPS-140-2 Level 2 security requirements. The certified TDEA algorithms include TECB, TCBC Encrypt and TCFB-64, TOFB-64, Encrypt and Decrypt. The crypto module is a multi-chip embedded short form PCI card (ISA standard) with all of the control functions and encryption algorithms implemented in firmware and hosted in an FPGA. All control of the module is via an RS-232, 9600 Baud DTE UART interface while the data is passed through dedicated RS-422 input and output ports at a rate of up to 10 Mbps."
415 Gemplus Corp. and ActivCard, Inc.
Avenue du Pic de Bretagne
BP 100, GTmenos Cedex 13881
France

-Luc Astier
TEL: +33 (0) 4 42 36 50 00

-Eric Le Saint
TEL: 510-745-0100 x6211

CST Lab: NVLAP 200427-0

GemXpresso Pro R3 E64 PK - FIPS with ActivCard Applet v2
(Hardware Version: GP92, Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR, Applet Versions: AC Applet Versions 2.3.0.1, 2.3.0.4 and 2.3.0.5, ASC Libraries 2.3.0.1 and 2.3.0.3, and PKI/GC Applet Versions 2.3.0.1, 2.3.1.1 and 2.3.1.2)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/09/2004;
07/27/2004;
08/05/2004;
02/24/2005;
07/28/2005
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #95); SHA-1 (Cert. #82); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert. #95, vendor affirmed)

-Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed)

Single-chip

"GemXpresso Pro R3 E64 PK - FIPS with ActivCard Applet v2 is based on a Gemplus Open OS Smart Card with 64K of EEPROM, and on latformindependent cryptographic applets suite developed by ActivCard. The SmartCard platform has on board Triple DES and RSA algorithms and can provide on board key generation. The Applet incoporates some services for PKI (Public Key Infrastructure), for secure credentials management and authentication mechanisms. In addition, the Applet suite allows the registration and management of post-issuance applets that can be handled under the framework. The module conforms to Java Card V2.1.1, Global Platform V2.0.1, and GSC/IS 2.1 standards."
414 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0

N92i/152 Secure Metering Module (SMM)
(Hardware P/N 3000186T Version A, Firmware Versions 3800157W E24 (Main) and 3800159Y E (Coprocessor))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/05/2004;
10/03/2006
Overall Level: 3 

-Self-Tests: Level 4

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #39)

-Other algorithms:

Multi-chip embedded

"The module provides services to an office and post room based mailing system. The system's features include hand or auto feed mail processing speeds in excess of 5000 envelopes per hour using Ink jet technology, a moistening option, scale interface, internal modem for remote recrediting and memory card for slogan and rate loading, external printer for reports."
413 Good Technology
101 Redwood Shores Parkway
Redwood City, CA 94065
USA

-Sriram Krishnan
TEL: 650-486-6000

CST Lab: NVLAP 200002-0

FIPSCrypto on Palm
(Software Version 20031028)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/05/2004;
04/09/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Palm OS Version 5

-FIPS-approved algorithms: AES (Cert. #108); Triple-DES (Cert. #221); SHA-1 (Cert. #200); HMAC-SHA-1 (Cert. #200, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The FIPSCrypto on Palm is a FIPS 140-2 compliant software-based cryptographic module that implements the TDES, AES, SHA-1 and HMAC-SHA-1 algorithms."
412 Good Technology
101 Redwood Shores Parkway
Redwood City, CA 94065
USA

-Sriram Krishnan
TEL: 650-486-6000

CST Lab: NVLAP 200002-0

FIPSCrypto on G100
(Version 1.9.3.7)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/05/2004;
04/09/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with eCos Version 1.3.1 Operating System

-FIPS-approved algorithms: AES (Cert. #95); Triple-DES (Cert. #209); SHA-1 (Cert. #185); HMAC-SHA-1 (Cert. #185, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The FIPSCrypto on G100 is a FIPS 140-2 compliant software-based cryptographic module that implements the TDES, AES, SHA-1 and HMAC-SHA-1 algorithms."
411 ECI Systems & Engineering
3100 Knight Street
Suite 7
Shreveport, LA 71105
USA

-Mac McGregor
TEL: 318-868-4911

CST Lab: NVLAP 200427-0

ECI IPSec Cryptographic Module
(Software Versions 1.6-FIPS-1, 1.8, 1.9 and 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/05/2004;
11/08/2004;
04/27/2005;
09/07/2005
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Trusted Solaris 8 4/01 running on an Intel Pentium III

-FIPS-approved algorithms: Triple-DES (Cert. #186); SHA-1 (Cert. #168); HMAC-SHA-1 (Cert. #168, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); MD5; HMAC MD5; CAST; RSA (PKCS#1; non-compliant); DSA (non-compliant)

Multi-chip standalone

"A software IPSec implementation for Sun Trusted Solaris. This module supports Triple DES encryption/decryption, SHA-1, and HMAC-SHA-1."
410 Airespace, Inc.
110 Nortech Pkwy
San Jose, CA 95134
USA

-Scott Kelly
TEL: 408-635-2000
FAX: 408-635-2020

CST Lab: NVLAP 100432-0

Airespace Cryptographic Manager (ACM)
(Hardware P/Ns AS-4101- X0S00, AS-4012- (00S00, 0PS00, X0S00, XPS00, T0S00 and TPS00), AS-4024- (00S00, 0PS00, X0S00, XPS00, T0S00 and TPS00), Hardware Versions 1.0 and 2.0, Firmware Version 1.2.77.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/05/2004;
06/16/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #196 and #197); AES (Certs. #85 and #86); SHA-1 (Certs. #174 and #175); HMAC-SHA-1 (Certs. #174 and #175, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Airespace Cryptographic Manager (ACM) provides cryptographic services for the Airespace Wireless Enterprise Platform. Airespace offers a unique hierarchical architecture that centralizes network intelligence for cost effective deployment, dynamic RF operations, secure mobility management, service creation, and policy enforcement throughout an entire wireless network."
409 IBM® Corporation
11400 Burnet Road
Austin, TX 78758
USA

-Tom Benjamin
TEL: 512-838-1211
FAX: 512-838-1032

CST Lab: NVLAP 200427-0

IBM® Java JSSE FIPS 140-2 Cryptographic Module
(Software Version 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/05/2004 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP3 (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 (JVM 1.4.1), Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1), AIX 5.2 (JVM 1.3.1 and 1.4.1), SuSE Linux Enterprise Server 8 (JVM 1.4.1_05), Red Hat Linux Advanced Server 2.1(JVM 1.4.1_05), IBM OS/400 V5R2M0 (JVM 1.4.1), z/OSV1R4 (JVM 1.4.1)

-FIPS-approved algorithms: SHA-1 (Cert. #148); Triple-DES (Cert. #163); AES (Cert. #53); DSA (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #148, vendor affirmed)

-Other algorithms: DES (Cert. #208); MD2; MD5; RC2; RC4; SHA-256; Diffie-Hellman (key agreement)

Multi-chip standalone

"The IBM+ Java+ JSSE (Java Secure Sockets Extension) FIPS provider (IBMJSSEFIPS) for Multi-platforms is a scalable, multi-purpose Secure Sockets provider that supports only FIPS approved TLS cipher suites via the Java2 Application Programming Interfaces (APIs)."
408 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry™ 5810 and BlackBerry™ 5820
(Hardware Version: 1.0, Software Version: 3.6.0.49, S/MIME Support Package Version 1.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/05/2004;
08/24/2005
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Self-Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #200); AES (Cert. #83); DSA (Cert. #93); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #200, vendor affirmed); RSA (PKCS#1 and FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Cert. #228); DES MAC (Cert. #228, vendor affirmed); RC2; RC5; Skipjack; CAST5-128; Rijndael; ARC FOUR; KEA; Diffie-Hellman (key agreement); ECDH (key agreement); ECMQV (key agreement); ECNR; ElGamal; SHA-256; SHA-384; SHA-512; HMAC (SHA-256, SHA-384, SHA-512, MD2, MD4, MD5, RIPEMD-128, RIPEMD-160); MAC (AES, CAST5-128, RC2, RC5, Skipjack); MD2; MD4; MD5; RIPEMD-128; RIPEMD-160

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
407 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Software VPN Client
(Software Version 3.6.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/29/2004;
04/07/2004;
05/24/2005;
04/09/2007;
05/28/2010;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000, Windows XP (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #169); AES (Cert. #58); SHA-1 (Cert. #153); HMAC-SHA-1 (Cert. #153, vendor affirmed); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert. #169, vendor affirmed)

-Other algorithms: DES (Cert. #212); DES MAC (Cert. #212, vendor affirmed); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The Cisco Software VPN client for Window OS is an award winning IPsec VPN client which is available free of charge for use across all termination products. It is the most advanced VPN client available and enables secure Remote Access connectivity to employees and partners. The Cisco Software VPN Client is also a key part of the industries best load balancing, fail-over and recovery strategy."
406 IBM® Corporation
Seaumerstrasse 4
Rueschlikon, CH 8803
Switzerland

-Michael Osborne
TEL: +41 1 724 8458
FAX: +41 1 724 8953

CST Lab: NVLAP 200427-0

IBM® SSLite for Java
(Software Version 3.15.3232 and 3.16 (FIPS140/Prod))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/18/2004;
02/24/2005
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 SP 3 (JRE 1.3.1_03), Red Hat Linux 8.0 (JRE 1.3.1_07)

-FIPS-approved algorithms: SHA-1 (Cert. #148); Triple-DES (Cert. #163); AES (Cert. #53); DSA (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #148, vendor affirmed)

-Other algorithms: DES (Cert. #208); MD2; MD5; RC2; RC4; SHA-256; Diffie-Hellman (key agreement)

Multi-chip standalone

"SSLite is a SSL (Secure Socket Layer) V2.0, V3.0 and TLS (Transport Layer Security) V1.0 protocol implementation including PKI (Public Key Infrastructure) functionality, in Java."
405 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200427-0

Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS)
(Software Versions 5.2.3790.0 and 5.2.3790.1830 [SP1])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/18/2004;
10/07/2005;
10/25/2005;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (x86) [1] and Windows Server 2003 Service Pack 1 (x86, x64, and IA64) [2] (single user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

-Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

Multi-chip standalone

"Microsoft Corporation’s Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-2 Level 1 compliant, general-purpose, software-based, cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-2 Level 1 compliant cryptography."
404 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER

CST Lab: NVLAP 200017-0

nShield F3 PCI[1], nShield F3 PCI Ultrasign[2], nCipher F3 PCI for NetHSM[3], nShield F3 PCI Ultrasign 32[4], payShield PCI[5], payShield Ultra PCI[6], payShield Ultra PCI for NetHSM[7] and nShield Lite[8]
(Hardware Versions: nC4032P-150[1], nC4032P-300[2], nC4032P-300N[3], nC4132P-300[4], nC4233P-150[5], nC4232P-300[6], nC4232P-300N[7] and nC4032P-30[8], Build Standard ER, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Self-Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
403 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI[1], nShield F3 SCSI Ultrasign[2], nShield F3 SCSI Ultrasign 32[3], payShield[4], and payShield Ultra[5]
(Hardware Versions: nC4032W-150[1], nC4032W-400[2], nC4132W-400[3], nC4232W-150[4] and nC4232W-400[5], Build Standard DR, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Self-Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
402 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 800 PCI[1], nCipher 1600 PCI[2], nCipher 1600 PCI for NetHSM[3], nForce 800 PCI[4] and nForce 1600 PCI[5]
(Hardware Versions: nC3033P-800[1], nC3033P-1K6[2], nC3033P-1K6N[3], nC3033P-800[4] and nC3033P-1K6[5], Build Standard C, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement)); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
401 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 800 PCI[1], nCipher 1600 PCI[2], nCipher 1600 PCI for NetHSM[3], nForce 800 PCI[4] and nForce 1600 PCI[5]
(Hardware Versions: nC3033P-800[1], nC3033P-1K6[2], nC3033P-1K6N[3], nC3033P-800[4] and nC3033P-1K6[5], Build Standard C, Firmware Version: 2.12.9-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 3 

-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement)); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
400 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 PCI[1] and nForce 300 PCI[2]
(Hardware Versions: nC3022P-150[1] and nC3022P-300[2], Build Standard E, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Cryptographic Key Management: Level 3
-Self-Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
399 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 SCSI[1] and nForce 400 SCSI[2]
(Hardware Versions: nC3022W-150[1] and nC3022W-400[2], Build Standard D, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Cryptographic Key Management: Level 3
-Self-Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging"
398 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 PCI[1] and nShield F2 PCI[2] Ultrasign
(Hardware Versions: nC4022P-150[1] and nC4022P-300[2], Build Standard ER, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Cryptographic Key Management: Level 3
-Self-Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
397 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 SCSI[1] and nShield F2 SCSI Ultrasign[2]
(Hardware Versions: nC4022W-150[1] and nC4022W-400[2], Build Standard DR, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Cryptographic Key Management: Level 3
-Self-Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD- 160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
396 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 PCI[1], nShield F3 PCI Ultrasign[2], nCipher F3 PCI for NetHSM[3], nShield F3 PCI Ultrasign 32[4], payShield PCI[5], payShield Ultra PCI[6], payShield Ultra PCI for NetHSM[7] and nShield Lite[8]
(Hardware Versions: nC4032P-150[1], nC4032P-300[2], nC4032P-300N[3], nC4132P-300[4], nC4233P-150[5], nC4232P-300[6], nC4232P-300N[7] and nC4032P-30[8], Build Standard ER, Firmware Version: 2.12.9-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 3 

-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
395 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI[1], nShield F3 SCSI Ultrasign[2], nShield SCSI Ultrasign 32[3], payShield SCSI[4], and payShield Ultra[5]
(Hardware Versions: nC4032W-150[1], nC4032w-400[2], nC4132W-400[3], nC4232W-150[4] and nC4232W-400[5], Build Standard DP, Firmware Version: 2.12.9-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 3 

-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
394 PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025
USA

-Vinnie Moscaritolo
TEL: 650-319-9000
FAX: 650-319-9001

CST Lab: NVLAP 100432-0

PGP Software Developer’s Kit (PGP SDK)
(Software Version 3.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/18/2004;
05/08/2007;
03/07/2008;
07/28/2008
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP SP1

-FIPS-approved algorithms: Triple-DES (Cert. #207); AES (Cert. #93); DSA (Cert. #96); SHA-1 (Cert. #183); HMAC-SHA-1 (Cert. #183, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: CAST-5; IDEA; Twofish; SHA-256; SHA-384; SHA-512; MD5; HMAC-MD5; RIPEMD-60; ElGamal; Shamir Treshold Secret Sharing

Multi-chip standalone

"The PGP SDK includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers the same core crypto that is at the heart of PGP products."
393 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Holland
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200416-0

CGX Cryptographic Module
(Software Versions 3.18, 3.18.1 and 3.18.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/10/2004;
10/19/2004;
09/14/2006;
10/03/2006
Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX400 running Windows 2000 Professional, Server and Advanced Server with SP3 and Q326886 Hotfix (EAL 4 augmented configuration)

-FIPS-approved algorithms: Triple-DES (Cert. #11); AES (Cert. #75); DSA (Cert. #30); SHA-1 (Cert. #30); HMAC-SHA-1 (Cert. #30, vendor affirmed)

-Other algorithms: DES (Cert. #72); RC5; RSA; Diffie-Hellman (key agreement); MD2; MD5; RIPEMD-128; RIPEMD-160

Multi-chip standalone

"Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel(tm) VPN acceleration chips, cards, and EmbeddedIP(tm) intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms. Containing over forty cryptographic commands, the CGX library can provide a total security solution in either software or hardware."
392 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Holland
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200416-0

CGX Cryptographic Module
(Software Version 3.18)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/10/2004;
10/19/2004
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with MS Windows 9x, 2000 NT 4.0, XP (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #11); AES (Cert. #75); DSA (Cert. #30); SHA-1 (Cert. #30); HMAC-SHA-1 (Cert. #30, vendor affirmed)

-Other algorithms: DES (Cert. #72); RC5; RSA; Diffie-Hellman (key agreement); MD2; MD5; RIPMD-128; RIPMD-160

Multi-chip standalone

"Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel(tm) VPN acceleration chips, cards, and EmbeddedIP(tm) intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms. Containing over forty cryptographic commands, the CGX library can provide a total security solution in either software or hardware."
391 F-Secure Corporation
Tammasaarenkatu 7
PL 24, Helsinki 00181
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure® Cryptographic Library™ for Windows
(Software Version 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/10/2004 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows 2000 with Service Pack 3 and Q326886 Hotfix EAL 4 certified on Dell Optiplex GX 400 Personal Computer System

-FIPS-approved algorithms: Triple-DES (Cert. #202); AES (Cert. #89); SHA-1 (Cert. #178); HMAC-SHA-1 (Cert. #178, vendor affirmed); DSA (Cert. #94); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #231); DES (CTR); Blowfish; CAST-128; MD5; SHA-256; HMAC-MD5; HMAC-SHA-256; Diffie-Hellman (key agreement); Passphrase-Based Key Derivation (PBKDF2 as specified in PKCS#5)

Multi-chip standalone

"The F-Secure Cryptographic Library for Windows (the Module) is a software module, implemented as a 32-bit Windows 'NT/2000/XP/98/ME' compatible DLL (FSCLM.DLL). The Module provides an assortment of cryptographic services to any client process that attaches an instance of the Module DLL. The Module is designed and implemented to meet the level 2 requirements of FIPS publication 140-2 when running on appropriate hardware under Windows 2000 with service pack 3 and Q326886 Hotfix operating system."
390 General Dynamics Decision Systems
8201 East McDowell Road
Scottsdale, AZ 85252
USA

-Dick Moat
TEL: 480-441-6863
FAX: 480-441-8500

CST Lab: NVLAP 100432-0

Assembly Crypto Module (ACM) and Flight Crypto Module (FCM)
(ACM: HW P/N 01- P35200T004 Version E001, FW Revisions C and D, FCM: HW P/N 01-P35390T003 Version 001, FW Revisions C and D)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/08/2004;
11/03/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #184)

-Other algorithms:

Multi-chip standalone

"The ACM and FCM are multi-chip standalone cryptographic modules designed to meet the Level 2 security requirements as defined in FIPS PUB 140-2. ACM and FCM perform the Triple-DES algorithm."
389 Network Security Technology (NST) Co.
11 F, No 190, Jung-Jeng Rd.
Shindian City, Taipei County, Taiwan 231
Republic of China

-Ming-Chih Tsai
TEL: +886-2-8911-1099
FAX: +886-2-8911-1098

CST Lab: NVLAP 200002-0

NST Security CryptoCard 2200(CC2200)
(Hardware Version 1.0, Firmware Version 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 03/05/2004;
04/09/2004;
10/01/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #52); SHA-1 (Cert. #48); RSA (FIPS 186-2, vendor affirmed); Triple-DES DAC (Cert. #52, vendor affirmed)

-Other algorithms: DES (Cert. #117); DES DAC (Cert. #117, vendor affirmed); Diffie-Hellman (key agreement)

Multi-chip embedded

"NST CC2200, a security cryptographic card with PCI bus interface, is a “multi-chip embedded cryptographic module” that provides hardware cryptographic services to users, groups or processes. The NST Security CryptoCard provides hardware cryptographic services such as acceleration for bulk data encryption / decryption, digital signature generation / verification, secure key storage and key management functions to its users."
388 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco VPN 3002 and 3002-8E Hardware Clients
(Hardware Versions: 3002 and 3002-8E, Firmware Version: FIPS 3.6.7.F)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/23/2004;
02/27/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #168); Triple-DES MAC (Cert. #168, vendor affirmed); AES (Cert. #56); SHA-1 (Cert. #152); HMAC-SHA-1 (Cert. #152, vendor affirmed); DSA (Cert. #85); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #210); DES MAC (Cert. #210, vendor affirmed); RC4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco VPN 3002 Hardware Client is a small hardware appliance that operates as a client in Virtual Private Networking (VPN) environments. It combines the best features of a software client, including scalability and easy deployment, with the stability and independence of a hardware platform."
387 Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Javier Lorenzo
TEL: 858-625-5020

-Irfan Khan
TEL: 510-936-4840

CST Lab: NVLAP 200427-0

Sun Cryptographic Accelerator 4000
(Hardware Versions: 501-6040-02 and 501-6040-03 (Fiber) and 501-6039-05 and 501-6039-06 (UTP/Copper), Firmware Version: 1.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/23/2004;
04/05/2004;
04/27/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #190); AES (Cert. #79); SHA-1 (Certs. #171 and #172); HMAC-SHA-1 (Certs. #171 and #172, vendor affirmed); DSA (Cert. #92) and RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #225); MD5; HMAC-MD5

Multi-chip embedded

"The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software. The SCA 4000 meets or exceeds all FIPS 140-2 Level 3 requirements."
386 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress™ Wireless Security Gateway Cryptographic Module
(Firmware version 2.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 02/19/2004;
04/29/2004;
03/26/2010
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Tested: Fortress interface and Shell (FISH) Version 2.4

-FIPS-approved algorithms: AES (Cert. #14); Triple-DES (Cert. #19); SHA-1 (Cert. #34); HMAC-SHA-1 (Cert. #34, vendor affirmed)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement)

Multi-chip standalone

"The AirFortress™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
385 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Holland
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200416-0

SafeNet HighAssurance 500/1000 Gateway Cryptographic Module
(Firmware Versions 5.01 and 7.0.1, Hardware Versions SE-HA500-01 and SE-HA1000-01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/19/2004;
10/19/2004;
06/06/2005
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #96); Triple-DES (Cert. #210); SHA-1 (Cert. #187); HMAC-SHA-1 (Cert. #187, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #233); HMAC-MD5, Diffie-Hellman (key agreement); DSA (non-compliant)

Multi-chip standalone

"The SafeNet HA500/1000 Gateway is a high-performance, standards-based hardware Virtual Private Network (VPN) and firewall. Providing a high speed, low cost solution, it features the strongest cryptography available and complete manageability. SafeNet custom designed a state-of-the-art Application Specific Integrated Circuits (ASIC) for the HA500/1000 that allows encryption using either AES, DES, or triple-DES as nIeeded by client applications."
384 IBM® Corporation
IBM/Tivoli
PO Box 3499
Australia Fair
Southport, Queensland 4215
Australia

-Mike Thomas
TEL: +61 7 5552 4030
FAX: +61 7 5571 0420

-Peter Waltenberg
TEL: +61 7 5552 4016
FAX: +61 7 5571 0420

CST Lab: NVLAP 200427-0

IBM® Crypto for C (ICC)
(Software Versions: 1.1, 1.2, 1.2.1 and 1.2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/17/2004;
04/27/2004;
12/02/2004
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Solaris 5.8, AIX 5.2, Windows 2000 Professional and Advanced Server, SUSE Linux Enterprise Server 8 (x86 and PowerPC), RedHat Linux Advanced Server 2.1 (x86), z/Linux 2.4, and HPUX 11i (all in single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #174); AES (Cert. #65); SHA-1 (Cert. #159); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #216); HMAC-SHA-1 (Cert #159, vendor affirmed; non-compliant); RC2; RC2-40; RC2-60; RC4; Blowfish; CAST; MD2; MD4; MD5; RIPEMD; HMAC-MD5; DSA (non-compliant); Diffie-Hellman (key agreement)

Multi-chip standalone

"The ICC is a C language implementation of cryptographic functions which uses the cryptographic library provided by the OpenSSL project. This enables IBM products to use an open source solution for cryptography and a FIPS 140-2 certified cryptographic provider."
383 Axalto Inc.
8311 North FM 620 Road
Austin, TX 78726
USA

-David Teo
TEL: 512-257-3895
FAX: 512-257-3881

CST Lab: NVLAP 100432-0

Cyberflex Access 64K v2 Cryptographic Module
(Hardware P/N M512LACC2, Firmware Versions: a: HardMask 1v1 and SoftMask 2v1, b: HardMask 1v1 and SoftMask 2v3, c: HardMask 1v2 and SoftMask 1v1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/17/2004;
07/27/2004;
09/21/2004;
05/25/2006
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #193); Triple-DES MAC (Cert. #193, vendor affirmed); AES (Cert. #81); SHA-1 (Cert. #173); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #227); DES MAC (Cert. #227, vendor affirmed);

Single-chip

"The Cyberflex Access 64K v2 Cryptographic Module serves as a highly portable PKI and digital signature secure token for enhancing the security of network access and ensuring secure electronic communications. It supports on-card Triple DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1’. The Cyberflex Access 64K v2 Cryptographic Module is part of a range of Schlumberger highly secure, Java-based cryptographic modules for physical and logical access, e-transactions and other applications."
382 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200427-0

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH)
(Software Versions 5.2.3790.0 and 5.2.3790.1830 [Service Pack 1])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/17/2004;
10/07/2005;
10/25/2005;
10/15/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003[1] and Windows Server 2003 Service Pack 1[2] (single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Cert. #80[1] and #290[2]); SHS(Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

-Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

Multi-chip standalone

"The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHA-1, DES, 3DES, AES, RSA, SHA-1-based HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
381 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200427-0

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Versions 5.2.3790.0 and 5.2.3790.1830 [Service Pack 1])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/17/2004;
10/25/2005;
10/15/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (x86) [1] and Windows Server 2003 Service Pack 1 (x86, x64 and IA64) [2] (single-user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

-Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

Multi-chip standalone

"The Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) is a FIPS 140-2 compliant, softwarebased, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, DES, 3DES, DSA and Diffie- Hellman) in a cryptographic module accessible via the Microsoft CryptoAPI (CAPI)."
380 ActivCard, Inc., Atmel, Inc. and MartSoft, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-745-6211
FAX: 510-574-0101

-Paul Chen
TEL: 408-737-3380 x1202

CST Lab: NVLAP 100432-0

Eagle 64K Flash Module v1
(Hardware AT90SC6464C-Pro, Firmware OS v09FA, ID applet v1.0.0.14, PKI applet v1.0.0.14, GC applet v1.0.0.20)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/17/2004;
05/26/2006
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #182); Triple-DES MAC (Cert. #182, vendor affirmed); SHA-1 (Cert. #166); RSA (PKCS#1, vendor affirmed)

-Other algorithms: N/A

Single-chip

"Eagle 64K Flash Module v1 is based on Atmel Secure IC, MartSoft Global Platform Java Card OS and ActivCard Applet Suite. When the module is placed in a plastic smart card housing, it is ideal for secure identification, digital signature, storing and updating account information, personal data, and even monetary value, with increased security, portability and convenience to computer applications. The external interface provided by the applet suite is compliant with the smart card interoperability specification GSC-IS defined by GSA."
379 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis

-Simon McCormack
TEL: 978-288-8592

CST Lab: NVLAP 200427-0

Contivity® 600, 1700 and 2700 Secure IP Services Gateways
(Firmware Version V04_75.183, Hardware Version 600, 1700 and 2700)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/17/2004;
09/21/2005
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #183 and #29); AES (Cert. #50); SHA-1 (Certs. #31 and #51); HMAC-SHA-1 (Certs. #31 and #51, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #48 and #101); DES MAC (Certs. #48 and #101, vendor affirmed); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD5; HMAC MD5

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant Contivity 600, 1700 and 2700 Secure IP Services Gateways are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The Contivity 600, 1700 and 2700 provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
378 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Adam Bell
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200416-0

HighAssurance 2000 Gateway
(Firmware Versions 6.00, 6.10, 6.20 and 6.21, Hardware SE-HA2000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/12/2004;
02/20/2004;
03/17/2004;
10/19/2004;
06/06/2005
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #36); DSA/SHA-1 (Cert. #5); HMAC-SHA-1 (Cert. #5, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #104); DES-MAC; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet HA2000 is a high-performance, standards-based hardware Virtual Private Network (VPN). Providing a high speed, low cost solution, it features strong security and complete manageability. SafeNet custom designed a state-of-the-art Application Specific Integrated Circuits (ASIC) for the HA2000 that allow high speed encryption with Data Encryption Standard (DES) and triple-DES. DES is included for legacy systems."
377 ReefEdge, Inc.
2 Executive Dr.
Fort Lee, NJ 07024
USA

-Silvia Ercolani
TEL: 201-242-9700
FAX: 201-242-9760

CST Lab: NVLAP 200556-0

Edge Controller 200
(Software Version 3.1.3a, Hardware Version 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/30/2004 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #171, #172 and #173); SHA-1 (Certs. #155, #156 and #157); HMAC-SHA- 1 (Certs. #155, #156 and #157, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: RC4; MD5; HMAC-MD5

Multi-chip standalone

"The ReefEdge family of Edge Controllers provides perimeter security and high-speed subnet roaming to the ReefEdge Connect System, connecting an enterprise's access points to its wired LAN. Edge Controllers enforce access control rules, implement bandwidth management, and perform encryption, enabling users to roam freely - among offices, between floors, across campuses - without losing their secure connection."
376 IBM® Corporation
11400 Burnet Road
Austin, TX 78758
USA

-Tom Benjamin
TEL: 512-436-1223

-512-436-8009

CST Lab: NVLAP 200427-0

IBM Java JCE 140-2 Cryptographic Module
(Software Version 1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/30/2004;
04/05/2004
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP3 (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 (JVM 1.4.1), Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1), AIX 5.2 (JVM 1.3.1 and 1.4.1), SuSE Linux Enterprise Server 8 (JVM 1.4.1_05), RedHat Linux Advanced Server 2.1 (JVM 1.4.1_05), IBM OS/400 V5R2M0 (JVM 1.4.1), z/OS V1R4 (JVM 1.4.1) (all in single user mode)

-FIPS-approved algorithms: AES (Cert. #78); Triple-DES (Cert. #189); DSA (Cert. #91); SHA-1 (Cert. #170); HMAC-SHA-1 (Cert. #170, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #224); Diffie-Hellman (key agreement)

Multi-chip standalone

"The IBM« Java« JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multi-purpose cryptographic module that supports only FIPS approved cryptographic operations via the Java2 Application Programming Interfaces (APIs)."
375 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5076
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Chrysalis-ITS K3 Cryptographic Engine
(Hardware Versions: 2.0, 3.0 and 4.0, Firmware Version 4.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/30/2004;
10/18/2004;
12/22/2005
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #41); Triple-DES (Cert. #73); DSA (Cert. #51); SHA- 1 (Cert. #64); RSA (FIPS 186-2, vendor affirmed); Triple-DES MAC (Cert. #73, vendor affirmed); HMAC-SHA-1 (Cert. #64, vendor affirmed)

-Other algorithms: DES (Cert. #32); DES MAC (Cert. #32, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; MD2; MD5; Diffie-Hellman 1024; CAST MAC; CAST3 MAC; CAST5 MAC; SEED; SSL3-MD5 MAC; SSL3-SHA-1 MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; AES MAC; RC2 MAC; RC5-MAC

Multi-chip embedded

"The K3 Chrysalis-ITS Cryptgraphic Engine is a hardware cryptographic module in the form of a PCI card that resides within a secured generalpurpose computing appliance. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
374 E.F. Johnson Co.
123 N. State St.
Waseca, MN 56093
USA

-John Oblak
TEL: 507-837-5116
FAX: 507-837-5120

CST Lab: NVLAP 100432-0

Subscriber Encryption Module (SEM)
(Hardware P/N-Versions 023-5000-980 and 023-5000-982, Firmware Version 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/23/2004;
05/05/2005
Overall Level: 1 

-FIPS-approved algorithms: AES (Cert. #73); DSA (Cert. #89); SHA-1 (Cert. #165); HMAC-SHA-1 (Cert. #165, vendor affirmed)

-Other algorithms: DES (Cert. #221); SecureNet DES 1 bit with differential encoding and decoding

Multi-chip embedded

"The E.F. Johnson Co. Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirement. The SEM provides Subscriber Equipment, such as the E.F. Johnson Co. 5100 series radio with secure and encrypted voice communication. The SEM supports AES, DES, DSA, and SHA-1 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security."
373 CipherOptics Inc.
701 Corporate Center Drive
Raleigh, NC 27607
USA

-Dennis Toothman - CipherOptics Inc.
TEL: 919-865-0661
FAX: 919-865-0679

-George L. Heron - SafeNet, Inc.
TEL: 410-933-5883
FAX: 410-931-7524

CST Lab: NVLAP 200017-0

CipherOptics Security Gateway
SafeNet HighAssurance 4000 Gateway

(Hardware Version: SG1000, Firmware Versions: 1.2.1 and 1.3 and Hardware Version: SG1001, Firmware Version: 1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/15/2004;
02/27/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #155); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #201); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The CipherOptics Security Gateway and the SafeNet High Assurance 4000 Gateway (aka the SafeNet HA 4000), which is the OEM version of the CipherOptics Security Gateway; is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Security Gateway has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
372 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Michael Poitner
TEL: 650-312-1241
FAX: 650-312-8129

-Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

CST Lab: NVLAP 200002-0

STARCOS SPK 2.4 CHIP
(Hardware P8WE 5032 M5.1, Software CP5WxSPKI24-01-3-S_V0330)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/29/2003;
03/19/2008
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #154); SHA-1 (Cert. #137); Triple-DES MAC (Cert. #154, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #200); DES MAC (Cert. #200, vendor affirmed)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Standard Version with Public Key Extension 2.4 (STARCOS SPK 2.4) is a scaleable multi-application operating system for smart cards and provides functionality that is necessary for public key infrastructure."
371 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Michael Poitner
TEL: 650-312-1241
FAX: 650-312-8129

-Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

CST Lab: NVLAP 200002-0

STARCOS SPK 2.4 in ID-1 Module
(Hardware P8WE 5032 M5.1, Software CP5WxSPKI24-01-3-S_V0330)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/29/2003;
03/19/2008
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #154); SHA-1 (Cert. #137); Triple-DES MAC (Cert. #154, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #200); DES MAC (Cert. #200, vendor affirmed)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Standard Version with Public Key Extension 2.4 (STARCOS SPK 2.4) is a scaleable multi-application operating system for smart cards and provides functionality that is necessary for public key infrastructure."
370 TECTIA Corporation
Kumpulantie 3
Helsinki, FI-00520
Finland

-Nicolas Gabriel-Robez
TEL: +358 20 500 7000
FAX: +358 20 500 7001

CST Lab: NVLAP 200583-0

SSH Cryptographic Library
(Software Version 1.2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/24/2003;
09/03/2004;
09/21/2004:
03/03/2006;
03/06/2007;
07/30/2010
Overall Level: 1 

-EMI/EMC: Level 3
-Self-Tests: Level 4

-Operational Environment: Tested as meeting Level 1 with Windows XP, Solaris 8, AIX 4.3.3, HP-UX 11i (single user mode)

-FIPS-approved algorithms: AES (Cert. #52); Triple-DES (Cert. #162); DSA (Cert. #82); RSA (PKCS#1, vendor affirmed); SHA-1 (Cert. #145); HMAC-SHA-1 (Cert. #145, vendor affirmed)

-Other algorithms: DES (Cert. #207); MD5; SHA-256; HMAC-MD5; HMAC-SHA-1 96; CAST-128; Blowfish; Twofish; Arcfour; Diffie-Hellman (key agreement)

Multi-chip standalone

"The SSH Cryptographic Library is a standards-based shared library providing FIPS 140-2 certified cryptographic services for SSH Communications Security's security products. The library provides a rich API and a comprehensive set of state-of-the-art algorithms including AES, 3DES, SHA-1, HMAC, RSA and DSA."
369 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 100432-0

Rosetta CSI sToken
(Software Versions 4.2.2.0 and 4.2.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/24/2003;
10/14/2004
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurace: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000

-FIPS-approved algorithms: Skipjack (Cert. #12); DSA (Cert. #87); SHA-1 (Cert. #162)

-Other algorithms: DES (Cert #78); DES MAC (Cert #78, vendor affirmed); RC2; RSA (non-compliant); MD5; HMAC-SHA-1 (Cert #162, vendor-affirmed); KEA (key agreement); Triple-DES (Cert #179; non-compliant)

Multi-chip standalone

"The Rosetta CSI sToken is a software cryptographic token providing digital signature and encryption services in a PC environment. The Rosetta sToken provides for ease of use, deployment and the assurance provided through independent third party security validation."
368 Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

-Entrust Sales
TEL: 888-690-2424

CST Lab: NVLAP 200017-0

Entrust Authority™ Security Toolkit for C++
(Software Version 6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/16/2003 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP, SP1a; Windows 2000, SP3; and Windows NT 4.0, SP 6a (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #6); Triple-DES MAC (Cert. #6, vendor affirmed); AES (Cert #59); DSA/SHA-1 (Cert #10); HMAC-SHA-1 (Cert #10, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert #56); DES MAC (Cert #56, vendor affirmed); CAST; CAST3; CAST5; IDEA; RC2; RC4; HMAC-MD5; HMAC-RIPEMD-160; CAST MAC; CAST3 MAC; CAST5 MAC; IDEA MAC; RC2 MAC; RC4 MAC; AES MAC; MD2; MD5; RIPEMD-160; SHA-256; DDiffie-Hellman (key agreement); SPEKE; ECDSA (non-compliant)

Multi-chip standalone

"The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and the runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PCKS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particlular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki."
367 3e Technologies International, Inc.
700 King Farm Blvd.
Suite 600
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1403

CST Lab: NVLAP 200427-0

3e-010F Cryptographic Client Software and 3e-010F-C Cryptographic Client Software for Intel® PRO/Wireless 2200BG Network Connection and Intel® PRO/Wireless 2915ABG Network Connection
(3e-010f: Software Versions 2.0, 2.01, and 2.04, and 3e-010F-C: Version 1.0 Build 14)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/16/2003;
01/20/2004;
01/29/2004;
05/25/2004;
05/27/2004;
11/04/2004;
11/18/2004
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000, Windows XP, Windows NT 4.0 with Service Pack 6, Windows CE 3.0, and PocketPC 2003 (single user mode)

-FIPS-approved algorithms: Triple-DES (Certs. #136 and #161); AES (Cert. #27); SHA-1 (Cert. #140); HMAC-SHA-1 (Cert. #140, vendlor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms:

Multi-chip standalone

"The 3e-010f Crypto Client Software provides advanced wireless RF data security with AES/3DES encryption plus Dynamic Key generation plus session protection. The advanced security options include the standards as established by FIPS-140-2 -- the Federal Information Processing Standards mandated by the US Department of Defense for use in wireless environments."
366 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Stefan Backstrom
TEL: 434-455-6600
FAX: 434-455-6851

CST Lab: NVLAP 200002-0

EDACS ProVoice Orion System/Scan Mobile Two-Way FM Radios 806 - 870 MHz
(Hardware Version No's. D28LPXE and D28MPXE, Firmware Version No. LZY213773/91 Rev 43A)

Revoked
DES Transition Ended

Security Policy

Certificate

Hardware 12/16/2003;
01/23/2004
Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms: DES (Cert. #218)

Multi-chip standalone

"The EDACS ProVoice Orion Mobile with FIPS 140-2 security level 1 validation provides digital voice for conventional and trunked communication environments. The Orion also allows for system and scan front mounting."
365 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0

Neopostage PSD Module
(Hardware P/N 04K9131, Software Version 1.0.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/16/2003;
10/03/2006
Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #124); SHA-1 (Cert. #107); DSA (Certs. #68 and #84); RSA (ANSI X9.31, vendor affirmed)

-Other algorithms: DES (Cert. #178);

Multi-chip embedded

"The Neopostage Postal Security Device (PSD) Module functions as a software-based PSD that utilizes hardware-based cryptographic modules for securely managing and dispensing money and indicia via encryption and digital signature techniques. The module is ideally suited to Internet and high-volume mailing based applications requiring high-speed cryptographic functions. The module is designed to meet the applicable United States Postal Service Information-Based Indicium Program (USPS IBIP) specifications for postage meters."
364 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE Crypto-C ME Toolkit
(Software 1.7.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/09/2003;
04/07/2004;
10/01/2004;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000, RedHat Linux 7.1, Sun Solaris 8 (5.8), and Pocket PC 2002 (single user mode)

-FIPS-approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed)

-Other algorithms: DES (Cert. #186); SHA-2 (256, 384; 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); DSA (key sizes: 1032 to 4096 bits)

Multi-chip standalone

"The Crypto-C ME Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
363 IBM® Corporation
Saeumerstrasse 4
Rueschlikon, CH 8803
Switzerland

-Michael Osborne
TEL: +41 1 724 8458

CST Lab: NVLAP 200427-0

JCOP21id 32K
(Hardware version: P8WE5033AEV/034188i, Firmware version: Mask 20, Applet Version 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/26/2003 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert.# 150); AES (Cert. # 44); SHA-1 (Cert.# 135); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert.#150, vendor affirmed)

-Other algorithms: DES (Cert.# 197); DES MAC (Cert. #197, vendor affirmed); AES MAC

Single-chip

"The JCOP21id is IBM's multi-application smart card, designed to the Java Card v2.1.1 and Global Platform v2.0.1 specifications. The smart card features IBM's PKCS#15 applet which provides standardized high-level security services including, 2048 bit key generation, DES, 3DES, SHA-1, RSA and AES. Additional features include biometric extensions as defined by the Java Card Forum and DAP/mandated DAP security for post issuance applets."
362 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Darren Dupre
TEL: 781-515-5000
FAX: 781-515-5010

CST Lab: NVLAP 100432-0

RSA Applets on the Schlumberger Cyberflex Access 64k Platform
(Hardware P/N M512LACC1, Firmware Versions: HardMask 5 V1 & SoftMask 2 V1, Applet Versions: ID Applet 00 01.00 09, GC Applet 00 01.00 09, PKI Applet 00 01.00 09)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/20/2003;
10/16/2008;
09/07/2010
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHA-1 (Cert. #108); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed)

Single-chip

"The RSA Applets on the Schlumberger Cyberflex Access 64k Platform module provides authentication, key generation and use, and secure data storage on a mobile platform. The module conforms to JavaCard 2.1.1, OpenPlatform 2.0.1, and GSC/IS 2.0. The module allows end-users to securely store certificates, key pairs, and passwords for authentication, public-key and single sign-on applications."
361 Francotyp-Postalia
Triftweg 21-26
D-16547 Birkenwerder Germany

-Dirk Rosenau
TEL: +49 3303 525 616
FAX: +49 3303 525 609

CST Lab: NVLAP 100432-0

Revenector
(Hardware P/N 58.0036.0001.00/05 and 58.0036.0006.00/02, Firmware Version 3.22)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/20/2003 Overall Level: 3 

-FIPS-approved algorithms: RSA (PKCS #1, vendor affirmed); SHA-1 (Cert. # 158)

-Other algorithms: N/A

Multi-chip embedded

"Revenector is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of Revenector is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
360 Research in Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry® Cryptographic Kernel
(Firmware Versions: 3.6.1, 3.7, and 3.7.1)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 11/20/2003;
04/29/2004;
08/24/2005
Overall Level: 1 

-Design Assurance: Level 3
-Self Tests: Level 4
-Tested: BlackBerry® 5810 with the BlackBerry® OS, Version 3.6.1, 3.7 and 3.7.1

-FIPS-approved algorithms: Triple-DES (Cert. #167); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
359 Mitsubishi Electric Corporation
5-1-1 Ofuna
Kamakura, 247-8501
Japan

-Tetsuo Nakakawaji
TEL: +81 0467 41 2186

CST Lab: NVLAP 200556-0

TurboMISTY
(Firmware v2.1.3, Hardware v1.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/20/2003 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. # 131); SHA-1 (Cert. #116); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #182); MD5; MISTY1

Multi-chip embedded

"PCI Encryption Accelerator Card"
358 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress™ Client Cryptographic Module
(Version 2.4.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 11/20/2003;
03/26/2010
Overall Level: 1 

-Software Security: Level 3
-Roles and Services: Level 2

-Operational Environment: Tested as meeting Level 1 with Windows XP Pro SP1; Windows 2000 SP2; Windows NT 4.0 SP2; Windows 98 2nd edition; Windows CE 3.0; PalmOS 4.1; MS DOS 6.20 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #19); SHA-1 (Cert. #34); AES (Cert. #14); HMAC-SHA-1 (Cert. #34, vendor affirmed)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement)

Multi-chip standalone

"The AirFortress(tm) Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
357 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry® Cryptographic Kernel
(Firmware Version: 3.6)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 11/20/2003;
04/29/2004;
08/24/2005
Overall Level: 1 

-Self Tests: Level 4
-Design Assurance: Level 3

-Tested: BlackBerry® 5810 with BlackBerry® OS, Version 3.6.0

-FIPS-approved algorithms: Triple-DES (Cert. #167); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
356 IBM® Corporation
Seaumerstrasse 4
Rueschlikon, CH 8803
Switzerland

-Michael Osoborne
TEL: +41 1 724 8458
FAX: +41 1 724 8953

CST Lab: NVLAP 200427-0

IBM® CryptoLite in C
(Software Version 3.0 (FIPS 140/Prod))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/20/2003 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional with SP3; Red Hat Linux 8.0 (single user mode)

-FIPS-approved algorithms: SHA-1 (Cert. #163); Triple-DES (Cert. #180); AES (Cert. #70); DSA (Cert. #88); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #163, vendor affirmed)

-Other algorithms: DES (Cert. #220); MD2; MD5; RC2; RC4; RC6; MDC-1; MDC-2; MDC-4; Unix_crypt; Blowfish; SHA-256; SHA-384; SHA-512; Diffie-Hellman (key agreement)

Multi-chip standalone

"IBM CryptoLite is a C software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance."
355 3e Technologies International, Inc.
700 King Farm Blvd.
Suite 600
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1403

CST Lab: NVLAP 200427-0

3e-521NP, 3e-522FIPS and 3e-530NP Wireless Gateways
(Hardware P/Ns 3e-521NP, 3e-522FIPS and 3e-530NP, Firmware Version 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/27/2003 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #136 and #161); AES (Cert. #27); SHA-1 (Cert. #140); HMAC-SHA-1 (Cert. #140, vendor affirmed)

-Other algorithms: RSA (PKCS#1, decryption, vendor affirmed); Diffie-Hellman (key agreement)

Multi-chip standalone

"The 3e family of Secure Wireless Gateways implements a cryptographic suite including AES, 3DES, SHA-1, HMAC SHA-1, Diffie-Hellman, and HTTPS/TLS. These algorithms are used in combination to protect the main Gateway services of bridging from wired uplink LAN to the wireless LAN, NAT routing from the wired uplink LAN to the wireless LAN, and DHCP service to the local LAN allowing a wired local LAN to exist over the local wireless LAN interface."
354 IBM® Corporation
Seaumerstrasse 4
Rueschlikon, CH 8803
Switzerland

-Michael Osoborne
TEL: +41 1 724 8458
FAX: +41 1 724 8953

CST Lab: NVLAP 200427-0

IBM CryptoLite in Java
(Software Version 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/27/2003 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional with service pack 3 (JRE 1.3.1_03), Sun Solaris 5.8 (JRE 1.3.1), AIX 5.2 (JRE 1.3.1) (single user mode)

-FIPS-approved algorithms: SHA-1 (Cert. #148); Triple-DES (Cert. #163); AES (Cert.#53); DSA (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1(Cert. #148, vendor affirmed)

-Other algorithms: DES (Cert. #208); MD2; MD5; RC2; RC4; RC6; MDC-1; MDC-2, MDC-4; Unix_crypt; Blowfish; SHA-256; SHA-384; SHA-512; Diffie-Hellman (key agreement); RSA (encryption/decryption)

Multi-chip standalone

"IBM CryptoLite is a 100% Java software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance. It runs on JDK 1.1 or higher."
353 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

NetFortress™ Cryptographic Kernel
(Standard Mode and Segemented Mode, Software Version 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 10/27/2003;
03/26/2010
Overall Level: 1 

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #19); SHA-1 (Cert. #34)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement); IDEA

Multi-chip standalone

"The NetFortress™ Cryptographic Kernel secures private communications among corporate divisions, branch offices, and mobile users. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the NF Crypto Kernel provides encryption, data integrity checking, authentication, access control, data compression, and firewall capabilities; it is IPSec compliant."
352 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 200002-0

NSD Postage Meter
(Versions (Hardware #4127906B-A, Software 10.2), (Hardware #4127906B-B, Software 10.2) and (Hardware #4127907C-A, Software 30.11, 30.13, 30.15 and 30.21))

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/21/2003;
08/06/2004;
08/09/2004;
08/11/2004;
10/06/2004;
04/27/2005;
10/18/2005;
10/03/2006
Overall Level: 2 

-Physical Security: Level 3 +EFT
-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #119); SHA-1 (Cert. #41); DSA (Cert. #61); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #119, vendor affirmed)

-Other algorithms: N/A

Multi-chip embedded

"The NSD module is a postage meter supporting accounting and cryptographic functions including the generation of 2D barcodes w/ECDSA signatures for secure electronic transactions. Associated with a document transport system and an inkjet print-head, the module is capable of processing up to 250 envelopes per minute."
351 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200002-0

Security Builder® Government Solutions Edition (SBGSE)
(Version 1)

(When operated in FIPS mode - for Palm)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/10/2003;
10/17/2003;
03/06/2009
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Palm OS 4.1

-FIPS-approved algorithms: Triple-DES (Cert. #100); AES (Cert. #5); SHA-1(Cert. #89); HMAC-SHA-1 (Cert. #89, vendor affirmed)

-Other algorithms: DES (Cert. #160); MD5; DESX; HMAC-MD5

Multi-chip standalone

"Security Builder GSE is a standards based cryptographic toolkit that provides application developers with sophistocated tools to flexibly integrate encryption, digital signatures and other security mechanisms into their applications. Security Builder provides the cryptographic core for Certicom's products, including movianCrypt, MovianVPN, SSL and wTLS Plus, and Trustpoint PKI products."
350 IBM® Corporation
IBM/Tivoli
PO Box 3499
Australia Fair
Southport, Queensland 4215
Australia

-Mike Thomas
TEL: +61 7 5552 4030
FAX: +61 7 5571 0420

-Peter Waltenberg
TEL: +61 7 5552 4016
FAX: +61 7 5571 0420

CST Lab: NVLAP 200427-0

IBM® Crypto for C (ICC)
(Software Version 0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/03/2003;
08/23/2004;
12/02/2004
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SUN Solaris 5.8, AIX 5.2 and Windows 2000 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #174); AES (Cert. #65); SHA-1 (Cert. #159); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #216); HMAC-SHA-1 (Cert #159, vendor affirmed; non-compliant); RC2; RC2-40; RC2-64; RC4; Blowfish; CAST; RSA (encryption/decryption); MD2; MD4; MD5; RIPEMD; HMAC-MD5

Multi-chip standalone

"The ICC is a C language implementation of cryptographic functions which uses the cryptographic library provided by the OpenSSL project. This enables IBM products to use an open source solution for cryptography and a FIPS 140-2 certified cryptographic provider."
349 Colubris Networks Inc.
420 Armand-Frappier
Suite 200
Laval, Québec H7V 4B4
Canada

-Stephane Laroche
TEL: 450-680-1661 x123
FAX: 450-680-1910

CST Lab: NVLAP 200427-0

Colubris CN1050 and CN1054 Wireless LAN Routers
(Hardware Versions CN1050 and CN1054; Firmware Version 1.24-01-1736)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/03/2003 Overall Level: 2 

-FIPS-approved algorithms: SHA-1 (Certs. #149, #150; #151); HMAC-SHA-1 (Certs. #149, #150; #151, vendor affirmed); Triple-DES (Certs. #164, #165; #166); AES (Certs. #54 and #55); RSA (ANSI X9.31, vendor affirmed)

-Other algorithms: DES (Cert. #209); MD4; MD5; HMAC-MD5; SHA-2; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"Colubris CN105x Secure Wireless LAN Router enables strong security for wireless enterprise networking, using embedded IPSec VPN and firewall functionalities."
348 Francotyp-Postalia
Francotyp-Postalia AG & Co. KG
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Dirk Rosenau
TEL: +49 3303 525 616
FAX: +49 3303 525 609

CST Lab: NVLAP 100432-0

Postal Revenector
(Hardware P/N Version 58.0036.0001.00/05, Firmware P/N Version 90.0036.0006.00/02)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/25/2003 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: Triple-DES (Cert. #39); SHA-1 (Cert. #43); RSA (PKCS #1, vendor affirmed); ECDSA (FIPS 186-2, vendor affirmed); HMAC-SHA-1 (Cert. #43, vendor affirmed)

-Other algorithms: DES (Cert. #108); DES MAC (Cert. #108, vendor affirmed); Diffie-Hellman (key agreement)

Multi-chip embedded

"The Francotyp-Postalia Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia’s mail handlers. The Postal Revenector has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP)."
347 Information Security Corporation
1141 Lake Cook Road
Suite D
Deerfield, IL 60015
USA

-Michael J. Markowitz
TEL: 847-405-0500

CST Lab: NVLAP 200002-0

ISC Cryptographic Development Kit (CDK) V7.0
(Version 7.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 09/24/2003 Overall Level: 1 

-EMI/EMC: Level 3
-Software Security: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #115); DSA (Cert. #65); AES (Cert. #9); Skipjack (Cert. #9); SHA-1 (Cert. #100); HMAC-SHA-1 (Cert. #100, vendor affirmed); ECDSA (vendor affirmed); RSA (PDCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #171); MD2; MD5; RC2; RC4; DESX; ElGamal; EC EIGamal; HMAC-MD5; SHA-256; SHA-384; SHA-512

Multi-chip standalone

"A software development toolkit providing a comprehensive set of cryptographic primitives for use in any application. includes RSA, DSA/Diffie-Hellman and elliptic curve algorithms, as well as a wide range of symmetric ciphers and hash functions."
346 IBM® Corporation
2455 South Road / P330
Poughkeepsie, NY 12601
USA

-Barry Ward
TEL: 845-435-4881
FAX: 845-435-5540

CST Lab: NVLAP 100432-0

Security Module with CP/Q++
(Hardware: P/N 04K9036, EC CF75600M, Firmware: Miniboot 0 Version A, Miniboot 1 Version A, CP/Q++ 2.41)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/24/2003 Overall Level: 3 

-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Certs. #4 and #124); DSA/SHA-1 (Cert. #34); SHA-1 (Cert. #107); DSA (Cert. #68); RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Certs. #86 and #178); OAEP; RSA (ISO 9796)

Multi-chip embedded

"The Security Module with CP/Q++ is the security-sensitive portion of the IBM 4758 Cryptographic Coprocessor. The Security Module is a tamper-responding, programmable module containing a CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, and firmware. The CP/Q++ control program provides basic services Coprocessor applications use for cryptographic and secure-storage processing. The validation affirms a secure environment in which to implement or extend an application program requiring secure storage, cryptographic capabilities, and processing integrity. The Coprocessor is available for use in typical PC servers and as features in IBM eServer iSeries, pSeries, and zSeries servers."
345 IBM® Corporation
2455 South Road / P330
Poughkeepsie, NY 12601
USA

-Barry Ward
TEL: 845-435-4881
FAX: 845-435-5540

CST Lab: NVLAP 100432-0

Security Module with CP/Q++
(Hardware: P/N 04K9131, EC F 72272D, Firmware: Miniboot 0 Version A, Miniboot 1 Version A, CP/Q++ 2.41)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/24/2003 Overall Level: 3 

-Physical Security: Level 4
-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Certs. #4 and #124); DSA/SHA-1 (Cert. #34); SHA-1 (Cert. #107); DSA (Cert. #68); RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Certs. #86 and #178); OAEP; RSA (ISO 9796)

Multi-chip embedded

"The Security Module with CP/Q++ is the security-sensitive portion of the IBM 4758 Cryptographic Coprocessor. The Security Module is a tamper-responding, programmable module containing a CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, and firmware. The CP/Q++ control program provides basic services Coprocessor applications use for cryptographic and secure- storage processing. The validation affirms a secure environment in which to implement or extend an application program requiring secure storage, cryptographic capabilities, and processing integrity. The Coprocessor is available for use in typical PC servers and as features in IBM eServer iSeries, pSeries, and zSeries servers."
344 Stonesoft Corporation
115 Perimeter Center Place
Suite 1000
Atlanta, GA 30346
USA

-Klaus Majewski
TEL: 678-259-3411
FAX: 770-668-1131

CST Lab: NVLAP 200002-0

StoneGate High Availability Firewall and VPN
(Version 2.0.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 09/16/2003;
10/07/2003;
04/29/2004
Overall Level: 1 

-Tested: Debian GNU/Linux Version 3.0

-FIPS-approved algorithms: Triple-DES (Certs. #145, #146; #147); AES (Certs. #39 and #40); DSA (Certs. #77 and #78); SHA-1 (Certs. #131 and #132); HMAC-SHA-1 (Cert. #132, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #194); Blowfish; Twofish; CAST-128; SHA-256 (vendor affirmed; non-compliant); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"StoneGate is a firewall and VPN software solution. It features clustering, load balancing between multiple ISPs, encrypted VPN client connectivity and advanced central administration tools."
343 Wei Dai
13440 SE 24th Street
Bellevue, WA 98005
USA

-Wei Dai
TEL: 425-562-9677

CST Lab: NVLAP 200002-0

Crypto++ Library
(Version 5.0.4)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/05/2003;
10/28/2005
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional Operating System, Service Pack 1 (single user mode)

-FIPS-approved algorithms: AES (Cert. #87); Triple-DES (Cert. #198); Skipjack (Cert. #13); DSA (Cert. #79); SHA-1 (Cert. #134); HMAC-SHA-1 (Cert. #134, vendor affirmed); Triple-DES MAC (Cert. #198, vendor affirmed); ECDSA (vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. The dynamic link library (DLL) is FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
342 Eracom Technologies Australia, Pty. Ltd.
28 Greg Chappell Drive
Burleigh Heads, QLD 4220
Australia

-Gerry Scott
TEL: 916-677-2450
FAX: 916-677-2460

CST Lab: NVLAP 200427-0

ProtectHost Orange Hardware Security Module and ProtectHost Orange Hardware Security Module with ORGA FM
(Hardware Revision A, Firmware Version 1.34.00, Software Version 1.01.11, ORGA FM Version 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/05/2003;
09/24/2003;
10/18/2005
Overall Level: 3 

-FIPS-approved algorithms: AES (Cert. #37); Triple-DES (Cert. #63); DSA (Cert. #47); ECDSA (vendor affirmed); HMAC-SHA-1 (Cert. #55); RSA (PKCS#1 and ANSI X9.31, vendor affirmed); SHA-1 (Cert. #55); Triple-DES MAC (Cert. #63, vendor affirmed)

-Other algorithms: DES (Cert. #124); DES MAC (Cert. #124, vendor affirmed); Diffie-Hellman (key agreement); CAST 128; IDEA; MD2; MD5; HMAC-MD5; RC2; RC4; RIPEMD-128; RIPEMD-160; HMAC-RIPEMD-128; HMAC-RIPEMD-160; CAST MAC; IDEA MAC; RC2 MAC; RC4 MAC

Multi-chip standalone

"The Eracom protecthost orange is an advanced Hardware Security Module (HSM) offering high speed cryptographic processing and key management. The module implements the PKCS#11 cryptographic API and provides a comprehensive compliance to the PKCS#11 standard as well as vendor specific extensions."
341 ReefEdge, Inc.
2 Executive Dr.
Fort Lee, NJ 07024
USA

-Silvia Ercolani
TEL: 201-242-9700
FAX: 201-242-9760

CST Lab: NVLAP 200556-0

Edge Controller 100x
(Software v3.1.3, Hardware v3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/29/2003 Overall Level: 2 

-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Certs. #171, #172; #173); SHA-1 (Certs. #155, #156; #157); HMAC-SHA-1 (Certs. #155, #156; #157, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: RC4; MD5; HMAC-MD5

Multi-chip standalone

"The ReefEdge family of Edge Controllers provides perimeter security and high-speed subnet roaming to the ReefEdge Connect System, connecting an enterprise's access points to its wired LAN. Edge Controllers enforce access control rules, implement bandwidth management, and perform encryption, enabling users to roam freely - among offices, between floors, across campuses - without losing their secure connection."
340 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-962-6248

CST Lab: NVLAP 100432-0

Cisco CSS Series 11000 Secure Content Accelerator/SonicWALL SSL-RX
(Hardware P/N 103-500000-00/101-500040-00 Rev E/Rev C, Firmware Version 4.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/29/2003;
04/25/2007
Overall Level: 2 

-FIPS-approved algorithms: SHA-1 (Cert. #146); HMAC-SHA-1 (Cert. #146, vendor affirmed); Triple-DES (Cert. #157); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #203); RC2; RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The SCA2/SSL-RX is an SSL proxy device designed for SSL acceleration and offloading. The SCA2/SSL-RX provides the ability to both terminate and initiate SSL connectio ns, converting cipher-text to clear-text, or clear-text to cipher-text."
339 AKCode, LLC.
13130 Roundup Ave.
San Diego, CA 92129
USA

-Robert Spraggs
TEL: 250-542-0112
FAX: 250-549-3751

CST Lab: NVLAP 100432-0

Anonymous Key Technology-C++ and Java Suite
(Software Versions 1.0.0 and 1.0.2)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/31/2003;
10/06/2003;
07/28/2005;
08/24/2005
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000, XP, and NT 4.00; SUN Server Solaris Version 8, Linux 2.2, 2.4 and 2.4.18, Microsoft Internet Explorer 5.00 and Netscape 7.01-all configured in single user mode

-FIPS-approved algorithms: AES (Certs. #38 and #47); SHA-1 (Certs. #128 and #142); HMAC-SHA-1 (Certs. #128 and #142, vendor affirmed)

-Other algorithms: PPP (key transport)

Multi-chip standalone

"Product Description: “A non PKI based software suite to allow secure authenticated Internet transactions. The suite incorporates biometrics into the authentication and encryption algorithms. Currently, the suite has been tested with encrypted video conferencing, Internet email, secure Internet transactions, secure data storage and personal authentication. The suite uses smart cards, CAC cards, RF cards, and USB storage devices as personal authentication devices. Operating systems tested include the full suite of Microsoft, LINUX, and SUN Solaris. Supports Windows CE, in version 1.0.2, though not operationally tested. The suite has both client and server components, thus enabling a complete secure solution without using traditional PKI."
338 Axalto Inc.
8311 North FM 620 Rd.
Austin, TX 78726
USA

-David Teo
TEL: 512-257-3895
FAX: 512-257-3881

CST Lab: NVLAP 100432-0

Cyberflex Access e-gate 32K
(Hardware P/N M256LCAEG1, Firmware Version HardMask 2v2, SoftMask 3v1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/07/2003;
09/21/2004;
05/25/2006
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #143); Triple-DES MAC (Cert. #143, vendor affirmed); SHA-1 (Cert. #129); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #192); DES MAC (Cert. #192, vendor affirmed);

Single-chip

"Cybeflex Access e-gate 32K serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications, supporting on-card DES (used only for legacy systems) and RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The card incorporates, apart from the conventional ISO 7816-3 interface, also the USB interface normally resident in the smart card reader. Thus, it bridges the gulf between the public terminal infrastructure (ISO 7816-3) and the PC world (USB). The Cyberflex Access e-gate 32K is part of a range of Schlumberger highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
337 Phaos Technology Corporation
520 Madison Avenue
30th Floor
New York, NY 10022
USA

-Darren Calman
TEL: 212-508-7700

CST Lab: NVLAP 200427-0

Phaos Crypto
(Software Versions 3.0 and 3.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/07/2003;
04/30/2004;
08/23/2004
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Window 2000 (Single User mode), Sun Java 2 Runtime Environment (V1.3.1)

-FIPS-approved algorithms: AES (Cert. #42); Triple-DES (Cert. #148); SHA-1 (Cert. #138); HMAC-SHA-1 (Cert. #138, vendor affirmed); RSA (PKCS#1, vendor affirmed); DSA (Cert. #81); ECDSA (vendor affirmed)

-Other algorithms: DES (Cert. #195); RC2; RC4; Blowfish; MD2; MD4; MD5; SHA-2; RSA (encryption/decryption); Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement)

Multi-chip standalone

"Phaos Crypto provides a state-of-the-art set of core cryptography algorithms in Java. It includes a comprehensive cryptographic library supporting the most current algorithms like AES, RSA-OAEP, SHA- 256/384/512, X.9-42 as well as legacy algorithms that are still used in corporate systems like 3DES, DES, MD2 etc.. Phaos Crypto allows developers to integrate cryptography into any Java application or applet. For high security deployments, Phaos Crypto provides transparent migration to cryptographic hardware without requiring any changes to existing applications."
336 Motorola, Inc.
8220 E Roosevelt St.
Scottsdale, AZ 85257
USA

-Randy Morton
TEL: 480-441-4472
FAX: 480-441-3580

CST Lab: NVLAP 100432-0

Digital Interface Unit Crypto Module (DIU CM)
(Hardware P/N T6721A Version CLN7611C, Firmware Versions R82.00.02 and R82.01.02)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/07/2003;
01/05/2004;
03/30/2004
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVP-XL; HCA; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip embedded

"The DIU CM provides secure voice and Over-the-Air-Rekeying (OTAR) advanced key management for Motorola’s Digital Interface Unit (DIU). The DIU and DIU CM combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ family of console and base station radio infrastructure equipment."
335 NetScreen Technologies, Inc.
805 11th Avenue
Building 3
Sunnyvale, CA 94089
USA

-Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0

NetScreen-204/208
(Hardware P/N NS-204 and NS-208 Version 0110(0), Software ScreenOS 4.0.0r7.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/07/2003;
08/29/2003
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #49 and #118); DSA/SHA-1 (Cert. #76); SHA-1 (Cert. #103); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #103, vendor affirmed)

-Other algorithms: DES (Certs. #114 and #174); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The NetScreen-204/208 are purpose-built network security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
334 NetScreen Technologies, Inc.
805 11th Avenue
Building 3
Sunnyvale, CA 94089
USA

-Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0

NetScreen-500
(Hardware P/N NS-500 Version 4110(0), Software ScreenOS 4.0.0r7.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/07/2003;
08/29/2003
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #12); Triple-DES (Certs. #49 and #50); DSA/SHA-1 (Cert. #75); SHA-1 (Cert. #47); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #47, vendor affirmed)

-Other algorithms: DES (Certs. #114 and #115); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
333 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher PMC 1600 PCI
(Hardware Version: nC3033M-4K0, Build Standard A, Firmware Version: 2.1.23-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/27/2003 Overall Level: 3 

-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HAS 160

Multi-chip embedded

"The nCipher PMC 1600 PCI secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher PMC 1600 PCI is a FIPS 140-2 level 3 embedded device. The nCipher PMC 1600 PCI improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
332 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher PMC 1600 PCI
(Hardware Version: nC3033M-4K0, Build Standard A, Firmware Version: 2.1.23-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/27/2003 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HAS 160

Multi-chip embedded

"The nCipher PMC 1600 PCI secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher PMC 1600 PCI may be initialized as a FIPS 140-2 level 2 embedded device. The nCipher PMC 1600 PCI improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
331 Motorola, Inc.
8220 E Roosevelt St.
Scottsdale, AZ 85257
USA

-Randy Morton
TEL: 480-441-4472
FAX: 480-441-3580

CST Lab: NVLAP 100432-0

Key Management Facility Crypto Card (KMF CC)
(Hardware P/N T6722A Versions CLN7612B and CLN8306C, Firmware Version R01.08)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/27/2003;
03/30/2004;
02/10/2011
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82)

-Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVP-XL; HCA; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip embedded

"The KMF CC provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola’s Key Management Facility (KMF). The KMF and KMF CC combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ radio systems."
330 Lipman Electronic Engineering Ltd.
11 Haamal Street
Park Afek, Rosh Haayin 48092
Israel

-David S. Kaplan
TEL: 972-3-902-9730
FAX: 972-3-902-9731

CST Lab: NVLAP 100432-0

NURIT 202 PIN Pad
(Hardware P/N NURIT 0202-XXX-M21-YYY [XXX: Country Code, YYY: Color Code]*, Firmware Version M02.25)

(Refer to the cryptographic module’s security policy for the details on the letters)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/27/2003;
04/30/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #123); Triple-DES MAC (Cert. #123, vendor affirmed)

-Other algorithms: DES (Cert. #177); DES MAC (Cert. #177, vendor affirmed)

Multi-chip standalone

"The NURIT 202 is an advanced, easy-to- use handheld PIN Pad allowing for protected debit/credit transactions. The NURT 202 can be interconnected with any NURIT point-of-sale (POS) terminal, or terminals of other manufacturers."
329 CyberGuard Corporation
2000 W. Commercial
Blvd Suite 200
Ft. Lauderdale, FL 33309
USA

-Soheila Amiri
TEL: 954-958-3900

CST Lab: NVLAP 200416-0

CyberGuard Cryptographic Module
(Version: 5.0P1f)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 06/27/2003 Overall Level: 1 

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #102); SHA-1 (Cert. #109); AES (Cert. #6); DSA (Cert. #69); HMAC-SHA-1 (Cert. #109, vendor affirmed)

-Other algorithms: DES (Cert. #161); Diffie-Hellman (key agreement); Twofish; Blowfish; CAST-128; MD5; Tiger192; RIPEMD-160; HMAC-MD5

Multi-chip standalone

"The CyberGuard Firewall/VPN is a packet-filtering and application proxy gateway, which allows or blocks the routing of specific network services between networks based on a set of administrator-defined rules."
328 Bodacion Technologies
18-3 E Dundee Rd
Suite 300
Barrington, IL 60010
USA

-Eric Uner
TEL: 847-842-9008

CST Lab: NVLAP 200416-0

HYDRA Server Cryptographic Module
(Hardware Version: 1.4, Firmware Version: 1.4)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/27/2003 Overall Level: 1 

-FIPS-approved algorithms: Triple-DES (Cert. #126); SHA-1 (Cert. #110)

-Other algorithms: RSA (non-compliant); AES (non-compliant); RC4; MD5

Multi-chip standalone

"HYDRA is an internet server built without an operating system from the ground up to be totally secure. It contains everything you need to run a high-performance, secure Web site including HTTP, HTTPS, and FTP servers, Web-based administration, and Java/JSP capabilities."
327 Axalto Inc.
8311 North FM 620 Road
Austin, TX 78726
USA

-David Teo
TEL: 512-257-3895
FAX: 512-257-3881

CST Lab: NVLAP 100432-0

Schlumberger Cyberflex Access 32K Smart Card Module with Schlumberger PKI Applets
(Hardware P/N SLE66CX320P, Firmware Version Softmask 7 V2, Hardmask 2 V2; Applets: Gina Applet Version 1.1, Smart Login Applet Version 1.1, PKI Applet Version1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/17/2003;
09/21/2004;
05/25/2006
Overall Level: 2 

-Physical Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #65); Triple-DES MAC (Cert. #65, vendor affirmed); SHA-1 (Cert. #57); RSA (PKCS#1, vendor affirmed)

-Other algorithms: N/A

Single-chip

"The Schlumberger Cyberflex Access 32K Smart Card Module with Schlumberger PKI Applets is a single chip implementation of a Java Card 2.1.1 compliant smart card module. It is also compliant with OP 2.0.1, thus establishing a well defined security infrastructure through applet instantiation, key management and security policy configuration which can be performed using FIPS 140-2 compliant mechanisms."
326 NetScreen Technologies, Inc.
805 11th Avenue
Building 3
Sunnyvale, CA 94089
USA

-Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0

NetScreen-5200
(Hardware P/N NS-5200 Version 3010(0), Firmware Version 4.0.0r7.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/17/2003;
08/29/2003
Overall Level: 2 

-FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA/SHA-1 (Cert. #76); SHA-1 (Certs. #103 and #119); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1(Certs. #103 and #119, vendor affirmed)

-Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The NetScreen-5200 is a purpose-built internet security appliance that provides advanced firewall and IPSec VPN functionality, optimized for the most demanding environments such as large enterprise offices, carrier infrastructures, or service providers. The NetScreen-5200 is capable of 2 Gbps 3DES VPN throughput."
325 NetScreen Technologies, Inc.
805 11th Avenue
Building 3
Sunnyvale, CA 94089
USA

-Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0

NetScreen-5XT
(Hardware P/N NS-5XT Version 3010(0), Firmware Version 4.0.0r7.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/17/2003;
08/29/2003
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: AES (Cert. #11); Triple-DES (Certs. #49 and #118); DSA/SHA-1 (Cert. #76); SHA-1 (Cert. #103); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #103, vendor affirmed)

-Other algorithms: DES (Certs. #114 and #174); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The NetScreen-5XT is a purpose-built internet network security appliance that delivers firewall, VPN, and traffic management optimized for remote offices, home offices, and telecommuters."
324 IP Dynamics, Inc.
2880 Stevens Creek Boulevard
San Jose, CA 95128
USA

-Zulfikar Ramzan
TEL: 408-961-6349
FAX: 408-961-6390

CST Lab: NVLAP 100432-0

VCN Member Agent Cryptographic Module
(Software Version 4.2)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/06/2003 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Window 2000 professional, Service Pack 2 Operation System (single-user mode)

-FIPS-approved algorithms: AES (Cert. #34); SHA-1 (Cert. #126); HMAC-SHA-1 (Cert. #126, vendor affirmed); Triple-DES (Cert. #141)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"IP Dynamics’ VCN Software Suite creates a secure network services layer above the flat Internet address space allowing the creation of dynamic virtual communities, which are the secure, collaborative communications platforms designed for a wide range of intranet, extranet, remote access and collaboration applications."
323 IP Dynamics, Inc.
2880 Stevens Creek Boulevard
San Jose, CA 95128
USA

-Zulfikar Ramzan
TEL: 408-961-6349
FAX: 408-961-6390

CST Lab: NVLAP 100432-0

VCN Manager Cryptographic Module
(Software Version 4.2)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/06/2003;
06/27/2003
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 2 with Solaris Version 8 FCS with AdminSuite Version 3.0.1 FCS with patches 108875 and 108879-02 for SPARC platforms, Sun Ultra 10 with UltraSPARC IIi 333MHz, JDK 1.4.0

-FIPS-approved algorithms: AES (Cert. #34); SHA-1 (Cert. #126); HMAC-SHA-1 (Cert. #126, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"IP Dynamics’ VCN Software Suite creates a secure network services layer above the flat Internet address space allowing the creation of dynamic virtual communities, which are the secure, collaborative communications platforms designed for a wide range of intranet, extranet, remote access and collaboration applications."
322 Palm Solutions Group
400 N. McCarthy Blvd
Milpitas, CA 95035
USA

-Rebecca Taylor
TEL: 408-503-7500
FAX: 408-503-2750

CST Lab: NVLAP 100432-0

Crypto Manager
(Software Version 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/06/2003 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Palm OS 4.1

-FIPS-approved algorithms: AES (Cert. #19); SHA-1 (Cert. #115); HMAC-SHA-1 (Cert. #115, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Crypto Manager Version 2.0 provides cryptographic services to applications on the Palm platform. Using the Crypto Manager API (Application Programming Interface), application developers can access strong cryptographic services without having expertise in cryptography. Crypto manager is designed to be used on any devices running Palm OS 3.0 or higher. It features strong encryption via AES, HMAC SHA-1 message authentication and SHA-1 digests Crypto Manager is built to comply with FIPS 140-2 Level 1."
321 IBM® Corporation
CC1A/502/K301
4205 S. Miami Blvd.
Durham, NC 27703
USA

-Keith Medlin
TEL: 919-543-2014
FAX: 919-486-0675

CST Lab: NVLAP 200556-0

IBM® Everyplace™ Wireless Gateway Cryptographic Module
(Version 1.6)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/29/2003 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Trusted Solaris 8 4/01 EAL4 (Solaris SunBlade 1000); AIX 5L Version 5.2 EAL4+ (IBM pSeries 660 Model 6H1)

-FIPS-approved algorithms: Triple-DES (Cert. #142); AES (Cert. #36); SHA-1 (Cert. #127); DSA (Cert. #74)

-Other algorithms: DES (Cert. #191)

Multi-chip standalone

"The IBM® Everyplace Wireless Gateway Cryptographic Module provides encryption and other cryptographic services for the IBM® Everyplace Wireless Gateway for Multiplatforms. The IBM® Everyplace Wireless Gateway for Multiplatforms is a distributed, scalable, multipurpose UNIX® communications platform that can support optimized, security-enhanced data access by both Wireless Application Protocol (WAP) clients and non- WAP clients over a wide range of international wireless network technologies, as well as local area (LAN) and wide area (WAN) wire line networks. The cryptographic module was tested on a AIX Version 5.2 platform."
320 IBM® Corporation
CC1A/502/K301
4205 S. Miami Blvd.
Durham, NC 27703
USA

-Keith Medlin
TEL: 919-543-2014
FAX: 919-486-0675

CST Lab: NVLAP 200556-0

IBM® Everyplace™ Wireless Gateway Cryptographic Module
(Version 1.6)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/29/2003 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 SP2; Microsoft Pocket PC 2002

-FIPS-approved algorithms: Triple-DES (Cert. #142); AES (Cert. #36); SHA-1 (Cert. #127); DSA (Cert. #74)

-Other algorithms: DES (Cert. #191)

Multi-chip standalone

"The IBM® Everyplace Wireless Gateway Cryptographic Module provides encryption and other cryptographic services for the IBM® Everyplace Wireless Gateway for Multiplatforms. The IBM® Everyplace Wireless Gateway for Multiplatforms is a distributed, scalable, multipurpose UNIX® communications platform that can support optimized, securityenhanced data access by both Wireless Application Protocol (WAP) clients and non-WAP clients over a wide range of international wireless network technologies, as well as local area (LAN) and wide area (WAN) wire line networks."
319 ActivCard, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-574-0100
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

Cyberflex Access 64K v1 with ActivCard applet suite
(P/N M512LACC1, FW HardMask 5 v1 & SoftMask 2 v1 and 4 v1, Applet versions: ID Applet 1.0.0.23, 1.0.0.24 and 1.14.0.19, PKI Applet 1.0.0.26, 1.0.0.30 and 1.14.0.21, GC Applet 1.0.0.26 and 1.0.0.28)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/29/2003;
10/03/2003;
12/03/2003;
08/03/2004
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert #125); Triple-DES MAC; SHA-1 (Cert. #108); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #179); DES MAC

Single-chip

"Cyberflex Access 64K v1 with ActivCard applet suite, which incorporates PKI (public key infrastructure) and digital signature technology, serve as highly portable, secure tokens for enhancing the security of network access and ensuring secure electronic communications. The SmartCard platform has on board Triple DES and RSA algorithms and can provide on board key generation. It is compliant to Java Card V2.1.1 and Open Platform V2.0.1."
318 Axalto Inc.
8311 North FM 620 Road
Austin, TX 78726
USA

-David Teo
TEL: 512-257-3895
FAX: 512-257-3881

CST Lab: NVLAP 100432-0

Cyberflex Access 64K
(Hardware: M512LACC1, Firmware: HardMask 5v1, SoftMask 2v1, 4v1, and 4v2)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/29/2003;
07/03/2003;
07/15/2003;
06/25/2004;
09/21/2004;
06/06/2005;
05/25/2006
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC; SHA-1 (Cert. #108); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #179); DES MAC

Single-chip

"The Cyberflex Access 64K can be employed in solutio ns which provide secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K supports on-card Triple DES and 1024-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K is part of a range of Schlumberger highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
317 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

Astro Subscriber Encryption Module
(HW PNs Astro Saber, Astro Spectra, Astro Consolette-NTN8967C, Astro XTS3000-0105956v67, FW v03.55, and v03.56)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/29/2003;
06/11/2003;
03/30/2004
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVI-SPFL; DVP-XL; SHA-1 (non-compliant); AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip embedded

"Encryption modules used in Motorola Astro family of radios provide secure voice and data capabilities as well as APCO Over-the-Air-Rekeying (OTAR) and advanced key management."
316 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200002-0

Security Builder® Government Solutions Edition (SBGSE)
(Version 1.0.1)

(When operated in FIPS mode - for Windows and WinCE)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/13/2003;
06/30/2003;
03/06/2009
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Dell Optiplex GX1 (Windows 98); Compaq iPAQ Pocket PC (WinCE)

-FIPS-approved algorithms: Triple-DES (Cert. #100); AES (Cert. #5); SHA-1 (Cert. #89); HMAC-SHA-1 (Cert. #89, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #160); MD5; DESX; HMAC-MD5

Multi-chip standalone

"Security Builder GSE is a standards-based cryptography toolkit that provides application developers with the sophisticated tools and flexibility needed to integrate encryption, digital signatures, and other security mechanisms into their applications. Security Builder provides the cryptographic core for a variety of Certicom products, including movianCrypt, movianVPN, SSL Plus, Trustpoint PKI products and toolkits and certificates, and WTLS Plus. Security Builder is also licensed to third party companies."
315 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196
USA

-Phil Gemmato
TEL: 847-576-4707
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

Motorola Gold Elite Gateway Secure Card (MGEG SC)
(HW Versions CLN7637b and CLN7637c, FW Versions R01.00.00, R01.03.07 and R01.04.02)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/13/2003;
11/26/2003;
12/03/2003;
12/24/2003;
04/13/2004;
07/27/2004
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); SHA-1; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip embedded

"The MGEG Secure Card is a cPCI device which performs encryption and decryption for all voice traffic through the Motorola Gold Elite Gateway (MGEG)."
314 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Hazem Hassan
TEL: 952-808-2372
FAX: 952-890-2726

CST Lab: NVLAP 200427-0

Model 330J with JCCOS Applet
(Firmware Version: 2.0, Hardware Version: P8WE5033AEV/024A181)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/24/2003;
02/22/2005
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #144); SHA-1 (Cert. #130); RSA (singnature generation/verification PKCS#1 v1.5, vendor affirmed)

-Other algorithms: DES (Cert. #193); RSA (decryption)

Single-chip

"The Model 330J is SAFENET'S multi-application smart card, designed to the JavaCard v2.1.1 and Global Platform v2.0.1 specifications. The Model 330J smart card features SAFENET'S JCCOS operating system applet (Javabased Cryptographic Card Operating System). JCCOS is an advanced cryptographic applet that, when loaded onto a multi-application JavaCard, enables FIPS 140-2 Level 2 validation."
313 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2501

CST Lab: NVLAP 200017-0

Entrust Authority Security Toolkit for Java
(Software Version 6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/28/2003 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Win XP SP1a, Win 2000 SP3, Win NT 4.0 SP 6a and WIN ME in single user mode running Sun JRE v1.2.2, 1.3.1 and 1.4.0, and IBM JRE v1.3

-FIPS-approved algorithms: Triple-DES (Cert. #140); Triple-DES MAC (Cert. #140, vendor affirmed); AES (Cert. #31); DSA (Cert. #73); ECDSA (vendor affirmed); SHA-1 (Cert. #125); HMAC-SHA-1 (Cert. #125, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #190); DES MAC (Cert. #190, vendor affirmed); CAST 128; IDEA; RC2; RC4; Rijndael 256; HMAC-MD5; CAST 128 MAC; IDEA MAC; MD2; MD5; Diffie-Hellman (key agreement); SPEKE; RSA (encryption/decryption)

Multi-chip standalone

"Entrust AuthorityTM Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet security architecture across multiple applications and platforms. By minimizing the need for separate administration modules with every deployed application, these Toolkits provide a reduction in administrative duplication and help to reduce the cost to deploy across multiple platforms."
312 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Versions 3.3 and 3.3.1)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 03/28/2003;
04/25/2003;
05/02/2003;
04/29/2004;
08/24/2005
Overall Level: 1 

-Tested: BlackBerry 5810 with the RIM Proprietary OS, Version 3.3.0

-FIPS-approved algorithms: Triple-DES (Cert. #167); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147, vendor affirmed); RSA (signature verification: PKCS#1, vendor affirmed)

-Other algorithms:

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerryTM Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerryTM."
311 TLC-Chamonix, LLC
120 Village Square
Suite 11
Orinda, CA 94563
USA

-Phil Smith
TEL: 877-479-4500
FAX: 877-639-3470

CST Lab: NVLAP 100432-0

Cranite Wireless Access Controller
(Software Versions 2.0, 3.0, 3.0.5e and 3.0.5f)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/20/2003;
07/10/2003;
03/29/2004;
02/03/2005;
02/21/2006;
02/24/2006;
03/10/2006;
05/20/2008
Overall Level: 1 

-EMI/EMC: Level 3
-Cryptographic Key Managements: Level 3;

-Operational Environment: Tested as meeting Level 1 with RedHat Linux 7.0

-FIPS-approved algorithms: Triple-DES (Cert. #130); AES (Cert. #24); SHA-1 (Cert. #113); HMAC-SHA-1 (Cert. #113, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: MD5; RSA (key exchange)

Multi-chip standalone

"The Cranite Wireless® Access Controller is a cryptographic software system for wireless LANs that enforces network access rights, encrypts / decrypts authorized traffic, and provides seamless, secure mobility services to users as they mo ve across subnets. The Cranite Wireless Access Controller software installs onto a standard, enterprise-class hardware platform."
310 Standard Networks, Inc.
344 South Yellowstone Drive
Madison, WI 53705
USA

-Reid MacGuidwin
TEL: 608-227-6100

CST Lab: NVLAP 200427-0

MOVEit Crypto
(Versions 1.0.1.0 and 1.1.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/11/2003;
03/20/2003;
01/30/2004
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 and RedHat Linux 9.0 (single user mode)

-FIPS-approved algorithms: AES (Cert. #30); SHA-1 (Cert. #124); HMAC-SHA-1 (Cert. #124, vendor affirmed)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"MOVEit Crypto is a 32-bit compact dynamically linked library (DLL) that provides fast encryption services to applications running on Microsoft Windows operating systems. MOVEit Crypto is supported on Windows 95/98/ME/NT 4.0/2000/XP. MOVEit Crypto provides an API featuring NIST-approved AES encryption, SHA-1 hashing, and pseudo-random number generation algorithms. The easy-to-use programming interface allows applications to be written without special code for details like block size, padding mode, and so on. MOVEit Crypto is a member of the MOVEit security and file transfer product family."
309 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE Crypto-C ME Toolkit Module
(Version 1.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/07/2003;
10/01/2004;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 (single user mode)

-FIPS-approved algorithms: DSA (Cert. #72); Triple-DES (Cert. #135); AES (Cert. #26); SHA-1 (Cert. #121); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #121, vendor affirmed)

-Other algorithms: DES (Cert. #186); SHA-2 (256, 384, 512); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement); RSA (encryption/decryption)

Multi-chip standalone

"The Crypto-C ME Module is RSA Security, Inc.’s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the high-performing RC5, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
308 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust Security Kernel Version 7.0
(Version 7.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 03/07/2003 Overall Level: 2 

-Roles and Services: Level 2*
-EMI/EMC: Level 3
-Key Management: Level 2*

-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C3-2-rated on a Compaq ProLiant 7000 Server;

*When operated in the FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #6); AES (Cert. #10); HMAC-SHA-1 (Cert. #10, vendor affirmed); DSA/SHA-1 (Cert. #10); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-MD5; HMAC-RIPEMD-160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie-Hellman; ECDSA (vendor affirmed; non-compliant)

Multi-chip standalone

"The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PKCS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki."
307 Symbol (Columbitech)
641 Alpha Drive
Pittsburgh, PA 15238
USA

-Bill Forrest
TEL: 412-968-2200
FAX: 412-968-2269

CST Lab: NVLAP 100432-0

WTLS Cryptographic Module
(Software Versions 1.2, 1.3.1 and 1.3.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/07/2003;
03/14/2003;
03/20/2003;
05/23/2003;
03/30/2004;
03/11/2005;
09/12/2006
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 2
-Self Tests: Level 4

-Operating Environment: Tested as meeting Level 1 with Windows 2000; Windows XP; Windows NT4.0; Windows CE3.0

-FIPS-approved algorithms: Triple-DES (Cert. #134); AES (Cert. #25); SHA-1 (Cert. #120); HMAC-SHA-1 (Cert. #120, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #185); RSA (encrypt/decrypt); SHA-256; SHA-384; SHA-512; MD5; HMAC-MD5

Multi-chip standalone

"Symbol Technologies Inc is using the WTLS Cryptographic Module in the AirBEAM® Safe product, a software only VPN solution built on standards, installable today, without any proprietary adjustments, and extendable for any future needs and technologies. In summary, AirBEAM® Safe benefits include strong security framework, using an advanced architecture with PKI support, true end-to-end security, authentication outside the firewall; optimized wireless performance using advanced data compression; convenience of always-on connectivity and seamless roaming between different public networks, LAN/WLAN/GPRS. Supported clients; PPC 2002, Windows 2000/XP Supported servers: Windows 2000/NT 4.0"
306 Lucent Technologies, Inc.
101 Crawfords Corner Road
Room 4D-218
Holmdel, NJ 07733
USA

-Steve Reustle
TEL: 732-332-6281
FAX: 732-949-1373

CST Lab: NVLAP 200427-0

Brick 1000
(Software Version 6.0.554, Hardware Version 1000, Part #300533882)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 03/07/2003 Overall Level: 2 

-Roles and Services: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #108); DSA (Cert. #62); SHA-1 (Certs. #96)

-Other algorithms: DES (Certs. #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Brick 1000 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
305 Lucent Technologies, Inc.
101 Crawfords Corner Road
Room 4D-218
Holmdel, NJ 07733
USA

-Steve Reustle
TEL: 732-332-6281
FAX: 732-949-1373

CST Lab: NVLAP 200427-0

Brick 1000 with Encryption Accelerator Card
(Software Version 6.0.554, Hardware Version 1000, Part #300533890)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 03/07/2003 Overall Level: 2 

-Roles and Services: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #108 and #111); DSA (Cert. #62); SHA-1 (Certs. #16 and #96)

-Other algorithms: DES (Certs. #43 and #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Brick 1000 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
304 Lucent Technologies, Inc.
101 Crawfords Corner Road
Room 4D-218
Holmdel, NJ 07733
USA

-Steve Reustle
TEL: 732-332-6281
FAX: 732-949-1373

CST Lab: NVLAP 200427-0

Brick 201
(Software Version 6.0.554, Hardware Version 201, Part #300546884)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 03/07/2003 Overall Level: 2 

-Roles and Services: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #108); DSA (Cert. #62); SHA-1 (Certs. #96)

-Other algorithms: DES (Certs. #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Brick 201 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
303 Lucent Technologies, Inc.
101 Crawfords Corner Road
Room 4D-218
Holmdel, NJ 07733
USA

-Steve Reustle
TEL: 732-332-6281
FAX: 732-949-1373

CST Lab: NVLAP 200427-0

Brick 201 with Encryption Accelerator Card
(Software Version 6.0.554, Hardware Version 201, Part #300546892)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 03/07/2003 Overall Level: 2 

-Roles and Services: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #108 and #111); DSA (Cert. #62); SHA-1 (Certs. #16 and #96)

-Other algorithms: DES (Certs. #43 and #166); MD5; RC4; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Brick 201 is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industryleading performance."
302 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 SCSI and nForce 400 SCSI
(Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC3022W-150 and nC3022W-400, Build Standard D)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/07/2003;
05/09/2003;
01/23/2004
Overall Level: 2 

-Roles, Services, and Authentication: Level 2 or 3*
-Cryptographic Module Ports and Interfaces: Level 2 or 3*
-Cryptographic Key Management: Level 2 or 3*

*Level Conditional on configuration as per Security Policy

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, ecommerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
301 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 PCI and nForce 300 PCI
(Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC3022P-150 and nC3022P-300, Build Standard E)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/07/2003;
05/09/2003;
01/23/2004
Overall Level: 2 

-Roles, Services, and Authentication: Level 2 or 3*
-Physical Security: Level 3;
-Cryptographic Module Ports and Interfaces: Level 2 or 3*;
-Cryptographic Key Management: Level 2 or 3*

*Level Conditional on configuration as per Security Policy

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, ecommerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
300 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI, nShield F3 Ultrasign SCSI and nShield F3 Ultrasign 32 SCSI and payShield
(Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC4032W-150, nC4032W-400 and nC4132W-400, Build Standard DP)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/07/2003;
05/09/2003;
01/23/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
299 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 SCSI, nShield F2 Ultrasign SCSI and nShield F2 Ultrasign 32 SCSI
(Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC4022W-150, nC4022W-400 and nC4122W-400, Build Standard DR)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/07/2003;
05/09/2003;
01/23/2004
Overall Level: 2 

-Roles, Services, and Authentication: Level 2 or 3*
-EMI/EMC: Level 3
-Cryptographic Module Ports and Interfaces: Level 2 or 3*
-Cryptographic Key Management: Level 2 or 3*

*Level conditional on configuration as per Security Policy

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
298 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 PCI, nShield F2 Ultrasign PCI and nShield F2 Ultrasign 32 PCI
(Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC4022P-150, nC4022P-300 and nC4122P-300, Build Standard ER)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/07/2003;
05/09/2003;
01/23/2004
Overall Level: 2 

-Roles, Services, and Authentication: Level 2 or 3*
-Physical Security: Level 3;
-Cryptographic Module Ports and interfaces: Level 2 or 3*;
-Cryptographic Key Management: Level 2 or 3*

*Level conditional on configuration as per Security Policy

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
297 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 PCI, nShield F3 Ultrasign PCI and nShield F3 Ultrasign 32 PCI
(Firmware Versions 2.0.0, 2.0.2, 2.0.4 and 2.0.5, Hardware Versions nC4032P-150, nC4032P-300 and nC4132P-300, Build Standard ER)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/07/2003;
05/09/2003;
01/23/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
296 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

Atalla Cryptographic Engine (ACE)
(ACE Product 524103 Rev. F, ACE Hardware 429728-006 Rev. H, Loader Software 523044-004 Rev. D)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/07/2003;
03/18/2003;
09/19/2011
Overall Level: 3 

-Physical Security: Level 3 +EFP
-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #128); SHA-1 (Cert. #112); Triple-DES MAC (Cert. #128, vendor affirmed)

-Other algorithms: MD5; RIPEMD; RSA (PKCS#1 Version 2 for decryption)

Multi-chip embedded

"The Atalla Cryptographic Engine (ACE) is a multichip module that provides state of the art, secure cryptographic processing. The ACE features secure key management and storage capabilities, and also provides high performance Triple DES processing and Public Key Infrastructure support required to support a broad range of payment and authentication applications. The ACE is used in the Atalla A10100, A9100, and A8100 Network Security Processors Series products."
295 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 800 PCI and nCipher 1600 PCI
(Firmware Versions 2.0.1-2 and 2.0.5-2, Hardware Versions nC3033-800 and nC3033-1K6, Build Standard C)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/07/2003;
01/23/2004
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS-approved algorithms: Triple-DES (Cert.#109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #173); DES MAC (Cert. #173); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD 160); SHA-256; SHA-384; SHA-512; RIPEMD 160; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nForce II secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nForce modules: nForce 800, nForce 1600 are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
294 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 800 PCI and nCipher 1600 PCI
(Firmware Versions 2.0.1-3 and 2.0.5-3, Hardware Versions nC3033-800 and nC3033-1K6, Build Standard C)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/07/2003;
01/23/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert.#109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #173); DES MAC (Cert. #173); ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD 160); SHA-256; SHA-384; SHA-512; RIPEMD 160; EI-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; MD2; MD5; SEED; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nForce II secure e-Commerce SSL family of secure ecommerce accelerators are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nForce modules: nForce 800, nForce 1600 are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
293 Aladdin Knowledge Systems, Ltd.
15 Beit Oved Street
Tel Aviv, 61110
Israel

-Leedor Agam
TEL: +972 3636 2222
FAX: +972 3537 5796

CST Lab: NVLAP 200556-0

eToken PRO 32K
(Version 4.2.5.4)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 02/13/2003 Overall Level: 2 

-Roles and Services: Level 3
-EMI/EMC: Level 3
-Key Management: Level 3
-Module Interfaces: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #153); Triple-DES MAC; SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #199); DES MAC; RSA (encryption/decryption, PKCS#1)

Multi-chip standalone

"The eToken PRO is a fully portable USB device the size of an average house key offering a cost-Effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
292 Aladdin Knowledge Systems, Ltd.
15 Beit Oved Street
Tel Aviv, 61110
Israel

-Leedor Agam
TEL: +972 3636 2222
FAX: +972 3537 5796

CST Lab: NVLAP 200556-0

eToken PRO 32K HD
(Version 4.2.5.4.HD)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 02/13/2003 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert.#153); Triple-DES MAC; Triple-SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #199); DES MAC; RSA (encryption/decryption, PKCS#1)

Multi-chip standalone

"The eToken PRO is a fully portable USB device the size of an average house key offering a cost-effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
291 Aladdin Knowledge Systems, Ltd.
15 Beit Oved Street
Tel Aviv, 61110
Israel

-Leedor Agam
TEL: +972 3636 2222
FAX: +972 3537 5796

CST Lab: NVLAP 200556-0

eToken PRO 16K
(Version 4.1.5.4)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 02/13/2003 Overall Level: 2 

-Roles and Services: Level 3
-EMI/EMC: Level 3
-Key Management: Level 3
-Module Interfaces: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #152); Triple-DES MAC; SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #198); DES MAC; RSA (encryption/decryption, PKCS#1)

Multi-chip standalone

"The eToken PRO is a fully portable USB device the size of an average house key offering a cost-Effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
290 Aladdin Knowledge Systems, Ltd.
15 Beit Oved Street
Tel Aviv, 61110
Israel

-Leedor Agam
TEL: +972 3636 2222
FAX: +972 3537 5796

CST Lab: NVLAP 200556-0

eToken PRO 16K HD
(Version 4.1.5.4.HD)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 02/13/2003 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #152); Triple-DES MAC; SHA-1 (Cert. #118); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #198); DES MAC; RSA (encryption/decryption, PKCS#1)

Multi-chip standalone

"The eToken PRO is a fully portable USB device the size of an average house key offering a cost-effective method for authenticating users when accessing a network and for securing electronic business applications. The eToken PRO can generate and store users' personal credentials, such as private keys, passwords and digital certificates, inside the protected environment of the token itself. Users' private keys never leave the token."
289 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J Toolkit Module
(Version 3.3.4.2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Software 02/04/2003;
10/01/2004;
12/14/2004;
12/16/2004;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Windows NT SP 6 (single user mode), JVM v1.3.1, JRE v1.3.1

-FIPS-approved algorithms: Triple-DES (Cert. #112); AES (Cert. #45); SHA-1 (Cert. #97); DSA (Cert. #63); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #168); DESX; RC2; RC4; RC5; MD2; MD5; HMAC-SHA-1 (Cert #97); Diffie-Hellman (key agreement); Base64

Multi-chip standalone

"The Crypto-J Module is a Java-language software development kit that allows software and hardware developers to incorporate encryption technologies directly into their products. The tested Crypto-J Module is a Java-language API available as a Java ARchive, or JAR, file."
288 Tumbleweed Communications Corp.
700 Saginaw Drive
Redwood City, CA 94063
USA

-Ann Smith
TEL: 703-248-6931
FAX: 703-248-6932

CST Lab: NVLAP 100432-0

ValiCert Security Module
(SW Version 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 02/04/2003;
06/10/2004
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 2000 Server, SUN Solaris 2.8 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #83); SHA-1 (Cert. #72); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #72, vendor affirmed)

-Other algorithms: DES (Cert. #144); MD2; MD5; RC2; RC4; RSA encryption (key distribution)

Multi-chip standalone

"The ValiCert VA Toolkit 4.3 is built on our FIPS 140-1 cryptographic module. The 4.3 toolkit release has several new APIs and features. The library is also used within ValiCert Desktop Validator, Server Validators, Enterprise Validation Server, Document Authority, and Secure Transport Products. New features in VA Toolkit 4.3 include New APIs for fetching CRLs; Extended APIs for Certificate-Store ; Extended support for CRLs ; JITC compliance features ; TLS ; SSL Tunneling via Proxy Servers. The 4.3 release and prior releases support OCSP, SCVP, CRL, CRLdp protocols over HTTP, and HTTPS. The VA Toolkit 4.3 supports Windows 98/ NT/2000, Solaris 5.6/5.7/5.8, HP UX 11.0, and AIX 4.3. The Toolkit works along with FIPS 140-1 Level 3 and Level 4 validated hardware devices: e.g. nCipher, Baltimore, and Chrysalis-ITS hardware signing / encryption modules. The toolkit is also tested for interoperability with various PKI vendors: AOL/Netscape, Sun/Iplanet, Entrust, Baltimore, Verisign, Computer Associates and RSA Security products."
287 Mykotronx, Inc.
357 Van Ness Way
Suite 200
Torrance, CA 90501
USA

-B. Yamamoto
TEL: 310-533-8100

CST Lab: NVLAP 100432-0

82A FORTEZZA Crypto Card
(HW PN 650000-3 Version 6, FW Version 3)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 02/04/2003 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA (Cert. #58); SHA-1 (Cert. #86); Skipjack (Certs. #7 and #10)

-Other algorithms: KEA

Multi-chip standalone

"The Mykotronx 82A FORTEZZA Crypto Card provides cryptographic security and authentication methods in a PC Card hardware token for government and commercial applications. Self- contained, standardized, and easily integrated, the 82A FORTEZZA Crypto Card enables portable security, with onboard storage of user credentials, keys, and digital certificates."
286 Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

-Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200002-0

Novell International Cryptographic Infrastructure (NICI)
(Software Version 2.4.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 01/17/2003;
01/22/2003;
01/31/2006
Overall Level: 2 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 2 with Sun SPARC Ultra-10 running Sun Solaris 8 Operating System (EAL 4 configuration)

-FIPS-approved algorithms: Triple-DES (Cert. #120); AES (Cert. #13); DSA (Cert. #66); SHA-1 (Cert. #104); RSA (signature generation/verification: ANSI X9.31, vendor affirmed); HMAC-SHA-1 (Cert. #104, vendor affirmed)

-Other algorithms: DES (Cert. #175); Diffie-Hellman (key agreement); RSA (encryption/decryption, PKCS#1); RSA (key-distribution); MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; Password Based Encryption (PKCS#12); UNIX Crypt; LMdigest (CIFS); TLS-KeyExchange-RSASign; NetWarePassword (Novell)

Multi-chip standalone

"Novell International Cryptographic Infrastructure (NICI) for Solaris is a cryptographic module providing keys, algorithms, various key storage and usage mechanisms, and a large-scale key management system. Supported Novell services utilizing NICI includes eDirectory, Novell Modular Authentication Service (NMAS), Public Key Infrastructure Services, Novell SecretStore, and TLS/SSL."
285 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Greg Farmer
TEL: 434-455-6600
FAX: 434-455-6851

CST Lab: NVLAP 100432-0

Jaguar 700P/Pi
(HW P/Ns [HA8ESE, HA8ETE, HA8MSE, HA8MTE, HA8SSE, HA8STE, HA8TSE and HA8TTE], FW Version i6r06a01.dsp)

Revoked
DES Transition Ended

Security Policy

Certificate

Hardware 01/17/2003;
02/12/2003
Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms: DES (Cert. #141)

Multi-chip standalone

"Portable, 64-bit Encryption, EDACS JAGUAR 700P, 800MHZ, 128 SYSTEMS/GROUPS, DATA ENABLED EDACS radio. System and Scan version, with Intrinsically Safe (IS), and Immersion options."
284 NetScreen Technologies, Inc.
805 11th Avenue
Bldg. 3
Sunnyvale, CA 94089
USA

-Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0

NetScreen-204 and NetScreen-208
(Hardware PN's NS-204 and NS-208, Version 0110(0), Software ScreenOS 3.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 01/17/2003;
02/21/2003;
06/03/2003
Overall Level: 2 

-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #49 and #118); SHA-1 (Certs. #44 and #103); DSA (Cert. #44); AES (Certs. #11 and #12); HMAC-SHA-1 (Cert. #44, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #114 and #174); RC2; RC4; MD5; RSA (Encryption and Decryption); Diffie-Hellman (key agreement)

Multi-chip standalone

"NetScreen-204 and NetScreen-208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
283 Simple Access Inc.
7755 Boul. Henri Bourassa Ouest
Saint-Laurent, Québec H4S 1P7
Canada

-Gatéan Haché
TEL: 514-335-7676
FAX: 514-335-2099

CST Lab: NVLAP 200017-0

SSL-100 SDK Accelerator
(Hardware Revision 2.0.1.4a, Firmware Version 1.1B)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 01/17/2003 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #122); DSA (Cert. #67); SHA-1 (Cert. #106); RSA (PKCS#1, vendor affirmed)

-Other algorithms: MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The Simple Access SSL-100 SDK is a high performance drop-in accelerator card that processes up to 4000 1024-bit RSA keys/second. A single SSL-100 SDK will allow a Web server to achieve sustained throughput of up to 1600 new SSL connections per second using 1024-bit operands. The SSL-100 SDK offloads SSL processing and the huge cryptographic computations from the server, freeing the CPU to respond immediately to transactions. This solution eliminates dropped connections, failed transactions and slow response times thereby maintaining user loyalty to transactional Web sites."
282 Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

ASTRO Subscriber Universal Crypto Module
(HW P/Ns NTN9801B, NTN9738C, NNTN5032D, NNTN5032G, 0104020J49, 0104020J50, 0104020J51, 0104024J43, 0104024J44, 0104024J45, 0104025J11 and 0104025J12; FW R05.00.13, R05.02.00, R05.02.02, R05.03.00, R05.04.01 and R05.05.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/20/2002;
05/30/2003;
06/11/2003;
11/26/2003;
12/24/2003;
03/30/2004;
07/27/2004;
01/13/2006;
12/19/2006
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES MAC; SHA-1; AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip embedded

"Encryption modules used in Motorola ASTRO(TM) family of radios provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying (OTAR) and advanced key management."
281 V-ONE Corporation, Inc.
20250 Century Blvd.
Suite 300
Germantown, MD 20874
USA

-Chris Brook
TEL: 301-515-5242
FAX: 301-515-5280

CST Lab: NVLAP 200416-0

SmartGate®
(Version 4.3)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Software 12/23/2002;
01/09/2003;
06/18/2003
Overall Level: 1 

-Roles and Services: Level 2
-Software Security: Level 3

-Operating System Security: Tested as meeting Level 1 with Red Hat Pro Linux 7.2 and Sun Solaris 8 (Single User Mode)

-FIPS-approved algorithms: Triple-DES (Cert. #46); SHA-1 (Cert. #10); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #159); DES MAC (Cert. #159); MD5; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"V-ONE Corporations SmartGate is leading client/server Virtual Private Network (VPN) software that provides enterprise-level security to network-based users for private information and private TCP/IP application services. SmartGate provides encryption, strong user authentication, authorization, management, accounting, key distribution, and proxy capabilities. It consists of server (SmartGate) and client (SmartPass) software."
280 Tricipher, Inc.
1900 Alameda de las Pulgas
Suite 112
San Mateo, CA 94403
USA

-Tim Renshaw
TEL: 650-372-1300

CST Lab: NVLAP 200416-0

Secure Identity Appliance
(Hardware: Dell 2550 Server, Software version 2.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2002;
02/22/2005
Overall Level: 2 

-Roles and Services: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #101); SHA-1 (Cert. #90); RSA (PKCS #1, vendor affirmed)

-Other algorithms: HMAC-SHA-1 (Cert #90, vendor affirmed); MD5; RSA (encryption)

Multi-chip standalone

"The SingleSignOn.Net Secure Identity Appliance is a Public Key Infrastructure (PKI) and password authentication solution. It allows for the easy deployment of PKI scalable to large numbers of users and provides an ID/Password system that uses the underlying PKI to provide security and robustness. The Secure Identity Appliance is able to perform public key-based cryptography, including digital signatures and encryption."
279 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Mike Siegel
TEL: 888-847-8766

CST Lab: NVLAP 200002-0

McAfee Endpoint Encryption for PCs Client (formerly SafeBoot Client)
(Software Version 4.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 11/26/2002;
08/18/2006;
08/29/2006;
04/30/2007;
06/23/2008
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 95 SR2 (single user mode)

-FIPS-approved algorithms: AES (Cert. #21); DSA (Cert. #53); SHA-1 (Cert. #71)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"McAfee Endpoint Encryption for PCs Client is a high performance software solution that provides sector-level encryption of a PC's hard drive in a manner that is totally transparent to the user. In addition, the centralized McAfee Endpoint Encryption management system provides robust recovery tools, administration, and implementation."
278 Entrust CygnaCom
7925 Jones Branch Drive
Suite 5200
McLean, VA 22102
USA

-Gary Moore
TEL: 703-270-3572
FAX: 703-848-0960

CST Lab: NVLAP 200427-0

Entrust CygnaCom IPSec Cryptographic Module
(Version 1.0)

Validated to FIPS 140-1

Security Policy

Certificate

Software 11/07/2002;
08/23/2004
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with SCO CMW+ V3.0.1 Operating System (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #91); SHA-1 (Cert. #79); HMAC-SHA-1 (Cert. #79, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Entrust CygnaCom IPSec Cryptographic Module is a software cryptographic module intended to provide secure IPSEC communications between client workstations/laptops and servers. The communications are secured by the use of Triple DES (TDES) running in the Triple Cipher Block Chaining (TCBC) mode of operation to encrypt and the data portion of TCP/IP packets using either the IPSEC ESP-tunneled mode or ESP-transport mode. HMAC SHA-1 is used to authenticate IPSEC message headers and protocol data units."
277 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Stefan Backstom
TEL: 434-455-6600
FAX: 434-455-6851

CST Lab: NVLAP 200002-0

Enhanced Digital Access Communications System (EDACS) Orion System/Scan (AEGIS) Mobile Two-Way FM Radios
VHF-L range: 136-153 MHz
VHF-M range: 150-174 MHz
UHF-L range: 403-440 MHz
UHF-M range: 440-470 MHz
UHF-H range: 470-512 MHz
800 range: 806-870 MHz

(Hardware Versions: (VHF-L [D2GHTXE(110W) D2GMTXE(50W)], VHF-M [D2HHTXE(110W) D2HMTXE(50W)], UHF-L [D2PHTXE(100W) D2PMTXE(40W)], UHF-M [D2UHTXE(110W) D2UMTXE(40W)], UHF-H [D2VHTXE(80W) D2VMTXE(35W)] and 800 [D28MTXE(35W) D28LTXE(12W)]), Software Version: R42A)

Revoked
DES Transition Ended

Security Policy

Certificate

Hardware 11/07/2002;
01/16/2003;
03/07/2003;
03/13/2003
Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms: DES ( 04/22/94)

Multi-chip standalone

"The EDACS Orion Mobile with FIPS 140-1 security level 1 validation. Aegis digital voice, conventional and trunked; system and scan front mounting."
276 Securit-e-Doc, Inc.
515 North Flagler Drive
Suite 203
West Palm Beach, FL 33401
USA

-Robert Barron
TEL: 561-833-2303

CST Lab: NVLAP 200416-0

Securit-e-Doc® SITT CryptoSystem
(Version 3.0)

Validated to FIPS 140-1

Security Policy

Certificate

Software 10/31/2002;
06/10/2004
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Windows 2000 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #114); SHA-1 (Cert. #99); AES (Cert. #7); Skipjack (Cert. #8)

-Other algorithms: N/A

Multi-chip standalone

"Securit-e-Doc(R) provides secure server-based transmission and storage of files and messages using interactive, Web-enabled interfaces. All components of the Securit-e-Doc system derive their security services from the underlying SITT(R) CryptoSystem. SITT(R), implemented within the Securit-e-Doc application software, provides real-time cryptographic services for symmetric encryption and decryption, random number generation and message digesting."
275 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J Toolkit Module
(Version 3.3.3)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Software 10/31/2002;
10/01/2004;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Windows NT SP6 (single user mode), JVM v1.3.1, JRE v1.3.1

-FIPS-approved algorithms: Triple-DES (Cert. #112); DSA (Cert. #63); SHA-1 (Cert. #97); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #168); AES; DESX; RC2; RC4; RC5; RC6; MD2; MD5; HMAC-SHA-1; Diffie-Hellman (key agreement); Base64

Multi-chip standalone

"The Crypto-J Module is a Java- language software development kit that allows software and hardware developers to incorporate encryption technologies directly into their products. The tested Crypto-J Module is a Java-language API available as a Java Archive, or JAR, file."
274 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeNet ATM Encryptor
(Hardware Versions 4.5, ATM Encryptor Models: 450-016-003/004/005/006/007/008/009, Firmware Version 5.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/24/2002;
04/16/2003;
10/19/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #110); DSA/SHA-1 (Cert. #14); RSA (signature verification: PKCS#1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet™ SafeEnterprise™ ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The SafeNet™ SafeEnterprise™ ATM Encryptor can be centrally controlled or managed across multiple remote stations using SafeNet™ SafeEnterprise™ Security Management Center, an SNMP-based security management system."
273 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeNet ATM Encryptor
(Hardware Versions 4.0, ATM Encryptor Models: 460-006-001/002/003/004/005/006/007/008/009, Firmware Version 5.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/24/2002;
04/16/2003;
10/19/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #15); DSA/SHA-1 (Cert. #14); RSA (signature verification: PKCS#1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet™ SafeEnterprise™ ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The SafeNet™ SafeEnterprise™ ATM Encryptor can be centrally controlled or managed across multiple remote stations using SafeNet™ SafeEnterprise™ Security Management Center, an SNMP-based security management system."
272 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeNet ATM Encryptor
(Hardware Versions 3.5 and 3.6, ATM Encryptor Models: 450-004-001/002/003/004/005/006/007 and 450-013-003/004/005/006/007/008/009, Firmware Version 5.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/24/2002;
04/16/2003;
10/19/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #110); DSA/SHA-1 (Cert. #14); RSA (signature verification: PKCS#1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet™ SafeEnterprise™ ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The SafeNet™ SafeEnterprise™ ATM Encryptor can be centrally controlled or managed across multiple remote stations using SafeNet™ SafeEnterprise™ Security Management Center, an SNMP-based security management system."
271 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeNet ATM Encryptor
(Hardware Versions 3.0 and 3.1, ATM Encryptor Models: 450-002-001/002/003/004/005/006/007 and 450-003-001/002/003/004/005/006/007/008/009, Firmware Version 5.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/24/2002;
04/16/2003;
10/19/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #15); DSA/SHA-1 (Cert. #14); RSA (signature verification: PKCS#1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet™ SafeEnterprise™ ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The SafeNet™ SafeEnterprise™ ATM Encryptor can be centrally controlled or managed across multiple remote stations using SafeNet™ SafeEnterprise™ Security Management Center, an SNMP-based security management system."
270 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Luna® DSM
(Hardware Versions 1 and 2, Firmware Version 3.98)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/18/2002;
10/18/2004
Overall Level: 2 

-Software Security: Level 3
-Self Tests: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1(Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST 3; CAST 5; CAST MAC; CAST 3 MAC; CAST 5 MAC; HMAC-SHA-1; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption and Decryption)

Multi-chip standalone

"The Chrysalis-ITS™ Luna® DSM Digital Signature Module is a hardware-based, multiple-chip standalone module in the form of a PC card “token” based on the PCMCIA standard. The LUNA DSM token is a hardware crypto engine for digital signing, identification and authentication and is used in applications that require FIPS Level II key generation, protection and storage for limited numbers of digital keys."
269 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166
USA

-Timothy Williams
TEL: 571-434-2000
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

DiamondVPN™
(Software 2.1.4A, 2.1.6 and 2.1.6.1, Hardware 2020, P/N DV100-F)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 10/18/2002;
02/25/2003;
10/02/2003;
04/08/2005
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63)

-Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"DiamondVPN™ is a rack- mounted network security appliance that can be installed at a LAN edge for a work group or department operating on your enterprise network to enforce a single security profile for traffic outbound from the LAN and access to the LAN from the outside. Unlike traditional VPNs, DiamondVPN™ also offers secure pass-through to networks in which DiamondLink™ protects some users."
268 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166
USA

-Timothy Williams
TEL: 571-434-2000
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

DiamondPak™ and DiamondVPN-6™
(Software 2.1.4A, 2.1.6 and 2.1.6.1, Hardware 2020, P/N's DP600-F and DV600-F)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 10/18/2002;
02/25/2003;
07/31/2003;
10/02/2003;
04/08/2005
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63)

-Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"DiamondPak" is a rack- mounted network appliance for protecting multiple servers with each server protected by a dedicated self-protecting DiamondTEK" security computer enforcing a single security profile. DiamondPak"'s advanced access-control system for protecting critical backend systems is available in configurations to protect 2, 4, or 6 systems. DiamondVPN-6 is a network security appliance for protecting a group of servers or users within an organization with each group protected by a dedicated self-protecting DiamondTEK security computer enforcing a single security profile. DiamondVPN s advanced access control system for protecting critical backend groups is available in a configuration to protect 6 individual groups."
267 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166
USA

-Timothy Williams
TEL: 571-434-2000
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

DiamondLink™
(Software 2.1.4A, 2.1.6 and 2.1.6.1, Hardware 2000 and 2010 (fiber), P/N's DL 100-F and DL 100F-F)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 10/18/2002;
02/25/2003;
10/02/2003;
04/08/2005
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63)

-Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"DiamondLink™ is an external, drop- in network appliance for individual users that features a built- in security computer and authentication card reader in a single device. With its plug-and-play flexibility, DiamondLink™ can be easily extended to other network devices such as printers, fax machines, and networked manufacturing devices."
266 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure Pocket PC Cryptographic Library (Compact Version)
(Version 1.1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/18/2002 Overall Level: 1 

-EMI/EMC: Level 3
-Self Tests: Level 3

-Operating Environment: Tested as meeting Level 1 with Windows CE 3.0

-FIPS-approved algorithms: AES (Cert. #4); SHA-1 (Cert. #122); HMAC-SHA-1 (Cert. #122, vendor affirmed)

-Other algorithms:

Multi-chip standalone

"The F-Secure Pocket PC Cryptographic Library is a software module, implemented as a 32-bit Windows CE compatible DLL for Pocket PC and Pocket PC 2002 platforms. It provides an assortment of cryptographic services to any client process that attaches an instance of the module DLL. The services are accessible for the client through a C-language Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
265 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure Pocket PC Cryptographic Library (Full Version)
(Version 1.1.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/18/2002;
07/31/2003
Overall Level: 1 

-EMI/EMC: Level 3
-Self Tests: Level 3

-Operating Environment: Tested as meeting Level 1 with Windows CE 3.0

-FIPS-approved algorithms: Triple-DES (Cert. #106); AES (Cert. #4); SHA-1 (Cert. #122); HMAC-SHA-1 (Cert. #122, vendor affirmed)

-Other algorithms: DES (Cert. #165); Blowfish; MD5; HMAC-MD5

Multi-chip standalone

"The F-Secure Pocket PC Cryptographic Library is a software module, implemented as a 32-bit Windows CE compatible DLL for Pocket PC and Pocket PC 2002 platforms. It provides an assortment of cryptographic services to any client process that attaches an instance of the module DLL. The services are accessible for the client through a C-language Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
264 Lucent Technologies, Inc.
1600 Osgood St.
20-3E-15
North Andover, MA 01845
USA

-Lori Heseltine
TEL: 978-960-6827

CST Lab: NVLAP 200427-0

Access Point 600 with 10/100 Ethernet, HSSI, ATM DS3, ATM OC3/STM-1 MMF, ATM OC3/STM-1 SMF-IR, 4-Port T1/E1, ATM OC3/STM-1 SMF-LR, MSSI, Frame-Based DS3, ISDN S/T, and ISDN U
(Hardware Version 4.2 with 10/100 Ethernet (AP-PMC-01/AP-SP-PMC-01), HSSI (AP-PMC-02/AP-SP-PMC-02), ATM DS3 (AP-PMC-03/AP-SP-PMC-03), ATM OC3/STM-1 MMF (AP-PMC-04/AP-SP-PMC-04), ATM OC3/STM-1 SMF-IR (AP-PMC-05/AP-SP-PMC-05), 4-Port T1/E1 (AP-PMC-06/AP-SP-PMC-06), ATM OC3/STM-1 SMF-LR (AP-PMC-07/AP-SP-PMC-07), MSSI (AP-PMC-08/AP-SP-PMC-08), Frame-Based DS3 (AP-PMC-0D/AP-SP-PMC-0D), ISDN S/T (AP-PMC-0S/AP-SP-PMC-0S), and ISDN U (AP-PMC-0U/AP-SP-PMC-0U) Firmware Version V2.6.0.R3.IPSVCS)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/11/2002;
11/18/2002
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #105); SHA-1 (Cert. #94); DSA (Cert. #59); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #164); MD5; HMAC MD-5; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Access Point 600 is a next-generation, high performance IP services router optimized for service providers wishing to quickly introduce man-aged IP services at mid-size branch and regional enterprise customer premises locations. Access Point 600 is purpose-built to deliver IP services with multi-access routing, Quality of Service (QoS) with Class-Based Queuing (CBQ), secure Virtual Private Networks (VPN), firewall security, and policy management. And the service provider has the advantages of easy deployment to multi-size customer premises locations, and the implementation of flexible management facilities that can be both customer and/or service provider managed."
263 Communication Devices, Inc.
#1 Forstmann Court
Clifton, NJ 07011
USA

-Donald Snook
TEL: 973-772-6997
FAX: 973-772-0740

CST Lab: NVLAP 200002-0

UniGuard-V90
(Hardware Version UG-V90, Firmware Version 7.17.01)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/11/2002 Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #79); Triple-DES MAC

-Other algorithms: DES (Cert. #140); DES MAC

Multi-chip standalone

"Single port Triple DES encryption modem."
262 Communication Devices, Inc.
#1 Forstmann Court
Clifton, NJ 07011
USA

-Donald Snook
TEL: 973-772-6997
FAX: 973-772-0740

CST Lab: NVLAP 200002-0

UniGuard-V34
(Hardware Version UG-V34, Firmware Version 7.17.01)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/11/2002 Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #79); Triple-DES MAC

-Other algorithms: DES (Cert. #140); DES MAC

Multi-chip standalone

"Single port Triple DES encryption modem."
261 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3500
FAX: 203-924-3406

CST Lab: NVLAP 100432-0

Compliant Meter Postal Security Device
(Part number 1A00, Revisions AAA, AAB, AAC, AAD, and AAE.)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/11/2002;
10/21/2002;
02/20/2003;
03/07/2003
Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: Triple-DES (Cert. #98); Triple-DES MAC; DSA (Cert. #58); SHA-1 (Cert. #86); Skipjack (Cert. #6)

-Other algorithms: DES; HMAC; RSA (PKCS#1, key exchange, vendor affirmed)

Multi-chip standalone

"The Pitney Bowes Compliant Meter Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes IBIP Metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
260 Motorola, Inc.
200 N. Center East
Suite 400
Alpharetta, GA 30022
USA

-Christopher Yasko
TEL: 770-521-5150
FAX: 770-521-8067

CST Lab: NVLAP 100432-0

Encryption Services Module
(Version 5.3)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 10/08/2002 Overall Level: 1 

-EMI/EMC: Level 3
-Key Mangement: Level 3
-Software Security: Level 3

-Operating System Security: Tested as meeting Level 1 with Microware OS-9, Version 2.2 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #104); SHA-1 (Cert. #92)

-Other algorithms: DES ECB (Cert. #163); DES MAC (DES CBC Cert. #188); RC4

Multi-chip embedded

"The Encryption Services Module is incorporated into the operating platform software of the Accompli 009 -- the first wireless communications device to incorporate tri-band GSM and GPRS protocols, telephone functionality, Internet access, e- mail, Triple-DES encryption, WAP browser and short message service (SMS) with a full QWERTY keyboard and 256-color screen."
259 Motorola, Inc.
200 North Point Center East
Suite 400
Alpharetta, GA 30022
USA

-Alfred Adler, Ph.D.
TEL: 770-521-5128
FAX: 770-521-8066

CST Lab: NVLAP 100432-0

Encryption DLL Module
(Version 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 10/08/2002 Overall Level: 1 

-EMI/EMC: Level 3
-Key Management: Level 3
-Sofware Security: Level 3

-Operating System Security: Tested as meeting Level 1 with Windows NT 4.0, SP 6 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #103); SHA-1 (Cert. #93)

-Other algorithms: DES ECB (Cert. #162); DES MAC (DES CBC Cert. #189); RC4

Multi-chip standalone

"The Encryption DLL Module is incorporated into the Motorola Messaging Server, an enterprise system for managing data between a corporate e- mail or data base system and a wireless device, and the Motorola MyMail Desktop Plus, a personal application to manage e- mail between the desktop and a wireless device."
258 Tumbleweed Communications Corp.
700 Saginaw Drive
Redwood City, CA 94063
USA

-Ken Beer
TEL: 650-216-2083

CST Lab: NVLAP 200427-0

Tumbleweed Secure Mail™ Security Kernel
(Version 5.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 10/08/2002 Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Windows NT 4.0, SP 6 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #70); DSA (Cert. #49); SHA-1 (Cert. #59); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #131); MD2; MD5; RC2; RC5; RSA (key exchange)

Multi-chip standalone

"The Tumbleweed Secure MailTM Application is a software products designed to allow organizations to apply content filtering and secure messaging policies on email. The Secure MailTM Application uses a shared set of cryptographic functionality called the Secure MailTM Security Kernel. The Secure MailTM Security Kernel exposes cryptographic application programming interface (API) calls to the other portions of Secure MailTM."
257 ActivCard, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-574-0100
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivCard Applet suite on SchlumbergerSema Cyberflex Access 32K
(Hardware PN 15006436, Firmware M256EAPLP1_S1_9C_02, Softmask 7, Version 2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/30/2002 Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #65); SHA-1 (Cert. #57); RSA (PKCS#1 for signaure generation, vendor affirmed)

-Other algorithms:

Single-chip

"The ActivCard Applet suite is based on the SchlumbergerSema Cyberflex Access 32K smart card platform, which is Java Card V2.1.1 and Global Platform V2.0.1 compliant. The applet suite relies on the security offered by Global Platform services to allow secure post-issuance operations, such as applet instantiation, key management and security policy configuration. The external interface provided by the applet suite is compliant with the smart card interoperability specification defined by the GSA."
256 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0

N90i Secure Metering Moddule (SMM)
(Hardware 3000099C_FIPS, Software SH1 3800157W, SH2 3800159Y)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/26/2002;
10/25/2002;
10/03/2006
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS-approved algorithms: DSA/SHA (Cert. #39)

-Other algorithms:

Multi-chip embedded

"The module provides services to an office and post room based mailing system. The systems features include hand or auto feed mail processing speeds in excess of 5000 envelopes per hour using Ink jet technology, a moistening option, scale interface, internal modem for remote recrediting and memory card for slogan and rate loading, external printer for reports."
255 Altarus Corporation
607 Herndon Pkwy
Suite 200
Herndon, VA 20170
USA

-Ludge Olivier
TEL: 703-689-2223

CST Lab: NVLAP 200416-0

Altarus Cryptographic Module
(Version 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 09/20/2002 Overall Level: 1 

-EMI/EMC: Level 3
-Software Security: Level 3

-Operating System Security: Tested as meeting Level 1 with MS Windows 2000 Version 5.0 with SP2

-FIPS-approved algorithms: Triple-DES (Cert. #99); SHA-1 (Cert. #88); HMAC-SHA-1 (Cert. #88, vendor affirmed)

-Other algorithms: RSA

Multi-chip standalone

"The Altarus offering provides a premier platform and rapid development tools for creating, extending, and deploying secure enterprise applications to the desktop, mobile devices, or handheld devices"
254 ITT
ITT A/CD
PO Box 3700
Ft. Wayne, IN 46801-3700
USA

-Tom Jewel
TEL: 260-451-6000

CST Lab: NVLAP 200427-0

NEXCOM MDR/MDT Interface Security Card (MMISC)
(Software Version 14.FIPS, Hardware Version 8196204-1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/20/2002 Overall Level: 1 

-FIPS-approved algorithms: RSA (PKCS#1, vendor affirmed); SHA-1 (Cert. #91)

-Other algorithms:

Multi-chip embedded

"Software hosted on a Single Board Computer that acts as a public key, RSA/SHA-1 - based authentication agent within the FAA's NEXCOM Multi-Mode Digital Radio."
253 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Holland
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200017-0

HighAssurance™ 2000 Gateway (HA2000)
(Firmware Versions 5.00.17 and 5.00.25, Hardware Versions: 01 and 03)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/20/2002;
07/03/2003;
10/19/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #36); DSA/SHA-1 (Cert. #5); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #104); DES MAC; HMAC-MD5; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The HA2000 is a multi-chip standalone hardware-based, Virtual Private Network (VPN) box that provides authenticated, encrypted network communications. Secure, remote management is provided using the IPSec and SNMPv2 protocols. Custom hardware allows for speed and reliability along with high security and low cost."
252 Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

-Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200002-0

Novell International Cryptographic Infrastructure (NICI)
(Version 2.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 09/20/2002;
01/22/2003;
01/31/2006
Overall Level: 2 

-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq Proliant 7000 Server

-FIPS-approved algorithms: Triple-DES (Cert. #35); SHA-1 (Cert. #40); DSA/SHA-1 (Cert. #18); RSA (ANSI X9.31 for signature generation and verification, vendor affirmed)

-Other algorithms: DES (Cert. #103); RSA (encryption/decryption); MD2; MD4; MD5; RC2; RC4; RC5; CAST-128; HMAC-MD5; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"Novell International Cryptographic Infrastructure for Windows"
251 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Link Encryptor-T1 (SLE-T1) and SafeEnterprise™ Link Encryptor-E1 120ohms (SLE-E1-120)
(Firmware version 1.33, Hardware version: 16284-020-04)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/19/2002;
07/03/2003;
10/19/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #21 and #22)

-Other algorithms: DES (Certs. #11 and #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"SLEs secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 4 Mbps over public and private data networks."
250 Lucent Technologies, Inc.
1600 Osgood St.
20-3E-15
North Andover, MA 01845
USA

-Lori Heseltine
TEL: 978-960-6827

CST Lab: NVLAP 200427-0

Access Point 300-ST, 300-M-ST, 300-2M-ST, 300-2T1E1-ST, 300-M-U, and 300-2T1E1-U
(Hardware Versions (300-M-U and 300-2T1E1-U; v1.0) (300-ST; v1.1) (300-ST, 300-M-ST, 300-2M-ST, and 300-2T1E1-ST; v3.0) Firmware Version V2.6.2.R3.IPSVCS)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/19/2002;
11/05/2002;
03/17/2003
Overall Level: 1 

-Roles and Services: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #105); SHA-1 (Cert. #94); DSA (Cert. #59); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #164); MD5; HMAC MD-5; HMAC-SHA-1; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Access Point 300 is a next-generation, high performance IP Services router optimized for service providers wishing to quickly introduce high demand managed IP services at small to medium-sized enterprise customer premises locations."
249 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

ASTRO Subscriber Encryption Module
(NTN8967 and 0105956v67, Firmware Version 3.53)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/18/2002 Overall Level: 1 

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVI-SPFL; DVP-XL

Multi-chip embedded

"Encryption modules used in Motorola Astro(TM) family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air- Rekeying and dvanced key management."
248 Sun Microsystems, Inc.
USCA 17-201
4170 Network Circle
Santa Clara, CA 95054
USA

-Stephen Borcich
TEL: 408-276-3964
FAX: 408-276-4952

CST Lab: NVLAP 100432-0

Network Security Services
(Software Version: 3.2.2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 09/04/2002 Overall Level: 2 

-Operating System Security: Tested as meeting Level 2 with Solaris v8.0 with AdminSuite 3.0.1 as specified in UK IT SEC CC Report No. P148 EAL4 on a SUN SPARC Ultra-1

-FIPS-approved algorithms: Triple-DES (Cert. #72); SHA-1 (Cert. #70); DSA (Cert. #52); RSA (PKCS#1. Vendor affirmed)

-Other algorithms: DES (Cert. #133); MD2; MD5; RC2; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled applications. The Sun Microsystems, Inc., Network Security Services (NSS) module is a library that provides a series of cryptographic services to client programs. It provides support for a FIPS 140-1 compatible subset of SSL and TLS."
247 Sun Microsystems, Inc.
USCA 17-201
4170 Network Circle
Santa Clara, CA 95054
USA

-Stephen Borcich
TEL: 408-276-3964
FAX: 408-276-4952

CST Lab: NVLAP 100432-0

Network Security Services
(Software Version: 3.2.2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 08/30/2002;
02/04/2003
Overall Level: 1 

-Roles and Services: Level 2

-Operating System Security: Tested as meeting Level 1 with Windows 98 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #72); SHA-1 (Cert. #70); DSA (Cert. #52); RSA (PKCS#1. Vendor affirmed)

-Other algorithms: DES (Cert. #133); MD2; MD5; RC2; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled applications. The Sun Microsystems, Inc., Network Security Services (NSS) module is a library that provides a series of cryptographic services to client programs. It provides support for a FIPS 140-1 compatible subset of SSL and TLS."
246 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Link Encryptor NRZ-H (SLE NRZ-H) and SafeEnterprise™ Link Encryptor NRZ-L (SLE NRZ-L)
(Firmware Version: 1.33, Hardware Version: 16284-020-04)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 08/30/2002;
07/03/2003;
10/19/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"SLEs secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 4 Mbps over public and private data networks."
245 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Link Encryptor RS-232 (SLE RS-232) and SafeEnterprise™ Link Encryptor-E1 75ohms (SLE-E1-75)
(Firmware Version: 1.33, Hardware Versions: 16284-010-04 and 16284-020-04)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 08/30/2002;
07/03/2003;
10/19/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"SLEs secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 4 Mbps over public and private data networks."
244 3S Group Incorporated
125 Church St. NE
Vienna, VA 22180
USA

-Satpal S Sahni
TEL: 703-281-5015
FAX: 703-281-7816

CST Lab: NVLAP 200002-0

Type 2 Cryptographic Support Server (T2CSS)
([Hardware Version 1.0, Firmware Version 1.0], [Hardware Version 1.1 and Firmware Version 1.1], [Hardware Version 1.2, Firmware Version 1.2] and [Hardware Version 2.0, Firmware Version 1.2])

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 08/13/2002;
01/17/2003;
05/01/2007;
07/28/2008
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Skipjack (Cert. #5); Triple-DES (Cert. #88); DSA (Cert. #55); SHA-1 (Cert. #77); RSA (PKCS#1 for signatures, vendor affirmed)

-Other algorithms: DES (Cert. # 154); KEA (key exchange)

Multi-chip embedded

"T2CSS is a multiple cryptoprocessor PCI board and cryptographic server. Provides high assurance security services; secure session/virtual token management; scalable server performance (multiple boards); Government and commercial algorithms; FORTEZZA CI, PKCS #11, other APIs; and Windows NT/2000, Solaris and Linux support."
243 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust GUTS Security Kernel 6.1
(Version 6.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 08/15/2002;
05/27/2003
Overall Level: 2 

-Roles and Services: Level 2*
-EMI/EMC: Level 3
-Key Management: Level 2*

-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq Proliant 7000 Server

*When operated in FIPS mode

-FIPS-approved algorithms: AES (Cert. #10); Triple-DES (Cert. #6); DSA/SHA-1 (Cert. #10); RSA (FIPS 186-2 and PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #10, vendor affirmed)

-Other algorithms: DES (Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-MD5; HMAC-RMD160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie-Hellman; ECDSA (non-compliant)

Multi-chip standalone

"The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PKCS #11, is used as the internal interface to hardware-based cryptographic tokens. Decisions are made at runtime whether to perform operations via cryptoki or in software, based on a table that records the crypto capabilities of particular hardware devices. This table is built up at runtime by querying the actual token through Cryptoki."
242 Axalto Inc.
36-38 rue de la Princesse BP 45
78431 Louveciennes, France

-Francisco Alcalde
TEL: +33 1 3008 4685
FAX: +33 1 3008 4527

CST Lab: NVLAP 100432-0

Cryptoflex e-Gate 32K Smart Card
(Hardware ST19XT34, Firmware Hardmask 01 Version 01, Softmask 05 Version 01 and Hardmask 01 Version 03 and Software 05 Version 02)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 08/01/2002;
08/28/2002;
09/21/2004;
05/16/2006
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #97); SHA-1 (Cert. #80); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #158);

Single-chip

"The Cryptoflex e-Gate card is a credit-card sized computer with a crypto-processor dedicated to security. Cryptoflex e-Gate card implements security industry functions based on public key cryptography directly onto the card, therefore eliminating the risk of sending secret data across a network. Keys and certificates for a variety of applications are stored in a single secure location, isolated from computer disks, which can fail or damaged and are susceptible to security breaches ad theft. The card provides maximum security and flexibility of system integration thanks to administrative functions such as secure key loading, on-card key generation and ciphering of imported/exported data. The Cryptoflex e- gate card incorporates, apart from the conventional ISO 7816-3 interface, also the USB interface normally resident in the smart card reader. Thus, it bridges the gulf between the public terminal infrastructure (ISO 7816-3) and the PC world (USB)."
241 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

Kernel Mode Cryptographic Module for Windows XP
(Software Version 5.1.2600.0)

(For services provided by the FIPS-Approved algorithms listed on the reverse)

Validated to FIPS 140-1

Security Policy

Certificate

Software 08/01/2002;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows XP (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #35); HMAC-SHA-1 (Cert. #35, vendor affirmed)

-Other algorithms: DES (Cert. #89)

Multi-chip standalone

"Microsoft Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-1 Level 1 compliant, general-purpose, software-based, cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-touse cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-1 Level 1 compliant cryptography."
240 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

DSS/Diffie-Hellman Enhanced Cryptographic Provider for Windows XP
(Software Versions 5.1.2518.0 and 5.1.2600.2133)

(For services provided by the FIPS-Approved algorithms listed on the reverse)

Validated to FIPS 140-1

Security Policy

Certificate

Software 08/01/2002;
02/25/2005;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows XP and XP Service Pack 2 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Cert. #29)

-Other algorithms: DES (Cert. #66); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)

Multi-chip standalone

239 Nortel Networks
80 Central Street
Boxboro, MA 01719
USA

-Jonathan Lewis
TEL: 978-264-7045 x277
FAX: 978-264-7600

CST Lab: NVLAP 200002-0

Contivity Extranet Switch 600
(Firmware version #3.61.02, Hardware version #600)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/24/2002 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #29 and #53); SHA-1 (Certs. #28, #31 and #51); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #44, #48 and #101); DES MAC; MD5; HMAC (MD5 and SHA-1); 40-bit DES; RC4 (40-bit and 128-bit); Diffie-Hellman (key agreement)

Multi-chip standalone

"The Contivity 600 Extranet Switch provides up to 30 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. The Switch provides an optional PCI expansion slot and dual 10/100 LAN ports."
238 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200427-0

Microsoft Enhanced Cryptographic Provider
(Versions 5.1.2518.0, 5.1.2600.1029 and 5.1.2600.2161)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 07/11/2002;
11/18/2002;
02/25/2005;
10/15/2007
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows XP, XP Service Pack 1 and XP Service Pack 2 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #81); AES (Cert. #33); SHA-1 (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #83, vendor affirmed)

-Other algorithms: DES (Cert. #156); RC2; RC4; MD5

Multi-chip standalone

"The Microsoft Enhanced Cryptographic Provider (RSAENH) is a FIPS 140-1 Level 1 compliant, general-purpose, software-based, cryptographic module. Like other cryptographic providers that ship with Microsoft Windows XP, RSAENH encapsulates several different cryptographic algorithms (including SHA-1, DES, 3DES, AES, RSA, SHA-1-based HMAC) in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-1 Level 1 compliant cryptography."
237 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure Kernel Mode Cryptographic Driver
(Version 1.1.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 07/15/2002;
07/31/2003;
02/09/2007
Overall Level: 1 

-Self Tests: Level 3

-Operating Environment: Tested as meeting Level 1 with Windows 2000 (SP2); Windows NT 4.0 (SP6); Windows XP

-FIPS-approved algorithms: Triple-DES (Cert. #106); AES (Cert. #3); SHA-1 (Cert. #84); HMAC-SHA-1 (Cert. #84, vendor affirmed)

-Other algorithms: DES (Cert. #165); Blowfish; CAST-128; MD5; HMAC-MD5

Multi-chip standalone

"The F-Secure Kernel Mode Cryptographic Driver is a FIPS 140-2 Level 1 validated software module, implemented as a 32-bit Windows NT/2000/XP compatible export driver. When loaded into computing system memory, it resides at the kernel mode level of the Windows OS and provides an assortment of cryptographic services that are accessible by other kernel mode drivers through a C-language Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
236 Motorola, Inc.
8220 East Roosevelt Street
Scottsdale, AZ 85257
USA

-Randy Morton
TEL: 480-441-4472
FAX: 480-441-3580

CST Lab: NVLAP 100432-0

Digital Interface Unit Crypto Module
(Firmware R01.09.00 / 81, Hardware T6721B)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/11/2002 Overall Level: 1 

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVP-XL; HCA

Multi-chip embedded

"The DIU CM provides secure voice and Over-the-Air-Rekeying (OTAR) advanced key management for Motorola’s Digital Interface Unit (DIU). The DIU and DIU CM combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ family of console and base station radio infrastructure equipment."
235 AEP Networks
Focus 31, West Wing
Cleveland Road
New Hempstead, Herts HP2 7BW
United Kingdom

-David Miller
TEL: +44 1442 458617

CST Lab: NVLAP 200017-0

Advanced Configurable Crypto Environment (ACCE)
(Firmware Versions 2.2 and 2.3, Hardware 2640-G3)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/11/2002;
07/22/2002;
10/04/2002;
06/05/2003;
04/21/2005
Overall Level: 4 

-FIPS-approved algorithms: Triple-DES (Certs. #24 and #25); Triple-DES MAC: SHA-1 (Cert. #38); DSA (Cert. #36); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES MAC; MD5; Diffie-Hellman (key agreement); RSA (encryption and decryption); RSA (ISO 9796 and X509)

Multi-chip embedded

"The AEP Networks Advanced Configurable Crypto Environment (ACCE) provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family."
234 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

VPN-1 Gateway NG FP 1
(NG FP1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 06/19/2002;
06/28/2002;
02/09/2004;
05/19/2004;
11/17/2005;
01/06/2006;
05/02/2008;
05/28/2009
Overall Level: 2 

-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT4.0 with SP6a; TCSEC C2-rated on a Compaq ProLiant 7000 Server

-FIPS-approved algorithms: Triple-DES (Cert. #80); SHA-1 (Cert. #69); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert. #69, vendor affirmed)

-Other algorithms: DES (Cert. #142); Diffie-Hellman (key agreement); AES; CAST; MD5; HMAC-MD5; FWZ; FWZ1

Multi-chip standalone

"Check Point VPN-1 Gateway Next Generation (NG) is a tightly integrated software solution combining the FireWall-1® security suite with sophisticated VPN technologies. With Check Point’s Secure Virtual Network architecture, VPN-1 Gateway NG meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, satellite offices, and key partners."
233 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust TruePass Applet Cryptographic Module
(Version 6.0)

(When operated in FIPS mode with FIPS validated browser services operating in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 06/19/2002;
06/28/2002;
07/18/2002
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Windows NT4.0 (SP3); Windows 95/98; Windows 2000 (SP2) and Netscape 4.72 (Cert. #47) or Microsoft IE 5.5 (Cert. #103) (operated in single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS #1; vendor affirmed)

-Other algorithms: DES (Cert. #130); CAST 128

Multi-chip standalone

"The module performs low level cryptographic operations – encryption, decryption and hashes – implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
232 Proofpoint Inc.
892 Ross Drive
Sunnyvale, CA 94089
USA

-Stephen Lewis
TEL: 408-517-4710
FAX: 408-517-4711

CST Lab: NVLAP 200427-0

Sigaba Gateway
(Software version 3.0.20-FIPS)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 06/19/2002;
07/18/2002
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT4 SP6 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #94); SHA-1 (Cert. #78); DSS (Cert. #56); HMAC-SHA-1 (Cert. #78, vendor affirmed)

-Other algorithms: AES; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Sigaba Gateway ensures the confidentiality, integrity and authenticity of all email sent over the Internet. Sigaba Gateway resides between an organization's email server and firewall. It encrypts outbound messages and decrypts inbound messages based on organization-defined policies. It uses a key server to retrieve a unique key to individually encrypt each outgoing message and decrypt each incoming message. The Sigaba Gateway works with any authentication mechanism."
231 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress Wireless Security Gateway Cryptographic Module
(Versions 2.0 and 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 06/19/2002;
07/26/2002;
03/26/2010
Overall Level: 1 

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #19); SHA-1 (Cert. #34); HMAC-SHA-1 (Cert. #34, vendor affirmed); AES (Cert. #14)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement); IDEA

Multi-chip standalone

"The AirFortress™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
230 Motorola, Inc.
1301 E Algonquin Road
Schaumburg, IL 60196
USA

-Arun Victor
TEL: 847-538-5221
FAX: 847-538-2770

CST Lab: NVLAP 200002-0

KVL 3000 Plus
(Hardware Version 8482867Y02 rev. B, Software Version R3.51.06)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/19/2002 Overall Level: 1 

-FIPS-approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2)

-Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVP-XL; DVI-SPEL

Multi-chip standalone

"The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades. This version of the product supports AES in addition to other FIPS approved algorithms."
229 Motorola, Inc.
1301 E Algonquin Road
Schaumburg, IL 60196
USA

-Arun Victor
TEL: 847-538-5221
FAX: 847-538-2770

CST Lab: NVLAP 200002-0

KVL 3000 Plus
(Hardware Version 8482867Y02 rev. B, Software Version R3.51.01)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/19/2002 Overall Level: 1 

-FIPS-approved algorithms: Triple-DES (Cert. #82)

-Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVP-XL; DVI-SPEL

Multi-chip standalone

"The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
228 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 400 SCSI and nForce 150 SCSI
(Firmware version 1.77.100; Hardware versions nC3022W-400 and nC3022W-150, Build standard D)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/05/2002;
07/22/2002;
01/23/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles and Services: Level 3*
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3

*When operated in FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
227 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 300 PCI and nForce 150 PCI
(Firmware version 1.77.100; Hardware versions nC3022P-300 and nC3022P-150, Build standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/05/2002;
07/22/2002;
01/23/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles and Services: Level 3*
-Physical Security: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3

*When operated in FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
226 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 300 SCSI, nForce 150 SCSI and nForce 75 SCSI
(Firmware version 1.77.100; Hardware versions nC3021S-300, nC3021S-150 and nC3021S-75, Build standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/05/2002;
07/22/2002;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles and Services: Level 3*
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3

*When operated in FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
225 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield 300 SCSI, nShield 150 SCSI and nShield 75 SCSI
(Firmware version 1.77.100; Hardware versions nC3031S-300, nC3031S-150 and nC3031S-75, Build standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/05/2002;
07/22/2002;
03/09/2006;
03/15/2006
Overall Level: 3 

-Roles and Services: Level 3*
-Key Management: Level 3*

*When operated in FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nShield range of tamper resistant Hardware Security Modules improves the security of cryptographic keys and increases server throughput for digital signature and encryption applications. Supporting many commercial public key infrastructure (PKI) products such as certificate authorities and on-line validation servers, the nShield family of HSMs is also used for building custom security applications requiring secure and flexible key management."
224 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 PCI and nShield F2 Ultrasign PCI
(Firmware version 1.77.100; Hardware versions nC4022P-300 and nC4022P-150, Build standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/05/2002;
07/22/2002;
01/23/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles and Services: Level 3*
-Physical Security: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3

*When operated in FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
223 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 SCSI and nShield F2 Ultrasign SCSI
(Firmware version 1.77.100; Hardware versions nC4022W-400 and nC4022W-150, Build standard D)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/05/2002;
07/22/2002;
01/23/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles and Services: Level 3*
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3

*When operated in FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
222 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 PCI and nShield F3 Ultrasign PCI
(Firmware version 1.77.100; Hardware versions nC4032P-300 and nC4032P-150, Build standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/05/2002;
07/22/2002;
01/23/2004;
03/09/2006;
03/15/2006
Overall Level: 3 

-Roles and Services: Level 3*
-Key Management: Level 3*

*When operated in FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
221 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI, nShield F3 Ultrasign SCSI and payShield
(Firmware version 1.77.100; Hardware versions nC4032W-400 and nC4032W-150, Build standard D)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/05/2002;
07/22/2002;
10/04/2002;
01/23/2004;
03/09/2006;
03/15/2006
Overall Level: 3 

-Roles and Services: Level 3*
-Key Management: Level 3*

*When operated in FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; AES; ARC FOUR; CAST5; CAST6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD160); MD2; MD5; SHA-256; SHA-384; SHA-512; RIPEMD 160; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions.

payShield meets the stringent security requirements of the online payments industry and speeds up cryptographic processing through its secure, tamper resistant hardware and dedicated cryptographic processors. In addition to generic cryptographic functions, payShield supports a number of payments specific protocols and functions which provide support for 3-D Secure, EMV and PIN processing."
220 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Luna® XPplus
(Hardware Versions: 1 and 2, Firmware Version 3.97)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 05/28/2002;
10/18/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (ANSI X9.31, vendor affirmed)

-Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption);

Multi-chip standalone

"Luna XPplus, Luna XL/XLR and XL/XLR Premium are cryptographic modules based on a board that is equivalent to two Luna CA3 tokens with hardware cryptographic acceleration support. The XL/XLR is configured as a Level 2 stand-alone module. The XPplus and XL/XLR Premium operate as subordinate devices in conjunction with a Luna CA3 token. Each module can support all cryptographic algorithms listed in Appendix A of the Luna XPplus, XL/XLR and XL/XLR Premium Security Policy."
219 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151
USA

-Antoine Kelman
TEL: 703-263-0100
FAX: 703-263-7134

CST Lab: NVLAP 200002-0

CosmopollC V4 Smart Card with ActivCard Applets
(Hardware Version: CosmpollC V4, Software Configurations CAC01-D904 and CAC02-D906)

(Certificate 219a supersedes and replaces Certificate 219)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 05/28/2002;
12/12/2002;
12/20/2002;
02/27/2004;
03/30/2004;
09/23/2005
Overall Level: 2 

-Software Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #87); SHA-1 (Cert. #75); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #148);

Single-chip

"The Oberthur Card Systems CosmopolIC product is a highly secure and powerful multi-application Java Card platform for smart card. With a better management of memory (ROM and EEPROM), it offers more space for the development of e-commerce, m-commerce, payment (Debit/ Credit), network access, pay-TV, loyalty and many other applications including WAP."
218 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Luna® XLR Premium
(Hardware Versions: LXL-002-101 and LXL-003-001, Firmware Version 3.96)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 04/30/2002;
10/18/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption);

Multi-chip standalone

"Luna® XLR Premium provides high-performance hardware-based key management and cryptographic acceleration for secure web servers, e-commerce servers and Internet-based financial systems in a 1U Rack-mount form factor. Combining the Luna® XLR with the proven Luna® CA3 cryptographic token, the Luna® XLR Premium offers the ultimate security solution for SSL transaction processing, based on the key management strength of the Luna® cryptographic engine and, at the same time, offers easily scalable improvement in system performance."
217 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Luna® XLR
(Hardware Versions: LXL-002-101 and LXL-003-001, Firmware Version 3.96)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 04/30/2002;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Software Security: Level 3
-Self Tests: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption);

Multi-chip standalone

"Luna® XLR provides high-performance hardware-based key management and cryptographic acceleration for secure web servers, e-commerce servers and Internet-based financial systems in a 1U Rack-mount form factor. Luna® XLR offers a highly secure solution for SSL transaction processing, based on the key management strength of the Luna® cryptographic engine and, at the same time, offers easily scalable improvement in system performance."
216 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Luna® XL Premium
(Hardware Version: LXP-002-101, Firmware Version 3.96)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 04/30/2002;
10/18/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption);

Multi-chip standalone

"Luna® XL Premium provides high-performance hardware-based key management and cryptographic acceleration for secure web servers, e-commerce servers and Internet-based financial systems in a desktop form factor. Combining the Luna® XL with the proven Luna® CA3 cryptographic token, the Luna® XL Premium offers the ultimate security solution for SSL transaction processing, based on the key management strength of the Luna® cryptographic engine and, at the same time, offers easily scalable improvement in system performance."
215 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Luna® XL
(Hardware Version: LXP-002-101, Firmware Version 3.96)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 04/30/2002;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Software Security: Level 3
-Self Tests: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); Triple-DES MAC; RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Cert. #134); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption);

Multi-chip standalone

"Luna® XL provides high-performance hardware-based key management and cryptographic acceleration for secure web servers, e-commerce servers and Internet-based financial systems. Luna® XL offers a highly secure solution for SSL transaction processing, based on the key management strength of the Luna® cryptographic engine and, at the same time, improves system performance."
214 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Luna® CA³
(Hardware Versions: 1 and 2, Firmware Versions 3.97 and 3.102)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 04/30/2002;
04/05/2004;
10/18/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #73); DSA (Cert. #13); SHA-1 (Cert. #64); Triple-DES MAC; RSA (ANSI X9.31, vendor affirmed)

-Other algorithms: DES (Cert. #32); DES MAC; RC2; RC4; RC5; CAST; CAST3; CAST5; CAST MAC; CAST 3 MAC; CAST 5 MAC; MD2; MD5; Diffie-Hellman (key agreement); RSA (Encryption/Decryption);

Multi-chip standalone

"The Luna® CA³ token securely stores data and keying material inside its cryptographic boundary. It also performs cryptographic operations on data provided by external applications using the keying material stored in the token. These abilities are defined as key management, object management, and cryptographic capability."
213 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166
USA

-Timothy Williams
TEL: 571-434-2000
FAX: 572-434-2001

CST Lab: NVLAP 100432-0

DiamondPak
(Part Number DP600, Hardware Version 2020, Software Versions 2.1.3, 2.1.4, 2.1.4A, 2.1.6 and 2.1.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 04/16/2002;
04/16/2002;
08/08/2002;
02/25/2003;
04/08/2005
Overall Level: 1 

-Roles and Services: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63)

-Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"DiamondPak™ is a rack-mounted network appliance for protecting multiple servers with each server protected by a dedicated self-protecting DiamondTEK™ security computer enforcing a single security profile."
212 Gemplus Corp. and ActivCard Inc.
Avenue du Pic de Bretagne
BP 100
Gémenos Cedex, 13881
France

-Lus Astier
TEL: +33 (0) 4 42 36 5000

-Eric Le Saint
TEL: 510-745-0100 x6211

CST Lab: NVLAP 200427-0

Gemplus GemXpresso Pro E64 PK - FIPS ICC with ActivCard Applet Suite
(Hardware Version GP92, Software Versions GXP3-FIPS, GXP3-FIPS EI15, GXP3-FIPS EI15 with single ATR, and GXP3-FIPS EI19 with new ATR and fast ATR)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 04/10/2002;
07/26/2002;
07/15/2003;
10/30/2003;
01/19/2005
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #95); SHA-1 (Cert. #82); RSA (PKCS#1; vendor affirmed)

-Other algorithms: DES (Cert. #155);

Single-chip

"The “GemXpresso Pro E64 PK – FIPS ICC with ActivCard Applet Suite” is based on a Gemplus Open OS Smart Card with 64K of EEPROM, and on platform-independent cryptographic applets developed by ActivCard. The card and applets provide authentication and digital signature cryptographic services to end-users."
211 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200416-0

VPN 3002-8E and VPN 3002 Hardware Client
(Hardware Models 3002-8E and 3002; Firmware version: 3.1 FIPS)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 03/26/2002;
04/05/2002;
06/10/2002;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. 86); DSA (Cert. #54); SHA-1 (Cert. #73); HMAC/SHA-1 (Cert. #73; vendor affirmed); RSA (PKCS#1; vendor affirmed)

-Other algorithms: DES (Cert. #147); MD5; HMAC/MD5; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco VPN 3002-8E Hardware Client is a small hardware appliance that operates as a client in Virtual Private Networking (VPN) environments. It combines the best features of a software client, including scalability and easy deployment, with the stability and independence of a hardware platform."
210 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200416-0

VPN 3000 Concentrator Series
(Hardware models: 3005, 3015, 3030, 3060, 3080, Firmware version: 3.1 FIPS)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 03/26/2002;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #32 and #86); DSA/SHA-1 (Cert. #38); DSA (Cert. #54); SHA-1 (Cert. #73); RSA (PKCS#1; vendor affirmed); HMAC SHA-1 (Cert. #73; vendor affirmed)

-Other algorithms: DES (Certs. #100 and #147); MD5; HMAC/MD5; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco VPN 3000 Concentrator Series is a family of purpose-built, remote access Virtual Private Network (VPN) platforms and client software that incorporates high availability, high performance and scalability with the most advanced encryption and authentication techniques available today."
209 WinMagic Incorporated
200 Matheson Blvd W.
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Thi Nguyen-Huu
TEL: 905-502-7000

CST Lab: NVLAP 200017-0

SecureDoc® Cryptographic Engine
(Version 3.2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 03/26/2002;
04/04/2002;
05/08/2002;
07/02/2007
Overall Level: 2 

-Roles and Services: Level 3

-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq Professional Workstation 5100

-FIPS-approved algorithms: Triple-DES (Cert. #7); SHA-1 (Cert. #76); AES (Cert. #1); Triple-DES MAC

-Other algorithms: DES (Cert. #87); DES MAC; RIPEMD 160; AES MAC

Multi-chip standalone

"SecureDoc® Cryptographic kernel used in all of WinMagic’s SecureDoc® cryptographic products including the Disk Encryption application and the Central Database administration facility."
208 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Pointsec 4.1
(Software version 4.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 03/21/2002;
03/28/2002;
06/18/2003;
04/29/2008;
05/28/2009
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 2000, Windows 95 and NT Server/Workstation 4.0 (SP6a)

-FIPS-approved algorithms: Triple-DES (Cert. #85)

-Other algorithms: DES (Cert. #146); BLOWFISH; AES; CAST

Multi-chip standalone

"Pointsec version 4.1 employs hard disk encryption to guarantee that no users can access or manipulate information on an encrypted device, either from available files, erased files, or temporary files. Pointsec version 4.1 safeguards the operating system and the important system files (which often contain clues to passwords for Windows), shared devices, and the network."
207 Motorola, Inc.
8220 E. Roosevelt St.
Scottsdale, AZ 85257
USA

-Randy Morton
TEL: 480-441-4472
FAX: 480-441-3580

CST Lab: NVLAP 100432-0

Key Management Facility Crypto Card (KMF CC)
(Hardware Issue O, Software Version R01.06)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 03/01/2002 Overall Level: 1 

-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #82)

-Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; DVP-XL; HCA

Multi-chip embedded

"The KMF CC provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola’s Key Management Facility (KMF). The KMF and KMF CC combine to provide these cryptographic services for Motorola’s APCO-25 compliant Astro ™ radio systems."
206 Axalto Inc.
36-38 rue de la Princesse BP 45
78431 Louveciennes, France

-Francisco Alcalde
TEL: +33 1 3008 4685
FAX: +33 1 3008 4527

CST Lab: NVLAP 100432-0

Cryptoflex 8K Smart Card
(Hardware ST19CF68 revision B, Firmware v2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 02/27/2002;
09/21/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #67); SHA-1 (Cert. #61)

-Other algorithms: RSA (non-compliant)

Single-chip

"Cryptoflex is a credit-card sized computer with a crypto-processor dedicated to security. Cryptoflex implements security industry functions based on public key cryptography directly onto the card, therefore eliminating the risk of sending secret data across a network. Keys and certificates for a variety of applications are stored in a single secure location, isolated from computer disks, which can fail or damaged and are susceptible to security breaches ad theft."
205 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink ATM Encryptor
(Hardware Versions 3.0 and 3.1, Cylink ATM Encryptor Models: 450-002-001, 450-002-002, 450-002-003, 450-002-004, 450-002-005, 450-002-006, 450-002-007, 450-003-001, 450-003-002, 450-003-003, 450-003-004, 450-003-005, 450-003-006, 450-003-007, 450-003-008 and 450-003-009, Firmware Versions 4.0 and 4.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 01/31/2002;
02/01/2002;
06/17/2002;
12/04/2003;
10/18/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #15); DSA/SHA-1 (Cert. #14)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cylink ATM Encryptor provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs FIPS approved DES or Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in T1, E1, T3, E3, OC3c and OC12c networks. The Cylink ATM Encryptor can be centrally controlled or managed across multiple remote stations using Cylink's PrivaCy Manager®, an SNMP-based security management system."
204 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Frame Encryptor II (SFE II)
(Firmware Version 4.08, Hardware Version 16326-06(6B) and Firmware Version 4.09, Hardware Version 16826-06(2C))

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 01/31/2002;
04/11/2002;
07/18/2002;
12/17/2002;
12/27/2002;
07/03/2003;
10/19/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #5 and #22); DSS (Cert. #57); SHA-1 (Cert. #81)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SFE protects information flowing between nodes or sites of a frame relay network. It can be con-figured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through encryption or passed without encryption. The SFE II supports Full-Duplex throughput of up to 4 Mbps and 1022 active secure connections."
203 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Frame Encryptor-L (SFE-L) and SafeEnterprise™ Frame Encryptor-H (SFE-H)
(Firmware Version 4.08, Hardware Version 4B & 5B)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 01/31/2002;
04/11/2002;
07/18/2002;
07/03/2003;
10/19/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSS (Cert. #57); SHA-1 (Cert. #81)

-Other algorithms: DES (Certs. #11 and #20); Diffie-Hellman (key agreement)

Multi-chip standalone

"The SFE protects information flowing between nodes or sites of a frame relay network. It can be configured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through encryption or passed without encryption. The SFE-L supports Full-Duplex throughput of 256 Kbps traffic and 32 active secure connections.The SFE-H supports Full-Duplex throughput of 8 Mbps and 1022 active secure connections."
202 PrivyLink Pte Ltd.
77 Science Park Drive
#02-05/07
CINTECH III
Singapore Science Park 1, 118254
Singapore

-Daphne Tng
TEL: (65) 882-0700
FAX: (65) 872-5490

CST Lab: NVLAP 100432-0

TrustField™ Cryptographic Key Server, CKS Model 2000-J
(Version T2000, Hardware Version 2A, Firmware Version 2.0)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 01/25/2002 Overall Level: 3 

-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #62); ShA-1 (Cert. #53); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #123);

Multi-chip standalone

"TrustField™ Cryptographic Key Server (CKS) is a hardware security solution that offers a tamper-resistant environment for highly sensitive e-commerce transaction processing. It adds hardware-based security functionality to Internet, Intranet, Extranet, and enterprise applications such as Banking, e-Banking, Public Key Management for e-Commerce, and Secure e-Transaction."
201 Neopost Online, Inc.
3400 Bridge Parkway
Suite 201
Redwood City, CA 94065
USA

-Chandra Shah
TEL: 650-620-3600

CST Lab: NVLAP 200002-0

PROmail II
(Simply Postage III)

(Hardware Version: FAB 7480079; Software Version: 85)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 01/25/2002 Overall Level: 3 

-Physical Secuirty: Level 3 +EFT

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #39)

-Other algorithms:

Multi-chip embedded

"The Promail II is an electronic device developed by Neopost Online that stores revenue and dispenses it to a host computer, such as a PC compatible, under control and direction of a Neopost Online customer. The Promail II attaches to and communicates with the host computer via either a serial or USB interface. The revenue is dispensed from the Promail II in the form of a digitally signed indicium, a unique bit pattern that can be determined to have originated from a particular device at a particular point in time."
200 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Frame Encryptor-High Speed Serial Interface (SFE HSSI)
(Firmware Version 4.08 and 4.09, Hardware Version 3)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/18/2001;
04/11/2002;
05/15/2002;
07/18/2002;
07/03/2003;
10/19/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #5 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SFE-HSSI protects information flowing between nodes or sites of a frame relay network. It can be con-figured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through encryption or passed without encryption. The SFE-HSSI support full-duplex traffic throughput of between 56-256 kbps for 32-1022 secure connections. The SFE will achieve this throughput for the smaller frames as well (64 byte frames is a target)."
199 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00181
Finland

-Alexey Kirichenko
TEL: +358-9-2520-4548

CST Lab: NVLAP 200002-0

F-Secure Cryptographic Service Provider DLL
(Software Version: 1.1)

(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Software 12/18/2001;
07/31/2003
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT 4.0 SP6

-FIPS-approved algorithms: Triple-DES (Cert. #68); DSA (Cert. #50); SHA-1 (Cert. #62); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #129); RSA Encryption/Decryption; IDEA; Blowfish; CAST-128; Rijndael; Arcfour; MD5; RIPEMD-160; HMAC-SHA-1; HMAC-MD5; HMAC-RMD160; Diffie-Hellman (key agreement)

Multi-chip standalone

"The F-Secure Cryptographic Service Provider is a FIPS 140-1 Level 1 compliant software module, implemented as a 32-bit Windows™ NT compatible DLL, which provides a variety of cryptographic services and can be dynamically linked into applications by software developers to get access to general-purpose cryptographic functionality."
198 Mailroom Technology, Inc.
230 Long Hill Cross Road
Shelton, CT 06484
USA

-Richard Rosen
TEL: 203-925-2571
FAX: 203-926-1628

CST Lab: NVLAP 200002-0

SAFE CV 411, SAFE CV 412 and SAFE CV 413
(Software Versions 3.1.1, 3.3.2, 3.3.3 and 3.4.0; Hardware Versions 411, 412 and 413)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/14/2001;
06/21/2002;
09/01/2006;
04/26/2007
Overall Level: 3 

-Physical Security: Level 3 +EFT

-FIPS-approved algorithms: Triple-DES (Cert. #47); DSA/SHA-1 (Cert. #43)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip embedded

"SAFE CV provides the physical and logical resources necessary to function as a United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Postal Security Device (PSD). It is used for securely managing and dispensing money via encryption and digital signature techniques and protects the interests of user, service provider and recipient. The device is ideally suited to both embedded and PC based applications requiring high-speed cryptographic functions. Additionally, this device has been approved for export for use in markets throughout the world."
197 CTAM, Inc.
600 17th Street 600 17th Street
Suite 950
South Denver, CO 80202
USA

-Network Security Product Manager
TEL: 720-359-1581

CST Lab: NVLAP 200002-0

CypherCell ATM Encryptor
(Hardware Version 3, Firmware Version 2.1.0)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/14/2001 Overall Level: 2 

-Roles and Services: Level 3
-EMI/EMC: Level 3
-Key Management: Level 3
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #78); SHA-1 (Cert. #68); RSA (PKCS#1 for signature, vendor affirmed)

-Other algorithms: DES (Certs. #138 and #139);

Multi-chip standalone

"CypherCell is a hardware encryption product for Asynchronous Transfer Mode (ATM) networks. It supports multiple speeds with AC or DC Power"
196 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

2621 Modular Access Router with Crypto Accelerator Card
2651 Modular Access Router with Crypto Accelerator Card

(Hardware Versions: 2621 and 2651, IOS Version: 12.1(5)T, Accelerator Card: AIM-VPN/BP, Hardware Version: 1.0, Board Rev; A0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #17 and #32); SHA-1 (Cert. #26); DSA/SHA-1 (Cert. #38)

-Other algorithms: DES (Certs. #74 and #100); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Router is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
195 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Link Encryptor-T3 (SLE-T3)
(Firmware Versions 3.00 and 3.01, Hardware Revision 16697-010-03)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
05/23/2002;
07/18/2002;
07/03/2003;
10/19/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #22 and #56); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Cert. #109); Diffie-Hellman (key agreement)

Multi-chip standalone

"The SLE-T3 secures public and private DS3/T3 data links at 44.7 MHz, encrypting data at the full data rate, and meeting the T3 industry standard. Both C-Bit and M13 framing are supported."
194 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

2621 Modular Access Router
2651 Modular Access Router

(Hardware Versions: 2621 and 2651, Software Version: IOS 12.1(5)T)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26)

-Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Router is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
193 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

7206 VXR Router with ISA Accelerator Card
(Hardware: 7206, Software: IOS 12.1(9)E, ISA Accelerator: Hardware Version 1.0, Board Version B0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #17 and #76); SHA-1 (Certs. #26 and #66)

-Other algorithms: DES (Certs. #74 and #136); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
192 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

7206 VXR Router
(Hardware: 7206 VXR, Software: IOS Version: 12.1(9)E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26)

-Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
191 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

7140 VPN Router with ISM Accelerator Card
7140 VPN Router with Dual ISA and ISM Accelerator Cards

(7140: Hardware Version: 7140, Software: IOS 12.1(9)E; ISM Accelerator: Hardware Version: 1.0, Board Rev: AO
7140 Dual: Hardware Version: 7140, Software: IOS 12.1(9)E, ISM Accelerator: Hardware Version: 1.0, Board Version: AO; ISA Accelerator: Hardware Version 1.0, Board Version B0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
02/25/2002;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #17, #76 and #77); SHA-1 (Certs. #26, #66 and #67)

-Other algorithms: DES (Certs. #74, #136 and #137); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
190 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

7140 VPN Router
(Hardware Version: 7140, Software Version: IOS 12.1(9)E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26)

-Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
189 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

3640 VPN Router with Crypto Accelerator Card
3660 VPN Router with Crypto Accelerator Card

(3640: H/W Version: 3640, IOS Version: 12.1(5)T, Accelerator Card: NM-VPN/MP, Hardware Version: 1.0, Board Rev: AO
3660: H/W Version: 3660, IOS Version: 12.1(5)T, Accelerator Card: AIM-VPN/HP, Hardware Version: 1.0, Board Rev: AO)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Certs. #17 and #32); SHA-1 (Cert. #26); DSA/SHA-1 (Cert. #38)

-Other algorithms: DES (Certs. #74 and #100); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
188 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

3640 Modular Access Router
3660 Modular Access Router

(Hardware Version: 3640 and 3660, Software Version: IOS 12.1(5)T)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26)

-Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Router is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
187 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166
USA

-Timothy Williams
TEL: 571-434-2000
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

DiamondLINK 10/100
(Hardware Version 2000, Software Versions 2.0.3, 2.0.8, 2.1.3, 2.1.4, 2.1.4A, 2.1.6 and 2.1.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 11/27/2001;
12/12/2001;
02/15/2002;
04/16/2002;
08/08/2002;
02/25/2003;
04/08/2005
Overall Level: 1 

-Roles and Services: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63)

-Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5

Multi-chip embedded

"DiamondLink provides a cost-effective and flexible end-to-end network security solution for the LAN, WAN, or Internet. It not only provides a high level of trust and data separation through the established end-to-end sessions, it additionally provides added levels of security by bringing firewall filtering functionality to the desktop. This module provides strong I&A with user selectable/dynamically downloaded security policies to the desktop."
186 Corsec Security, Inc.
10340 Democracy Lane
Suite 201
Fairfax, VA 22030
USA

-Matthew Appler
TEL: 703-267-6050
FAX: 703-267-6810

CST Lab: NVLAP 200002-0

CryptoFramework

Validated to FIPS 140-1
Not Available

Security Policy

Certificate

Software 11/27/2001;
06/10/2002;
09/06/2002
Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms:

Multi-chip standalone

185 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

CST Lab: NVLAP 200002-0

Contivity Extranet Switch 4600
(Firmware Version 3.61.01, Hardware Version 4600)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 11/27/2001;
12/06/2001
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #29 and #53); SHA-1 (Cert. #28, #31 and #51); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #44, #48 and #101); DES MAC; MD5; HMAC (MD5, SHA-1); 40-bit DES; RC4 (40-bit and 128-bit)

Multi-chip standalone

"The Contivity 4600 Extranet Switch provides up to 5000 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. The Switch provides 5 PCI expansion slots and dual 10/100 LAN ports, dual redundant power supplies and storage."
184 Algorithmic Research Ltd.
10 Nevatim Street
Petach Tikva, 49561
Israel

-Gadi Aharoni
TEL: +972-3-927-9500
FAX: +972-3-923-0864

CST Lab: NVLAP 200002-0

PrivateServer 3.0 and PrivateServer 3.1
([Firmware Version 3.0, Hardware Versions 3.0] and [Firmware Version 3.1, Hardware Version 3.1])

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 11/27/2001;
12/13/2002;
02/10/2003;
07/15/2003
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #66); SHA-1 (Cert. #58); RSA digital signature (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert.#127); MD5; RSA (encryption); ISO9796; ARDFP; Diffie-Hellman (key agreement)

Multi-chip standalone

"The PrivateServer is a high-performance cryptographic service provider. Contained within a secure, tamper-responsive steel case, the PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include strong cryptography using DES, triple-DES, and SHA-1, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities."
183 Motorola, Inc.
8220 East Roosevelt Street
Scottsdale, AZ 85257
USA

-Kerry Johns-Vano
TEL: 480-441-4733
FAX: 480-441-3580

CST Lab: NVLAP 100432-0

ASTRO Subscriber Universal Crypto Module
(Firmware Versions: R05.00.02, R05.00.03, R05.00.12 and R05.00.13, Hardware Version: Issue O)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 11/19/2001;
02/07/2002;
10/04/2002;
10/21/2002;
01/06/2003
Overall Level: 1 

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #82)

-Other algorithms: DES (09/22/1995); DES-XL; DVI-XL; DVI-SPFL; DVP-XL

Multi-chip embedded

"Encryption modules used in Motorola Astro™ family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
182 Hasler, Inc.
19 Forest Parkway
Shelton, CT 06484
USA

-Richard Rosen
TEL: 203-926-1087
FAX: 203-926-1628

CST Lab: NVLAP 200002-0

SAFE CV 401
(Software Version 3.1.1 and 3.3.2, Hardware Version 401)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 11/09/2001;
06/21/2002
Overall Level: 3 

-Physical Security: Level 3 +EFT

-FIPS-approved algorithms: Triple-DES (Cert. #47); DSA/SHA-1 (Cert. #43)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip embedded

"SAFE CV provides the physical and logical resources necessary to function as a United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Postal Security Device (PSD). It is used for securely managing and dispensing money via encryption and digital signature techniques and protects the interests of user, service provider and recipient. The device is ideally suited to both embedded and PC based applications requiring high-speed cryptographic functions. Additionally, this device has been approved for export for use in markets throughout the world."
181 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 PCI and nForce 300 PCI
(Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC3022P-150 and nC3022P-300, Build standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 11/09/2001;
01/23/2004
Overall Level: 2 

-Roles and Services: Level 3*
-Physical Security: Level 3
-Key Management: Level 3*
-Software Security: Level 3
-Self Tests: Level 3*

*When operated in the FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip embedded

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging including X.400/EDI."
180 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI and nShield F3 Ultrasign SCSI
(Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC4032W-150 and nC4032W-400, Build standard D)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 11/09/2001;
01/23/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
179 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

CST Lab: NVLAP 200002-0

Contivity Extranet Switch 2600
(Firmware version 3.60.45, Hardware Version 2600)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/30/2001;
12/06/2001
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #29 and #53); SHA-1 (Cert. #28, #31 and #51); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #44, #48 and #101); DES MAC; MD5; HMAC (MD5, SHA-1); DES (40-bit); RC4 (40-bit and 128-bit)

Multi-chip standalone

"The Contivity 2600 Extranet Switch provides up to 1000 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. The Switch provides 3 PCI expansion slots and dual 10/100 LAN ports."
178 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

CST Lab: NVLAP 200002-0

Contivity Extranet Switch 1600
(Firmware version 3.60.45, Hardware Version 1600)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/30/2001;
12/06/2001
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #29 and #53); SHA-1 (Cert. #28, #31 and #51); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #44, #48 and #101); DES MAC; MD5; HMAC (MD5, SHA-1); DES (40-bit); RC4 (40-bit and 128-bit)

Multi-chip standalone

"The Contivity 1600 Extranet Switch provides up to 200 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. The Switch provides a PCI expansion slot and dual 10/100 LAN ports."
177 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust TruePass Applet Cryptographic Module
(Version 5.2)

(When operated in FIPS mode with FIPS validated browser services operating in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 10/30/2001;
11/15/2001;
06/28/2002;
07/18/2002
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Windows NT 4.0 SP3, Windows 95/98, Windows 2000 SP2 and Netscape 4.72 (Cert. #47) or Microsoft IE 5.5 (Cert. #103) (operated in single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #130);

Multi-chip standalone

"The module performs low level cryptographic operations – encryption, decryption and hashes – implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
176 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust Cryptographic Kernel v6.0
(Version 6.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 10/30/2001;
05/09/2002;
07/18/2002;
05/27/2003
Overall Level: 2 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq ProLiant 7000 Server

-FIPS-approved algorithms: AES (Cert. #10); Triple-DES (Cert. #6); DSA/SHA-1 (Cert. #10); RSA (FIPS 186-2 and PKCS #1, vendor affirmed)

-Other algorithms: DES ((Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-SHA-1; HMAC-MD5; HMAC-RMD160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie Hellman; ECDSA (vendor affirmed; non-compliant)

Multi-chip standalone

"This module is used in the Entrust® family of products."
175 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 PCI and nShield F2 Ultrasign PCI
(Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC4022P-150 and nC4022P-300, Build standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/11/2001;
01/23/2004
Overall Level: 2 

-Roles and Services: Level 3*
-Physical Security: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3*

*When operated in the FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
174 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 PCI and nShield F3 Ultrasign PCI
(Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC4032P-150 and nC4032P-300, Build standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/11/2001;
01/23/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip embedded

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
173 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200427-0

Luna® XP plus
(Version 3.9)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/11/2001;
10/18/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #73); SHA-1 (Cert. #64); DSA (Cert. #51); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #134); RC2; RC4; RC5; CAST; CAST3; CAST5; HMAC-SHA1; HMAC-MD5; RSA (encryption/decryption); MD2; MD5; Diffie-Hellman -1024 (key agreement)

Multi-chip standalone

"Luna® XPplus offers hardware-accelerated signing, secure key management, and signature validation for high volume transaction applications such as transaction coordinators and OCSP (Online Certificate Status Protocol) responders. Luna® XPplus is a scalable, hardware security module for high-performance digital signing of e-business transactions in a FIPS 140-1 level 3-validated solution. The product operates in conjunction with Luna® CA³ root key protection systems leveraging ultimate private key integrity for high-volume digital signing applications. Luna® XPplus signing devices allow you to add signature processing throughput as needed."
172 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 SCSI and nShield F2 Ultrasign SCSI
(Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC4022W-150 and nC4022W-400, Build standard D)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/15/2001;
01/23/2004
Overall Level: 2 

-Roles and Services: Level 3*
-EMI/EMC: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3*

*When operated in the FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
171 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 SCSI and nForce 400 SCSI
(Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC3022W-150 and nC3022W-400, Build standard D)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/15/2001;
01/23/2004
Overall Level: 2 

-Roles and Services: Level 3*
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3*

*When operated in the FIPS mode

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging including X.400/EDI."
170 NetScreen Technologies, Inc.
805 11th Avenue
Bldg. 3
Sunnyvale, CA 94089
USA

-Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0

NetScreen 5XP
(Hardware Revision 3010, Software Version ScreenOS 2.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 09/27/2001;
02/13/2003;
06/03/2003
Overall Level: 2 

-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #49 and #50); SHA-1 (Cert. #47); DSA/SHA-1 (Cert. #44); RSA (SigVer; PKCS #1; vendor affirmed)

-Other algorithms: DES (Certs. #114 and #115); RC2; RC4; MD5; RSA (encryption/decryption); Diffie-Hellman (key agreement); Blowfish; HMAC

Multi-chip standalone

"The NetScreen-5XP is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10Base-T Ethernet ports (trust and untrust), the NetScreen-5XP performs at near wire-speed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
169 NetScreen Technologies, Inc.
805 11th Avenue
Bldg. 3
Sunnyvale, CA 94089
USA

-Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0

NetScreen 500
(Hardware Revision 4110, Software Version ScreenOS 2.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 09/27/2001;
02/13/2003;
06/03/2003
Overall Level: 2 

-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #49 and #50); SHA-1 (Cert. #47); DSA/SHA-1 (Cert. #44); RSA (SigVer; PKCS #1; vendor affirmed)

-Other algorithms: DES (Certs. #114 and #115); RC2; RC4; MD5; RSA (encryption/decryption); Diffie-Hellman (key agreement); Blowfish; HMAC

Multi-chip standalone

"The NetScreen-500 is a purpose-built security system integrating stateful inspection firewall, VPN, and traffic management together in a compact system that only requires 2U of rack space. Designed for high performance, redundancy, manageability, and multiple security domains, the NetScreen-500 implements a modular design, it offers many of the compelling functionality of an appliance. In addition, there are redundant dedicated high availability ports, dedicated management port, 4 traffic module bays, and a programmable LCD."
168 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

LUNA® RA Secure Key Issuance HSM token
(Firmware v3.9, Hardware v 1 and 2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/25/2001;
10/18/2004
Overall Level: 2 

-Software Security: Level 3
-Self Tests: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #74); Triple-DES MAC; DSA/SHA-1 (Cert. #13); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #32); DES MAC; HMAC-SHA-1; Diffie-Hellman (key agreement); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; CAST/CAST3/CAST5 (40 and 64 bit keys)

Multi-chip standalone

"The Chrysalis-ITS® LUNA RA Secure Issuance HSM token is a hardware-based, multiple-chip standalone module which is a delta production of the Chrysalis-ITS® LUNA 2 token (certificate #56, dated 08/08/1999). Like the LUNA 2, the LUNA RA is in the form of a PC card “token” based on the PCMCIA standard. The LUNA RA token offers secure key distribution, fast key generation and secure key backup functionality to increase security and reduce operational overhead. The Luna RA token is integral to the secure issuance of keys to smart cards, cable modems, mobile phones and other PKI-enabled devices."
167 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200017-0

Rosetta Smart Card
(Firmware Version: SPYCOS 2.01(FUP03),
Hardware Version: SC410-G)

(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/25/2001 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #54); Skipjack (Cert. #4); DSA (SigGen, KeyGen Cert. #31); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #78); KEA (key exchange)

Multi-chip standalone

"The SPYRUS Rosetta Smart Card is an ISO 7816 compliant public key smart card based upon the SPYCOS card operating system."
166 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200017-0

Rosetta USB
(Firmware Version: SPYCOS 2.01(FUP03), Hardware Version: USB110-GBL)

(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 09/10/2001 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #54); Skipjack (Cert. #4); DSA (SigGen, KeyGen Cert. #31); RSA (vendor affirmed);

-Other algorithms: DES (Cert. #78); KEA (key exchange)

Multi-chip standalone

"The Rosetta USB is a low cost cryptographic token ideal for public key operations, key generation, and certificate storage. USB compatibility means simple “plug and play” ease of use. Rosetta USB provides user authentication, digital signatures, and data privacy all in a familiar key-shaped token. With both commercial and government cryptographic algorithms, Rosetta USB supports messaging and authentication requirements at a lower cost of deployment than smart cards or PC cards. Combined with the Rosetta Executive Suite software, Rosetta USB seamlessly plugs into e-mail, browsing, and data security applications."
165 Axalto Inc.
8311 North FM 620 Road
Austin, TX 78726
USA

-David Teo
TEL: 512-257-3895
FAX: 512-257-3881

-David Wen
TEL: 510-745-6215

CST Lab: NVLAP 100432-0

SchlumbergerSema Cyberflex Access 32K with ActivCard Applets
(Hardware PN 15006436 and 15008973, Firmware M256EPALP1_SI_9C_02 Softmask 7 version 2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/10/2001;
11/02/2001;
02/25/2002;
05/09/2003;
09/21/2004;
05/25/2006
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #57); SHA-1 (Cert. #65); RSA (Signature; PKCS #1; vendor affirmed)

-Other algorithms:

Single-chip

"Cyberflex Access 32K with Applets, which incorporates PKI (public key infrastructure) and digital signature technology, serve as highly portable, secure tokens for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 32K with Applets has on board Triple DES and RSA algorithms and can provide on board key generation. It is compliant to Java Card V2.1.1 and Open Platform V2.0.1. The Cyberflex Access 32K with Applets smart card is part of a range of highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications.

The ActivCard applets add to the smart card platform the following services: cardholder authentication, digital signature, and secure data storage. The external interface provided by the applets is compliant with the smart card interoperability specification defined by the GSA."
164 Kasten Chase Applied Research, Ltd.
5100 Orbitor Drive
Mississauga, Ontario L4W 4Z4
Canada

-Cyril Fernandes
TEL: 905-238-6900 x3310
FAX: 905-212-2003

CST Lab: NVLAP 200002-0

RASP Secure Modem
(Hardware Version 1.5, Firmware Versions P539 and P539.2)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 08/23/2001;
08/01/2003
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #2); Skipjack (Cert. #2)

-Other algorithms: KEA

Multi-chip standalone

163 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C
(Version 5.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 08/15/2001;
08/27/2001;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Windows 98 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #70); SHA-1 (Cert. #59); DSA (Cert. #49); RSA (ANSI X9.31 and PKCS#1 for Signature; vendor affirmed); ECDSA (vendor affirmed)

-Other algorithms: DES (Cert. #131); RSA Encryption; MD; MD5; HMAC SHA-1; HMAC MD5; AES (Rijndael); DESX; RC2; RC4; RC6; Elliptic Curve (F2&Fp); Elliptic Curve Encryption Scheme; Elliptic Curve Diffie-Hellman (key agreement); Bloom-Shamir; Diffie-Hellman (key agreement)

Multi-chip standalone

"The RSA BSAFE® Crypto-C Module version 5.2.1 is a software development kit that allows software and hardware developers to incorporate encryption technologies directly into their products. It provides a variety of cryptographic services to calling applications that are documented in RSA’s RSA BSAFE® Crypto-C Security Components for C Library Reference Manual. RSA BSAFE® Crypto-C is a C-language API available as a static library, a dynamic library and as source code."
162 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 100432-0

CryptoSwift HSM
(Hardware P/N 107316, Firmware Versions 5.6.27 and 5.6.28)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 08/15/2001;
08/27/2001;
11/19/2002;
10/18/2004
Overall Level: 3 

-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #30); SHA-1 (Cert. #16); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #43); RC4; MD5; HMAC MD5; HMAC SHA-1; RSA Encryption; DSA (non-compliant)

Multi-chip embedded

"The CryptoSwift HSM is for high-assurance applications requiring a high degree of physical security as well as optimal cryptographic processing performance. With its tamper active design, the evasive measures of the CryptoSwift HSM defeat physical attacks through detection and response to ensure the integrity and confidentiality of keying information. The key management features allow operators to backup or clone keys securely and easily. In addition, strong two-factor authentication is provided for Security Officers and Operators with the CryptoSwift HSM's trusted channel, a USB port with Rainbow Technologies iKey authentication solution."
161 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200427-0

iKey 2032
(Hardware versions (A and 909-23002) and 909-25001; Firmware version 0.6)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 08/03/2001;
09/21/2004;
10/18/2004;
01/11/2007
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #35); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #88); Triple-DES (vendor affirmed; non-compliant); Diffie-Hellman (key agreement)

Multi-chip standalone

"The iKey 2032 is a powerful and portable two-factor authentication USB device suited for applications demanding high security. The iKey 2032 specifically supports Public Key Infrastructure (PKI) needs by providing on-board cryptographic key generation; secure storage of key pairs and X.509 digital certificates; and performing digital signature signing operations on-board."
160 Eracom Technologies Group, Eracom Technologies Australia, Pty. Ltd.
28 Greg Chappell Drive
Burleigh Heads, QLD 4220
Australia

-Gerry Scott
TEL: 916-677-2450
FAX: 916-677-2460

CST Lab: NVLAP 200002-0

CSA8000 Cryptographic Adapter
(Hardware Version: Revision G, Cprov Firmware Version 1.10)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 07/27/2001;
10/18/2005
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #63); DSA (Cert. #47); SHA-1 (Cert. #55); RSA (PKCS #1 for Signatures; vendor affirmed)

-Other algorithms: DES (Cert. #124); HMAC-SHA-1; RSA; CAST128; IDEA; AES (Rijndael); RC2; RC4; MD2; MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The Eracom CSA8000 Cryptographic Adapter is an intelligent PCI adapter card that provides a wide range of cryptographic functions with dedicated DES/3DES and RSA hardware accelerators. The module implements the PKCS#11 cryptographic API and provides a comprehensive compliance to the PKCS#11 standard as well as vendor specific extensions."
159 Avaya, Inc.
1500 Buckeye Drive
Milpitas, CA 95035
USA

-Kevin Johnson
TEL: 408-321-4884
FAX: 408-404-1313

CST Lab: NVLAP 100432-0

VSU-5000 and VSU-7500
(Hardware Version 02, Software Version 3.1.34)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/27/2001;
08/02/2002
Overall Level: 2 

-FIPS-approved algorithms: SHA-1 (Certs. #28 and #52); Triple-DES (Certs. #60 and #61); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #44 and #122); MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The VSU™ series of VPN gateways provide high performance ICSA certified IPSec VPN and firewall services for networks of all sizes and complexity. All VSU models are tamper evident network security appliances that cost effectively provide secure authenticated communications over public IP networks, and protect private enterprise networks from attack or intrusion."
158 Avaya, Inc.
1500 Buckeye Drive
Milpitas, CA 95035
USA

-Kevin Johnson
TEL: 408-321-4884
FAX: 408-404-1313

CST Lab: NVLAP 100432-0

VSU-100/VSU-100R and VSU-2000
(Hardware Version 02, Software Version 3.1.34)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/27/2001;
08/02/2002
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: SHA-1 (Certs. #28 and #52); Triple-DES (Certs. #60 and #61); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #44 and #122); MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The VSU™ series of VPN gateways provide high performance ICSA certified IPSec VPN and firewall services for networks of all sizes and complexity. All VSU models are tamper evident network security appliances that cost effectively provide secure authenticated communications over public IP networks, and protect private enterprise networks from attack or intrusion."
157 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200017-0

Rosetta USB
(Firmware Version: SPYCOS 2.01(FUP02), Hardware Version: USB110-FGR)

(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/17/2001 Overall Level: 2 

-Roles and Services: Level 3
-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Skipjack (Cert. #4); DSA (Cert. #31); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #78); Triple-DES (Cert #54; non-Compliant); KEA (key exchange)

Multi-chip standalone

"The Rosetta USB is a low cost cryptographic token ideal for public key operations, key generation, and certificate storage. USB compatibility means simple "plug and play" ease of use. Rosetta USB provides user authentication, digital signatures, and data privacy all in a familiar key-shaped token. With both commercial and government cryptographic algorithms, Rosetta USB supports messaging and authentication requirements at a lower cost of deployment than smart cards or PC cards. Combined with the Rosetta Executive Suite software, Rosetta USB seamlessly plugs into e-mail, browsing, and data security applications."
156 Hasler, Inc.
19 Forest Parkway
Shelton, CT 06484
USA

-Richard Rosen
TEL: 203-926-1087
FAX: 203-926-1628

CST Lab: NVLAP 200002-0

SAFE CV Lite
(Software Version 1.4.14, Hardware Version 2.0)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/12/2001;
06/21/2002
Overall Level: 2 

-Physical Security: Level 3 +EFP/EFT
-EMI/EMC: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #47); DSA/SHA-1 (Cert. #43)

-Other algorithms: ElGamal

Multi-chip embedded

"The SAFE device is dsigned as a single electronic circuit board. The primary objective of the SAFE device is to protect funds and to apply respective access rules."
155 AEP Networks
Focus 31, West Wing
Cleveland Road
New Hempstead, Herts HP2 7BW
United Kingdom

-David Miller
TEL: +44 1442 458617

CST Lab: NVLAP 200017-0

Advanced Configurable Crypto Environment (ACCE) - L3 SV and BE
(Firmware Version v2.1, Hardware Version 2710-G1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/05/2001;
07/18/2001;
07/22/2002;
10/04/2002;
04/21/2005
Overall Level: 3 

-Physical Security: Level 3 +EFT
-Software Security: Level 4
-Self Tests: Level 4

-FIPS-approved algorithms: Triple-DES (Certs. #24 and #25); Triple-DES MAC; DSA/SHA-1 (Cert. #36)

-Other algorithms: DES (Certs. #82 and #92); DES MAC; MD5; RSA (PKCS1 and ISO9796); Diffie-Hellman (key agreement)

Multi-chip embedded

"The ACCE provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family."
154 Blue Ridge Networks
14120 Parke Long Court
Chantilly, VA 20151
USA

-Tom Gilbert
TEL: 703-631-0700
FAX: 703-631-9588

CST Lab: NVLAP 200416-0

BorderGuard 3000
(Version 6.0)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/21/2001 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #57 and #58); SHA-1 (Cert. #49 and #50)

-Other algorithms: DES (Cert. #119 and #120); NSC-1; IDEA; HMAC (MD5 and SHA-1); RSA; Diffie-Hellman (key agreement)

Multi-chip standalone

"A network security appliance for the construction of secure Virtual Private Networks between Internet sites, and between Internet sites and individual remote users."
153 NetScreen Technologies, Inc.
805 11th Avenue
Bldg. 3
Sunnyvale, CA 94089
USA

-Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0

NetScreen-100
(Sofware Version 2.6.1, Hardware Revision 4)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 06/15/2001;
02/13/2003;
06/03/2003
Overall Level: 2 

-Roles and Services: Level 3
-Key Management: Level 3
-Module Interfaces: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #49 and #50); SHA-1 (Cert. #47); DSA/SHA-1 (Cert. #44)

-Other algorithms: DES (Cert. #114 and #115); RC2; RC5; MD5; RSA; HMAC; Diffie-Hellman (key agreement); Blowfish

Multi-chip standalone

"The NetScreen-100 is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that is optimized for the most demanding environments such as high traffic sites."
152 Tumbleweed Communications Corp.
700 Saginaw Drive
Redwood City, CA 94063
USA

-Ken Beer
TEL: 650-216-2083

CST Lab: NVLAP 200416-0

MMS Security Kernel
(Version 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Software 06/13/2001 Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Windows NT Version 4.0 (single user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #40); DSA/SHA-1 (Cert. #18); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #46); MD2; MD5; RC2; RC5

Multi-chip standalone

"The Tumbleweed Messaging Management System (MMS) is a suite of software products designed to allow organizations to apply content filtering and secure messaging policies on e-mail and Web traffic. All portions of the MMS use a shared set of cryptographic functionality called the MMS Security Kernel. The MMS Security Kernel exposes cryptographic application programming interface (API) calls to the other portions of the MMS."
151 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Link Encryptor-High Speed Serial Interface (SLE-HSSI)
(Firmware v2.1, Hardware Rev 3)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/04/2001;
07/18/2002;
07/03/2003;
10/19/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #22 and #56); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Cert. #109); Diffie-Hellman (key agreement)

Multi-chip standalone

"The SLE-HSSI secures data over high speed synchronous data links up to 52MHz, encrypting data at the full data rate, and meeting the HSSI industry standard. It contains the cryptographic module, which is the case containing all electronics, excluding the battery & its holder."
150 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI and nShield F3 Ultrasign SCSI
(Firmware versions 4.0 (1.71.11) and 4.0.1 (1.71.91), Hardware versions nC4032W-150 and nC4032W-400)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 05/23/2001;
01/23/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael, ARC FOUR, CAST5; HMAC (MD2, MD5, SHA-1, SHA-192, SHA-256 and RIPEMD160); ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
149 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 PCI and nForce 300 PCI
(Firmware version 3.2, Hardware versions nC3022P-150 and nC3022P-300)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 05/23/2001 Overall Level: 2 

-Cryptographic Module Design: Level 3
-Roles and Services: Level 3*
-Key Management: Level 3*
-Module Interfaces: Level 3
-Finite State Machine Model: Level 3
-Software Security: Level 3
-Self Tests: Level 3*

*(Level 3 is met in these areas when the 'FIPS_level3' flag is set during initialization.)

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael, ARC FOUR, CAST5; HMAC (MD2, MD5, SHA-1, SHA-192, SHA-256 and RIPEMD160); ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging including X.400/EDI"
148 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 SCSI and nShield F2 Ultrasign SCSI
(Firmware versions 4.0 (1.71.11) and 4.0.1 (1.71.91), Hardware versions nC4022W-150 and nC4022W-400)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 05/23/2001;
09/14/2001;
01/23/2004
Overall Level: 2 

-Cryptographic Module Design: Level 3
-Roles and Services: Level 3*
-EMI/EMC: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Finite State Machine Model: Level 3
-Software Security: Level 3
-Self Tests: Level 3*

*(Level 3 is met in these areas when the 'FIPS_level3' flag is set during initialization.)

-FIPS-approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael, ARC FOUR, CAST5; HMAC (MD2, MD5, SHA-1, SHA-192, SHA-256 and RIPEMD160); ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
147 Attachmate Corporation
424 Wards Corner Road
Loveland, OH 45140
USA

-Karen M. Patterson
TEL: 513-794-8187

CST Lab: NVLAP 200002-0

CryptoConnect ES
(Version 6.7)

(For services provided by the FIPS-Approved algorithms listed.)

Validated to FIPS 140-1

Security Policy

Certificate

Software 05/14/2001 Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 95, 98, and NT 4.0 Server SP3 or higher. (single-user mode)

-FIPS-approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Cert. #18)

-Other algorithms: DES (Cert. #46);

Multi-chip standalone

"CryptoConnect ES is an encryption option that provides encryption of all TCP data between sessions in Attachmate's Extra! Personal Client (TN3270, TN5250 or Telnet) and their respective host systems."
146 AEP Networks
Focus 31, West Wing
Cleveland Road
New Hempstead, Herts HP2 7BW
United Kingdom

-David Miller
TEL: +44 1442 458617

CST Lab: NVLAP 200017-0

Advanced Configurable Crypto Environment (ACCE) SV and BE
(Firmware Version v2.1, Hardware Version 2640-G3)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 04/23/2001;
07/18/2001;
07/22/2002;
10/04/2002;
04/21/2005
Overall Level: 4 

-FIPS-approved algorithms: Triple-DES MAC; Triple-DES (Certs. #24 and #25); DSA/SHA-1 (Cert. #36)

-Other algorithms: DES (Certs. #82 and #92); DES MAC; RSA (PKCSI and ISO9796); MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The ACCE provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family."
145 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Holland
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200017-0

NetHawk VPN
(Firmware v2.1, Hardware Versions 01 and 03)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 04/23/2001;
07/18/2002;
10/18/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #36); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Cert. #104); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"The Cylink NetHawk is a hardware-based, multiple-chip standalone Virtual Private Network (VPN) device that provides authenticated, encrypted network communications."
144 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200017-0

Rosetta USB
(Firmware Version: SPYCOS 2.01(FUP02), Hardware Version: USB110-FBK)

(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 04/16/2001;
07/03/2001
Overall Level: 2 

-Roles and Services: Level 3
-EMI / EMC: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Skipjack (Cert. #4); DSA (Cert. #31); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #78); Triple-DES (Cert #54; non-Compliant); KEA (key exchange)

Multi-chip standalone

"The Rosetta USB is a low cost cryptographic token ideal for public key operations, key generation, and certificate storage. USB compatibility means simple "plug and play" ease of use. Rosetta USB provides user authentication, digital signatures, and data privacy all in a familiar key-shaped token. With both commercial and government cryptographic algorithms, Rosetta USB supports messaging and authentication requirements at a lower cost of deployment than smart cards or PC cards. Combined with the Rosetta Executive Suite software, Rosetta USB seamlessly plugs into e-mail, browsing, and data security applications."
143 Algorithmic Research Ltd.
10 Nevatim Street
Kiryat Matalon
Petach Tikva, 49561
Israel

-Peleg Atar
TEL: 972-3-927-9500

CST Lab: NVLAP 200017-0

PrivateWire Client
(Version 3)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 04/16/2001 Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT 4.0 Server SP 5.0.

-FIPS-approved algorithms: Triple-DES (Cert. #38); DSA/SHA-1 (Cert. #38)

-Other algorithms: DES (Cert.#111); RC4; El-Gamal; MD-5; RSA (ISO9796); Diffie-Hellman (key agreement)

Multi-chip standalone

"PrivateWire is a software product that enables secure communication between organizations and private users."
142 Algorithmic Research Ltd.
10 Nevatim Street
Kiryat Matalon
Petach Tikva, 49561
Israel

-Peleg Atar
TEL: 972-3-927-9500

CST Lab: NVLAP 200017-0

PrivateWire Security Gateway
(Version 3)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Software 04/16/2001;
07/15/2003
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT 4.0 Server SP 5.0.

-FIPS-approved algorithms: Triple-DES (Cert. #38); DSA/SHA-1 (Cert. #33)

-Other algorithms: DES (Cert.#111); RC4; El-Gamal; MD-5; RSA (ISO9796); Diffie-Hellman (key agreement)

Multi-chip standalone

"PrivateWire is a software product that enables secure communication between organizations and private users."
141 V-ONE Corporation, Inc.
20250 Century Blvd.
Suite 300
Germantown, MD 20874
USA

-Sales
TEL: 301-515-5200
FAX: 301-515-5280

-Citrix Systems, Inc.
TEL: 801-816-3353

CST Lab: NVLAP 200416-0

SmartPass FIPS Token
(Versions 4.0 and 4.1)

Citrix Extranet Client
(Version 2.0)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Software 04/02/2001;
09/14/2001;
10/09/2001;
06/18/2003
Overall Level: 1 

-Roles and Services: Level 2
-EMI / EMC: Level 3
-Software Security: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows98

-FIPS-approved algorithms: SHA-1 (Cert. #10); Triple-DES (Cert. #46)

-Other algorithms: DES; MD5

Multi-chip standalone

"V-ONE’s SmartPass (client) contains the same software-based cryptographic algorithms (3DES) utilized in all V-ONE products including its SmartGate and SmartGuard family of servers."

"Citrix Systems, Inc. makes SmartPass available under a private label licensing agreement as their Citrix Extranet Client"

140 Ensuredmail, Inc.
1708 Lovering Avenue
Suite 202
Wilmington, DE 19806
USA

-Andrew Edelsohn
TEL: 302-426-1185
FAX: 800-886-9062

CST Lab: NVLAP 100432-0

Ensuredmail, v1.0
(Software version: 1.0)

(The KEK is limited to keys derived from a hash of a six-character password.)

Validated to FIPS 140-1

Security Policy

Vendor Product Link
Software 03/29/2001;
05/20/2003
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 95/98 and Windows 2000 (single-user mode).

-FIPS-approved algorithms: Triple-DES (Cert.#42); SHA-1 (Cert. #44)

-Other algorithms:

Multi-chip embedded

"Turnkey, enterprise software that enables two-way secure e-mail communication, even with attachments, without requiring the recipients to install any software."
139 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Frame Encryptor II
(Firmware v4.05 and v4.06; Hardware Revision 6)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 03/14/2001;
05/09/2001;
07/18/2002;
12/04/2003;
10/18/2004
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #5 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links."
138 Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

-Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200002-0

Novell International Cryptographic Infrastructure (NICI)
Controlled Cryptographic Service (CCS) Client, v2.0

(Software version: 2.0)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Software 03/14/2001;
01/31/2006
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows95 and Windows98 (single-user mode).

-FIPS-approved algorithms: Triple-DES (Cert. #35); SHA-1 (Cert. #40); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #103); MD2; MD4; MD5; RC2; RC4; RC5; HMAC (MD5, SHA-1); RSA (encryption/decryption); Diffie-Hellman (key agreement)

Multi-chip standalone

"NICI is Novell's software-based cryptographic infrastructure for Novell products."
137 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry 850/857
and BlackBerry 950/957
Cryptographic Kernel

(Version 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Firmware 03/01/2001;
06/03/2002;
08/24/2005
Overall Level: 1 

-FIPS-approved algorithms: Triple-DES (Cert. #45); SHA-1 (Cert. #45)

-Other algorithms:

Multi-chip standalone

"The BlackBerry crypto firmware v2.1, common to both the BlackBerry 850/857 and the BlackBerry 950/957, securely compresses and encrypts messages with Triple-DES. Following this procedure, the ciphertext is transmitted over the Internet to the recipient mail server. Upon receiving the message, the mail server decrypts and decompresses the ciphertext back to the original plaintext. The BlackBerry crypto firmware is messaging-system independent."
136 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

NetFortress® 10 / MAIP
(Version 4.0 firmware)

(When factory configured in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 01/18/2001;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert.#19); SHA-1 (Cert.#34)

-Other algorithms: DES (Cert.#23); Diffie-Hellman (key agreement); IDEA

Multi-chip standalone

"The NetFortress® 10 / MAIP is a tamper-resistant network communications security solution that establishes private communications between corporate divisions, branch offices, and mobile users. It integrates seamlessly and economically into any LAN and WAN environment for optimum flexibility and scalability. NetFortress 10’s security feature set includes encryption, data integrity checking, authentication, access control, data compression and firewall capabilities. It is compliant with IPSec."
135 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0

IJ25 Secure Metering Module (SMM)
(Version D)

Validated to FIPS 140-1

Security Policy

Hardware 01/18/2001;
10/03/2006
Overall Level: 3 

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #39)

-Other algorithms:

Multi-chip embedded

"The module provides services to a tabletop mailing system designed primarily for the small office/home office environment. Features include manually inserted/removed mail; indicium printed at maximum of 1200 envelopes per hour; internal modem for remote re-crediting; scale interface; Memory Card interface to load slogans, scale rates and class indication; capacity for 10 slogans or advert images; ink jet technology."
134 PSI Systems, Inc.
247 High Street
Palo Alto, CA 94301-1041
USA

-Dr. Harry T. Whitehouse
TEL: 650-321-2640 x112
FAX: 650-321-0356

CST Lab: NVLAP 100432-0

Postal Cryptographic Coprocessor
(Version 1.01)

Validated to FIPS 140-1

Security Policy

Hardware 01/18/2001 Overall Level: 3 

-Physical Security: Level 4
-Self Tests: Level 4

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #23); Triple-DES (Cert. #33)

-Other algorithms: DES (Cert. #58); RSA

Multi-chip embedded

"This module provides the services to support high-speed, secure micro-transactions, including the production and verification of United States Postal Service Information-Based Indicia."
133 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 200002-0

N18D Postage Meter
(Hardware v. 4101508D; Software v. 6.1)

Validated to FIPS 140-1

Security Policy

Hardware 01/16/2001;
10/03/2006
Overall Level: 2 

-Physical Security: Level 3 +EFP/EFT

-FIPS-approved algorithms: SHA-1 (Cert. #41); DSA/SHA-1 (Cert. #42)

-Other algorithms: DES (Certs. #106 and #107);

Multi-chip embedded

"The N18D module is a postage meter supporting accounting and cryptographic functions for secure electronic transactions. Associated to a document transport system and an inkjet print-head, the module is capable of producing up to 180 envelopes per minute."
132 Neopost Online, Inc.
3400 Bridge Parkway
Suite 201
Redwood City, CA 94065
USA

-Chandra Shah
TEL: 650-620-3600

CST Lab: NVLAP 200002-0

Secure Metering Device / Series II (SMD-II)
(Version: 2002, Hardware version A)

Validated to FIPS 140-1

Security Policy

Hardware 01/16/2001 Overall Level: 2 

-Physical Security: Level 3 +EFP/EFT
-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #40)

-Other algorithms:

Multi-chip standalone

"The Secure Metering Device / Series 2 (SMD-II) is an electronic device developed by Neopost Online that securely loads, stores, and dispenses revenue. The SMD-II is designed to meet the applicable USPS IBIP specifications for postage meters. The SMD-II attaches to and communicates with the host computer via a serial interface. The revenue is dispensed from the SMD-II to the host computer in the form of a digitally signed indicium, a unique bit pattern that can be determined to have originated from a particular SMD-II at a particular point in time."
131 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Link Encryptor NRZ E1-120ohms and Link Encryptor NRZ T1
(Firmware versions 1.25, 1.26, 1.31 and 1.33; Hardware Rev. B)

Validated to FIPS 140-1

Security Policy

Hardware 01/10/2001;
09/14/2001;
05/15/2002;
07/18/2002;
12/04/2003;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11, #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
130 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust Cryptographic Kernel, v5.1
(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Software 12/20/2000;
07/18/2002
Overall Level: 2 

-EMI/EMC: Level 3

-Operating System Security: Microsoft WindowsNT 4.0 with SP6a, TCSEC C2-rated on a Compaq ProLiant 7000 Server.

-FIPS-approved algorithms: Triple-DES (Cert. #6); DSA/SHA-1 (Cert. #10); RSA (vendor affirmed); ECDSA (vendor affirmed)

-Other algorithms: DES (Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-SHA-1; HMAC-MD5; HMAC-RMD160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie-Hellman

Multi-chip standalone

"This module is used in the Entrust® family of products."
129 nCipher Corporation Ltd.
500 Unicorn Park Dr
Woburn, MA 01810-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield SCSI Ultrasign
and nShield SCSI
Cryptographic Accelerators

(Firmware v1.77.100; Hardware versions nC4032W-400, 150)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 12/20/2000;
09/14/2001;
03/09/2006;
03/15/2006
Overall Level: 3 

-Roles and Services: Level 3*
-Self Tests: Level 3*
-Key Management: Level 3*

*(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (DES Cert. #34); Triple-DES MAC; RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1; RIPEMD160); ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield range of tamper resistent Hardware Security Modules improves the security of cryptographic keys and increases server throughput for digital signature and encryption applications. Supporting many commercial public key infrastructure (PKI) products such as certificate authorities and on-line validation servers, the nShield family of HSMs is also used for building custom security applications requiring secure and flexible key management."
128 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01810-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield 300, nShield 150
and nShield 75
Cryptographic Accelerators

(Firmware v1.77.100; Hardware nC3031S-300, 150, 75, Build Standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 12/20/2000;
09/14/2001;
03/09/2006;
03/15/2006
Overall Level: 3 

-Roles and Services: Level 3*
-Self Tests: Level 3*
-Key Management: Level 3*

*(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (DES Cert. #34); Triple-DES MAC; RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1; RIPEMD160); ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield range of tamper resistent Hardware Security Modules improves the security of cryptographic keys and increases server throughput for digital signature and encryption applications. Supporting many commercial public key infrastructure (PKI) products such as certificate authorities and on-line validation servers, the nShield family of HSMs is also used for building custom security applications requiring secure and flexible key management."
127 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01810-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce SCSI 400
and nForce SCSI 150
Cryptographic Accelerators

(Firmware v1.77.100; Hardware versions nC3022W-400, 150)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 12/20/2000;
09/14/2001;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles and Services: Level 3*
-Software Security: Level 3
-EMI/EMC: Level 3
-Self Tests: Level 3*
-Key Management: Level 3*

*(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (Cert. #34); Triple-DES MAC; RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1 and RIPEMD160); ElGamal; and Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nForce family of secure e-commerce accelerators improves data security and increases server transaction throughput in applications using the Secure Socket Layer (SSL) protocol such as secure web servers, or application servers that process secure transactions. nForce provides hardware key storage in addition to off-loading the SSL cryptographic processing from the host CPU."
126 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01810-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 300, nForce 150
and nForce 75
Cryptographic Accelerators

(Firmware v1.77.100; Hardware nC3021S-300, 150, 75 Build Standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 12/20/2000;
09/14/2001;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles and Services: Level 3*
-Software Security: Level 3
-EMI/EMC: Level 3
-Self Tests: Level 3*
-Key Management: Level 3*

*(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (Cert. #34); Triple-DES MAC; RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1 and RIPEMD160); ElGamal; and Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nForce family of secure e-commerce accelerators improves data security and increases server transaction throughput in applications using the Secure Socket Layer (SSL) protocol such as secure web servers, or application servers that process secure transactions. nForce provides hardware key storage in addition to off-loading the SSL cryptographic processing from the host CPU."
125 nCipher Corporation Ltd.
100 Unicorn Park Dr
Woburn, MA 01801-3371
USA

-Greg Dunne
TEL: 978-691-6487
FAX: 978-687-4442

CST Lab: NVLAP 200017-0

nForce 300, nForce 150
and nForce 75
Cryptographic Accelerators

(Firmware v1.54.28; Hardware Build Standard D)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 12/20/2000;
03/01/2001;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles and Services: Level 3*
-Software Security: Level 3
-EMI/EMC: Level 3
-Self Tests: Level 3*
-Key Management: Level 3*

*(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (Cert. #34); Triple-DES MAC; RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; CAST5; HMAC (MD2, MD5, SHA-1 and RIPEMD160); ElGamal; and Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nFast/nForce/nShield range of hardware cryptographic accelerators increases server throughput in data security and electronic commerce applications such as: secure Web sites, financial transactions over the Internet, authenticated access to intranets and extranets, certification authorities and digital signatures, secure messaging including X.400/EDI."
124 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan C. Asenjo
TEL: 888-744-4976 x6202
FAX: 954-888-6211

CST Lab: NVLAP 200002-0

Datacryptor® 2000 (DC2K) X.25 / IP / ATM
(Hardware Version Issue 2 and Issue 3 Motherboard; Software Version 3.1)

(When key zeroization is enabled)

Validated to FIPS 140-1

Security Policy

Vendor Product Link
Hardware 12/07/2000;
01/08/2003;
05/19/2003;
10/13/2005
Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Cert. #31); DSA/SHA-1 (Cert. #24)

-Other algorithms: DES (Cert. #57); Diffie-Hellman (key agreement); Rijndael

Multi-chip standalone

"The Datacryptor 2000 is a stand-alone multi-chip cryptographic module that secures communications using signed Diffie-Hellman key exchange and Triple-DES encryption. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
123 AEP Networks
Focus 31, West Wing
Cleveland Road
New Hempstead, Herts HP2 7BW
United Kingdom

-David Miller
TEL: +44 1442 458617

CST Lab: NVLAP 200017-0

Advanced Configurable Crypto Environment - Security Processor (ACCE SP and ACCE SP2)
(Hardware Version 1E,
Firmware Versions:
ACCE SP: v1.0 and v1.1
ACCE SP2: v2.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 12/07/2000;
11/05/2001;
11/09/2001;
12/04/2001;
07/22/2002;
10/04/2002;
04/21/2005
Overall Level: 4 

-FIPS-approved algorithms: Triple-DES (Certs. #23 and #24); Triple-DES MAC; DSA/SHA-1 (Cert. #36); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #81 and #82); DES MAC; Diffie-Hellman (key agreement); MD5

Multi-chip embedded

"The ACCE SP & SP2 provide highly-secure cryptographic services and key storage. They are used in a range of AEP Networks and OEM products along with an application (the single user of the module) to provide custom functionality. Example uses are the Europay NSP (ACCE SP) and Europay ESP (ACCE SP2) which were developed for Europay, a major European financial institution."
122 IBM® Corporation
2455 South Rd
Mail Station P330
Poughkeepsie, NY 12601
USA

-Barry Ward
TEL: 845-435-4881
FAX: 845-435-5540

CST Lab: NVLAP 100432-0

IBM 4758-013 PCI Cryptographic Coprocessor with CP/Q++ (Layer 2)
(ID: P/N 04K9077 (FIPS 140-1 Cert. #81), Miniboot 0 version A, Miniboot 1 version A, CP/Q++ v1.26)

(When configured for DSS Authentication and using the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Hardware 11/15/2000 Overall Level: 3 

-Self Tests: Level 4

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #23)

-Other algorithms: DES (Cert. #58); DES MAC; Triple-DES; RSA (non-compliant)

Multi-chip embedded

"The 4758 secure coprocessor is a state-of-the-art, tamper-sensing and responding, programmable PCI card. Its specialized cryptographic electronics, along with a microprocessor, memory, and random number generator are housed within a tamper-responding environment to provide a highly secure subsystem in which data processing and cryptography can be performed."
121 IBM® Corporation
2455 South Rd
Mail Station P330
Poughkeepsie, NY 12601
USA

-Barry Ward
TEL: 845-435-4881
FAX: 845-435-5540

CST Lab: NVLAP 100432-0

IBM 4758-001 PCI Cryptographic Coprocessor with CP/Q++ (Layer 2)
(ID: P/N 04K9078 (FIPS 140-1 Cert. #35), Miniboot 0 version A, Miniboot 1 version A, CP/Q++ version)

(When configured for DSS Authentication and using the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Hardware 11/15/2000 Overall Level: 3 

-Physical Security: Level 4
-Self Tests: Level 4

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #23)

-Other algorithms: DES (Cert. #58); DES MAC; Triple-DES; RSA (non-compliant)

Multi-chip embedded

"The 4758 secure coprocessor is a state-of-the-art, tamper-sensing and responding, programmable PCI card. Its specialized cryptographic electronics, along with a microprocessor, memory, and random number generator are housed within a tamper-responding environment to provide a highly secure subsystem in which data processing and cryptography can be performed."
120 Alcatel
Managed IP Services
600 March Road
5T1
Kanata, Ontario K2K 2E6
Canada

-Doug Wiemer
TEL: 613-784-3146
FAX: 613-599-3617

CST Lab: NVLAP 200017-0

TimeStep PERMIT/Gate™ 7520 series 20 and 30 / Alcatel 7137
(Hardware TSCMP30 v2.00; Software versions 3.00.026 and 3.01.026)

(When operated in FIPS-compliant "Secure" and "Minimum" modes)

Validated to FIPS 140-1

Security Policy

Hardware 10/12/2000 Overall Level: 2 

-Physical Security: Level 3

-FIPS-approved algorithms: Triple-DES (Cert. #26); DSA/SHA-1 (Cert. #21)

-Other algorithms: DES ( 09/22/95); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"The TimeStep PERMIT/Gate(TM) line of products (also referred to as the Alcatel Secure VPN Gateway) is a network appliance that provides IPSec compliant VPN services. It is a tamper-resistant gateway that secures data communications for Intranets, Extranets, and Internet remote access."
119 Alcatel
Managed IP Services
600 March Road
5T1
Kanata, Ontario K2K 2E6
Canada

-Doug Wiemer
TEL: 613-784-3146
FAX: 613-599-3617

CST Lab: NVLAP 200017-0

TimeStep PERMIT/Gate™ 1520 series 50 / Alcatel 7132;
TimeStep PERMIT/Gate™ 2520 series 40 and 50 / Alcatel 7133;
TimeStep PERMIT/Gate™ 4520 series 40 and 50; and
TimeStep PERMIT/Gate™ 4620 series 40 and 50 / Alcatel 7134

(Hardware TSCMP30 v2.00; Software versions 3.00.026 and 3.01.026)

(When operated in FIPS-compliant "Secure" and "Minimum" modes)

Validated to FIPS 140-1

Security Policy

Hardware 10/12/2000 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #26); DSA/SHA-1 (Cert. #21)

-Other algorithms: DES ( 09/22/95); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"The TimeStep PERMIT/Gate(TM) line of products (also referred to as the Alcatel Secure VPN Gateway) is a network appliance that provides IPSec compliant VPN services. It is a tamper-resistant gateway that secures data communications for Intranets, Extranets, and Internet remote access."
118 IBM® Corporation
2455 South Rd
Mail Station P371
Poughkeepsie, NY 12601
USA

-Clark Norberg
TEL: 845-435-6434

CST Lab: NVLAP 100432-0

IBM eServer zSeries 900 CMOS Cryptographic Coprocessor
(ID: IBM PN 09K1592)

(When configured for External Key Entry)

Validated to FIPS 140-1

Security Policy

Hardware 09/26/2000 Overall Level: 4 

-FIPS-approved algorithms: Triple-DES (Cert. #28); DSA/SHA-1 (Cert. #37); RSA (internal use)

-Other algorithms: DES (Cert. #98); Diffie-Hellman (key agreement); CDM; MDC-2; MDC-4; ANSI: X3106, X99, X919

Single-chip

"Technology remap encryption module for the IBM eServer zSeries 900 system that provides improved throughput performance over the previous part numbers of the IBM S/390 CMOS Cryptographic Coprocessor (FIPS 140-1 cert. #40)."
117 IBM® Corporation
2455 South Rd
Mail Station P330
Poughkeepsie, NY 12601
USA

-Barry Ward
TEL: 845-435-4881
FAX: 845-435-5540

CST Lab: NVLAP 100432-0

IBM 4758-023 PCI Cryptographic Coprocessor (Miniboot Layers 0 and 1)
(ID: PN 04K9036, EC C75600M, Miniboot 0 version A, Miniboot 1 version A)

(When configured for DSS Authentication)

Validated to FIPS 140-1

Security Policy

Hardware 09/18/2000;
08/08/2002;
09/23/2002
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT
-Cryptomodule Design: Level 4
-Module Interfaces: Level 4
-Roles and Services: Level 4
-Finite State Machine Model: Level 4
-Software Security: Level 4
-EMI/EMC: Level 4
-Self Tests: Level 4
-Key Mgmnt.: Level 4

-FIPS-approved algorithms: Triple-DES (Cert. #4); DSA/SHA-1 (Cert. #34)

-Other algorithms: DES (Cert. #86); DES MAC; RSA

Multi-chip embedded

"The 4758 is a tamper-responding, programmable, cryptographic PCI card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is available for use in typical PC servers and as features in IBM eServer iSeries, pSeries, and zSeries servers."
116 IBM® Corporation
2455 South Rd
Mail Station P330
Poughkeepsie, NY 12601
USA

-Barry Ward
TEL: 845-435-4881
FAX: 845-435-5540

CST Lab: NVLAP 100432-0

IBM 4758-002 PCI Cryptographic Coprocessor (Miniboot Layers 0 and 1)
(ID: PN 04K9131, EC F72272D, Miniboot 0 version A, Miniboot 1 version A)

(When configured for DSS Authentication)

Validated to FIPS 140-1

Security Policy

Hardware 09/18/2000;
08/08/2002
Overall Level: 4 

-FIPS-approved algorithms: Triple-DES (Cert. #4); DSA/SHA-1 (Cert. #34)

-Other algorithms: DES (Cert. #86); DES MAC; RSA

Multi-chip embedded

"The 4758 is a tamper-responding, programmable, cryptographic PCI card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is available for use in typical PC servers and as and as features in IBM eServer iSeries, pSeries, and zSeries servers."
115 Thales e-Security
Meadow View House
Crendon Industrial Estate
Long Crendon
Aylesbury, Buckinghamshire HP18 9EQ
United Kingdom

-Tim Fox
TEL: +44 (0)1844 201800
FAX: +44 (0)1844 208550

CST Lab: NVLAP 200002-0

Secure Generic Sub-System (SGSS)
(Version 1.1)

Validated to FIPS 140-1

Security Policy

Vendor Product Link
Hardware 09/13/2000;
01/08/2003;
05/09/2003;
05/19/2003;
03/21/2005;
04/05/2005;
10/13/2005
Overall Level: 4 

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #24)

-Other algorithms:

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure system initialization for a cryptographic device, such as the Datacryptor 2000, WebSentry and HSM products. The module contains a secure bootstrap and authenticates application-loading using the Digital Signature Algorithm (DSA)."
114 Technical Communications Corporation
100 Domino Drive
Concord, MA 01742
USA

-John I. Gill
TEL: 978-287-5100

CST Lab: NVLAP 200017-0

CipherX 7200
(Version 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 09/13/2000 Overall Level: 3 

-FIPS-approved algorithms: Triple-DES (Certs. #13 and #14); SHA-1 (Cert. #29)

-Other algorithms: DES (09/22/1995);

Multi-chip standalone

"The CipherX 7200 offers centrally managed end-to-end security that can seamlessly integrate into Internet Protocol (IP) Wide Area Networks (WANs) and Local Area Networks (LANs) providing secure Virtual Private Network (VPN) solutions. The Cipher X 7200 supports encryption, authentication, firewall and secure community capabilities to enable flexible transparent end-to-end network security."
113 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink ATM Encryptor
(Software versions 4.0 and 4.1; Hardware version 2.0)

Validated to FIPS 140-1

Security Policy

Hardware 09/13/2000;
06/17/2002;
12/04/2003;
10/18/2004
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #15); DSA/SHA-1 (Cert. #14)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink ATM Encryptors secure sensitive data transmitted over high-speed ATM networks. The system supports full wirespeed encryption at data rates from 1.5Mbps to 622 Mbps over public and private networks."
112 AEP Networks
Focus 31, West Wing
Cleveland Road
New Hempstead, Herts HP2 7BW
United Kingdom

-David Miller
TEL: +44 1442 458617

CST Lab: NVLAP 200017-0

Advanced Configurable Crypto Environment (ACCE)
(Firmware version 1, Releases 3G1 and 3G2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 09/08/2000;
07/18/2001;
07/22/2002;
10/04/2002;
04/21/2005
Overall Level: 4 

-FIPS-approved algorithms: Triple-DES (Certs. #24 and #25); Triple-DES MAC; DSA/SHA-1 (Cert. #36); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #92); DES MAC; Diffie-Hellman (key agreement); MD5

Multi-chip embedded

"The ACCE provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family. There are two versions available: Version 1.3G1 will power-down and zeroize the SMK if the module's temperature exceeds the specified operational temperature range. Version 1.3G2 will power-down and zeroize the SMK when the specified operational temperature is exceeded, and zeroize the IMK when the storage temperature is exceeded."
111 Dallas Semiconductor, Inc.
4401 Beltwood Pkwy
Dallas, TX 75244-3292
USA

-Mr. Dennis Jarrett
TEL: 972-371-4416

CST Lab: NVLAP 200002-0

DS1955B Java™-powered Cryptographic iButton™
(Version 1.11)

(When using vendor-configured with the FIPS 140-1 Applet)

Validated to FIPS 140-1

Security Policy

Hardware 08/30/2000 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: SHA-1 (Cert. #36)

-Other algorithms:

Multi-chip standalone

"The Dallas Semiconductor 1955 Java-Powered Cryptographic iButton, when operated in FIPS mode, provides SHA-1 hashing, identity-based challenge-response authentication, statistical random number generator tests, and a SHA-1 known answer test. When not operated in FIPS mode, the device provides more cryptographic services such as a high-speed math accelerator for 1024-bit public key cryptography. The module's single silicon chip is encased in a stainless steel button which is rugged enough to withstand harsh outdoor environments."
110 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

Outlook Cryptographic Provider (EXCHCSP)
(Version SR-1A (3821))

Validated to FIPS 140-1

Security Policy

Software 08/15/2000;
10/15/2007
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows2000 with SP2 or higher (operated in single-user mode).

-FIPS-approved algorithms: Triple-DES (Cert. #18); SHA-1 (Cert. #32); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #91); DES MAC; RC2; MD2; MD5

Multi-chip standalone

"The Microsoft Outlook Cryptographic Provider (EXCHCSP) is a FIPS 140-1 Level 1 compliant general-purpose software-based cryptographic module. EXCHCSP encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-1 Level 1 compliant cryptography."
109 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

Secure Integrated VPN
(3640, 7140, and 7206 Module Access Routers w/ IOS V12.1(1)T software)

(When configured in a FIPS mode of operation)

Validated to FIPS 140-1

Security Policy

Hardware 08/01/2000;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #17); HMAC-SHA-1 (SHA-1 Cert. #26)

-Other algorithms: DES (Cert. #74); RSA; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco 3640, 7140, and 7206 Secure Integrated VPNs are routers that provide data protection on a network providing packet encryption. The modules perform all of the functions of a typical router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules, providing a secure connection at the packet level."
108 L-3 Communication Systems
One Federal Street
Camden, NJ 08102
USA

-privatel@L-3com.com
TEL: 877-628-3694

CST Lab: NVLAP 200002-0

Privatel™ Model 960v
(Model 960v (Part Number: K10047665, Software version v6.01) and (Part Number: K10047665-503, Software version v7.10))

Validated to FIPS 140-1

Security Policy

Hardware 08/01/2000;
09/18/2000;
04/21/2005
Overall Level: 1 

-FIPS-approved algorithms: Triple-DES (Cert. #20); SHA-1 (Cert. #33)

-Other algorithms: Session Key Development Algorithm (SKDA)

Multi-chip standalone

"The Privatel(TM) Model 960v provides security for voice telephony applications. The Privatel(TM) product is an applique to an existing office telephone that provides voice coding, traffic encryption, key management, and modem functions. The module uses the strongest commercially-available cryptography, which provides end-to-end secure communications that protect telephone conversations from eavesdropping and unauthorized monitoring and recording, displaying a unique Key Fingerprint during every secure session."
107 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Frame Encryptor CFE-H and Frame Encryptor CFE-L
(Firmware v4.05 and v4.06; Hardware revisions 4 and 5)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 07/31/2000;
03/12/2001;
07/18/2002;
12/04/2003;
10/18/2004
Overall Level: 3 

-Module Interfaces: Level 3*
-Roles and Services: Level 3*

-FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11, #20); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links."
106 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

Kernel Mode Cryptographic Module (FIPS.SYS)
(Version 5.0.2195.1569)

Validated to FIPS 140-1

Security Policy

Software 07/31/2000;
10/15/2007
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows2000 with SP2 or higher (operated in single-user mode).

-FIPS-approved algorithms: Triple-DES (Cert. #16); SHA-1 (Cert. #35)

-Other algorithms: DES (Cert. #89);

Multi-chip standalone

"Microsoft's Kernel Mode Cryptographic Module (FIPS.SYS) is a general-purpose, software-based cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-1 Level 1 compliant cryptography."
105 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Link Encryptor NRZ E1-75ohms and Link Encryptor RS-232
(Firmware versions 1.27, 1.31 and 1.33)

Validated to FIPS 140-1

Security Policy

Hardware 07/31/2000;
09/14/2001;
05/15/2002;
07/18/2002;
12/04/2003;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11, #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
104 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Link Encryptor NRZ-H and Link Encryptor NRZ-L
(Firmware versions 1.27, 1.31 and 1.33)

Validated to FIPS 140-1

Security Policy

Hardware 07/31/2000;
09/14/2001;
05/15/2002;
07/18/2002;
12/04/2003;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11, #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
103 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider
((Base DSS: 5.0.2150.1391 [SP1], 5.0.2195.2228 [SP2] and 5.0.2195.3665 [SP3]),
(Base: 5.0.2150.1391 [SP1], 5.0.2195.2228 [SP2] and 5.0.2195.3839 [SP3]),
(DSS/DH Enh: 5.0.2150.1391 [SP1], 5.0.2195.2228 [SP2] and 5.0.2195.3665 [SP3]),
(Enh: 5.0.2150.1391 [SP1], 5.0.2195.2228 [SP2] and 5.0.2195.3839 [SP3]))

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Software 07/10/2000;
12/14/2001;
07/31/2002;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 2000 SPx (operated in single-user mode)

-FIPS-approved algorithms: Triple-DES (Cert. #16); DSA/SHA-1 (Certs. #28 and #29); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #65, 66, 67 and 68); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5

Multi-chip standalone

"These are general-purpose software-based cryptomodules. They provide services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
102 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166
USA

-Timothy Williams
TEL: 571-434-2000
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

DiamondNIC and DiamondLINK
(Software v1.2 and v1.2.2; Hardware v1.000)

Validated to FIPS 140-1

Security Policy

Hardware 07/10/2000;
11/20/2000;
02/15/2002
Overall Level: 1 

-Roles and Services: Level 2

-FIPS-approved algorithms: Triple-DES (Cert. #10); SHA-1 (Cert. #30)

-Other algorithms: DES; Diffie-Hellman (key agreement); MD5; KPDK_MD5

Multi-chip embedded

"DiamondNIC and DiamondLINK provide a cost-effective and flexible end-to-end network security solution for the LAN, WAN, or Internet. They not only provide a high level of trust and data separation through the established end-to-end session, they additionally provide added levels of security by bringing firewall filtering functionality to the desktop. These modules provide strong I&A and user selectable/dynamically downloaded security policies to the desktop."
101 Dallas Semiconductor, Inc.
4401 Beltwood Pkwy
Dallas, TX 75244-3292
USA

-Mr. Dennis Jarrett
TEL: 972-371-4416

CST Lab: NVLAP 200002-0

DS1954B-007 Cryptographic iButton™
(ID: B9-V1.02)

(When using vendor-initialized SHA-1 in transaction group 1)

Validated to FIPS 140-1

Security Policy

Hardware 06/22/2000 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: SHA-1 (Cert. #8)

-Other algorithms: MD5, RSA

Multi-chip standalone

"Inside the steel perimeter, the secure accounting and cryptographic services are performed to meet the requirements of the United States Postal Service Information Based Indicia Program. See Cert. #41."
100 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

NetFortress® 10
(Version 4.0 firmware)

(When factory configured in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 06/22/2000;
03/26/2010
Overall Level: 2 

-Software Security: Level 3.

-FIPS-approved algorithms: Triple-DES (Cert.#19); SHA-1 (Cert.#34)

-Other algorithms: DES (Cert.#23); Diffie-Hellman (key agreement)

Multi-chip standalone

"The NetFortress® 10 is a tamper-resistant network communications security solution that establishes private communications between corporate divisions, branch offices, and mobile users. It integrates seamlessly and economically into any LAN and WAN environment for optimum flexibility and scalability. NetFortress 10’s security feature set includes encryption, data integrity checking, authentication, access control, data compression and firewall capabilities. It is compliant with IPSec."
99 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

Cisco Secure Integrated VPN
(2621 Module Access Router w/ IOS V12.1(1)T software)

(When configured in a FIPS mode of operation)

Validated to FIPS 140-1

Security Policy

Hardware 06/13/2000;
06/22/2000;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (Cert. #17); HMAC-SHA-1 (SHA-1 Cert. #26)

-Other algorithms: DES (Cert. #74); RSA; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco 2621 Modular Access Router supports the full IOS feature set including advanced security features such as Virtual Private Network (VPN) Access and integrated Firewall protection. The Cisco 2621 supports multiple encrypted tunnels using Cisco IOS IPSec and DES/3DES encryption."
98 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

CST Lab: NVLAP 200002-0

Contivity Extranet Switch
(Firmware version 2.60, 4500 Hardware)

(When operated in the 'FIPS-enabled' mode using FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Hardware 05/23/2000;
09/20/2001;
12/06/2001
Overall Level: 2 

-FIPS-approved algorithms: SHA-1 (Cert. #31); Triple-DES (DES Cert. #47)

-Other algorithms: DES (Cert. #47); RSA; RC4; MD5

Multi-chip standalone

"The Contivity 4500 Extranet Switch provides up to 5000 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. 5 PCI expansion slots, dual 10/100 LAN ports, dual redundant power supplies and storage, unlimited IPSEC client licenses."
97 Stamps.com
3420 Ocean Park Blvd.
Suite 1040
Santa Monica, CA 90405
USA

-Craig Ogg
TEL: 310-581-7200
FAX: 310-581-7500

CST Lab: NVLAP 100432-0

Postage Server Cryptomodule
(Versions 1.01 and 1.02)

Validated to FIPS 140-1

Security Policy

Hardware 05/18/2000 Overall Level: 3 

-Physical Security: Level 4

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #23, 27); Triple-DES (Cert. #2)

-Other algorithms: DES (Certs. #58 and #69); RSA; Diffie-Hellman (key agreement)

Multi-chip embedded

"The module provides the services to support high-speed, highly secure E-commerce transactions, including the production and verification of United States Postal Service Information-Based Indicia."
96 Pitney Bowes, Inc.
35 Waterview Dr
Shelton, CT 06484
USA

-David Riley
TEL: 203-924-3500
FAX: 203-924-3385

CST Lab: NVLAP 100432-0

ClickStamp™ Online Client Cryptographic Module (CCM)
(Version 0.3.60A)

Validated to FIPS 140-1

Security Policy

Software 05/18/2000 Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows95/98, WindowsNT Workstation 4.0 w/SP3 or later (single-user mode).

-FIPS-approved algorithms: SHA-1 (Cert. #27); Triple-DES (Cert. #3)

-Other algorithms: DES (Cert. #83);

Multi-chip standalone

"The module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
95 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200002-0

Rosetta Smart Card
(Version 2.01)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Hardware 05/08/2000 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: Skipjack (Cert. #4); DSA (DSA/SHA-1 Cert. #31)

-Other algorithms: DES (Cert. #78); Triple-DES; KEA (primitives only); RSA

Single-chip

"The SPYRUS Rosetta Smart Card is an ISO 7816 compliant public key smart card based upon the SPYCOS card operating system."
94 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Hazem Hassan
TEL: 952-808-2372
FAX: 952-890-2726

CST Lab: NVLAP 200002-0

SignaSURE Model 330 Smart Card
(Version 1.0)

(When using the 'FIPS-mode Configuration File')

Validated to FIPS 140-1

Security Policy

Hardware 05/08/2000;
02/22/2005
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #35); Triple-DES (DES Cert. #88, vendor affirmed); RSA/SHA-1 (vendor affirmed)

-Other algorithms: DES (Cert. #88); Diffie-Hellman (key agreement)

Single-chip

"The SignaSURE Model 330 Smart Card is a complete public key cryptographic module that is ISO 7816 compliant. This module supports PKI with a highly efficient cryptographic co-processor and the DKCCOS v2.0 smart card OS. The OS is extensible and allows new algorithms to be added."
93 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust Cryptographic Kernel, v5.0 and v5.0a
(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Software 04/20/2000;
07/18/2002
Overall Level: 2 

-EMI/EMC: Level 3

-Operating System Security: Level 2 for Microsoft WindowsNT 4.0 with SP6a (TCSEC C2-rated on a Compaq ProLiant 7000 Server).

-FIPS-approved algorithms: Triple-DES (Cert.#6); DSA/SHA-1 (Cert. #10); RSA (vendor affirmed); ECDSA (vendor affirmed)

-Other algorithms: DES (Cert. #56); DES MAC; RC2, RC4, IDEA, MD5, MD2, RIPEMD-160, HMAC-SHA-1, HMAC-MD5, HMAC-RMD160, CAST, CAST3, CAST5, ECDSA; Diffie-Hellman (key agreement)

Multi-chip standalone

"This module is used in the Entrust® family of products."
92 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MA 21017
USA

-Rick DeFelice
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 100432-0

SafeNet CGX (Crypto Graphic eXtensions) Library
(Software v1.14, v1.15 and v1.16)

(For services provided by the FIPS-Approved algorithms listed [in the description column])

Validated to FIPS 140-1

Security Policy

Software 04/07/2000;
11/20/2000;
07/02/2002;
10/19/2004
Overall Level: 1 

-EMI/EMC: Level 3
-Software Security: Level 3
-Self Tests: Level 4

-Operating System Security: Tested as meeting Level 1 when using Windows95/98, WindowsNT Workstation 4.0 w/ SP 3 or later (single-user mode).

-FIPS-approved algorithms: Triple-DES (Cert. #11); DSA/SHA-1 (Cert. #30)

-Other algorithms: DES (Cert. #72); RC5; MD2; MD5; HMAC-SHA-1; HMAC-MD5; RIPEMD-128; RIPEMD-160; RSA; Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet CGX (Crypto Graphic eXtensions) cryptographic module is used in the SafeNet product line including S/Speed, S/Smart, S/Soft, PCI Card as well as the ADSP 2141 Safenet/DSP."
91 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MA 21017
USA

-Rick DeFelice
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 100432-0

SafeNet CGX (Crypto Graphic eXtensions) Library
(Software v1.14, v1.15 and v1.16)

(For services provided by the FIPS-Approved algorithms listed [in the description column])

Validated to FIPS 140-1

Security Policy

Software 04/07/2000;
11/20/2000;
07/02/2002;
10/18/2004
Overall Level: 2 

-EMI/EMC: Level 3
-Software Security: Level 3
-Self Tests: Level 4

-Operating System Security: Tested as meeting Level 2 when using Compaq DeskPro 6400 w/ WindowsNT Workstation 4.0, SP3 (ITSEC-certified).

-FIPS-approved algorithms: Triple-DES (Cert. #11); DSA/SHA-1 (Cert. #30)

-Other algorithms: DES (Cert. #72); RC5; MD2; MD5; HMAC-SHA-1; HMAC-MD5; RIPEMD-128; RIPEMD-160; RSA; Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet CGX (Crypto Graphic eXtensions) cryptographic module is used in the SafeNet product line including S/Speed, S/Smart, S/Soft, PCI Card as well as the ADSP 2141 Safenet/DSP."
90 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Security Evaluations Manager
TEL: +44 118 9243860
FAX: +44 118 9243171

CST Lab: NVLAP 100432-0

Oracle® Advanced Security
(Software Version 8.1.6)

(When operated in FIPS mode using the FIPS Approved algorithms [listed in the description column])

Validated to FIPS 140-1

Security Policy

Software 03/21/2000;
04/04/2002;
07/07/2003
Overall Level: 2 

-Operating System Security: Tested as meeting Level 2 with Sun Solaris Version 2.6SE running on a Sun Ultra SPARC-1 workstation.

-FIPS-approved algorithms: SHA-1 (Cert. #18)

-Other algorithms: DES (Cert. #52); RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Oracle® Advanced Security is a comprehensive suite of security features for distributed environments. It provides a single source of integration with network encryption, authentication, and single sign-on services, delivers PKI solutions and integrates with LDAP directories. Oracle® Advanced Security is an option available with Oracle8i™ Enterprise Edition."
89 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200002-0

BSAFE Crypto-C Toolkit, Version 4.31
(Software version 4.31)

(For services provided by the listed FIPS-Approved algorithms listed [in the description column])

Validated to FIPS 140-1

Security Policy

Software 03/21/2000;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft WindowsNT 4.0 (single-user mode).

-FIPS-approved algorithms: Triple-DES (DES Cert. #46, vendor affirmed); SHA-1 (Cert. #18); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #46); RSA (encrypt/decrypt), MD2, MD5, HMAC, DESX, RC2, RC4, Elliptic Curve (F2&Fp), Elliptic Curve Encryption Scheme, Elliptic Curve DSA; Bloom-Shamir

Multi-chip standalone

"Cryptographic Toolkit provides cryptographic services to calling applications."
88 Motorola, Inc.
Secure Design Center
IL02 Room 0509A
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Geoff Hobar
TEL: 847-576-9066
FAX: 847-538-2770

CST Lab: NVLAP 200017-0

Key Management Facility / Radio Network Controller (KMF/RNC) Encryption Module Controller (EMC)
(Version R3.0A; Firmware Version R02.23.00)

(When operated in FIPS mode by selection of the DES algorithm)

Revoked
DES Transition Ended

Security Policy

Hardware 02/23/2000 Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms: DES (Cert. #73); DES-XL, DVI-XL, DVP-XL, DVI-SPFL

Multi-chip standalone

"The RNC 3000 provides data communications between mobile data and host applications in an ASTRO integrated voice and data system. The RNC Encryption Module Controller provides data encryption services for the RNC 3000."
87 nCipher Corporation Ltd.
100 Unicorn Park Dr
Woburn, MA 01801-3371
USA

-Greg Dunne
TEL: 978-691-6487
FAX: 978-687-4442

CST Lab: NVLAP 200017-0

nShield 300, nShield 150
and nShield 75
Cryptographic Accelerators

(Firmware v1.54.28; Hardware Build Standard D)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 01/18/2000;
03/01/2001;
03/09/2006;
03/15/2006
Overall Level: 3 

-Roles and Services: Level 3*
-Self Tests: Level 3*
-Key Management: Level 3*

*(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #11); Triple-DES (DES Cert. #24, vendor affirmed); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; CAST, HMAC, Triple-DES MAC, ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

86 Motorola, Inc.
Secure Design Center
IL02 Room 0509A
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Geoff Hobar
TEL: 847-576-9066
FAX: 847-538-2770

CST Lab: NVLAP 200017-0

ASTRO-TAC Digital Interface Unit (DIU) Encryption Module Controller (EMC)
(Hardware v. 3.0A; Firmware v. 6.9 & 7.1)

(When operated in FIPS mode by selection of the DES algorithm)

Revoked
DES Transition Ended

Security Policy

Hardware 01/05/2000 Overall Level: 1 

-Roles and Services: Level 2

-FIPS-approved algorithms:

-Other algorithms: DES (Cert.#73); DES-XL, DVP-XL, DVI-XL, DVI-SPFL

Multi-chip standalone

"The ASTRO DIU provides an interface between an analog console and an ASTRO base station or ASTRO-TAC comparator for ASTRO clear and analog two-way radio communications. The DIU EMC is available as an option with ASTRO DIUs to provide encryption capability. The DIU will then support ASTRO encrypted two-way radio communications."
85 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust Cryptographic Kernel, v5.0
(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Software 01/07/2000;
07/18/2002
Overall Level: 1 

-EMI/EMC: Level 3
-Roles and Services: Level 2
-Physical Security: Level 2

-Operating System Security: Level 1 for Microsoft Windows95/98; WindowsNT 3.5 and 3.51; WindowsNT 4.0 with SP3, SP4, SP5 or SP6 (single user mode).

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #10); RSA (vendor affirmed); Triple-DES (DES Cert.#56, vendor affirmed)

-Other algorithms: DES (Cert. #56); DES MAC; RC2, RC4, IDEA, MD5, MD2, RIPEMD-160, HMAC-SHA-1, HMAC-MD5, HMAC-RMD160, CAST, CAST3, CAST5, ECDSA; D-H key agreement

Multi-chip standalone

"This module is used in the Entrust family of products."
84 Pitney Bowes, Inc.
35 Waterview Dr
Shelton, CT 06484
USA

-David Riley
TEL: 203-924-3500
FAX: 203-924-3385

CST Lab: NVLAP 100432-0

ClickStamp™ Online CCV
(ID: CCV assembly, ClickStamp™ Online CCV 1.40.5 and 1.40.23; KMS, K180034-AAA;
IBM 4758-001 Cert. #35)

Validated to FIPS 140-1

Security Policy

Hardware 12/22/1999;
08/21/2001
Overall Level: 3 

-Physical Security: Level 4 +EFP/EFT

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #23); Triple-DES (vendor affirmed)

-Other algorithms: DES (Cert. #58); RSA

Multi-chip embedded

"The module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
83 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Link Encryptor NRZ E1-75ohms and Link Encryptor RS-232
(Firmware versions 1.25 and 1.26)

Validated to FIPS 140-1

Security Policy

Hardware 12/22/1999;
12/04/2003;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #5); Triple-DES (DES Certs. #11 and #26, vendor affirmed)

-Other algorithms: DES (Certs. #11 and #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
82 Motorola, Inc.
Secure Design Center
IL02 Room 0509A
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Geoff Hobar
TEL: 847-576-9066
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

ASTRO Subscriber Encryption Module
(Software versions 3.40, 3.43, 3.44, 3.46, 3.47 and 3.53a)

(When operated in FIPS mode by selection of the DES algorithm

Universal Crypto Module (UCM), (v3.44))

Revoked
DES Transition Ended

Security Policy

Hardware 12/22/1999;
03/30/2001;
08/17/2001;
10/04/2001;
05/15/2002;
09/10/2002
Overall Level: 1 

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS-approved algorithms: Triple-DES (vendor affirmed)

-Other algorithms: DES; DES-XL, DVP-XL, DVI-XL, DVI-SPFL

Multi-chip embedded

"Encryption modules used in Motorola Astro™ Saber, Astro™ Spectra, Astro™ Consolette, and XTS3000 radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
81 IBM® Corporation
2455 South Rd
Mail Station P339
Poughkeepsie, NY 12601-5400
USA

-Helmy El-Sherif
TEL: 845-435-7033
FAX: 845-435-4092

CST Lab: NVLAP 100432-0

IBM 4758 PCI Cryptographic Coprocessor (Miniboot Layers 0 and 1)
(ID: PN IBM 4758-013, Miniboot 0 version B, Miniboot 1 version B)

Validated to FIPS 140-1

Security Policy

Hardware 11/29/1999 Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT
-Cryptographic Module Specification: Level 4
-Module Interfaces: Level 4
-Roles and Services: Level 4
-Finite State Machine Model: Level 4
-Software Security: Level 4
-EMI/EMC: Level 4
-Self Tests: Level 4
-Key Management.: Level 4

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #16); Triple-DES (vendor affirmed)

-Other algorithms: DES (Cert. #41); RSA

Multi-chip embedded

"The 4758 is a tamper-responding, programmable, cryptographic PCI card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software."
80 Dallas Semiconductor, Inc.
4401 Beltwood Pkwy
Dallas, TX 75244-3292
USA

-Mr. Dennis Jarrett
TEL: 972-371-4416

CST Lab: NVLAP 200002-0

DS1954B-006 Cryptographic iButton™
(ID: B7-V1.02)

(When using vendor-initialized SHA-1 in transaction group 1)
(Note: This validation supersedes validation certificate #63)


Validated to FIPS 140-1

Security Policy

Hardware 11/29/1999 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: SHA-1 (Cert. #8)

-Other algorithms: MD5, RSA

Multi-chip standalone

"Inside the steel perimeter, the secure accounting and cryptographic services are performed to meet the requirements of the United States Postal Service Information Based Indicia Program. See Cert. #41."
79 Motorola, Inc.
Secure Design Center
IL02 Room 0509A
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Jennifer Mitchell
TEL: 847-576-7251

CST Lab: NVLAP 200002-0

KVL 3000
(Hardware version CLN6738B; Firmware version R02.50.00)

(When operated in FIPS mode by selection of the DES algorithm)

Revoked
DES Transition Ended

Security Policy

Hardware 11/29/1999 Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms: DES (Cert. #5); DES-XL, DVP-XL, DVI-XL, DVI-SPEL

Multi-chip standalone

"The KVL3000 Key Variable Loader is a battery-powered portable unit used to create, store, and transfer encryption keys used by Motorola's secure communications products. The KVL3000 supports the following Motorola encryption protocols: SECURENET(TM), Advanced SECURENET(TM), ASTRO(TM), and ASTRO(TM)25 systems."
78 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200002-0

LYNKS Privacy Card
(Hardware version 2.0; firmware version 1.2)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Hardware 11/29/1999 Overall Level: 2 

-FIPS-approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1); Triple-DES (vendor affirmed)

-Other algorithms: DES (Cert. #50); RSA, Diffie-Hellman (key agreement), KEA, MD5

Multi-chip standalone

"The SPYRUS family of LYNKS Privacy Card tokens provides high performance, high assurance cryptographic processing in a personal, portable PC card form factor. The LYNKS Privacy Card product enables security- critical capabilities such as user authentication, message privacy and integrity, authentication, and secure storage in rugged, tamper-evident hardware."
77 Attachmate Corporation
424 Wards Corner Road
Loveland, OH 45140
USA

-Bill Evans
TEL: 513-794-8140

CST Lab: NVLAP 200002-0

CryptoConnect ETS
(Version 2.2.1)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Software 11/29/1999 Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows95, Windows98, and WindowsNT 4.0, with SP3 or later (single- user mode).

-FIPS-approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Cert. #18)

-Other algorithms: DES (Cert. #46); RSA (encryption), RC2, RC4

Multi-chip standalone

"CryptoConnect ETS is an INFOConnect transport system that provides encryption of all data between Attachmate's PEP/UTS client and Unisys 2200/ClearPath/IX Systems."
76 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enchanced Cryptographic Provider, and Enhanced Cryptographic Provider
(Version 5.0.2150.1)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Software 11/09/1999;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows2000 (operated in single-user mode).

-FIPS-approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. #28 and 29); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #65, 66, 67 and 68); RC2, RC4, MD2, MD4, MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"These are general-purpose software-based cryptomodules. They provide services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
75 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enchanced Cryptographic Provider, and Enhanced Cryptographic Provider
(Version 5.0.1877.6 and 5.0.1877.7)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Software 11/09/1999;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows95 and Windows98 (operated in single-user mode).

-FIPS-approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. #20 and 21); DSA/SHA-1 (Certs. #25 and 26); RSA (vendor- affirmed)

-Other algorithms: DES (Certs. #61, 62, 63 and 64); RC2, RC4, MD2, MD4, MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"These are general-purpose software-based cryptomodules. They provide services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
74 RedCreek Communications
3900 Newpark Mall Rd
Newark, CA 94056
USA

-Nicholas Brigman, Product Marketing
TEL: 510-795-6919

CST Lab: NVLAP 200002-0

Personal Ravlin
(Hardware v08; Firmware v3.32 Standard)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Hardware 11/04/1999 Overall Level: 2 

-FIPS-approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Cert. #22)

-Other algorithms: DES (Cert. #53); MD5

Multi-chip standalone

"The Personal Ravlin is a cost-effective network security solution. It addresses the needs of individual remote users who access corporations via cable, xDSL, and ISDN modems. It is also an ideal solution for network administrators who seek to establish private communications within a corporate intranet by providing security at the desktop level."
73 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Link Encryptor NRZ-L
(Firmware v1.25 and v1.26)

Validated to FIPS 140-1

Security Policy

Hardware 10/25/1999;
12/04/2003;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #26); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
72 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Link Encryptor NRZ-H
(Firmware v1.25 and v1.26)

Validated to FIPS 140-1

Security Policy

Hardware 10/25/1999;
12/04/2003;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #26); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
71 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Frame Encryptor CFE-L
(Firmware v4.02 and v4.04; Hardware revisions 4 and 5)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 09/13/1999;
12/04/2003;
10/18/2004
Overall Level: 3 

-Module Interfaces: Level 3*
-Roles and Services: Level 3*

*(Level 3 - Console interface disabled; Level 2 - Console interface enabled.)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #20); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links."
70 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Frame Encryptor CFE-H
(Firmware v4.02 and v4.04; Hardware revisions 4 and 5)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 09/13/1999;
07/18/2002;
12/04/2003;
10/18/2004
Overall Level: 3 

-Module Interfaces: Level 3*
-Roles and Services: Level 3*

*(Level 3 - Console interface disabled; Level 2 - Console interface enabled.)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #20); Triple-DES (allowed for US and Canadian Government use); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links."
69 Mykotronx, Inc.
357 Van Ness Way
Suite 200
Torrance, CA 90501
USA

-Kevin Cook
TEL: 310-533-8100
FAX: 310-533-0527

CST Lab: NVLAP 100432-0

FORTEZZA Crypto Card
(Part Number 650000-2)

Validated to FIPS 140-1

Security Policy

Vendor Product Link
Hardware 09/13/1999 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #2); Skipjack (Cert. #2)

-Other algorithms: KEA

Multi-chip standalone

"The Mykotronx FORTEZZA card is a PC Card hardware token for advanced cryptography and authorization methods. The card incorporates the National Security Agency-certified CAPSTONE RISC-based cryptographic processor."
68 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

Base Cryptographic Provider, Enhanced Cryptographic Provider, Base DSS Cryptographic Provider, and DSS/Diffie-Hellman Enchanced Cryptographic Provider
(Version 5.0.1877.6 and 5.0.1877.7)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Software 09/13/1999;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft WindowsNT 4.0 with Service Pack 6 (operated in single-user mode).

-FIPS-approved algorithms: SHA-1 (Certs. #20 and 21); DSA/SHA- 1 (Certs. #25 and 26); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #61, 62, 63 and 64); Triple-DES (allowed for US and Canadian Government use); RC2, RC4, MD2, MD4, MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"These are general-purpose software-based cryptomodules. They provide services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
67 Admiral Secure Products, Ltd.
866 Mantle Crescent
Mississauga, Ontario L5V 2G3
Canada

-Alex Chartier
TEL: 905-542-3351

CST Lab: NVLAP 100432-0

CERTIFAX Fax Encryptor CF3102
(ID: firmware version 2.21)

(When operated in FIPS mode using the listed FIPS-approved algorithms, and Triple DES not valid for FS1000 interoperability)

Validated to FIPS 140-1

Security Policy

Firmware 09/13/1999;
10/24/2002
Overall Level: 3 

-Self Tests: Level 4

-FIPS-approved algorithms: SHA-1 (Cert. #15)

-Other algorithms: DES (Cert. #42); Triple-DES (allowed for US and Canadian Government use); ECDSA; ECMQV2; Discrete Log Diffie-Hellman (key agreement)

Multi-chip standalone

"CERTIFAX 3000 secures sensitive facsimile communications from inadvertent or intentional disclosure. CERTIFAX ensures faxes get to the intended recipient every time, that the contents are never disclosed to unauthorized parties, that the sender is who it claims to be, and that the message is always kept private and unaltered. CERTIFAX provides two-way authentication using Certicom's Elliptic Curve Cryptography, and strong encryption using Triple DES. CERTIFAX's secure mailbox memory provides storage and retrieval for incoming faxes, and CERTIFAX can support up to 99 secure Virtual Private Fax Networks. The CF3102 also implements a non-FIPS mode for communications with Certicom's Legacy Fax Secret 1000 fax encryptor."
66 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan C. Asenjo
TEL: 888-744-4976 x6202
FAX: 954-888-6211

CST Lab: NVLAP 200002-0

Datacryptor® 2000 (DC2K) Link / Channelized / Frame Relay
(Hardware Version Issue 2 Motherboard; Software Version 1.02.36)

(When key zeroization is enabled)

Validated to FIPS 140-1

Security Policy

Vendor Product Link
Hardware 09/08/1999;
01/08/2003;
05/19/2003;
10/13/2005
Overall Level: 3 

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #24)

-Other algorithms: DES (Cert. #57); Triple-DES (allowed for US and Canadian Government use), Diffie-Hellman (key agreement)

Multi-chip standalone

"The Datacryptor 2000 is a stand-alone multi-chip cryptographic module that secures communications using signed Diffie-Hellman key exchange and Triple-DES encryption. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
65 RedCreek Communications
3900 Newpark Mall Rd
Newark, CA 94056
USA

-Nicholas Brigman, Product Marketing
TEL: 510-795-6919

CST Lab: NVLAP 200002-0

Ravlin 10
(Hardware v 09; Software v 3.32 Radius)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Hardware 09/08/1999 Overall Level: 2 

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #22)

-Other algorithms: DES (Cert. #53); Triple-DES (allowed for US and Canadian Government use), MD5

Multi-chip standalone

"The Ravlin 10/5100 is a network security solution that performs encryption and decryption with a throughput of the theoretical maximum of Ethernet (or wire speed). Network administrators use it to establish private communications within secure intranets (between corporate divisions, workgroups, branch offices, and individuals) or within secure extranets (between customers, suppliers, and strategic partners). This may be done over private or public IP networks."
64 PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025
USA

-Vinnie Moscaritolo
TEL: 650-319-9000
FAX: 650-319-9001

CST Lab: NVLAP 100432-0

PGP Cryptographic SDK
(Version 1.5)

(When operated in FIPS mode using the listed FIPS-approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Software 08/26/1999;
02/20/2003;
03/07/2008;
07/28/2008
Overall Level: 2 

-Operating System Security: Tested as meeting Level 2 with Compaq DeskPro 5/166 w/ WindowsNT Workstation 3.51 w/ Service Pack 4 (ITSEC-rated).

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #20)

-Other algorithms: DES (Cert. #40); Triple-DES (allowed for US Government use), RSA, El Gamal, CAST5, IDEA, MD5, RIPEMD60, HMAC, Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP SDK provides all cryptographic and key management functionality for the PGP suite of products, including PGP Desktop Security, PGPnet VPN Client, PGPdisk and the PGP Certificate Server. This is a high-level toolkit for use with C/C++ applications on Windows. It also supports PGP/MIME, TLS, Certificate Server management, LDAP, and Blakely-Shamir Key Splitting, as well as many user interface components for simple integration into other applications. PGP SDK implements only strong cryptography, and the source code is published in book form for peer review."
63 Dallas Semiconductor, Inc.
4401 Beltwood Pkwy
Dallas, TX 75244-3292
USA

-Mr. Dennis Jarrett
TEL: 972-371-4416

CST Lab: NVLAP 200002-0

DS1954B Cryptographic iButton™
(ID: B7-V1.02)

(When using vendor-initialized SHA-1 in transaction group 1)
(Note: This validation is superseded by validation certificate #80)


Validated to FIPS 140-1

Security Policy

Hardware 08/26/1999 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: SHA-1 (Cert. #8)

-Other algorithms: MD5, RSA

Multi-chip standalone

"Inside the steel perimeter, the secure accounting and cryptographic services are performed to meet the requirements of the United States Postal Service Information Based Indicia Program. See Cert. #41."
62 Francotyp-Postalia
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Andreas Wagner

CST Lab: NVLAP 100432-0

Francotyp-Postalia Security Module (FPSM)
(Software Version 1.1; Hardware Version 1.0)

(When operated in FIPS mode using using Triple DES)

Validated to FIPS 140-1

Security Policy

Hardware 08/17/1999 Overall Level: 2 

-Physical Security: Level 3
-Key Management: Level 3
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms:

-Other algorithms: DES (Cert. #59); Triple-DES (allowed for US Government use)

Multi-chip embedded

"The FPSM is a multi-chip embedded cryptomodule. The FPSM is embedded in Postage Meters and provides security services to support the secure accounting and cryptographic functions necessary to implement a value evidencing apparatus."
61 Kasten Chase Applied Research, Ltd.
5100 Orbitor Drive
Mississauga, Ontario L4W 4Z4
Canada

-Cyril Fernandes
TEL: 905-238-6900 x3310
FAX: 905-212-2003

CST Lab: NVLAP 200002-0

Palladium Secure Modem / FORTEZZA CryptoCard
(Hardware Version 1.5; Software Version p1.81)

Validated to FIPS 140-1

Security Policy

Hardware 08/11/1999 Overall Level: 1 

-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #2); Skipjack (Cert. #2)

-Other algorithms:

Multi-chip standalone

60 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200002-0

DSS/Diffie-Hellman Enhanced Cryptographic Provider
(Version 5.0.1998.1)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Software 08/05/1999;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft WindowsNT 4.0 with Service Pack 4 (operated in single-user mode).

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #17)

-Other algorithms: DES (Cert. #45); Triple-DES (allowed for US Government use); RC2, RC4, MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Microsoft's DSSENH is a general-purpose software-based cryptographic module. It provides services that enable application developers to utilize several different cryptographic algorithms and functions via the Microsoft CryptoAPI without knowing the underlying implementation."
59 Admiral Secure Products, Ltd.
866 Mantle Crescent
Mississauga, Ontario L5V 2G3
Canada

-Alex Chartier
TEL: 905-542-3351

CST Lab: NVLAP 100432-0

CERTIFAX Fax Encryptor CF3002 and CF3003
(ID: firmware version 2.20)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Firmware 08/05/1999;
10/24/2002
Overall Level: 3 

-Self Tests: Level 4

-FIPS-approved algorithms: SHA-1 (Cert. #15)

-Other algorithms: DES (Cert. #42); Triple-DES (allowed for US Government use); ECDSA; ECMQV2; Discrete Log Diffie-Hellman (key agreement)

Multi-chip standalone

"CERTIFAX 3000 secures sensitive facsimile communications from inadvertent or intentional disclosure. CERTIFAX ensures faxes get to the intended recipient every time, that the contents are never disclosed to unauthorized parties, that the sender is who it claims to be, and that the message is always kept private and unaltered. CERTIFAX provides two-way authentication using Certicom's Elliptic Curve Cryptography, and strong encryption using Triple DES. CERTIFAX's secure mailbox memory provides storage and retrieval for incoming faxes, and CERTIFAX can support up to 99 secure Virtual Private Fax Networks."
58 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

LunaCA³
(Firmware versions 3.2, 3.9 and 3.93)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Hardware 08/05/1999;
09/14/2001;
10/18/2004
Overall Level: 3 

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #13); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use) CAST, CAST3, CAST5, RC2, RC4, MD2, MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

57 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

LunaCA
(Firmware version 3.2)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Hardware 08/05/1999;
10/18/2004
Overall Level: 2 

-Software Security: Level 3
-Self Tests: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #13); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use) CAST, CAST3, CAST5, RC2, RC4, RC5, MD2, MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"LunaCA is a hardware crypto engine for identification and authentication (I&A) and digital signing; supports encryption/decryption and random number generation. Its target is certification authority systems that require a secure key generation and signing capability. LunCA is a token based on the PCMCIA standard - now known as PC Card."
56 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Luna2
(Firmware versions 3.2 and 3.9)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Hardware 08/08/1999;
09/14/2001;
10/18/2004
Overall Level: 2 

-Software Security: Level 3
-Self Tests: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #13); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use) CAST, CAST3, CAST5, RC2, RC4, RC5, MD2, MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Luna2 is a hardware crypto engine for identification and authentication (I&A) and digital signing; supports encryption/decryption and random number generation. Its target is certification authority systems that require a secure key generation and signing capability. Luna2 is a token based on the PCMCIA standard - now known as PC Card."
55 Admiral Secure Products, Ltd.
866 Mantle Crescent
Mississauga, Ontario L5V 2G3
Canada

-Alex Chartier
TEL: 905-542-3351

CST Lab: NVLAP 200002-0

Elliptic Curve Security Module (CLv)
(Hardware version R4, firmware version R1.4.1)

Validated to FIPS 140-1

Security Policy

Hardware 06/21/1999;
10/24/2002
Overall Level: 2 

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #19)

-Other algorithms: DES (Cert. #51); Triple-DES (allowed for US Government use); EC-DH

Multi-chip embedded

54 TimeStep Corporation
359 Terry Fox Dr
Kanata, Ontario K2K 2E7
Canada

-Brett Howard
TEL: 613-599-3610 x4554
FAX: 613-599-3617

CST Lab: NVLAP 200017-0

PERMIT/Gate 2520™ Cryptographic Module
(Hardware version 1.20)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 06/15/1999 Overall Level: 2 

-Software Security: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #21)

-Other algorithms: DES; Triple-DES (allowed for US Government use), MD5

Multi-chip standalone

"PERMIT/Gate 2520(TM) is a high-speed VPN component of the PERMIT(TM) Enterprise product suite. It is a tamper-resistant gateway that secures data communications for Intranets, Extranets, and Internet remote access. The 2520 has 4Mbps throughput."
53 TimeStep Corporation
359 Terry Fox Dr
Kanata, Ontario K2K 2E7
Canada

-Brett Howard
TEL: 613-599-3610 x4554
FAX: 613-599-3617

CST Lab: NVLAP 200017-0

PERMIT/Gate 4520™ Cryptographic Module
(Hardware version 1.20)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 06/15/1999 Overall Level: 2 

-Software Security: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #21)

-Other algorithms: DES; Triple-DES (allowed for US Government use), MD5

Multi-chip standalone

"PERMIT/Gate 4520(TM) is a high-speed VPN component of the PERMIT(TM) Enterprise product suite. It is a tamper-resistant gateway that secures data communications for Intranets, Extranets, and Internet remote access. The 4520 has 10Mbps throughput. The 4520 is the same as the 2520, except that the 4520 has a faster CPU, running at a higher bus frequency."
52 Admiral Secure Products, Ltd.
866 Mantle Crescent
Mississauga, Ontario L5V 2G3
Canada

-Alex Chartier
TEL: 905-542-3351

CST Lab: NVLAP 100432-0

CERTIFAX Fax Encryptor CF3001
(ID: firmware version 2.2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 06/15/1999;
10/24/2002
Overall Level: 3 

-Self Tests: Level 4

-FIPS-approved algorithms: SHA-1 (Cert. #15)

-Other algorithms: DES (Cert. #42); Triple-DES (allowed for US Government use); ECDSA; ECMQV2

Multi-chip standalone

"CERTIFAX 3000 secures sensitive facsimile communications from inadvertent or intentional disclosure. CERTIFAX provides two-way authentication using Certicom's Elliptic Curve Cryptography, and strong encryption using Triple DES. CERTIFAX can support up to 99 secure Virtual Private Fax Networks."
51 Pitney Bowes, Inc.
1 Elmcroft Rd
Stamford, CT 06926-0700
USA

-Frederick W. Ryan, Jr.
TEL: 203-924-3500
FAX: 203-924-3385

CST Lab: NVLAP 100432-0

Clickstamp
(Part #P200, Version AAA; Version AAB - 03/15/2000)

(Validated only for the DES MAC authenticated services: Credit, Put IBIP Data, and Zeroize Keys)

Revoked
DES Transition Ended

Security Policy

Hardware 05/10/1999 Overall Level: 3 

-FIPS-approved algorithms: SHA-1 (Cert. #11)

-Other algorithms: DES (Cert. #35); RSA

Multi-chip standalone

"The module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
50 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200002-0

BSAFE Crypto-C Toolkit, Version 4.11
(Software Version 4.11)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Software 04/29/1999;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #18)

-Other algorithms: DES (Cert. #46); Triple-DES (allowed for US Government use), RSA, MD2, MD5, HMAC, DESX, RC2, RC4, Elliptic Curve (F2&Fp), Elliptic Curve Encryption Scheme, Elliptic Curve DSA; Bloom-Shamir

Multi-chip standalone

"Cryptographic Toolkit provides cryptographic services to calling applications."
49 Intel Network Systems, Inc.
2 Eva Road
Suite 220
Toronto, Ontario M9C 2A8
Canada

-Robert Eng
TEL: 416-622-8987
FAX: 416-622-7577

CST Lab: NVLAP 200017-0

LAN Rover VPN Gateway (LRVG) V6.59
(Firmware version V6.59)

Validated to FIPS 140-1

Security Policy

Hardware 04/28/1999 Overall Level: 2 

-Software Security: Level 3
-EMI/EMC: Level 3

-FIPS-approved algorithms: SHA-1 (Cert. #18)

-Other algorithms: DES; Triple-DES (allowed for US Government use)

Multi-chip standalone

"The LRVG is a network packet encryption device which incorporates firewall and tunneling functionality compatible with a variety of protocols over Ethernet, V.35, and RS-232."
48 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200002-0

FORTEZZA Crypto Card
(Hardware Version 0.1, Firmware v0.5, v0.6 and v0.7)

Jumbo FORTEZZA Crypto Card
(Hardware Version 0.2, Firmware vA1)

Validated to FIPS 140-1

Security Policy

Hardware 04/23/1999;
05/14/2001;
06/18/2003
Overall Level: 2 

-FIPS-approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1)

-Other algorithms: KEA

Multi-chip standalone

"SPYRUS's FORTEZZA is a PC Card that is used to provide cryptographic services."
47 Netscape Communications Corporation
6905 Rockledge Dr
Suite 820
Bethesda, MD 20817
USA

-Ed Hicks
TEL: 301-571-3900

-Mitch Green

CST Lab: NVLAP 100432-0

Netscape Security Module 1.01
(ID: fipscm_v1.01)

(When operated in FIPS mode and when correctly implementing the tamper evident mechanism specified in the security policy.)

Validated to FIPS 140-1
Not Available

Security Policy

Software 03/17/1999 Overall Level: 2 

-Physical Security: Level 2

-Operating System Security: Tested as meeting Level 2 with Sun Ultra-5 w/ Sun Trusted Solaris version 2.5.1 (ITSEC-rated).

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #14); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #33 and #34); Triple-DES (allowed for US Government use), RC2, RC4, MD2, MD5

Multi-chip standalone

"Security module used in various Netscape products."
46 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200002-0

LYNKS Metering Device (LMD)
(Firmware version 9012)

Validated to FIPS 140-1

Security Policy

Hardware 03/17/1999 Overall Level: 2 

-Physical Security: Level 3 +EFT

-FIPS-approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1)

-Other algorithms:

Multi-chip standalone

45 Netscape Communications Corporation
6905 Rockledge Dr
Suite 820
Bethesda, MD 20817
USA

-Ed Hicks
TEL: 301-571-3900

-Mitch Green

CST Lab: NVLAP 100432-0

Netscape Security Module 1.01
(ID: fipscm_v1.01)

(When operated in FIPS mode)

Validated to FIPS 140-1
Not Available

Security Policy

Software 03/17/1999 Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 for WindowsNT 4.0 workstation (single-user mode).

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #14); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #33 and #34); Triple-DES (allowed for US Government use), RC2, RC4, MD2, MD5

Multi-chip standalone

"Security module used in various Netscape products."
44 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-John Casler
TEL: 434-455-6600
FAX: 434-455-6851

CST Lab: NVLAP 200002-0

Aegis MR-K I and II System/Scan Radios
VHF range: 136-174 MHz
UHF range: 378-500 MHz
800 range: 806-870 MHz

(Hardware Versions: PK1GEXE, PK1PEXE, PK1XEXE, PK18EXE, PK2GEXE, PK2PEXE, PK2XEXE, PK28EXE, PK3GEXE, PK3PEXE, PK3XEXE, PK38EXE, (SYSTEM) PK2NEXE, (SCAN) PK3NEXE; Software Load: CXC 112 1279/1, Version: M2G30408)

Revoked
DES Transition Ended

Security Policy

Hardware 03/04/1999;
11/16/2001;
12/06/2001;
04/05/2002;
03/07/2003;
03/13/2003
Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms: DES (04/22/1994)

Multi-chip standalone

"The M-RK II System/Scan (AEGIS) and M-RK I handheld personal portable two-way FM radio is a high-quality, high performance FM radio. The radio is synthesized and operates in both trunked (EDACS™) and conventional communications systems. The trunked mode allows selection of either a communications group or an individual radio within a system. Both the selected group and the individual radio are secured through AEGIS digital signaling and DES encryption."
43 SafeNet, Inc.
4690 Millennium Drive
Suite 300
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 100432-0

Turbo Crypto Card (TCC), v09, 14.04
(Part#: AB-14094-050-09)

Validated to FIPS 140-1

Security Policy

Hardware 02/17/1999;
12/04/2003;
10/18/2004
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11and #20); Diffie-Hellman (key agreement)

Multi-chip embedded

"Turbo Crypto Card is used in a variety of Cylink's host encryption products, including the Secure Frame Unit (SFU) and the Secure Domain Unit (SDU)."
42 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200002-0

Segmented NetFortress™ GVPN-S
(Version - 1)

(When factory configured in FIPS mode and using Triple-DES)

Validated to FIPS 140-1

Security Policy

Hardware 01/27/1999;
03/26/2010
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms:

-Other algorithms: DES (Cert.#23); Triple-DES (allowed for US Government use), IDEA

Multi-chip standalone

"VPN Encryptor."
41 Dallas Semiconductor, Inc.
4401 Beltwood Pkwy
Dallas, TX 75244-3292
USA

-Mr. Dennis Jarrett
TEL: 972-371-4416

CST Lab: NVLAP 200002-0

DS1954B Cryptographic iButton™
(ID: B4-V1.02)

(When using vendor-initialized SHA-1 in transaction group 1)

Validated to FIPS 140-1

Security Policy

Hardware 01/26/1999 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS-approved algorithms: SHA-1 (Cert. #8)

-Other algorithms: MD5, RSA

Multi-chip standalone

"Provides hardware cryptographic services (e.g., secure private key storage, high-speed math accelerator for 1024-bit public key crypto, hashing). Services are provided using a single silicon chip packaged in a 16mm stainless steel case. Can be worn or attached to an object for info at point of use. Can withstand harsh outdoor environments and is durable for everyday wear."
40 IBM® Corporation
2455 South Rd
Mail Station P371
Poughkeepsie, NY 12601-5400
USA

-Clark D. Norberg
TEL: 845-435-6434
FAX: 845-435-1858

-Phil C. Yeh

CST Lab: NVLAP 100432-0

IBM S/390 CMOS Cryptographic Coprocessor
(ID: IBM Part #s 88H3637 and 29L3659)

(When configured for External Key Entry)

Validated to FIPS 140-1

Security Policy

Hardware 01/07/1999 Overall Level: 4 

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #4, 12); RSA (internal use)

-Other algorithms: DES (Certs. #7 and 29); Triple-DES (allowed for US Government use); CDM; MDC-2; MDC-4; D-H key agreement; ANSI: X3106, X99, X919

Single-chip

"Encryption module for S/390 CMOS Enterprise Server family."
39 Chrysalis-ITS, Incorporated
One Chrysalis Way
Ottawa, Ontario K2G 6P9
Canada

-Bill Cullen
TEL: 613-723-5077
FAX: 613-723-5069

CST Lab: NVLAP 200017-0

Luna2
(Firmware version 2.2)

(For services provided by the listed FIPS-Approved algorithms and using Triple-DES)

Validated to FIPS 140-1

Security Policy

Hardware 12/08/1998 Overall Level: 2 

-Software Security: Level 3
-Self Tests: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #13)

-Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use) CAST, CAST3, CAST5, RC2, RC4, RC5, MD2, MD5, RSA; D-H key agreement

Multi-chip standalone

"Luna2 is a hardware crypto engine for identification and authentication (I&A) and digital signing; supports encryption/decryption and random number generation. Its target is certification authority systems that require a secure key generation and signing capability. Luna2 is a token based on the PCMCIA standard - now known as PC Card."
38 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

LunaCA
(Firmware version 2.2)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Hardware 12/08/1998;
10/18/2004
Overall Level: 2 

-Software Security: Level 3
-Self Tests: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #13)

-Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use) CAST, CAST3, CAST5, RC2, RC4, RC5, MD2, MD5, RSA; D-H key agreement

Multi-chip standalone

"LunaCA is a hardware crypto engine for identification and authentication (I&A) and digital signing; supports encryption/decryption and random number generation. Its target is certification authority systems that require a secure key generation and signing capability. LunCA is a token based on the PCMCIA standard - now known as PC Card."
37 Motorola, Inc.
Secure Design Center
IL02 Room 0509A
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Jennifer Mitchell
TEL: 847-576-7251

CST Lab: NVLAP 200017-0

KVL 3000
(Firmware version 1.5)

(When operated in FIPS mode by selection of the DES algorithm)

Revoked
DES Transition Ended

Security Policy

Hardware 11/25/1998 Overall Level: 1 

-Roles and Services: Level 2

-FIPS-approved algorithms:

-Other algorithms: DES (Cert. #5); DES-XL, DVP-XL, DVI-XL, DVI-XL SPFL

Multi-chip standalone

36 Litronic, Inc.
2030 Main St
Suite 1250
Irvine, CA 92614
USA

-Robert Gray
TEL: 949-851-1085
FAX: 949-851-8588

CST Lab: NVLAP 100432-0

Argus/300 Security Adapter
(PN's 050-1038 and 024-0300 rev. B)

Validated to FIPS 140-1

Security Policy

Hardware 11/25/1998;
05/14/2004
Overall Level: 3 

-FIPS-approved algorithms: SHA-1 (Cert. #41)

-Other algorithms: DES (Cert. #254)

Multi-chip embedded

"Cryptographic Module and Smart Card Reader."
35 IBM® Corporation
2455 South Rd
Mail Station P339
Poughkeepsie, NY 12601-5400
USA

-Helmy El-Sherif
TEL: 845-435-7033
FAX: 845-435-4092

CST Lab: NVLAP 100432-0

IBM 4758 PCI Cryptographic Coprocessor (Miniboot Layers 0 and 1)
(ID: PN IBM 4758-001, Miniboot 0 version B, Miniboot 1 version B)

(When configured for DSS Authentication)

Validated to FIPS 140-1

Security Policy

Hardware 11/25/1998 Overall Level: 4 

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #16)

-Other algorithms: DES (Cert. #41); Triple-DES (allowed for US Government use), RSA

Multi-chip embedded

"The 4758 is a tamper-responding, programmable, cryptographic PCI card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software."
34 nCipher Corporation Ltd.
100 Unicorn Park Dr
Woburn, MA 01801-3371
USA

-Greg Dunne
TEL: 978-691-6487
FAX: 978-687-4442

CST Lab: NVLAP 200017-0

nFast nF75KM 1C, nF150KM 1C, and nF300KM 1C Cryptographic Accelerators
(Firmware v1.33.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 11/18/1998 Overall Level: 2 

-Module Interfaces: Level 3
-Roles and Services: Level 2*
-Software Security: Level 3
-EMI/EMC: Level 3
-Self Tests: Level 2*
-Key Management: Level 2*

*(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #11)

-Other algorithms: DES (Cert. #24); DES MAC; Triple-DES (allowed for US Government use), Triple-DES MAC, CAST, RSA, ElGamal; D-H key agreement

Multi-chip standalone

"The firmware is used in the nFast series of devices and has been validated on the nFast nF75KM 1C, nF150KM 1C, and nF300KM 1C Cryptographic Accelerators."
33 Fortress Technologies, Inc.
1 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200002-0

NetFortress™ GVPN
(Version - 1)

(When factory configured in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 11/18/1998;
03/26/2010
Overall Level: 2 

-FIPS-approved algorithms:

-Other algorithms: DES (Cert. #23); Triple-DES (allowed for US Government use), IDEA

Multi-chip standalone

"VPN Encryptor."
32 Dallas Semiconductor, Inc.
4401 Beltwood Pkwy
Dallas, TX 75244-3292
USA

-Mr. Dennis Jarrett
TEL: 972-371-4416

CST Lab: NVLAP 200002-0

DS1954B Cryptographic iButton™
(ID: B4-V1.02)

(When using vendor-initialized SHA-1 in transaction group 1)
(Note: This validation has been superseded by validation certificate #41, which meets an Overall Level 3)


Validated to FIPS 140-1

Security Policy

Hardware 10/28/1998 Overall Level: 2 

-Physical Security: Level 3 +EFP
-EMI/EMC: Level 3

-FIPS-approved algorithms: SHA-1 (Cert. #8)

-Other algorithms: MD5, RSA

Multi-chip standalone

"Provides hardware cryptographic services (e.g., secure private key storage, high-speed math accelerator for 1024-bit public key crypto, hashing). Services are provided using a single silicon chip packaged in a 16mm stainless steel case. Can be worn or attached to an object for info at point of use. Can withstand harsh outdoor environments and is durable for everyday wear."
31 Neopost Ltd.
30955 Huntwood Ave.
Hayward, CA 94544-7084
USA

-Neil Graver
TEL: 510-489-6800

CST Lab: NVLAP 200002-0

PostagePlus™ Client Communication Module
(Version 1.0)

Validated to FIPS 140-1

Security Policy

Software 10/28/1998 Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 for Windows95

-FIPS-approved algorithms: SHA-1 (Cert. #12)

-Other algorithms: DES (Cert. #38); Triple-DES (allowed for US Government use), RSA

Multi-chip standalone

"This module is part of the PostagePlus(TM) system that provides security services to support the secure accounting and cryptographic functions required to implement the United States Postal Service's Information-Based Indicia Program."
30 Pitney Bowes, Inc.
1 Elmcroft Rd
Stamford, CT 06926-0700
USA

-Frederick W. Ryan, Jr.
TEL: 203-924-3500
FAX: 203-924-3385

CST Lab: NVLAP 100432-0

PC Meter Cryptographic Module
(Part #P200V, Version ABB)

(Validated only for the DES MAC authenticated services: Credit, Put IBIP Data, and Zeroize Keys)

Revoked
DES Transition Ended

Security Policy

Hardware 10/02/1998 Overall Level: 3 

-FIPS-approved algorithms: SHA-1 (Cert. #11)

-Other algorithms: DES (Cert. #35); RSA

Single-chip

"The module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
29 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

LunaCA³
(Firmware version 2.2)

(For services provided by the listed FIPS-Approved algorithms and using Triple DES)

Validated to FIPS 140-1

Security Policy

Hardware 10/02/1998;
10/18/2004
Overall Level: 3 

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #13)

-Other algorithms: DES (Cert. #32); Triple-DES (allowed for US Government use) CAST, CAST3, CAST5, RC2, RC4, MD2, MD5, RSA; Diffie-Hellman (key agreement)

Multi-chip standalone

28 nCipher Corporation Ltd.
100 Unicorn Park Dr
Woburn, MA 01801-3371
USA

-Greg Dunne
TEL: 978-691-6487
FAX: 978-687-4442

CST Lab: NVLAP 200017-0

nFast nF75CA 00, nF150CA 00, and nF300CA 00 Cryptographic Accelerators
(Firmware v1.33.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 09/22/1998 Overall Level: 3 

-Roles and Services: Level 3*
-Self Tests: Level 3*
-Key Management: Level 3*

*(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #11)

-Other algorithms: DES (Cert. #24); DES MAC; Triple-DES (allowed for US Government use), Triple-DES MAC, CAST, RSA, ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The firmware is used in the nFast series of devices and has been validated on the nFast nF75CA 00, nF150CA 00, and nF300CA 00 Cryptographic Accelerators."
27 nCipher Corporation Ltd.
100 Unicorn Park Dr
Woburn, MA 01801-3371
USA

-Greg Dunne
TEL: 978-691-6487
FAX: 978-687-4442

CST Lab: NVLAP 200017-0

nFast nF75CA 1C, nF150CA 1C, and nF300CA 1C Cryptographic Accelerators
(Firmware v1.33.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 09/22/1998 Overall Level: 3 

-Roles and Services: Level 3*
-Self Tests: Level 3*
-Key Management: Level 3*

*(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization.)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #11)

-Other algorithms: DES (Cert. #24); DES MAC; Triple-DES (allowed for US Government use), Triple-DES MAC, CAST, RSA, ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The firmware is used in the nFast series of devices and has been validated on the nFast nF75CA 1C, nF150CA 1C, and nF300CA 1C Cryptographic Accelerators.."
26 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Link Encryptor NRZ-L
(Firmware v1.03 and v1.04)

Validated to FIPS 140-1

Security Policy

Hardware 09/11/1998;
12/04/2003;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #26); Triple-DES (allowed for US Government use); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
25 SafeNet, Inc.
4690 Millennium Drive Suite 300 Raleigh,
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Link Encryptor NRZ-H
(Firmware v1.03 and v1.04)

Validated to FIPS 140-1

Security Policy

Hardware 09/11/1998;
12/04/2003;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #26); Triple-DES (allowed for US Government use); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."
24 V-ONE Corporation, Inc.
20250 Century Blvd
Suite 300
Germantown, MD 20874
USA

-Tim Armstrong
TEL: 301-515-5200 x5394

CST Lab: NVLAP 200002-0

SmartPass Virtual Cryptographic Authentication Token (VCAT)
(Version 3.2)

Validated to FIPS 140-1

Security Policy

Vendor Product Link
Software 09/11/1998;
06/18/2003
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 for Microsoft Windows95.

-FIPS-approved algorithms: SHA-1 (Cert.#10)

-Other algorithms: DES

Multi-chip standalone

23 GTE Internetworking
70 Fawcett St.
Cambridge, MA 02140
USA

-John Lowry
TEL: 617-873-2435

CST Lab: NVLAP 200002-0

SafeKeyper™ Signer
(Release 4p)

(When initialized to DSA)

Validated to FIPS 140-1

Security Policy

Hardware 09/11/1998 Overall Level: 3 

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #9)

-Other algorithms: DES (Cert. #22); RSA, MD2, MD5, Shamir Secret-sharing Algorithm

Multi-chip standalone

22 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200002-0

LYNKS Metering Device (LMD)

Validated to FIPS 140-1

Security Policy

Hardware 08/13/1998 Overall Level: 2 

-Physical Security: Level 3 +EFT
-EMI/EMC: Level 3

-FIPS-approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1)

-Other algorithms:

Multi-chip standalone

21 nCipher Corporation Ltd.
100 Unicorn Park Dr
Woburn, MA 01801-3371
USA

-Greg Dunne
TEL: 978-691-6487
FAX: 978-687-4442

CST Lab: NVLAP 200017-0

nFast nF75KM 00, nF150KM 00, and nF300KM 00 Cryptographic Accelerators
(Firmware v1.33.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 08/13/1998 Overall Level: 2 

-Module Interfaces: Level 3
-Roles and Services: Level 2*
-Software Security: Level 3
-EMI/EMC: Level 3
-Self-Tests: Level 2*
-Key Management: Level 2*

*(Level 3 is met in these areas when the "FIPS_level3" flag is set during initialization)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #11)

-Other algorithms: DES (Cert. #24); DES MAC; Triple-DES (allowed for US Government use), Triple-DES MAC, CAST, RSA, ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The firmware is used in the nFast series of devices and has been validated on the nFast nF75KM 00, nF150KM 00, and nF300KM 00 Cryptographic Accelerators."
20 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust Cryptographic Kernel, v4.0
(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Software 07/30/1998;
07/18/2002
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 for Windows95 and WindowsNT 4.0 workstation (operated in single user mode).

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #10)

-Other algorithms: DES (Cert. #1); DES MAC; Triple-DES (allowed for US Government use); RC2; MD5; MD2; HMAC-SHA-1; HMAC-MD5; RSA; CAST; CAST3; CAST5; Diffie-Hellman (key agreement)

Multi-chip standalone

"This module is used in the Entrust family of products."
19 Dallas Semiconductor, Inc.
4401 Beltwood Pkwy
Dallas, TX 75244-3292
USA

-Mr. Dennis Jarrett
TEL: 972-371-4416

CST Lab: NVLAP 200002-0

DS1954 Cryptographic iButton™
(ID: A7-V1.01)

(When using vendor-initialized SHA-1 in transaction group 1)
(Note: This validation has been superseded by validation certificate #41, which meets an Overall Level 3)


Validated to FIPS 140-1

Security Policy

Hardware 06/29/1998 Overall Level: 2 

-Physical Security: Level 3 +EFP
-EMI/EMC: Level 3

-FIPS-approved algorithms: SHA-1 (Cert. #8)

-Other algorithms: MD5; RSA

Multi-chip standalone

"Provides hardware cryptographic services (e.g., secure private key storage, high-speed math accelerator for 1024-bit public key crypto, hashing). Services are provided using a single silicon chip packaged in a 16mm stainless steel case. Can be worn or attached to an object for info at point of use. Can withstand harsh outdoor environments and is durable for everyday wear."
18 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust Cryptographic Kernel, v3.1
(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Software 05/11/1998;
07/18/2002
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 for Windows95 and WindowsNT 4.0 workstation (operated in single user mode).

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #10)

-Other algorithms: DES (Cert. #1); DES MAC; Triple-DES (allowed for US Government use); RC2; MD5; MD2; RSA; CAST; CAST3; CAST5; Diffie-Hellman (key agreement)

Multi-chip standalone

"This module is used in the Entrust family of products."
17 GTE Internetworking
70 Fawcett St.
Cambridge, MA 02140
USA

-John Lowry
TEL: 617-873-2435

CST Lab: NVLAP 200002-0

SafeKeyper™ Signer
(Release 4)

(When initialized to DSA.)
(Note: This module has been superseded by Certificate #23)


Validated to FIPS 140-1
Not Available

Security Policy

Hardware 05/11/1998 Overall Level: 3 

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #9)

-Other algorithms: DES (Cert. #22); RSA; MD2; MD5; Shamir Secret-sharing Algorithm

Multi-chip standalone

16 Transcrypt International
4800 NW 1st St
Lincoln, NE 68521
USA

-Jim Gilley
TEL: 402-474-4800
FAX: 402-474-4858

CST Lab: NVLAP 100432-0

SC20-DES
(v1.0)

Revoked
DES Transition Ended

Security Policy

Hardware 04/15/1998 Overall Level: 1 

-EMI/EMC: Level 3

-FIPS-approved algorithms:

-Other algorithms: DES (Cert. #19)

Single-chip

"Encryption module for land mobile radios."
15 Motorola, Inc.
Secure Design Center
IL02 Room 0509A
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Geoff Hobar
TEL: 847-576-9066
FAX: 847-538-2770

CST Lab: NVLAP 200017-0

ASTRO XTS 3000 Subscriber Encryption Module
(Release R 3.0)

(When operated in FIPS mode by selecting the DES algorithm and setting OTAR to inhibited)

Revoked
DES Transition Ended

Security Policy

Hardware 01/30/1998 Overall Level: 1 

-Roles and Services: Level 2

-FIPS-approved algorithms:

-Other algorithms: DES; DES-XL; DVP-XL; DVI-XL; DVI-SPFL

Multi-chip standalone

"The ASTRO XTS 3000 radio provides portable analog and digital two-radio communications in trunked and conventional radio systems. It is capable of supporting 12.5 kHz digital channels as well as 25 kHz and 30 kHz analog channels. The ASTRO XTS 3000 Subscriber Encryption Module Controller is available as an option for the ASTRO XTS 3000 radios to provide secure communication capabilities."
14 Motorola, Inc.
Secure Design Center
IL02 Room 0509A
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Geoff Hobar
TEL: 847-576-9066
FAX: 847-538-2770

CST Lab: NVLAP 200017-0

ASTRO Subscriber Encryption Module
(Release R 3.0)

(When operated in FIPS mode by selecting the DES algorithm and setting OTAR to inhibited)

Revoked
DES Transition Ended

Security Policy

Hardware 01/30/1998 Overall Level: 1 

-Roles and Services: Level 2

-FIPS-approved algorithms:

-Other algorithms: DES; DES-XL; DVP-XL; DVI-XL; DVI-SPFL

Multi-chip standalone

"The ASTRO Saber radio provides portable analog and digital two-radio communications in trunked and conventional radio systems. The ASTRO Spectra radio provides analog and digital two-radio communications in trunked and conventional mobile radio systems. They are each capable of supporting 12.5 kHz digital channels as well as 25 kHz and 30 kHz analog channels."
13 Motorola, Inc.
Secure Design Center
IL02 Room 0509A
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Geoff Hobar
TEL: 847-576-9066
FAX: 847-538-2770

CST Lab: NVLAP 200017-0

ASTRO-TAC Digital Interface Unit (DIU) Encryption Module Controller (EMC)
(Version 3.0)

(When operated in FIPS mode by selection of the DES algorithm)

Revoked
DES Transition Ended

Security Policy

Hardware 01/30/1998 Overall Level: 1 

-Roles and Services: Level 2

-FIPS-approved algorithms:

-Other algorithms: DES; DES-XL; DVP-XL; DVI-XL; DVI-SPFL

Multi-chip standalone

"The ASTRO DIU provides an interface between an analog console and an ASTRO base station or ASTRO-TAC comparator for ASTRO clear and analog two-way radio communications. The DIU EMC is available as an option with ASTRO DIUs to provide encryption capability. The DIU will then support ASTRO encrypted two-way radio communications."
12 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Joel Rieger
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200002-0

SafeNet/Dial Secure Modem
(Firmware version 2.0)

(When operated in 'user with authentication' mode)

Revoked
DES Transition Ended

Security Policy

Hardware 12/08/1997;
10/18/2004
Overall Level: 2 

-EMI/EMC: Level 3
-Roles and Services: Strongest authentication provided when operated in conjunction with the SafeNet/Security Center.

-FIPS-approved algorithms:

-Other algorithms: DES; ATLAS

Multi-chip standalone

11 Motorola, Inc.
Secure Design Center
IL02 Room 0509A
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Geoff Hobar
TEL: 847-576-9066
FAX: 847-538-2770

CST Lab: NVLAP 200017-0

Radio Network Controller Encryption Module Controller (RNC EMC)
(Firmware version D01.00.00)

(When operated in FIPS mode by selection of the DES algorithm)

Revoked
DES Transition Ended

Security Policy

Hardware 11/12/1997 Overall Level: 1 

-Module Interfaces: Level 3

-FIPS-approved algorithms:

-Other algorithms: DES; DES-XL; DVI-XL; DVP-XL; DVI-SPFL

Multi-chip standalone

"The RNC 3000 provides data communications between mobile data and host applications in an ASTRO integrated voice and data system. The RNC Encryption Module Controller provides data encryption services for the RNC 3000."
10 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 100432-0

Turbo Crypto Card (TCC), v09
(Part#: AB-14094-010-09)

Validated to FIPS 140-1

Security Policy

Hardware 11/12/1997;
10/18/2004
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11 and #12); Diffie-Hellman

Multi-chip embedded

"Turbo Crypto Card is used in a variety of Cylink's host encryption products, including the Secure Frame Unit (SFU) and the Secure Domain Unit (SDU)."
9 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeNet/LAN VPN Encryptor
(Firmware version 2.0)

Revoked
DES Transition Ended

Security Policy

Hardware 11/12/1997;
10/18/2004
Overall Level: 2 

-Roles and Services: Strongest authentication provided when operated in conjunction with the SafeNet/Security Center.

-FIPS-approved algorithms:

-Other algorithms: DES; ATLAS

Multi-chip standalone

8 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Luna 1 PCMCIA Token
(Firmware version 1.19)

(When operated in FIPS mode for encryption, decryption, and random number generation)

Validated to FIPS 140-1

Security Policy

Hardware 10/29/1997;
10/18/2004
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: SHA-1 (Cert. #7)

-Other algorithms: DES (Cert. #13); Triple-DES (allowed for US Government use); CAST; CAST3; MD2; MD5; RSA

Multi-chip standalone

"Chrysalis' Luna 1 is a PC Card that is used to provide generation and storage of symmetric and asymmetric keys, storage of Certificates, and random number generation. It can support up to 15 different users."
7 Netscape Communications Corporation
6905 Rockledge Dr
Suite 820
Bethesda, MD 20817
USA

-Ed Hicks
TEL: 301-571-3900

-Mitch Green

CST Lab: NVLAP 100432-0

Netscape Security Module 1
(ID: fipscm_v1)

(When operated in FIPS mode for secure e-mail, certificate management, password management and met when correctly implementing the tamper evident mechanism specified in the security policy.)

Validated to FIPS 140-1
Not Available

Security Policy

Software 08/29/1997 Overall Level: 2 

-Physical Security: Level 2

-Operating System Security:Tested as meeting Level 2 with Sun Sparc 5 w/ Sun Solaris v 2.4SE (ITSEC-rated), and Level 1 for Microsoft WindowsNT 4.0 workstation (operated in single user mode)

-FIPS-approved algorithms: DSA/SHA-1 (Cert. #3)

-Other algorithms: DES (Certs. #6 and #10); RSA; RC4; RC5; MD2; MD5

Multi-chip standalone

"Security module used in various Netscape products."
6 Mykotronx, Inc.
357 Van Ness Way
Suite 200
Torrance, CA 90501
USA

-Kevin Cook
TEL: 310-533-8100
FAX: 310-533-0527

CST Lab: NVLAP 100432-0

Palladium Fortezza Crypto Card
(Part Number 650000)

Validated to FIPS 140-1

Security Policy

Vendor Product Link
Hardware 06/11/1997 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS-approved algorithms: DSA; SHA-1; Skipjack

-Other algorithms: KEA

Multi-chip standalone

5 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200002-0

FORTEZZA Crypto Card, v0.2

Validated to FIPS 140-1

Security Policy

Hardware 02/07/1997 Overall Level: 2 

-FIPS-approved algorithms: DSA; SHA-1; Skipjack

-Other algorithms: KEA

Multi-chip standalone

"SPYRUS's FORTEZZA is a PC Card that is used to provide cryptographic services."
4 National Semiconductor Corporation
(This cryptomodule and NSC's Fortezza business unit have been discontinued.)

CST Lab: NVLAP 100432-0

Fortezza PCMCIA Encryption Module
(Part Number: 990010947-200)

Validated to FIPS 140-1

Security Policy

Hardware 10/24/1996 Overall Level: 2 

-FIPS-approved algorithms: DSA; SHA-1; Skipjack

-Other algorithms: KEA

Multi-chip standalone

3 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust Cryptographic Kernel, V2.4
(When operated in FIPS mode. For use with PCs)

Validated to FIPS 140-1

Security Policy

Software 09/17/1996;
07/18/2002
Overall Level: 1 

-FIPS-approved algorithms: DSA; SHA-1

-Other algorithms: DES; MD5; MD2; RSA; CAST; CAST3

Multi-chip standalone

"This module is used in the Entrust family of products."
2 Motorola, Inc.
Secure Design Center
IL02 Room 0509A
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Geoff Hobar
TEL: 847-576-9066
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

ASTRO Subscriber Encryption Module
(For ASTRO Radio Product Family: NTN7771D, NTN7772D, NTN7332D, NTN7331D)

Revoked
DES Transition Ended

Security Policy

Hardware 01/19/1996 Overall Level: 1 

-FIPS-approved algorithms:

-Other algorithms: DES; Motorola DVP

Multi-chip embedded

"This module is used in the ASTRO Radio Product Family."
1 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust Cryptographic Kernel, V1.9
(For use with PCs)

Validated to FIPS 140-1

Security Policy

Software 10/12/1995;
07/18/2002
Overall Level: 1 

-FIPS-approved algorithms: DSA

-Other algorithms: DES; CAST; RSA; MD5; MD2

Multi-chip standalone

"This module is used in the Entrust family of products."


Need Assistance?