CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016
All

Last Updated: 6/27/2016

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Val.
Date
Level / Description
200SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
SafeEnterprise™ Frame Encryptor-High Speed Serial Interface (SFE HSSI)
(Hardware Version: 3; Firmware Versions: 4.08 and 4.09)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/18/2001
04/11/2002
05/15/2002
07/18/2002
07/03/2003
10/19/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Certs. #5 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SFE-HSSI protects information flowing between nodes or sites of a frame relay network. It can be con-figured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through encryption or passed without encryption. The SFE-HSSI support full-duplex traffic throughput of between 56-256 kbps for 32-1022 secure connections. The SFE will achieve this throughput for the smaller frames as well (64 byte frames is a target)."
199F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki 00181
Finland

Alexey Kirichenko
TEL: +358-9-2520-4548

CST Lab: NVLAP 200002-0
F-Secure Cryptographic Service Provider DLL
(Software Version: 1.1)
(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Certificate

Security Policy
Software12/18/2001
07/31/2003
Overall Level: 1

-EMI/EMC: Level 3
-Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT 4.0 SP6

-FIPS Approved algorithms: Triple-DES (Cert. #68); DSA (Cert. #50); SHA-1 (Cert. #62); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #129); RSA Encryption/Decryption; IDEA; Blowfish; CAST-128; Rijndael; Arcfour; MD5; RIPEMD-160; HMAC-SHA-1; HMAC-MD5; HMAC-RMD160; Diffie-Hellman (key agreement)

Multi-chip standalone

"The F-Secure Cryptographic Service Provider is a FIPS 140-1 Level 1 compliantsoftware module, implemented as a 32-bit Windows™ NT compatible DLL, whichprovides a variety of cryptographic services and can be dynamically linked intoapplications by software developers to get access to general-purpose cryptographicfunctionality."
198Mailroom Technology, Inc.
230 Long Hill Cross Road
Shelton, CT 06484
USA

Richard Rosen
TEL: 203-925-2571
FAX: 203-926-1628

CST Lab: NVLAP 200002-0
SAFE CV 411, SAFE CV 412 and SAFE CV 413
(Hardware Versions: 411, 412 and 413; Software Versions: 3.1.1, 3.3.2, 3.3.3 and 3.4.0)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/14/2001
06/21/2002
09/01/2006
04/26/2007
Overall Level: 3

-Physical Security: Level 3 +EFT

-FIPS Approved algorithms: Triple-DES (Cert. #47); DSA/SHA-1 (Cert. #43)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip embedded

"SAFE CV provides the physical and logical resources necessary to function as a United States Postal Service(USPS), Information-Based Indicia Program (IBIP), Postal Security Device (PSD). It is used for securely managing anddispensing money via encryption and digital signature techniques and protects the interests of user, service provider andrecipient. The device is ideally suited to both embedded and PC based applications requiring high-speed cryptographicfunctions. Additionally, this device has been approved for export for use in markets throughout the world."
197CTAM, Inc.
600 17th Street600 17th Street
Suite 950
South Denver, CO 80202
USA

Network Security Product Manager
TEL: 720-359-1581

CST Lab: NVLAP 200002-0
CypherCell ATM Encryptor
(Hardware Version: 3; Firmware Version: 2.1.0)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/14/2001Overall Level: 2

-Roles and Services: Level 3
-EMI/EMC: Level 3
-Key Management: Level 3
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #78); SHA-1 (Cert. #68); RSA (PKCS#1 for signature, vendor affirmed)

-Other algorithms: DES (Certs. #138 and #139);

Multi-chip standalone

"CypherCell is a hardware encryption product for Asynchronous Transfer Mode (ATM) networks. It supports multiple speeds with AC or DC Power"
196Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

Global Certification Team

CST Lab: NVLAP 200002-0
2621 Modular Access Router with Crypto Accelerator Card
2651 Modular Access Router with Crypto Accelerator Card

(Hardware Versions: 2621 and 2651, IOS Version: 12.1(5)T, Accelerator Card: AIM-VPN/BP, Hardware Version: 1.0, Board Rev; A0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/12/2001
01/10/2003
05/24/2005
05/28/2010
02/23/2012
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #17 and #32); SHA-1 (Cert. #26); DSA/SHA-1 (Cert. #38)

-Other algorithms: DES (Certs. #74 and #100); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Router is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
195SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
SafeEnterprise™ Link Encryptor-T3 (SLE-T3)
(Hardware Version: Revision 16697-010-03; Firmware Versions: 3.00 and 3.01)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/12/2001
05/23/2002
07/18/2002
07/03/2003
10/19/2004
Overall Level: 2

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #22 and #56); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Cert. #109); Diffie-Hellman (key agreement)

Multi-chip standalone

"The SLE-T3 secures public and private DS3/T3 data links at 44.7 MHz, encrypting data at the full data rate, and meeting the T3 industry standard. Both C-Bit and M13 framing are supported."
194Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

Global Certification Team

CST Lab: NVLAP 200002-0
2621 Modular Access Router
2651 Modular Access Router

(Hardware Versions: 2621 and 2651; Software Version: IOS 12.1(5)T)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/12/2001
01/10/2003
05/24/2005
05/28/2010
02/23/2012
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26)

-Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Router is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
193Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

Global Certification Team

CST Lab: NVLAP 200002-0
7206 VXR Router with ISA Accelerator Card
(Hardware Version: 7206; Software Versions: IOS 12.1(9)E, ISA Accelerator:)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/12/2001
01/10/2003
05/24/2005
05/28/2010
02/23/2012
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #17 and #76); SHA-1 (Certs. #26 and #66)

-Other algorithms: DES (Certs. #74 and #136); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routingfunctions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
192Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

Global Certification Team

CST Lab: NVLAP 200002-0
7206 VXR Router
(Hardware Version: 7206 VXR; Software Version: IOS Version: 12.1(9)E)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/12/2001
01/10/2003
05/24/2005
05/28/2010
02/23/2012
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26)

-Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routingfunctions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
191Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

Global Certification Team

CST Lab: NVLAP 200002-0
7140 VPN Router with ISM Accelerator Card
7140 VPN Router with Dual ISA and ISM Accelerator Cards

(7140: Hardware Version: 7140, Software: IOS 12.1(9)E; ISM Accelerator: Hardware Version: 1.0, Board Rev: AO 7140 Dual: Hardware Version: 7140, Software: IOS 12.1(9)E, ISM Accelerator: Hardware Version: 1.0, Board Version: AO; ISA Accelerator: Hardware Version 1.0, Board Version B0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/12/2001
02/25/2002
01/10/2003
05/24/2005
05/28/2010
02/23/2012
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #17, #76 and #77); SHA-1 (Certs. #26, #66 and #67)

-Other algorithms: DES (Certs. #74, #136 and #137); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routingfunctions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
190Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

Global Certification Team

CST Lab: NVLAP 200002-0
7140 VPN Router
(Hardware Version: 7140; Software Version: IOS 12.1(9)E)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/12/2001
01/10/2003
05/24/2005
05/28/2010
02/23/2012
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26)

-Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routingfunctions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
189Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

Global Certification Team

CST Lab: NVLAP 200002-0
3640 VPN Router with Crypto Accelerator Card
3660 VPN Router with Crypto Accelerator Card

(3640: H/W Version: 3640, IOS Version: 12.1(5)T, Accelerator Card: NM-VPN/MP, Hardware Version: 1.0, Board Rev: AO 3660: H/W Version: 3660, IOS Version: 12.1(5)T, Accelerator Card: AIM-VPN/HP, Hardware Version: 1.0, Board Rev: AO)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/12/2001
01/10/2003
05/24/2005
05/28/2010
02/23/2012
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #17 and #32); SHA-1 (Cert. #26); DSA/SHA-1 (Cert. #38)

-Other algorithms: DES (Certs. #74 and #100); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routingfunctions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
188Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

Global Certification Team

CST Lab: NVLAP 200002-0
3640 Modular Access Router
3660 Modular Access Router

(Hardware Versions: 3640 and 3660; Software Version: IOS 12.1(5)T)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware12/12/2001
01/10/2003
05/24/2005
05/28/2010
02/23/2012
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26)

-Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Router is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routingfunctions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
187Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166
USA

Timothy Williams
TEL: 571-434-2000
FAX: 571-434-2001

CST Lab: NVLAP 100432-0
DiamondLINK 10/100
(Hardware Version: 2000; Software Versions: 2.0.3, 2.0.8, 2.1.3, 2.1.4, 2.1.4A, 2.1.6 and 2.1.6.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware11/27/2001
12/12/2001
02/15/2002
04/16/2002
08/08/2002
02/25/2003
04/08/2005
Overall Level: 1

-Roles and Services: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63)

-Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5

Multi-chip embedded

"DiamondLink provides a cost-effective and flexible end-to-end network security solutionfor the LAN, WAN, or Internet. It not only provides a high level of trust and dataseparation through the established end-to-end sessions, it additionally provides addedlevels of security by bringing firewall filtering functionality to the desktop. This moduleprovides strong I&A with user selectable/dynamically downloaded security policies to the desktop."
186Corsec Security, Inc.
10340 Democracy Lane
Suite 201
Fairfax, VA 22030
USA

Matthew Appler
TEL: 703-267-6050
FAX: 703-267-6810

CST Lab: NVLAP 200002-0
CryptoFramework

Validated to FIPS 140-1

Certificate
Not Available

Security Policy
Software11/27/2001
06/10/2002
09/06/2002
Overall Level: 1

Multi-chip standalone
185Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

CST Lab: NVLAP 200002-0
Contivity Extranet Switch 4600
(Hardware Version: 4600; Firmware Version: 3.61.01)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware11/27/2001
12/06/2001
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #29 and #53); SHA-1 (Cert. #28, #31 and #51); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #44, #48 and #101); DES MAC; MD5; HMAC (MD5, SHA-1); 40-bit DES; RC4 (40-bit and 128-bit)

Multi-chip standalone

"The Contivity 4600 Extranet Switch provides up to 5000 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. The Switch provides 5 PCI expansion slots and dual 10/100 LAN ports, dual redundant power supplies and storage."
184Algorithmic Research Ltd.
10 Nevatim Street
Petach Tikva 49561
Israel

Gadi Aharoni
TEL: +972-3-927-9500
FAX: +972-3-923-0864

CST Lab: NVLAP 200002-0
PrivateServer 3.0 and PrivateServer 3.1
([Firmware Version 3.0, Hardware Versions 3.0] and [Firmware Version 3.1, Hardware Version 3.1])
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware11/27/2001
12/13/2002
02/10/2003
07/15/2003
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #66); SHA-1 (Cert. #58); RSA digital signature (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert.#127); MD5; RSA (encryption); ISO9796; ARDFP; Diffie-Hellman (key agreement)

Multi-chip standalone

"The PrivateServer is a high-performance cryptographic service provider. Contained within a secure, tamper-responsive steel case, the PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include strong cryptography using DES, triple-DES, and SHA-1, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities."
183Motorola, Inc.
8220 East Roosevelt Street
Scottsdale, AZ 85257
USA

Kerry Johns-Vano
TEL: 480-441-4733
FAX: 480-441-3580

CST Lab: NVLAP 100432-0
ASTRO Subscriber Universal Crypto Module
(Hardware Version: Issue O; Firmware Versions: R05.00.02, R05.00.03, R05.00.12 and R05.00.13)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware11/19/2001
02/07/2002
10/04/2002
10/21/2002
01/06/2003
Overall Level: 1

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #82)

-Other algorithms: DES (09/22/1995); DES-XL; DVI-XL; DVI-SPFL; DVP-XL

Multi-chip embedded

"Encryption modules used in Motorola Astro™ family of radios. Provides securevoice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced keymanagement."
182Hasler, Inc.
19 Forest Parkway
Shelton, CT 06484
USA

Richard Rosen
TEL: 203-926-1087
FAX: 203-926-1628

CST Lab: NVLAP 200002-0
SAFE CV 401
(Hardware Version: 401; Software Versions: 3.1.1 and 3.3.2)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware11/09/2001
06/21/2002
Overall Level: 3

-Physical Security: Level 3 +EFT

-FIPS Approved algorithms: Triple-DES (Cert. #47); DSA/SHA-1 (Cert. #43)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip embedded

"SAFE CV provides the physical and logical resources necessary to function as a United States Postal Service(USPS), Information-Based Indicia Program (IBIP), Postal Security Device (PSD). It is used for securely managing anddispensing money via encryption and digital signature techniques and protects the interests of user, service provider andrecipient. The device is ideally suited to both embedded and PC based applications requiring high-speed cryptographicfunctions. Additionally, this device has been approved for export for use in markets throughout the world."
181nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nForce 150 PCI and nForce 300 PCI
(Hardware Versions: nC3022P-150 and nC3022P-300, Build standard E; Firmware Versions: 5.0 (1.71.15) and 5.0.1 (1.71.91))
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware11/09/2001
01/23/2004
Overall Level: 2

-Roles and Services: Level 3*
-Physical Security: Level 3
-Key Management: Level 3*
-Software Security: Level 3
-Self Tests: Level 3*
*When operated in the FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip embedded

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging including X.400/EDI."
180nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F3 SCSI and nShield F3 Ultrasign SCSI
(Hardware Versions: nC4032W-150 and nC4032W-400, Build standard D; Firmware Versions: 5.0 (1.71.15) and 5.0.1 (1.71.91))
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware11/09/2001
01/23/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
179Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

CST Lab: NVLAP 200002-0
Contivity Extranet Switch 2600
(Hardware Version: 2600; Firmware Version: 3.60.45)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/30/2001
12/06/2001
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #29 and #53); SHA-1 (Cert. #28, #31 and #51); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #44, #48 and #101); DES MAC; MD5; HMAC (MD5, SHA-1); DES (40-bit); RC4 (40-bit and 128-bit)

Multi-chip standalone

"The Contivity 2600 Extranet Switch provides up to 1000 branch officeor end user IPSEC tunnels with a flexible easy to manage and cost effectivepackage. The Switch provides 3 PCI expansion slots and dual 10/100 LANports."
178Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

CST Lab: NVLAP 200002-0
Contivity Extranet Switch 1600
(Hardware Version: 1600; Firmware Version: 3.60.45)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/30/2001
12/06/2001
Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #29 and #53); SHA-1 (Cert. #28, #31 and #51); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #44, #48 and #101); DES MAC; MD5; HMAC (MD5, SHA-1); DES (40-bit); RC4 (40-bit and 128-bit)

Multi-chip standalone

"The Contivity 1600 Extranet Switch provides up to 200 branch office or enduser IPSEC tunnels with a flexible easy to manage and cost effective package. TheSwitch provides a PCI expansion slot and dual 10/100 LAN ports."
177Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

Entrust Sales

CST Lab: NVLAP 200017-0
Entrust TruePass Applet Cryptographic Module
(Software Version: 5.2)
(When operated in FIPS mode with FIPS validated browser services operating in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software10/30/2001
11/15/2001
06/28/2002
07/18/2002
05/28/2014
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Windows NT 4.0 SP3, Windows 95/98, Windows 2000 SP2 and Netscape 4.72 (Cert. #47) or Microsoft IE 5.5 (Cert. #103) (operated in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #130);

Multi-chip standalone

"The module performs low level cryptographic operations – encryption, decryption and hashes – implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
176Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

Entrust Sales

CST Lab: NVLAP 200017-0
Entrust Cryptographic Kernel v6.0
(Software Version: 6.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software10/30/2001
05/09/2002
07/18/2002
05/27/2003
05/28/2014
Overall Level: 2

-EMI/EMC: Level 3
-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq ProLiant 7000 Server

-FIPS Approved algorithms: AES (Cert. #10); Triple-DES (Cert. #6); DSA/SHA-1 (Cert. #10); RSA (FIPS 186-2 and PKCS #1, vendor affirmed)

-Other algorithms: DES ((Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-SHA-1; HMAC-MD5; HMAC-RMD160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie Hellman; ECDSA (vendor affirmed; non-compliant)

Multi-chip standalone

"This module is used in the Entrust® family of products."
175nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F2 PCI and nShield F2 Ultrasign PCI
(Hardware Versions: nC4022P-150 and nC4022P-300, Build standard E; Firmware Versions: 5.0 (1.71.15) and 5.0.1 (1.71.91))
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/11/2001
01/23/2004
Overall Level: 2

-Roles and Services: Level 3*
-Physical Security: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3*
*When operated in the FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
174nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F3 PCI and nShield F3 Ultrasign PCI
(Hardware Versions: nC4032P-150 and nC4032P-300, Build standard E; Firmware Versions: 5.0 (1.71.15) and 5.0.1 (1.71.91))
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/11/2001
01/23/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip embedded

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
173SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200427-0
Luna® XP plus
(Hardware Version: 3.9)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/11/2001
10/18/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #73); SHA-1 (Cert. #64); DSA (Cert. #51); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #134); RC2; RC4; RC5; CAST; CAST3; CAST5; HMAC-SHA1; HMAC-MD5; RSA (encryption/decryption); MD2; MD5; Diffie-Hellman -1024 (key agreement)

Multi-chip standalone

"Luna® XPplus offers hardware-accelerated signing, secure key management, and signature validation for high volume transaction applications such as transaction coordinators and OCSP (Online Certificate Status Protocol) responders. Luna® XPplus is a scalable, hardware security module for high-performance digital signing of e-business transactions in a FIPS 140-1 level 3-validated solution. The product operates in conjunction with Luna® CA³ root key protection systems leveraging ultimate private key integrity for high-volume digital signing applications. Luna® XPplus signing devices allow you to add signature processing throughput as needed."
172nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F2 SCSI and nShield F2 Ultrasign SCSI
(Hardware Versions: nC4022W-150 and nC4022W-400, Build standard D; Firmware Versions: 5.0 (1.71.15) and 5.0.1 (1.71.91))
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/15/2001
01/23/2004
Overall Level: 2

-Roles and Services: Level 3*
-EMI/EMC: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3*
*When operated in the FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
171nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nForce 150 SCSI and nForce 400 SCSI
(Hardware Versions: nC3022W-150 and nC3022W-400, Build standard D; Firmware Versions: 5.0 (1.71.15) and 5.0.1 (1.71.91))
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware10/15/2001
01/23/2004
Overall Level: 2

-Roles and Services: Level 3*
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3*
*When operated in the FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging including X.400/EDI."
170NetScreen Technologies, Inc.
805 11th Avenue
Bldg. 3
Sunnyvale, CA 94089
USA

Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0
NetScreen 5XP
(Hardware Version: Revision 3010; Software Version: ScreenOS 2.6.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/27/2001
02/13/2003
06/03/2003
Overall Level: 2

-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #49 and #50); SHA-1 (Cert. #47); DSA/SHA-1 (Cert. #44); RSA (SigVer; PKCS #1; vendor affirmed)

-Other algorithms: DES (Certs. #114 and #115); RC2; RC4; MD5; RSA (encryption/decryption); Diffie-Hellman (key agreement); Blowfish; HMAC

Multi-chip standalone

"The NetScreen-5XP is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10Base-T Ethernet ports (trust and untrust), the NetScreen-5XP performs at near wire-speed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
169NetScreen Technologies, Inc.
805 11th Avenue
Bldg. 3
Sunnyvale, CA 94089
USA

Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0
NetScreen 500
(Hardware Version: Revision 4110; Software Version: ScreenOS 2.6.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/27/2001
02/13/2003
06/03/2003
Overall Level: 2

-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #49 and #50); SHA-1 (Cert. #47); DSA/SHA-1 (Cert. #44); RSA (SigVer; PKCS #1; vendor affirmed)

-Other algorithms: DES (Certs. #114 and #115); RC2; RC4; MD5; RSA (encryption/decryption); Diffie-Hellman (key agreement); Blowfish; HMAC

Multi-chip standalone

"The NetScreen-500 is a purpose-built security system integrating stateful inspection firewall, VPN, and traffic management together in a compact system that only requires 2U of rack space. Designed for high performance, redundancy, manageability, and multiple security domains, the NetScreen-500 implements a modular design, it offers many of the compelling functionality of an appliance. In addition, there are redundant dedicated high availability ports, dedicated management port, 4 traffic module bays, and a programmable LCD."
168SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0
LUNA® RA Secure Key Issuance HSM token
(Hardware Versions: v 1 and 2; Firmware Version: v3.9)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/25/2001
10/18/2004
Overall Level: 2

-Software Security: Level 3
-Self Tests: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #74); Triple-DES MAC; DSA/SHA-1 (Cert. #13); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #32); DES MAC; HMAC-SHA-1; Diffie-Hellman (key agreement); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; CAST/CAST3/CAST5 (40 and 64 bit keys)

Multi-chip standalone

"The Chrysalis-ITS® LUNA RA Secure Issuance HSM token is a hardware-based, multiple-chip standalone module which is a delta production of the Chrysalis-ITS® LUNA 2 token (certificate #56, dated 08/08/1999). Like the LUNA 2, the LUNA RA is in the form of a PC card “token” based on the PCMCIA standard. The LUNA RA token offers secure key distribution, fast key generation and secure key backup functionality to increase security and reduce operational overhead. The Luna RA token is integral to the secure issuance of keys to smart cards, cable modems, mobile phones and other PKI-enabled devices."
167SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200017-0
Rosetta Smart Card
(Hardware Version: SC410-G; Firmware Version: SPYCOS 2.01(FUP03))
(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/25/2001
01/01/2014
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #54); Skipjack (Cert. #4); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #78); DSA (SigGen and KeyGen, Cert. #31; non-compliant); KEA (key exchange)

Multi-chip standalone

"The SPYRUS Rosetta Smart Card is an ISO 7816 compliant public key smart card based upon the SPYCOS card operating system."
166SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200017-0
Rosetta USB
(Hardware Version: USB110-GBL; Firmware Version: SPYCOS 2.01(FUP03))
(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/10/2001
01/01/2014
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #54); Skipjack (Cert. #4); RSA (vendor affirmed);

-Other algorithms: DES (Cert. #78); DSA (SigGen and KeyGen, Cert. #31; non-compliant); KEA (key exchange)

Multi-chip standalone

"The Rosetta USB is a low cost cryptographic token ideal for public key operations, key generation, and certificate storage. USB compatibility means simple “plug and play” ease of use. Rosetta USB provides user authentication, digital signatures, and data privacy all in a familiar key-shaped token. With both commercial and government cryptographic algorithms, Rosetta USB supports messaging and authentication requirements at a lower cost of deployment than smart cards or PC cards. Combined with the Rosetta Executive Suite software, Rosetta USB seamlessly plugs into e-mail, browsing, and data security applications."
165Axalto Inc.
8311 North FM 620 Road
Austin, TX 78726
USA

David Teo
TEL: 512-257-3895
FAX: 512-257-3881

David Wen
TEL: 510-745-6215

CST Lab: NVLAP 100432-0
SchlumbergerSema Cyberflex Access 32K with ActivCard Applets
(Hardware Versions: PN 15006436 and 15008973; Firmware Version: M256EPALP1_SI_9C_02 Softmask 7 version 2)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware09/10/2001
11/02/2001
02/25/2002
05/09/2003
09/21/2004
05/25/2006
Overall Level: 2

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #57); SHA-1 (Cert. #65); RSA (Signature; PKCS #1; vendor affirmed)

-Other algorithms: N/A

Single-chip

"Cyberflex Access 32K with Applets, which incorporates PKI (public key infrastructure) and digital signature technology, serve as highly portable, secure tokens for enhancing the security of network access and ensuring secureelectronic communications. Cyberflex Access 32K with Applets has on board Triple DES and RSA algorithms and can provide on board key generation. It is compliant to Java Card V2.1.1 and Open Platform V2.0.1. The Cyberflex Access 32K with Applets smart card is part of a range of highly secure, Java-based smart cards for physical and logical access, e-transactionsand other applications.

The ActivCard applets add to the smart card platform the following services: cardholder authentication, digital signature, and secure data storage. The external interface provided by the applets is compliant with the smart card interoperability specification defined by the GSA."
164Kasten Chase Applied Research, Ltd.
5100 Orbitor Drive
Mississauga, Ontario L4W 4Z4
Canada

Cyril Fernandes
TEL: 905-238-6900 x3310
FAX: 905-212-2003

CST Lab: NVLAP 200002-0
RASP Secure Modem
(Hardware Version: 1.5; Firmware Versions: P539 and P539.2)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware08/23/2001
08/01/2003
Overall Level: 1

-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #2); Skipjack (Cert. #2)

-Other algorithms: KEA

Multi-chip standalone
163RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE® Crypto-C
(Software Version: 5.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software08/15/2001
08/27/2001
01/04/2008
10/16/2008
09/07/2010
03/28/2011
01/24/2013
02/12/2016
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Windows 98 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #70); SHA-1 (Cert. #59); DSA (Cert. #49); RSA (ANSI X9.31 and PKCS#1 for Signature; vendor affirmed); ECDSA (vendor affirmed)

-Other algorithms: DES (Cert. #131); RSA Encryption; MD; MD5; HMAC SHA-1; HMAC MD5; AES (Rijndael); DESX; RC2; RC4; RC6; Elliptic Curve (F2&Fp); Elliptic Curve Encryption Scheme; EC Diffie-Hellman (key agreement); Bloom-Shamir; Diffie-Hellman (key agreement)

Multi-chip standalone

"The RSA BSAFE® Crypto-C Module version 5.2.1 is a software development kit that allows software and hardware developers to incorporate encryption technologies directly into their products. It provides a variety of cryptographic services to calling applications that are documented in RSA’s RSA BSAFE® Crypto-C Security Components for C Library Reference Manual. RSA BSAFE® Crypto-C is a C-language API available as a static library, a dynamic library and as source code."
162SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 100432-0
CryptoSwift HSM
(Hardware Version: P/N 107316; Firmware Versions: 5.6.27 and 5.6.28)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware08/15/2001
08/27/2001
11/19/2002
10/18/2004
Overall Level: 3

-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #30); SHA-1 (Cert. #16); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #43); RC4; MD5; HMAC MD5; HMAC SHA-1; RSA Encryption; DSA (non-compliant)

Multi-chip embedded

"The CryptoSwift HSM is for high-assurance applications requiring a high degree of physical security as well as optimal cryptographic processing performance. With its tamper active design, the evasive measures of the CryptoSwift HSM defeat physical attacks through detection and response to ensure the integrity and confidentiality of keying information. The key management features allow operators to backup or clone keys securely and easily. In addition, strong two-factor authentication is provided for Security Officers and Operators with the CryptoSwift HSM's trusted channel, a USB port with Rainbow Technologies iKey authentication solution."
161SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200427-0
iKey 2032
(Hardware Versions: (A and 909-23002) and 909-25001; Firmware Version: 0.6)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware08/03/2001
09/21/2004
10/18/2004
01/11/2007
Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #35); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #88); Triple-DES (vendor affirmed; non-compliant); Diffie-Hellman (key agreement)

Multi-chip standalone

"The iKey 2032 is a powerful and portable two-factor authentication USB device suited for applications demanding high security. The iKey 2032 specifically supports Public Key Infrastructure (PKI) needs by providing on-board cryptographic key generation; secure storage of key pairs and X.509 digital certificates; and performing digital signature signing operations on-board."
160Eracom Technologies Group, Eracom Technologies Australia, Pty. Ltd.
28 Greg Chappell Drive
Burleigh Heads, QLD 4220
Australia

Gerry Scott
TEL: 916-677-2450
FAX: 916-677-2460

CST Lab: NVLAP 200002-0
CSA8000 Cryptographic Adapter
(Hardware Versions: Revision G, Cprov; Firmware Version: 1.10)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware07/27/2001
10/18/2005
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #63); DSA (Cert. #47); SHA-1 (Cert. #55); RSA (PKCS #1 for Signatures; vendor affirmed)

-Other algorithms: DES (Cert. #124); HMAC-SHA-1; RSA; CAST128; IDEA; AES (Rijndael); RC2; RC4; MD2; MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The Eracom CSA8000 Cryptographic Adapter is an intelligent PCI adapter card that provides a wide range of cryptographic functions with dedicated DES/3DES and RSA hardware accelerators. The module implements the PKCS#11 cryptographic API and provides a comprehensive compliance to the PKCS#11 standard as well as vendor specific extensions."
159Avaya, Inc.
1500 Buckeye Drive
Milpitas, CA 95035
USA

Kevin Johnson
TEL: 408-321-4884
FAX: 408-404-1313

CST Lab: NVLAP 100432-0
VSU-5000 and VSU-7500
(Hardware Version: 02; Software Version: 3.1.34)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware07/27/2001
08/02/2002
Overall Level: 2

-FIPS Approved algorithms: SHA-1 (Certs. #28 and #52); Triple-DES (Certs. #60 and #61); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #44 and #122); MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The VSU™ series of VPN gateways provide high performance ICSA certified IPSec VPN and firewall services for networks of all sizes and complexity. All VSU models are tamper evident network security appliances that cost effectively provide secure authenticated communications over public IP networks, and protect private enterprise networks from attack or intrusion."
158Avaya, Inc.
1500 Buckeye Drive
Milpitas, CA 95035
USA

Kevin Johnson
TEL: 408-321-4884
FAX: 408-404-1313

CST Lab: NVLAP 100432-0
VSU-100/VSU-100R and VSU-2000
(Hardware Version: 02; Software Version: 3.1.34)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware07/27/2001
08/02/2002
Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: SHA-1 (Certs. #28 and #52); Triple-DES (Certs. #60 and #61); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #44 and #122); MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The VSU™ series of VPN gateways provide high performance ICSA certified IPSec VPN and firewall services for networks of all sizes and complexity. All VSU models are tamper evident network security appliances that cost effectively provide secure authenticated communications over public IP networks, and protect private enterprise networks from attack or intrusion."
157SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200017-0
Rosetta USB
(Hardware Version: USB110-FGR; Firmware Version: SPYCOS 2.01(FUP02))
(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware07/17/2001
01/01/2014
Overall Level: 2

-Roles and Services: Level 3
-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Skipjack (Cert. #4); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #78); Triple-DES (Cert #54; non-compliant); DSA (Cert. #31; non-compliant); KEA (key exchange)

Multi-chip standalone

"The Rosetta USB is a low cost cryptographic token ideal for public key operations, key generation, and certificate storage. USB compatibility means simple "plug and play" ease of use. Rosetta USB provides user authentication, digital signatures, and data privacy all in a familiar key-shaped token. With both commercial and government cryptographic algorithms, Rosetta USB supports messaging and authentication requirements at a lower cost of deployment than smart cards or PC cards. Combined with the Rosetta Executive Suite software, Rosetta USB seamlessly plugs into e-mail, browsing, and data security applications."
156Hasler, Inc.
19 Forest Parkway
Shelton, CT 06484
USA

Richard Rosen
TEL: 203-926-1087
FAX: 203-926-1628

CST Lab: NVLAP 200002-0
SAFE CV Lite
(Hardware Version: 2.0; Software Version: 1.4.14)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware07/12/2001
06/21/2002
Overall Level: 2

-Physical Security: Level 3 +EFP/EFT
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #47); DSA/SHA-1 (Cert. #43)

-Other algorithms: ElGamal

Multi-chip embedded

"The SAFE device is dsigned as a single electronic circuit board. The primary objective of the SAFE device is to protect funds and to apply respective access rules."
155AEP Networks
Focus 31, West Wing
Cleveland Road
New Hempstead, Herts HP2 7BW
United Kingdom

David Miller
TEL: +44 1442 458617

CST Lab: NVLAP 200017-0
Advanced Configurable Crypto Environment (ACCE) - L3 SV and BE
(Hardware Version: 2710-G1; Firmware Version: v2.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware07/05/2001
07/18/2001
07/22/2002
10/04/2002
04/21/2005
Overall Level: 3

-Physical Security: Level 3 +EFT
-Software Security: Level 4
-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Certs. #24 and #25); Triple-DES MAC; DSA/SHA-1 (Cert. #36)

-Other algorithms: DES (Certs. #82 and #92); DES MAC; MD5; RSA (PKCS1 and ISO9796); Diffie-Hellman (key agreement)

Multi-chip embedded

"The ACCE provides highly-secure cryptographic services and key storage. Itis used in a range of AEP Networks and OEM products including the SureWareKeyper family."
154Blue Ridge Networks
14120 Parke Long Court
Chantilly, VA 20151
USA

Tom Gilbert
TEL: 703-631-0700
FAX: 703-631-9588

CST Lab: NVLAP 200416-0
BorderGuard 3000
(Hardware Version: 6.0)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/21/2001Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #57 and #58); SHA-1 (Cert. #49 and #50)

-Other algorithms: DES (Cert. #119 and #120); NSC-1; IDEA; HMAC (MD5 and SHA-1); RSA; Diffie-Hellman (key agreement)

Multi-chip standalone

"A network security appliance for the construction of secure Virtual Private Networks between Internet sites, and between Internet sites and individual remote users."
153NetScreen Technologies, Inc.
805 11th Avenue
Bldg. 3
Sunnyvale, CA 94089
USA

Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0
NetScreen-100
(Sofware Version 2.6.1, Hardware Revision 4)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/15/2001
02/13/2003
06/03/2003
Overall Level: 2

-Roles and Services: Level 3
-Key Management: Level 3
-Module Interfaces: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #49 and #50); SHA-1 (Cert. #47); DSA/SHA-1 (Cert. #44)

-Other algorithms: DES (Cert. #114 and #115); RC2; RC5; MD5; RSA; HMAC; Diffie-Hellman (key agreement); Blowfish

Multi-chip standalone

"The NetScreen-100 is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that is optimized for the most demanding environments such as high traffic sites."
152Tumbleweed Communications Corp.
700 Saginaw Drive
Redwood City, CA 94063
USA

Ken Beer
TEL: 650-216-2083

CST Lab: NVLAP 200416-0
MMS Security Kernel
(Software Version: 4.0)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software06/13/2001Overall Level: 1

-EMI/EMC: Level 3
-Operating System Security: Tested as meeting Level 1 with Windows NT Version 4.0 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #40); DSA/SHA-1 (Cert. #18); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #46); MD2; MD5; RC2; RC5

Multi-chip standalone

"The Tumbleweed Messaging Management System (MMS) is a suite of software products designed to allow organizations to apply content filtering and secure messaging policies on e-mail and Web traffic. All portions of the MMS use a shared set of cryptographic functionality called the MMS Security Kernel. The MMS Security Kernel exposes cryptographic application programming interface (API) calls to the other portions of the MMS."
151SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
SafeEnterprise™ Link Encryptor-High Speed Serial Interface (SLE-HSSI)
(Hardware Version: Rev 3; Firmware Version: v2.1)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware06/04/2001
07/18/2002
07/03/2003
10/19/2004
Overall Level: 2

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #22 and #56); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Cert. #109); Diffie-Hellman (key agreement)

Multi-chip standalone

"The SLE-HSSI secures data over high speed synchronous data links up to 52MHz, encrypting data at the full data rate, and meeting the HSSI industry standard. It contains the cryptographic module, which is the case containing all electronics, excluding the battery & its holder."
150nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F3 SCSI and nShield F3 Ultrasign SCSI
(Hardware Versions: nC4032W-150 and nC4032W-400; Firmware Versions: 4.0 (1.71.11) and 4.0.1 (1.71.91))
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware05/23/2001
01/23/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael, ARC FOUR, CAST5; HMAC (MD2, MD5, SHA-1, SHA-192, SHA-256 and RIPEMD160); ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public KeyInfrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
149nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nForce 150 PCI and nForce 300 PCI
(Hardware Versions: nC3022P-150 and nC3022P-300; Firmware Version: 3.2)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware05/23/2001Overall Level: 2

-Cryptographic Module Design: Level 3
-Roles and Services: Level 3*
-Key Management: Level 3*
-Module Interfaces: Level 3
-Finite State Machine Model: Level 3
-Software Security: Level 3
-Self Tests: Level 3*
*(Level 3 is met in these areas when the 'FIPS_level3' flag is set during initialization.)

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael, ARC FOUR, CAST5; HMAC (MD2, MD5, SHA-1, SHA-192, SHA-256 and RIPEMD160); ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging including X.400/EDI"
148nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
nShield F2 SCSI and nShield F2 Ultrasign SCSI
(Hardware Versions: nC4022W-150 and nC4022W-400; Firmware Versions: 4.0 (1.71.11) and 4.0.1 (1.71.91))
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware05/23/2001
09/14/2001
01/23/2004
Overall Level: 2

-Cryptographic Module Design: Level 3
-Roles and Services: Level 3*
-EMI/EMC: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Finite State Machine Model: Level 3
-Software Security: Level 3
-Self Tests: Level 3*
*(Level 3 is met in these areas when the 'FIPS_level3' flag is set during initialization.)

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael, ARC FOUR, CAST5; HMAC (MD2, MD5, SHA-1, SHA-192, SHA-256 and RIPEMD160); ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
147Attachmate Corporation
424 Wards Corner Road
Loveland, OH 45140
USA

Karen M. Patterson
TEL: 513-794-8187

CST Lab: NVLAP 200002-0
CryptoConnect ES
(Software Version: 6.7)
(For services provided by the FIPS-Approved algorithms listed.)

Validated to FIPS 140-1

Certificate

Security Policy
Software05/14/2001Overall Level: 1

-EMI/EMC: Level 3
-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 95, 98, and NT 4.0 Server SP3 or higher. (single-user mode)

-FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Cert. #18)

-Other algorithms: DES (Cert. #46);

Multi-chip standalone

"CryptoConnect ES is an encryption option that provides encryption of all TCP data between sessions in Attachmate's Extra! Personal Client (TN3270, TN5250 or Telnet) and their respective host systems."
146AEP Networks
Focus 31, West Wing
Cleveland Road
New Hempstead, Herts HP2 7BW
United Kingdom

David Miller
TEL: +44 1442 458617

CST Lab: NVLAP 200017-0
Advanced Configurable Crypto Environment (ACCE) SV and BE
(Hardware Version: 2640-G3; Firmware Version: v2.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware04/23/2001
07/18/2001
07/22/2002
10/04/2002
04/21/2005
Overall Level: 4

-FIPS Approved algorithms: Triple-DES MAC; Triple-DES (Certs. #24 and #25); DSA/SHA-1 (Cert. #36)

-Other algorithms: DES (Certs. #82 and #92); DES MAC; RSA (PKCSI and ISO9796); MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The ACCE provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family."
145SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Chris Holland
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200017-0
NetHawk VPN
(Hardware Versions: 01 and 03; Firmware Version: v2.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware04/23/2001
07/18/2002
10/18/2004
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert. #36); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Cert. #104); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"The Cylink NetHawk is a hardware-based, multiple-chip standalone Virtual Private Network (VPN) device that provides authenticated, encrypted network communications."
144SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200017-0
Rosetta USB
(Hardware Version: USB110-FBK; Firmware Version: SPYCOS 2.01(FUP02))
(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware04/16/2001
07/03/2001
01/01/2014
Overall Level: 2

-Roles and Services: Level 3
-EMI / EMC: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Skipjack (Cert. #4); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #78); Triple-DES (Cert #54; non-compliant); DSA (Cert. #31; non-compliant); KEA (key exchange)

Multi-chip standalone

"The Rosetta USB is a low cost cryptographic token ideal for public key operations, key generation, and certificate storage. USB compatibility means simple "plug and play" ease of use. Rosetta USB provides user authentication, digital signatures, and data privacy all in a familiar key-shaped token. With both commercial and government cryptographic algorithms, Rosetta USB supports messaging and authentication requirements at a lower cost of deployment than smart cards or PC cards. Combined with the Rosetta Executive Suite software, Rosetta USB seamlessly plugs into e-mail, browsing, and data security applications."
143Algorithmic Research Ltd.
10 Nevatim Street
Kiryat Matalon
Petach Tikva 49561
Israel

Peleg Atar
TEL: 972-3-927-9500

CST Lab: NVLAP 200017-0
PrivateWire Client
(Software Version: 3)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software04/16/2001Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT 4.0 Server SP 5.0.

-FIPS Approved algorithms: Triple-DES (Cert. #38); DSA/SHA-1 (Cert. #38)

-Other algorithms: DES (Cert.#111); RC4; El-Gamal; MD-5; RSA (ISO9796); Diffie-Hellman (key agreement)

Multi-chip standalone

"PrivateWire is a software product that enables secure communication between organizations and private users."
142Algorithmic Research Ltd.
10 Nevatim Street
Kiryat Matalon
Petach Tikva 49561
Israel

Peleg Atar
TEL: 972-3-927-9500

CST Lab: NVLAP 200017-0
PrivateWire Security Gateway
(Software Version: 3)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Software04/16/2001
07/15/2003
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT 4.0 Server SP 5.0.

-FIPS Approved algorithms: Triple-DES (Cert. #38); DSA/SHA-1 (Cert. #33)

-Other algorithms: DES (Cert.#111); RC4; El-Gamal; MD-5; RSA (ISO9796); Diffie-Hellman (key agreement)

Multi-chip standalone

"PrivateWire is a software product that enables secure communication between organizations and private users."
141V-ONE Corporation, Inc.
20250 Century Blvd.
Suite 300
Germantown, MD 20874
USA

Sales
TEL: 301-515-5200
FAX: 301-515-5280

Citrix Systems, Inc.
TEL: 801-816-3353

CST Lab: NVLAP 200416-0
SmartPass FIPS Token
(Software Versions: 4.0 and 4.1) Citrix Extranet Client ( 2.0)

Validated to FIPS 140-1

Certificate

Security Policy
Software04/02/2001
09/14/2001
10/09/2001
06/18/2003
Overall Level: 1

-Roles and Services: Level 2
-EMI / EMC: Level 3
-Software Security: Level 3
-Operating System Security: Tested as meeting Level 1 with Microsoft Windows98

-FIPS Approved algorithms: SHA-1 (Cert. #10); Triple-DES (Cert. #46)

-Other algorithms: DES; MD5

Multi-chip standalone

"V-ONE’s SmartPass (client) contains the same software-based cryptographicalgorithms (3DES) utilized in all V-ONE products including its SmartGate andSmartGuard family of servers."

"Citrix Systems, Inc. makes SmartPass available under a private label licensing agreement as their Citrix Extranet Client"

140Ensuredmail, Inc.
1708 Lovering Avenue
Suite 202
Wilmington, DE 19806
USA

Andrew Edelsohn
TEL: 302-426-1185
FAX: 800-886-9062

CST Lab: NVLAP 100432-0
Ensuredmail, v1.0
(Software Version: 1.0)
(The KEK is limited to keys derived from a hash of a six-character password.)

Validated to FIPS 140-1

Certificate

Security Policy
Software03/29/2001
05/20/2003
Overall Level: 1

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 95/98 and Windows 2000 (single-user mode).

-FIPS Approved algorithms: Triple-DES (Cert.#42); SHA-1 (Cert. #44)

-Other algorithms: N/A

Multi-chip embedded

"Turnkey, enterprise software that enables two-way secure e-mail communication, even with attachments, without requiring the recipients to install any software."
139SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
Cylink Frame Encryptor II
(Hardware Version: Revision 6; Firmware Versions: v4.05 and v4.06)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware03/14/2001
05/09/2001
07/18/2002
12/04/2003
10/18/2004
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Certs. #5 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links."
138Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200002-0
Novell International Cryptographic Infrastructure (NICI)
Controlled Cryptographic Service (CCS) Client, v2.0

(Software Version: 2.0)
(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Certificate

Security Policy
Software03/14/2001
01/31/2006
Overall Level: 1

-EMI/EMC: Level 3
-Operating System Security: Tested as meeting Level 1 with Microsoft Windows95 and Windows98 (single-user mode).

-FIPS Approved algorithms: Triple-DES (Cert. #35); SHA-1 (Cert. #40); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #103); MD2; MD4; MD5; RC2; RC4; RC5; HMAC (MD5, SHA-1); RSA (encryption/decryption); Diffie-Hellman (key agreement)

Multi-chip standalone

"NICI is Novell's software-based cryptographic infrastructure for Novell products."
137Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0
BlackBerry 850/857
and BlackBerry 950/957
Cryptographic Kernel

(Firmware Version: 2.1)
(When operated in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Firmware03/01/2001
06/03/2002
08/24/2005
Overall Level: 1

-FIPS Approved algorithms: Triple-DES (Cert. #45); SHA-1 (Cert. #45)

-Other algorithms: N/A

Multi-chip standalone

"The BlackBerry crypto firmware v2.1, common to both the BlackBerry 850/857 and the BlackBerry 950/957, securely compresses and encrypts messages with Triple-DES. Following this procedure, the ciphertext is transmitted over the Internet to the recipient mail server. Upon receiving the message, the mail server decrypts and decompresses the ciphertext back to the original plaintext. The BlackBerry crypto firmware is messaging-system independent."
136Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0
NetFortress® 10 / MAIP
(Hardware Version: 4.0 firmware)
(When factory configured in FIPS mode)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/18/2001
03/26/2010
05/17/2013
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Cert.#19); SHA-1 (Cert.#34)

-Other algorithms: DES (Cert.#23); Diffie-Hellman (key agreement); IDEA

Multi-chip standalone

"The NetFortress® 10 / MAIP is a tamper-resistant network communications security solution that establishes private communications between corporate divisions, branch offices, and mobile users. It integrates seamlessly and economically into any LAN and WAN environment for optimum flexibility and scalability. NetFortress 10’s security feature set includes encryption, data integrity checking, authentication, access control, data compression and firewall capabilities. It is compliant with IPSec."
135Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux 92220
France

Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0
IJ25 Secure Metering Module (SMM)
(Hardware Version: D)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/18/2001
10/03/2006
Overall Level: 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #39)

-Other algorithms: N/A

Multi-chip embedded

"The module provides services to a tabletop mailing system designed primarily for the small office/home office environment. Features include manually inserted/removed mail; indicium printed at maximum of 1200 envelopes per hour; internal modem for remote re-crediting; scale interface; Memory Card interface to load slogans, scale rates and class indication; capacity for 10 slogans or advert images; ink jet technology."
134PSI Systems, Inc.
247 High Street
Palo Alto, CA 94301-1041
USA

Dr. Harry T. Whitehouse
TEL: 650-321-2640 x112
FAX: 650-321-0356

CST Lab: NVLAP 100432-0
Postal Cryptographic Coprocessor
(Hardware Version: 1.01)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/18/2001Overall Level: 3

-Physical Security: Level 4
-Self Tests: Level 4

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #23); Triple-DES (Cert. #33)

-Other algorithms: DES (Cert. #58); RSA

Multi-chip embedded

"This module provides the services to support high-speed, secure micro-transactions, including the production and verification of United States Postal Service Information-Based Indicia."
133Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux 92220
France

Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 200002-0
N18D Postage Meter
(Hardware Version: v. 4101508D; Software Version: v. 6.1)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/16/2001
10/03/2006
Overall Level: 2

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: SHA-1 (Cert. #41); DSA/SHA-1 (Cert. #42)

-Other algorithms: DES (Certs. #106 and #107);

Multi-chip embedded

"The N18D module is a postage meter supporting accounting and cryptographic functions for secure electronic transactions. Associated to a document transport system and an inkjet print-head, the module is capable of producing up to 180 envelopes per minute."
132Neopost Online, Inc.
3400 Bridge Parkway
Suite 201
Redwood City, CA 94065
USA

Chandra Shah
TEL: 650-620-3600

CST Lab: NVLAP 200002-0
Secure Metering Device / Series II (SMD-II)
(Version: 2002, Hardware version A)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/16/2001Overall Level: 2

-Physical Security: Level 3 +EFP/EFT
-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #40)

-Other algorithms: N/A

Multi-chip standalone

"The Secure Metering Device / Series 2 (SMD-II) is an electronic device developed by Neopost Online that securely loads, stores, and dispenses revenue. The SMD-II is designed to meet the applicable USPS IBIP specifications for postage meters. The SMD-II attaches to and communicates with the host computer via a serial interface. The revenue is dispensed from the SMD-II to the host computer in the form of a digitally signed indicium, a unique bit pattern that can be determined to have originated from a particular SMD-II at a particular point in time."
131SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0
Cylink Link Encryptor NRZ E1-120ohms and Link Encryptor NRZ T1
(Hardware Version: Rev. B; Firmware Versions: 1.25, 1.26, 1.31 and 1.33)

Validated to FIPS 140-1

Certificate

Security Policy
Hardware01/10/2001
09/14/2001
05/15/2002
07/18/2002
12/04/2003
10/18/2004
Overall Level: 2

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11, #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."