CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 4/2/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
200 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Frame Encryptor-High Speed Serial Interface (SFE HSSI)
(Firmware Version 4.08 and 4.09, Hardware Version 3)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/18/2001;
04/11/2002;
05/15/2002;
07/18/2002;
07/03/2003;
10/19/2004
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #5 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SFE-HSSI protects information flowing between nodes or sites of a frame relay network. It can be con-figured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through encryption or passed without encryption. The SFE-HSSI support full-duplex traffic throughput of between 56-256 kbps for 32-1022 secure connections. The SFE will achieve this throughput for the smaller frames as well (64 byte frames is a target)."
199 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00181
Finland

-Alexey Kirichenko
TEL: +358-9-2520-4548

CST Lab: NVLAP 200002-0

F-Secure Cryptographic Service Provider DLL
(Software Version: 1.1)

(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Software 12/18/2001;
07/31/2003
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT 4.0 SP6

-FIPS Approved algorithms: Triple-DES (Cert. #68); DSA (Cert. #50); SHA-1 (Cert. #62); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #129); RSA Encryption/Decryption; IDEA; Blowfish; CAST-128; Rijndael; Arcfour; MD5; RIPEMD-160; HMAC-SHA-1; HMAC-MD5; HMAC-RMD160; Diffie-Hellman (key agreement)

Multi-chip standalone

"The F-Secure Cryptographic Service Provider is a FIPS 140-1 Level 1 compliant software module, implemented as a 32-bit Windows™ NT compatible DLL, which provides a variety of cryptographic services and can be dynamically linked into applications by software developers to get access to general-purpose cryptographic functionality."
198 Mailroom Technology, Inc.
230 Long Hill Cross Road
Shelton, CT 06484
USA

-Richard Rosen
TEL: 203-925-2571
FAX: 203-926-1628

CST Lab: NVLAP 200002-0

SAFE CV 411, SAFE CV 412 and SAFE CV 413
(Software Versions 3.1.1, 3.3.2, 3.3.3 and 3.4.0; Hardware Versions 411, 412 and 413)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/14/2001;
06/21/2002;
09/01/2006;
04/26/2007
Overall Level: 3 

-Physical Security: Level 3 +EFT

-FIPS Approved algorithms: Triple-DES (Cert. #47); DSA/SHA-1 (Cert. #43)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip embedded

"SAFE CV provides the physical and logical resources necessary to function as a United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Postal Security Device (PSD). It is used for securely managing and dispensing money via encryption and digital signature techniques and protects the interests of user, service provider and recipient. The device is ideally suited to both embedded and PC based applications requiring high-speed cryptographic functions. Additionally, this device has been approved for export for use in markets throughout the world."
197 CTAM, Inc.
600 17th Street 600 17th Street
Suite 950
South Denver, CO 80202
USA

-Network Security Product Manager
TEL: 720-359-1581

CST Lab: NVLAP 200002-0

CypherCell ATM Encryptor
(Hardware Version 3, Firmware Version 2.1.0)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/14/2001 Overall Level: 2 

-Roles and Services: Level 3
-EMI/EMC: Level 3
-Key Management: Level 3
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #78); SHA-1 (Cert. #68); RSA (PKCS#1 for signature, vendor affirmed)

-Other algorithms: DES (Certs. #138 and #139);

Multi-chip standalone

"CypherCell is a hardware encryption product for Asynchronous Transfer Mode (ATM) networks. It supports multiple speeds with AC or DC Power"
196 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

2621 Modular Access Router with Crypto Accelerator Card
2651 Modular Access Router with Crypto Accelerator Card

(Hardware Versions: 2621 and 2651, IOS Version: 12.1(5)T, Accelerator Card: AIM-VPN/BP, Hardware Version: 1.0, Board Rev; A0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #17 and #32); SHA-1 (Cert. #26); DSA/SHA-1 (Cert. #38)

-Other algorithms: DES (Certs. #74 and #100); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Router is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
195 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Link Encryptor-T3 (SLE-T3)
(Firmware Versions 3.00 and 3.01, Hardware Revision 16697-010-03)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
05/23/2002;
07/18/2002;
07/03/2003;
10/19/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #22 and #56); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Cert. #109); Diffie-Hellman (key agreement)

Multi-chip standalone

"The SLE-T3 secures public and private DS3/T3 data links at 44.7 MHz, encrypting data at the full data rate, and meeting the T3 industry standard. Both C-Bit and M13 framing are supported."
194 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

2621 Modular Access Router
2651 Modular Access Router

(Hardware Versions: 2621 and 2651, Software Version: IOS 12.1(5)T)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26)

-Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Router is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
193 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

7206 VXR Router with ISA Accelerator Card
(Hardware: 7206, Software: IOS 12.1(9)E, ISA Accelerator: Hardware Version 1.0, Board Version B0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #17 and #76); SHA-1 (Certs. #26 and #66)

-Other algorithms: DES (Certs. #74 and #136); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
192 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

7206 VXR Router
(Hardware: 7206 VXR, Software: IOS Version: 12.1(9)E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26)

-Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
191 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

7140 VPN Router with ISM Accelerator Card
7140 VPN Router with Dual ISA and ISM Accelerator Cards

(7140: Hardware Version: 7140, Software: IOS 12.1(9)E; ISM Accelerator: Hardware Version: 1.0, Board Rev: AO
7140 Dual: Hardware Version: 7140, Software: IOS 12.1(9)E, ISM Accelerator: Hardware Version: 1.0, Board Version: AO; ISA Accelerator: Hardware Version 1.0, Board Version B0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
02/25/2002;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #17, #76 and #77); SHA-1 (Certs. #26, #66 and #67)

-Other algorithms: DES (Certs. #74, #136 and #137); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
190 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

7140 VPN Router
(Hardware Version: 7140, Software Version: IOS 12.1(9)E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26)

-Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
189 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

3640 VPN Router with Crypto Accelerator Card
3660 VPN Router with Crypto Accelerator Card

(3640: H/W Version: 3640, IOS Version: 12.1(5)T, Accelerator Card: NM-VPN/MP, Hardware Version: 1.0, Board Rev: AO
3660: H/W Version: 3660, IOS Version: 12.1(5)T, Accelerator Card: AIM-VPN/HP, Hardware Version: 1.0, Board Rev: AO)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #17 and #32); SHA-1 (Cert. #26); DSA/SHA-1 (Cert. #38)

-Other algorithms: DES (Certs. #74 and #100); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Secure Integrated VPN is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
188 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200002-0

3640 Modular Access Router
3660 Modular Access Router

(Hardware Version: 3640 and 3660, Software Version: IOS 12.1(5)T)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 12/12/2001;
01/10/2003;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #17); SHA-1 (Cert. #26)

-Other algorithms: DES (Cert. #74); RSA (encryption); HMAC-SHA-1; AH-SHA-HMAC; ESP-SHA-HMAC; MD4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Router is a router that provides data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
187 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166
USA

-Timothy Williams
TEL: 571-434-2000
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

DiamondLINK 10/100
(Hardware Version 2000, Software Versions 2.0.3, 2.0.8, 2.1.3, 2.1.4, 2.1.4A, 2.1.6 and 2.1.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 11/27/2001;
12/12/2001;
02/15/2002;
04/16/2002;
08/08/2002;
02/25/2003;
04/08/2005
Overall Level: 1 

-Roles and Services: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #71); SHA-1 (Cert. #63)

-Other algorithms: DES (Cert. #132); Diffie-Hellman (key agreement); MD5

Multi-chip embedded

"DiamondLink provides a cost-effective and flexible end-to-end network security solution for the LAN, WAN, or Internet. It not only provides a high level of trust and data separation through the established end-to-end sessions, it additionally provides added levels of security by bringing firewall filtering functionality to the desktop. This module provides strong I&A with user selectable/dynamically downloaded security policies to the desktop."
186 Corsec Security, Inc.
10340 Democracy Lane
Suite 201
Fairfax, VA 22030
USA

-Matthew Appler
TEL: 703-267-6050
FAX: 703-267-6810

CST Lab: NVLAP 200002-0

CryptoFramework

Validated to FIPS 140-1
Not Available

Security Policy

Certificate

Software 11/27/2001;
06/10/2002;
09/06/2002
Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

185 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

CST Lab: NVLAP 200002-0

Contivity Extranet Switch 4600
(Firmware Version 3.61.01, Hardware Version 4600)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 11/27/2001;
12/06/2001
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #29 and #53); SHA-1 (Cert. #28, #31 and #51); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #44, #48 and #101); DES MAC; MD5; HMAC (MD5, SHA-1); 40-bit DES; RC4 (40-bit and 128-bit)

Multi-chip standalone

"The Contivity 4600 Extranet Switch provides up to 5000 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. The Switch provides 5 PCI expansion slots and dual 10/100 LAN ports, dual redundant power supplies and storage."
184 Algorithmic Research Ltd.
10 Nevatim Street
Petach Tikva, 49561
Israel

-Gadi Aharoni
TEL: +972-3-927-9500
FAX: +972-3-923-0864

CST Lab: NVLAP 200002-0

PrivateServer 3.0 and PrivateServer 3.1
([Firmware Version 3.0, Hardware Versions 3.0] and [Firmware Version 3.1, Hardware Version 3.1])

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 11/27/2001;
12/13/2002;
02/10/2003;
07/15/2003
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #66); SHA-1 (Cert. #58); RSA digital signature (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert.#127); MD5; RSA (encryption); ISO9796; ARDFP; Diffie-Hellman (key agreement)

Multi-chip standalone

"The PrivateServer is a high-performance cryptographic service provider. Contained within a secure, tamper-responsive steel case, the PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include strong cryptography using DES, triple-DES, and SHA-1, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities."
183 Motorola, Inc.
8220 East Roosevelt Street
Scottsdale, AZ 85257
USA

-Kerry Johns-Vano
TEL: 480-441-4733
FAX: 480-441-3580

CST Lab: NVLAP 100432-0

ASTRO Subscriber Universal Crypto Module
(Firmware Versions: R05.00.02, R05.00.03, R05.00.12 and R05.00.13, Hardware Version: Issue O)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 11/19/2001;
02/07/2002;
10/04/2002;
10/21/2002;
01/06/2003
Overall Level: 1 

-Roles and Services: Level 2
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #82)

-Other algorithms: DES (09/22/1995); DES-XL; DVI-XL; DVI-SPFL; DVP-XL

Multi-chip embedded

"Encryption modules used in Motorola Astro™ family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
182 Hasler, Inc.
19 Forest Parkway
Shelton, CT 06484
USA

-Richard Rosen
TEL: 203-926-1087
FAX: 203-926-1628

CST Lab: NVLAP 200002-0

SAFE CV 401
(Software Version 3.1.1 and 3.3.2, Hardware Version 401)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 11/09/2001;
06/21/2002
Overall Level: 3 

-Physical Security: Level 3 +EFT

-FIPS Approved algorithms: Triple-DES (Cert. #47); DSA/SHA-1 (Cert. #43)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip embedded

"SAFE CV provides the physical and logical resources necessary to function as a United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Postal Security Device (PSD). It is used for securely managing and dispensing money via encryption and digital signature techniques and protects the interests of user, service provider and recipient. The device is ideally suited to both embedded and PC based applications requiring high-speed cryptographic functions. Additionally, this device has been approved for export for use in markets throughout the world."
181 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 PCI and nForce 300 PCI
(Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC3022P-150 and nC3022P-300, Build standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 11/09/2001;
01/23/2004
Overall Level: 2 

-Roles and Services: Level 3*
-Physical Security: Level 3
-Key Management: Level 3*
-Software Security: Level 3
-Self Tests: Level 3*

*When operated in the FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip embedded

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging including X.400/EDI."
180 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI and nShield F3 Ultrasign SCSI
(Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC4032W-150 and nC4032W-400, Build standard D)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 11/09/2001;
01/23/2004
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
179 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

CST Lab: NVLAP 200002-0

Contivity Extranet Switch 2600
(Firmware version 3.60.45, Hardware Version 2600)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/30/2001;
12/06/2001
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #29 and #53); SHA-1 (Cert. #28, #31 and #51); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #44, #48 and #101); DES MAC; MD5; HMAC (MD5, SHA-1); DES (40-bit); RC4 (40-bit and 128-bit)

Multi-chip standalone

"The Contivity 2600 Extranet Switch provides up to 1000 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. The Switch provides 3 PCI expansion slots and dual 10/100 LAN ports."
178 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

CST Lab: NVLAP 200002-0

Contivity Extranet Switch 1600
(Firmware version 3.60.45, Hardware Version 1600)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/30/2001;
12/06/2001
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #29 and #53); SHA-1 (Cert. #28, #31 and #51); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #44, #48 and #101); DES MAC; MD5; HMAC (MD5, SHA-1); DES (40-bit); RC4 (40-bit and 128-bit)

Multi-chip standalone

"The Contivity 1600 Extranet Switch provides up to 200 branch office or end user IPSEC tunnels with a flexible easy to manage and cost effective package. The Switch provides a PCI expansion slot and dual 10/100 LAN ports."
177 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust TruePass Applet Cryptographic Module
(Version 5.2)

(When operated in FIPS mode with FIPS validated browser services operating in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 10/30/2001;
11/15/2001;
06/28/2002;
07/18/2002
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Windows NT 4.0 SP3, Windows 95/98, Windows 2000 SP2 and Netscape 4.72 (Cert. #47) or Microsoft IE 5.5 (Cert. #103) (operated in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #130);

Multi-chip standalone

"The module performs low level cryptographic operations – encryption, decryption and hashes – implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
176 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Pierre Boucher
TEL: 613-270-2599
FAX: 613-270-2504

CST Lab: NVLAP 200017-0

Entrust Cryptographic Kernel v6.0
(Version 6.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 10/30/2001;
05/09/2002;
07/18/2002;
05/27/2003
Overall Level: 2 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 2 with Microsoft Windows NT 4.0 with SP6a, TCSEC C2-rated on a Compaq ProLiant 7000 Server

-FIPS Approved algorithms: AES (Cert. #10); Triple-DES (Cert. #6); DSA/SHA-1 (Cert. #10); RSA (FIPS 186-2 and PKCS #1, vendor affirmed)

-Other algorithms: DES ((Cert. #56); DES MAC; RC2; RC4; IDEA; MD5; MD2; RIPEMD-160; HMAC-SHA-1; HMAC-MD5; HMAC-RMD160; CAST; CAST3; CAST5; Diffie-Hellman (key agreement); Ephemeral-Static Diffie Hellman; ECDSA (vendor affirmed; non-compliant)

Multi-chip standalone

"This module is used in the Entrust® family of products."
175 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 PCI and nShield F2 Ultrasign PCI
(Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC4022P-150 and nC4022P-300, Build standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/11/2001;
01/23/2004
Overall Level: 2 

-Roles and Services: Level 3*
-Physical Security: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3*

*When operated in the FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
174 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 PCI and nShield F3 Ultrasign PCI
(Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC4032P-150 and nC4032P-300, Build standard E)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/11/2001;
01/23/2004
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip embedded

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
173 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200427-0

Luna® XP plus
(Version 3.9)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/11/2001;
10/18/2004
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #73); SHA-1 (Cert. #64); DSA (Cert. #51); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #134); RC2; RC4; RC5; CAST; CAST3; CAST5; HMAC-SHA1; HMAC-MD5; RSA (encryption/decryption); MD2; MD5; Diffie-Hellman -1024 (key agreement)

Multi-chip standalone

"Luna® XPplus offers hardware-accelerated signing, secure key management, and signature validation for high volume transaction applications such as transaction coordinators and OCSP (Online Certificate Status Protocol) responders. Luna® XPplus is a scalable, hardware security module for high-performance digital signing of e-business transactions in a FIPS 140-1 level 3-validated solution. The product operates in conjunction with Luna® CA³ root key protection systems leveraging ultimate private key integrity for high-volume digital signing applications. Luna® XPplus signing devices allow you to add signature processing throughput as needed."
172 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 SCSI and nShield F2 Ultrasign SCSI
(Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC4022W-150 and nC4022W-400, Build standard D)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/15/2001;
01/23/2004
Overall Level: 2 

-Roles and Services: Level 3*
-EMI/EMC: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3*

*When operated in the FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
171 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 SCSI and nForce 400 SCSI
(Firmware versions 5.0 (1.71.15) and 5.0.1 (1.71.91), Hardware versions nC3022W-150 and nC3022W-400, Build standard D)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 10/15/2001;
01/23/2004
Overall Level: 2 

-Roles and Services: Level 3*
-Key Management: Level 3*
-Module Interfaces: Level 3
-Software Security: Level 3
-Self Tests: Level 3*

*When operated in the FIPS mode

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael; ARC FOUR; CAST5; HMAC (SHA-1, SHA-192, SHA-256, MD2, MD5; RIPEMD160); El-Gamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging including X.400/EDI."
170 NetScreen Technologies, Inc.
805 11th Avenue
Bldg. 3
Sunnyvale, CA 94089
USA

-Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0

NetScreen 5XP
(Hardware Revision 3010, Software Version ScreenOS 2.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 09/27/2001;
02/13/2003;
06/03/2003
Overall Level: 2 

-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #49 and #50); SHA-1 (Cert. #47); DSA/SHA-1 (Cert. #44); RSA (SigVer; PKCS #1; vendor affirmed)

-Other algorithms: DES (Certs. #114 and #115); RC2; RC4; MD5; RSA (encryption/decryption); Diffie-Hellman (key agreement); Blowfish; HMAC

Multi-chip standalone

"The NetScreen-5XP is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10Base-T Ethernet ports (trust and untrust), the NetScreen-5XP performs at near wire-speed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
169 NetScreen Technologies, Inc.
805 11th Avenue
Bldg. 3
Sunnyvale, CA 94089
USA

-Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0

NetScreen 500
(Hardware Revision 4110, Software Version ScreenOS 2.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 09/27/2001;
02/13/2003;
06/03/2003
Overall Level: 2 

-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #49 and #50); SHA-1 (Cert. #47); DSA/SHA-1 (Cert. #44); RSA (SigVer; PKCS #1; vendor affirmed)

-Other algorithms: DES (Certs. #114 and #115); RC2; RC4; MD5; RSA (encryption/decryption); Diffie-Hellman (key agreement); Blowfish; HMAC

Multi-chip standalone

"The NetScreen-500 is a purpose-built security system integrating stateful inspection firewall, VPN, and traffic management together in a compact system that only requires 2U of rack space. Designed for high performance, redundancy, manageability, and multiple security domains, the NetScreen-500 implements a modular design, it offers many of the compelling functionality of an appliance. In addition, there are redundant dedicated high availability ports, dedicated management port, 4 traffic module bays, and a programmable LCD."
168 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

LUNA® RA Secure Key Issuance HSM token
(Firmware v3.9, Hardware v 1 and 2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/25/2001;
10/18/2004
Overall Level: 2 

-Software Security: Level 3
-Self Tests: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #74); Triple-DES MAC; DSA/SHA-1 (Cert. #13); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #32); DES MAC; HMAC-SHA-1; Diffie-Hellman (key agreement); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; CAST/CAST3/CAST5 (40 and 64 bit keys)

Multi-chip standalone

"The Chrysalis-ITS® LUNA RA Secure Issuance HSM token is a hardware-based, multiple-chip standalone module which is a delta production of the Chrysalis-ITS® LUNA 2 token (certificate #56, dated 08/08/1999). Like the LUNA 2, the LUNA RA is in the form of a PC card “token” based on the PCMCIA standard. The LUNA RA token offers secure key distribution, fast key generation and secure key backup functionality to increase security and reduce operational overhead. The Luna RA token is integral to the secure issuance of keys to smart cards, cable modems, mobile phones and other PKI-enabled devices."
167 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200017-0

Rosetta Smart Card
(Firmware Version: SPYCOS 2.01(FUP03),
Hardware Version: SC410-G)

(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/25/2001;
01/01/2014
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #54); Skipjack (Cert. #4); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #78); DSA (SigGen and KeyGen, Cert. #31; non-compliant); KEA (key exchange)

Multi-chip standalone

"The SPYRUS Rosetta Smart Card is an ISO 7816 compliant public key smart card based upon the SPYCOS card operating system."
166 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200017-0

Rosetta USB
(Firmware Version: SPYCOS 2.01(FUP03), Hardware Version: USB110-GBL)

(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 09/10/2001;
01/01/2014
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #54); Skipjack (Cert. #4); RSA (vendor affirmed);

-Other algorithms: DES (Cert. #78); DSA (SigGen and KeyGen, Cert. #31; non-compliant); KEA (key exchange)

Multi-chip standalone

"The Rosetta USB is a low cost cryptographic token ideal for public key operations, key generation, and certificate storage. USB compatibility means simple “plug and play” ease of use. Rosetta USB provides user authentication, digital signatures, and data privacy all in a familiar key-shaped token. With both commercial and government cryptographic algorithms, Rosetta USB supports messaging and authentication requirements at a lower cost of deployment than smart cards or PC cards. Combined with the Rosetta Executive Suite software, Rosetta USB seamlessly plugs into e-mail, browsing, and data security applications."
165 Axalto Inc.
8311 North FM 620 Road
Austin, TX 78726
USA

-David Teo
TEL: 512-257-3895
FAX: 512-257-3881

-David Wen
TEL: 510-745-6215

CST Lab: NVLAP 100432-0

SchlumbergerSema Cyberflex Access 32K with ActivCard Applets
(Hardware PN 15006436 and 15008973, Firmware M256EPALP1_SI_9C_02 Softmask 7 version 2)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 09/10/2001;
11/02/2001;
02/25/2002;
05/09/2003;
09/21/2004;
05/25/2006
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #57); SHA-1 (Cert. #65); RSA (Signature; PKCS #1; vendor affirmed)

-Other algorithms: N/A

Single-chip

"Cyberflex Access 32K with Applets, which incorporates PKI (public key infrastructure) and digital signature technology, serve as highly portable, secure tokens for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 32K with Applets has on board Triple DES and RSA algorithms and can provide on board key generation. It is compliant to Java Card V2.1.1 and Open Platform V2.0.1. The Cyberflex Access 32K with Applets smart card is part of a range of highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications.

The ActivCard applets add to the smart card platform the following services: cardholder authentication, digital signature, and secure data storage. The external interface provided by the applets is compliant with the smart card interoperability specification defined by the GSA."
164 Kasten Chase Applied Research, Ltd.
5100 Orbitor Drive
Mississauga, Ontario L4W 4Z4
Canada

-Cyril Fernandes
TEL: 905-238-6900 x3310
FAX: 905-212-2003

CST Lab: NVLAP 200002-0

RASP Secure Modem
(Hardware Version 1.5, Firmware Versions P539 and P539.2)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 08/23/2001;
08/01/2003
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #2); Skipjack (Cert. #2)

-Other algorithms: KEA

Multi-chip standalone

163 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C
(Version 5.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 08/15/2001;
08/27/2001;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Windows 98 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #70); SHA-1 (Cert. #59); DSA (Cert. #49); RSA (ANSI X9.31 and PKCS#1 for Signature; vendor affirmed); ECDSA (vendor affirmed)

-Other algorithms: DES (Cert. #131); RSA Encryption; MD; MD5; HMAC SHA-1; HMAC MD5; AES (Rijndael); DESX; RC2; RC4; RC6; Elliptic Curve (F2&Fp); Elliptic Curve Encryption Scheme; EC Diffie-Hellman (key agreement); Bloom-Shamir; Diffie-Hellman (key agreement)

Multi-chip standalone

"The RSA BSAFE® Crypto-C Module version 5.2.1 is a software development kit that allows software and hardware developers to incorporate encryption technologies directly into their products. It provides a variety of cryptographic services to calling applications that are documented in RSA’s RSA BSAFE® Crypto-C Security Components for C Library Reference Manual. RSA BSAFE® Crypto-C is a C-language API available as a static library, a dynamic library and as source code."
162 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 100432-0

CryptoSwift HSM
(Hardware P/N 107316, Firmware Versions 5.6.27 and 5.6.28)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 08/15/2001;
08/27/2001;
11/19/2002;
10/18/2004
Overall Level: 3 

-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #30); SHA-1 (Cert. #16); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #43); RC4; MD5; HMAC MD5; HMAC SHA-1; RSA Encryption; DSA (non-compliant)

Multi-chip embedded

"The CryptoSwift HSM is for high-assurance applications requiring a high degree of physical security as well as optimal cryptographic processing performance. With its tamper active design, the evasive measures of the CryptoSwift HSM defeat physical attacks through detection and response to ensure the integrity and confidentiality of keying information. The key management features allow operators to backup or clone keys securely and easily. In addition, strong two-factor authentication is provided for Security Officers and Operators with the CryptoSwift HSM's trusted channel, a USB port with Rainbow Technologies iKey authentication solution."
161 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5077
FAX: 613-723-5078

CST Lab: NVLAP 200427-0

iKey 2032
(Hardware versions (A and 909-23002) and 909-25001; Firmware version 0.6)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 08/03/2001;
09/21/2004;
10/18/2004;
01/11/2007
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #35); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #88); Triple-DES (vendor affirmed; non-compliant); Diffie-Hellman (key agreement)

Multi-chip standalone

"The iKey 2032 is a powerful and portable two-factor authentication USB device suited for applications demanding high security. The iKey 2032 specifically supports Public Key Infrastructure (PKI) needs by providing on-board cryptographic key generation; secure storage of key pairs and X.509 digital certificates; and performing digital signature signing operations on-board."
160 Eracom Technologies Group, Eracom Technologies Australia, Pty. Ltd.
28 Greg Chappell Drive
Burleigh Heads, QLD 4220
Australia

-Gerry Scott
TEL: 916-677-2450
FAX: 916-677-2460

CST Lab: NVLAP 200002-0

CSA8000 Cryptographic Adapter
(Hardware Version: Revision G, Cprov Firmware Version 1.10)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 07/27/2001;
10/18/2005
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #63); DSA (Cert. #47); SHA-1 (Cert. #55); RSA (PKCS #1 for Signatures; vendor affirmed)

-Other algorithms: DES (Cert. #124); HMAC-SHA-1; RSA; CAST128; IDEA; AES (Rijndael); RC2; RC4; MD2; MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The Eracom CSA8000 Cryptographic Adapter is an intelligent PCI adapter card that provides a wide range of cryptographic functions with dedicated DES/3DES and RSA hardware accelerators. The module implements the PKCS#11 cryptographic API and provides a comprehensive compliance to the PKCS#11 standard as well as vendor specific extensions."
159 Avaya, Inc.
1500 Buckeye Drive
Milpitas, CA 95035
USA

-Kevin Johnson
TEL: 408-321-4884
FAX: 408-404-1313

CST Lab: NVLAP 100432-0

VSU-5000 and VSU-7500
(Hardware Version 02, Software Version 3.1.34)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/27/2001;
08/02/2002
Overall Level: 2 

-FIPS Approved algorithms: SHA-1 (Certs. #28 and #52); Triple-DES (Certs. #60 and #61); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #44 and #122); MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The VSU™ series of VPN gateways provide high performance ICSA certified IPSec VPN and firewall services for networks of all sizes and complexity. All VSU models are tamper evident network security appliances that cost effectively provide secure authenticated communications over public IP networks, and protect private enterprise networks from attack or intrusion."
158 Avaya, Inc.
1500 Buckeye Drive
Milpitas, CA 95035
USA

-Kevin Johnson
TEL: 408-321-4884
FAX: 408-404-1313

CST Lab: NVLAP 100432-0

VSU-100/VSU-100R and VSU-2000
(Hardware Version 02, Software Version 3.1.34)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/27/2001;
08/02/2002
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: SHA-1 (Certs. #28 and #52); Triple-DES (Certs. #60 and #61); RSA (vendor affirmed)

-Other algorithms: DES (Certs. #44 and #122); MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The VSU™ series of VPN gateways provide high performance ICSA certified IPSec VPN and firewall services for networks of all sizes and complexity. All VSU models are tamper evident network security appliances that cost effectively provide secure authenticated communications over public IP networks, and protect private enterprise networks from attack or intrusion."
157 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200017-0

Rosetta USB
(Firmware Version: SPYCOS 2.01(FUP02), Hardware Version: USB110-FGR)

(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/17/2001;
01/01/2014
Overall Level: 2 

-Roles and Services: Level 3
-EMI/EMC: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Skipjack (Cert. #4); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #78); Triple-DES (Cert #54; non-compliant); DSA (Cert. #31; non-compliant); KEA (key exchange)

Multi-chip standalone

"The Rosetta USB is a low cost cryptographic token ideal for public key operations, key generation, and certificate storage. USB compatibility means simple "plug and play" ease of use. Rosetta USB provides user authentication, digital signatures, and data privacy all in a familiar key-shaped token. With both commercial and government cryptographic algorithms, Rosetta USB supports messaging and authentication requirements at a lower cost of deployment than smart cards or PC cards. Combined with the Rosetta Executive Suite software, Rosetta USB seamlessly plugs into e-mail, browsing, and data security applications."
156 Hasler, Inc.
19 Forest Parkway
Shelton, CT 06484
USA

-Richard Rosen
TEL: 203-926-1087
FAX: 203-926-1628

CST Lab: NVLAP 200002-0

SAFE CV Lite
(Software Version 1.4.14, Hardware Version 2.0)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/12/2001;
06/21/2002
Overall Level: 2 

-Physical Security: Level 3 +EFP/EFT
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #47); DSA/SHA-1 (Cert. #43)

-Other algorithms: ElGamal

Multi-chip embedded

"The SAFE device is dsigned as a single electronic circuit board. The primary objective of the SAFE device is to protect funds and to apply respective access rules."
155 AEP Networks
Focus 31, West Wing
Cleveland Road
New Hempstead, Herts HP2 7BW
United Kingdom

-David Miller
TEL: +44 1442 458617

CST Lab: NVLAP 200017-0

Advanced Configurable Crypto Environment (ACCE) - L3 SV and BE
(Firmware Version v2.1, Hardware Version 2710-G1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/05/2001;
07/18/2001;
07/22/2002;
10/04/2002;
04/21/2005
Overall Level: 3 

-Physical Security: Level 3 +EFT
-Software Security: Level 4
-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Certs. #24 and #25); Triple-DES MAC; DSA/SHA-1 (Cert. #36)

-Other algorithms: DES (Certs. #82 and #92); DES MAC; MD5; RSA (PKCS1 and ISO9796); Diffie-Hellman (key agreement)

Multi-chip embedded

"The ACCE provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family."
154 Blue Ridge Networks
14120 Parke Long Court
Chantilly, VA 20151
USA

-Tom Gilbert
TEL: 703-631-0700
FAX: 703-631-9588

CST Lab: NVLAP 200416-0

BorderGuard 3000
(Version 6.0)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/21/2001 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #57 and #58); SHA-1 (Cert. #49 and #50)

-Other algorithms: DES (Cert. #119 and #120); NSC-1; IDEA; HMAC (MD5 and SHA-1); RSA; Diffie-Hellman (key agreement)

Multi-chip standalone

"A network security appliance for the construction of secure Virtual Private Networks between Internet sites, and between Internet sites and individual remote users."
153 NetScreen Technologies, Inc.
805 11th Avenue
Bldg. 3
Sunnyvale, CA 94089
USA

-Lee Klarich
TEL: 408-543-8209
FAX: 408-543-8200

CST Lab: NVLAP 100432-0

NetScreen-100
(Sofware Version 2.6.1, Hardware Revision 4)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Hardware 06/15/2001;
02/13/2003;
06/03/2003
Overall Level: 2 

-Roles and Services: Level 3
-Key Management: Level 3
-Module Interfaces: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #49 and #50); SHA-1 (Cert. #47); DSA/SHA-1 (Cert. #44)

-Other algorithms: DES (Cert. #114 and #115); RC2; RC5; MD5; RSA; HMAC; Diffie-Hellman (key agreement); Blowfish

Multi-chip standalone

"The NetScreen-100 is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that is optimized for the most demanding environments such as high traffic sites."
152 Tumbleweed Communications Corp.
700 Saginaw Drive
Redwood City, CA 94063
USA

-Ken Beer
TEL: 650-216-2083

CST Lab: NVLAP 200416-0

MMS Security Kernel
(Version 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Software 06/13/2001 Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Windows NT Version 4.0 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #40); DSA/SHA-1 (Cert. #18); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #46); MD2; MD5; RC2; RC5

Multi-chip standalone

"The Tumbleweed Messaging Management System (MMS) is a suite of software products designed to allow organizations to apply content filtering and secure messaging policies on e-mail and Web traffic. All portions of the MMS use a shared set of cryptographic functionality called the MMS Security Kernel. The MMS Security Kernel exposes cryptographic application programming interface (API) calls to the other portions of the MMS."
151 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Link Encryptor-High Speed Serial Interface (SLE-HSSI)
(Firmware v2.1, Hardware Rev 3)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 06/04/2001;
07/18/2002;
07/03/2003;
10/19/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #22 and #56); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Cert. #109); Diffie-Hellman (key agreement)

Multi-chip standalone

"The SLE-HSSI secures data over high speed synchronous data links up to 52MHz, encrypting data at the full data rate, and meeting the HSSI industry standard. It contains the cryptographic module, which is the case containing all electronics, excluding the battery & its holder."
150 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI and nShield F3 Ultrasign SCSI
(Firmware versions 4.0 (1.71.11) and 4.0.1 (1.71.91), Hardware versions nC4032W-150 and nC4032W-400)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 05/23/2001;
01/23/2004
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael, ARC FOUR, CAST5; HMAC (MD2, MD5, SHA-1, SHA-192, SHA-256 and RIPEMD160); ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield "SEE Ready" range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
149 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 PCI and nForce 300 PCI
(Firmware version 3.2, Hardware versions nC3022P-150 and nC3022P-300)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 05/23/2001 Overall Level: 2 

-Cryptographic Module Design: Level 3
-Roles and Services: Level 3*
-Key Management: Level 3*
-Module Interfaces: Level 3
-Finite State Machine Model: Level 3
-Software Security: Level 3
-Self Tests: Level 3*

*(Level 3 is met in these areas when the 'FIPS_level3' flag is set during initialization.)

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael, ARC FOUR, CAST5; HMAC (MD2, MD5, SHA-1, SHA-192, SHA-256 and RIPEMD160); ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nForce SSL family of secure e-commerce accelerators improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging including X.400/EDI"
148 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 SCSI and nShield F2 Ultrasign SCSI
(Firmware versions 4.0 (1.71.11) and 4.0.1 (1.71.91), Hardware versions nC4022W-150 and nC4022W-400)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 05/23/2001;
09/14/2001;
01/23/2004
Overall Level: 2 

-Cryptographic Module Design: Level 3
-Roles and Services: Level 3*
-EMI/EMC: Level 3
-Key Management: Level 3*
-Module Interfaces: Level 3
-Finite State Machine Model: Level 3
-Software Security: Level 3
-Self Tests: Level 3*

*(Level 3 is met in these areas when the 'FIPS_level3' flag is set during initialization.)

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC; DSA/SHA-1 (Cert. #11); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC; Rijndael, ARC FOUR, CAST5; HMAC (MD2, MD5, SHA-1, SHA-192, SHA-256 and RIPEMD160); ElGamal; Diffie-Hellman (key agreement)

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
147 Attachmate Corporation
424 Wards Corner Road
Loveland, OH 45140
USA

-Karen M. Patterson
TEL: 513-794-8187

CST Lab: NVLAP 200002-0

CryptoConnect ES
(Version 6.7)

(For services provided by the FIPS-Approved algorithms listed.)

Validated to FIPS 140-1

Security Policy

Certificate

Software 05/14/2001 Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 95, 98, and NT 4.0 Server SP3 or higher. (single-user mode)

-FIPS Approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Cert. #18)

-Other algorithms: DES (Cert. #46);

Multi-chip standalone

"CryptoConnect ES is an encryption option that provides encryption of all TCP data between sessions in Attachmate's Extra! Personal Client (TN3270, TN5250 or Telnet) and their respective host systems."
146 AEP Networks
Focus 31, West Wing
Cleveland Road
New Hempstead, Herts HP2 7BW
United Kingdom

-David Miller
TEL: +44 1442 458617

CST Lab: NVLAP 200017-0

Advanced Configurable Crypto Environment (ACCE) SV and BE
(Firmware Version v2.1, Hardware Version 2640-G3)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 04/23/2001;
07/18/2001;
07/22/2002;
10/04/2002;
04/21/2005
Overall Level: 4 

-FIPS Approved algorithms: Triple-DES MAC; Triple-DES (Certs. #24 and #25); DSA/SHA-1 (Cert. #36)

-Other algorithms: DES (Certs. #82 and #92); DES MAC; RSA (PKCSI and ISO9796); MD5; Diffie-Hellman (key agreement)

Multi-chip embedded

"The ACCE provides highly-secure cryptographic services and key storage. It is used in a range of AEP Networks and OEM products including the SureWare Keyper family."
145 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Holland
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200017-0

NetHawk VPN
(Firmware v2.1, Hardware Versions 01 and 03)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 04/23/2001;
07/18/2002;
10/18/2004
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #36); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Cert. #104); Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"The Cylink NetHawk is a hardware-based, multiple-chip standalone Virtual Private Network (VPN) device that provides authenticated, encrypted network communications."
144 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 200017-0

Rosetta USB
(Firmware Version: SPYCOS 2.01(FUP02), Hardware Version: USB110-FBK)

(When operated in FIPS mode and using FIPS Approved algorithms and processes as listed)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 04/16/2001;
07/03/2001;
01/01/2014
Overall Level: 2 

-Roles and Services: Level 3
-EMI / EMC: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Skipjack (Cert. #4); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #78); Triple-DES (Cert #54; non-compliant); DSA (Cert. #31; non-compliant); KEA (key exchange)

Multi-chip standalone

"The Rosetta USB is a low cost cryptographic token ideal for public key operations, key generation, and certificate storage. USB compatibility means simple "plug and play" ease of use. Rosetta USB provides user authentication, digital signatures, and data privacy all in a familiar key-shaped token. With both commercial and government cryptographic algorithms, Rosetta USB supports messaging and authentication requirements at a lower cost of deployment than smart cards or PC cards. Combined with the Rosetta Executive Suite software, Rosetta USB seamlessly plugs into e-mail, browsing, and data security applications."
143 Algorithmic Research Ltd.
10 Nevatim Street
Kiryat Matalon
Petach Tikva, 49561
Israel

-Peleg Atar
TEL: 972-3-927-9500

CST Lab: NVLAP 200017-0

PrivateWire Client
(Version 3)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Software 04/16/2001 Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT 4.0 Server SP 5.0.

-FIPS Approved algorithms: Triple-DES (Cert. #38); DSA/SHA-1 (Cert. #38)

-Other algorithms: DES (Cert.#111); RC4; El-Gamal; MD-5; RSA (ISO9796); Diffie-Hellman (key agreement)

Multi-chip standalone

"PrivateWire is a software product that enables secure communication between organizations and private users."
142 Algorithmic Research Ltd.
10 Nevatim Street
Kiryat Matalon
Petach Tikva, 49561
Israel

-Peleg Atar
TEL: 972-3-927-9500

CST Lab: NVLAP 200017-0

PrivateWire Security Gateway
(Version 3)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Software 04/16/2001;
07/15/2003
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows NT 4.0 Server SP 5.0.

-FIPS Approved algorithms: Triple-DES (Cert. #38); DSA/SHA-1 (Cert. #33)

-Other algorithms: DES (Cert.#111); RC4; El-Gamal; MD-5; RSA (ISO9796); Diffie-Hellman (key agreement)

Multi-chip standalone

"PrivateWire is a software product that enables secure communication between organizations and private users."
141 V-ONE Corporation, Inc.
20250 Century Blvd.
Suite 300
Germantown, MD 20874
USA

-Sales
TEL: 301-515-5200
FAX: 301-515-5280

-Citrix Systems, Inc.
TEL: 801-816-3353

CST Lab: NVLAP 200416-0

SmartPass FIPS Token
(Versions 4.0 and 4.1)

Citrix Extranet Client
(Version 2.0)

Validated to FIPS 140-1

Security Policy

Certificate

Vendor Product Link
Software 04/02/2001;
09/14/2001;
10/09/2001;
06/18/2003
Overall Level: 1 

-Roles and Services: Level 2
-EMI / EMC: Level 3
-Software Security: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows98

-FIPS Approved algorithms: SHA-1 (Cert. #10); Triple-DES (Cert. #46)

-Other algorithms: DES; MD5

Multi-chip standalone

"V-ONE’s SmartPass (client) contains the same software-based cryptographic algorithms (3DES) utilized in all V-ONE products including its SmartGate and SmartGuard family of servers."

"Citrix Systems, Inc. makes SmartPass available under a private label licensing agreement as their Citrix Extranet Client"

140 Ensuredmail, Inc.
1708 Lovering Avenue
Suite 202
Wilmington, DE 19806
USA

-Andrew Edelsohn
TEL: 302-426-1185
FAX: 800-886-9062

CST Lab: NVLAP 100432-0

Ensuredmail, v1.0
(Software version: 1.0)

(The KEK is limited to keys derived from a hash of a six-character password.)

Validated to FIPS 140-1

Security Policy

Vendor Product Link
Software 03/29/2001;
05/20/2003
Overall Level: 1 

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows 95/98 and Windows 2000 (single-user mode).

-FIPS Approved algorithms: Triple-DES (Cert.#42); SHA-1 (Cert. #44)

-Other algorithms: N/A

Multi-chip embedded

"Turnkey, enterprise software that enables two-way secure e-mail communication, even with attachments, without requiring the recipients to install any software."
139 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Frame Encryptor II
(Firmware v4.05 and v4.06; Hardware Revision 6)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 03/14/2001;
05/09/2001;
07/18/2002;
12/04/2003;
10/18/2004
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #5 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Frame Encryptors secure sensitive data transmitted over high-speed, Frame Relay communication links."
138 Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

-Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200002-0

Novell International Cryptographic Infrastructure (NICI)
Controlled Cryptographic Service (CCS) Client, v2.0

(Software version: 2.0)

(For services provided by the listed FIPS-Approved algorithms)

Validated to FIPS 140-1

Security Policy

Software 03/14/2001;
01/31/2006
Overall Level: 1 

-EMI/EMC: Level 3

-Operating System Security: Tested as meeting Level 1 with Microsoft Windows95 and Windows98 (single-user mode).

-FIPS Approved algorithms: Triple-DES (Cert. #35); SHA-1 (Cert. #40); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #103); MD2; MD4; MD5; RC2; RC4; RC5; HMAC (MD5, SHA-1); RSA (encryption/decryption); Diffie-Hellman (key agreement)

Multi-chip standalone

"NICI is Novell's software-based cryptographic infrastructure for Novell products."
137 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry 850/857
and BlackBerry 950/957
Cryptographic Kernel

(Version 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Firmware 03/01/2001;
06/03/2002;
08/24/2005
Overall Level: 1 

-FIPS Approved algorithms: Triple-DES (Cert. #45); SHA-1 (Cert. #45)

-Other algorithms: N/A

Multi-chip standalone

"The BlackBerry crypto firmware v2.1, common to both the BlackBerry 850/857 and the BlackBerry 950/957, securely compresses and encrypts messages with Triple-DES. Following this procedure, the ciphertext is transmitted over the Internet to the recipient mail server. Upon receiving the message, the mail server decrypts and decompresses the ciphertext back to the original plaintext. The BlackBerry crypto firmware is messaging-system independent."
136 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

NetFortress® 10 / MAIP
(Version 4.0 firmware)

(When factory configured in FIPS mode)

Validated to FIPS 140-1

Security Policy

Hardware 01/18/2001;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert.#19); SHA-1 (Cert.#34)

-Other algorithms: DES (Cert.#23); Diffie-Hellman (key agreement); IDEA

Multi-chip standalone

"The NetFortress® 10 / MAIP is a tamper-resistant network communications security solution that establishes private communications between corporate divisions, branch offices, and mobile users. It integrates seamlessly and economically into any LAN and WAN environment for optimum flexibility and scalability. NetFortress 10’s security feature set includes encryption, data integrity checking, authentication, access control, data compression and firewall capabilities. It is compliant with IPSec."
135 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0

IJ25 Secure Metering Module (SMM)
(Version D)

Validated to FIPS 140-1

Security Policy

Hardware 01/18/2001;
10/03/2006
Overall Level: 3 

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #39)

-Other algorithms: N/A

Multi-chip embedded

"The module provides services to a tabletop mailing system designed primarily for the small office/home office environment. Features include manually inserted/removed mail; indicium printed at maximum of 1200 envelopes per hour; internal modem for remote re-crediting; scale interface; Memory Card interface to load slogans, scale rates and class indication; capacity for 10 slogans or advert images; ink jet technology."
134 PSI Systems, Inc.
247 High Street
Palo Alto, CA 94301-1041
USA

-Dr. Harry T. Whitehouse
TEL: 650-321-2640 x112
FAX: 650-321-0356

CST Lab: NVLAP 100432-0

Postal Cryptographic Coprocessor
(Version 1.01)

Validated to FIPS 140-1

Security Policy

Hardware 01/18/2001 Overall Level: 3 

-Physical Security: Level 4
-Self Tests: Level 4

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #23); Triple-DES (Cert. #33)

-Other algorithms: DES (Cert. #58); RSA

Multi-chip embedded

"This module provides the services to support high-speed, secure micro-transactions, including the production and verification of United States Postal Service Information-Based Indicia."
133 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 200002-0

N18D Postage Meter
(Hardware v. 4101508D; Software v. 6.1)

Validated to FIPS 140-1

Security Policy

Hardware 01/16/2001;
10/03/2006
Overall Level: 2 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: SHA-1 (Cert. #41); DSA/SHA-1 (Cert. #42)

-Other algorithms: DES (Certs. #106 and #107);

Multi-chip embedded

"The N18D module is a postage meter supporting accounting and cryptographic functions for secure electronic transactions. Associated to a document transport system and an inkjet print-head, the module is capable of producing up to 180 envelopes per minute."
132 Neopost Online, Inc.
3400 Bridge Parkway
Suite 201
Redwood City, CA 94065
USA

-Chandra Shah
TEL: 650-620-3600

CST Lab: NVLAP 200002-0

Secure Metering Device / Series II (SMD-II)
(Version: 2002, Hardware version A)

Validated to FIPS 140-1

Security Policy

Hardware 01/16/2001 Overall Level: 2 

-Physical Security: Level 3 +EFP/EFT
-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #40)

-Other algorithms: N/A

Multi-chip standalone

"The Secure Metering Device / Series 2 (SMD-II) is an electronic device developed by Neopost Online that securely loads, stores, and dispenses revenue. The SMD-II is designed to meet the applicable USPS IBIP specifications for postage meters. The SMD-II attaches to and communicates with the host computer via a serial interface. The revenue is dispensed from the SMD-II to the host computer in the form of a digitally signed indicium, a unique bit pattern that can be determined to have originated from a particular SMD-II at a particular point in time."
131 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

Cylink Link Encryptor NRZ E1-120ohms and Link Encryptor NRZ T1
(Firmware versions 1.25, 1.26, 1.31 and 1.33; Hardware Rev. B)

Validated to FIPS 140-1

Security Policy

Hardware 01/10/2001;
09/14/2001;
05/15/2002;
07/18/2002;
12/04/2003;
10/18/2004
Overall Level: 2 

-Physical Security: Level 3
-Software Security: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #21 and #22); DSA/SHA-1 (Cert. #5)

-Other algorithms: DES (Certs. #11, #26); Diffie-Hellman (key agreement)

Multi-chip standalone

"Cylink Link Encryptors secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 2 Mbps over public and private data networks."


Need Assistance?