CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 4/2/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
494 F-Secure Corporation
Tammasaarenkatu 7
PL 24, Helsinki 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure® Cryptographic Library
(Software Versions: 2.2.5, 2.2.7 and 2.2.12 (Windows) and 1.1.8, 1.1.9 and 1.1.15 (Solaris))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/22/2004;
02/03/2005;
12/20/2006
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows 2000 Professional with Service Pack 3 and Q326886 Hotfix EAL 4 on Dell Optiplex GX 400 Personal Computer System, Trusted Solaris 8 7/03 EAL 4 on SunBlade 100

-FIPS Approved algorithms: Triple-DES (Certs. #255 and #257); AES (Certs. #145 and #148); SHS (Certs. #234 and #237); HMAC-SHA-1 and HMAC-SHA-256 (Certs. #234 and #237, vendor affirmed); DSA (Certs. #107 and #109); RSA (Certs. #190 and #192); RNG (Certs. #2 and #4)

-Other algorithms: DES (Certs. #257 and #259); DES (CTR); Blowfish; CAST-128; MD5; HMAC-MD5; Diffie-Hellman (key agreement)); RC2

Multi-chip standalone

"The F-Secure(R) Cryptographic Library™ is a family of software modules for a number of Windows and Unix platforms. The modules provide an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The Windows and Solaris versions are designed and implemented to meet the Level 2 requirements of FIPS publication 140-2 when running on an appropriate hardware under Windows 2000, Solaris 8 and Trusted Solaris 8 operating systems."
493 F-Secure Corporation
Tammasaarenkatu 7
PL 24, Helsinki 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure® Cryptographic Library
(Software Versions: 2.2.5, 2.2.7, 2.2.8 and 2.2.12 (Windows) and 1.1.8, 1.1.9, 1.1.10, 1.1.12 and 1.1.15 (Solaris/Linux/AIX/HP-UX))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/22/2004;
02/03/2005;
12/22/2005;
07/10/2006;
12/19/2006
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 98, Windows XP Professional, Windows ME, Windows 2000, HP-UX B.11.11, AIX 5, Trusted Solaris 8 7/03 and Linux RHEL 3 (all in single user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #255 and #257); AES (Certs. #145 and #148); SHS (Certs. #234 and #237); HMAC-SHA-1 and HMAC-SHA-256 (Certs. #234 and #237, vendor affirmed); DSA (Certs. #107 and #109); RSA (Certs. #190 and #192); RNG (Certs. #2 and #4)

-Other algorithms: DES (Certs. #257 and #259); DES (CTR); Blowfish; CAST-128; MD5; HMAC-MD5; Diffie-Hellman (key agreement); RC2; RIPEMD-160 (v1.1.10 and 1.1.12 only); RSA (specified in RFC 2409)

Multi-chip standalone

"The F-Secure(R) Cryptographic Library™ is a family of software modules for a number of Windows and Unix platforms. The modules provide an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The modules are designed and implemented to meet the Level 1 requirements of FIPS publication 140-2 when running on a GPC under various popular versions of Windows and Unix operating systems."
492 ITServ Inc.
Six Montgomery Village Avenue
Suite 405
Gaithersburg, MD 20879
USA

TEL: 301-948-1111
FAX: 301-948-7582

CST Lab: NVLAP 200416-0

RideWay Station
(Hardware Version: FGC; Firmware Version: 5.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/22/2004;
01/24/2005
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #247); SHS (Cert. #186); HMAC-SHA-1 (Cert. #186, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); RC4; MD5; CRYPT(3)

Multi-chip standalone

"RideWay Station FGC integrates powerful firewall protection and VPN capabilities to safeguard computer networks from the threat of Internet attacks and intrusions. Each computer or server on the LAN must follow a strict authorization procedure in order to gain access to the network. In addition, the module uses Triple-DES encryption in its IPSec VPN to allow multiple offices to securely communicate over the Internet or to allow a remote client to securely connect to its office network. The highperforming hardware efficiently conducts encryption and decryption tasks without sacrificing throughput."
491 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Kenneth Jensen
TEL: 408-227-4500
FAX: 408-227-4550

-Keerti Melkote
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba 5000/6000 WLAN Switch with AirOS Software
(Hardware Versions: Configuration A, Configuration B, Configuration C, Configuration D; Firmware Version: A5000_2.1.0.0_7862)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/22/2004;
01/07/2005;
12/22/2005;
03/14/2011
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #158 and #159); Triple-DES (Certs. #260 and #261); SHA-1 (Certs. #243 and #244); HMAC-SHA-1 (Certs. #243 and #244, vendor affirmed); RNG (Cert. #8); RSA (Cert. #9)

-Other algorithms: DES (Cert. #262); MD5; RC4; Diffie-Hellman (key agreement)

Multi-chip standalone

"Aruba Wireless Networks’ FIPS validated WLAN switching platform is a purpose-built Wireless LAN voice and data switching solution designed to specifically address the needs and reduce the cost of large scale WiFi network deployments for Government and large enterprise. Aruba’s WLAN switching platform is a highly scalable and redundant solution that provides centralized intelligence to secure and manage the corporate RF environment, enforce identity based user security and policies, enable service creation and provide secure mobility management to hundreds of simultaneously connected users."
490 SBI Net Systems Co., Ltd.
Meguro Tokyu Bldg.
5th Floor
2-13-17
Kamiosaki Shinagawa-ku, Tokyo 141-0021
Japan

-Hidemitsu Noguchi
TEL: +81 3 5447 2551
FAX: +81 3 5447 2552

CST Lab: NVLAP 100432-0

C4CS
(Software Versions: 1.0.0 and 1.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/22/2004;
02/25/2005;
08/21/2008
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Service Pack 3 with Hotfix 326886 and Microsoft Windows XP Service Pack 1

-FIPS Approved algorithms: SHS (Cert. #222); HMAC-SHA-1 (Cert. #222, vendor affirmed); AES (Cert. #133); RNG (Cert. #1); RSA (Cert. #1); ECDSA (vendor affirmed)

-Other algorithms: C4Custom; RSAES_PKCS_v1_5; RSAES_OAEP; Diffie-Hellman (key agreement); SSS

Multi-chip standalone

"C4CS is a software cryptographic module providing symmetric/asymmetric ciphers, hash functions, and secret sharing schemes in FIPS mode."
489 Bluesocket, Inc.
7 New England Executive Park
Burlington, MA 01803
USA

-Mike Puglia
TEL: 781-328-0888

CST Lab: NVLAP 200002-0

Bluesocket WG-2100 Wireless Gateway
(Hardware Versions: 870-212FF-002, 870-212FT-002, 870-212TF-002, 870-212TT-002, Software Version: 3.1.1.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/10/2004;
08/30/2005
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #76); Triple-DES (Certs. #187 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #229); HMAC-SHA-1 (Certs. #228 and #229, vendor affirmed)

-Other algorithms: DES (Cert. #223); Diffie-Hellman (key agreement); MD5; HMAC MD5

Multi-chip standalone

"The Bluesocket WG-2100 Wireless Gateway provides a scalable solution with security, quality of service (QoS), Mobility, Role/Policy Enforcement and Management for today's highly-secure 802.11 Government wireless networks."
488 E.F. Johnson Co.
123 N. State St.
Waseca, MN 56093
USA

-John Oblak
TEL: 507-837-5116
FAX: 507-837-5120

CST Lab: NVLAP 200427-0

EFJohnson Encryption Module
(Software Version: 1.0.0.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/10/2004;
05/05/2005
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 2 with Windows 2000 Professional with Service Pack 3 and Q326886 Hotfix on Dell OptiPlex GX400

-FIPS Approved algorithms: AES (Cert. #26); DSA (Cert. #72); SHS (Cert. #121); Triple-DES (Cert. #135); RNG (Cert. #14)

-Other algorithms: DES (Cert. #186); AES-MAC (Cert #26; non-compliant)

Multi-chip standalone

"The EFJohnson Encryption Module is a software cryptographic module that serves both as a key store and a cryptographic service provider. The module is accessible through an API, and provides an easy-to-use yet secure means of storing sensitive cryptographic keys. The Encryption Module meets level 1 FIPS 140-2 requirements and achieves level 2 in the "Roles, Services, and Authentication" and "Operation Environment" sections of FIPS 140-2."
487 Kasten Chase Applied Research, Ltd.
Orbitor Place
5100 Orbitor Drive
Mississauga, Ontario L4W 4Z4
Canada

-Steve Demmery
TEL: 905-238-6900 x3303
FAX: 905-212-2003

CST Lab: NVLAP 200556-0

Kasten Chase Cryptographic Engine
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/10/2004 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server, Red Hat 7.3 with Linux kernel 2.4; AIX 5L for POWER V5.2; Sun Trusted Solaris™ Version 8 4/01; Sun Solaris™ 9 (all in user and kernel modes and single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #265); AES (Cert. #163); SHS (Cert. #246); HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512 (Cert. #246, vendor affirmed); RSA (Cert. #12); ECDSA (vendor affirmed); RNG (Cert. #10)

-Other algorithms: MD5; HMAC-MD5; KEA; EC Diffie-Hellman (key agreement)

Multi-chip standalone

"KCCE is an independent, executable cryptographic module that exists variously as a dynamic linked library (dll), a shared library and a driver. KCCE provides software designers with a comprehensive API that ensures secure cryptographic application development, for a wide range of operating systems, without undue complexity."
486 Kasten Chase Applied Research, Ltd.
Orbitor Place
5100 Orbitor Drive
Mississauga, Ontario L4W 4Z4
Canada

-Steve Demmery
TEL: 905-238-6900 x3303
FAX: 905-212-2003

CST Lab: NVLAP 200556-0

Kasten Chase Cryptographic Engine
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/10/2004 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server with SP3 and Hotfix Q326886 on a 650 MHz Pentium III platform; AIX 5L for POWER V5.2 on a IBM p630-6C4 with a POWER4 CPU; Sun Trusted Solaris™ Version 8 4/01 on a SunBlade 100 with a 500 MHz UltraSPARC Iie

-FIPS Approved algorithms: Triple-DES (Cert. #265); AES (Cert. #163); SHS (Cert. #246); HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384; HMAC- SHA-512 (Cert. #246, vendor affirmed); RSA (Cert. #12); ECDSA (vendor affirmed); RNG (Cert #10)

-Other algorithms: MD5; HMAC-MD5; KEA, EC Diffie-Hellman (key agreement)

Multi-chip standalone

"KCCE is an independent, executable cryptographic module that exists variously as a dynamic linked library (dll), a shared library and a driver. KCCE provides software designers with a comprehensive API that ensures secure cryptographic application development, for a wide range of operating systems, without undue complexity."
485 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Michael Poitner
TEL: 650-312-1241
FAX: 650-312-8129

-Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

CST Lab: NVLAP 200427-0

Sm@rtCafé Expert FIPS 64
(Hardware Version: HD65246C1A05NB, Firmware Versions: CH463JC_INABFOP003901_V101 and CH463JC_INABFOP003901_V102)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/10/2004;
04/04/2008
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHS (Cert. #216); DSA (Cert. #102); RSA (Cert. #7); Triple-DES MAC (Cert. #239, vendor affirmed)

-Other algorithms: DES (Cert. #249); DES MAC (Cert. # 249, vendor affirmed)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert FIPS 64 is a Java Card 2.2 and Open Platform v2.0.1' compliant smart card module. It supports, at a minimum, Triple-DES, AES, DSA, and RSA algorithms with on-card key generation. The Sm@rtCafé Expert FIPS 64 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
484 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Hazem Hassan
TEL: 952-808-2372
FAX: 952-890-2726

CST Lab: NVLAP 200427-0

Model 330G3 Smart Card
(Hardware Version: 1.0, Firmware Version: 2.0, EXFs: GSC-IS and Biometric authentication application executable (G3 EXF) Version 21)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/10/2004;
02/22/2005
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #35); RSA (PKCS #1, vendor affirmed); Triple-DES (Cert. #236); RNG (vendor affirmed)

-Other algorithms: DES (Cert. #88); Diffie-Hellman (key agreement)

Single-chip

"The 330G3 is a biometrically-enabled ISO 7816 and GSC-IS compliant cryptographic smart card designed for identification and access control applications. The card provides a secure, mobile platform for strong user authentication and single sign on when integrated with SAFENET Axis software. The card supports creating, storing and using keys, certificates, passwords and other digital credentials. Security services include: Multiapplication secure storage and retrieval of data and digital credentials; Strong authentication of the cardholder using fingerprint biometrics; Cryptographic services including SHA-1, DES, 3DES, RSA Sign/Verify, RSA Encrypt/Decrypt and DSA Sign/Verify with on board key generation including RSA 2048-bit key generation."
483 Symantec Corporation
1 Symantec Way
Suite 200
Newport News, VA 23602
USA

-William L. Stewart
TEL: 757-880-7782
FAX: 757-249-7124

CST Lab: NVLAP 200002-0

Symantec Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/10/2004;
07/27/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional, Windows 2000

-FIPS Approved algorithms: AES (Cert. #164); Triple-DES (Cert. #266); SHS (Cert. #248); HMAC (Cert. #5); RNG (Cert. #12)

-Other algorithms: N/A

Multi-chip standalone

"The Symantec Cryptographic Module is a software library that contains FIPS-approved cryptographic algorithms. This module provides encryption functionality for selected Symantec products."
482 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-924-3406

CST Lab: NVLAP 100432-0

Cygnus X-1 Postal Security Device
(Hardware Versions: P/N 1L00, Versions AAA, AAC and AAD (US); P/N 1LEC, Versions AAA, AAC and AAD (Canada))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/10/2004;
02/03/2005;
03/14/2005
Overall Level: 3 

-FIPS Approved algorithms: DSA (Cert. #105); SHS (Cert. #232); Triple-DES (Cert. #252); Triple-DES MAC (Cert. #252, vendor affirmed); HMAC-SHA-1 (Cert. #232, vendor affirmed); ECDSA (vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Pitney Bowes Cygnus X-1 Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP) and with the Canada Post Corporation's Digital Meter Indicia Specification 3457. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes IBIP Metering products."
481 Realia Technologies S.L.
Orense, 68 11th floor
Madrid, 28020
Spain

-Sebastián Muńoz
TEL: +34 91 449 03 30
FAX: +34 91 579 56 06

-Luis Jesús Hernández
TEL: +34 91 449 03 30
FAX: +34 91 579 56 06

CST Lab: NVLAP 200416-0

Cryptosec 2048
(Hardware Version: Model 1.0, Firmware Version: 01.04.0010)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/10/2004 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #262); RSA (Cert. #10); SHS (Cert. #242); RNG (Cert. #11)

-Other algorithms: DES (Cert. #263); CRC-32; MD5; RIPEMD-128; RIPEMD-160

Multi-chip embedded

"The Cryptosec 2048 is a high-end PCI cryprographic accelerator card that provides cryptographic services and secure storage of cryptographic keys. The module is built to perform general cryptographic processing (RSA, DES, SHA-1, MD5,...) and features a tamper-protective case to physically protect sensitive information contained within the card."
480 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196-1078
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 3000 Plus
(Hardware Version: P/N CLN7493D, Version 8, Firmware Version: U239AC, X795AH, Versions R3.52.17, R3.52.22 and R3.52.31.)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/10/2004;
02/25/2005
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82)

-Other algorithms: DES (Cert. #151); DES MAC (Cert. #151, vendor affirmed); DES-XL; DVI-XL; DVP-XL; HCA; DVI-SPFL; SHA-1 (non-compliant); AES MAC (Cert #2, P25 AES OTAR, vendor affirmed)

Multi-chip standalone

"The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
479 Entrust, Inc.
1000 Innovation Drive
Ottawa, Ontario K2K 3E7
Canada

-Alan Myrvold
TEL: 613-270-3009

CST Lab: NVLAP 200017-0

Entrust Authority™ Security Toolkit for Java™
(Software Version: 7.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/16/2004 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Intel Pentium 4 running Windows XP SP1 in single user mode running Sun JRE 1.4.2 and UltraSPARC-11i 300 MHz processor running Solaris 9 in single user mode running Sun JRE 1.4.2

-FIPS Approved algorithms: AES (Cert. #193); Triple-DES (Cert. #289); Triple-DES MAC (Cert. #289, vendor affirmed); DSA (Cert. #122); ECDSA, (vendor affirmed); SHS (Cert. #273); HMAC (Cert. #8); RNG (Cert. #40); RSA (Cert. #30)

-Other algorithms: DES (Cert. #279); DES MAC (Cert. #279, vendor affirmed); CAST 128; IDEA; RC2; RC4; Diffie-Hellman (key agreement); SPEKE; Rijndael 256; CAST128 MAC; MD2; MD5; HMAC- MD5; IDEA MAC

Multi-chip standalone

"Authority Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet security architecture across multiple applications and platforms. By minimizing the need for separate administration modules with every deployed application, these Toolkits provide a reduction in administrative duplication and help to reduce the cost to deploy across multiple platforms."
478 Carrier Access Corporation (a wholly owned subsidiary of Force10 Networks, Inc.) and Team F1
350 Holger Way
San Jose, CA 95134
USA

-Thomas Gormley
TEL: 408-571-3550
FAX: 303-443-5908

-Mukesh Lulla
TEL: 510-505-9931
FAX: 510-505-9941

CST Lab: NVLAP 100432-0

Broadmore/SSHield Management Module
(Software Versions: 4.0.0, 4.1.0, 4.1.1, 4.6.0 and 5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/08/2004;
12/01/2004;
02/24/2005;
12/22/2005;
03/07/2008;
03/19/2008;
09/18/2009
Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Cryptographic Key Management: Level 3

-Operational Environment: Tested as meeting Level 1 with WindRiver pSOS operating system version 2.2.7 and ATM configuration

-FIPS Approved algorithms: DSA (Cert. #100); Triple-DES (Cert. #238); AES (Cert. #129); SHA-1 (Cert. #214); HMAC-SHA-1 (Cert. #214, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip embedded

"The Broadmore family of products offer a unique economical means of provisioning, grooming, and routing TDM DS3, DS1, E3, E1 services and mixed-speed serial data to logical ATM connections. The Broadmore/SSHield Management Module controls the Broadmore configuration parameters using SSHield, an implementation of the IETF SECSH protocol, which provides an authenticated, encrypted data communications channel for secure management. More information can also be found on www.teamf1.com and www.carrieraccess.com."
477 Secure Systems Limited
80 Hasler Road
Osborne Part, Western Australia 6017
Australia

-Michael J Wynne
TEL: +61 8 9202 8333
FAX: +61 8 9202 8334

-Christine Rainwater
TEL: 703-535-7999

CST Lab: NVLAP 200416-0

Silicon Data Vault® (SDV®)
(Hardware Versions: SDV201B Rev B and SDV18A Rev A, Firmware Version: SDV2_Ver_1.3.4, Embedded_AA_1.07)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/04/2004 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #136); SHS (Cert. #219)

-Other algorithms: CRC-32

Multi-chip embedded

"The Silicon Data Vault® (SDV®) is a cryptographic hardware security device which asserts absolute control over the hard disk drive (HDD) at the earliest stage of boot up, ensuring the user is authenticated before any data can be accessed. The SDV® is operating system independent, works with any standard ATA HDD, and resides in the IDE channel, blocking and controlling all access to the HDD."
476 Prism Payment Technologies (Pty) Ltd.
PO Box 901
Witkoppen, Gauteng 2068
South Africa

-Wayne Donnelly
TEL: +27 11 5481000
FAX: +27 11 4673424

CST Lab: NVLAP 100432-0

Incognito TSM410
(Hardware Version: P/N 5520-00091, Version 2, Firmware Version: 1.1.1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/04/2004 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #259); SHA-1 (Cert. #241); Triple-DES MAC (Cert. #259, vendor affirmed); RSA (ANSI X9.31, vendor affirmed)

-Other algorithms: DES (Cert. #261); Enhanced Security DES MAC (Cert. #261, vendor affirmed); DES MAC (Cert. #261, vendor affirmed);

Multi-chip embedded

"The Incognito TSM410 is a multi-chip embedded Tamper Responsive Security Module. Fitted on a PCI carrier card, the device offers highperformace, high-security services targeted at EFT switches and mCommerce applications."
475 Trust Digital, Inc.
1600 International Drive
Suite 100
McLean, VA 22102
USA

-Norm Laudermilch
TEL: 703-760-9400
FAX: 703-760-9415

CST Lab: NVLAP 200416-0

Trust Digital Crypto Library Cryptographic Module
(Software Versions: 3.0, 3.0.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/02/2004;
03/02/2005;
07/29/2005;
09/21/2005;
10/26/2006;
11/06/2006;
02/21/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows NT SP6, 2000; XP Pro; Palm OS 4.1, 5.2.1, 5.2.1H, 5.4.5; Pocket PC 3.0, 4.20; Symbian 7.0; Smartphone 2002; Windows Mobile v5.0 and v6.0; and v5.0 Smartphone edition.

-FIPS Approved algorithms: AES (Certs. #69 and #456); Triple-DES (Certs. #177 and #473); SHS (Certs. #164 and #520); HMAC-SHA-1 (Certs. #164 and #520, vendor affirmed)

-Other algorithms: Blowfish; TwoFish; RC4; TEA; Fast XOR; MD5

Multi-chip standalone

"Trust Digital’s Cryptographic Module is a 32-bit Windows library compatible with Palm, Pocket PC, RIM, Symbian and other related operating systems. This module provides cryptographic services accessible from software programs written in C/C++ through Application Program Interfaces (APIs). The DLL (dynamically linked library) format of this module allows it to be embedded in existing applications targeted for Palm, Pocket PC, RIM and Symbian operating systems."
474 L-3 Communications Government Services, Inc.
3750 Centerview Drive
Chantilly, VA 20151
USA

-Suma Shastry
TEL: 703-375-6598

CST Lab: NVLAP 200002-0

Hand Held Monitor Module (HHM)
(Hardware Version: Rev B, Part No: 1500, Firmware Version: 5.7)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2004 Overall Level: 1 

-FIPS Approved algorithms: Triple-DES (Cert. #181); Triple-DES MAC (Cert. #181, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The Hand Held Monitor Module (HHM) device is a component of the Tactical Automated Security System (TASS). The HHM is used to detect, monitor, and access intrusions in secured areas. The HHM works in conjunction with the Communications Module (CM), which receives, and forwards intrusion alerts to the HHM."
473 L-3 Communications Government Services, Inc.
3750 Centerview Drive
Chantilly, VA 20151
USA

-Suma Shastry
TEL: 703-375-6598

CST Lab: NVLAP 200002-0

Communications Module (CM)
(Hardware Version: Rev B, Part No: 1550, Firmware Version: 5.7)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2004 Overall Level: 1 

-FIPS Approved algorithms: Triple-DES (Cert. #181); Triple-DES MAC (Cert. #181, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The Communications Module (CM) device is a component of the Tactical Automated Security System (TASS). The Communications Module (CM) works in conjunction with the HHM to receive and forward intrusion alerts."
472 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-924-3500
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: DS1955B PB1 - 1.50)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2004 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #185); SHA-1 (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed)

-Other algorithms: DES (Cert. #222);

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
471 SafeNet, Inc.
4690 Millennium Drive
Suite 400
Belcamp, MD 21017
USA

-George L. Heron
TEL: 410-933-5883
FAX: 410-931-7524

CST Lab: NVLAP 200017-0

SafeNet HighAssurance 4000 Gateway
(Hardware Version: C, Firmware Versions: 2.2 and 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2004;
05/04/2005
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The SafeNet HighAssurance 4000 Gateway is a high performance, integrated security appliance that offers Gigabit Ethernet IPSEC encryption. Housed in a tamper evident chassis, the Security Gateway has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it. With the implementation of firmware version 2.2, the SafeNet HA 4000 can now be set-up and configured with the Safe Enterprise Security Management Center (SMC)."
470 CipherOptics Inc.
701 Corporate Center Drive
Raleigh, NC 27607
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200017-0

CipherOptics SG100 and CipherOptics SG1002
(Hardware Version: A, Firmware Version: 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2004;
06/14/2010
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The CipherOptics SG100 and SG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
469 CipherOptics Inc.
701 Corporate Center Drive
Raleigh, NC 27607
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200017-0

CipherOptics SG1001
(Hardware Version: C, Firmware Version: 2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2004;
06/14/2010
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The CipherOptics Security Gateway is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Security Gateway has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
468 Fortinet, Inc.
920 Stewart Drive
Sunnyvale, CA 94085
USA

-Alan Kaye
TEL: 613-225-2951

CST Lab: NVLAP 200017-0

FortiGate-300, FortiGate-400, FortiGate-500 and FortiGate-800
(Hardware Versions: FortiGate-300 (build x20), FortiGate-400 (build x20), FortiGate-500 (build x20) and FortiGate-800 (build x20), Firmware Version: 2.50, build 219,040616)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2004 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #237); AES (Cert. #128); SHS (Cert. #213); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #213, vendor affirmed)

-Other algorithms: DES; DDiffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Antivirus Firewalls are dedicated, hardware-based units that deliver complete, real-time network protection services at the network edge."
467 Fortinet, Inc.
920 Stewart Drive
Sunnyvale, CA 94085
USA

-Alan Kaye
TEL: 613-225-2951

CST Lab: NVLAP 200017-0

FortiGate-3000 and FortiGate-3600
(Hardware Versions: FortiGate-3000 (build xx20) and FortiGate-3600 (build xx20), Firmware Version: 2.50, build 219,040616)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2004 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #237); AES (Cert. #128); SHS (Cert. #213); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #213, vendor affirmed)

-Other algorithms: DES; Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Antivirus Firewalls are dedicated, hardware-based units that deliver complete, real-time network protection services at the network edge."
466 Francotyp-Postalia
Triftweg 21-26
D-16547 Birkenwerder, Germany

-Volker Baum
TEL: +49 3303 525 668
FAX: +49 3303 525 609

CST Lab: NVLAP 100432-0

FrankIT Postal Revenector
(Hardware Version: 58.0036.0001.00/05, Firmware Version: 90.0036.0007.00/00)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2004 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: Triple-DES (Cert. #39); RSA (PKCS #1, vendor affirmed); SHA-1 (Cert. #43); HMAC-SHA-1 (Cert. #43, vendor affirmed)

-Other algorithms: DES (Cert. #108); DES MAC (Cert. #108, vendor affirmed); Diffie-Hellman (key agreement)

Multi-chip embedded

"The Francotyp-Postalia FrankIT Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The FrankIT Postal Revenector has been designed in compliance with the Deutsche Post AG (DPAG), FrankIT Specification."
465 D'Crypt Pte Ltd.
20 Ayer Rajah Crescent
#08-08 Technopreneur Centre, Singapore 139964
Singapore

-Quek Gim Chye
TEL: +65-6773-9016
FAX: +65-6873-0796

CST Lab: NVLAP 100432-0

d'Cryptor QE Cryptographic Module
(Hardware Versions: P/N DC/QE-L.8.1024 Versions 3.0L and 3.1L and P/N DC/QE-S.4.512 versions 3.0S and 3.1S, Firmware Version: 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2004;
06/06/2005
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #159); SHA-1 (Cert. #139); RSA (FIPS 186-2 and PKCS#1, vendor affirmed); AES (Cert. #49); HMAC-SHA-1 (Cert. #139, vendor affirmed)

-Other algorithms: DES (Cert. #205)

Multi-chip embedded

"The d'Cryptor QE is a programmable cryptographic coprocessor designed for high security assurance applications and features in the d'Cryptor line of products such as d'Cryptor XE, d'Cryptor HSM and TelePort. It contains a secure high-performance cryptographic core that comprises a CPU, Flash ROMs, NVRAM, UTC clock, firmware and a host of useful and cryptographic APIs. The QE provides strong physical security through an opaque, hard epoxy potting and a tamper response mesh that zeroizes all keys in event of tamper. Application loading is authenticated using an approved digital signature scheme."
464 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

CST Lab: NVLAP 200427-0

Contivity 1700, 2700 and 5000 Secure IP Services Gateways
(Hardware Versions: 1700, 2700 and 5000, Firmware Version: V04_85.121)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2004;
01/06/2006
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #29 and #183); AES (Cert. #50); SHA-1 (Certs. #31 and #51); HMAC-SHA-1 (Certs. #31 and #51, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #48 and #101); DES MAC (Certs. #48 and #101, vendor affirmed); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD5; HMAC-MD5

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant Contivity 1700, 2700 and 5000 Secure IP Services Gateways are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The Contivity 1700, 2700 and 5000 provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
463 VIACK Corporation
16701 NE 80th St.
Suite 100
Redmond, WA 98052
USA

-Peter Eng
TEL: 425-605-7400
FAX: 425-605-7405

CST Lab: NVLAP 100432-0

VIA3 VkCrypt Cryptographic Module
(Software Version: 3.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/20/2004 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server SP4

-FIPS Approved algorithms: RNG (Cert. #3); AES (Cert. #147); RSA (Cert. #5); SHA-1 (Cert. #236); HMAC-SHA-1 (Cert. #236, vendor affirmed)

-Other algorithms: RSA (PKCS #1); RC2

Multi-chip standalone

"The VIA3 VkCrypt Cryptographic Module is a software cryptographic module that implements symmetric and public key encryption, digital signatures, and hashing for VIA3 E-meeting products. VIA3 is a secure and confidential E-meeting solution integrating live audio and video, instant messaging, and real-time information sharing."
462 3e Technologies International, Inc.
700 King Farm Blvd.
Suite 600
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1403

CST Lab: NVLAP 200427-0

3e-521NP, 3e-522FIPS, 3e-530NP and 3e-531AP Wireless Gateways
(Hardware Versions: 3e-521NP, 3e-522FIPS, 3e-530NP and 3e-531AP, Firmware Version: 2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/20/2004 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #136 and #161); AES (Cert. #27); SHA-1 (Cert. #140); HMAC-SHA-1 (Cert. #140, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1); MD5; RC4; DES

Multi-chip standalone

"The 3e family of Secure Wireless Gateways implements a cryptographic suite including AES, 3DES, SHA-1, HMAC SHA-1, Diffie-Hellman, and HTTPS/TLS. These algorithms are used in combination to protect the main Gateway services of bridging from wired uplink LAN to the wireless LAN, NAT routing from the wired uplink LAN to the wireless LAN, and DHCP service to the local LAN allowing a wired local LAN to exist over the local wireless LAN interface. The cryptographic suite is implemented in an innovative manner so that critical performance is not sacrificed in providing a rugged FIPS 140-2 Level 2 secure wireless solution."
461 Lucent Technologies, Inc.
600 Mountain Ave
Murray Hill, NJ 07974
USA

-Kim Tourigny
TEL: 978-952-1504
FAX: 978-952-1120

-Dan Buczala
TEL: 978-952-1512
FAX: 978-952-1516

CST Lab: NVLAP 200427-0

VPN Firewall Brick® 350, Brick® 1000 and Brick® 1100 with Encryption Accelerator Cards
(Hardware Versions: Brick® 350, Brick® 1000 and Brick® 1100, and Encryption Accelerator Card v2: Version 1.0, Board Version 1, Firmware Versions: Lucent LVF v7.2.292 and EAC v2: 7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/08/2004;
02/03/2005
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #75 and #245); SHA-1 (Certs. #65 and #225); HMAC-SHA-1 (Certs. #65 and #225, vendor affirmed); DSA (Cert. #62)

-Other algorithms: DES (Certs. #135 and #250); MD5; ARC4; Diffie-Hellman (key agreement); HMAC- MD5

Multi-chip standalone

"The VPN Firewall Brick is a high-speed packet-processing appliance, oriented towards providing security functions. The Brick is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industry-leading performance."
460 Lucent Technologies, Inc.
600 Mountain Ave
Murray Hill, NJ 07974
USA

-Kim Tourigny
TEL: 978-952-1504
FAX: 978-952-1120

-Dan Buczala
TEL: 978-952-1512
FAX: 978-952-1516

CST Lab: NVLAP 200427-0

VPN Firewall Brick® 350 and Brick® 1000
(Hardware Versions: Brick® 350 and Brick® 1000, Firmware Version: Lucent LVF v7.2.292)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/08/2004;
02/03/2005
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #245); SHA-1 (Cert. #225); HMAC-SHA-1 (Cert. #225, vendor affirmed); DSA (Cert. #62)

-Other algorithms: DES (Cert. #250); MD5; ARC4; Diffie-Hellman (key agreement); HMAC-MD5

Multi-chip standalone

"The VPN Firewall Brick is a high-speed packet-processing appliance, oriented towards providing security functions. The Brick is a carrier-grade integrated firewall and virtual private network (VPN) gateway appliance specifically designed for web/application data center security, large-scale managed security services, and remote access VPN services. Called the Brick because of its rugged, reliable design, this is an ideal platform for service providers seeking wide scalability, ready manageability, and industry-leading performance."
459 Backbone Security.com, Inc.
701 Main Street
Suite 300
Stroudsburg, PA 18360
USA

-Glenn Watt
TEL: 570-422-7900
FAX: 570-422-7940

CST Lab: NVLAP 200556-0

Ribcage 1100 and Ribcage 2800
(Hardware Version: 3.0, Software Version: 2.2 FIPS)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/08/2004 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #208); AES (Cert. #94); SHA-1 (Cert. #184); HMAC-SHA-1 (Cert. #184, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); HMAC-SHA-256; HMAC-SHA-512; HMAC-MD5

Multi-chip standalone

"Ribcage is a secure IPSec Virtual Private Network that provides secure connectivity deployed on a shared infrastructure with the same privacy and performance as a leased network. Ribcage is a solution that is flexible as both a secure virtual private network and as a remote access, with straightforward administration tools that allow rapid set-up and administration remotely or locally."
458 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-962-6248

CST Lab: NVLAP 100432-0

SonicWALL TZ 170
(Hardware Version: P/N 101-5000072-00 rev A, Firmware Versions: SonicOS Enhanced Versions 2.0, v2.5 and v3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/08/2004;
02/24/2005;
05/17/2006;
04/25/2007
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #121 and #140); Triple-DES (Certs. #231 and #248); SHA-1 (Cert. # 208); HMAC-SHA-1 (Cert. #208, vendor affirmed); DSA (Cert. #98); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #245 and #251); RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The SonicWALL TZ 170 is an internet security appliance with a WAN interface, a flexible Optional interface, and a LAN interface incorporating a 5-port Fast-Ethernet switch. The SonicWALL TZ 170 provides stateful packet inspection firewall services, accelerated IPSec VPN, bandwidth management, and can be upgraded to offer ISP failover and traffic loadbalancing. The SonicWALL TZ 170 also serves as a platform for extensible security services such as Content Filtering Services (CFS), Network Anti - Virus, and E-mail filtering."
457 Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Javier Lorenzo
TEL: 858-625-5020

-Irfan Khan
TEL: 510-936-4840

CST Lab: NVLAP 200427-0

Sun Cryptographic Accelerator 4000
(Hardware Versions: Fiber: 501-6040-02 and 501-6040-03, UTP/Copper: 501-6039-05 and 501-6039-06, Firmware Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/12/2004 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert.# 190); AES (Cert. #79); SHA-1 (Certs. #171 and #172); HMAC-SHA-1 (Certs. #171 and #172, vendor affirmed); DSA (Cert. #92); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #225); MD5; HMAC-MD5; RC2

Multi-chip embedded

"The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software. The SCA 4000 meets or exceeds all FIPS 140-2 Level 3 requirements."
456 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Michael Poitner
TEL: 650-312-1241
FAX: 650-312-8129

-Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

CST Lab: NVLAP 200427-0

Sm@rtCafé Expert FIPS 64 with ActivCard Applet v2
(Hardware Version: HD65246C1A05NB, Firmware Versions: CH463JC_INABFOP003901_V101 and CH463JC_INABFOP003901_V102, Applet Versions: AC Applet Versions 2.3.0.2 and 2.3.0.5; ASC Library 2.3.0.2 and 2.3.0.3; and PKI/GC Applet Versions 2.3.0.2 and 2.3.1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/11/2004;
09/07/2005;
04/04/2008
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHA-1 (Cert. #216); DSA (Cert. #102); RSA (Cert. #7, PKCS#1); Triple-DES MAC (Cert. #239, vendor affirmed)

-Other algorithms: DES (Cert. #249); DES MAC (Cert. #249, vendor affirmed)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert FIPS 64 is a Java Card 2.2 and Open Platform v2.0.1' compliant smart card module. It supports, at a minimum, Triple-DES, AES, DSA, and RSA algorithms with on-card key generation. The Sm@rtCafé Expert FIPS 64 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
455 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-962-6248

CST Lab: NVLAP 100432-0

SonicWALL PRO 3060/4060
(Hardware Versions: 3060 101-500078-00 rev. A and 4060 101-500067-00 rev. A, Firmware Versions: SonicOS Enhanced Versions v2.0, v2.5 and v3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/11/2004;
02/24/2005;
05/17/2006;
05/31/2006;
04/25/2007
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #105 and #121); Triple-DES (Certs. #217 and #231); SHA-1 (Cert. #208); HMAC-SHA-1 (Cert. #208, vendor affirmed); DSA (Cert. #98); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #245); RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The PRO 4060 and PRO 3060 are internet security appliances offering stateful packet inspection firewall services, accelerated IPSec VPN, bandwidth management, and dual-WAN port support with ISP failover and load-balancing capabilities, all via six configurable 10/100 Ethernet interfaces."
454 iDirect
13865 Sunrise Valley Drive
Suite 100
Herndon, VA 20171
USA

-Chris Burdick
TEL: 703-648-8000
FAX: 703-648-8014

CST Lab: NVLAP 200556-0

Protocol Processor
(Hardware Version: 5.0, Firmware Version: 5.0.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/02/2004;
12/23/2008
Overall Level: 1 

-FIPS Approved algorithms: Triple-DES (Cert. #243); SHA-1 (Cert. #220); HMAC-SHA-1 (Cert. #220, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"iDirect Technologies provides solutions that allow enterprises of any size, in virtually any location, to access broadband TCP/IP communications via satellite. Our technology provides the flexibility, capability, and reliability that enterprise and government customers need to support critical business applications. The Protocol Processor is the central component of iDirect’s TDMA star network product and is responsible for network wide functions such as: TCP acceleration, QoS, 3DES encryption, TDMA management and dynamic time slot allocation."
453 iDirect
13865 Sunrise Valley Drive
Suite 100
Herndon, VA 20171
USA

-Chris Burdick
TEL: 703-648-8000
FAX: 703-648-8014

CST Lab: NVLAP 200556-0

NetModem II Plus
(Hardware Version: 5.0, Firmware Version: 5.0.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/28/2004;
12/23/2008
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #242); SHA-1 (Cert. #220); HMAC-SHA-1 (Cert. #220, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"iDirect Technologies provides solutions that allow enterprises of any size, in virtually any location, to access broadband TCP/IP communications via satellite. Our technology provides the flexibility, capability, and reliability that enterprise and government customers need to support critical business applications. The iDirect NetModem II Plus broadband router is a compact, set-top terminal that routes IP traffic over satellite networks."
452 Credant Technologies Corporation
15305 Dallas Parkway
Suite 1010
Addison, TX 75001
USA

-Chris Burchett
TEL: 972-458-5407
FAX: 972-458-5454

CST Lab: NVLAP 200002-0

Credant Cryptographic Kernel
(Versions 1.3 and 1.4)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/28/2004;
09/21/2004;
09/24/2004
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP 1 and Windows CE 3.0 (single user mode)

-FIPS Approved algorithms: AES (Certs. #117 and #168); Triple-DES (Certs. #229 and #272); SHA-1 (Certs. #206 and #253); HMAC-SHA-1 (Certs. #206 and #253, vendor affirmed); RNG (Cert. #19)

-Other algorithms: N/A

Multi-chip standalone

"Credant Cryptographic Kernel is a FIPS 140-2 compliant, software-based cryptography library that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1 algorithms for the Credant Mobile Guardian product. Credant Mobile Guardian enables enterprise-wide control of security for mobile and wireless users of laptops, tablet PCs, PDAs and smart phones."
451 Good Technology
101 Redwood Shores Parkway
Redwood City, CA 94065
USA

-Sriram Krishnan
TEL: 650-486-6000

CST Lab: NVLAP 200002-0

FIPSCrypto
(Software Versions: Pocket PC 20040220 and Symbian 4.9.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/28/2004;
01/11/2007;
04/09/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Symbian 9.1 and Windows CE 4.2

-FIPS Approved algorithms: AES (Certs. #134 and #477); Triple-DES (Certs. #240 and #491); SHA-1 (Certs. #217 and #545); HMAC-SHA-1 (Certs. #217, vendor affirmed and #234)

-Other algorithms: N/A

Multi-chip standalone

"The Good FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements the Triple-DES; AES; SHA-1; HMAC-SHA-1 algorithms."
450 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Nokia VPN Appliance
(Hardware Versions: IP350, IP355, IP380 and IP385, Software Versions: (IPSO v3.7.99 and Check Point NG with Application Intelligence R54) and (IPSO v3.9 and Check Point NG with Application Intelligence R60))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/28/2004;
07/28/2005;
09/21/2006;
11/06/2006;
05/28/2009
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #88 and #407); Triple-DES (Certs. #41, #80, #132, #234, #235, #333 and #440); SHA-1 (Certs. #42, #69, #210, #211, #212, #325 and #474); HMAC-SHA-1 (SHA-1 Certs. #42, #56, #69, #210, #211, #212, vendor affirmed and HMAC-SHA-1 #179 and #180); DSA (Cert. #99); RSA (PKCS #1 vendor affirmed and #63, #146 and #149); RNG (#30, #196 and #201)

-Other algorithms: DES (Certs. #110, #142, #183, #247, #311 and #314); CAST; DES (40 bits); HMAC-MD5; MD5; Arcfour; Blowfish

Multi-chip standalone

"The Nokia IP350, IP355, IP380 and IP385 are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1/FW-1, these platforms provide reliable, easy to manage distributed security and access."
449 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-7134

CST Lab: NVLAP 100432-0

ID-One Cosmo 64 v5
(Hardware Version: P/N: 77, Firmware Version: E302)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/28/2004;
02/25/2005;
03/01/2005;
06/29/2005;
09/23/2005
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHA-1 (Cert. #209); RSA (FIPS 186-2, PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed);

Single-chip

"The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government needs. It offers a full 64K Byte of EEPROM space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional features include On-Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
448 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei
Taoyuan, Taiwan 326
Republic of China

-Yu-Ling Cheng
TEL: +886 3 424-5883
FAX: +886 3 424-4167

CST Lab: NVLAP 200017-0

SafGuard 200 HSM
(Hardware Version: HSM-HW-0312.02, Firmware Version: HSM-SW-ARM-FRTO.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2004 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #224); AES (Cert. #111); SHA-1 (Cert. #201); RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: RC6

Multi-chip standalone

"SafGuard200 is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed math accelerator for 1024-4096 bit public key signatures, and hashing). The SafGuard 200 HSM provides secure identity-based challenge-response authentication using smart cards and data encryption using FIPS approved 3DES and AES encryption."
447 Oracle Corporation
500 Oracle Parkway
Redwood Shores
California, CA 94065
USA

-Shaun Lee
TEL: +44 1189 243860

CST Lab: NVLAP 200583-0

Oracle Cryptographic Libraries for SSL 10g (9.0.4)
(Software Version 10g (9.0.4))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/30/2004;
08/06/2004
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Sun Solaris Version 8 running on a Sun Ultra 60 UltraSparc workstation

-FIPS Approved algorithms: Triple-DES (Cert. #170); SHA-1 (Cert. #154); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #154, vendor affirmed)

-Other algorithms: DES (Cert. #215); RSA-MD5 (PKCS#1); RC4; HMAC-MD5; Diffie-Hellman (key agreement); RSA (PKCS#5)

Multi-chip standalone

"The Oracle Cryptographic Libraries for SSL 10g (9.0.4) is a generic module used by Oracle Corporation in a variety of its application suites. The module is used to provide support to cryptography, authentication, PKCS and certificate management for applications like the Oracle Database Server, Oracle Applications Server, Oracle Internet Directory, Web Cache and Oracle HTTP Server. It provides a rich set of functionality and uses PKCS wallet structures for managing identities and trustpoints."
446 3Com Corporation
5500 Great America Parkway
Santa Clara, CA 95052
USA

-Rahul Jain
TEL: 408-326-3518

-Annette Davis
TEL: 408-326- 8954

CST Lab: NVLAP 200427-0

3Com 10/100 Secure NIC (3CR990B-97) and 3Com 100 Secure Fiber NIC (3CR990B-FX-97)
(Hardware Versions: 03-0229-100 and 03-0347-000, Firmware Versions: Runtime: 03.001.008, Diagnostic: 03.001.008, Sleep: 03.001.007)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2004 Overall Level: 1 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #212); SHA-1 (Certs. #188 and #189); HMAC-SHA-1 (Certs. #188 and #189, vendor affirmed)

-Other algorithms: DES (Cert. #234); MD5; HMAC-MD5

Multi-chip embedded

"3Com® 10/100 Secure NICs offers IPSec and TCP/IP offloading, upgradability to the embedded firewall technology while also offering advanced intrusion resistance to protect your LAN, without sacrificing throughput performance. In addition, the NICs incorporate advanced server features and remote management capabilities to accelerate application response and lower IT administration time."
445 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry® Enterprise Server Cryptographic Kernel
(Software Version: 1.0.0.2)

(When operated in FIPS mode with FIPS validated Microsoft® Base Cryptographic Providers Certificates #76 or #103 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/30/2004;
08/24/2005
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows NT Server 4.0 SP6a

-FIPS Approved algorithms: Triple-DES (Cert. #216); AES (Cert. #104); SHA-1 (Cert. #195); HMAC-SHA-1 (Cert. #195, vendor affirmed)

-Other algorithms: Rijndael

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete endtoend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®"
444 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Hazem Hassan
TEL: 952-808-2372
FAX: 952-890-2726

CST Lab: NVLAP 200427-0

Model 330G2 Smart Card
(Hardware Version: 1.0, Firmware Version: 2.0, EXFs: GSC-IS application executable (G2 EXF) Version 22)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2004;
02/22/2005
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #236); DSA/SHA-1 (Cert. #35);RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #88); Diffie-Hellman (key agreement)

Single-chip

"The 330G2 is an ISO 7816 and GSC-IS compliant cryptographic smart card designed for identification and access control applications. The card provides a secure, mobile platform for creating, storing and using keys, certificates, passwords and other digital credentials. Security services include: Multiapplication secure storage and retrieval of data and digital credentials. Authentication of the cardholder and the security officer. Cryptographic services including SHA-1, DES, 3DES, RSA Sign/Verify, RSA Encrypt/Decrypt and DSA Sign/Verify with on board key generation including RSA 2048-bit key generation."
443 ActivCard, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-745-6211
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivCard Digital Identity Applet Suite v1.1.5 on Cyberflex Access 64k v2
(Hardware Version: Cyberflex Access 64k v2, OS Hard Mask no01 v01 Firmware Version: OS Soft Mask no02 v03, ID Applet v1.0.0.23, PKI Applet v1.0.0.29, GC Applet v1.0.0.27, SKI Applet v1.0.0.16)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/23/2004;
05/26/2006
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #193); Triple-DES MAC (Cert. #193, vendor affirmed); SHA-1 (Cert. #173); RSA (PKCS#1, vendor affirmed); AES (Cert. #81)

-Other algorithms: DES (Cert. #227); DES MAC (Cert. #227, vendor affirmed)

Single-chip

"ActivCard Digital Identity Applet Suite v1.1.5 on Cyberflex Access 64k v2 provides the following services:
- Card Holder verification using PIN
- Secure storage of data and private information
- RSA based Digital Signature (1024 and 2048 bits)
- DES/TDES based One Time Password (OTP) generation"
442 Vormetric, Inc.
3131 Jay Street
Santa Clara, CA 95054
USA

-Suhel Khan
TEL: 408-961-6114
FAX: 408-844-8638

-Paulus Weemaes
TEL: 408-961-6117
FAX: 408-844-8638

CST Lab: NVLAP 100432-0

CoreGuard Security Server
(Hardware Version: P/N 30 Release 1.0 Version 3.0, Firmware Versions: VN.3.0SP1- Build0060 and VN.3.0SP1-Build0064)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/16/2004;
07/27/2004;
01/27/2006
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #241); AES (Cert. #135); SHA-1 (Cert. #218); HMAC-SHA-1 (Cert. #218, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"Vormetric CoreGuard Security Server is a comprehensive security solution that combines protection of data at rest, application integrity and host protection. CoreGuard integrates a software module loaded on a server, and a FIPS compliant appliance with user-defined security policies allowing fine-grain data access control and selective encryption of data at rest (AES 128/256 and 3DES), application digital signatures, enforced user authentication, host protection and central management. CoreGuard installs transparently and does not require changes to applications, databases or storage architectures allowing the security to extend to any data across the enterprise."
441 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00181
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure® and Pointsec® Windows Mobile Cryptographic Library
(Software Version: 1.1.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/16/2004;
05/20/2008
Overall Level: 1 

-EMI/EMC: Level 3
-Self-Tests: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows CE 4.20.1081

-FIPS Approved algorithms: AES (Cert. #4); SHA-1 (Cert. #224); HMAC-SHA-1 (Cert. #224, vendor affirmed)

-Other algorithms: Passphrase-based key derivation (PBKDF2 as specified in PKCS#5); AES (IWEC)

Multi-chip standalone

"The F-Secure Pocket PC Cryptographic Library is a software module, implemented as a 32-bit Windows CE compatible DLL for Windows Mobile 2003 and Pocket PC 2002 platforms. It provides an assortment of cryptographic services to any client process that attaches an instance of the module DLL. The services are accessible for the client through a Clanguage Application Program Interface. The cryptographic services are also available in the form of a static library and as source code."
440 Proofpoint Inc.
892 Ross Drive
Sunnyvale, CA 94089
USA

-Stephen Lewis
TEL: 408-517-4710
FAX: 408-517-4711

CST Lab: NVLAP 200427-0

Proofpoint Security Library
(Software Version 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/16/2004;
11/06/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP1, Java Runtime Environment 1.4.2-b28

-FIPS Approved algorithms: Triple-DES (Cert. #94); AES (Cert. #22); SHA-1 (Cert. #78); HMAC-SHA-1 (Cert. #78, vendor affirmed); DSA (Cert. #56); RSA (FIPS 186-2, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); Secure Remote Password (SRP); Extended Secure Remote Password (ESRP); Triple-DES (ECB mode); DSA (Signing and Key Generation)

Multi-chip standalone

"The module is a JAVA language cryptographic component to be used by the various Proofpoint security products. The module is designed to meet Level 1 requirements of FIPS 140-2 standard. The module is a cryptographic library that provides variety of cryptographic services (both approved as well as non-approved). The module can be executed on any general-purpose PC and operating system capable of running JRE 1.4 or later."
439 Decru, A NetApp Company
275 Shoreline Drive
Fourth Floor
Redwood City, CA 94065
USA

-Michele Borovac
TEL: 650-413-6700
FAX: 650-413-6790

CST Lab: NVLAP 100432-0

Decru DataFort SEP
(Hardware PN/Rev 60-000109/A, Firmware PN NAS 29.4 and SAN 29.4, Software PN 23.3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/16/2004;
06/21/2007
Overall Level: 3 

-FIPS Approved algorithms: SHA-1 (Certs. #190, #191 and #192); AES (Certs. #97, #98 and #99); ECDSA (vendor affirmed); HMAC-SHA-1 (Cert. #192, vendor affirmed); SHA-256 (Cert. #223); HMAC-SHA-256 (Cert. #223, vendor affirmed)

-Other algorithms: N/A

Multi-chip embedded

"Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
438 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

2621XM and 2651XM Modular Access Routers with AIM-VPN/EP
(Hardware Versions: 2621XM and 2651XM with AIM-VPN/EP Version 1.0 and Board Version B0, Firmware Version: IOS 12.3(3d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/16/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #32 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Cert. #26 and DSA Cert. #38); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #100 and #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
437 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure® Cryptographic Library™ for Windows
(Software Version 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/16/2004 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 98, Windows XP and Windows ME (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #202); AES (Cert. #89); SHA-1 (Cert. #178); HMAC-SHA-1 (Cert. #178, vendor affirmed); DSA (Cert. #94); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #231); DES (CTR); Blowfish; CAST 128; MD5; SHA-256; HMAC- MD5, HMAC-SHA-256, Diffie-Hellman (key agreement); Passphrase-based key derivation (PBKDF2 as specified in PKCS#5)

Multi-chip standalone

"The F-Secure Cryptographic Library for Windows (the Module) is a software module, implemented as a 32-bit Windows 'NT/2000/XP/98/ME' compatible DLL (FSCLM.DLL). The Module provides an assortment of cryptographic services to any client process that attaches an instance of the Module DLL. The Module is designed and implemented to meet the level 1 requirements of FIPS publication 140-2 when running on appropriate hardware under Windows 98, ME or XP operating system."
436 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5076
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Chrysalis-ITS K3 Cryptographic Engine
(Hardware Versions: 2.0, 3.0 and 4.0, Firmware Version 4.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/10/2004;
10/18/2004;
12/22/2005
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Cryptographic Key Management: Level 3
-Self-Tests: Level 3
-Mitigation of Other Attacks: Level 3

-FIPS Approved algorithms: AES (Cert. #41); Triple-DES (Cert. #73); DSA (Cert. #51); SHA-1 (Cert. #64); RSA (FIPS 186-2 and PKCS #1, vendor affirmed); Triple-DES MAC (Cert. #73, vendor affirmed); HMAC-SHA-1 (Cert. #64, vendor affirmed)

-Other algorithms: DES (Cert. #32); DES MAC (Cert. #32, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; Diffie-Hellman 1024 (non-compliant); CAST MAC; CAST3 MAC; CAST5 MAC; SSL3-MD5 MAC; SSL3-SHA-1 MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; AES MAC; RC2 MAC; RC5 MAC

Multi-chip embedded

"The K3 Chrysalis-ITS Cryptographic Engine is a hardware cryptographic module in the form of a PCI card that resides within a secured generalpurpose computing appliance. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
435 SafeNet, Inc.
951 Aviation Pkwy
Suite 300
Morrisville, NC 27560
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Link Encryptors NRZ - H[1], NRZ - L[2], T1[3], E1 75ohm[4], E1 120ohm[5], RS-232[6], T3[7] and HSSI[8]
(Hardware Versions: SE-SLE-HNxAC[1], SE-SLE-LNxAC[2], SE-SLE-1ExAB[3], SE-SLE-27xAB[4], SE-SLE-2ExAB[5], SE-SLE- LRxAB[6], SE-SLE-37xAB[7] and SE-SLE-VVxAB[8], Firmware Version: 4.01)

(When operated in FIPS mode)
(Note: Refer to the cryptographic module’s security policy for the details on the letter x designation)


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/28/2004;
06/10/2004
Overall Level: 2 

-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #22 and #139); AES (Cert. #32); DSA/SHA-1 (Cert. #5)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet™ SafeEnterprise™ Link Encryptor's (SLE's) secure sensitive data transmitted over high-speed, point-to-point communication links. The system supports synchronous, full-duplex data rates up to 8 Mbps, and employs FIPS approved AES or Triple-DES algorithms. The SLE can be locally controlled or managed using the SafeNet™ SafeEnterprise™ Security Management Center (SMC), an SNMP-based security management system."
434 Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

-Entrust Sales
TEL: 888-690-2424

CST Lab: NVLAP 200017-0

Entrust TruePass™ Applet Cryptographic Module
(Software Version: 7.0)

(When operated in FIPS mode with FIPS validated browser services operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/27/2004 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 SP3 running Microsoft VM for Java 5.0.0.3810 or Sun plug-in version 1.4.1, and Netscape Navigator 7.0 (Certs. #7, #45 and #47) or Microsoft Internet Explorer 6.0 SP1 (Certs. #103 and #106) (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS#1, vendor affirmed)

-Other algorithms: CAST 128

Multi-chip standalone

"The module performs low level cryptographic operations - encryption, decryption and hashes - implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
433 Enterasys Networks
50 MinuteMan Rd.
Andover, MA 01810
USA

-Damon Hopley
TEL: 978-684-1083

CST Lab: NVLAP 200002-0

XSR-1805, XSR-1850 and XSR-3250
(Hoftware Version: REL 6.3, Firmware Version: REL 6.3, Hardware Version: REV 0A-G)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/26/2004 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #48, 106 and #107); Triple-DES (Certs. #158, #218, #219 and #220); SHA-1 (Certs. #143, #197, #198 and #199); HMAC-SHA-1 (Certs. #143, #197, #198 and #199, vendor affirmed); DSA (Cert. #97); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Certs. #204, #238, #239 and #240); HMAC-MD5; MD5; MD4; 40-bit and 128-bit RC4; CAST; Blowfish; Twofish; ARCfour; Diffie-Hellman (key agreement)

Multi-chip standalone

"Enterasys Networks X-Pedition Security Routers (XSR), the XSR-1805, XSR-1850, and XSR-3250 modules are networking devices that combine a broad range of IP routing features, a broad range of WAN interfaces and a rich suite of network security functions, including site-to-site and remote access VPN connectivity and policy managed, stateful-inspection firewall functionality."
432 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3220 and 3251 Mobile Access Router Cards
(Hardware Version 3.2, Firmware Version 12.2(11r) YQ4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/26/2004;
10/01/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 1 

-Cryptographic Module Specification: Level 2
-Roles, Services, and Authentication: Level
-EMI/EMC: Level 2
-Design Assurance: Level 2
-Cryptographic Module Ports and Interfaces: Level 2
-Finite State Model: Level 2
-Cryptographic Key Management: Level 2
Self-Tests: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Cert. #26); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; Diffie-Hellman (key agreement); HMAC-MD5

Multi-chip embedded

"The module is a high-performance router card, which offers secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The unique functionality of this router card is that always on IP connectivity for networks in motion. This allows IP hosts on a mobile network to connect transparently to the parent network while the router is in motion."
431 Gemplus Corp.
Avenue du Pic de Bretagne
BP 100, GTmenos Cedex 13881
France

-Luc Astier
TEL: +33 (0) 4 42 36 50 00

CST Lab: NVLAP 200427-0

GemXpresso Pro R3 E64 PK - FIPS
(GP92, Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/26/2004;
07/27/2004;
08/05/2004
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #95); SHA-1 (Cert. #82); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert. #95, vendor affirmed)

-Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed)

Single-chip

"GemXpresso Pro R3 E64 PK - FIPS is based on a Gemplus Open OS Smart Card with 64K of EEPROM.. The SmartCard platform has on board Triple DES and RSA algorithms and can provide on board key generation. The module conforms to Java Card V2.1.1 and Global Platform V2.0.1 standards"
430 SafeNet, Inc.
951 Aviation Parkway
Suite 300
Morrisville, NC 27560
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200017-0

SafeEnterprise™ Frame Encryptor II[1] and SafeEnterprise™ Frame Encryptor HSSI[2]
(SE-SFE-LixAC[1], SE-SFE-HixAC[1], and SE-SFE-VVxAC[2], Firmware Version: 5.00)

(When operated in FIPS mode)
(Note: Refer to the cryptographic module’s security policy for the details on the letter (i and x) designations)


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/26/2004;
06/10/2004
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #22 and #139); AES (Cert. #32); DSA/SHA-1 (Cert. #5)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The SFE protects information flowing between nodes or sites of a frame relay network. It can be configured to either allow or disallow information flow between two frame relay nodes. Furthermore, the information flow can be either protected through AES/TDES encryption or passed without encryption. The SFE II supports Full-Duplex throughput of up to 8m Mbps and 922 active secure connections."
429 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6509 Switch, 7606 and 7609 Routers with VPN Services Module
(Hardware Versions: 6509, 7606 and 7609, Backplane Chassis Version 3.0 (6509), 1.0 (7606) and 1.0 (7609), Supervisor Blade Version 3.2, VPN Accelerator Blade Version 1.2, Firmware Version: 12.2(14)SY3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #132, #155 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); SHA-1 (Certs. #26 and #117); HMAC-SHA-1 (Certs. #26 and #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #183, #201 and #202); DES MAC (Cert. #202, vendor affirmed); AES (Cert #46); MD4; MD5; Diffie-Hellman (key agreement); HMAC-MD5

Multi-chip standalone

"The Cisco Catalyst 6509 Switch, 7606 and 7609 Routers offer versatility, integration, and security to branch offices. With numerous Network Modules (NMs) available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Cisco 6509, 7606 and 7609 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
428 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

7206 VXR NPE-G1 Router with Single and Dual VPN Acceleration Module 2 (VAM2)
(Hardware Versions: 7206 VXR NPE-G1 Version 1.1, Fab Version 05 and VAM2 Version 2.0, Board Version A0, and Firmware Version: IOS 12.3(3d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
11/29/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #156 and #158); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Certs. #46 and #48); SHA-1 (Certs. #26 and #143); HMAC-SHA-1 (Certs. #26 and #143, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #202 and #204); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
427 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

2691 and 3725 Modular Access Routers with AIM-VPN/EPII and 3745 Modular Access Router with AIM-VPN/HPII
(Hardware Versions: 2691, 3725 and 3745 with AIM-VPN/EPII Version 1.0, Board Version A0 and AIM-VPN/HPII Version 1.0, Board Version A0, and Firmware Version: IOS 12.3(3d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
05/25/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #156 and #160); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Certs. #46 and #51); SHA-1 (Certs. #26 and #144); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #202 and #206); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
426 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

1721 and 1760 Modular Access Routers with MOD1700-VPN
(Hardware Versions: 1721 and 1760 with MOD1700-VPN Version 2.1, Board Version A0 and Firmware Version: IOS 12.3(3d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
05/25/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #32 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); DSA/SHA-1 (Cert. #38); HMAC-SHA-1 (SHA-1 Cert. #26 and DSA/SHA-1 Cert. #38, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #100 and #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
425 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-924-3500
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware version: DS1955B PBO-1.00c)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: Triple-DES (Cert. #185); SHA-1 (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed)

-Other algorithms: DES (Cert. #222);

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information- Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
424 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress® Client Cryptographic Module
(Software Version: 2.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/06/2004;
02/07/2006;
12/20/2006;
03/26/2010;
05/17/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Pro SP1, Windows 2000 SP2, Windows NT 4.0 SP2, Windows 98 2nd ed., Windows CE 3.0, PalmOS 4.1, MS DOS 6.20 and Windows CE v4.0 (single user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #19 and #457); SHS (Certs. #34 and #498); AES (Certs. #14 and #427); HMAC-SHA-1 (Cert. #34, vendor affirmed)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement)

Multi-chip standalone

"The AirFortress™ Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
423 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

7206-VXR NPE-400 Router with VPN Acceleration Module (VAM)
(Hardware Version: 7206-VXR with VAM Version 1.0 and Board Version A0, Firmware Version: IOS 12.3(3d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
11/29/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #29 and #156); Triple-DES MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Certs. #26 and #51); HMAC-SHA-1 (Certs. #26 and #51, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #101 and #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
422 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

1721, 1760, 2621XM, 2651XM, 2691, 3725 and 3745 Modular Access Routers and 7206-VXR NPE-400 Router
(HW Versions: 1721, 1760, 2621XM, 2651XM, 2691, 3725, 3745 and 7206-VXR, Firmware Version: IOS 12.3(3d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
05/25/2004;
11/29/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #156); Triple-DES- MAC (Cert. #156, vendor affirmed); AES (Cert. #46); SHA-1 (Cert. #26); HMAC-SHA-1 (Cert. #26, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #202); DES MAC (Cert. #202, vendor affirmed); MD4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco Modular Access Routers are routers that provides data protection on a network providing packet encryption. The modules perform all of the functions typical of a router. In addition to the normal routing functions, the modules also provide packet encryption. The modules are capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
421 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco VPN 3000 Series Concentrators - 3005, 3015, 3030, 3060 and 3080
(Hardware Version: 3005, 3015, 3030, 3060 and 3080, Firmware Version: FIPS 3.6.7.F)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #32 and #168); Triple-DES MAC (Certs. #32 and #168, vendor affirmed); AES (Cert. #56); SHA-1 (Cert. #152); HMAC-SHA-1 (DSA/SHA-1 Cert. #38 and SHA-1 Cert. #152, vendor affirmed); DSA/SHA-1 (Certs. #38 and #85); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #100 and #210); DES MAC (Certs. #100 and #210, vendor affirmed); RC4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco VPN 3000 Series Concentrators are hardware appliances that operate as concentrators in Virtual Private Networking (VPN) environments. They combine the best features of a software concentrator, including scalability and easy deployment, with the stability and independence of a hardware platform."
420 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

VPN-1
(Version NG with Application Intelligence)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 05/06/2004;
05/19/2004;
10/12/2005;
11/17/2005;
01/06/2006;
05/02/2008;
05/28/2009
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 2

-Tested: Secure Platform Operating System version NG with Application Intelligence

-FIPS Approved algorithms: AES (Cert. #88); Triple-DES (Certs. #41 and #80); SHA-1 (Certs. #42 and #69); HMAC-SHA-1 (Certs. #42 and #69, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Certs. #110 and #142); CAST 40; CAST 128; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Check Point’s VPN-1 version NG with Application Intelligence is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point’s Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
419 Blue Ridge Networks
14120 Parke Long Court
Chantilly, VA 20151
USA

-Tom Gilbert
TEL: 703-631-0700
FAX: 703-631-9588

CST Lab: NVLAP 200416-0

BorderGuard 4000 and BorderGuard 3140
(BorderGuard 4000 & 3140, Firmware Version: BG4000 DPF1 6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/06/2004 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #116); Triple-DES (Certs. #227 and #228); SHS (Certs. #49 and #203); HMAC-SHS (Cert. #49, vendor affirmed)

-Other algorithms: DES (Certs. #119 and #243); DES MAC (Cert. #119, vendor affirmed); Diffie-Hellman (key agreement); IDEA; MD5; HMAC-MD5; RSA (non-compliant)

Multi-chip standalone

"The BG4000 and BG3140 are network security appliances for the construction of secure Virtual Private Networks between Internet sites, and between Internet sites and individual remote users."
418 ActivCard, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-745-6211
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivCard Applet v2 on Cyberflex Access 64k v1
(Firmware Versions: OS Hard Mask no5 v01 and OS Soft Mask no 4 v01 and 4v2, Applet Versions: ACA Applet v2.3.0.1, v2.3.0.4, and v2.3.0.5, ASC Library v2.3.0.1 and v2.3.0.3 and PKI/GC Applet v2.3.0.1, v2.3.1.1, and v2.3.1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/19/2004;
01/13/2005;
06/06/2005;
08/22/2005;
05/26/2006
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHA-1 (Cert. #108); RSA (PKCS#1, vendor affirmed);

-Other algorithms: DES (Cert. #179, not available for use); DES MAC (Cert. #179, vendor affirmed, not available for use)

Single-chip

"ActivCard Applet v2 provides significant enhancement over the ActivCard v1 Applet in service, security, and flexibility. The v2 framework is backward compatible with earlier versions of ActivCard Applets and offers a more open, stable, and flexible platform for developers to build and deploy smart card applications. ActivCard Applet v2 also complies with GSC-IS 2.1 standard."
417 Encotone Ltd.
Bldg. 5, Har Hotzvim Scientific Park
P.O.B. 45094, Jerusalem 91450
Israel

-Marc Houri
TEL: +972 2586 6570 x4
FAX: +972 2581 6871

-Dr. Isaac Labaton
TEL: +972 25866570 x2
FAX: +972 25816871

CST Lab: NVLAP 100432-0

Tele-ID
(Hardware P/N 567-2.6.6 Version 6.2, Firmware HardMask Version 6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/09/2004 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: SHA-1 (Cert. #141); ECDSA (vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The Tele-ID is a portable, phone and PC compatible signature tool able to digitally sign messages, either locally entered on the module or whose Hash value has been transmitted to the module. The digital signature is encoded to sound and, hence, can be sent through any phone, cellular or fixed, or any PC microphone. The Tele-ID has capabilities to create an ECDSA K-163 key pair and enroll the public key with most of the PKI vendors RA-CA. The Tele-ID includes an autarkic GMT Time Stamp in each digital signature to enable CRL/OCSP on-line checking, after signature execution time-stamp corroboration, and with it, to strongly enhance the legal defense of the relying party."
416 Real Time Logic, Inc.
8591 Prairie Trail Drive
Suite 500
Englewood, CO 80112
USA

-Bela Szabo
TEL: 303-703-3834
FAX: 303-703-4058

CST Lab: NVLAP 100432-0

RTL-TDEA Crypto Module
(Hardware P/N RTL-P200006 Rev A Version 1.0, Firmware Version 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/09/2004 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #222)

-Other algorithms: N/A

Multi-chip embedded

"The RTL-TDEA Crypto Module is a PCI card developed to encrypt and decrypt serial user data using Triple Data Encryption (TDEA) algorithms certified to FIPS-140-2 Level 2 security requirements. The certified TDEA algorithms include TECB, TCBC Encrypt and TCFB-64, TOFB-64, Encrypt and Decrypt. The crypto module is a multi-chip embedded short form PCI card (ISA standard) with all of the control functions and encryption algorithms implemented in firmware and hosted in an FPGA. All control of the module is via an RS-232, 9600 Baud DTE UART interface while the data is passed through dedicated RS-422 input and output ports at a rate of up to 10 Mbps."
415 Gemplus Corp. and ActivCard, Inc.
Avenue du Pic de Bretagne
BP 100, GTmenos Cedex 13881
France

-Luc Astier
TEL: +33 (0) 4 42 36 50 00

-Eric Le Saint
TEL: 510-745-0100 x6211

CST Lab: NVLAP 200427-0

GemXpresso Pro R3 E64 PK - FIPS with ActivCard Applet v2
(Hardware Version: GP92, Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR, Applet Versions: AC Applet Versions 2.3.0.1, 2.3.0.4 and 2.3.0.5, ASC Libraries 2.3.0.1 and 2.3.0.3, and PKI/GC Applet Versions 2.3.0.1, 2.3.1.1 and 2.3.1.2)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/09/2004;
07/27/2004;
08/05/2004;
02/24/2005;
07/28/2005
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #95); SHA-1 (Cert. #82); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert. #95, vendor affirmed)

-Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed)

Single-chip

"GemXpresso Pro R3 E64 PK - FIPS with ActivCard Applet v2 is based on a Gemplus Open OS Smart Card with 64K of EEPROM, and on latformindependent cryptographic applets suite developed by ActivCard. The SmartCard platform has on board Triple DES and RSA algorithms and can provide on board key generation. The Applet incoporates some services for PKI (Public Key Infrastructure), for secure credentials management and authentication mechanisms. In addition, the Applet suite allows the registration and management of post-issuance applets that can be handled under the framework. The module conforms to Java Card V2.1.1, Global Platform V2.0.1, and GSC/IS 2.1 standards."
414 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0

N92i/152 Secure Metering Module (SMM)
(Hardware P/N 3000186T Version A, Firmware Versions 3800157W E24 (Main) and 3800159Y E (Coprocessor))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/05/2004;
10/03/2006
Overall Level: 3 

-Self-Tests: Level 4

-FIPS Approved algorithms: DSA/SHA-1 (Cert. #39)

-Other algorithms: N/A

Multi-chip embedded

"The module provides services to an office and post room based mailing system. The system's features include hand or auto feed mail processing speeds in excess of 5000 envelopes per hour using Ink jet technology, a moistening option, scale interface, internal modem for remote recrediting and memory card for slogan and rate loading, external printer for reports."
413 Good Technology
101 Redwood Shores Parkway
Redwood City, CA 94065
USA

-Sriram Krishnan
TEL: 650-486-6000

CST Lab: NVLAP 200002-0

FIPSCrypto on Palm
(Software Version 20031028)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/05/2004;
04/09/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Palm OS Version 5

-FIPS Approved algorithms: AES (Cert. #108); Triple-DES (Cert. #221); SHA-1 (Cert. #200); HMAC-SHA-1 (Cert. #200, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The FIPSCrypto on Palm is a FIPS 140-2 compliant software-based cryptographic module that implements the TDES, AES, SHA-1 and HMAC-SHA-1 algorithms."
412 Good Technology
101 Redwood Shores Parkway
Redwood City, CA 94065
USA

-Sriram Krishnan
TEL: 650-486-6000

CST Lab: NVLAP 200002-0

FIPSCrypto on G100
(Version 1.9.3.7)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/05/2004;
04/09/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with eCos Version 1.3.1 Operating System

-FIPS Approved algorithms: AES (Cert. #95); Triple-DES (Cert. #209); SHA-1 (Cert. #185); HMAC-SHA-1 (Cert. #185, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The FIPSCrypto on G100 is a FIPS 140-2 compliant software-based cryptographic module that implements the TDES, AES, SHA-1 and HMAC-SHA-1 algorithms."
411 ECI Systems & Engineering
3100 Knight Street
Suite 7
Shreveport, LA 71105
USA

-Mac McGregor
TEL: 318-868-4911

CST Lab: NVLAP 200427-0

ECI IPSec Cryptographic Module
(Software Versions 1.6-FIPS-1, 1.8, 1.9 and 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/05/2004;
11/08/2004;
04/27/2005;
09/07/2005
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Trusted Solaris 8 4/01 running on an Intel Pentium III

-FIPS Approved algorithms: Triple-DES (Cert. #186); SHA-1 (Cert. #168); HMAC-SHA-1 (Cert. #168, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); MD5; HMAC MD5; CAST; RSA (PKCS#1; non-compliant); DSA (non-compliant)

Multi-chip standalone

"A software IPSec implementation for Sun Trusted Solaris. This module supports Triple DES encryption/decryption, SHA-1, and HMAC-SHA-1."
410 Airespace, Inc.
110 Nortech Pkwy
San Jose, CA 95134
USA

-Scott Kelly
TEL: 408-635-2000
FAX: 408-635-2020

CST Lab: NVLAP 100432-0

Airespace Cryptographic Manager (ACM)
(Hardware P/Ns AS-4101- X0S00, AS-4012- (00S00, 0PS00, X0S00, XPS00, T0S00 and TPS00), AS-4024- (00S00, 0PS00, X0S00, XPS00, T0S00 and TPS00), Hardware Versions 1.0 and 2.0, Firmware Version 1.2.77.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/05/2004;
06/16/2004
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #196 and #197); AES (Certs. #85 and #86); SHA-1 (Certs. #174 and #175); HMAC-SHA-1 (Certs. #174 and #175, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Airespace Cryptographic Manager (ACM) provides cryptographic services for the Airespace Wireless Enterprise Platform. Airespace offers a unique hierarchical architecture that centralizes network intelligence for cost effective deployment, dynamic RF operations, secure mobility management, service creation, and policy enforcement throughout an entire wireless network."
409 IBM® Corporation
11400 Burnet Road
Austin, TX 78758
USA

-Tom Benjamin
TEL: 512-838-1211
FAX: 512-838-1032

CST Lab: NVLAP 200427-0

IBM® Java JSSE FIPS 140-2 Cryptographic Module
(Software Version 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/05/2004 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP3 (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 (JVM 1.4.1), Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1), AIX 5.2 (JVM 1.3.1 and 1.4.1), SuSE Linux Enterprise Server 8 (JVM 1.4.1_05), Red Hat Linux Advanced Server 2.1(JVM 1.4.1_05), IBM OS/400 V5R2M0 (JVM 1.4.1), z/OSV1R4 (JVM 1.4.1)

-FIPS Approved algorithms: SHA-1 (Cert. #148); Triple-DES (Cert. #163); AES (Cert. #53); DSA (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #148, vendor affirmed)

-Other algorithms: DES (Cert. #208); MD2; MD5; RC2; RC4; SHA-256; Diffie-Hellman (key agreement)

Multi-chip standalone

"The IBM+ Java+ JSSE (Java Secure Sockets Extension) FIPS provider (IBMJSSEFIPS) for Multi-platforms is a scalable, multi-purpose Secure Sockets provider that supports only FIPS approved TLS cipher suites via the Java2 Application Programming Interfaces (APIs)."
408 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry™ 5810 and BlackBerry™ 5820
(Hardware Version: 1.0, Software Version: 3.6.0.49, S/MIME Support Package Version 1.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/05/2004;
08/24/2005
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Self-Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #200); AES (Cert. #83); DSA (Cert. #93); SHA-1 (Cert. #147); HMAC-SHA-1 (Cert. #147); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #200, vendor affirmed); RSA (PKCS#1 and FIPS 186-2, vendor affirmed)

-Other algorithms: DES (Cert. #228); DES MAC (Cert. #228, vendor affirmed); RC2; RC5; Skipjack; CAST5-128; Rijndael; ARC FOUR; KEA; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement); ECMQV (key agreement); ECNR; ElGamal; SHA-256; SHA-384; SHA-512; HMAC (SHA-256, SHA-384, SHA-512, MD2, MD4, MD5, RIPEMD-128, RIPEMD-160); MAC (AES, CAST5-128, RC2, RC5, Skipjack); MD2; MD4; MD5; RIPEMD-128; RIPEMD-160

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
407 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Software VPN Client
(Software Version 3.6.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/29/2004;
04/07/2004;
05/24/2005;
04/09/2007;
05/28/2010;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000, Windows XP (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #169); AES (Cert. #58); SHA-1 (Cert. #153); HMAC-SHA-1 (Cert. #153, vendor affirmed); RSA (PKCS#1, vendor affirmed); Triple-DES MAC (Cert. #169, vendor affirmed)

-Other algorithms: DES (Cert. #212); DES MAC (Cert. #212, vendor affirmed); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The Cisco Software VPN client for Window OS is an award winning IPsec VPN client which is available free of charge for use across all termination products. It is the most advanced VPN client available and enables secure Remote Access connectivity to employees and partners. The Cisco Software VPN Client is also a key part of the industries best load balancing, fail-over and recovery strategy."
406 IBM® Corporation
Seaumerstrasse 4
Rueschlikon, CH 8803
Switzerland

-Michael Osborne
TEL: +41 1 724 8458
FAX: +41 1 724 8953

CST Lab: NVLAP 200427-0

IBM® SSLite for Java
(Software Version 3.15.3232 and 3.16 (FIPS140/Prod))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/18/2004;
02/24/2005
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 SP 3 (JRE 1.3.1_03), Red Hat Linux 8.0 (JRE 1.3.1_07)

-FIPS Approved algorithms: SHA-1 (Cert. #148); Triple-DES (Cert. #163); AES (Cert. #53); DSA (Cert. #83); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. #148, vendor affirmed)

-Other algorithms: DES (Cert. #208); MD2; MD5; RC2; RC4; SHA-256; Diffie-Hellman (key agreement)

Multi-chip standalone

"SSLite is a SSL (Secure Socket Layer) V2.0, V3.0 and TLS (Transport Layer Security) V1.0 protocol implementation including PKI (Public Key Infrastructure) functionality, in Java."
405 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200427-0

Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS)
(Software Versions 5.2.3790.0 and 5.2.3790.1830 [SP1])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/18/2004;
10/07/2005;
10/25/2005;
10/15/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (x86) [1] and Windows Server 2003 Service Pack 1 (x86, x64, and IA64) [2] (single user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #201[1] and #370[1]); SHS (Certs. #177[1] and #371[2])

-Other algorithms: DES (Cert. #230[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)

Multi-chip standalone

"Microsoft Corporation’s Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-2 Level 1 compliant, general-purpose, software-based, cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-2 Level 1 compliant cryptography."
404 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER

CST Lab: NVLAP 200017-0

nShield F3 PCI[1], nShield F3 PCI Ultrasign[2], nCipher F3 PCI for NetHSM[3], nShield F3 PCI Ultrasign 32[4], payShield PCI[5], payShield Ultra PCI[6], payShield Ultra PCI for NetHSM[7] and nShield Lite[8]
(Hardware Versions: nC4032P-150[1], nC4032P-300[2], nC4032P-300N[3], nC4132P-300[4], nC4233P-150[5], nC4232P-300[6], nC4232P-300N[7] and nC4032P-30[8], Build Standard ER, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Self-Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
403 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI[1], nShield F3 SCSI Ultrasign[2], nShield F3 SCSI Ultrasign 32[3], payShield[4], and payShield Ultra[5]
(Hardware Versions: nC4032W-150[1], nC4032W-400[2], nC4132W-400[3], nC4232W-150[4] and nC4232W-400[5], Build Standard DR, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Self-Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
402 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 800 PCI[1], nCipher 1600 PCI[2], nCipher 1600 PCI for NetHSM[3], nForce 800 PCI[4] and nForce 1600 PCI[5]
(Hardware Versions: nC3033P-800[1], nC3033P-1K6[2], nC3033P-1K6N[3], nC3033P-800[4] and nC3033P-1K6[5], Build Standard C, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement)); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
401 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 800 PCI[1], nCipher 1600 PCI[2], nCipher 1600 PCI for NetHSM[3], nForce 800 PCI[4] and nForce 1600 PCI[5]
(Hardware Versions: nC3033P-800[1], nC3033P-1K6[2], nC3033P-1K6N[3], nC3033P-800[4] and nC3033P-1K6[5], Build Standard C, Firmware Version: 2.12.9-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 3 

-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #109); Triple-DES MAC (Cert. #109, vendor affirmed); AES (Cert. #15); DSA (Cert. #60); SHA-1 (Cert. #95); HMAC-SHA-1 (Cert. #95, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #173); DES MAC (Cert. #173, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement)); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
400 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 PCI[1] and nForce 300 PCI[2]
(Hardware Versions: nC3022P-150[1] and nC3022P-300[2], Build Standard E, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Cryptographic Key Management: Level 3
-Self-Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
399 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 SCSI[1] and nForce 400 SCSI[2]
(Hardware Versions: nC3022W-150[1] and nC3022W-400[2], Build Standard D, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Cryptographic Key Management: Level 3
-Self-Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging"
398 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 PCI[1] and nShield F2 PCI[2] Ultrasign
(Hardware Versions: nC4022P-150[1] and nC4022P-300[2], Build Standard ER, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Cryptographic Key Management: Level 3
-Self-Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
397 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 SCSI[1] and nShield F2 SCSI Ultrasign[2]
(Hardware Versions: nC4022W-150[1] and nC4022W-400[2], Build Standard DR, Firmware Version: 2.12.9-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Cryptographic Key Management: Level 3
-Self-Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD- 160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
396 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 PCI[1], nShield F3 PCI Ultrasign[2], nCipher F3 PCI for NetHSM[3], nShield F3 PCI Ultrasign 32[4], payShield PCI[5], payShield Ultra PCI[6], payShield Ultra PCI for NetHSM[7] and nShield Lite[8]
(Hardware Versions: nC4032P-150[1], nC4032P-300[2], nC4032P-300N[3], nC4132P-300[4], nC4233P-150[5], nC4232P-300[6], nC4232P-300N[7] and nC4032P-30[8], Build Standard ER, Firmware Version: 2.12.9-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 3 

-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
395 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI[1], nShield F3 SCSI Ultrasign[2], nShield SCSI Ultrasign 32[3], payShield SCSI[4], and payShield Ultra[5]
(Hardware Versions: nC4032W-150[1], nC4032w-400[2], nC4132W-400[3], nC4232W-150[4] and nC4232W-400[5], Build Standard DP, Firmware Version: 2.12.9-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2004;
03/09/2006;
03/15/2006
Overall Level: 3 

-Self Tests: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #34); Triple-DES MAC (Cert #34, vendor affirmed); AES (Cert. #15); DSA/SHA-1 (Cert. #11); HMAC-SHA-1 (Cert. #11, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #24); DES MAC (Cert #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; HMAC (MD2, MD5, SHA-256, SHA-384, SHA-512 and RIPEMD-160); SHA-256; SHA-384; SHA-512; RIPEMD-160; MD2; MD5; SEED; El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
394 PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025
USA

-Vinnie Moscaritolo
TEL: 650-319-9000
FAX: 650-319-9001

CST Lab: NVLAP 100432-0

PGP Software Developer’s Kit (PGP SDK)
(Software Version 3.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/18/2004;
05/08/2007;
03/07/2008;
07/28/2008
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP SP1

-FIPS Approved algorithms: Triple-DES (Cert. #207); AES (Cert. #93); DSA (Cert. #96); SHA-1 (Cert. #183); HMAC-SHA-1 (Cert. #183, vendor affirmed); RSA (PKCS #1, vendor affirmed)

-Other algorithms: CAST-5; IDEA; Twofish; SHA-256; SHA-384; SHA-512; MD5; HMAC-MD5; RIPEMD-60; ElGamal; Shamir Treshold Secret Sharing

Multi-chip standalone

"The PGP SDK includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers the same core crypto that is at the heart of PGP products."
393 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Holland
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200416-0

CGX Cryptographic Module
(Software Versions 3.18, 3.18.1 and 3.18.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/10/2004;
10/19/2004;
09/14/2006;
10/03/2006
Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX400 running Windows 2000 Professional, Server and Advanced Server with SP3 and Q326886 Hotfix (EAL 4 augmented configuration)

-FIPS Approved algorithms: Triple-DES (Cert. #11); AES (Cert. #75); DSA (Cert. #30); SHA-1 (Cert. #30); HMAC-SHA-1 (Cert. #30, vendor affirmed)

-Other algorithms: DES (Cert. #72); RC5; RSA; Diffie-Hellman (key agreement); MD2; MD5; RIPEMD-128; RIPEMD-160

Multi-chip standalone

"Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel™ VPN acceleration chips, cards, and EmbeddedIP™ intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms. Containing over forty cryptographic commands, the CGX library can provide a total security solution in either software or hardware."
392 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Holland
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200416-0

CGX Cryptographic Module
(Software Version 3.18)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/10/2004;
10/19/2004
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with MS Windows 9x, 2000 NT 4.0, XP (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #11); AES (Cert. #75); DSA (Cert. #30); SHA-1 (Cert. #30); HMAC-SHA-1 (Cert. #30, vendor affirmed)

-Other algorithms: DES (Cert. #72); RC5; RSA; Diffie-Hellman (key agreement); MD2; MD5; RIPMD-128; RIPMD-160

Multi-chip standalone

"Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel™ VPN acceleration chips, cards, and EmbeddedIP™ intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms. Containing over forty cryptographic commands, the CGX library can provide a total security solution in either software or hardware."
391 F-Secure Corporation
Tammasaarenkatu 7
PL 24, Helsinki 00181
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure® Cryptographic Library™ for Windows
(Software Version 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/10/2004 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows 2000 with Service Pack 3 and Q326886 Hotfix EAL 4 certified on Dell Optiplex GX 400 Personal Computer System

-FIPS Approved algorithms: Triple-DES (Cert. #202); AES (Cert. #89); SHA-1 (Cert. #178); HMAC-SHA-1 (Cert. #178, vendor affirmed); DSA (Cert. #94); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #231); DES (CTR); Blowfish; CAST-128; MD5; SHA-256; HMAC-MD5; HMAC-SHA-256; Diffie-Hellman (key agreement); Passphrase-Based Key Derivation (PBKDF2 as specified in PKCS#5)

Multi-chip standalone

"The F-Secure Cryptographic Library for Windows (the Module) is a software module, implemented as a 32-bit Windows 'NT/2000/XP/98/ME' compatible DLL (FSCLM.DLL). The Module provides an assortment of cryptographic services to any client process that attaches an instance of the Module DLL. The Module is designed and implemented to meet the level 2 requirements of FIPS publication 140-2 when running on appropriate hardware under Windows 2000 with service pack 3 and Q326886 Hotfix operating system."
390 General Dynamics Decision Systems
8201 East McDowell Road
Scottsdale, AZ 85252
USA

-Dick Moat
TEL: 480-441-6863
FAX: 480-441-8500

CST Lab: NVLAP 100432-0

Assembly Crypto Module (ACM) and Flight Crypto Module (FCM)
(ACM: HW P/N 01- P35200T004 Version E001, FW Revisions C and D, FCM: HW P/N 01-P35390T003 Version 001, FW Revisions C and D)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/08/2004;
11/03/2004
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #184)

-Other algorithms: N/A

Multi-chip standalone

"The ACM and FCM are multi-chip standalone cryptographic modules designed to meet the Level 2 security requirements as defined in FIPS PUB 140-2. ACM and FCM perform the Triple-DES algorithm."
389 Network Security Technology (NST) Co.
11 F, No 190, Jung-Jeng Rd.
Shindian City, Taipei County, Taiwan 231
Republic of China

-Ming-Chih Tsai
TEL: +886-2-8911-1099
FAX: +886-2-8911-1098

CST Lab: NVLAP 200002-0

NST Security CryptoCard 2200(CC2200)
(Hardware Version 1.0, Firmware Version 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 03/05/2004;
04/09/2004;
10/01/2004
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #52); SHA-1 (Cert. #48); RSA (FIPS 186-2, vendor affirmed); Triple-DES DAC (Cert. #52, vendor affirmed)

-Other algorithms: DES (Cert. #117); DES DAC (Cert. #117, vendor affirmed); Diffie-Hellman (key agreement)

Multi-chip embedded

"NST CC2200, a security cryptographic card with PCI bus interface, is a “multi-chip embedded cryptographic module” that provides hardware cryptographic services to users, groups or processes. The NST Security CryptoCard provides hardware cryptographic services such as acceleration for bulk data encryption / decryption, digital signature generation / verification, secure key storage and key management functions to its users."
388 Cisco Systems, Inc.
7025 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco VPN 3002 and 3002-8E Hardware Clients
(Hardware Versions: 3002 and 3002-8E, Firmware Version: FIPS 3.6.7.F)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/23/2004;
02/27/2004;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #168); Triple-DES MAC (Cert. #168, vendor affirmed); AES (Cert. #56); SHA-1 (Cert. #152); HMAC-SHA-1 (Cert. #152, vendor affirmed); DSA (Cert. #85); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #210); DES MAC (Cert. #210, vendor affirmed); RC4; MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Cisco VPN 3002 Hardware Client is a small hardware appliance that operates as a client in Virtual Private Networking (VPN) environments. It combines the best features of a software client, including scalability and easy deployment, with the stability and independence of a hardware platform."
387 Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Javier Lorenzo
TEL: 858-625-5020

-Irfan Khan
TEL: 510-936-4840

CST Lab: NVLAP 200427-0

Sun Cryptographic Accelerator 4000
(Hardware Versions: 501-6040-02 and 501-6040-03 (Fiber) and 501-6039-05 and 501-6039-06 (UTP/Copper), Firmware Version: 1.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/23/2004;
04/05/2004;
04/27/2004
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #190); AES (Cert. #79); SHA-1 (Certs. #171 and #172); HMAC-SHA-1 (Certs. #171 and #172, vendor affirmed); DSA (Cert. #92) and RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #225); MD5; HMAC-MD5

Multi-chip embedded

"The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software. The SCA 4000 meets or exceeds all FIPS 140-2 Level 3 requirements."
386 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress™ Wireless Security Gateway Cryptographic Module
(Firmware version 2.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 02/19/2004;
04/29/2004;
03/26/2010;
05/17/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Tested: Fortress interface and Shell (FISH) Version 2.4

-FIPS Approved algorithms: AES (Cert. #14); Triple-DES (Cert. #19); SHA-1 (Cert. #34); HMAC-SHA-1 (Cert. #34, vendor affirmed)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement)

Multi-chip standalone

"The AirFortress™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
385 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Holland
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200416-0

SafeNet HighAssurance 500/1000 Gateway Cryptographic Module
(Firmware Versions 5.01 and 7.0.1, Hardware Versions SE-HA500-01 and SE-HA1000-01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/19/2004;
10/19/2004;
06/06/2005
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #96); Triple-DES (Cert. #210); SHA-1 (Cert. #187); HMAC-SHA-1 (Cert. #187, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #233); HMAC-MD5, Diffie-Hellman (key agreement); DSA (non-compliant)

Multi-chip standalone

"The SafeNet HA500/1000 Gateway is a high-performance, standards-based hardware Virtual Private Network (VPN) and firewall. Providing a high speed, low cost solution, it features the strongest cryptography available and complete manageability. SafeNet custom designed a state-of-the-art Application Specific Integrated Circuits (ASIC) for the HA500/1000 that allows encryption using either AES, DES, or triple-DES as nIeeded by client applications."
384 IBM® Corporation
IBM/Tivoli
PO Box 3499
Australia Fair
Southport, Queensland 4215
Australia

-Mike Thomas
TEL: +61 7 5552 4030
FAX: +61 7 5571 0420

-Peter Waltenberg
TEL: +61 7 5552 4016
FAX: +61 7 5571 0420

CST Lab: NVLAP 200427-0

IBM® Crypto for C (ICC)
(Software Versions: 1.1, 1.2, 1.2.1 and 1.2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/17/2004;
04/27/2004;
12/02/2004
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Solaris 5.8, AIX 5.2, Windows 2000 Professional and Advanced Server, SUSE Linux Enterprise Server 8 (x86 and PowerPC), RedHat Linux Advanced Server 2.1 (x86), z/Linux 2.4, and HPUX 11i (all in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #174); AES (Cert. #65); SHA-1 (Cert. #159); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #216); HMAC-SHA-1 (Cert #159, vendor affirmed; non-compliant); RC2; RC2-40; RC2-60; RC4; Blowfish; CAST; MD2; MD4; MD5; RIPEMD; HMAC-MD5; DSA (non-compliant); Diffie-Hellman (key agreement)

Multi-chip standalone

"The ICC is a C language implementation of cryptographic functions which uses the cryptographic library provided by the OpenSSL project. This enables IBM products to use an open source solution for cryptography and a FIPS 140-2 certified cryptographic provider."
383 Axalto Inc.
8311 North FM 620 Road
Austin, TX 78726
USA

-David Teo
TEL: 512-257-3895
FAX: 512-257-3881

CST Lab: NVLAP 100432-0

Cyberflex Access 64K v2 Cryptographic Module
(Hardware P/N M512LACC2, Firmware Versions: a: HardMask 1v1 and SoftMask 2v1, b: HardMask 1v1 and SoftMask 2v3, c: HardMask 1v2 and SoftMask 1v1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/17/2004;
07/27/2004;
09/21/2004;
05/25/2006
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #193); Triple-DES MAC (Cert. #193, vendor affirmed); AES (Cert. #81); SHA-1 (Cert. #173); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #227); DES MAC (Cert. #227, vendor affirmed);

Single-chip

"The Cyberflex Access 64K v2 Cryptographic Module serves as a highly portable PKI and digital signature secure token for enhancing the security of network access and ensuring secure electronic communications. It supports on-card Triple DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1’. The Cyberflex Access 64K v2 Cryptographic Module is part of a range of Schlumberger highly secure, Java-based cryptographic modules for physical and logical access, e-transactions and other applications."
382 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200427-0

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH)
(Software Versions 5.2.3790.0 and 5.2.3790.1830 [Service Pack 1])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/17/2004;
10/07/2005;
10/25/2005;
10/15/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003[1] and Windows Server 2003 Service Pack 1[2] (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #192[1] and #365[2]); AES (Cert. #80[1] and #290[2]); SHS(Cert. #176[1] and #364[2]); HMAC (Cert. #176, vendor affirmed[1] and #99[2]); RSA (PKCS#1, vendor affirmed[1] and #81[2])

-Other algorithms: DES (Cert. #226[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5

Multi-chip standalone

"The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHA-1, DES, 3DES, AES, RSA, SHA-1-based HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
381 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984

CST Lab: NVLAP 200427-0

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Versions 5.2.3790.0 and 5.2.3790.1830 [Service Pack 1])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/17/2004;
10/25/2005;
10/15/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (x86) [1] and Windows Server 2003 Service Pack 1 (x86, x64 and IA64) [2] (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #199[1] and #381[2]); SHA-1 (Certs. #181[1] and #385[2]); DSA (Certs. #95[1] and #146[2]); RSA (Cert. #81)

-Other algorithms: DES (Cert. #229[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40

Multi-chip standalone

"The Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) is a FIPS 140-2 compliant, softwarebased, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, DES, 3DES, DSA and Diffie- Hellman) in a cryptographic module accessible via the Microsoft CryptoAPI (CAPI)."
380 ActivCard, Inc., Atmel, Inc. and MartSoft, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-745-6211
FAX: 510-574-0101

-Paul Chen
TEL: 408-737-3380 x1202

CST Lab: NVLAP 100432-0

Eagle 64K Flash Module v1
(Hardware AT90SC6464C-Pro, Firmware OS v09FA, ID applet v1.0.0.14, PKI applet v1.0.0.14, GC applet v1.0.0.20)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/17/2004;
05/26/2006
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #182); Triple-DES MAC (Cert. #182, vendor affirmed); SHA-1 (Cert. #166); RSA (PKCS#1, vendor affirmed)

-Other algorithms: N/A

Single-chip

"Eagle 64K Flash Module v1 is based on Atmel Secure IC, MartSoft Global Platform Java Card OS and ActivCard Applet Suite. When the module is placed in a plastic smart card housing, it is ideal for secure identification, digital signature, storing and updating account information, personal data, and even monetary value, with increased security, portability and convenience to computer applications. The external interface provided by the applet suite is compliant with the smart card interoperability specification GSC-IS defined by GSA."
379 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis

-Simon McCormack
TEL: 978-288-8592

CST Lab: NVLAP 200427-0

Contivity® 600, 1700 and 2700 Secure IP Services Gateways
(Firmware Version V04_75.183, Hardware Version 600, 1700 and 2700)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/17/2004;
09/21/2005
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #183 and #29); AES (Cert. #50); SHA-1 (Certs. #31 and #51); HMAC-SHA-1 (Certs. #31 and #51, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #48 and #101); DES MAC (Certs. #48 and #101, vendor affirmed); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD5; HMAC MD5

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant Contivity 600, 1700 and 2700 Secure IP Services Gateways are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The Contivity 600, 1700 and 2700 provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
378 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Adam Bell
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200416-0

HighAssurance 2000 Gateway
(Firmware Versions 6.00, 6.10, 6.20 and 6.21, Hardware SE-HA2000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/12/2004;
02/20/2004;
03/17/2004;
10/19/2004;
06/06/2005
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #36); DSA/SHA-1 (Cert. #5); HMAC-SHA-1 (Cert. #5, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #104); DES-MAC; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The SafeNet HA2000 is a high-performance, standards-based hardware Virtual Private Network (VPN). Providing a high speed, low cost solution, it features strong security and complete manageability. SafeNet custom designed a state-of-the-art Application Specific Integrated Circuits (ASIC) for the HA2000 that allow high speed encryption with Data Encryption Standard (DES) and triple-DES. DES is included for legacy systems."
377 ReefEdge, Inc.
2 Executive Dr.
Fort Lee, NJ 07024
USA

-Silvia Ercolani
TEL: 201-242-9700
FAX: 201-242-9760

CST Lab: NVLAP 200556-0

Edge Controller 200
(Software Version 3.1.3a, Hardware Version 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/30/2004 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #171, #172 and #173); SHA-1 (Certs. #155, #156 and #157); HMAC-SHA- 1 (Certs. #155, #156 and #157, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: RC4; MD5; HMAC-MD5

Multi-chip standalone

"The ReefEdge family of Edge Controllers provides perimeter security and high-speed subnet roaming to the ReefEdge Connect System, connecting an enterprise's access points to its wired LAN. Edge Controllers enforce access control rules, implement bandwidth management, and perform encryption, enabling users to roam freely - among offices, between floors, across campuses - without losing their secure connection."
376 IBM® Corporation
11400 Burnet Road
Austin, TX 78758
USA

-Tom Benjamin
TEL: 512-436-1223

-512-436-8009

CST Lab: NVLAP 200427-0

IBM Java JCE 140-2 Cryptographic Module
(Software Version 1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/30/2004;
04/05/2004
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP3 (JVM 1.3.1_03 and JVM 1.4.1_04), Windows 2000 Advanced Server SP4 (JVM 1.4.1), Sun Solaris 5.8 (JVM 1.3.1 and 1.4.1), AIX 5.2 (JVM 1.3.1 and 1.4.1), SuSE Linux Enterprise Server 8 (JVM 1.4.1_05), RedHat Linux Advanced Server 2.1 (JVM 1.4.1_05), IBM OS/400 V5R2M0 (JVM 1.4.1), z/OS V1R4 (JVM 1.4.1) (all in single user mode)

-FIPS Approved algorithms: AES (Cert. #78); Triple-DES (Cert. #189); DSA (Cert. #91); SHA-1 (Cert. #170); HMAC-SHA-1 (Cert. #170, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #224); Diffie-Hellman (key agreement)

Multi-chip standalone

"The IBM« Java« JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multi-purpose cryptographic module that supports only FIPS approved cryptographic operations via the Java2 Application Programming Interfaces (APIs)."
375 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Randy Kun
TEL: 613-723-5076
FAX: 613-723-5078

CST Lab: NVLAP 200017-0

Chrysalis-ITS K3 Cryptographic Engine
(Hardware Versions: 2.0, 3.0 and 4.0, Firmware Version 4.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/30/2004;
10/18/2004;
12/22/2005
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #41); Triple-DES (Cert. #73); DSA (Cert. #51); SHA- 1 (Cert. #64); RSA (FIPS 186-2, vendor affirmed); Triple-DES MAC (Cert. #73, vendor affirmed); HMAC-SHA-1 (Cert. #64, vendor affirmed)

-Other algorithms: DES (Cert. #32); DES MAC (Cert. #32, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; MD2; MD5; Diffie-Hellman 1024; CAST MAC; CAST3 MAC; CAST5 MAC; SEED; SSL3-MD5 MAC; SSL3-SHA-1 MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; AES MAC; RC2 MAC; RC5-MAC

Multi-chip embedded

"The K3 Chrysalis-ITS Cryptgraphic Engine is a hardware cryptographic module in the form of a PCI card that resides within a secured generalpurpose computing appliance. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
374 E.F. Johnson Co.
123 N. State St.
Waseca, MN 56093
USA

-John Oblak
TEL: 507-837-5116
FAX: 507-837-5120

CST Lab: NVLAP 100432-0

Subscriber Encryption Module (SEM)
(Hardware P/N-Versions 023-5000-980 and 023-5000-982, Firmware Version 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/23/2004;
05/05/2005
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #73); DSA (Cert. #89); SHA-1 (Cert. #165); HMAC-SHA-1 (Cert. #165, vendor affirmed)

-Other algorithms: DES (Cert. #221); SecureNet DES 1 bit with differential encoding and decoding

Multi-chip embedded

"The E.F. Johnson Co. Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirement. The SEM provides Subscriber Equipment, such as the E.F. Johnson Co. 5100 series radio with secure and encrypted voice communication. The SEM supports AES, DES, DSA, and SHA-1 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security."
373 CipherOptics Inc.
701 Corporate Center Drive
Raleigh, NC 27607
USA

-Dennis Toothman - CipherOptics Inc.
TEL: 919-865-0661
FAX: 919-865-0679

-George L. Heron - SafeNet, Inc.
TEL: 410-933-5883
FAX: 410-931-7524

CST Lab: NVLAP 200017-0

CipherOptics Security Gateway
SafeNet HighAssurance 4000 Gateway

(Hardware Version: SG1000, Firmware Versions: 1.2.1 and 1.3 and Hardware Version: SG1001, Firmware Version: 1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/15/2004;
02/27/2004
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #155); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #201); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The CipherOptics Security Gateway and the SafeNet High Assurance 4000 Gateway (aka the SafeNet HA 4000), which is the OEM version of the CipherOptics Security Gateway; is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Security Gateway has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."


Need Assistance?