CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
All

Last Updated: 5/10/2017

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Validation
Date
Sunset
Date
Level / Description
458Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
SonicWALL TZ 170
(Hardware Version: P/N 101-5000072-00 rev A; Firmware Versions: SonicOS Enhanced Versions 2.0, v2.5 and v3.1)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware09/08/2004
02/24/2005
05/17/2006
04/25/2007
04/21/2015
4/20/2020Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #121 and #140); Triple-DES (Certs. #231 and #248); SHA-1 (Cert. #208); HMAC-SHA-1 (Cert. #208, vendor affirmed); DSA (Cert. #98); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Certs. #245 and #251); RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Dell SonicWALL TZ 170 is an internet security appliance with a WAN interface, a flexible Optional interface, and a LAN interface incorporating a 5-port Fast-Ethernet switch. The SonicWALL TZ 170 provides stateful packet inspection firewall services, accelerated IPSec VPN, bandwidth management, and can be upgraded to offer ISP failover and traffic loadbalancing. The SonicWALL TZ 170 also serves as a platform for extensible security services such as Content Filtering Services (CFS), Network Anti - Virus, and E-mail filtering."
455Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
SonicWALL PRO 3060/4060
(Hardware Versions: 3060 101-500078-00 rev. A and 4060 101-500067-00 rev. A; Firmware Versions: SonicOS Enhanced Versions v2.0, v2.5 and v3.1)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware08/11/2004
02/24/2005
05/17/2006
05/31/2006
04/25/2007
04/21/2015
4/20/2020Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #105 and #121); Triple-DES (Certs. #217 and #231); SHA-1 (Cert. #208); HMAC-SHA-1 (Cert. #208, vendor affirmed); DSA (Cert. #98); RSA (vendor affirmed)

-Other algorithms: DES (Cert. #245); RC4; MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Dell SonicWALL PRO 4060 and PRO 3060 are internet security appliances offering stateful packet inspection firewall services, accelerated IPSec VPN, bandwidth management, and dual-WAN port support with ISP failover and load-balancing capabilities, all via six configurable 10/100 Ethernet interfaces."
434Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

Entrust Sales

CST Lab: NVLAP 200017-0
Entrust TruePass™ Applet Cryptographic Module
(Software Version: 7.0)
(When operated in FIPS mode with FIPS validated browser services operating in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software05/27/2004
05/28/2014
5/27/2019Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Windows 2000 SP3 running Microsoft VM for Java 5.0.0.3810 or Sun plug-in version 1.4.1, and Netscape Navigator 7.0 (Certs. #7, #45 and #47) or Microsoft Internet Explorer 6.0 SP1 (Certs. #103 and #106) (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #69); SHA-1 (Cert. #60); RSA (PKCS#1, vendor affirmed)

-Other algorithms: CAST 128

Multi-chip standalone

"The module performs low level cryptographic operations - encryption, decryption and hashes - implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
424Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0
AirFortress® Client Cryptographic Module
(Software Version: 2.4)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software05/06/2004
02/07/2006
12/20/2006
03/26/2010
05/17/2013
5/16/2018Overall Level: 1

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): Tested as meeting Level 1 with Windows XP Pro SP1, Windows 2000 SP2, Windows NT 4.0 SP2, Windows 98 2nd ed., Windows CE 3.0, PalmOS 4.1, MS DOS 6.20 and Windows CE v4.0 (single user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #19 and #457); SHS (Certs. #34 and #498); AES (Certs. #14 and #427); HMAC-SHA-1 (Cert. #34, vendor affirmed)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement)

Multi-chip standalone

"The AirFortress™ Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
386Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0
AirFortress™ Wireless Security Gateway Cryptographic Module
(Firmware Version: 2.4)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Firmware02/19/2004
04/29/2004
03/26/2010
05/17/2013
5/16/2018Overall Level: 1

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested: Fortress interface and Shell (FISH) Version 2.4

-FIPS Approved algorithms: AES (Cert. #14); Triple-DES (Cert. #19); SHA-1 (Cert. #34); HMAC-SHA-1 (Cert. #34, vendor affirmed)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement)

Multi-chip standalone

"The AirFortress™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."