CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 4/2/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
613 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2851 Integrated Services Router
(Hardware Version: 2851, AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/23/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #219 and #96); Triple-DES (Certs. #311 and #210); SHS (Certs. #300 and #317); HMAC (Certs. #84 and #50); RNG (Cert. #97)

-Other algorithms: DES (Certs. #292 and #233); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; HMAC MD5; RSA (non-compliant); RC4

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
612 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2811 and Cisco 2821 Integrated Services Router
(Hardware Versions: 1841 and 2801; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/23/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #219 and #181); Triple-DES (Certs. #311 and #283); SHS (Certs. #300 and #267); HMAC (Certs. #29 and #27); RNG (Cert. #31)

-Other algorithms: DES (Certs. #292 and #275); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; HMAC-MD5; RSA (non-compliant); RC4

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
611 Litronic, Inc.
17861 Cartwright
Irvine, CA 92614
USA

-Cameron Durham
TEL: 949-851-1085
FAX: 949-851-8588

CST Lab: NVLAP 100432-0

jForté/HAT Cryptographic Module
(Hardware Version: P/N 078-2010-02 Version J002; Firmware Version: 3.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/23/2005 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #306); Triple-DES MAC (Cert. #306, vendor affirmed); SHS (Cert. #294); RSA (Cert. #46); RNG (Cert. #59); Skipjack (Cert. #15)

-Other algorithms: DES (Cert. #289); DES MAC (Cert. #289, vendor affirmed)

Single-chip

"The high assurance jForté/HAT module is a multi-function, secure device, specifically engineered to provide expanded storage and accelerated processing of complex cryptographic functions. jForté/HAT also provides high data throughput via its dual I/O interface, supporting both ISO7816-3 and Full Speed USB. The module is available in several different packaging configurations - smart card module, 24-pin SOIC or bare die. Our patented smart card packaging provides access to both 7816-3 and USB interfaces so the same smart card will work in both standard readers, at 7816 speeds, and in high-speed USB readers and Full Speed USB."
610 Avaya, Inc.
Atidim Technology Park
Tel Aviv, 61131
Israel

-Pesah Spector
TEL: 972-3-6459162
FAX: 972-3-6458462

CST Lab: NVLAP 100432-0

G250 and G250-BRI Branch Office Media Gateways w/FIPS
(Hardware Versions: 700356231 and 700356223 Version 1.0; Firmware Version: 24.16.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/23/2005 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #330); AES (Cert. #242); SHS (Cert. #320); HMAC (Cert. #60); RSA (Cert. #60); RNG (Cert. #77)

-Other algorithms: DES (Cert. #308); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; H.248 Link Encryption; Avaya Media Encryption; SSHv2

Multi-chip standalone

"The Avaya G250 Branch Office Media Gateway w/FIPS and G250-BRI Branch Media Gateway w/FIPS are complete branch office business communications systems that integrate an IP telephony gateway, an advanced IP WAN router, and a PoE LAN switch into a compact (2U) chassis. Ideally suited for enterprise with distributed branch office locations of 2-10 extensions, the G250 and G250-BRI Gateways replace the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
609 Snapshield, Ltd.
1 Research Court
Suite 450
Rockville, MD 20850
USA

-Uri Naor
TEL: 301-216-3805
FAX: 301-519-8001

-Rolando Rosas - Snap Defense Systems, LLC
TEL: 703-766-6540
FAX: 703-766-6501

CST Lab: NVLAP 100432-0

SNAPfone
(Hardware Versions: P/N Snapfone Versions E and F; Firmware Versions: 7.10.1 v_7101 and 7.10.1 v_7101p2p)

Snapfone
(Hardware Versions: P/N Snapfone Versions E and F, Firmware Versions: 7.10.1v 7101 and 7.10.1v-l101p2p)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/23/2005;
01/13/2006;
01/27/2006
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #302); SHS (Cert. #289); RNG (Cert. #53)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"SNAPfone is a compact encryption termination unit capable of securing voice communications over analog telephone lines. SNAPfone performs high level encryption process with a new key draw for each session using Asymmetric Public Key Cryptography (1024 bit Diffie-Hellman) for key exchanging and Symmetric block cipher (192-bit 3DES) algorithm for session encryption. SNAPfone requires minimum user intervention with seamless operation."

"The Snapfone is a plug-n-play encryption device for securing communications over regular analog (POTS) or fax lines. Snapfone is designed for compatibility among major telephone and PBX brands. It can also be deployed as a shared resource device when connected to a PBX. Its small footprint and 1101220v connectivity allows for easy transport and maximum flexibility. The cryptographic core engines are optimized for minimal voice latency providing superior voice quality. Snapfones can also be configured as a distributed secure voice network solution among groups and between multiple locations."

608 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition (ME)
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/13/2005;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Linux 7.2; Red Hat Enterprise Linux AS3.0; Solaris 8 (Sun OS 5.8) Sparc V8; Solaris 8 (Sun OS 5.8) Sparc V8+; Solaris 8 (Sun OS 5.8) Sparc V9; Microsoft Windows Mobile 2003; Microsoft Windows XP SP2; IBM AIX 5L 5.3; HP-UX 11.23 Itanium 2; HP-UX 11.23 PA-RISC 2.0W; HP-UX 11.11 PA-RISC 2.0; VxWorks 5.4 PPC 604; VxWorks 5.5 PPC 603; VxWorks 5.5 PPC 604

-FIPS Approved algorithms: DSA (Cert. #143); Triple-DES (Cert. #378); AES (Cert. #303); CCM (Cert. #7); SHS (Cert. #380); RSA (Cert. #96); RNG (Cert. #130); ECDSA (Cert. #11); HMAC (Cert. #113)

-Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECDRBG (non-compliant); RSA (key wrapping, key establishment methodology provides at least 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement, key establishment methodology provides at least 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides between 112 bits and 285 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
607 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-204 and 208
(Hardware Version: P/N NS-204 and NS-208 Version 0110; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/12/2005;
01/26/2006;
05/16/2006;
06/14/2006;
06/20/2006;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #11); Triple-DES (Cert. 118); DSA (Cert. #132); SHS (Cert. 103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Juniper Networks NetScreen-204 and 208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
606 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-5XT
(Hardware Version: P/N NS-5XT Version 1010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/12/2005;
01/26/2006;
05/16/2006;
06/14/2006;
06/20/2006;
12/11/2013
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Juniper Networks NetScreen-5XT is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10 Base-T Ethernet ports (trust and untrusted), the Juniper Networks NetScreen-5XT performs at near wirespeed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
605 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-5400
(Hardware Version: P/N NS-5400 Version 3010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/12/2005;
01/26/2006;
05/16/2006;
06/14/2006;
06/20/2006;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); DSA (Cert. #132); RNG (Cert. #33)

-Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Juniper Networks NetScreen-5400 is a purpose-built, high-performance security system designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5400 security system integrates firewall, DoS, DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
604 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-500
(Hardware Version: P/N NS-500 Version 4110; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/12/2005;
01/26/2006;
05/16/2006;
06/14/2006;
06/20/2006;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #244); Triple-DES (Cert. #50); DSA (Cert. #134); SHS (Cert. #47); RSA (Cert. #23); HMAC (Cert. #54); RNG (Cert. #32)

-Other algorithms: DES (Cert. #115); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80-bits of encryption strength; non-compliant)

Multi-chip standalone

"The Juniper Networks NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
603 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-5200
(Hardware Version: P/N NS-5200 Version 3010; Firmware Versions: ScreenOS 5.0.0r9a.h and 5.0.0r9b.h)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/12/2005;
01/26/2006;
05/16/2006;
06/14/2006;
06/20/2006;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Juniper Networks NetScreen-5200 is a purpose-built, high-performance security system designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5200 security system integrates firewall, DoS and DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
602 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Simon Gerraty
TEL: 408-745-2348
FAX: 408-745-8905

CST Lab: NVLAP 100432-0

JUNOS-FIPS
(Firmware Versions: 7.2R1.7 and 7.4R1.7)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 12/12/2005;
05/16/2006
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Routing Engine RE 3.0, Routing Engine RE 4.0, Routing Engine 5.0, Routing Engine RE 5.0+

-FIPS Approved algorithms: AES (Certs. #259 and #260); HMAC (Certs. #70, #71, #72, #73 and #79); DSA (Cert. #137); RNG (Cert. #93); RSA (Cert. #69); SHS (Certs. #336, #337, #338, #339 and #340); Triple-DES (Certs. #341, #342, #343 and #344)

-Other algorithms: DES (Certs. #316, #317, #318 and #319); MD5; Diffie-Hellmann (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"JUNOS firmware is the first routing operating system designed specifically for the Internet. It runs on all Juniper Networks T-series, M-series, and Jseries routers, and is currently deployed in the largest and fastest growing networks worldwide. Its full suite of industrial strength routing protocols, flexible policy language, and leading MPLS implementation efficiently scale to large numbers of network interfaces and routes. As well, JUNOS firmware supports the industry's first production-ready GMPLS implementation."
601 Avaya, Inc.
Atidim Technology Park
Bldg. 3
Tel Aviv, 61131
Israel

-Pesah Spector
TEL: 972-3-6459162
FAX: 972-3-6458462

CST Lab: NVLAP 100432-0

G350 Branch Office Media Gateway w/FIPS
(Hardware Version: P/N 700356249 Version 1.0; Firmware Version: 24.16.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/08/2005 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #273); AES (Certs. #171 and #251); SHS (Cert. #256); HMAC (Cert. #61); RSA (Cert. #17); RNG (Cert. #21)

-Other algorithms: DES (Cert. #269); Diffie-Hellman (key agreement; key establishment methodology provides at least 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; H.248 Link Encryption; Avaya Media Encryption; SSHv2; DSA (non-compliant)

Multi-chip standalone

"The Avaya G350 Branch Office Media Gateway w/FIPS is a complete branch office business communications system that integrates an IP telephony gateway, an advanced IP WAN router, and a high-performance LAN switch into a compact (3U) modular chassis. Ideally suited for enterprise with distributed branch office locations of 8-40 extensions, the G350 replaces the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
600 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-924-3500
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: DS1955B PB4 4.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/08/2005 Overall Level: 3 

-Physical Security: Level 3 +EFT

-FIPS Approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185; vendor affirmed); RNG (Cert. #86)

-Other algorithms: RSA (encrypt/decrypt); HMAC (non-compliant)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
599 Blue Ridge Networks
14120 Parke Long Court
Suite 101
Chantilly, VA 20151
USA

-Nancy Canty
TEL: 703-633-7331
FAX: 703-631-9588

CST Lab: NVLAP 200416-0

BorderGuard 5000
(Hardware Versions: BorderGuard 5100, 5200, 5400, 5500 and 5600; Firmware Version: DPF1 V7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/08/2005 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #173 and #116); Triple-DES (Certs. #275 and #57); SHS (Certs. #258 and #49); HMAC (Certs. #21 and #22)

-Other algorithms: DES (Certs. #271 and #119); DES MAC (Cert. #119; vendor affirmed); IDEA; HMAC-MD5; MD5; RSA (non-compliant); RSA BSAFE Crypto-C RNG; HiFn 7855 RNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength for Models 5100, 5200 and 5400; and between 112 and 150 bits of encryption strength for Models 5500 and 5600; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"The BorderGuard hardware models 5100, 5200, 5400, 5500 and 5600 version DPF1 7.1 firmware are standalone hardware security appliances (routers) used to secure Internet traffic. The cryptographic module consists of firmware running on a dedicated hardware device. The module is a multi-chip-standalone device."
598 Mobile Armor, LLC
400 South Woods Mill Rd.
Chesterfield, MO 63017
USA

-Bryan Glancey
TEL: 636-449-0239
FAX: 314-205-2303

-Chand Vyas
TEL: 636-449-0239
FAX: 314-205-2303

CST Lab: NVLAP 200427-0

Mobile Armor Warp Drive
(Software Version: 2.1.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/01/2005 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #349); AES (Cert. #267); SHS (Cert. #346); HMAC (Cert. #81)

-Other algorithms: N/A

Multi-chip standalone

"Mobile Armor's highly optimized Microsoft Windows Certified Driver for Windows XP provides reliable high speed strong cryptographic services for systems running Mobile Armor's DataArmor Enterprise Mobile Data Protection software."
597 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151
USA

-Christophe Goyet
TEL: 310-884-7900
FAX: 310-884-7904

CST Lab: NVLAP 100432-0

ID-One Cosmo 32 v5
(Hardware Version: P/N 90; Firmware Version: E311-063842)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/01/2005 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #303); Triple-DES MAC (Cert. #303, vendor affirmed); SHS (Cert. #290); RSA (Cert. #42); RNG (Cert. #99)

-Other algorithms: DES (Cert. #286); DES MAC (Cert. #286, vendor affirmed); MD5

Single-chip

"The ID-One Cosmo 32 v5 is a JavaCard cryptographic module specifically designed for identity and government market needs. It offers a full 32K Byte of EEPROM space available for customer discretionary use, together with on-card cryptographic services such as TDES (using double and triple length DES keys), and 2048-bit RSA with on-card key generation. The cryptographic module loads and runs applets written in Java programming language. It includes a native implementation of the latest Java Card TM (Version 2.2) and Open Platform (Version 2.1.1A) specifications, with full support for Delegated Management and DAP / Mandated DAP, that define a secure infrastructure for post-issuance programmable platforms. Additional features include On-Card fingerprint matching and Logical Channels."
596 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3825 and Cisco 3845 Integrated Services Router
(Hardware Versions: 3825 and 3845; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/01/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs.#210 and #311); AES (Certs. #96 and #219); RNG (Cert. #97); SHS (Certs. #300 and #317); HMAC (Certs. #50 and #84)

-Other algorithms: DES (Certs. #233 and #292); Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 96 bits of encryption strength; non-compliant); MD5; HMAC-MD5; RC4; RSA (non-compliant)

Multi-chip standalone

"The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. By integrating security functions directly into the router itself, Cisco can provide unique intelligent security solutions, such as network admissions control (NAC) for antivirus defense; Voice and Video Enabled VPN (V3PN) for quality-of-service (QoS) enforcement when combining voice, video, and VPN; and Dynamic Multipoint VPN (DMVPN) and Easy VPN."
595 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE Crypto-J JCE Provider Module
(Software Version: 3.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/01/2005;
03/06/2006;
10/12/2007;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode)

-FIPS Approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Cert. #71); RNG (Cert. #106); HMAC (Cert. #86)

-Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement, key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (ANSI X9.31, MD5, SHA1; non-compliant); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
594 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196
USA

-Mike French
TEL: 847-435-5219

CST Lab: NVLAP 100432-0

MCC7500 Secure Card Crypto Engine Cryptographic Module
(Hardware Version: P/N CLN8131 Version B; Firmware Version: R02.00.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/01/2005;
06/14/2006
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121)

-Other algorithms: DES (Cert. #151); DES-XL; DVI-XL; ADP; DVI-SPFL; DVP-XL

Multi-chip embedded

"The MCC7500 Secure Card Crypto Engine Cryptographic Module is a multiprocessor, cryptographic PCI card that provides encryption services for up to 60 audio streams for the Secure Operator Position (B1908) and Secure Archiving Interface Server (B1918). Each Secure Operator Position will contain one Secure Card providing encryption services for 60 simultaneous audio streams. Each Secure AIS will contain 1 or 2 Secure Cards providing encryption services for 60 or 120 audio streams, respectively. The Spare Crypto Card (B1924) may be used to upgrade an Operator Position or AIS."
593 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry® Cryptographic Kernel
(Firmware Versions: 3.8.3.3, 3.8.3.5, 3.8.3.6 and 3.8.3.7)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 12/01/2005 Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 7290 with BlackBerry OS Version 4.1

-FIPS Approved algorithms: Triple-DES (Cert. #366); AES (Cert. #291); SHS (Cert. #365); HMAC (Cert. #100); RSA (Cert. #82); RNG (Cert. #115); ECDSA (Cert. #9)

-Other algorithms: EC Diffie-Hellman (key agreement); ECMQV (key agreement)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
592 High Density Devices AS
Vestre Strandgate 26
Kristiansand, N-4611
Norway

-Aage Kalsaeg
TEL: +47 38 10 44 80
FAX: +47 38 10 44 99

CST Lab: NVLAP 100432-0

SecureD v.1.6
(Hardware Version: HW P/N SecureD v.1.6 Version 1.6.4; Firmware Version: 1.6.1)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/01/2005;
01/05/2007
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #324); AES (Cert. #174)

-Other algorithms:

Multi-chip embedded

"SecureD is a hardware based encryption device that offers optimal, fully integrated, protection for stored data in IDE data bus based computer systems. SecureD operates fully transparent at the speed of ATA-6 AT API. SecureD is using AES 128/192/256 bits encryption/decryption, and is 100% operating system independent. No SW is installed. Ideal for encryption of disks in Desktop environment, Laptop, and USB/Firewire connected disks."
591 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-888-6906

CST Lab: NVLAP 200017-0

BlackBerry Enterprise Server™ Cryptographic Kernel
(Software Versions: 1.0.2.5, 1.0.2.7, 1.0.2.8, 1.0.2.9 and 1.0.2.10)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/01/2005;
05/10/2007;
06/08/2007
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server SP4

-FIPS Approved algorithms: Triple-DES (Cert. #364); AES (Cert. #289); SHS (Cert. #363); HMAC (Cert. #98); RNG (Cert. #114); ECDSA (Cert. #8)

-Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic ryptographic functionality for the BlackBerry® Enterprise Server."
590 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE Crypto-J Software Module
(Software Versions: 3.5 [1], 3.5.2 [2] and 3.5.3 [3])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 11/18/2005;
03/06/2006;
05/17/2006;
12/18/2006;
10/12/2007;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with Java JRE 1.4.2. (in single user mode)

-FIPS Approved algorithms: DSA (Cert. #139); Triple-DES (Cert. #353); AES (Cert. #270); SHS (Cert. #355); RSA (Certs. #70 [1] and #185 [2]); RNG (Cert. #105); HMAC (Cert. #85)

-Other algorithms: DES (Cert. #325); Diffie-Hellman (key agreement, key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
589 Mobile Armor, LLC
400 South Woods Mill Rd.
Chesterfield, MO 63017
USA

-Bryan Glancey
TEL: 636-449-0239
FAX: 314-205-2303

-Chand Vyas
TEL: 636-449-0239
FAX: 314-205-2303

CST Lab: NVLAP 200427-0

Mobile Armor Crypto Module
(Software Version: 2.1.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/18/2005 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 and Red Hat Enterprise Linux 3.0 (in single user mode); Pocket PC 2003

-FIPS Approved algorithms: Triple-DES (Cert. #351); AES (Cert. #268); SHS (Cert. #348); RNG (Cert. #98); HMAC (Cert. #83)

-Other algorithms:

Multi-chip standalone

"Mobile Armor's Cross platform implementation of Cryptographic Services for use in Enterprise Mobile Data Security products on the Linux, Windows XP, and Windows CE platform."
588 Bluesocket, Inc.
10 North Avenue
Burlington, MA 01803
USA

-Mike Puglia
TEL: 781-328-0888

CST Lab: NVLAP 200002-0

Bluesocket WG-5000 Wireless Gateway
(Hardware Versions: 870-500FF-002, 870-500FT-002, 870-500TF-002 and 870-500TT-002; Firmware Versions: 3.1.1.8.fips.13, 4.1.0.11.fips.6 and 4.1.0.11.fips.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/18/2005;
12/08/2006
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #76 and #254); Triple-DES (Certs. #335 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #329); HMAC (Certs. #12 and #63)

-Other algorithms: DES (Cert. #313); Diffie-Hellman (key agreement); MD5; HMAC MD5

Multi-chip standalone

"The Bluesocket WG-5000 Wireless Gateway provides a single scalable solution to the security, quality of service (QoS), and management issues facing institutions, enterprises, and service providers who deploy 802.11 and Bluetooth-based wireless networks."
587 Bluesocket, Inc.
10 North Avenue
Burlington, MA 01803
USA

-Mike Puglia
TEL: 781-328-0888

CST Lab: NVLAP 200002-0

Bluesocket WG-2100 Wireless Gateway
(Hardware Versions: 870-212FF-002, 870-212FT-002, 870-212TF-002 and 870-212TT-002; Firmware Versions: 3.1.1.8.fips.13, 4.1.0.11.fips.6 and 4.1.0.11.fips.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/03/2005;
12/08/2006
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #76 and #253); Triple-DES (Certs. #187 and #250); RSA (Cert. #14); RNG (Cert. #16); SHS (Certs. #228 and #229); HMAC (Certs. #11 and #12)

-Other algorithms: DES (Cert. #223); Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC MD5

Multi-chip standalone

"The Bluesocket WG-2100 Wireless Gateway provides a single scalable solution to the security, quality of service (QoS), and management issues facing institutions, enterprises, and service providers who deploy 802.11 and Bluetooth-based wireless networks."
586 E.F. Johnson Co.
123 N. State St.
Waseca, MN 56093
USA

-John Oblak
TEL: 507-837-5116
FAX: 507-837-5120

CST Lab: NVLAP 100432-0

Subscriber Encryption Module (SEM)
(Hardware Versions: 023-5000-980, 023-5000-982, 023-5000-984 and 039-575-1200; Firmware Versions: 4.0, 4.1 and 4.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/03/2005 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #217); SHS (Cert. #238); HMAC (Cert. #80); DSA (Cert. #110); RNG (Cert. #5)

-Other algorithms: DES (Cert. #291); SecureNet DES 1 bit CFB with differential encoding and decoding

Multi-chip embedded

"The E.F. Johnson Co. Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the E.F. Johnson Co. 5100 series radio with secure and encrypted voice communication. The SEM supports AES OTAR, AES, DES, DSA, and SHA-1 FIPS Approved algorithms. These algorithms are used for data or voice communication and protection of SEM firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2 Level 1 security."
585 Bluefire Security Technologies
1040 Hull Street
#101
Baltimore, MD 21230
USA

-Phil Smith
TEL: 410-637-8160
FAX: 410-637-8172

CST Lab: NVLAP 200427-0

Bluefire Mobile Security™ FIPS Cryptographic Module
(Software Version: 1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/02/2005 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Service Pack 4, PocketPC 2003 (single user mode)

-FIPS Approved algorithms: DSA (Cert. #121); Triple-DES (Cert. #288); AES (Cert. #192); SHS (Cert. #272); RSA (Cert. #29); RNG (Cert. #39); HMAC (Cert. #7)

-Other algorithms: DES (Cert. #278); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Bluefire Mobile Security™ FIPS Cryptographic Module is Bluefire Security Technologies' cryptographic library designed for securing mobile devices such as personal digital assistants (PDA’s) and Smart Phones based on the Microsoft Windows Mobile platform. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
584 Credant Technologies Corporation
15303 Dallas Parkway
Suite 1420
Addison, TX 75001
USA

-Chris Burchett
TEL: 972-458-5407
FAX: 972-458-5454

CST Lab: NVLAP 200002-0

Credant Cryptographic Kernel[1] and CmgCryptoLib[2]
(Software Versions: 1.5[1] and 1.7[2])

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/02/2005;
11/04/2005;
12/07/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Version 1.5 tested as meeting Level 1 with Palm OS 5.4.5. Version 1.7 tested as meeting Level 1 with Windows Mobile 5; Windows Mobile 6; Windows XP SP2; Windows Vista 32-bit; Symbian Series 60 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #336); AES (Cert. #255); SHS (Cert. #330); HMAC (Cert. #65); RNG (Cert. #88)

-Other algorithms: N/A

Multi-chip standalone

"CREDANT CmgCryptoLib (previosuly known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library that implements Triple-DES, AES, ANSI X9.31 RNG, SHA-1, and HMAC-SHA-1 algorithms for CREDANT Mobile Guardian (CMG). CMG provides centrally managed mobile data protection via strong authentication, Intelligent Encryption and usage controls with guaranteed data recovery for laptops, desktops, removable media, PDAs and smart phones."
583 NeoScale Systems, Inc.
1655 McCarthy Blvd.
Milpitas, CA 95035
USA

-Rose Quijano-Nguyen
TEL: 408-473-1313

-Chris Winter
TEL: 408-473-1393

CST Lab: NVLAP 200017-0

CryptoStor FC2002W SAN Security Appliance
(Hardware Version: 820-0001-06 Rev2; Firmware Version: 2.2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/27/2005;
11/07/2005
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #275 and #285); AES (Certs. #173 and 183); SHS (Cert. #269); RSA (Cert. #26); HMAC (Cert. #25); RNG (Cert. #35)

-Other algorithms: N/A

Multi-chip standalone

"The NeoScale CryptoStor FC2002 appliance, is a Fibre Channel Storage Area Network (SAN) data security appliance that provides data flow control and encryption based on configured policy rules. Operating as a fully transparent, in-line storage appliance, the FC2002 inspects storage traffic and applies information flow controls and strong encryption to the data payload at gigabit rates. Storage data privacy policies are centrally managed, employing access and encryption rules which are easily modified to suit current and evolving storage infrastructures. Deep frame inspection allows access and encryption policies to be dynamically applied at wirespeed. True gigabit throughput with low latency and transparent operation ensures uninterrupted, scalable storage data protection."
582 Oceana Sensor Technologies, Inc.
1632 Corporate Landing Parkway
Virginia Beach, VA 23454
USA

-Alex Kalasinski
TEL: 757-426-3678
FAX: 757-426-3633

-Don Kennamer
TEL: 757-426-3678
FAX: 757-426-3633

CST Lab: NVLAP 200017-0

Fortress Cryptographic Library
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/27/2005 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.4.2 running on Windows 2000 Service Pack 4 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #256); Triple-DES (Cert. #337); RSA (Cert. #65); SHS (Cert. #331); HMAC (Cert. #66); RNG (Cert. #89)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); Rijndael

Multi-chip standalone

"The Oceana Sensor Technologies Fortress Cryptographic LibraryTM (FCL) is a cryptographically secure interface to applications both internal and external to the OST product. It has many features and supports AES, Triple DES and RSA. It is entirely a software product."
581 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress™ Wireless Security Gateway
(Hardware Version: Model AF2100; Firmware Versions: 2.5 and 2.1.0.AFG1178ag)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/27/2005;
04/26/2007;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; RSA (non-compliant)

Multi-chip standalone

"The AirFortress ™ Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AF Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
580 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Simon Gerraty
TEL: 408-745-2348
FAX: 408-745-8905

CST Lab: NVLAP 100432-0

AS2-FIPS PIC
(Hardware Versions: PB-AS2-FIPS, PE-AS2-FIPS, Rev. A and B; Software Versions: 7.2R1.7 and 7.4R1.7; Firmware Version: 560-011740 (Rev. 4.008))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/25/2005;
12/02/2005;
01/27/2006;
06/14/2006;
12/19/2006
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: RSA (Cert. #69); Triple-DES (Certs. #341 and #350); SHS (Certs. #336 and #347); HMAC (Cert. #71); RNG (Cert. #93)

-Other algorithms: MD5; DES (Cert. #324); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Adaptive Services (AS) Physical Interface Card (PIC) is a multi-chip embedded cryptographic module, which supports a new level of services integration and performance. The AS2-FIPS PIC supports compressed real time protocol (CRTP), high-speed Network Address Translation (NAT), stateful firewall, tunnel services, IPSec encryption and J-Flow accounting today while having built-in headroom to support additional services in the future. With high-speed NAT and stateful firewall, providers can protect their networks and simultaneously deploy network-based security and VPN solutions."
579 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Greg Farmer
TEL: 434-455-9577

CST Lab: NVLAP 200002-0

P7130IP Select, P7150IP Scan Portable and M7100IP Mobile Two-Way FM Radio
(Hardware Versions: RU101188V1, RU101188V21, RU101188V12, RU101188V22, RU101188V31, KRY1011632/13, KRY1011632/11, RU101219V21, RU101219V51, RU101219V61, RU101219V63, RU101219V41, RU101219V71 and RU101219V73; Firmware Version: H8 version: J2R06B03; DSP version: F7R01A16)

(When operated in FIPS mode)

Revoked

Security Policy

Certificate

Hardware 10/25/2005;
08/16/2006;
10/22/2007
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #155)

-Other algorithms: DES (Cert. #241); DES MAC (Cert. #241, vendor affirmed); VGE (M/A-Com proprietary digital voice encryption algorithm)

Multi-chip standalone

"The P7150IP Scan Portable/M7100IP Mobile are M/A COM's premier radios for critical communications. Guided by customer feedback, M/A COM designed the P7150IP and M7100IP to excel in the challenging environments that critical communications users encounter. The radios provide a superior combination of features, functions, and physical attributes. They are light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the radios provide exceptional performance even under adverse conditions."
578 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder FIPS Java Module
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/25/2005;
07/20/2007;
03/06/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1 and 1.4.2 running on Windows 2003 x86 (Binary compatible to Windows 98/2000/XP); Red Hat Linux Application Server 3.0 x86 (Binary compatible to AS 2.1); Solaris 2.9 32-bit SPARC; Solaris 2.9 64-bit SPARC

-FIPS Approved algorithms: Triple-DES (Cert. #318); AES (Cert. #227); SHS (Cert. #307); HMAC (Cert. #37); RNG (Cert. #68); DSA (Cert. #128); ECDSA (Cert. #6); RSA (Cert. #54)

-Other algorithms: DES (Cert. #298); ARC2; ARC4; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement); ECMQV (key agreement); RSA (Cert. #52, key wrapping)

Multi-chip standalone

"The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
577 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Greg Farmer
TEL: 434-455-9577

CST Lab: NVLAP 200002-0

P7170IP System Portable Two-Way FM Radios
(Hardware Versions: RU101219V22, RU101219V42, RU101219V52, RU101219V62, RU101219V72; Firmware Version: H8 version: J2R06B03; DSP version: F7R01A16)

(When operated in FIPS mode)

Revoked

Security Policy

Certificate

Hardware 10/25/2005;
08/16/2006;
10/22/2007
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #155);

-Other algorithms: DES (Cert. #241); DES MAC (Cert. #241, vendor affirmed); VGE (M/A-Com proprietary digital voice encryption algorithm)

Multi-chip standalone

"The P7170IP is M/A COM's premier portable radio for critical communications. Guided by customer feedback, M/A COM designed the P7170IP to excel in the challenging environments that critical communications users encounter. The P7170IP provides a superior combination of features, functions, and physical attributes. It is light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the P7170IP provides exceptional performance even under adverse conditions."
576 PalmSource, Inc.
1188 East Arques Avenue
Sunnyvale, CA 94085
USA

-Laurent Sanchez
TEL: 408-400-3000
FAX: 408-400-1510

CST Lab: NVLAP 200416-0

Cryptographic Provider Module + FIPS Provider
(Software Version: 5.2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/25/2005 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Palm Tungsten™ C running Palm OS version 5.2.1

-FIPS Approved algorithms: AES (Cert. #114); Triple-DES (Cert. #226); HMAC (Cert. #46); RNG (Cert. #63); SHS (Certs. #303 and #202)

-Other algorithms: N/A

Multi-chip standalone

"The PalmSource Cryptographic Provider Module + FIPS Provider version 5.2.2 is a software library that implements cryptographic functions and is contained within a defined cryptographic boundary using the PalmOS version 5.2.1."
575 ActivCard, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-745-6211
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5
(Hardware Versions: P/N 77, Version E302, E303-063683, E303-063792; Firmware Versions: ACA v2.5.1, PKI/GC/SKI v2.5.1, SMA v2.5.1, ASC v2.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/25/2005;
05/26/2006
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed)

Single-chip

"The ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5: Provides enhanced functionality, flexibility, and security based on the ActivCard Applet v2 frameworks; Is backward compatible with earlier versions of ActivCard applets; Offers a more open, stable, and flexible platform on which developers can build and deploy smart card applications; Is compliant with GSC-IS 2.1 virtual machine comman interface; Supports GSC-IS 2.1 data model; Can be configured for Level and Level 3 modes."
574 RedCannon Security
42808 Christy Street
Suite #108
Fremont, CA 94538
USA

-Kurt Lennartsson
TEL: 510-498-4104
FAX: 510-498-4109

-Brian Wood
TEL: 410-902-9779

CST Lab: NVLAP 200427-0

RedCannon Cryptographic Module
(Software Version: 1.3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/19/2005 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional with Service Pack 2 (single user mode)

-FIPS Approved algorithms: AES (Cert. #249); Triple-DES (Cert. #334); SHS (Cert. #327); HMAC (Cert. #58); RSA (Cert. #64); RNG (Cert. #87)

-Other algorithms: DES (Cert. #312); TwoFish; BlowFish; Serpent; CAST; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key generation; non-compliant); RSA (PKCS#1; key transport; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The RedCannon Crypto Module provides cryptographic support for the RedCannon line of products. The crypto module is used to create, manage and delete cryptographic keys as well as to perform cryptographic operations. The crypto module can be used for multiple functions within the RedCannon applications. It provides a structured set of APIs, which can be called to perform these functions. This provides flexibility for the module and the ability to add new applications for the crypto module functions in the future without changing the module itself."
573 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-924-3500
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: DS1955B PB2 - 2.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/20/2005 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185, vendor affirmed)

-Other algorithms: DES (Cert. #222); RSA (PKCS#1, key wrapping); RSA (OAEP, key wrapping)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds and the production of postage meter indicia in a variety of Pitney Bowes Metering products. The PSD has been designed to support international postal markets and their evolving requirements for digital indicia."
572 Gemalto
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

-Jerome Denis
TEL: 512-257-3808

CST Lab: NVLAP 100432-0

SafesITe TOP IM CY2 (aka Cyberflex Access 64K V2) Cryptographic Module
(Hardware Versions: P/N A1002057, A1002631 and A1006577; Firmware Version: Hardmask 1V3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/15/2005;
10/31/2005;
05/25/2006;
07/28/2008
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #312); Triple-DES MAC (Cert. #312, vendor affirmed); AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64)

-Other algorithms: DES (Cert. #293); DES MAC (Cert. #293, vendor affirmed);

Single-chip

"The Cyberflex Access 64K V2 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K V2 serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K V2 supports on-card Triple DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K V2 smart card is part of a range of Axalto highly secure, Java-based smart cards for physical and logical access, e-transactions and other applications."
571 AirMagnet, Inc.
1325 Chesapeake Terrace
Sunnyvale, CA 94089
USA

-Tony Ho
TEL: 408-400-1255
FAX: 408-744-1250

CST Lab: NVLAP 200648-0

SmartEdge Sensor AM-5010-11-AG and AM-5012-11AG
(Hardware Versions: AM-5010-11-AG and AM-5012-11AG; Firmware Version: 5.2.0-2928)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/12/2005 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #214); Triple-DES (Cert. #307); SHS (Cert. #295); RSA (Cert. #47); RNG (Cert. #60); HMAC (Cert. #23)

-Other algorithms: RC4; MD5; Diffie-Hellman (key agreement); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant); DSA (non-compliant); DES; RC2; IDEA

Multi-chip standalone

"The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
570 Thales e-Security
Meadow View House,
Crendon Industrial Estate,
Long Crendon
Aylesbury, Buckinghamshire HP18 9EQ
United Kingdom

-Tim Fox
TEL: +44 1844 201800
FAX: +44 1844 202170

CST Lab: NVLAP 200002-0

Secure Generic Sub-System (SGSS), Version 3.2
(Hardware Versions: 1213B130, Rev 2 and 1213D130, Rev 3a; Software Version: 2.0.2)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/07/2005;
10/13/2005
Overall Level: 3 

-FIPS Approved algorithms: DSA/SHS (Cert. #24); RSA (Cert. #53)

-Other algorithms:

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor 2000 family, WebSentry family, HSM 8000 family, P3CM family, PaySentry, 3D Security Module and SafeSign Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and the RSA algorithm."
569 Funk Software, Inc.
222 Third Street
Cambridge, MA 02142
USA

-Steven Erickson
TEL: 978-371-3980 x112
FAX: 978-371-3990

CST Lab: NVLAP 200648-0

Odyssey Security Component and Odyssey Security Component/Portable
(Software Version: 1.2)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/31/2005;
01/13/2006;
02/24/2006
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP, Red Hat Linux 9.0 (single user mode)

-FIPS Approved algorithms: AES (Certs. #245 and #246); Triple-DES (Certs. #331 and #332); SHS (Certs. #322 and #323); HMAC (Certs. #53 and #55); RSA (Certs. #61 and #62); DSA (Certs. #133 and #135); RNG (Certs. #79 and #84); CCM (Certs. #2 and #3)

-Other algorithms: DES (Certs. #309 and #310); Diffie-Hellman (key agreement)

Multi-chip standalone

"The Odyssey Security Component/Portable is Funk Software, Inc.'s general purpose cryptographic library. Wide-ranging algorithm support is provided, making the library suitable for use in applications such as wireless LAN, IPsec, SSL/TLS, EAP, and so on. Assembly language optimizations allow high-speed operation on specific platforms, while the portable (C) version can be used on a large variety of platforms."
568 Caymas Systems Inc.
1179-A N. McDowell Blvd.
Petaluma, CA 94954
USA

-Joe Howard
TEL: 707-283-5000
FAX: 707-283-5001

CST Lab: NVLAP 200017-0

Caymas Systems 525 Identity-Driven Access Gateway
(Hardware Version: Rev. 100-000002; Firmware Version: R2.6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 08/30/2005 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #319, #320, #323, #325 and #326); AES (Certs. #229, #230, #233, #234 and #235); SHS (Certs. #308, #309, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #69, #70, #73 and #74); HMAC (Certs. #41, #42 and #45); DSA (Certs. #129, #130 and #131)

-Other algorithms: DES (Certs. #299, #300, #303 and #304); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RC4

Multi-chip standalone

"The Caymas 318 and Caymas 525 are the world's first Identity-Driven Access Gateways, combining universal access, Identity-Based access control, integrated application security and federated policy enforcement. Caymas products are hardened, purpose-built appliances, with custom acceleration hardware allowing them to scale to thousands of users and multi-gigabit speeds in a single platform. With no per user or per feature pricing, Caymas gateways deliver radical price/performance for enterprises extending their information assets to internal and external users."
567 Caymas Systems Inc.
1179-A N. McDowell Blvd.
Petaluma, CA 94954
USA

-Joe Howard
TEL: 707-283-5000
FAX: 707-283-5001

CST Lab: NVLAP 200017-0

Caymas Systems 318 Identity-Driven Access Gateway
(Hardware Version: Rev. 100-000001; Firmware Version: R2.6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 08/30/2005 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #321, #323, #325 and #326); AES (Certs. #231, #233, #234 and #235); SHS (Certs. #310, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #71, #73 and #74); HMAC (Certs. #43 and #45); DSA (Certs. #129, #130 and #131)

-Other algorithms: DES (Certs. #301, #303 and #304); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RC4

Multi-chip standalone

"The Caymas 318 and Caymas 525 are the world's first Identity-Driven Access Gateways, combining universal access, Identity-Based access control, integrated application security and federated policy enforcement. Caymas products are hardened, purpose-built appliances, with custom acceleration hardware allowing them to scale to thousands of users and multi-gigabit speeds in a single platform. With no per user or per feature pricing, Caymas gateways deliver radical price/performance for enterprises extending their information assets to internal and external users."
566 WRQ, Inc.
1500 Dexter Avenue North
Seattle, WA 98109
USA

-Donovan Deakin
TEL: 206-217-7500
FAX: 206-217-7515

CST Lab: NVLAP 100432-0

Reflection Security Component for Java
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/19/2005 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX 400 running Microsoft Windows 2000 Professional SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; HP Proliant ML 330 running Microsoft Windows 2000 Server SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1 (configured in single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #305); AES (Cert. #213); RSA (Cert. #45); DSA (Cert. #126); SHS (Cert. #293); RNG (Cert. #57); HMAC (Cert. #20)

-Other algorithms: DES (Cert. #288); MD5; HMAC-MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"Reflection® for the Web provides terminal emulation from a web browser. With this server-based solution you can connect local or remote users to applications on IBM, HP, UNIX, and OpenVMS hosts. You can also use its comprehensive management, security, and customization features to boost IT efficiency and user productivity."
565 Schweitzer Engineering Laboratories, Inc.
2545 NE Hopkins Court
Pullman, WA 99163-5603
USA

-David Whitehead
TEL: 509-336-2417
FAX: 509-336-2406

CST Lab: NVLAP 100432-0

SEL-3021 Serial Encrypting Transceiver
(Hardware Version: P/N SEL-3021, Version 00004CA8; Firmware Version: SEL-3021-R105-V0-Z002001-D20050701)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/19/2005 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #202); SHS (Cert. #279); HMAC (Cert. #14); RNG (Cert. #46)

-Other algorithms: N/A

Multi-chip standalone

"The SEL-3021 Serial Encrypting Transceiver is a bump-in-the-wire encryption device designed to add strong cryptographic security to new serial communications links and to provide an easy and effective security solution for existing serial communications networks. It is designed for use on both point-to-point byte oriented communications links and multidrop SCADA networks."
564 SkyTel Corp.
500 Clinton Center Drive
Bldg. 2, Floor 4
Clinton, MS 39056
USA

-Mike Sheffield
TEL: 601-460-3627
FAX: 888-944-7396

CST Lab: NVLAP 100432-0

SkyTel ST900 Secure 2Way
(Hardware Version: P/N ST900, Version 2.0; Firmware Versions: 20050624 ver.f.2.9 and 20050705 ver.f.3.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/19/2005;
10/13/2005
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #261); RNG (Cert. #95); HMAC (Cert. #74); SHS (Cert. #341)

-Other algorithms: EC Diffie-Hellman (key agreement)

Multi-chip standalone

"SkyTel ST900 Secure 2Way is a wireless product for agencies transmitting sensitive and critical communications. The device, an ST900 2Way pager, operates on narrowband PCS, recommended for reliability and superior inbuilding penetration. It is password-protected, with AES encryption and encryption key establishment based on ANSI X9.63."
563 Snapshield, Ltd.
1 Research Court
Suite 450
Rockville, MD 20850
USA

-Uri Naor
TEL: 301-216-3805
FAX: 301-519-8001

-Rolando Rosas - Snap Defense Systems, LLC
TEL: 703-766-6540
FAX: 703-766-6501

CST Lab: NVLAP 100432-0

SNAPcell
(Hardware Version: P/N Snapcell, Version 1.5; Firmware Versions: 5133 050322.2 SnapP2P.2 and 5133 050322.2 SnapP2MP.2)

Snapcell
(Hardware Version: P/N Snapcell-F, Version 1.5; Firmware Versions: SnapP2P.2 and SnapP2MP.2)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/19/2005;
12/02/2005;
12/22/2005;
01/13/2006
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #212); SHS (Cert. #289); RNG (Cert. #53)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"SNAPcell is a plug-in cellular accessory for Sony Ericsson handsets which enable secure end-to-end GSM communications. SNAPcell draws a new key for each session. SNAPcell requires minimum user intervention with seamless operation and due to the efficient implementation of the encryption algorithms it has minimum impact on the handset battery life. SNAPcell can be used across all four GSM frequency bands and the handset or the subscriber cannot be identifiable within the network. SNAPcell can be easily transferred from one device to another."

"Snapcell is a high assurance, lightweight, micro-adapter that secures cellular communications, end-to-end on any GSM frequency (850/900/1800/1900). Snapcell is compatible with standard Sony-Ericsson (GSM) mobile phones. Snapcell is approved for exporting outside the USA. Snapcell is also available with an optional centralized enterprise manager gateway (CEMG) that provides a secure single-point of administration for networking up to several thousands of users over public and private networks. Snapcell is currently deployed by the U.S. Special Forces, U.S. Navy, Coalition partners and financial institutions in over 30 countries."

562 Wei Dai
13440 SE 24th Street
Bellevue, WA 98005
USA

-Wei Dai
TEL: 425-562-9677

CST Lab: NVLAP 200002-0

Crypto++ Library
(Software Version: 5.2.3)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 07/29/2005;
08/24/2005;
10/28/2005
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional, Service Pack 1 (single user mode)

-FIPS Approved algorithms: Skipjack (Cert. #14); Triple-DES (Cert. #309); AES (Cert. #216); SHS (Certs. #134 and #298); DSA (Cert. #79); RSA (Cert. #50); ECDSA (Cert. #5); HMAC (Cert. #26); RNG (Cert. #61); Triple-DES MAC (Cert. #309, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. The dynamic link library (DLL) is FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
561 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Bill Bialick
TEL: 410-964-6400
FAX: 410-964-5154

CST Lab: NVLAP 200017-0

LYNKS Privacy Card
(Hardware Version 2.0; Firmware Version: 1.c)

(When operated in FIPS mode)

Validated to FIPS 140-1

Security Policy

Certificate

Hardware 07/29/2005 Overall Level: 2 

-FIPS Approved algorithms: Skipjack (Cert. #1); DSA/SHA-1 (Cert. #1)

-Other algorithms: DES (Cert. #50); RSA (non-compliant); Triple-DES; Diffie-Hellman (key agreement)); MD5; KEA

Multi-chip standalone

"The SPYRUS family of LYNKS Privacy Card tokens provides high performance, high assurance cryptographic processing in a personal, portable PC card form factor. The LYNKS Privacy Card product enables security- critical capabilities such as user authentication, message privacy and integrity, authentication, and secure storage in rugged, tamper-evident hardware."
560 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Klorida Miraj
TEL: 425-421-5229

-Katharine Holdsworth
TEL: 425-706-7923

CST Lab: NVLAP 200427-0

Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH)
(Software Versions: 5.01.01603 [1], 5.00.911762 [1], 5.04.17228 [2], 5.05.19202 [2] and 5.05.21840 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/29/2005
08/24/2005;
06/21/2006;
06/28/2006;
06/29/2006;
12/08/2006;
05/14/2007;
02/21/2008;
04/04/2008;
10/30/2009
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows CE 5.01, Windows CE 5.00, Windows Mobile 6.0, Windows Mobile 6.1 and 6.5

-FIPS Approved algorithms: AES (Certs. #224 [1] and #507 [2]); Triple-DES (Certs. #315 [1] and #517 [2]); RSA (Certs. #52 [1] and #222 [2]); RNG (Certs. #66 [1] and #286 [2]); SHS (Certs. #305 [1] and #578 [2]); HMAC (Certs. #31 [1] and #260 [2])

-Other algorithms: DES (Cert. #296 [1]); MD5; HMACMD5; RC2; RC4; DES [2]

Multi-chip standalone

"Microsoft Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH) is a general-purpose, software-based, cryptographic module for Windows CE and Windows Mobile. It can be dynamically linked into applications by software developers to permit the use of generalpurpose cryptography."
559 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Jonathan Lewis
TEL: 978-288-8590
FAX: 978-288-4004

-David Passamonte
TEL: 978-288-8973
FAX: 978-288-4004

CST Lab: NVLAP 200427-0

Contivity® VPN Client
(Software Version: 5.11_021)

(When operated in FIPS mode with Microsoft® Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 07/25/2005;
08/24/2005;
08/29/2005
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional Service Pack 2 (in single-user mode)

-FIPS Approved algorithms: AES (Cert. #218); Triple-DES (Cert. #310); SHS (Cert. #299); HMAC (Cert. #28); RNG (Cert. #62)

-Other algorithms: Diffie-Hellman (key agreement); DES; 40-bit DES; MD5; EC Diffie-Hellman (key agreement); HMAC-MD5

Multi-chip standalone

"The Contivity VPN Client provides stable, secure network access via Nortel VPN routers and VPN gateways. The client can be preconfigured and customized by IT administrators for quick install and connect, or easily configured by end users via the connection wizard. The VPN client works over all IP infrastructures including all wireless, broadband, and satellite services. The VPN client also supports seamless roaming, enabling a user to roam wirelessly without losing the virtual connection."
558 ActivCard, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-745-6211
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5
(Hardware Versions: P/N 77, Version E302, E303-063683, E303-063792; Firmware Versions: ACA v2.5.1, PKI/GC/SKI v2.5.1, SMA v2.5.1, ASC v2.5.1)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/25/2005;
05/26/2006
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed);

Single-chip

"The ActivCard Digital Identity Applet Suite v2.5 on OCS ID-One Cosmo 64 v5: Provides enhanced functionality, flexibility, and security based on the ActivCard Applet v2 frameworks; Is backward compatible with earlier versions of ActivCard applets; Offers a more open, stable, and flexible platform on which developers can build and deploy smart card applications; Is compliant with GSC-IS 2.1 virtual machine command interface; Supports GSC-IS 2.1 data model."
557 Telkonet Communications, Inc.
20374 Seneca Meadows Pkwy
Germantown, MD 20876-7004
USA

-Jill Parlett
TEL: 410-627-3994
FAX: 240-912-1839

CST Lab: NVLAP 200416-0

Telkonet G3 Series iBridge and Telkonet G3 Series eXtender
(Hardware Versions: iBridge: IB8000, IB8001, IB8011, IB8200, IB8201, IB8211; eXtender: X7000, X7001, X7011, X7200, X7201, X7211; Firmware Versions: 2.12, 2.41 and 2.53)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/25/2005;
04/04/2006;
08/29/2007
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #223)

-Other algorithms: RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"The Telkonet system uses power line communications (PLC) technology to deliver broadband internet to a building's existing electrical wiring. The system consists of four components: The Telkonet Gateway, Telkonet iBridge, Telkonet eXtender and Telkonet Coupler."
556 JP Mobile, Inc.
12000 Ford Road
Suite 400
Dallas, TX 75234
USA

-Kishore Kankipati
TEL: 972-277-8340
FAX: 972-484-4154

CST Lab: NVLAP 200427-0

SureWave Mobile Defense Security Kernel
(Software Version: 5.0.050107)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/07/2005 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft PocketPC 2003 Premium

-FIPS Approved algorithms: AES (Cert. #221); SHS (Cert. #302); Triple-DES (Cert. #313); Triple-DES MAC (Cert. #313, vendor affirmed); RNG (Cert. #65)

-Other algorithms: DES (Cert. #294); Blowfish; MD5

Multi-chip standalone

"The SureWave Mobile Defense Security Kernel controls the cryptographic functions of various versions of the SureWave Mobile Defense 4.0 software for Palm, Pocket PC, and Symbian OS enabled devices. Although the same kernel is used in all versions of PDA Defense 4.0, it has only been tested and validated for use on the Pocket PC 2003 Premium."
555 Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Javier Lorenzo
TEL: 858-625-5020

-Hui Chen
TEL: 510-936-4839

CST Lab: NVLAP 200427-0

Sun Cryptographic Accelerator 4000
(Hardware Versions: 501-6040-02 and 501-6040-03 (Fiber), 501-6039-05 and 501-6039-06 (UTP/Copper); Firmware Versions: 2.0 and 2.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/07/2005;
07/28/2005;
09/16/2005
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #190); AES (Cert. #79); SHS (Certs. #171 and #172); HMAC (Certs. #34 and #88); DSA (Cert. #92); RNG (Cert. #108); RSA (Cert. #95)

-Other algorithms: DES (Cert. #225); MD5; HMAC-MD5; RC2

Multi-chip embedded

"The Sun Cryptographic Accelerator 4000 (SCA 4000) is a highperformance secure networking solution for Sun servers. It is a PCI card consisting of a Gigabit Ethernet adapter with on-board cryptographic acceleration hardware and a secure cryptographic key store. The card enhances server network performance by off-loading compute intensive cryptographic calculations (asymmetric and symmetric) from the server's CPU, accelerating both IPsec and SSL processing. The SCA 4000 also provides a secure remote administration capability. It is tightly integrated with Sun's server hardware and software."
554 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-924-3500
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Versions: DS1955B PB3 - 3.02 and DS1955B PB5 - 5.00)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/29/2005;
10/18/2005;
03/29/2006
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); ECDSA (vendor affirmed); Triple-DES MAC (Cert. #185, vendor affirmed); RNG (Cert. #86)

-Other algorithms: DES (Cert. #222); HMAC (non-compliant)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the Canada Post Corporations Digital Indicia Standard. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digitial metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
553 Telkonet Communications, Inc.
20374 Seneca Meadows Pkwy
Germantown, MD 20876-7004
USA

-Jill Parlett
TEL: 410-627-3994
FAX: 240-912-1839

CST Lab: NVLAP 200416-0

Telkonet G3 Series Gateway
(Hardware Versions: G3001 and G3201; Firmware Versions: GAF4.1.0, GAF4.2.0 and GAF4.2.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/27/2005;
07/07/2005;
03/29/2006;
08/29/2007
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #223)

-Other algorithms: RSA (PKCS#1, key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"The Telkonet system uses power line communications (PLC) technology to deliver broadband internet to a building's existing electrical wiring. The system consists of four components: The Telkonet Gateway, Telkonet iBridge, Telkonet eXtender and Telkonet Coupler."
552 Gemplus Corp.
Avenue du Pic de Bretagne
BP 100
Gemenos Cedex, 13881
France

-Anthony Vella
TEL: +33 (0) 4 42 36 61 38

CST Lab: NVLAP 200427-0

GemXpresso Pro R3 E64 PK - FIPS with DAL C3 Applet Suite
(Hardware Version: GP92; Firmware Versions: GXP3 - FIPS EI19 and GXP3 - FIPS EI19 with new ATR and fast ATR, Applets: Access Control Applet Version 1.0 and GSC Service Applet Version 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/20/2005 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #95); SHS (Cert. #82); RSA (Cert. #33); Triple-DES MAC (Cert. #95, vendor affirmed); RNG (Cert. #44)

-Other algorithms: DES (Cert. #155); DES MAC (Cert. #155, vendor affirmed);

Single-chip

"This module is based on a Gemplus Open OS Smart Card with a large 64K EEPROM memory, and on a cryptographic applet suite developed by Dreifus Associates LTD. Inc. The SmartCard platform has on board Triple DES and RSA algorithms and provides on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container and PKI . The module conforms to Java Card 2.1.1, Global Platform 2.0.1', and GSC-IS v2.1 standards-Card Edge Interface for VM cards, and is very well suited for US Government and Federal projects."
551 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0

N94i/155 SMM
(Hardware Version: 3000186T A; Firmware Versions: 3800157W Version L4 (SH1), 3800159Y Version F (SH2))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/16/2005;
10/03/2006
Overall Level: 3 

-FIPS Approved algorithms: DSA (Cert. #120); SHS (Cert. #41); RNG (Cert. #38); ECDSA (vendor affirmed)

-Other algorithms:

Multi-chip embedded

"The N94i/155 module is a postage meter supporting accounting and cryptographic functions for secure electronic transactions. Associated to a document transport system and an inkjet printhead, the module is capable of producing up to 110 envelopes per minute."
550 Priva Technologies, Inc.
1054 S. De Anza Blvd.
Suite 201
San Jose, CA 95129
USA

-William Sibert
TEL: 312-560-5317
FAX: 208-330-3470

CST Lab: NVLAP 100432-0

Priva Technologies Cleared IC
(Hardware Version: P/N PC1002SC-2 Version 3.0; Firmware Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/09/2005 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #299)

-Other algorithms:

Single-chip

"This tamper protected custom integrated circuit provides secure cryptographic and multi-factor authentication services, including encryption/decryption, secure transactions, data verification, key storage, and further key management and non-repudiation functions as part of the Priva Technologies Cleared Security Platform."
549 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151
USA

-Chrisophe Goyet
TEL: 703-263-0100
FAX: 703-263-7134

CST Lab: NVLAP 100432-0

ID-One Cosmo 64 v5
(Hardware Version: P/N 77; Firmware Version: E303-063792)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/09/2005;
09/23/2005;
08/16/2006;
04/30/2007
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed);

Single-chip

"The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government market needs. It offers a full 64K Byte of EEPROm space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, Elliptic Curve and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional feature include On-Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
548 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-7134

CST Lab: NVLAP 100432-0

ID-One Cosmo 64 v5
(Hardware Version: P/N 77; Firmware Versions: E303-063683 and E303-063684)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/09/2005;
09/23/2005;
05/16/2006;
08/16/2006;
04/30/2007;
10/15/2007
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed)

Single-chip

"The ID-One Cosmo 64 v5 is a JavaCard cryptographic module with dual interface (ISO 7816 & ISO 14443) specifically designed for identity and government market needs. It offers a full 64K Byte of EEPROM space available for customer discretionary use, together with on card cryptographic services such as TDES, AES, Elliptic Curve and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.2 and Open Platform v2.1.1A. To protect against skimming, a built-in firewall allows application developers to disable contactless access for sensitive operations. Additional features include On- Card fingerprint matching and Logical Channels. The ID-One Cosmo 64 v5 is available in contact only, dual interface, or contactless only formats."
547 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Dennis Crowe
TEL: 203-924-3500
FAX: 203-924-3352

CST Lab: NVLAP 100432-0

Compliant Meter Postal Security Device (CoMet PSD)
(Hardware Versions: US: 1A00ABA Revision A and 1A0TAAA Revision A; German: 1A51AAA Revision B; Canada: 1AECABA Revision A and 1ACTAAA.)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005;
02/24/2006
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #98); Triple-DES MAC (Cert. #98, vendor affirmed); DSA (Cert. #58); SHS (Cert. #86); HMAC-SHA-1 (Cert. #86, vendor affirmed); Skipjack (Cert. #6); ECDSA (ANSI X9.62, vendor affirmed); RNG (vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1, key wrapping)

Multi-chip standalone

"The Pitney Bowes Compliant Meter Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Canada Post Corporations Digital Indicia Standard, and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
546 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen 204 and 208
(Hardware Version: P/N NS-204 and NS-208, Version 0110; Firmware Version ScreenOS 5.0 r9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005;
06/10/2005
12/02/2005;
01/26/2006;
06/20/2006;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Juniper Networks NetScreen-204 and 208 are purpose-built internet security appliances that deliver firewall, VPN, and traffic shaping optimized for the most demanding environments such as medium and large enterprise offices, e-business sites, data centers, and carrier infrastructures."
545 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-5400
(Hardware Version: P/N NS-5400 Version 3010; Firmware Version ScreenOS 5.0 r9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005;
06/10/2005
12/02/2005;
01/26/2006;
06/20/2006;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Juniper Networks NetScreen-5400 is a purpose-built, highperformance security system designed to deliver a new level of highperformance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5400 security system integrates firewall, DoS, DDoS protection, VPN, and traffic management functionality in lowprofile modular chassis."
544 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-5200
(Hardware Version: P/N NS-5200 Version 3010; Firmware Version ScreenOS 5.0 r9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005;
06/10/2005
12/02/2005;
01/26/2006;
06/20/2006;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #11); Triple-DES (Certs. #118 and #133); DSA (Cert. #132); SHS (Certs. #103 and #119); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Certs. #174 and #184); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Juniper Networks NetScreen-5200 is a purpose-built, highperformance security system designed to deliver a new level of highperformance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5200 security system integrates firewall, DoS and DDoS protection, VPN, and traffic management functionality in lowprofile modular chassis."
543 Utimaco® Safeware AG
Germanusstr. 4
Aachen, 52080
Germany

-Rainer Herbertz
TEL: +49 241 1696 240
FAX: +49 241 1696 222

CST Lab: NVLAP 100432-0

CryptoServer® 2000
(Hardware Version: P/N CryptoServer® 2000, Version 1.0.2.0; Firmware Version: 1.0.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #284); Triple-DES MAC (Cert. #284, vendor affirmed); AES (Cert. #182); SHS (Certs. #268 and #297); RSA (Certs. #25 and #49); RNG (Cert. #34)

-Other algorithms: Diffie-Hellman (key agreement); IDEA; Safer; MD5; MDC-2; RIPEMD-160; Retail-TDES MAC; AES MAC; DES

Multi-chip embedded

"The CryptoServer® 2000 is an encapsulated, highly tamper protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verifying of data, random number generation, on-board secure key generation, key storage, and further key management functions."
542 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder FIPS Module
(Software Versions: 2.0, 2.0.4 and 2.0.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/02/2005;
03/16/2006;
08/29/2006;
11/06/2006;
07/20/2007;
09/12/2007;
04/29/2008;
06/24/2008;
03/06/2009;
10/16/2009;
10/18/2013:
11/01/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Red Hat Linux Application Server 3.0, x86; Solaris 2.9, SPARC 32- bit; SPARC; Solaris 2.9, SPARC 64-bit; SPARC; HP-UX 11.00, 32-bit PA-RISC; HP-UX 11.00, 64-bit PA-RISC; Windows 2003, x86; Windows 2003, Itanium; AIX 5.2, 32-bit Power PC; AIX 5.2, 64-bit Power PC; Red Hat Linux Application Server 3.0, Itanium; HP-UX 11i, Itanium; Windows CE 3.0, ARM; Symbian 9, ARM; Linux 64-bit; Windows 64-bit, x86; Windows Vista, x86; Windows Vista 64 bit, 64 bit x86; HPUX B11 32-bit IA64; Solaris 8 32 Bit; Solaris 10 64 Bit; Red Hat Linux AS 4.0 32 bit and 64 bit on an IBM PowerPC 5; CentOS Linux release 5.4 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #276 and #1509); AES (Certs. #175 and #2442); SHS (Certs. #260 and #2078); RSA (Certs. #20 and #1255); HMAC (Certs. #9 and #1508); RNG (Certs. #25 and #1194); DSA (Certs. #115 and #758); ECDSA (Certs. #1 and #400)

-Other algorithms: DES (Cert. #272); DES-X; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement); ECMQV (key agreement); ARC2; ARC4; MD2; MD5; HMAC-MD5

Multi-chip standalone

"The Security Builder FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
541 AEP Networks
Focus 31, West Wing
Cleveland Rd
New Hempstead, Herts HP2 7BW
United Kingdom

-Paul Goffin
TEL: +44 1442 458624

-David Miller
TEL: +44 1442 458600
FAX: +44 1442 458601

CST Lab: NVLAP 200017-0

AEP Enterprise CM
(Hardware Version: 2731_G1; Firmware Version: 1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/02/2005 Overall Level: 4 

-FIPS Approved algorithms: Triple-DES (Cert. #290); AES (Cert. #196); DSA (Cert. #123); SHS (Cert. #275); RNG (Cert. #41); RSA (Cert. #32); Triple-DES MAC (Cert. #290, vendor affirmed)

-Other algorithms: DES (Cert. #281); MD5; Diffie-Hellman (key agreement); XOR

Multi-chip embedded

"The AEP Enterprise CM by AEP Networks offers the next generation security platform for managing cryptographic keys and protecting sensitive applications. The AEP Enterprise CM is a hardware security module (HSM) designed for managing mission critical applications that demand maximum security. It is ideally suited for companies that need secure key management for certification authorities, registration authorities, OCSP responders, smart card issuers, web servers and other applications."
540 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-500
(Hardware Version: P/N NS-500 Version 4110; Firmware Version ScreenOS 5.0 r9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005;
06/10/2005
12/02/2005;
01/26/2006;
06/20/2006;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #244); Triple-DES (Cert. #50); DSA (Cert. #134); SHS (Cert. #47); RSA (Cert. #23); HMAC (Cert. #54); RNG (Cert. #32)

-Other algorithms: DES (Cert. #115); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Juniper Networks NetScreen-500 is a purpose-built internet security appliance that provides advanced firewall, IPSec VPN, and traffic management functionality, optimized for the most demanding environments such as medium and large enterprise offices, carrier infrastructures, or service providers."
539 Juniper Networks, Inc.
1194 Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Networks NetScreen-5XT
(Hardware Version: P/N NS-5XT Version 1010; Firmware Version ScreenOS 5.0 r9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/02/2005;
06/10/2005
12/02/2005;
01/26/2006;
06/20/2006;
12/11/2013
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #11); Triple-DES (Cert. #118); DSA (Cert. #132); SHS (Cert. #103); RSA (Cert. #24); HMAC (Cert. #52); RNG (Cert. #33)

-Other algorithms: DES (Cert. #174); MD5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Juniper Networks NetScreen-5XT is a purpose-built Internet security appliance that delivers firewall, VPN and traffic shaping that offers a complete security solution for telecommuters, small-sized companies and branch offices. Featuring two 10 Base-T Ethernet ports (trust and untrusted), the Juniper Networks NetScreen-5XT performs at near wirespeed, protecting the LAN from attack and providing IPSEC based VPN capabilities."
538 Rockwell Collins, Inc.
400 Collins Road NE
Cedar Rapids, IA 52498
USA

TEL: 319-295-5997

CST Lab: NVLAP 200002-0

Common Crypto Circuit Card Assembly
(Hardware Version: 944-2541-002; Software Version: 091-3186-001)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005 Overall Level: 1 

-Physical Security: Level 2
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Cert. #169)

-Other algorithms: Serpent; Twofish; Triple-DES

Multi-chip embedded

"The Common Crypto Circuit Card Assembly is a module designed for use in Link 16 communication platforms. The module can be used in an external cryptographic application or embedded in an internal application. The module hosts four commercial cryptographic algorithms for data encryption/decryption. The algorithms are stored in memory. One of the four algorithms is selected for use and loaded. The module accepts up to eight keys which are externally generated and loaded. The AES algorithm operates in a FIPS-approved mode."
537 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI
(Hardware Versions: nC4033P-4K0, nC4033P-800, and nC4033P-50 Build Standard C; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3 +EFP
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware module that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
536 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI
(Hardware Versions: nC4033P-4K0, nC4033P-800, and nC4033P-50 Build Standard C; Firmware Version: 2.18.15-3)

(When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware module that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
535 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nToken
(Hardware Version: nC2022P-000 Build Standard E; Firmware Version: 2.18.15)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: N/A

Multi-chip embedded

"The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
534 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI, nForce 1600 PCI, and nForce 800 PCI
(Hardware Versions: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, nC3033P-1K6, and nC3033P-800 Build Standard C; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers.. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
533 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI, nForce 1600 PCI, and nForce 800 PCI
(Hardware Versions: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, nC3033P-1K6, and nC3033P-800 Build Standard C; Firmware Version: 2.18.15-3)

(When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
06/06/2005;
03/09/2006;
03/15/2006
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #109 and 155); Triple-DES MAC (Certs. #109 and 155, vendor affirmed); AES (Cert. #15); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Certs. #173 and 201); DES MAC (Certs. #173 and 201, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nForce 800 PCI and nForce 1600 PCI family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
532 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 PCI and nForce 300 PCI
(Hardware Versions: nC3022P-150 and nC3022P-300 Build Standard E; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
531 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce 150 SCSI and nForce 400 SCSI
(Hardware Versions: nC3022W-150 and nC3022W-400 Build Standard D; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nForce family of secure e-commerce HSM's improves data security and increases server throughput in applications using the Secure Sockets Layer protocol such as: secure web servers, e-commerce sites, Internet financial transactions, authenticated access to intranets and extranets and digital signatures and secure messaging."
530 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 SCSI and F2 Ultrasign SCSI
(Hardware Versions: nC4022W-150 and nC4022W-400 Build Standard DR; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
529 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 PCI and nShield F2 Ultrasign PCI
(Hardware Versions: nC4022P-150 and nC4022P-300 Build Standard ER; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
528 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher F3 PCI for NetHSM, nShield F3 PCI, nShield Lite, nShield F3 Ultrasign 32 PCI, nShield F3 Ultrasign PCI, payShield PCI, payShield Ultra PCI, and payShield Ultra PCI for NetHSM
(Hardware Versions: nC4032P-300N, nC4032P-150, nC4032P-30, nC4132P-300, nC4032P-300, nC4232P-150, nC4232P-300, and nC4232P-300N Standard ER Build; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
527 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher F3 PCI for NetHSM, nShield F3 PCI, nShield Lite, nShield F3 Ultrasign 32 PCI, nShield F3 Ultrasign PCI, payShield PCI, payShield Ultra PCI, and payShield Ultra PCI for NetHSM
(Hardware Versions: nC4032P-300N, nC4032P-150, nC4032P-30, nC4132P-300, nC4032P-300, nC4232P-150, nC4232P-300, and nC4232P-300N Standard ER Build; Firmware Version: 2.18.15-3)

(When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
526 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI, nShield F3 Ultrasign 32 SCSI, nShield F3 Ultrasign SCSI, payShield SCSI, and payShield Ultra SCSI
(Hardware Versions: nC4032W-150, nC4132W-400, nC4032W-400, nC4232W-150, and nC4232W-400 Build Standard DP; Firmware Version: 2.18.15-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
525 nCipher Corporation Ltd.
500 Unicorn Park Drive
Woburn, MA 01801-3371
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 SCSI, nShield F3 Ultrasign 32 SCSI, nShield F3 Ultrasign SCSI, payShield SCSI, and payShield Ultra SCSI
(Hardware Versions: nC4032W-150, nC4132W-400, nC4032W-400, nC4232W-150, and nC4232W-400 Build Standard DP; Firmware Version: 2.18.15-3)

(When initialized to Overall Level 3 per Security Policy - Only operates in FIPS mode at Level 3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/10/2005;
03/09/2006;
03/15/2006
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #15); Triple-DES (Cert. #34); Triple-DES MAC (Cert. #34, vendor affirmed); DSA (Cert. #113); SHS (Cert. #255); HMAC (Cert. #3); RSA (Cert. #16); RNG (Cert. #20)

-Other algorithms: DES (Cert. #24); DES MAC (Cert. #24, vendor affirmed); ARC FOUR; CAST5; CAST 6; MD2; MD5; RIPEMD 160; SEED; HMAC (MD2, MD5, and RIPEMD160); El-Gamal; Diffie-Hellman (key agreement); Blowfish; Twofish; Serpent; KCDSA; HSA 160

Multi-chip standalone

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
524 IBM® Corporation
2455 South Road
P330
Poughkeepsie, NY 12601
USA

-Barry Ward
TEL: 845-435-4881
FAX: 845-435-5540

-Kevin Gotze
TEL: 845-435-1056

CST Lab: NVLAP 100432-0

IBM eServer Cryptographic Coprocessor Security Module
(Hardware Version: P/N 16R0911, Model 4764-001; Firmware Version: 1.16)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/27/2005 Overall Level: 4 

-FIPS Approved algorithms: Triple-DES (Cert. #215); AES (Cert. #103); SHS (Cert. #194); DSA (Cert. #106); RNG (Cert. #36)

-Other algorithms: DES (Cert. #237); DES MAC (Cert. #237, vendor affirmed); MD5; RSA (ISO 9796)

Multi-chip embedded

"The IBM eServer Cryptographic Coprocessor Security Module, is a tamperresponding, programmable, cryptograhpic PCIX card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is available for use as a feature in IBM eServer, zSeries990 and zSeries890 servers."
523 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166-9309
USA

-Michael Teal
TEL: 571-434-2129
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

Cryptek Common Security Module (CSM)
(Hardware Versions: 5110N0017-1, 5110N0017-2, 5110N0017-3, 5110N0017-4; Firmware Versions: 2.1.9 and 2.4.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/27/2005;
06/29/2005;
10/13/2005
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24)

-Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5, Diffie-Hellman (key agreement)

Multi-chip embedded

"The CSM is a secure network product designed to enforce three distinct information flow policies: Mandatory Access Control (MAC), Discretionary access Control (DAC), and Packet filtering. The design can support multiple security domains on a single network infrastructure by combining cryptography and labeling technology. The Cryptek CSM hardware and firmware constitute the core technology used in the DiamondLink, DiamondVPN, DiamondPAK, DiamondSAT, DiamondUTC, CL100, CL150, CL100-F, CP102, CP104, CP106, CV100, CS101, CS102, and CT100."
522 Voltage Security, Inc.
1070 Arastradero Road
Suite 100
Palo Alto, CA 94304
USA

-Matt Pauker
TEL: 650-543-1280
FAX: 650-543-1279

CST Lab: NVLAP 100432-0

Voltage IBE Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/27/2005 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server, Windows 2003 Server, Windows XP Service Pack 2 (in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #291); AES (Cert. #199); DSA (Cert. #124); SHS (Cert. #277); RNG (Cert. #43)

-Other algorithms: DES (Cert. #282); MD5; Identity Based Encryption (IBE)

Multi-chip standalone

"The Voltage IBE Cryptographic Module is a component of the Voltage IBE Toolkit, a set of development tools that enable any application to quickly and easily use Identity Based Encryption (IBE) to secure data. IBE uses simple strings like email or IP addresses as public keys, eliminating the need for certificates and associated management. The Voltage IBE Cryptographic Module also contains implementations of 3DES, AES, SHA- 1, and DSA. The Voltage IBE Toolkit is available for download at http://developer.voltage.com"
521 Communication Devices, Inc.
#1 Forstmann Court
Clifton, NJ 07011
USA

-Donald Snook
TEL: 973-772-6997
FAX: 973-772-0740

CST Lab: NVLAP 200002-0

Port Authority 88
(Hardware Version: 01-03-0780; Firmware Version: 2.15)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/07/2005 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #297); Triple-DES MAC (Cert. #297, vendor affirmed)

-Other algorithms:

Multi-chip standalone

"The Port Authority 88 is designed to protect firewall/router console port access. The device was designed to overcome the weaknesses of RADIUS and TACACS+ for remote access authentication. The Port Authority 88 stores its own database of up to 150 users right on board. The Port Authority 88 supports speeds up to 115.2 Kbps and has a built in V.34 internal modem. Full Triple-DES encryption is supported."
520 Communication Devices, Inc.
#1 Forstmann Court
Clifton, NJ 07011
USA

-Donald Snook
TEL: 973-772-6997
FAX: 973-772-0740

CST Lab: NVLAP 200002-0

Port Authority 44
(Hardware Version: 01-03-0782; Firmware Version: 2.15)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/07/2005 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #297); Triple-DES MAC (Cert. #297, vendor affirmed)

-Other algorithms:

Multi-chip standalone

"The Port Authority 44 is designed to protect firewall/router console port access. The device was designed to overcome the weaknesses of RADIUS and TACACS+ for remote access authentication. The Port Authority 44 stores its own database of up to 150 users right on board. The Port Authority 44 supports speeds up to 115.2 Kbps and has a built in V.34 internal modem. Full Triple-DES encryption is supported."
519 Avaya, Inc.
Atidim Technology Park
Tel Aviv, 61131
Israel

-Pesah Spector
TEL: +972 3645 9162
FAX: +972 3645 8462

CST Lab: NVLAP 100432-0

G350 Branch Office Media Gateway w/FIPS
(Hardware Version: P/N 700356249 Version 1.0; Firmware Version: 23.18.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/07/2005;
05/05/2005
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #273); AES (Cert. #171); SHS (Cert. #256); HMAC-SHA-1 (Cert. #256, vendor affirmed); RSA (Cert. #17); RNG (Cert. #21)

-Other algorithms: DES (Cert. #269); Diffie-Hellman (key agreement); MD5; H248 Link Encryption; Avaya Media Encryption; SSHv2

Multi-chip standalone

"The Avaya G350 Branch Office Media Gateway is a complete branch office business communications system that integrates an IP telephony gateway, an advanced IP WAN router, and a high performance LAN switch into a compact (3U) modular chassis. Ideally suited for enterprise with distributed branch office locations of 8-40 extensions, the G350 replaces the complexity and cost of managing disparate key and voice systems with a survivable networked solution that is easy to deploy and can be administered from a central location."
518 Cisco Systems, Inc.
7025-6 Kit Creek Road
PO Box 14987
Research Triangle Park, NC 27709-4987
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 831 Secure Broadband Router
(Hardware Version: 831; Firmware Version: 12.3(8)T5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/07/2005;
05/24/2005;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #271); AES (Cert. #46); RNG (Cert. #31); SHS (Cert. #252); HMAC-SHA-1 (Cert. #252; vendor affirmed)

-Other algorithms: DES (Cert. #267); Diffie-Hellman (key agreement); MD5; HMAC-MD5; RSA (non-compliant)

Multi-chip standalone

"Branch office networking requirements are dramatically evolving, driven by web and e-commerce applications to enhance productivity and merging the voice and data infrastructure to reduce costs. The Cisco 831 Secure Broadband Router provides a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
517 SafeNet Canada, Inc. and Cavium Networks
One Chrysalis Way
Ottawa, Ontario K2G 6P9
Canada

-Randy Kun
TEL: 613-723-5076 x3427
FAX: 613-274-6365

-Rajneesh Gaur
TEL: 408-844-8420 x212
FAX: 408-844-8418

CST Lab: NVLAP 200427-0

Luna K4 Cryptographic Module / NITROX XL CN1120-NFB Acceleration Board, NITROX XL CN1010-NFB Acceleration Board, NITROX XL CN1005-NFB Acceleration Board
(Hardware Versions: VBD-02-0200 and VBD-02-0201; Firmware Version: 4.3.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/22/2005;
12/02/2005
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #189 and #191); Triple-DES (Certs. #286 and #287); DSA (Cert. #119); RSA (Certs. #27 and #28); ECDSA (Cert. #3); SHS (Cert. #270); HMAC (Cert. #4); Triple-DES MAC (Certs. #286 and #287, vendor affirmed); RNG (Cert. #37)

-Other algorithms: DES (Certs. #276 and #277); DES MAC (Certs. #276 and #277, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; DH-1024; CAST-MAC; CAST3-MAC; CAST5-MAC; HMAC-MD5; KCDSA; AES MAC; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement)

Multi-chip embedded

"The SafeNet K4 Cryptographic Module is a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
516 SafeNet Canada, Inc. and Cavium Networks
One Chrysalis Way
Ottawa, Ontario K2G 6P9
Canada

-Randy Kun
TEL: 613-723-5076 x3427
FAX: 613-274-6365

-Rajneesh Gaur
TEL: 408-844-8420 x212
FAX: 408-844-8418

CST Lab: NVLAP 200427-0

Luna K4 Cryptographic Module / NITROX XL CN1120-NFB Acceleration Board, NITROX XL CN1010-NFB Acceleration Board, NITROX XL CN1005-NFB Acceleration Board
(Hardware Versions: VBD-02-0200 and VBD-02-0201; Firmware Version: 4.3.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/22/2005;
12/02/2005
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #189 and #191); Triple-DES (Certs. #286 and #287); DSA (Cert. #119); RSA (Certs. #27 and #28); ECDSA (Cert. #3); SHS (Cert. #270); HMAC (Cert. #4); Triple-DES MAC (Certs. #286 and #287, vendor affirmed); RNG (Cert. #37)

-Other algorithms: DES (Certs. #276 and #277); DES MAC (Certs. #276 and #277, vendor affirmed); RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; DH-1024; CAST-MAC; CAST3-MAC; CAST5-MAC; HMAC-MD5; KCDSA; AES MAC; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement); EC Diffie-Hellman (key agreement)

Multi-chip embedded

"The SafeNet K4 Cryptographic Module is a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
515 GuardianEdge Technologies, Inc.
475 Brannan Street
Suite 400
San Francisco, CA 94107
USA

-Seth Ross
TEL: 415-683-2240
FAX: 415-683-2349

CST Lab: NVLAP 100432-0

Encryption Plus Cryptographic Library
(Software Versions: 1.0.1, 1.0.2 and 1.0.4)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/22/2005;
02/23/2006;
02/24/2006;
02/27/2006;
11/28/2007;
04/29/2008;
05/08/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 for Versions 1.0.1 and 1.0.2 with Microsoft Windows 2000 Service Pack 4 (in single-user mode) and Version 1.0.4 with Microsoft Windows Vista Ultimate Service Pack 1 and Microsoft Windows XP Service Pack 2 (in single-user mode)

-FIPS Approved algorithms: AES (Certs. #154 and #759); HMAC-SHA-1 (Cert. #239, vendor affirmed); HMAC (Cert. #414); SHS (Certs. #239 and #766); RNG (Certs. #45 and #437)

-Other algorithms: N/A

Multi-chip standalone

"The Encryption Plus Cryptographic Library is a compact and fast encryption module that provides cryptographic services to the following products: GuardianEdge Data Protection Framework, GuardianEdge Hard Disk Encryption, GuardianEdge Removable Storage Encryption, Encryption Anywhere Hard Disk, Encryption Anywhere Removable Storage, Encryption Anywhere CD-DVD, Encryption Plus Hard Disk, Encryption Plus Email, and Encryption Plus Folders."
514 WRQ, Inc.
1500 Dexter Avenue North
Seattle, WA 98109
USA

-Eric Raisters
TEL: 206-217-7100
FAX: 206-217-7515

CST Lab: NVLAP 100432-0

Reflection Security Component (RSC)
(Software Version: 12.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/15/2005 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 SP3 (in single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #278, #279 and #280); AES (Cert. #176); RSA (Cert. #21); DSA (Cert. #116); SHS (Certs. #261, #262 and #263); HMAC-SHA-1 (Certs. #261, #262 and #263, vendor affirmed); RNG (#26)

-Other algorithms: DES (Certs. #273 and #274); Diffie-Hellman (key agreement); Blowfish; Arcfour; CAST; RIPEMD 160; MD4; MD5; HMAC-MD5

Multi-chip standalone

"WRQ Reflection software provides a complete range of terminal-emulation and PC X-server solutions for host access from Windows PCs. Each solution is specifically designed to boost IT efficiency and user productivity and includes full support for popular network security protocols such as Secure Shell, TLS/SSL, and Kerberos."
513 RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

-Jim Spence
TEL: 785-856-1300
FAX: 785-856-1302

CST Lab: NVLAP 100432-0

DPHx Radio with LZA0577 Cryptographic Module
(Hardware Version: P/N DPHX5102X Versions 110504, 120104, 040805, 052005, 011606 and 030206; Firmware Versions: 722-05058-0000, 722-05059-0000, 722-05060-0000, 722-05061-0000)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/15/2005;
04/20/2005;
06/06/2005;
01/31/2006;
03/29/2006
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #195); RSA (Cert. #31); SHA-1 (Cert. #274)

-Other algorithms: DES (Cert. #280); NDRNG

Multi-chip standalone

"The DPHx Radio with LZA0577 Cryptographic Module is a public safety radio that provides secure, encrypted digital communication."
512 E.F. Johnson Co.
123 N. State St.
Waseca, MN 56093
USA

-John Oblak
TEL: 507-837-5116
FAX: 507-837-5120

CST Lab: NVLAP 100432-0

Communication Cryptographic Library (CCL)
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/15/2004;
05/05/2005
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP1; Pocket PC 2003 (in single-user mode)

-FIPS Approved algorithms: AES (Cert. #131); SHS (Cert. #215); DSA (Cert. #101); HMAC-SHA-1 (Cert. #215, vendor affirmed); RNG (Cert. #6)

-Other algorithms: DES (Cert. #248); SecureNet DES 1 bit CFB with differential encoding and decoding; DES 8 bit CFB; DES 8 bit OFB; DES 1 bit CFB

Multi-chip standalone

"The E.F. Johnson Co. Communication Cryptographic Library (CCL) is a Microsoft Windows 2000/2003/XP and Pocket PC 2003 Dynamic Link Library that performs security related functions. The CCL is packaged as a Software Development Kit which makes available an Application Programming Interface (API) for all the security functions of the CCL. The security functions available via the APIs are: AES 128 bit, AES 192 bit, AES 256 bit, DES, DSA 1024 bit Signature Generation and Verification, HMAC, PRNG, and SHA-1. The CCL is used in the E.F. Johnson Subscriber Management Assistant key loader."
511 Forum Systems, Inc.
45 West 10000 South
Suite 415
Sandy, UT 84070
USA

-Bruce Herron
TEL: 425 882 9808
FAX: 801-313-4401

CST Lab: NVLAP 200017-0

Forum FIA Gateway 1504G
(Hardware Version: 1504; Firmware Version: 4.3)

(When operated in FIPS mode and using the nCipher 1600 PCI card (Cert. #402))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/28/2005;
03/02/2005
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #267); AES (Cert. #165); SHS (Cert. #249); HMAC-SHA-1 (Cert. #249, vendor affirmed); DSA (Cert. #60); RSA (PKCS #1, vendor affirmed)

-Other algorithms: DES (Cert. #265); Diffie-Hellman (key agreement); MD5; RC4

Multi-chip standalone

"Forum FIA Gateway provides the foundation infrastructure that drives a return on investment by enabling secure XML and Web services communications for mission critical applications. Forum FIA Gateway industry specific solutions include: government compliance, secure electronic forms, secure partner integration, secure partner collaboration, electronic notary, evidence repository as well as secure Service Oriented Architectures."
510 AEP Networks
40 West Gude Drive
Suite 100
Rockville, MD 20850
USA

-Chris Brook
TEL: 240-399-1214
FAX: 240-399-1250

CST Lab: NVLAP 200648-0

SmartGate
(Software Version: 4.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/28/2005;
03/02/2005;
05/23/2006
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux RedHat 7.2; Sun Solaris 8

-FIPS Approved algorithms: AES (Cert. #35); Triple-DES (Cert. #263); SHA-1 (Cert. #87); RSA (Cert. #11); RNG (Cert. #9)

-Other algorithms: DES (Cert. #159); DES MAC (Cert. #159, vendor affirmed); RC4; MD5

Multi-chip standalone

"SmartGate is one of the most comprehensive security products on the market. It is a virtual private network (VPN) software that provides secure encrypted channels between users outside your network and the applications and data contained within your network. Fine-grain access control ensures that authorized users are allowed access to specific applications only."
509 Dreifus Associates Limited, Inc.
3300 W. Lake Mary Blvd.
Suite 300
Lake Mary, FL 32746
USA

-Nicholas D. Pileggi Jr.
TEL: 407-585-2840
FAX: 407-531-9932

CST Lab: NVLAP 100432-0

DAL C32 Applet Suite on Axalto Cyberflex Access 64Kv1 Smart Card Chip
(Hardware Version: Cyberflex Access 64Kv1 P/N M512LACC1; Firmware Version: OS HardMask 5 v1, OS SoftMask 4 v1, AC Applet v1.0, GSC Service Applet v1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/28/2005;
03/23/2005
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (Cert. #58)

-Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed);

Single-chip

"The DAL C3 suite of Applets on the Axalto Cyberflex 64k smart card module provides digital signature, key generation, and secure storage of data. The smart card module conforms to Java Card 2.1.1, Open Platform 2.0.1, and GSC-ISv2.1. End users can utilize the module services for network authentication, physical access, digital signature, and secure storage."
508 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition (ME)
(Software Version: 1.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/28/2005;
10/07/2005;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Service Pack 4, Solaris 8 32-bit, Solaris 8 64-bit, Red Hat Linux 7.2, Red Hat Enterprise Linux Advanced Server 3.0, PocketPC 2003, AIX 5L 5.2, HP-UX 11.0 PARISC2.0, HP-UX 11.0 PARISC 2.0W, HP-UX 11.11 PARISC2.0, HP-UX 11.11 PARISC2.0W, VxWorks 5.4 PowerPC750, VxWorks 5.5 PowerPC7410, VxWorks 5.5 PowerQuicc II

-FIPS Approved algorithms: DSA (Cert. #121); Triple-DES (Cert. #288); AES (Cert. #192); SHS (Cert. #272); RSA (Cert. #29); RNG (Cert. #39); HMAC (Cert. #7)

-Other algorithms: DES (Cert. #278); MD2; MD5; HMAC-MD5; RC2; RC4; RC5; Diffie-Hellman (key agreement)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors while offering great flexibility and choice by allowing developers to select only the algorithms needed in reduced code sizes. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
507 ALERTCO RF/RFID
217 New Brighton Lane SE
Calgary, Alberta T2Z 0E3
Canada

-Gerry Smalley
TEL: 403-719-6249

CST Lab: NVLAP 100432-0

TIMAC Cryptographic Module
(Hardware Version: P/N EM01-01 Rev. 1.1; Firmware Version; 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/11/2005;
04/07/2005;
01/11/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #149)

-Other algorithms:

Multi-chip embedded

"The TIMAC module is a 17 pin header mounted multi-chip embedded firmware microprocessor module used to encrypt and decrypt point-to-point or point-to-multipoint serial data. The device is a FIPS 140-2 Level 3 compliant and certified, high performance device implementing the AES algorithm operating in 128 bit ECB, CBC, and CFB modes. This encryption engine can be incorporated into OEM projects and products with the addition of a simple API to their hardware, for both hardwired and wireless applications, as well as any other highly secured applications such as Government and Financial Institutions. It can be used in other data transmission applications requiring NSA approved serial data encryption."
506 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Mike Siegel
TEL: 888-847-8766

CST Lab: NVLAP 200002-0

McAfee Endpoint Encryption for PCs Client (formerly SafeBoot Client)
(Software Version: 4.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/24/2005;
04/30/2007;
06/23/2008
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 withWindows 2000 Professional (Service Pack 2) and Windows XP Professional in single-user mode

-FIPS Approved algorithms: DSA (Certs. #53 and #112); AES (Certs. #21 and #170); RNG (Cert. #15); SHS (Certs. #71 and #254)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"McAfee Endpoint Encryption for PCs Client is a high performance software solution that provides sector-level encryption of a PC's hard drive in a manner that is totally transparent to the user. In addition, the centralized McAfee Endpoint Encryption management system provides robust recovery tools, administration, and implementation."
505 Meganet Corporation
350 South Figueroa Street
Suite 450
Los Angeles, CA 90071
USA

-Saul Backal
TEL: 213-620-1666
FAX: 213-620-1655

CST Lab: NVLAP 100432-0

VME Crypto Engine
(Version 4.4.0.0/M145)

(When operated with the Microsoft® Base Cryptographic Provider validated to FIPS 140-1 under Certificate #238 operating in FIPS mode for the operating systems specified)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/24/2005;
02/04/2005;
05/04/2005;
12/07/2007
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Version 2002 SP1. The following operating systems must use the Microsoft® Base Cryptographic Provider validated to FIPS 140-2 under Certificate #238 operating in FIPS mode: Windows 98, Second Edition, Windows ME Build 4.90.3000, Windows NT 4.0 Workstation SP 6, Windows NT 4.0 Server SP 6, Windows 2000 Professional SP4, Windows 2000 Server SP 4, Windows 2000 Advanced Server SP 4, Windows XP Home Edition SP 1, Windows Server 2003 Enterprise Edition (all in single-user mode)

-FIPS Approved algorithms: AES (Cert. #77); Triple-DES (Cert. #188); SHA-1 (Cert. #83); RSA (PKCS #1, vendor affirmed)

-Other algorithms: VME

Multi-chip standalone

"VME Crypto Engine is a suite of tools that make data encryption and decryption easy and reliable. VME Crypto Engine also provides tools that allow you to encrypt and decrypt email messages, chat sessions, files transmitted ftp, and more."
504 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo
TEL: 954-888-6200 x6202
FAX: 954-888-6211

CST Lab: NVLAP 200002-0

DC2K Security Module
(Hardware Version: 3.411 (build 1213B130_PL_Iss002); Software Version: v3.411, Magazines: Triple-DES magazine version DHDES3_V1_81, AES magazine versions DHAES128_V1_19, DHAES192_V1_10 and DHAES256_V1_10)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/24/2005;
10/13/2005
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #251); AES (Certs. #151, #152 and #153); SHS (Cert. #230); DSA (Cert. #104); RNG (Cert. #17)

-Other algorithms:

Multi-chip embedded

"The DC2K Security Module is a multiple-chip embedded cryptographic module installed in the Datacryptor® 2000 that secures communications using signed Diffie-Hellman key exchange and Triple-DES or AES encryption over point-to-point links, X.25, Frame Relay, and IP networks. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
503 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo
TEL: 954-888-6200 x6202
FAX: 954-888-6211

CST Lab: NVLAP 200002-0

DCAP Security Module
(Hardware Version: v3.511 (build 1213E130_PL_Iss003); Software Version: v3.511, Magazines: Triple-DES magazine version DHDES3_V1_95, AES magazine versions DHAES128_V1_31, DHAES192_V1_22 and DHAES256_V1_21)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/24/2005;
03/14/2005;
10/13/2005
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #282); AES (Certs. #178, #179 and #180); SHS (Cert. #266); DSA (Cert. #117); RNG (Cert. #29)

-Other algorithms:

Multi-chip embedded

"The DCAP Security Module is a multiple-chip embedded cryptographic module installed in the Datacryptor® Advanced Performance Cryptographic Module (known as the Datacryptor® AP). It secures communications using signed Diffie-Hellman key exchange and Triple- DES or AES encryption over IP networks. It provides data encryption rates of up to 100 Megabits per second (Mbps). The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
502 3e Technologies International, Inc.
700 King Farm Blvd.
Suite 600
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1403

CST Lab: NVLAP 200427-0

3e-525A, 3e-525N and 3e-519 Wireless Gateway
(Hardware and Firmware Versions: 3e-525A ([Hardware Version 1; Firmware Version 3.0.18.14] and [Hardware Version 2; Firmware Version 3.0.18.16]), 3e-525N ([Hardware Version 1; Firmware Version 3.0.18.14] and [Hardware Version 2; Firmware Version 3.0.18.16]) and 3e-519 ([Hardware Version 1; Firmware Version 3.0.18.14] and [Hardware Version 2; Firmware Version 3.0.18.16]))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/18/2005;
10/31/2005
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #292); AES (Cert. #200); HMAC (Cert. #13); SHS (Cert. #278); RNG (Cert. #22)

-Other algorithms: Diffie-Hellman (key agreement); RSA (PKCS#1; non-compliant); MD5; RC4; DES; AES (non-compliant)

Multi-chip standalone

"A problem of increasing concern in the deployment of Wireless LANs throughout enterprise environments is security. 3e Technologies International meets this need by providing a secure, accessible, highperformance WLAN end-to-end solution, through its family of Secure Wireless Gateway/Access Points and Secure Client solutions. The 3e family of Secure Wireless Gateways implements a cryptographic suite including AES, 3DES, SHA-1, HMAC SHA-1, Diffie-Hellman, and HTTPS/TLS. These algorithms are used in combination to protect the main Gateway services of bridging from wired uplink LAN to the wire."
501 Dreifus Associates Limited, Inc.
3300 W. Lake Mary Blvd.
Suite 300
Lake Mary, FL 32746
USA

-Nicholas D. Pileggi Jr.
TEL: 407-585-2840
FAX: 407-531-9932

CST Lab: NVLAP 100432-0

DAL C3 Applet Suite on Axalto Cyberflex Access 64Kv1 Smart Card Chip
(Hardware Version: Cyberflex Access 64Kv1 P/N M512LACC1; Firmware Version: OS HardMask 5 v1, OS SoftMask 4 v1, AC Applet v1.0, GSC Service Applet v1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/18/2005 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #179); DES MAC (Cert. #179, vendor affirmed)

Single-chip

"The DAL C3 suite of Applets on the Axalto Cyberflex 64k smart card module provides digital signature, key generation, and secure storage of data. The smart card module conforms to Java Card 2.1.1, Open Platform 2.0.1, and GSC-ISv2.1. End users can utilize the module services for network authentication, physical access, digital signature, and secure storage."
500 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry® Cryptographic Kernel
(Firmware Versions: 3.8.0.18[1], 3.8.0.20[1], 3.8.0.23[1], 3.8.0.23b [1,2], 3.8.0.24[1], 3.8.0.24b[1,2], 3.8.0.26[1], 3.8.0.26b[1,2], 3.8.0.27[1] and 3.8.0.27b[1,2])

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 01/18/2005;
01/31/2005;
03/11/2005;
06/30/2005;
08/24/2005;
09/09/2005;
10/07/2005
Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry® 7230 with BlackBerry OS® Versions 3.8[1], 4.0[1] and 4.1[2]

-FIPS Approved algorithms: Triple-DES (Cert. #281); AES (Cert. #177); SHS (Cert. #264); HMAC (Cert. #1); RSA (Cert. #22); RNG (Cert. #27)

-Other algorithms: EC Diffie-Hellman (key agreement); ECMQV (key agreement)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry®."
499 E.F. Johnson Co.
123 N. State St.
Waseca, MN 56093
USA

-John Oblak
TEL: 507-837-5116
FAX: 507-837-5120

CST Lab: NVLAP 100432-0

Subscriber Encryption Module (SEM)
(Hardware Versions: 023-5000-980, 023-5000-982; Firmware Version: 3.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/18/2005;
05/05/2005
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #143); SHS (Cert. #238); HMAC-SHA-1 (Cert. #238, vendor affirmed); DSA (Cert. #110); RNG (Cert. #5 and FIPS 186-2 - general purpose, vendor affirmed)

-Other algorithms: DES (Cert. #253); SecureNet DES 1 bit CFB with differential encoding and decoding

Multi-chip embedded

"The E.F. Johnson Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the E.F. Johnson 5100 series radio with secure encrypted voice communication. The SEM supports AES OTAR, AES, DES, DSA, and SHA-1 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security."
498 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Dennis Crowe
TEL: 203-924-3612
FAX: 203-924-3352

CST Lab: NVLAP 100432-0

Compliant Meter Postal Security Device (CoMet PSD)
(Hardware Version: P/Ns 1A00 Version BAA, 1AEC Version AAA, 1APC Version ABC)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/18/2005 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #98); Triple-DES MAC (Cert. #98, vendor affirmed); DSA (Cert. #58); SHS (Cert. #86); Skipjack (Cert. #6); RSA (PKCS #1, vendor affirmed); HMAC-SHA-1 (Cert #86, vendor affirmed); ECDSA (vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Pitney Bowes Compliant Meter Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP) and with the Canada Post Corporation’s Digital Meter Indicia Specification 3457. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes IBIP Metering products. The PSD is a secure module employed within the metering product which performs high-speed cryptographic functions, funds management, and printer administration functions that preclude unauthorized disbursing of indicia. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
497 IBM® Corporation
11400 Burnet Road
Austin, TX 78758
USA

-Tom Benjamin
TEL: 512-436-1223
FAX: 512-436-8009

CST Lab: NVLAP 200427-0

IBM Java JCE 140-2 Cryptographic Module
(Software Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/07/2005;
01/11/2005;
09/07/2005
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional using IBM JVM 1.4.2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #78); Triple-DES (Cert. #189); DSA (Cert. #114); SHS (Cert. #259); HMAC-SHA-1 (Cert. #259, vendor affirmed); RSA (Cert. #18); RNG (Cert. #23)

-Other algorithms: Diffie-Hellman (key agreement); MD5

Multi-chip standalone

"The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.4.0 level and higher."
496 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Government Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Enterprise Server™ Cryptographic Kernel
(Software Version: 1.0.1.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/07/2005;
01/11/2005;
08/24/2005
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows NT Server 4.0 SP 6a

-FIPS Approved algorithms: Triple-DES (Cert. #216); AES (Cert. #104); SHS (Cert. #265); HMAC (Cert. #2); RNG (Cert. #28)

-Other algorithms: Rijndael

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-toend solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
495 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo
TEL: 888-744-4976 x6202
FAX: 954-888-6211

CST Lab: NVLAP 200017-0

Thales Datacryptor Gigabit
(Hardware Version: C; Firmware Version: 2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/07/2005;
10/13/2005
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHA-1 (Cert. #117); HMAC-SHA-1 (Cert. #117, vendor affirmed); RSA (PKCS#1, vendor affirmed)

-Other algorithms: DES (Cert. #260); Diffie-Hellman (key agreement); MD5; HMAC-MD5

Multi-chip standalone

"The Datacryptor Gigabit is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, the Datacryptor Gigabit has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it. Fully compatible with existing IP networks, the Datacryptor Gigabit can be seamlessly deployed into Gigabit Ethernet environments, including IP siteto-site VPNs and storage over IP networks. Its high-speed AES and 3DES IPSec processing eliminates bottlenecks while providing data authentication, confidentiality, and integrity."


Need Assistance?