Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
All

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSE. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the appropriate vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
729	Cisco Systems, Inc 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) (Hardware Versions: Chassis: 6506, 6506-E, 6509 and 6509-E; Backplane: Hardware Versions 1.0 (6506-E), 1.1 (6509-E) and 3.0 (6506, 6509); Supervisor Blade: Hardware Versions: 4.1 (SUP720-3B) and 4.0 (SUP720-3BXL); WiSM: Hardware Version 1.2; Firmware Versions: 12.2(18)SXF4, Build adventerprisek9 (Supervisor) and 3.2.116.21 (WiSM)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/21/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #369 and #368); SHS (Certs. #442 and #441); HMAC (Cert. #164); RSA (Certs. #124 and #123); RNG (Cert. #177); CCM (Cert. #10) -Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
728	Extreme Networks 3585 Monroe Street Santa Clara, CA 95051 USA -Prasad Yerneni TEL: 408-579-3379	Sentriant CE150 (Hardware Version: A; Firmware Version: 4.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/21/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #79); RNG (Cert. #112) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; HMAC MD5; DES Multi-chip standalone "The Sentriant CE150 is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, it has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
727	Ceragon Networks, Ltd. 24 Raoul Wallenberg Street Tel-Aviv, 69719 Israel -Yossi Sarusi TEL: 972 3 7666436 FAX: 972 3 6455559 -Boris Radin TEL: 972 3 76668160 FAX: 972 3 6455559	FibeAir®1500P™ Secure Basic Indoor Unit (Hardware Version: mux_fal2_4.084.s.frx; Firmware Version: idc_swr_4.80s28.s.idn) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/21/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #395 and #396); RNG (Cert. #192); RSA (Cert. #141); SHS (Cert. #467) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "High capacity broadband wireless system which provide FIPS compliant secure operation."
726	3e Technologies International, Inc. 700 King Farm Blvd. Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-523-F2 Secure Multi-function Wireless Data Point (Hardware Versions: HW V1.0 and V1.1; Firmware Version: 4.1.7.2) (When operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/18/2006; 09/25/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #238); Triple-DES (Cert. #292); SHS (Cert. #278); HMAC (Cert. #13); RNG (Cert. #22); RSA (Cert. #129); CCM (Cert. #1) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; DES; AES CFB (non-compliant) Multi-chip standalone "The 3e-523-F2 operates as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i."
725		Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/15/2006	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
724		Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/15/2006	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
723	Thales e-Security Meadow View House Crendon Industrial Estate, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Tim Fox TEL: +44 (0)1844 201800	Secure Generic Sub-System (SGSS), Version 3.3 (Hardware Version: 1213B130, Rev 2 and 1213D130, Rev 3a; Software Version: 2.5.7) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/18/2006; 09/25/2007	Overall Level: 3  -FIPS-approved algorithms: DSA/SHS (Cert. #24) -Other algorithms: Multi-chip embedded "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000 family, WebSentry™ family, HSM 8000 family, P3™CM family, PaySentry™, 3D Security Module and SafeSign® Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and SHA-1 hashing."
722	Check Point Software Technologies Ltd. 5 Choke Cherry Road Rockville, MD 20850 USA -Wendi Ittah TEL: 703-859-6748 -Malcolm Levy TEL: +972-37534561	VPN-1 (Firmware Version: NGX (R60) with hot fix HFA-03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	12/08/2006; 01/04/2007; 05/02/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -Design Assurance: Level 2 -Tested: Check Point SecurePlatform Operating System, version NGX (R60) HFA-03 on General Purpose Computing platform with single and dual Intel XEON® and single and dual AMD Opteron® processor configurations -FIPS-approved algorithms: Triple-DES (Cert. #338); AES (Cert. #257); SHS (Cert. #332); HMAC (Cert. #67); RSA (Certs. #66 and #132); RNG (Cert. #90) -Other algorithms: DES (Cert. #314); CAST 40 bit; CAST 128 bit; MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 70 and 202 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Check Point's VPN-1 version NGX (R60) with hot fix HFA-03 is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point's Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
721	Neopost Technologies 113 rue Jean-Marin Naudin Bagneaux, 92220 France -Thierry Le Jaoudour TEL: 01 45 36 30 00 FAX: 01 45 36 30 10	N30i/N30ig - 135/136 Meter (Hardware Version: P/N 4127205W; Firmware Versions: P/N 4132525N V50.0, P/N 4134515L/A V50.02 and P/N 4134515L/B V50.03) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/08/2006; 12/19/2006; 09/12/2008	Overall Level: 3  -Physical Security: Level 3 +EFT -FIPS-approved algorithms: DSA (Cert. #61); Triple-DES (Cert. #119); Triple-DES MAC (Cert. #119, vendor affirmed); SHS (Certs. #391 and #455); RNG (Cert. #141) -Other algorithms: Multi-chip embedded "Cryptographic software module used in the N30i/N30ig - 135/136 Postage Meter."
720	Sterling Commerce, Inc. 4600 Lakehurst Court Dublin, OH 43016-2000 USA -Garry Mayo TEL: 469-524-2663 FAX: 469-524-2357 -Dean Vallas TEL: 469-524-2103 FAX: 469-524-2357	Connect:Direct Secure+ Option (Software Version: Version 4.5 on z/OS) (When operated in FIPS mode using IBM eServer zSeries 900 CMOS Cryptographic Coprocessor validated to FIPS 140-1 under Cert. #118 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hybrid	11/15/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with IBM z/OS 1.6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #423 and #28); SHS (Certs. #451 and #37); ECDSA (Cert. #25); DSA (Cert. #37) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Connect:Direct Secure+ Option provides server-based software file-transfer solutions for high-volume applications. Connect:Direct installations typically perform periodic, high-capacity file transfers between specific servers, often for financial services or federal government applications. This software supports multiple server platforms, including mainframe operating systems, UNIX platforms, and Windows servers."
719	Sterling Commerce, Inc. 4600 Lakehurst Court Dublin, OH 43016-2000 USA -Garry Mayo TEL: 469-524-2663 FAX: 469-524-2357 -Dean Vallas TEL: 469-524-2103 FAX: 469-524-2357	Connect:Direct Secure+ Option (Software Version: Version 3.7 on UNIX) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/15/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Solaris 10, IBM AIX 5.3, and HP-UX 11i (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #288, #423, and #424); AES (Certs. #192 and #380); SHS (Certs. #272, #451, #452, and #453); HMAC (Certs. #7 and #168); DSA (Cert. #164); RNG (Certs. #39 and #182) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES; MD5 Multi-chip standalone "Connect:Direct Secure+ Option provides server-based software file-transfer solutions for high-volume applications. Connect:Direct installations typically perform periodic, high-capacity file transfers between specific servers, often for financial services or federal government applications. This software supports multiple server platforms, including mainframe operating systems, UNIX platforms, and Windows servers."
718	Fortress Technologies, Inc. 4023 Tampa Rd Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Security Controller (FC-X) (Hardware Version: FC-X; Firmware Versions: FC-X 4.0.3 and 4.0.4) (When operated in FIPS mode.) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/15/2006; 08/31/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #389 and #390); SHS (Cert. #465); RNG (Certs. #189 and #190); HMAC (Cert. #174) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; RSA (non-compliant); SHS (non-compliant; FPGA); HMAC (non-compliant; FPGA) Multi-chip standalone "The Fortress Security Controller (FC-X) is a high performance electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a custom built multiple processor hardware platform and deployable on any LAN or WAN, the Fortress Security Controller (FC-X) provides encryption, data integrity checking, authentication, access control, and data compression."
717	High Density Devices AS Vestre Strandgate 26 Kristiansand, N-4611 Norway -Aage Kalsaeg TEL: +47 38 10 44 80 FAX: +47 38 10 44 99	SecureD v.1.6.1 (Hardware Version: HW P/N SecureD v.1.6.1 Version 1.6.6; Firmware Version: 1.6.3) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/15/2006; 01/05/2007	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #427); AES (Cert. #383) -Other algorithms: Multi-chip embedded "SecureD is a hardware based encryption device that offers optimal, fully integrated, protection for stored data in IDE data bus based computer systems. SecureD operates fully transparent at the speed of ATA-6 AT API. SecureD is using AES 128/192/256 bits encryption/decryption, and is 100% operating system independent. No SW is installed. Ideal for encryption of disks in Desktop environment, Laptop, and USB/Firewire connected disks."
716	D'Crypt Private Limited 20 Ayer Rajah Crescent #08-08 Technopreneur Centre Singapore, 139964 Singapore -Quek Gim Chye TEL: (65) 6776-9210 FAX: (65) 6873-0796	d'Cryptor ZE Cryptographic Module (Hardware Version: P/N DC-ZEN2-41 v4.1, DC-ZEN4-41 v4.1; Firmware Version: Kernel v4.5, LFM v2.1, AFM v2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #332); Triple-DES (Cert. #396); SHS (Cert. #407); RSA (Cert. #113); HMAC (Cert. #136); RNG (Cert. #153) -Other algorithms: DES (Cert. #328; v3.0) Multi-chip embedded "The d'Cryptor ZE Cryptographic Module is a micro-token targeted at high security embedded applications. Central to the next generation of d'Cryptor products where it serves as a secure coprocessor, the ZE provides cryptographic/key management services, secure key storage and supports interfaces such as UARTs, SSP, infrared, contact/contactless Smartcard and GPIOs."
715	RELM Wireless Corporation 7100 Technology Drive West Melbourne, FL 32904 USA -Jim Spence TEL: 785-856-1300 FAX: 785-856-1302	FIPSCOM Cryptographic Module (Hardware Version: P/N 7011-30967-000 Versions 050306, 030207 and 051208; Firmware Versions: 0722-05072-000, 0722-05073-000 and 0722-05073-001) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2006; 04/26/2007; 12/18/2007; 06/23/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #385); RSA (Cert. #139); SHS (Cert. #462) -Other algorithms: DES; NDRNG Multi-chip embedded "The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
714	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402-3118 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE Crypto-J JCE Provider Module (Software Version: 3.5.2 [1] and 3.5.3 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	11/02/2006; 12/18/2006; 10/12/2007; 01/04/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode). -FIPS-approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Certs. #71 [1] and #186 [2]); RNG (Cert. #106); HMAC (Cert. #86) -Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 non-compliant, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
713	Sagem Orga Am Hoppenhof 33 Paderborn, 33104 Germany -Fabien Guichon TEL: 49 52 51 88 90	J-IDMark 64 (Hardware Version: HW P/N AT58829-C-AA, Version 01; Firmware Version: FW Version J-IDMark 64 IDT 005) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/02/2006	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: SHS (Certs. #459 and #460); RSA (Certs. #136 and #137); Triple-DES (Cert. #430); Triple-DES MAC (Cert. #430, vendor affirmed); RNG (Cert. #187) -Other algorithms: RSA (key wrapping, key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "The J-IDMark 64 is a single chip cryptographic module, compliant with Global Platform 2.0.1 and Sun Java Card TM 2.1.1. It runs a proprietary Applet, ID v1, which includes the following features: - A PKI-based digital signature for secure transactions and digital certificate management. - Secure storage of data and identification management rights (driving licenses, health care entitlement, car certificate, etc.). - A Match On Card mechanism which performs fingerprint verification. The J-IDMark 64 module meets the requirements to the Level 4 of FIPS 140-2 for physical security."
712		Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/27/2006	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
711	Kenwood Corporation 1-16-2, Hakusan, Midori-ku, Yokohama-shi, Kanagawa 226-8525 Japan -Tamaki Shimamura TEL: +81 45 939 6254 FAX: +81 45 939 7093 -Joe Watts TEL: 678-474-4700 FAX: 678-474-4730	Secure Cryptographic Module (SCM) (Hardware Version: P/N KWD-AE20, Version 1.0.0; Firmware Version: A1.0.0 and A1.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/16/2006	Overall Level: 1  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #363); SHS (Cert. #437) -Other algorithms: DES; LFSR Multi-chip embedded "The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing Kenwood radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES (non-compliant) encryption."
710	Ecutel Systems, Inc. 2300 Corporate Park Drive Suite 410 Herndon, VA 20171 USA -Dzung Tran TEL: 571-203-8300	Ecutel Cryptographic Service Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/16/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP; Windows Mobile for Pocket PC 2003; Linux RedHat Kernel 2.6 (in single-user mode) -FIPS-approved algorithms: AES (Cert. #381); Triple-DES (Cert. #425); SHS (Cert. #456); HMAC (Cert. #170); RNG (Cert. #183) -Other algorithms: Multi-chip standalone "The Ecurtel Cryptographic Service Module (ECSM) is a cryptographic library that offers cryptographic functionalities to Ecutel products only. It is installed on a machine as a constituent of host application."
709	Phoenix Technologies, Ltd. 915 Murphy Ranch Road Milpitas, CA 95035 USA -Karen Zelenko TEL: 408-570-1418 FAX: 408-570-1350	TrustConnector 2 v2.0 with StrongClient v4.0 and StrongROM v3.1 (Software Version: TrustConnector 2 v2.0, StrongClient v4.0; Firmware Version: StrongROM v3.1) (When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hybrid	10/17/2006	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #343 and #344); RSA (Certs. #114 and #115); SHS (Certs. #83, #418, and #419); HMAC (Certs. #105 and #147); HMAC (Cert. #83, vendor affirmed); RNG (Certs. #118 and #164); Triple-DES (Cert. #81) -Other algorithms: DES (Cert. #156); DES MAC (Cert. #156, vendor affirmed); RC2; RC4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Phoenix Technologies "TrustConnector 2" product is a FIPS 140-2 Level 1 compliant module that implements a standard Cryptographic Service Provider (CSP) for Microsoft CryptoAPI. Phoenix TrustConnector enables built-in device authentication and transparently enhances the way Windows protects identity credentials associated with digital certificates and binds the credentials to the platform to which they are issued."
708	Phoenix Technologies, Ltd. 915 Murphy Ranch Road Milpitas, CA 95035 USA -Karen Zelenko TEL: 408-570-1418 FAX: 408-570-1350	TrustConnector 2 v2.0 with StrongClient v4.0 (Software Version: TrustConnector 2 v2.0, StrongClient v4.0) (When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/11/2006	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #344); RSA (Cert. #115); SHS (Certs. #83 and #419); HMAC (Cert. #147); HMAC (Cert. #83, vendor affirmed); RNG (Cert. #164); Triple-DES (Cert. #81) -Other algorithms: DES (Cert. #156); DES MAC (Cert. #156, vendor affirmed); RC2; RC4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Phoenix Technologies "TrustConnector 2" product is a FIPS 140-2 Level 1 compliant module that implements a standard Cryptographic Service Provider (CSP) for Microsoft CryptoAPI. Phoenix TrustConnector enables built-in device authentication and transparently enhances the way Windows protects identity credentials associated with digital certificates and binds the credentials to the platform to which they are issued."
707	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095 -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	Cisco 871, 876, 877 and 878 Integrated Services Routers (Hardware Versions: 1.0 (871), 1.0 (876), 1.0 (877) and 1.0 (878); Firmware Version: 12.4(4)T2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/11/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #389 and #390); AES (Certs. #324 and #325); RNG (Cert. #147); SHS (Certs. #398 and #399); HMAC (Certs. #131 and #134) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant) Multi-chip standalone "Cisco 870 Series fixed-configuration integrated services routers support multiple types of DSL technologies, broadband cable, and Metro Ethernet connections in small offices. They run concurrent services, including firewall, intrusion prevention, and encryption for VPNs; optional 802.11b/g for WLAN networking; and quality of service (QoS) features for optimizing voice and video applications. These routers also offer Stateful Inspection Firewall, IP security (IPSec) VPNs, intrusion prevention system (IPS), antivirus support, and secure WLAN 802.11b/g option with use of multiple antennas."
706	Britestream Networks, Inc. 12401 Research Boulevard Bldg 2, Suite 275 Austin, TX 78759 USA -Rick Hall TEL: 512-250-2129 x135 FAX: 512-250-9068	Britestream nCipher Asymmetric Module (Hardware Version: 010-00007 a.00; Firmware Version: 610-00014 1.0.0) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/27/2006	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #346); AES (Cert. #264); SHS (Cert. #343); RSA (Cert. #103); HMAC (Cert. #76); RNG (Cert. #96); DSA (Cert. #138) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The Britestream nCipher Asymmetric Module performs various tasks associated with cryptographic key management including key generation, key wrapping, secure key storage and secure key transport as well as key zeroization. These functions comply with requirements for achieving FIPS 140-2 certification of the overall system that the module is used in."
705	SETECS Inc. and Gemalto 8070 Georgia Avenue Silver Spring, MD 20910 USA -Sead Muftic TEL: 301-587-3000 FAX: 301-587-7877 -Nick Hislop TEL: 610-202-4942 FAX: 215-390-2915	SETECS Inc. OneCARD™ PIV-II Java Card Applet on Gemalto GemCombi'Xpresso R4 E72K PK card (Hardware Version: GCX4-M2569420; Firmware Version: GCX4-FIPS EI07, Applet Version: SETECS Inc. OneCARD™ PIV-II Java Card Applet Version 1.2) (PIV Card Application: Cert. #4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/20/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119); Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. #168) -Other algorithms: N/A Single-chip "SETECS OneCARD(TM) is the smart card created as the combination of SETECS OneCARD(TM) PIV-II Java Card Applet and Gemalto GemCombi'Xpresso R4 E72K PK card. SETECS OneCARD(TM) Card (PIV Card) is the full implementation of the FIPS 201 card application (PIV applet) with all required access rules and protocols. The PIV Card contains all mandatory and optional data objects, as specified in the NIST Special Publication 800-73-1. The GCX4 is based on a Java platform with 72K EEPROM memory. The module provides dual interfaces (i.e. contact and contactless) where the same security level is achieved."
704	Utimaco® Safeware AG Hohemarkstraße 22 Oberursel, D-61440 Germany -US Corporate Headquarters TEL: 508- 543-1008 FAX: 508- 543-1009 -Dr. Christian Tobias TEL: +49 6171 88 1711	SafeGuard Easy (Software Version: 4.20) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	09/15/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 SP4, Windows Server 2000 SP4, Windows XP SP2, and Windows 2003 SP1 (All in single-user mode) -FIPS-approved algorithms: AES (Cert. #364); Triple-DES (Cert. #416); HMAC (Cert. #162); SHS (Cert. #438) -Other algorithms: Idea; Blowfish; XOR; Rijndael-256; Stealth-40; DES Multi-chip standalone "SafeGuard Easy (SGE) is a software product designed to protect user data on all types of Personal Computers (PCs) running Microsoft Windows 2000 or Microsoft Windows XP as operating system. SafeGuard Easy is installed on a PC to prevent unauthorised access to user data stored on hard disk partitions. In this context, user data means all files on hard disk partitions, i.e. data files, program files and even files of the operating system. The protection of the user data stored on hard disk partitions is realised by encryption. Encryption is done on sector level - not on file level."
703	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Cygnus X-2 Postal Security Device (Hardware Versions: (US) 1M00 AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF, (US Specimen) 1M03 AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF, (US Gov.) 1M05 AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF, (UN) 1M08 AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF, (Royal Mail) 1M20 AAA/AAC/AAD/BAA/ABA/ ABB/BAB/BAE/BAF, (Royal Mail Specimen) 1M23 AAA/AAC/AAD/BAA/ABA/ABB/BAB/BAE/BAF) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/05/2006; 04/26/2007; 05/14/2007	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: DSA (Cert. #153); SHS (Cert. #395); Triple-DES (Cert. #386); Triple-DES MAC (Cert. #386, vendor affirmed); RNG (Cert. #146) -Other algorithms: Multi-chip standalone "The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
702	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095 -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	Cisco 1801, 1802, 1803, 1811 and 1812 Integrated Services Routers Fixed Configuration Models (Hardware Versions: 2:0 (1801), 4.0 (1802), 3.0 (1803) and 3.0 (1811) and 3.0 (1812); Firmware Version: 12.4(4)T2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/05/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #414 and 415); AES (Certs. #357 and 358); RNG (Cert. #171); SHS (Certs. #432 and 433); HMAC (Certs. #156 and 157) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RC4; RSA (non-compliant) Multi-chip standalone "Cisco 1800 Series fixed-configuration integrated services routers enable a network infrastructure for SMBs and enterprise small branch offices. They enable deployment of a single device to provide multiple services, including integrated router with redundant link, LAN switch, firewall, VPN, IPS, wireless technology, and quality of service (QoS). The Cisco IOS Software Advanced IP Services feature set facilitates hardware-based IPSec encryption and features such as Cisco IOS Firewall, URL Filtering, IPS support, IPSec VPNs, Dynamic Multipoint VPN (DMVPN), anti-virus support, SSH 2.0, and SNM"
701	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Aironet AP1131AG, AP1232AG, and AP1242AG Wireless Access Points and BR1310G Wireless Bridge (Hardware Versions: AP1131AG: C0; AP1232AG: A0; AP1242AG: A0; BR1310G: C0; Firmware Version: 12.3(8)JA2(ED)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/23/2006; 12/19/2006; 02/27/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #356 and #370); CCM (Cert. #11); SHS (Cert. #428); HMAC (Cert. #154); RNG (Cert. #169) -Other algorithms: MD5; HMAC MD5; RSA (non-compliant); RC4 Multi-chip standalone "The Cisco Aironet 1131AG, 1242AG, 1232AG, and 1310G access points deliver the versatility, high capacity, security, and enterprise-class features required for autonomous based Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11i standard and Advanced Encryption Standard (AES). The Cisco APs are Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
700	Blue Ridge Networks 14120 Parke Long Court Suite 101 Chantilly, VA 20151 USA -Nancy Canty TEL: 703-633-7331 FAX: 703-631-9588	BorderGuard 5000 and 6000 Series (Hardware Versions: BorderGuard 5100, 5200, 5400, 5500, 5600, 6100, 6200, 6400, 6500 and 6600; Firmware Version: DPF1 V7.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/22/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #116 and #173); Triple-DES (Certs. #57 and #275 ); SHS (Certs. #49 and #258); HMAC (Certs. #21 and #22) -Other algorithms: DES (Certs. #119 and #271); DES MAC (Certs. #119 and #271, vendor affirmed); IDEA; HMAC-MD5; MD5; RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength for Models 5100, 5200, 5400, 6100, 6200, and 6400; and between 80 and 150 bits of encryption strength for Models 5500, 5600, 6500, and 6600; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The BorderGuard hardware models 5100, 5200, 5400, 5500, 5600, 6100, 6200, 6400, 6500, and 6600 version DPF 7.3 firmware are standalone hardware security appliances (routers) used to secure Internet traffic. The module is a multi-chip-standalone device."
699	WinMagic Incorporated 200 Matheson Blvd W. Suite 201 Mississauga, Ontario L5R 3L7 Canada -Thi Nguyen-Huu TEL: 905-502-7000 x218	SecureDoc® Disk Encryption Cryptographic Engine (Software Version: 4.5) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/14/2006; 07/02/2007; 07/05/2007	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Pro with Service Pack 3; Windows XP Pro with Service Pack 2; Windows 2000 Advanced Server; Windows 2000 Server; Windows 2003; Windows Vista -FIPS-approved algorithms: AES (Cert. #359); SHS (Cert. #434); RNG (Cert. #172); HMAC (Cert. #158) -Other algorithms: Multi-chip standalone "The SecureDoc® Cryptographic Engine is the heart of all SecureDoc® products. It provides all cryptographic services as well as the services required for key management and to maintain the user key files."
698	WinMagic Incorporated 200 Matheson Blvd W. 200 Matheson Blvd W. Suite 201 Mississauga, Ontario L5R 3L7 Canada -Thi Nguyen-Huu TEL: 905-502-7000 x218	SecureDoc® Disk Encryption Cryptographic Engine (Software Version: 4.5) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	08/14/2006; 07/02/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 Professional, Server and Advanced Server with Service Pack 3 and Q326886 Hotfix running on a Dell OptiPlex GX400 PC -FIPS-approved algorithms: AES (Cert. #359); SHS (Cert. #434); RNG (Cert. #172); HMAC (Cert. #158) -Other algorithms: Multi-chip standalone "The SecureDoc® Cryptographic Engine is the heart of all SecureDoc® products. It provides all cryptographic services as well as the services required for key management and to maintain the user key files."
697	Secure Computing Corporation 4810 Harwood Road San Jose, CA 95124-5206 USA -Secure Computing TEL: 800-379-4944 (Option 3)	SafeWord SecureWire 2500 Identity and Access Management Appliance (Hardware Version: Rev 100-000002; Firmware Version: R2.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/10/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #319, #320, #323, #325 and #326); AES (Certs. #229, #230, #233, #234 and #235); SHS (Certs. #308, #309, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #69, #70, #73 and #74); HMAC (Certs. #41, #42 and #45); DSA (Certs. #129, #130 and #131) -Other algorithms: DES (Certs. #299, #300, #303 and #304); Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 110 bits of encryption strength); MD5; HMAC-MD5; RC4 Multi-chip standalone "SafeWord® SecureWire™ is a powerful identity and access management (IAM) appliance that provides lightning fast, ultra-secure access to every application and data resource in your network -- for all remote AND internal connections. SecureWire is ideal for Microsoft environments, plugging right into Active Directory, and it provides complete endpoint device security, a single point for policy enforcement and reporting, and comes standard with SafeWord strong authentication."
696	Secure Computing Corporation 4810 Harwood Road San Jose, CA 95124-5206 USA -Secure Computing TEL: 800-379-4944 (Option 3)	SafeWord SecureWire 500 Identity and Access Management Appliance (Hardware Version: Rev. 100-000001; Firmware Version: R2.6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/10/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #321, #323, #325 and #326); AES (Certs. #231, #233, #234 and #235); SHS (Certs. #310, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #71, #73 and #74); HMAC (Certs. #43 and #45); DSA (Certs. #129, #130 and #131) -Other algorithms: DES (Certs. #301, #303 and #304); Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 110 bits of encryption strength); MD5; HMAC-MD5; RC4 Multi-chip standalone "SafeWord® SecureWire™ is a powerful identity and access management (IAM) appliance that provides lightning fast, ultra-secure access to every application and data resource in your network -- for all remote AND internal connections. SecureWire is ideal for Microsoft environments, plugging right into Active Directory, and it provides complete endpoint device security, a single point for policy enforcement and reporting, and comes standard with SafeWord strong authentication."
695	Cisco Systems Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Aironet LWAPP AP1131AG, Cisco Aironet LWAPP AP1231G, Cisco Aironet LWAPP AP1232AG, and Cisco Aironet LWAPP AP1242AG Wireless Access Points (Hardware Version: 1131, Revision C0; 1231, Revision A0; 1232, Revision A0; 1242, Revision A0; Firmware Version: 3.2.116.21) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/04/2006; 06/11/2007; 08/07/2007	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #370 and #373); CCM (Certs. #11 and #12); SHS (Cert. #443); HMAC (Cert. #165); RNG (Cert. #178); RSA (Cert. #125) -Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The Cisco LWAPP Aironet 1131, 1232, 1231, and 1242 access points deliver the versatility, high capacity, security, and enterprise-class features required for small, medium and large Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11i and IEEE 802.1x standards and Advanced Encryption Standard (AES) for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security. The Cisco APs are also Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
694	3e Technologies International, Inc. 700 King Farm Blvd. Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-523 and 3e-523-F1 WLAN Products (Hardware Versions: 3e-523 V1.0, 3e-523-F1 V1.0; Firmware Version: 3.4, Build 5) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/21/2006; 08/01/2006	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #200); Triple-DES (Cert. #292); SHS (Cert. #278); HMAC (Cert. #13); RNG (Cert. #22) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The 3e-523 and 3e-523-F1 WLAN products provide wired connections for Ethernet and Serial devices. This connection can be over an Ethernet 10/100 baseT RJ-45 and/or via RS-232/422/485 interface. The 3e-523 and 3e-523-F1 wireless connection can be configured to use IEEE 802.11a/b/g with Layer 2 AES or TDES encryption. The wireless connectivity is a wireless bridging function to, for example, another 523, a 3e-525A-3 Wireless Access Point, or similar device. The 3e-523 and 3e-523-F1 are ideal for connecting RFID readers, sensors, and other data devices (printers, terminals, etc.) into a secur"
693	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco 4402 and 4404 Wireless LAN Controllers (Hardware Version: 4402 and 4404; Revision Number: A0; Opacity Baffle Version: 1.0; Firmware Version: 3.2.116.21) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/20/2006; 10/10/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #368 and #369); CCM (Cert. #10); SHS (Certs. #441 and #442); HMAC (Cert. #164); RNG (Cert. #177); RSA (Certs. #123 and #124) -Other algorithms: RC4; MD5; HMAC MD5; Triple-DES; AES-CTR (non-compliant); RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
692	Federal Reserve Bank of Boston 600 Atlantic Avenue Boston, MA 02210 USA -Peggy Li TEL: 617-973-3917 FAX: 617-573-5417	FRBB ePurse v2 on ActivCard Applet v2 on Cyberflex Access 64k v1 (Hardware Version: SLE66CX640P; Firmware Versions: OS Hardmask n5 v1, OS Softmask n4 v2, ACA Applet v2.3.0.5, ASCLib v2.3.0.3, PKI/GC Applet v2.3.1.2, ePurse v2 Version 2.0.12) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/20/2006	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (Cert. #58); RNG (vendor affirmed) -Other algorithms: DES (Cert. #179, not available for use); DES MAC (Cert. #179, vendor affirmed, not available for use); Single-chip "The ePurse is a secure payment module which enables a Common Access Card to be used as a payment mechanism at designated locations."
691	Gemalto Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA -Jerome Denis TEL: 512-257-3808	SafesITe FIPS 201 Applet on SafesITe PIV TPC DM Card (Hardware Versions: GCX4-M2569420, GXP4-M2569430, GCX4-M2569422 and GCX4-A1004155; Firmware Versions: GCX4-FIPS EI07 (MPH051), GCX4-FIPS EI08, GXP4-FIPS EI07 (MPH052) and GXP4-FIPS EI08; Applet Version: SafesITe FIPS 201 Applet Version 1.20) (PIV Card Application: Cert. #2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/20/2006; 12/19/2006; 08/29/2007; 12/20/2007; 07/28/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119), Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. # 168) -Other algorithms: Single-chip "This module is based on a Java platform (GemCombiXpresso R4 E72 PK ) with 72K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. The module has on board the following FIPS approved security functions used specifically by the SafesITe FIPS201 applet :P-RNG, Triple DES, SHA-1, RSA algorithms up to 2048 bits key length, and X9.31 RSA On Board Key generation up to 2048 bits long. The module conforms to Java Card 2.1.1, Global Platform 2.1.1, NITS SP-800-73-1, and is very well suited for US Government and Federal projects where FIPS-201, PIV-II compliance is required."
690	L-3 Communications Cincinnati Electronics 7500 Innovation Way Mason, OH 45040-9699 USA -Doug Merz TEL: 513-573-6567 FAX: 513-573-6767	AES-256 Encryption Core, T-724 X-Band Mission Data Transmitter FPGA [1] and T-725 X-Band Telemetry Transmitter FPGA [2] (Hardware Versions: 669510-1, 669515 [1] and 669715-1 [2]) (When operated in FIPS mode [1, 2]) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/17/2006; 08/30/2006	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #346) -Other algorithms: DES [1] Single-chip "The AES-256 Encryption Core is to be used in spacecraft based transmitters for protection of electronic data during downlink to earth based ground stations. Applications include low rate telemetry data transmitters and high rate mission data transmitters."
689	Neopost Technologies 113, rue Jean-Marin Naudin Bagneux, 92220 France -Thierry Le Jaoudour TEL: +33 (0) 1 45 36 30 36	C95i Secure Metering Module (SMM) (Hardware Version: 4126736H B; Firmware Version: 4130379C G10 (SH1), 4126898B A (SH2)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/14/2006; 10/03/2006; 04/26/2007	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: DSA (Cert. #120); SHS (Cert. #389); RNG (Cert. #38); ECDSA (Cert. #15); HMAC (Cert. #119) -Other algorithms: Multi-chip embedded "The IJ40/50/60 are Neopost mid range of Franking products that incorporate a secure metering module for producing a highly secure franking impressions to meet CPC requirements."
688	DigitalGlobe Inc. 1900 Pike Road Longmont, CO 80501-6700 USA -Skip Cubbedge TEL: 303-684-4516 FAX: 303-684-4048	WorldView Wideband Transmitter FPGA (Hardware Version: 668515-1) (Bypass capability excluded from FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/13/2006	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #296) -Other algorithms: Single-chip "The WorldView Wideband Tramsmitter FPGA provides AES encryption services."
687	TecSec Incorporated Accounts Payable 1953 Gallows Road Suite 220 Vienna, VA 22182 USA -Lisa Liedel -Roger Butler	CKM® Cryptographic Module (Software Version: 2.0.0.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/13/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (in single user mode) -FIPS-approved algorithms: AES (Certs. #345 and #379); Triple-DES (Certs. #407 and #422); SHS (Certs. #420 and #450); HMAC (Certs. #149 and #167); RNG (Certs. #165 and #181); RSA (Certs. #116 and #131); DSA (Certs. #155, #163, and #165) -Other algorithms: DES; Twofish; Blowfish; P-Squared; RSA Key Establishment (key wrapping; key establishment methodology provides between 69 bits and 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); MD5; HMAC-MD5; CKM Key Construction Multi-chip standalone "TecSec® IncorporatedÆs Constructive Key Management« (CKM®) Cryptographic Module (CKMCRYPTO_FIPS.DLL) (Software version 2.0.0.11) is a FIPS 140-2 Level 1 compliant, general purpose, software based cryptographic module running upon the Microsoft« Windows« Operating System (in single user mode)."
686	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Mel Snyder TEL: 919-462-1900 x208 FAX: 919-462-1933	SafeEnterprise™ Encryptor, Model 600 (Hardware Version: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10112-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-30013-00x, 904-10014-00x, 904-10014-00x, 904-10113-00x, 904-25005-00x, 904-25005-00x, 904-25005-00x; Firmware Version: 3.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/11/2006; 04/09/2007; 04/26/2007; 12/07/2007; 03/07/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #268); AES (Certs.#262 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76) -Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeEnterprise™ Encryptor, Model 600 provides data privacy and access control for connections between vulnerable public and private networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in 155Mbps (OC-3), 622Mbps (OC-12), 1.0Gbps, and 2.4Gbps (OC-48) networks."
685	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna®PCI Cryptographic Module V2 (Hardware Version: VBD-01-0104; Firmware Version: 4.5.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #361); Triple-DES (Cert. #419); DSA (Cert. #158); RSA (Cert. #126); ECDSA (Cert. #21); SHS (Cert. #436); HMAC (Cert. #4); Triple-DES MAC (Cert. #419, vendor affirmed); RNG (Cert. #37) -Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES; RC2; RC5; CAST; CAST3; and CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curver Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength) Multi-chip embedded "The Luna PCI-1200 is a high assurance cryptographic accelerator PCI card contained in a secure enclosure that provides physical resistance to tampering and zeroization of plaintext keys in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card. The Luna PCI-1200 provides over 1200 asymmetric 1024-bit RSA signing operations per second and is ideally suited to high-volume digital signing, encryption, and key generation applications."
684	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module V2 (Hardware Version: VBD-01-0104; Firmware Version: 4.5.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2006	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #361); Triple-DES (Cert. #419); DSA (Cert. #158); RSA (Cert. #126); ECDSA (Cert. #21); SHS (Cert. #436); HMAC (Cert. #4); Triple-DES MAC (Cert. #419, vendor affirmed); RNG (Cert. #37) -Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES; RC2; RC5; CAST; CAST3; and CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Elliptic Curver Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength) Multi-chip embedded "The Luna PCI-1200 is a high assurance cryptographic accelerator PCI card contained in a secure enclosure that provides physical resistance to tampering and zeroization of plaintext keys in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card. The Luna PCI-1200 provides over 1200 asymmetric 1024-bit RSA signing operations per second and is ideally suited to high-volume digital signing, encryption, and key generation applications."
683	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nToken (Hardware Version: nC2033P-000; Build Standards C & N; Firmware Version: 2.22.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/26/2006; 06/24/2008	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HAS 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
682	Kanguru Solutions 1360 Main St. Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462	KanguruLock (Software Versions: 1.0.4.7, 1.0.4.15 and 1.0.4.24) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	06/26/2006; 04/26/2007; 04/30/2007; 06/21/2007; 02/21/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single user mode) -FIPS-approved algorithms: AES (Cert. #243); SHS (Cert. #321); HMAC (Cert. #51); RNG (Cert. #78) -Other algorithms: Multi-chip standalone "Kanguru Solutions is the leader in portable secure storage devices. KanguruLock, featured in the KanguruMicro Drive AES USB 2.0 Flash Drive, addresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
681	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, and nCipher 800 PCI (Hardware Version: nC3033P-1K6, nC3033P-1K6N and nC3033P-800 Build Standard C; Firmware Version: 2.22.6-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/19/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher modules: nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
680	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nCipher 800 PCI, nCipher 1600 PCI, and nCipher 1600 PCI for NetHSM (Hardware Version: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, Build Standard C; Firmware Version: 2.22.6-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	06/19/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HAS 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength). Multi-chip embedded "The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
679	SPYRUS, Inc. 2355 Oakland Road Suite 1 San Jose, CA 95131 USA -Tom Dickens TEL: 408-953-0700 FAX: 408-953-9835	LYNKS Series II (Hardware Version: Models PC500 P/N 906-160001-01, PC530 P/N 906-162001-01, PC530J P/N 906-162002-01, PC530S P/N 906-162004-01, PC600 P/N 906-160002-01, PC700 P/N 906-161001-01, PC730 P/N 906-162005-01, PC730J P/N 906-162006-01, PC730S P/N 906-162008-01, PC800 P/N 906-161002-01; Firmware Version: 2.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/19/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #372); AES (Certs. #299 and #300); Skipjack (Cert. #16); DSA (Cert. #142); ECDSA (Cert. #10); RSA (Cert. #88); SHS (Certs. #373 and #374); RNG (Cert. #126) -Other algorithms: MD5; DES; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); KEA Multi-chip standalone "The LYNKS Series II Hardware Security Module (HSM) supports the new "Suite B" algorithms, including elliptic curve cryptography with ECDSA signatures, AES, and the "SHA-2" algorithms. Available with either PCMCIA or USB interfaces."
678	MRV Communications 295 Foster St. Littleton, MA 01460 USA -Nicholas Minka -Tim Bergeron	LX-8020S and LX-8040S Series Console Servers (Hardware Versions: B/L 350-6003 Rev: D, P/N 500-8722 Rev: A and B/L 350-6003 Rev: D, P/N 500-8724 Rev: A and B/L 350-6005 Rev: G, P/N 500-8732 Rev: A and B/L 350-6004 Rev: C, P/N 500-8730 Rev: A and B/L 350-6003 Rev: D, P/N 500-8723 Rev: B and B/L 350-6003 Rev: D, P/N 500-8725 Rev: B and B/L 350-6005 Rev: G, P/N 500-8733 Rev: A and B/L 350-6004 Rev: C, P/N 500-8731 Rev: A and B/L 350-6003 Rev: D, P/N 500-8726 Rev: A and B/L 350-6003 Rev: D, P/N 500-8728 Rev: A and B/L 350-6005 Rev: G, P/N 500-8736 Rev: A and B/L 350-6004 Rev: C, P/N 500-8734 Rev: A and B/L 350-6003 Rev: D, P/N 500-8727 Rev: B and B/L 350-6003 Rev: D, P/N 500-8729 Rev: B and B/L 350-6005 Rev: G, P/N 500-8737 Rev: A and B/L 350-6004 Rev: C, P/N 500-8735 Rev: A; Firmware Version: linuxito Version: 3.7.2 and ppciboot Version: 3.7.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/19/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #348); DSA (Cert. #156); RNG (Cert. #166); RSA (Cert. #117); SHS (Cert. #423); Triple-DES (Cert. #408); HMAC (Cert. #151) -Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 194-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80-bits and 194-bits of encryption strength) Multi-chip standalone "The LX-8000S 20 and 40 port Dual AC and DC units with an optional internal modem add high-end NEBS console management to MRV's LX Series Console Servers. The Linux based system is tuned for optimal performance, security and reliability. The LX-8000S models are designed for telco and data center applications that demand high quality and reliability standards, dual power and NEBS Level-3 Certification."
677	Gemalto Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA -Jerome Denis TEL: 512-257-3808	SafesITe TOP DM GX4 - FIPS with ActivIdentity Digital Identity Applet Suite v2 (Hardware Versions: GCX4-M2569420, GXP4-M2569430, GCX4-M2569422 and GCX4-A1004155; Firmware Versions: GCX4-FIPS EI07 and GXP4-FIPS EI07, Applet Versions: ACA v2.6.1, PKI/GC v2.6.1, ASC library package v2.6.1; ACA v2.6.2, PKI/GC v2.6.2, ASC library package v2.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/12/2006; 12/19/2006; 03/01/2007; 07/28/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119), Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. # 168) -Other algorithms: N/A Single-chip "This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (72K EEPROM) memory, with a cryptographic applet suite V 2.6.1 developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container and PKI . The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2.1 standards."
676	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco Catalyst 6506, 6509, 6506(E), 6509(E), 7606 and 7609 Routers With VPN Services Module (Hardware Version: Chassis:6506, 6509, 6506-E, 6509-E,7606,7609; Backplane chassis: Hardware Version 1.0 (6505(E), 7606, 7609), 1.1 (6509(E)), 3.0 (6506, 6509); Supervisor Blade: Hardware Version 4.1 (SUP720-3B), 4.0 (SUP720-3BXL); VPNSM Blade: Hardware Version 1.3; Firmware Version: 12.2(18)SXE2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2006	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #132 and 155); SHS (Cert. #117); HMAC (Cert. #33); RNG (Cert. #123) -Other algorithms: DES; AES (non-compliant); Triple-DES; SHA-1 (non-compliant); HMAC-SHA-1 (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 96-bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers with the VPN Services Module offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
675	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite (Hardware Version: nC4033P-300, nC4132P-300, nC4032P-300N, nC4232P-300, nC4232P-300N, nC4032P-150, nC4232P-150, nC4032P-150, and nC4032P-10 Build Standard ER; Firmware Version: 2.22.6-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/22/2006	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
674	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite (Hardware Version: nC4033P-300, nC4132P-300, nC4032P-300N, nC4232P-300, nC4232P-300N, nC4032P-150, nC4232P-150, nC4032P-150 and nC4032P10 Build Standard ER; Firmware Version: 2.22.6-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/22/2006	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
673	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	7206VXR NPE-G1and 7301 with VAM2+ (Hardware Version: 7206VXR; NPE-G1 Version: 2.1, Board Version A0; VAM2+ Version: 1.0, Board Version: C0; 7301 Version: 5.0, Board Version: A0; Firmware Version: 12.3(11)T10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/15/2006	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #173); Triple-DES (Cert. #275); SHS (Certs. #404 and #258); HMAC (Cert. #39); RNG (Certs. #150 and #83) -Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; RSA (non-compliant); AES (non-compliant); Triple-DES; HMAC (non-compliant) Multi-chip standalone "Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
672	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	MiniHSM (Hardware Version: nC4033z-10 Build Standards A, B & N; Firmware Versions: 2.22.17-2 and 2.22.34-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/11/2006; 08/29/2006; 06/24/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert. #68, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength). Multi-chip embedded "The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
671	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	MiniHSM (Hardware Version: nC4033z-10 Build Standards A, B & N; Firmware Versions: 2.22.17-3 and 2.22.34-3) (When operated in FIPS mode and initialized to Overall 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/11/2006; 08/29/2006; 06/24/2008	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert.#68, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
670	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield 4000 [1], nShield 2000 [2], nShield 2000 for netHSM [3], nShield 800 [4], nShield 500 [5], nShield 500 for netHSM [6] and nShield Plus [7] (Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-800 [4], nC4133P-500 [5], nC4133P-500N [6] and nC4033P-50 [7], Build Standards L & N; Firmware Versions: 2.22.6-2, 2.22.34-2 and 2.22.43-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/11/2006; 06/14/2006; 12/20/2006;04/29/2008; 06/24/2008	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 +EFP/EFT -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength) Multi-chip embedded "The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
669	nCipher Corporation Ltd. 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield 4000 [1], nShield 2000 [2], nShield 2000 for netHSM [3], nShield 800 [4], nShield 500 [5], nShield 500 for netHSM [6] and nShield Plus [7] (Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-800 [4], nC4133P-500 [5], nC4133P-500N [6] and nC4033P-50 [7], Build Standards L & N; Firmware Versions: 2.22.6-3, 2.22.34-3 and 2.22.43-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/11/2006; 06/14/2006; 12/20/2006; 06/24/2008	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91) -Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 80-bits to 256-bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert. #68, key wrapping, key establishment methodology provides 80-bits to 256-bits of encryption strength). Multi-chip embedded "The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
668	Oberthur Card Systems 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503	Oberthur PIV EP v1 on ID-One Cosmo 64 v5 D (Hardware Version: HW P/N 77; Firmware Version: FW Version E303-063684 with PIV Applet Suite v1 (PIV Applet v1.08 or v1.09 and SSO Applet v1.08)) (PIV Card Application: Cert. #1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/02/2006; 07/27/2007	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94) -Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); Single-chip "The PIV EP v1 is a fully validated PIV-II « End Point » smart card to answer HSPD12. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption and secure post issuance management. To increase flexibility and customization capabilities, the card supports all PIV optional data containers from SP800-73-1, plus additional non-PIV containers and keys configurable during manufacturing. A built-in Card Single Sign-On application allows multiple on card applications to share the same Card Holder Verification Method (Global PIN)."
667	Francotyp-Postalia Triftweg 21-26 Birkenwerder, 16547 Germany -Clemens Heinrich TEL: +49-3303-525-619 FAX: +49-3303-525-609	Postal Revenector Canada (Hardware Version: 58.0036.0001.00 Version 06; Firmware Version: 90.0036.0009.00/01) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/02/2006; 06/26/2007	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #391); SHS (Cert. #400); RSA (Cert. #109); ECDSA (Cert. #20); HMAC (Cert. #132); RNG (Cert. #148) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip embedded "The Postal Revenector Canada is an embedded hardware module which provides security critical services for postage meters in the Canadian market. It is used to support new secure methods of applying postage."
666	Francotyp-Postalia Triftweg 21-26 D-16547 Birkenwerder Germany -Hasbi Kabacaoglu TEL: +49-3303-525-656 FAX: +49-3303-525-609	Revenector (Hardware Version: P/N 58.0036.0001.00/06; 58.0036.0006.00/03; Firmware Version: 5.46) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/02/2006; 05/30/2006	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: RSA (Cert. # 109); SHS (Cert. #400) -Other algorithms: Multi-chip embedded "Revenector is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of Revenector is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
665	Francotyp-Postalia Triftweg 21-26 16547 Birkenwerder Birkenwerder, 16547 Germany -Hasbi Kabacaoglu TEL: +49/3303/525/656 FAX: +49/3303/525/609	Postal Revenector (Hardware Version: P/N 58.0036.0001.00 Version 06; Firmware Version: 90.0036.0006.00/03) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/02/2006	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: Triple-DES (Cert. #391); SHS (Cert. #400); RSA (Cert. #109); ECDSA (Cert. #19); HMAC (Cert. #132); RNG (Cert. #148) -Other algorithms: Diffie-Hellman (key agreement) Multi-chip embedded "The Francotyp-Postalia Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal Revenector has been designed in compliance with the United States Postal Services (USPS), Information-Based Indicia Program (IBIP)."
664	Zix Corporation 2711 N. Haskell Avenue Suite 2300 Dallas, TX 75204-2960 USA -Dena Bauckman TEL: 214-370-2008 FAX: 613-288-2456	S/MIME Gateway Crypto Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	04/26/2006	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Linux Red Hat Enterprise 3 Operating System (in single user mode) -FIPS-approved algorithms: AES (Cert #321); Triple-DES (Cert #385); RSA (Cert #108); SHS (Cert #394); HMAC (Cert #127); RNG (Cert #145) -Other algorithms: DSA (non compliant); Diffie-Hellman (key agreement); Elliptic Curve (non compliant); MD2; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides between 80-bits and 112-bits of encryption strength) Multi-chip standalone "The S/MIME Gateway for ZixVPM® provides gateway-to-gateway email encryption using a FIPS 140-2 level 1 validated cryptographic module. The S/MIME Gateway for ZixVPM adheres to the standards set out in the Open Group S/MIME Gateway Profile and is interoperable with other certified S/MIME Gateway solutions. The approved cryptographic algorithms included in the module are: AES, Triple-DES, RSA, SHA-1, HMAC SHA-1, and FIPS 186-2 Appendix 3.1 RNG."
663	3e Technologies International, Inc. 9175 Key West Avenue Suite 500 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277 FAX: 301-670-6989	3e-010F-A-2 Cryptomodule and 3e-010F-C-2 Cryptomodule (Software Version: 3e-010F-A-2 Version 2.0, Build 18; 3e-010F-C-2 Version 2.0, Build 15; and 3e-010F-C-2 Version 2.0, Build 15, Revision 1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/26/2006; 08/01/2006; 08/29/2007	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Professional with SP4 and Microsoft Windows XP with SP2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #225, #287 and #288); Triple-DES (Cert. #316); RNG (Cert. #67); CCM (Certs. #5 and #6); HMAC (Cert. #32); SHS (Cert. #306); RSA (Cert. #112) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The 3e-010F-A-2 and 3e-010F-C-2 Crypto Clients provide standard 802.11a/b/g wireless access along with enhanced protection through a variety of cryptographic features, providing a high level of security for wireless environments. In FIPS 140-2 mode (highly secure), encryption can be set for None, Static AES, Static 3DES, Dynamic Key Exchange and WPA2 Enterprise and Personal (AES-CCM). In non-FIPS mode, one can select None, Static AES, Static 3DES, Dynamic Key Exchange, Static WEP, WPA-Enterprise and Personal (TKIP or AES-CCM) and WPA2-Enterprise and Personal (TKIP or AES-CCM)."
662	Fortress Technologies, Inc. 4023 Tampa Road Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388 FAX: 813-288-7389	AirFortress ® AF1100 Wireless Cryptographic Module (Hardware Version: AF-1100; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/26/2006	Overall Level: 2  -FIPS-approved algorithms: DES (Cert. #23); Triple-DES (Cert. #19); AES (Cert. #14); SHS (Cert. #316); HMAC (Cert. #62) -Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength); MD5; IDEA, ANSI X9.31 RNG (formerly ANSI X9.17; no