CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 6/26/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
729 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM)
(Hardware Versions: Chassis: 6506, 6506-E, 6509 and 6509-E; Backplane: Hardware Versions 1.0 (6506-E), 1.1 (6509-E) and 3.0 (6506, 6509); Supervisor Blade: Hardware Versions: 4.1 (SUP720-3B) and 4.0 (SUP720-3BXL); WiSM: Hardware Version 1.2; Firmware Versions: 12.2(18)SXF4, Build adventerprisek9 (Supervisor) and 3.2.116.21 (WiSM))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/21/2006;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #369 and #368); SHS (Certs. #442 and #441); HMAC (Cert. #164); RSA (Certs. #124 and #123); RNG (Cert. #177); CCM (Cert. #10)

-Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
728 Extreme Networks
3585 Monroe Street
Santa Clara, CA 95051
USA

-Prasad Yerneni
TEL: 408-579-3379

CST Lab: NVLAP 200017-0

Sentriant CE150
(Hardware Version: A; Firmware Version: 4.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/21/2006 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #79); RNG (Cert. #112)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC MD5; DES

Multi-chip standalone

"The Sentriant CE150 is a high performance, integrated security appliance that offers Gigabit Ethernet IPSec encryption. Housed in a tamper evident chassis, it has two Gigabit Ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
727 Ceragon Networks, Ltd.
24 Raoul Wallenberg Street
Tel-Aviv, 69719
Israel

-Yossi Sarusi
TEL: 972 3 7666436
FAX: 972 3 6455559

-Boris Radin
TEL: 972 3 76668160
FAX: 972 3 6455559

CST Lab: NVLAP 200427-0

FibeAir®1500P™ Secure Basic Indoor Unit
(Hardware Version: mux_fal2_4.084.s.frx; Firmware Version: idc_swr_4.80s28.s.idn)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/21/2006 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #395 and #396); RNG (Cert. #192); RSA (Cert. #141); SHS (Cert. #467)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"High capacity broadband wireless system which provide FIPS compliant secure operation."
726 3e Technologies International, Inc.
700 King Farm Blvd.
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-523-F2 Secure Multi-function Wireless Data Point
(Hardware Versions: HW V1.0 and V1.1; Firmware Version: 4.1.7.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/18/2006;
09/25/2007;
01/28/2010
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #238); Triple-DES (Certs. #292 and #892); SHS (Certs. #278 and #1145); HMAC (Certs. #13 and #729); RNG (Cert. #22); RSA (Cert. #129); CCM (Cert. #1)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; RC4; DES; AES CFB (non-compliant)

Multi-chip standalone

"The 3e-523-F2 operates as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i."
725

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/15/2006 Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip embedded

724

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/15/2006 Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip embedded

723 Thales e-Security
Meadow View House
Crendon Industrial Estate, Long Crendon,
Aylesbury, Buckinghamshire HP18 9EQ
United Kingdom

-Tim Fox
TEL: +44 (0)1844 201800

CST Lab: NVLAP 200002-0

Secure Generic Sub-System (SGSS), Version 3.3
(Hardware Version: 1213B130, Rev 2 and 1213D130, Rev 3a; Software Version: 2.5.7)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/18/2006;
09/25/2007
Overall Level: 3 

-FIPS Approved algorithms: DSA/SHS (Cert. #24)

-Other algorithms: N/A

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000 family, WebSentry™ family, HSM 8000 family, P3™CM family, PaySentry™, 3D Security Module and SafeSign® Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and SHA-1 hashing."
722 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

VPN-1
(Firmware Version: NGX (R60) with hot fix HFA-03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 12/08/2006;
01/04/2007;
05/02/2008;
05/28/2009
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 2

-Tested: Check Point SecurePlatform Operating System, version NGX (R60) HFA-03 on General Purpose Computing platform with single and dual Intel XEON® and single and dual AMD Opteron® processor configurations

-FIPS Approved algorithms: Triple-DES (Cert. #338); AES (Cert. #257); SHS (Cert. #332); HMAC (Cert. #67); RSA (Certs. #66 and #132); RNG (Cert. #90)

-Other algorithms: DES (Cert. #314); CAST 40 bit; CAST 128 bit; MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 112 and 202 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Check Point's VPN-1 version NGX (R60) with hot fix HFA-03 is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point's Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
721 Neopost Technologies
113 rue Jean-Marin Naudin
Bagneaux, 92220
France

-Thierry Le Jaoudour
TEL: 01 45 36 30 00
FAX: 01 45 36 30 10

CST Lab: NVLAP 100432-0

N30i/N30ig - 135/136 Meter
(Hardware Version: P/N 4127205W; Firmware Versions: P/N 4132525N V50.0, P/N 4134515L/A V50.02 and P/N 4134515L/B V50.03)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/08/2006;
12/19/2006;
09/12/2008
Overall Level: 3 

-Physical Security: Level 3 +EFT

-FIPS Approved algorithms: DSA (Cert. #61); Triple-DES (Cert. #119); Triple-DES MAC (Cert. #119, vendor affirmed); SHS (Certs. #391 and #455); RNG (Cert. #141)

-Other algorithms: N/A

Multi-chip embedded

"Cryptographic software module used in the N30i/N30ig - 135/136 Postage Meter."
720 Sterling Commerce, Inc.
4600 Lakehurst Court
Dublin, OH 43016-2000
USA

-Garry Mayo
TEL: 469-524-2663
FAX: 469-524-2357

-Dean Vallas
TEL: 469-524-2103
FAX: 469-524-2357

CST Lab: NVLAP 200556-0

Connect:Direct Secure+ Option
(Software Version: Version 4.5 on z/OS)

(When operated in FIPS mode using IBM eServer zSeries 900 CMOS Cryptographic Coprocessor validated to FIPS 140-1 under Cert. #118 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 11/15/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with IBM z/OS 1.6 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #423 and #28); SHS (Certs. #451 and #37); ECDSA (Cert. #25); DSA (Cert. #37)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Connect:Direct Secure+ Option provides server-based software file-transfer solutions for high-volume applications. Connect:Direct installations typically perform periodic, high-capacity file transfers between specific servers, often for financial services or federal government applications. This software supports multiple server platforms, including mainframe operating systems, UNIX platforms, and Windows servers."
719 Sterling Commerce, Inc.
4600 Lakehurst Court
Dublin, OH 43016-2000
USA

-Garry Mayo
TEL: 469-524-2663
FAX: 469-524-2357

-Dean Vallas
TEL: 469-524-2103
FAX: 469-524-2357

CST Lab: NVLAP 200556-0

Connect:Direct Secure+ Option
(Software Version: Version 3.7 on UNIX)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/15/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Solaris 10, IBM AIX 5.3, and HP-UX 11i (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #288, #423, and #424); AES (Certs. #192 and #380); SHS (Certs. #272, #451, #452, and #453); HMAC (Certs. #7 and #168); DSA (Cert. #164); RNG (Certs. #39 and #182)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; MD5

Multi-chip standalone

"Connect:Direct Secure+ Option provides server-based software file-transfer solutions for high-volume applications. Connect:Direct installations typically perform periodic, high-capacity file transfers between specific servers, often for financial services or federal government applications. This software supports multiple server platforms, including mainframe operating systems, UNIX platforms, and Windows servers."
718 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Security Controller (FC-X)
(Hardware Version: FC-X; Firmware Versions: FC-X 4.0.3 and 4.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/15/2006;
08/31/2007;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #389 and #390); SHS (Cert. #465); RNG (Certs. #189 and #190); HMAC (Cert. #174)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; RSA (non-compliant); SHS (non-compliant; FPGA); HMAC (non-compliant; FPGA)

Multi-chip standalone

"The Fortress Security Controller (FC-X) is a high performance electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a custom built multiple processor hardware platform and deployable on any LAN or WAN, the Fortress Security Controller (FC-X) provides encryption, data integrity checking, authentication, access control, and data compression."
717 High Density Devices AS
Vestre Strandgate 26
Kristiansand, N-4611
Norway

-Aage Kalsaeg
TEL: +47 38 10 44 80
FAX: +47 38 10 44 99

CST Lab: NVLAP 100432-0

SecureD v.1.6.1
(Hardware Version: HW P/N SecureD v.1.6.1 Version 1.6.6; Firmware Version: 1.6.3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/15/2006;
01/05/2007
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #427); AES (Cert. #383)

-Other algorithms: N/A

Multi-chip embedded

"SecureD is a hardware based encryption device that offers optimal, fully integrated, protection for stored data in IDE data bus based computer systems. SecureD operates fully transparent at the speed of ATA-6 AT API. SecureD is using AES 128/192/256 bits encryption/decryption, and is 100% operating system independent. No SW is installed. Ideal for encryption of disks in Desktop environment, Laptop, and USB/Firewire connected disks."
716 D'Crypt Private Limited
20 Ayer Rajah Crescent
#08-08 Technopreneur Centre
Singapore, 139964
Singapore

-Quek Gim Chye
TEL: (65) 6776-9210
FAX: (65) 6873-0796

CST Lab: NVLAP 100432-0

d'Cryptor ZE Cryptographic Module
(Hardware Version: P/N DC-ZEN2-41 v4.1, DC-ZEN4-41 v4.1; Firmware Version: Kernel v4.5, LFM v2.1, AFM v2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/06/2006 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #332); Triple-DES (Cert. #396); SHS (Cert. #407); RSA (Cert. #113); HMAC (Cert. #136); RNG (Cert. #153)

-Other algorithms: DES (Cert. #328; v3.0)

Multi-chip embedded

"The d'Cryptor ZE Cryptographic Module is a micro-token targeted at high security embedded applications. Central to the next generation of d'Cryptor products where it serves as a secure coprocessor, the ZE provides cryptographic/key management services, secure key storage and supports interfaces such as UARTs, SSP, infrared, contact/contactless Smartcard and GPIOs."
715 RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

-Jim Spence
TEL: 785-856-1300
FAX: 785-856-1302

CST Lab: NVLAP 100432-0

FIPSCOM Cryptographic Module
(Hardware Version: P/N 7011-30967-000 Versions 050306, 030207 and 051208; Firmware Versions: 0722-05072-000, 0722-05073-000 and 0722-05073-001)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/06/2006;
04/26/2007;
12/18/2007;
06/23/2008
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #385); RSA (Cert. #139); SHS (Cert. #462)

-Other algorithms: DES; NDRNG

Multi-chip embedded

"The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
714 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE Crypto-J JCE Provider Module
(Software Version: 3.5.2 [1] and 3.5.3 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 11/02/2006;
12/18/2006;
10/12/2007;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode).

-FIPS Approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Certs. #71 [1] and #186 [2]); RNG (Cert. #106); HMAC (Cert. #86)

-Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement, key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 non-compliant, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping, key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
713 Sagem Orga
Am Hoppenhof 33
Paderborn, 33104
Germany

-Fabien Guichon
TEL: 49 52 51 88 90

CST Lab: NVLAP 100432-0

J-IDMark 64
(Hardware Version: HW P/N AT58829-C-AA, Version 01; Firmware Version: FW Version J-IDMark 64 IDT 005)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/02/2006;
01/01/2014
Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: SHS (Certs. #459 and #460); RSA (Cert. #137); Triple-DES (Cert. #430); Triple-DES MAC (Cert. #430, vendor affirmed); RNG (Cert. #187)

-Other algorithms: RSA (Cert. #136; non-compliant); RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"The J-IDMark 64 is a single chip cryptographic module, compliant with Global Platform 2.0.1 and Sun Java Card TM 2.1.1. It runs a proprietary Applet, ID v1, which includes the following features: - A PKI-based digital signature for secure transactions and digital certificate management. - Secure storage of data and identification management rights (driving licenses, health care entitlement, car certificate, etc.). - A Match On Card mechanism which performs fingerprint verification. The J-IDMark 64 module meets the requirements to the Level 4 of FIPS 140-2 for physical security."
712

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/27/2006;
07/28/2009
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

711 JVC KENWOOD Corporation
1-16-2, Hakusan, Midori-ku,
Yokohama-shi, Kanagawa 226-8525
Japan

-Tamaki Shimamura
TEL: +81 45 939 6254
FAX: +81 45 939 7093

-Joe Watts
TEL: 678-474-4700
FAX: 678-474-4730

CST Lab: NVLAP 100432-0

Secure Cryptographic Module (SCM)
(Hardware Version: P/N KWD-AE20, Version 1.0.0; Firmware Version: A1.0.0 and A1.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/16/2006;
12/07/2011;
01/31/2012
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #363); SHS (Cert. #437)

-Other algorithms: DES; LFSR

Multi-chip embedded

"The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES (non-compliant) encryption."
710 Ecutel Systems, Inc.
2300 Corporate Park Drive
Suite 410
Herndon, VA 20171
USA

-Dzung Tran
TEL: 571-203-8300

CST Lab: NVLAP 200416-0

Ecutel Cryptographic Service Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/16/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP; Windows Mobile for Pocket PC 2003; Linux RedHat Kernel 2.6 (in single-user mode)

-FIPS Approved algorithms: AES (Cert. #381); Triple-DES (Cert. #425); SHS (Cert. #456); HMAC (Cert. #170); RNG (Cert. #183)

-Other algorithms: N/A

Multi-chip standalone

"The Ecurtel Cryptographic Service Module (ECSM) is a cryptographic library that offers cryptographic functionalities to Ecutel products only. It is installed on a machine as a constituent of host application."
709 Phoenix Technologies, Ltd.
915 Murphy Ranch Road
Milpitas, CA 95035
USA

-Karen Zelenko
TEL: 408-570-1418
FAX: 408-570-1350

CST Lab: NVLAP 100432-0

TrustConnector 2 v2.0 with StrongClient v4.0 and StrongROM v3.1
(Software Version: TrustConnector 2 v2.0, StrongClient v4.0; Firmware Version: StrongROM v3.1)

(When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-1 under Cert. #238 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 10/17/2006 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #343 and #344); RSA (Certs. #114 and #115); SHS (Certs. #83, #418, and #419); HMAC (Certs. #105 and #147); HMAC (Cert. #83, vendor affirmed); RNG (Certs. #118 and #164); Triple-DES (Cert. #81)

-Other algorithms: DES (Cert. #156); DES MAC (Cert. #156, vendor affirmed); RC2; RC4; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Phoenix Technologies "TrustConnector 2" product is a FIPS 140-2 Level 1 compliant module that implements a standard Cryptographic Service Provider (CSP) for Microsoft CryptoAPI. Phoenix TrustConnector enables built-in device authentication and transparently enhances the way Windows protects identity credentials associated with digital certificates and binds the credentials to the platform to which they are issued."
708 Phoenix Technologies, Ltd.
915 Murphy Ranch Road
Milpitas, CA 95035
USA

-Karen Zelenko
TEL: 408-570-1418
FAX: 408-570-1350

CST Lab: NVLAP 100432-0

TrustConnector 2 v2.0 with StrongClient v4.0
(Software Version: TrustConnector 2 v2.0, StrongClient v4.0)

(When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-1 under Cert. #238 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/11/2006 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #344); RSA (Cert. #115); SHS (Certs. #83 and #419); HMAC (Cert. #147); HMAC (Cert. #83, vendor affirmed); RNG (Cert. #164); Triple-DES (Cert. #81)

-Other algorithms: DES (Cert. #156); DES MAC (Cert. #156, vendor affirmed); RC2; RC4; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Phoenix Technologies "TrustConnector 2" product is a FIPS 140-2 Level 1 compliant module that implements a standard Cryptographic Service Provider (CSP) for Microsoft CryptoAPI. Phoenix TrustConnector enables built-in device authentication and transparently enhances the way Windows protects identity credentials associated with digital certificates and binds the credentials to the platform to which they are issued."
707 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 871, 876, 877 and 878 Integrated Services Routers
(Hardware Versions: 1.0 (871), 1.0 (876), 1.0 (877) and 1.0 (878); Firmware Version: 12.4(4)T2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/11/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #389 and #390); AES (Certs. #324 and #325); RNG (Cert. #147); SHS (Certs. #398 and #399); HMAC (Certs. #131 and #134)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; HMAC-MD5; RC4; RSA (non-compliant)

Multi-chip standalone

"Cisco 870 Series fixed-configuration integrated services routers support multiple types of DSL technologies, broadband cable, and Metro Ethernet connections in small offices. They run concurrent services, including firewall, intrusion prevention, and encryption for VPNs; optional 802.11b/g for WLAN networking; and quality of service (QoS) features for optimizing voice and video applications. These routers also offer Stateful Inspection Firewall, IP security (IPSec) VPNs, intrusion prevention system (IPS), antivirus support, and secure WLAN 802.11b/g option with use of multiple antennas."
706 Britestream Networks, Inc.
12401 Research Boulevard
Bldg 2, Suite 275
Austin, TX 78759
USA

-Rick Hall
TEL: 512-250-2129 x135
FAX: 512-250-9068

CST Lab: NVLAP 200017-0

Britestream nCipher Asymmetric Module
(Hardware Version: 010-00007 a.00; Firmware Version: 610-00014 1.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/27/2006 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #346); AES (Cert. #264); SHS (Cert. #343); RSA (Cert. #103); HMAC (Cert. #76); RNG (Cert. #96); DSA (Cert. #138)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Britestream nCipher Asymmetric Module performs various tasks associated with cryptographic key management including key generation, key wrapping, secure key storage and secure key transport as well as key zeroization. These functions comply with requirements for achieving FIPS 140-2 certification of the overall system that the module is used in."
705 SETECS Inc. and Gemalto
8070 Georgia Avenue
Silver Spring, MD 20910
USA

-Sead Muftic
TEL: 301-587-3000
FAX: 301-587-7877

-Nick Hislop
TEL: 610-202-4942
FAX: 215-390-2915

CST Lab: NVLAP 200427-0

SETECS Inc. OneCARD™ PIV-II Java Card Applet on Gemalto GemCombi'Xpresso R4 E72K PK card
(Hardware Version: GCX4-M2569420; Firmware Version: GCX4-FIPS EI07, Applet Version: SETECS Inc. OneCARD™ PIV-II Java Card Applet Version 1.2)

(PIV Card Application: Cert. #4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/20/2006;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119); Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. #168); CVL (Cert. #205)

-Other algorithms: N/A

Single-chip

"SETECS OneCARD™ is the smart card created as the combination of SETECS OneCARD™ PIV-II Java Card Applet and Gemalto GemCombi'Xpresso R4 E72K PK card. SETECS OneCARD™ Card (PIV Card) is the full implementation of the FIPS 201 card application (PIV applet) with all required access rules and protocols. The PIV Card contains all mandatory and optional data objects, as specified in the NIST Special Publication 800-73-1. The GCX4 is based on a Java platform with 72K EEPROM memory. The module provides dual interfaces (i.e. contact and contactless) where the same security level is achieved."
704 Utimaco® Safeware AG
Hohemarkstraße 22
Oberursel, D-61440
Germany

-US Corporate Headquarters
TEL: 508- 543-1008
FAX: 508- 543-1009

-Dr. Christian Tobias
TEL: +49 6171 88 1711

CST Lab: NVLAP 200017-0

SafeGuard Easy
(Software Version: 4.20)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/15/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 SP4, Windows Server 2000 SP4, Windows XP SP2, and Windows 2003 SP1 (All in single-user mode)

-FIPS Approved algorithms: AES (Cert. #364); Triple-DES (Cert. #416); HMAC (Cert. #162); SHS (Cert. #438)

-Other algorithms: Idea; Blowfish; XOR; Rijndael-256; Stealth-40; DES

Multi-chip standalone

"SafeGuard Easy (SGE) is a software product designed to protect user data on all types of Personal Computers (PCs) running Microsoft Windows 2000 or Microsoft Windows XP as operating system. SafeGuard Easy is installed on a PC to prevent unauthorised access to user data stored on hard disk partitions. In this context, user data means all files on hard disk partitions, i.e. data files, program files and even files of the operating system. The protection of the user data stored on hard disk partitions is realised by encryption. Encryption is done on sector level - not on file level."
703 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-924-3406

CST Lab: NVLAP 100432-0

Cygnus X-2 Postal Security Device
(Hardware Versions: (US) 1M00
AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF,
(US Specimen) 1M03
AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF,
(US Gov.) 1M05
AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF,
(UN) 1M08
AAA/AAC/AAD/BAA/ABB/BAB/BAE/BAF,
(Royal Mail) 1M20
AAA/AAC/AAD/BAA/ABA/ ABB/BAB/BAE/BAF,
(Royal Mail Specimen) 1M23
AAA/AAC/AAD/BAA/ABA/ABB/BAB/BAE/BAF)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/05/2006;
04/26/2007;
05/14/2007
Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: DSA (Cert. #153); SHS (Cert. #395); Triple-DES (Cert. #386); Triple-DES MAC (Cert. #386, vendor affirmed); RNG (Cert. #146)

-Other algorithms: N/A

Multi-chip standalone

"The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
702 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1801, 1802, 1803, 1811 and 1812 Integrated Services Routers Fixed Configuration Models
(Hardware Versions: 2:0 (1801), 4.0 (1802), 3.0 (1803) and 3.0 (1811) and 3.0 (1812); Firmware Version: 12.4(4)T2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/05/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #414 and 415); AES (Certs. #357 and 358); RNG (Cert. #171); SHS (Certs. #432 and 433); HMAC (Certs. #156 and 157)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; HMAC-MD5; RC4; RSA (non-compliant)

Multi-chip standalone

"Cisco 1800 Series fixed-configuration integrated services routers enable a network infrastructure for SMBs and enterprise small branch offices. They enable deployment of a single device to provide multiple services, including integrated router with redundant link, LAN switch, firewall, VPN, IPS, wireless technology, and quality of service (QoS). The Cisco IOS Software Advanced IP Services feature set facilitates hardware-based IPSec encryption and features such as Cisco IOS Firewall, URL Filtering, IPS support, IPSec VPNs, Dynamic Multipoint VPN (DMVPN), anti-virus support, SSH 2.0, and SNM"
701 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Aironet AP1131AG, AP1232AG, and AP1242AG Wireless Access Points and BR1310G Wireless Bridge
(Hardware Versions: AP1131AG: C0; AP1232AG: A0; AP1242AG: A0; BR1310G: C0; Firmware Version: 12.3(8)JA2(ED))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/23/2006;
12/19/2006;
02/27/2007;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #356 and #370); CCM (Cert. #11); SHS (Cert. #428); HMAC (Cert. #154); RNG (Cert. #169)

-Other algorithms: MD5; HMAC MD5; RSA (non-compliant); RC4

Multi-chip standalone

"The Cisco Aironet 1131AG, 1242AG, 1232AG, and 1310G access points deliver the versatility, high capacity, security, and enterprise-class features required for autonomous based Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11i standard and Advanced Encryption Standard (AES). The Cisco APs are Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
700 Blue Ridge Networks
14120 Parke Long Court
Suite 101
Chantilly, VA 20151
USA

-Nancy Canty
TEL: 703-633-7331
FAX: 703-631-9588

CST Lab: NVLAP 200416-0

BorderGuard 5000 and 6000 Series
(Hardware Versions: BorderGuard 5100, 5200, 5400, 5500, 5600, 6100, 6200, 6400, 6500 and 6600; Firmware Version: DPF1 V7.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/22/2006 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #116 and #173); Triple-DES (Certs. #57 and #275 ); SHS (Certs. #49 and #258); HMAC (Certs. #21 and #22)

-Other algorithms: DES (Certs. #119 and #271); DES MAC (Certs. #119 and #271, vendor affirmed); IDEA; HMAC-MD5; MD5; RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits of encryption strength for Models 5100, 5200, 5400, 6100, 6200, and 6400; and between 112 and 150 bits of encryption strength for Models 5500, 5600, 6500, and 6600; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"The BorderGuard hardware models 5100, 5200, 5400, 5500, 5600, 6100, 6200, 6400, 6500, and 6600 version DPF 7.3 firmware are standalone hardware security appliances (routers) used to secure Internet traffic. The module is a multi-chip-standalone device."
699 WinMagic Incorporated
200 Matheson Blvd W.
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Thi Nguyen-Huu
TEL: 905-502-7000 x218

CST Lab: NVLAP 200017-0

SecureDoc® Disk Encryption Cryptographic Engine
(Software Version: 4.5)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/14/2006;
07/02/2007;
07/05/2007
Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Pro with Service Pack 3; Windows XP Pro with Service Pack 2; Windows 2000 Advanced Server; Windows 2000 Server; Windows 2003; Windows Vista

-FIPS Approved algorithms: AES (Cert. #359); SHS (Cert. #434); RNG (Cert. #172); HMAC (Cert. #158)

-Other algorithms: N/A

Multi-chip standalone

"The SecureDoc® Cryptographic Engine is the heart of all SecureDoc® products. It provides all cryptographic services as well as the services required for key management and to maintain the user key files."
698 WinMagic Incorporated
200 Matheson Blvd W. 200 Matheson Blvd W.
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Thi Nguyen-Huu
TEL: 905-502-7000 x218

CST Lab: NVLAP 200017-0

SecureDoc® Disk Encryption Cryptographic Engine
(Software Version: 4.5)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/14/2006;
07/02/2007
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 Professional, Server and Advanced Server with Service Pack 3 and Q326886 Hotfix running on a Dell OptiPlex GX400 PC

-FIPS Approved algorithms: AES (Cert. #359); SHS (Cert. #434); RNG (Cert. #172); HMAC (Cert. #158)

-Other algorithms: N/A

Multi-chip standalone

"The SecureDoc® Cryptographic Engine is the heart of all SecureDoc® products. It provides all cryptographic services as well as the services required for key management and to maintain the user key files."
697 Secure Computing Corporation
4810 Harwood Road
San Jose, CA 95124-5206
USA

-Secure Computing
TEL: 800-379-4944 (Option 3)

CST Lab: NVLAP 200017-0

SafeWord SecureWire 2500 Identity and Access Management Appliance
(Hardware Version: Rev 100-000002; Firmware Version: R2.6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/10/2006 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #319, #320, #323, #325 and #326); AES (Certs. #229, #230, #233, #234 and #235); SHS (Certs. #308, #309, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #69, #70, #73 and #74); HMAC (Certs. #41, #42 and #45); DSA (Certs. #129, #130 and #131)

-Other algorithms: DES (Certs. #299, #300, #303 and #304); Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 110 bits of encryption strength; non-compliant); MD5; HMAC-MD5; RC4

Multi-chip standalone

"SafeWord® SecureWire™ is a powerful identity and access management (IAM) appliance that provides lightning fast, ultra-secure access to every application and data resource in your network -- for all remote AND internal connections. SecureWire is ideal for Microsoft environments, plugging right into Active Directory, and it provides complete endpoint device security, a single point for policy enforcement and reporting, and comes standard with SafeWord strong authentication."
696 Secure Computing Corporation
4810 Harwood Road
San Jose, CA 95124-5206
USA

-Secure Computing
TEL: 800-379-4944 (Option 3)

CST Lab: NVLAP 200017-0

SafeWord SecureWire 500 Identity and Access Management Appliance
(Hardware Version: Rev. 100-000001; Firmware Version: R2.6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/10/2006 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #321, #323, #325 and #326); AES (Certs. #231, #233, #234 and #235); SHS (Certs. #310, #312, #313 and #314); RSA (Certs. #55 and #56); RNG (Certs. #71, #73 and #74); HMAC (Certs. #43 and #45); DSA (Certs. #129, #130 and #131)

-Other algorithms: DES (Certs. #301, #303 and #304); Diffie-Hellman (key agreement; key establishment methodology provides between 70 and 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 110 bits of encryption strength; non-compliant); MD5; HMAC-MD5; RC4

Multi-chip standalone

"SafeWord® SecureWire™ is a powerful identity and access management (IAM) appliance that provides lightning fast, ultra-secure access to every application and data resource in your network -- for all remote AND internal connections. SecureWire is ideal for Microsoft environments, plugging right into Active Directory, and it provides complete endpoint device security, a single point for policy enforcement and reporting, and comes standard with SafeWord strong authentication."
695 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Aironet LWAPP AP1131AG, Cisco Aironet LWAPP AP1231G, Cisco Aironet LWAPP AP1232AG, and Cisco Aironet LWAPP AP1242AG Wireless Access Points
(Hardware Version: 1131, Revision C0; 1231, Revision A0; 1232, Revision A0; 1242, Revision A0; Firmware Version: 3.2.116.21)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 08/04/2006;
06/11/2007;
08/07/2007;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #370 and #373); CCM (Certs. #11 and #12); SHS (Cert. #443); HMAC (Cert. #165); RNG (Cert. #178); RSA (Cert. #125)

-Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Cisco LWAPP Aironet 1131, 1232, 1231, and 1242 access points deliver the versatility, high capacity, security, and enterprise-class features required for small, medium and large Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11i and IEEE 802.1x standards and Advanced Encryption Standard (AES) for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security. The Cisco APs are also Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
694 3e Technologies International, Inc.
700 King Farm Blvd.
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-523 and 3e-523-F1 WLAN Products
(Hardware Versions: 3e-523 V1.0, 3e-523-F1 V1.0; Firmware Version: 3.4, Build 5)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2006;
08/01/2006
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #200); Triple-DES (Cert. #292); SHS (Cert. #278); HMAC (Cert. #13); RNG (Cert. #22)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The 3e-523 and 3e-523-F1 WLAN products provide wired connections for Ethernet and Serial devices. This connection can be over an Ethernet 10/100 baseT RJ-45 and/or via RS-232/422/485 interface. The 3e-523 and 3e-523-F1 wireless connection can be configured to use IEEE 802.11a/b/g with Layer 2 AES or TDES encryption. The wireless connectivity is a wireless bridging function to, for example, another 523, a 3e-525A-3 Wireless Access Point, or similar device. The 3e-523 and 3e-523-F1 are ideal for connecting RFID readers, sensors, and other data devices (printers, terminals, etc.) into a secur"
693 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco 4402 and 4404 Wireless LAN Controllers
(Hardware Version: 4402 and 4404; Revision Number: A0; Opacity Baffle Version: 1.0; Firmware Version: 3.2.116.21)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/20/2006;
10/10/2006;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #368 and #369); CCM (Cert. #10); SHS (Certs. #441 and #442); HMAC (Cert. #164); RNG (Cert. #177); RSA (Certs. #123 and #124)

-Other algorithms: RC4; MD5; HMAC MD5; Triple-DES; AES-CTR (non-compliant); RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
692 Federal Reserve Bank of Boston
600 Atlantic Avenue
Boston, MA 02210
USA

-Peggy Li
TEL: 617-973-3917
FAX: 617-573-5417

CST Lab: NVLAP 100432-0

FRBB ePurse v2 on ActivCard Applet v2 on Cyberflex Access 64k v1
(Hardware Version: SLE66CX640P; Firmware Versions: OS Hardmask n5 v1, OS Softmask n4 v2, ACA Applet v2.3.0.5, ASCLib v2.3.0.3, PKI/GC Applet v2.3.1.2, ePurse v2 Version 2.0.12)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/20/2006 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #125); Triple-DES MAC (Cert. #125, vendor affirmed); SHS (Cert. #108); RSA (Cert. #58); RNG (vendor affirmed)

-Other algorithms: DES (Cert. #179, not available for use); DES MAC (Cert. #179, vendor affirmed, not available for use);

Single-chip

"The ePurse is a secure payment module which enables a Common Access Card to be used as a payment mechanism at designated locations."
691 Gemalto
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

-James McLaughlin
TEL: 512-257-3954
FAX: 512-257-3881

CST Lab: NVLAP 200427-0

Protiva PIV Applet v1.55 on Protiva TOP DM Card
(Hardware Versions: GCX4-M2569420, GXP4-M2569430, GCX4-M2569422, GCX4-A1004155 and GCX4-A1026517; Firmware Versions: GCX4-FIPS EI07 (MPH051), GCX4-FIPS EI08, GXP4-FIPS EI07 (MPH052) and GXP4-FIPS EI08; Applet Version: Protiva PIV Applet v1.55)

(PIV Card Application: Cert. #23 and #24)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/20/2006;
12/19/2006;
08/29/2007;
12/20/2007;
07/28/2008;
02/24/2011;
06/09/2011;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119), Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. # 168); CVL (Cert. #205)

-Other algorithms: N/A

Single-chip

"This module is based on a Java platform (GemCombiXpresso R4 E72 PK ) with 72K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. The module has on board the following FIPS approved security functions used specifically by the SafesITe FIPS201 applet :P-RNG, Triple DES, SHA-1, RSA algorithms up to 2048 bits key length, and X9.31 RSA On Board Key generation up to 2048 bits long. The module conforms to Java Card 2.1.1, Global Platform 2.1.1, NITS SP-800-73-1, and is very well suited for US Government and Federal projects where FIPS-201, PIV-II compliance is required."
690

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/19/2006;
08/30/2006;
02/17/2012
Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Single-chip

689 Neopost Technologies
113, rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0

C95i Secure Metering Module (SMM)
(Hardware Version: 4126736H B; Firmware Version: 4130379C G10 (SH1), 4126898B A (SH2))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/14/2006;
10/03/2006;
04/26/2007
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: DSA (Cert. #120); SHS (Cert. #389); RNG (Cert. #38); ECDSA (Cert. #15); HMAC (Cert. #119)

-Other algorithms: N/A

Multi-chip embedded

"The IJ40/50/60 are Neopost mid range of Franking products that incorporate a secure metering module for producing a highly secure franking impressions to meet CPC requirements."
688 DigitalGlobe Inc.
1900 Pike Road
Longmont, CO 80501-6700
USA

-Skip Cubbedge
TEL: 303-684-4516
FAX: 303-684-4048

CST Lab: NVLAP 200427-0

WorldView Wideband Transmitter FPGA
(Hardware Version: 668515-1)

(Bypass capability excluded from FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/13/2006 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #296)

-Other algorithms: N/A

Single-chip

"The WorldView Wideband Tramsmitter FPGA provides AES encryption services."
687 TecSec Incorporated
Accounts Payable
1953 Gallows Road
Suite 220
Vienna, VA 22182
USA

-Lisa Liedel

-Roger Butler

CST Lab: NVLAP 200416-0

CKM® Cryptographic Module
(Software Version: 2.0.0.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/13/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (in single user mode)

-FIPS Approved algorithms: AES (Certs. #345 and #379); Triple-DES (Certs. #407 and #422); SHS (Certs. #420 and #450); HMAC (Certs. #149 and #167); RNG (Certs. #165 and #181); RSA (Certs. #116 and #131); DSA (Certs. #155, #163, and #165)

-Other algorithms: DES; Twofish; Blowfish; P-Squared; RSA (key wrapping; key establishment methodology provides between 69 bits and 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC-MD5; CKM Key Construction

Multi-chip standalone

"TecSec® IncorporatedÆs Constructive Key Management« (CKM®) Cryptographic Module (CKMCRYPTO_FIPS.DLL) (Software version 2.0.0.11) is a FIPS 140-2 Level 1 compliant, general purpose, software based cryptographic module running upon the Microsoft« Windows« Operating System (in single user mode)."
686 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Mel Snyder
TEL: 919-462-1900 x208
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeEnterprise™ Encryptor, Model 600
(Hardware Version: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10112-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-30013-00x, 904-10014-00x, 904-10014-00x, 904-10113-00x, 904-25005-00x, 904-25005-00x, 904-25005-00x; Firmware Version: 3.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/11/2006;
04/09/2007;
04/26/2007;
12/07/2007;
03/07/2008
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #268); AES (Certs.#262 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76)

-Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The SafeEnterprise™ Encryptor, Model 600 provides data privacy and access control for connections between vulnerable public and private networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in 155Mbps (OC-3), 622Mbps (OC-12), 1.0Gbps, and 2.4Gbps (OC-48) networks."
685 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna®PCI Cryptographic Module V2
(Hardware Version: VBD-01-0104; Firmware Version: 4.5.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/26/2006 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #361); Triple-DES (Cert. #419); DSA (Cert. #158); RSA (Cert. #126); ECDSA (Cert. #21); SHS (Cert. #436); HMAC (Cert. #4); Triple-DES MAC (Cert. #419, vendor affirmed); RNG (Cert. #37)

-Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES; RC2; RC5; CAST; CAST3; and CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength; non-compliant)

Multi-chip embedded

"The Luna PCI-1200 is a high assurance cryptographic accelerator PCI card contained in a secure enclosure that provides physical resistance to tampering and zeroization of plaintext keys in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card. The Luna PCI-1200 provides over 1200 asymmetric 1024-bit RSA signing operations per second and is ideally suited to high-volume digital signing, encryption, and key generation applications."
684 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module V2
(Hardware Version: VBD-01-0104; Firmware Version: 4.5.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/26/2006 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #361); Triple-DES (Cert. #419); DSA (Cert. #158); RSA (Cert. #126); ECDSA (Cert. #21); SHS (Cert. #436); HMAC (Cert. #4); Triple-DES MAC (Cert. #419, vendor affirmed); RNG (Cert. #37)

-Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES; RC2; RC5; CAST; CAST3; and CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength; non-compliant)

Multi-chip embedded

"The Luna PCI-1200 is a high assurance cryptographic accelerator PCI card contained in a secure enclosure that provides physical resistance to tampering and zeroization of plaintext keys in the event the enclosure is opened. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card. The Luna PCI-1200 provides over 1200 asymmetric 1024-bit RSA signing operations per second and is ideally suited to high-volume digital signing, encryption, and key generation applications."
683 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nToken
(Hardware Version: nC2033P-000; Build Standards C & N; Firmware Version: 2.22.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/26/2006;
06/24/2008
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HAS 160; Diffie-Hellman (key agreement, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
682 Kanguru Solutions
1360 Main St.
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200648-0

KanguruLock
(Software Versions: 1.0.4.7, 1.0.4.15 and 1.0.4.24)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/26/2006;
04/26/2007;
04/30/2007;
06/21/2007;
02/21/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single user mode)

-FIPS Approved algorithms: AES (Cert. #243); SHS (Cert. #321); HMAC (Cert. #51); RNG (Cert. #78)

-Other algorithms: N/A

Multi-chip standalone

"Kanguru Solutions is the leader in portable secure storage devices. KanguruLock, featured in the KanguruMicro Drive AES USB 2.0 Flash Drive, addresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
681 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, and nCipher 800 PCI
(Hardware Version: nC3033P-1K6, nC3033P-1K6N and nC3033P-800 Build Standard C; Firmware Version: 2.22.6-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/19/2006 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nCipher 1600 PCI, nCipher 1600 PCI for NetHSM, nCipher 800 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
680 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nCipher 800 PCI, nCipher 1600 PCI, and nCipher 1600 PCI for NetHSM
(Hardware Version: nC3033P-1K6, nC3033P-1K6N, nC3033P-800, Build Standard C; Firmware Version: 2.22.6-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/19/2006 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HAS 160; Diffie-Hellman (key agreement, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nCipher 800 PCI, nCipher 1600 PCI, nCipher 1600 PCI for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
679 SPYRUS, Inc.
2355 Oakland Road
Suite 1
San Jose, CA 95131
USA

-Tom Dickens
TEL: 408-953-0700
FAX: 408-953-9835

CST Lab: NVLAP 100432-0

LYNKS Series II
(Hardware Version: Models PC500 P/N 906-160001-01, PC530 P/N 906-162001-01, PC530J P/N 906-162002-01, PC530S P/N 906-162004-01, PC600 P/N 906-160002-01, PC700 P/N 906-161001-01, PC730 P/N 906-162005-01, PC730J P/N 906-162006-01, PC730S P/N 906-162008-01, PC800 P/N 906-161002-01; Firmware Version: 2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/19/2006 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #372); AES (Certs. #299 and #300); Skipjack (Cert. #16); DSA (Cert. #142); ECDSA (Cert. #10); RSA (Cert. #88); SHS (Certs. #373 and #374); RNG (Cert. #126)

-Other algorithms: MD5; DES; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); KEA

Multi-chip standalone

"The LYNKS Series II Hardware Security Module (HSM) supports the new "Suite B" algorithms, including elliptic curve cryptography with ECDSA signatures, AES, and the "SHA-2" algorithms. Available with either PCMCIA or USB interfaces."
678 MRV Communications
295 Foster St.
Littleton, MA 01460
USA

-Nicholas Minka

-Tim Bergeron

CST Lab: NVLAP 200427-0

LX-8020S and LX-8040S Series Console Servers
(Hardware Versions: B/L 350-6003 Rev: D, P/N 500-8722 Rev: A and B/L 350-6003 Rev: D, P/N 500-8724 Rev: A and B/L 350-6005 Rev: G, P/N 500-8732 Rev: A and B/L 350-6004 Rev: C, P/N 500-8730 Rev: A and B/L 350-6003 Rev: D, P/N 500-8723 Rev: B and B/L 350-6003 Rev: D, P/N 500-8725 Rev: B and B/L 350-6005 Rev: G, P/N 500-8733 Rev: A and B/L 350-6004 Rev: C, P/N 500-8731 Rev: A and B/L 350-6003 Rev: D, P/N 500-8726 Rev: A and B/L 350-6003 Rev: D, P/N 500-8728 Rev: A and B/L 350-6005 Rev: G, P/N 500-8736 Rev: A and B/L 350-6004 Rev: C, P/N 500-8734 Rev: A and B/L 350-6003 Rev: D, P/N 500-8727 Rev: B and B/L 350-6003 Rev: D, P/N 500-8729 Rev: B and B/L 350-6005 Rev: G, P/N 500-8737 Rev: A and B/L 350-6004 Rev: C, P/N 500-8735 Rev: A; Firmware Version: linuxito Version: 3.7.2 and ppciboot Version: 3.7.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/19/2006 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #348); DSA (Cert. #156); RNG (Cert. #166); RSA (Cert. #117); SHS (Cert. #423); Triple-DES (Cert. #408); HMAC (Cert. #151)

-Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 194 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 bits and 194 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The LX-8000S 20 and 40 port Dual AC and DC units with an optional internal modem add high-end NEBS console management to MRV's LX Series Console Servers. The Linux based system is tuned for optimal performance, security and reliability. The LX-8000S models are designed for telco and data center applications that demand high quality and reliability standards, dual power and NEBS Level-3 Certification."
677 Gemalto
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

-Jerome Denis
TEL: 512-257-3808

CST Lab: NVLAP 200427-0

SafesITe TOP DM GX4 - FIPS with ActivIdentity Digital Identity Applet Suite v2
(Hardware Versions: GCX4-M2569420, GXP4-M2569430, GCX4-M2569422 and GCX4-A1004155; Firmware Versions: GCX4-FIPS EI07 and GXP4-FIPS EI07, Applet Versions: ACA v2.6.1, PKI/GC v2.6.1, ASC library package v2.6.1; ACA v2.6.2, PKI/GC v2.6.2, ASC library package v2.6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/12/2006;
12/19/2006;
03/01/2007;
07/28/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119), Triple-DES MAC (Cert. #412, vendor affirmed); RNG (Cert. # 168)

-Other algorithms: N/A

Single-chip

"This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (72K EEPROM) memory, with a cryptographic applet suite V 2.6.1 developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container and PKI . The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2.1 standards."
676 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506, 6509, 6506(E), 6509(E), 7606 and 7609 Routers With VPN Services Module
(Hardware Version: Chassis:6506, 6509, 6506-E, 6509-E,7606,7609; Backplane chassis: Hardware Version 1.0 (6505(E), 7606, 7609), 1.1 (6509(E)), 3.0 (6506, 6509); Supervisor Blade: Hardware Version 4.1 (SUP720-3B), 4.0 (SUP720-3BXL); VPNSM Blade: Hardware Version 1.3; Firmware Version: 12.2(18)SXE2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/22/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #132 and 155); SHS (Cert. #117); HMAC (Cert. #33); RNG (Cert. #123)

-Other algorithms: DES; AES (non-compliant); Triple-DES; SHA-1 (non-compliant); HMAC-SHA-1 (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 80-bits and 96-bits of encryption strength; non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers with the VPN Services Module offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
675 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite
(Hardware Version: nC4033P-300, nC4132P-300, nC4032P-300N, nC4232P-300, nC4232P-300N, nC4032P-150, nC4232P-150, nC4032P-150, and nC4032P-10 Build Standard ER; Firmware Version: 2.22.6-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/22/2006 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength))

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
674 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 Ultrasign PCI, nShield F3 Ultrasign 32 PCI, nCipher F3 PCI for NetHSM, payShield Ultra PCI, payShield Ultra PCI for NetHSM, nShield F3 PCI, payShield PCI, nShield F3 PCI and nShield lite
(Hardware Version: nC4033P-300, nC4132P-300, nC4032P-300N, nC4232P-300, nC4232P-300N, nC4032P-150, nC4232P-150, nC4032P-150 and nC4032P10 Build Standard ER; Firmware Version: 2.22.6-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/22/2006 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192-bits of encryption strength); RSA (key wrapping, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength))

Multi-chip embedded

"The nCipher nShield range of Hardware Security Modules improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
673 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

7206VXR NPE-G1and 7301 with VAM2+
(Hardware Version: 7206VXR; NPE-G1 Version: 2.1, Board Version A0; VAM2+ Version: 1.0, Board Version: C0; 7301 Version: 5.0, Board Version: A0; Firmware Version: 12.3(11)T10)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/15/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #173); Triple-DES (Cert. #275); SHS (Certs. #404 and #258); HMAC (Cert. #39); RNG (Certs. #150 and #83)

-Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); DES; RSA (non-compliant); AES (non-compliant); Triple-DES; HMAC (non-compliant)

Multi-chip standalone

"Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
672 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

MiniHSM
(Hardware Version: nC4033z-10 Build Standards A, B & N; Firmware Versions: 2.22.17-2 and 2.22.34-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/11/2006;
08/29/2006;
06/24/2008;
04/05/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less that 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert.#68, key wrapping, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less that 112 bits of encryption strength)

Multi-chip embedded

"The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
671 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

MiniHSM
(Hardware Version: nC4033z-10 Build Standards A, B & N; Firmware Versions: 2.22.17-3 and 2.22.34-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/11/2006;
08/29/2006;
06/24/2008
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES (non compliant); DES MAC (non compliant); MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less that 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert.#68, key wrapping, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less that 112 bits of encryption strength)

Multi-chip embedded

"The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
670 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield 4000 [1], nShield 2000 [2], nShield 2000 for netHSM [3], nShield 800 [4], nShield 500 [5], nShield 500 for netHSM [6] and nShield Plus [7]
(Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-800 [4], nC4133P-500 [5], nC4133P-500N [6] and nC4033P-50 [7], Build Standards L & N; Firmware Versions: 2.22.6-2, 2.22.34-2 and 2.22.43-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/11/2006;
06/14/2006;
12/20/2006;
04/29/2008;
06/24/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3 +EFP/EFT
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
669 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield 4000 [1], nShield 2000 [2], nShield 2000 for netHSM [3], nShield 800 [4], nShield 500 [5], nShield 500 for netHSM [6] and nShield Plus [7]
(Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-800 [4], nC4133P-500 [5], nC4133P-500N [6] and nC4033P-50 [7], Build Standards L & N; Firmware Versions: 2.22.6-3, 2.22.34-3 and 2.22.43-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/11/2006;
06/14/2006;
12/20/2006;
06/24/2008
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339, vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 192 bits of encryption strength); RSA (Cert. #68, key wrapping, key establishment methodology provides 112 bits to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nCipher 4000 PCI, nShield 800 PCI, and nShield Plus PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
668 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

Oberthur PIV EP v1 on ID-One Cosmo 64 v5 D
(Hardware Version: HW P/N 77; Firmware Version: FW Version E303-063684 with PIV Applet Suite v1 (PIV Applet v1.08 or v1.09 and SSO Applet v1.08)

(PIV Card Application: Cert. #1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/02/2006;
07/27/2007;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94); CVL (Cert. #204)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed); RSA KeyGen

Single-chip

"The PIV EP v1 is a fully validated PIV-II « End Point » smart card to answer HSPD12. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption and secure post issuance management. To increase flexibility and customization capabilities, the card supports all PIV optional data containers from SP800-73-1, plus additional non-PIV containers and keys configurable during manufacturing. A built-in Card Single Sign-On application allows multiple on card applications to share the same Card Holder Verification Method (Global PIN)."
667 Francotyp-Postalia
Triftweg 21-26
Birkenwerder, 16547
Germany

-Clemens Heinrich
TEL: +49-3303-525-619
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0

Postal Revenector Canada
(Hardware Version: 58.0036.0001.00 Version 06; Firmware Version: 90.0036.0009.00/01)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/02/2006;
06/26/2007
Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: Triple-DES (Cert. #391); SHS (Cert. #400); RSA (Cert. #109); ECDSA (Cert. #20); HMAC (Cert. #132); RNG (Cert. #148)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip embedded

"The Postal Revenector Canada is an embedded hardware module which provides security critical services for postage meters in the Canadian market. It is used to support new secure methods of applying postage."
666 Francotyp-Postalia
Triftweg 21-26
D-16547 Birkenwerder
Germany

-Hasbi Kabacaoglu
TEL: +49-3303-525-656
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0

Revenector
(Hardware Version: P/N 58.0036.0001.00/06; 58.0036.0006.00/03; Firmware Version: 5.46)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/02/2006;
05/30/2006
Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: RSA (Cert. # 109); SHS (Cert. #400)

-Other algorithms: N/A

Multi-chip embedded

"Revenector is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of Revenector is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
665 Francotyp-Postalia
Triftweg 21-26
16547 Birkenwerder
Birkenwerder, 16547
Germany

-Hasbi Kabacaoglu
TEL: +49/3303/525/656
FAX: +49/3303/525/609

CST Lab: NVLAP 100432-0

Postal Revenector
(Hardware Version: P/N 58.0036.0001.00 Version 06; Firmware Version: 90.0036.0006.00/03)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/02/2006;
01/01/2014
Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: Triple-DES (Cert. #391); SHS (Cert. #400); RSA (Cert. #109); HMAC (Cert. #132); RNG (Cert. #148)

-Other algorithms: ECDSA (Cert. #19; non-compliant); Diffie-Hellman (key agreement)

Multi-chip embedded

"The Francotyp-Postalia Postal Revenector employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal Revenector has been designed in compliance with the United States Postal Services (USPS), Information-Based Indicia Program (IBIP)."
664 Zix Corporation
2711 N. Haskell Avenue
Suite 2300
Dallas, TX 75204-2960
USA

-Dena Bauckman
TEL: 214-370-2008
FAX: 214-370-2071

CST Lab: NVLAP 200017-0

ZixCorp Crypto Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 04/26/2006;
06/04/2009;
07/08/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Linux Red Hat Enterprise 3 Operating System (in single user mode)

-FIPS Approved algorithms: AES (Cert #321); Triple-DES (Cert #385); RSA (Cert #108); SHS (Cert #394); HMAC (Cert #127); RNG (Cert #145)

-Other algorithms: DSA (non compliant); Diffie-Hellman (key agreement); Elliptic Curve (non compliant); MD2; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 112-bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The ZixCorp Crypto Module provides email encryption using a FIPS 140-2 level 1 validated cryptographic module. As part of the Zix Email Encryption Service, the ZixCorp Crypto Module provides highly secure email communication between Zix customers and their business partners. The approved cryptographic algorithms included in the module are: AES, Triple- DES, RSA, SHA-1, HMAC SHA-1 and FIPS 186-2 Appendix 3.1 RNG."
663 3e Technologies International, Inc.
9175 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-010F-A-2 Cryptomodule and 3e-010F-C-2 Cryptomodule
(Software Version: 3e-010F-A-2 Version 2.0, Build 18; 3e-010F-C-2 Version 2.0, Build 15; and 3e-010F-C-2 Version 2.0, Build 15, Revision 1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/26/2006;
08/01/2006;
08/29/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Professional with SP4 and Microsoft Windows XP with SP2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #225, #287 and #288); Triple-DES (Cert. #316); RNG (Cert. #67); CCM (Certs. #5 and #6); HMAC (Cert. #32); SHS (Cert. #306); RSA (Cert. #112)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The 3e-010F-A-2 and 3e-010F-C-2 Crypto Clients provide standard 802.11a/b/g wireless access along with enhanced protection through a variety of cryptographic features, providing a high level of security for wireless environments. In FIPS 140-2 mode (highly secure), encryption can be set for None, Static AES, Static 3DES, Dynamic Key Exchange and WPA2 Enterprise and Personal (AES-CCM). In non-FIPS mode, one can select None, Static AES, Static 3DES, Dynamic Key Exchange, Static WEP, WPA-Enterprise and Personal (TKIP or AES-CCM) and WPA2-Enterprise and Personal (TKIP or AES-CCM)."
662 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress ® AF1100 Wireless Cryptographic Module
(Hardware Version: AF-1100; Firmware Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2006;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: DES (Cert. #23); Triple-DES (Cert. #19); AES (Cert. #14); SHS (Cert. #316); HMAC (Cert. #62)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; IDEA, ANSI X9.31 RNG (formerly ANSI X9.17; non-compliant)

Multi-chip standalone

"The AirFortress® AF1100 Wireless Cryptographic Module is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware and deployable on any LAN or WAN, the AirFortress® AF1100 Wireless Cryptographic Module provides encryption, data integrity checking, authentication, access control, and data compression."
661 IBM® Corporation
2455 South Road / P330
Poughkeepsie, NY 12601
USA

-Barry Ward
TEL: 845-435-4881
FAX: 845-435-5540

CST Lab: NVLAP 100432-0

IBM eServer Cryptographic Coprocessor Security Module
(Hardware Version: P/Ns 12R6536, 12R8241, 12R8561, 41U0438, Model 4764-001; Firmware Versions: 2096a16d and c16f4102)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2006;
06/14/2006;
04/30/2007;
09/25/2007
Overall Level: 4 

-FIPS Approved algorithms: AES (Cert. #103); Triple-DES (Cert. #215); SHS (Cert. #194); DSA (Cert. #147); RNG (Cert. #132)

-Other algorithms: DES (Cert. #237); MD5, RSA (ISO 9796; non-compliant)

Multi-chip embedded

"The IBM eServer Cryptographic Coprocessor Security Module, is a tamperresponding, programmable, cryptographic PCIX card, containing CPU, encryption hardware, RAM, EEPROM, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is designed as a feature in IBM eServer zSeries and iSeries servers; and for use in IBM eServer xSeries."
660 Authenex, Inc.
1489 Salmon Way
Hayward, CA 94544
USA

-Harry Lee
TEL: 510-324-0230 x114
FAX: 510-324-0251

CST Lab: NVLAP 100432-0

Authenex A-Key
(Hardware Version: P/N AKEY2T0-01, Version 2.0.0; Firmware Version: 3.6.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2006 Overall Level: 3 

-FIPS Approved algorithms: RSA (Cert. #84); AES (Cert. #294); SHS (Cert. #367); RNG (Cert. #119)

-Other algorithms: RSA (key wrapping, key establishment methodology provides between 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Authenex A-Key provides two factor strong authentication for the mobile user, with an embedded suite of applications."
659 Neopost Technologies
113 rue Jean-Marin Naudin
Bagneux, 92220
France

-Thierry Le Jaoudour
TEL: +33 (0) 1 45 36 30 36

CST Lab: NVLAP 100432-0

C20ND-C21ND Secure Metering Module
(Hardware Version: 4124558P Version B; Firmware Versions: 30.20 and 30.24)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2006;
10/03/2006;
12/19/2006
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: DSA (Cert. #61); ECDSA (Cert. #16); HMAC (Cert. #122); Triple-DES (Cert. #119); SHS (Cert. #391); RNG (Cert. #141)

-Other algorithms: N/A

Multi-chip embedded

"The C20ND module is a postage meter supporting accounting and cryptographic functions including the generation of 2D barcodes with ECDSA signatures for secure electronic transactions. Associated with a document transport system and an inkjet print-head, the module is capable of processing up to 250 envelopes per minute."
658 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506, 6509, 6506(E), 6509(E), 7606 and 7609 Routers With IPSec VPN SPA
(Hardware Versions: 6506, 6509, 6506-E, 6509-E, 7606, 7609; Backplane chassis: Hardware Versions 1.0 (6505(E), 7606, 7609), 1.1 (6509(E)), 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 4.1 (SUP720-3B), 4.0 (SUP720-3BXL); IPSec VPN SPA: Hardware Version 1.0; Firmware Version: 12.2(18)SXE2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/20/2006;
05/16/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #258 and #298); SHS (Certs. #285 and #422); HMAC (Certs. #15 and #153); RNG (Cert. #123); AES (Certs. #156 and #209)

-Other algorithms: DES; AES (non-compliant); Triple-DES; SHA-1 (non-compliant); HMAC-SHA-1 (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers with the IPSec VPN SPA offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches and the Cisco 7606 and Cisco 7609 routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
657 Tutarus Corporation
6767 Old Madison Pike
Suite 292
Huntsville, AL USA

-Ray Clayton
TEL: 256-922-1555

CST Lab: NVLAP 200427-0

TRAKRON
(Software Version: 2.2)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/13/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (in single user mode)

-FIPS Approved algorithms: AES (Cert. #313); SHS (Cert. #383); RSA (Cert. #99); RNG (Cert. #133)

-Other algorithms: N/A

Multi-chip standalone

"The TRAKRON module is a software module packaged as a Dynamic-link Library (DLL) on Windows. The library can be used on Microsoft Windows NT, 2000, and XP operating systems. The TRAKRON module provides high-level encryption for Tutarusªs security products."
656 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

PIX 515 and PIX 515E
(Hardware Versions: 515 and 515E; Firmware Version: 7.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/14/2006;
03/20/2007;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #298 and #384); AES (Certs. #209 and #320); RNG (Cert. #143); SHS (Certs. #285 and #393); HMAC (Certs. #15 and #124); RSA (Certs. #105 and #107); DSA (Certs. #150 and #152)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-todeploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
655 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

ASA 5510, ASA 5520 and ASA 5540
(Hardware Versions: 5510, 5520, and 5540; Firmware Version: 7.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/14/2006;
05/28/2010;
02/23/2012;
01/01/2014
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #217 and #384); AES (Certs. #105 and #320); RNG (Certs. #143 and #144); SHS (Certs. #196 and #393); HMAC (Certs. #124 and #125); RSA (Certs. #105 and #106); DSA (Certs. #150)

-Other algorithms: DSA (Cert. #151; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
654 Tutarus Corporation
6767 Old Madison Pike
Suite 292
Huntsville, AL USA

-Ronn Cochran
TEL: 256-922-1555

CST Lab: NVLAP 200427-0

SRKCRYPTO
(Software Version: 3.4.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/06/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (in single user mode)

-FIPS Approved algorithms: AES (Cert. #314); SHS (Cert. #384); RSA (Cert. #100); RNG (Cert. #134)

-Other algorithms: N/A

Multi-chip standalone

"SRKCRYPTO is a digital data encryption library that provides encryption services for Tutarus products. SRKCRYPTO is a unique encryption engine in that it generates a new random key each time data needs to be encrypted. This provides a higher level of security required for the most sensitive data protection."
653 CipherOptics Inc.
701 Corporate Center Drive
Raleigh, NC 27607
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200416-0

CipherOptics SG100 and CipherOptics SG1002
(Hardware Version: A; Firmware Versions: 3.1 and 3.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/06/2006;
08/16/2006;
06/14/2010
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #79); RNG (Cert. #112)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC MD5; DES

Multi-chip standalone

"The CipherOptics SG100 and SG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
652 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield 500 [1], nShield 500 for netHSM [2] and nShield Lite [3]
(Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3]; Build Standards M & N; Firmware Versions: 2.22.6-2, 2.22.34-2 and 2.22.43-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/06/2006;
06/29/2006;
12/20/2006;
06/24/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339; vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield 500 & nShield Lite family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
651 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield 500 [1], nShield 500 for netHSM [2] and nShield Lite [3]
(Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30; Build Standards M & N; Firmware Versions: 2.22.6-3, 2.22.34-3 and 2.22.43-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/06/2006;
06/29/2006;
12/20/2006;
06/24/2008
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #258); Triple-DES (Cert. #339); Triple-DES MAC (Cert. #339; vendor affirmed); DSA (Cert. #136); ECDSA (Cert. #2); SHS (Cert. #333); HMAC (Cert. #68); RSA (Cert. #68); RNG (Cert. #91)

-Other algorithms: ARC FOUR; CAST5; CAST 6; DES; DES MAC; MD2; MD5; SEED; HMAC (MD2, MD5, and RIPEMD160); RIPEMD 160; El-Gamal; Blowfish; Twofish; Serpent; KCDSA; HSA 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield 500 & nShield Lite family of secure ecommerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
650 Ian Donnelly Systems, Inc.
17752 Preston Road
Dallas, TX 75252
USA

-Ian B. Donnelly
TEL: 888-980-8887
FAX: 972-380-8866

CST Lab: NVLAP 100432-0

KEY-UP
(Hardware Version: P/N KEY-UP Version II-A; Firmware Versions: 5.0 and 5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2006;
05/18/2009;
05/18/2009
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #361); Triple-DES MAC (Cert. #361; vendor affirmed); SHS (Cert. #359); RNG (Cert. #127)

-Other algorithms: DES; DUKPT

Multi-chip standalone

"KEY-UP V5.0 security encryption devices for electronic funds transfer applications utilize the latest security specifications mandated by the American National Standard Institute (ANSI) while offering significant performance improvements and lower cost per transaction."
649 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Douglas
TEL: 571-334-4300

CST Lab: NVLAP 200427-0

Aruba 800, 5000 and 6000™ Mobility Controller with ArubaOS FIPS Software
(Hardware Versions: (Aruba 800) HW-800-CHAS-SPOE-SX, HW-800-CHAS-SPOE-T; (Aruba 5000) HW-CHASF (3300028 Rev. 01), HW-FTF (3300031 Rev. 01), LC-2G24F (3300026 Rev. 01), LC-2G (3300029-01), LC-2G24FP (3300024 Rev. 01), SC-48-C1 (3300025- 01), SC-128-C1 (3300025-01), HW-PSU-200, HW-PSU-400; (Aruba 6000) HW-CHASF (3300028 Rev. 01), HW-FTF (3300031 Rev. 01), LC-2G24F (3300026 Rev. 01), LC-2G (3300029-01), LC-2G24FP (3300024 Rev. 01), SC-256-C2 (3300027 Rev. 01), SC-48-C1 (3300025- 01), SC-128-C1 (3300025-01), HW-PSU-200, HW-PSU-400; Software Versions: A800_2.4.1.0-FIPS, A800_2.4.8.2-FIPS, A800_2.4.8.3-FIPS, A800_2.4.8.8-FIPS, A800_2.4.8.9-FIPS, A800_2.4.8.10-FIPS, A800_2.4.8.11-FIPS, A800_2.4.8.12-FIPS, A800_2.4.8.14-FIPS, A800_2.4.8.15-FIPS, A5000_2.4.1.0-FIPS, A5000_2.4.8.2-FIPS, A5000_2.4.8.3-FIPS, A5000_2.4.8.8-FIPS, A5000_2.4.8.9-FIPS, A5000_2.4.8.10-FIPS, A5000_2.4.8.11-FIPS, A5000_2.4.8.12-FIPS, A5000_2.4.8.14-FIPS and A5000_2.4.8.15-FIPS)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2006;
08/10/2006;
03/01/2007;
04/30/2007;
06/21/2007;
08/31/2007;
10/12/2007;
10/22/2007;
04/04/2008;
05/09/2008;
03/14/2011
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #315 and #159); Triple-DES (Certs. #382 and #261); SHS (Certs. #386 and #244); HMAC (Certs. #116 and #118); RNG (Cert. #135); RSA (Certs. #101 and #102); CCM (Cert. #4)

-Other algorithms: DES (Cert. #262); MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
648 3Com Corporation
350 Campus Drive
Marlborough, MA 01752-3064
USA

-Victoria Van Spyk
TEL: 408-326-8581

CST Lab: NVLAP 200427-0

3Com Embedded Firewall PCI Cards
(Hardware Versions: 03-0229-501 and 03-0347-501; Firmware Version: Runtime: 03.101.015, Diagnostic: 03.101.015, Sleep: 03.101.015)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2006 Overall Level: 1 

-FIPS Approved algorithms: Triple-DES (Cert. #212); RNG (Cert. #139); SHS (Certs. #188 and #189); HMAC (Certs. #120 and #130)

-Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Offers hardware embedded encryption and authentication and Fast Ethernet Connectivity for fiber and copper cabled lan."
647 Gemalto
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

-Jerome Denis
TEL: 512-257-3808

CST Lab: NVLAP 100432-0

ActivIdentity Digital Identity Applet Suite V2 on Gemalto SafesITe TOP IM CY2 (aka Cyberflex Access 64K V2)
(Hardware Versions: P/Ns A1002057, A1002631 and A1006577, Hardmask 1v3; Firmware Versions: V2.3.0c suite: ACA applet package version 2.3.0c, PKI/GC applet package version 2.3.0c, ASC library package version 2.3.0c; V2.6.1 suite: ACA applet package version 2.6.1, PKI/GC applet package version 2.6.1, ASC library package version 2.6.1; V2.6.2 suite: ACA applet package version 2.6.2, PKI/GC applet package version 2.6.2, ASC library package version 2.6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2006;
05/26/2006;
08/29/2006;
07/28/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #312); Triple-DES MAC (Cert. #312, vendor affirmed); AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64)

-Other algorithms: DES (Cert. #293); DES MAC (Cert. #293, vendor affirmed)

Single-chip

"This product can be configured to use with suite V2.3.0c for GSC-IS v2.1 support, and with suite V2.6.1 for both GSC-IS v2.1 support and SP800-73 Transitional Card Edge support (for HSPD12/PIV)."
646 PostX Corporation
3 Results Way
Cupertino, CA 95014-5924
USA

-Robert Olson
TEL: 408-861-3513

CST Lab: NVLAP 200427-0

PostX FIPS Cryptography Kernel
(Software Version: 3.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/03/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 with Java JRE 1.4.2 (in single user mode)

-FIPS Approved algorithms: DSA (Cert. #140); Triple-DES (Cert. #354); AES (Cert. #271); SHS (Cert. #356); RSA (Cert. #71); RNG (Cert. #106); HMAC (Cert. #86)

-Other algorithms: DES (Cert. #326); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31, MD5, SHA1); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"The PostX Messaging Application Platform is a trusted email solution that is an enterprise-class platform for encrypting ad hoc emails internal and external to the customer's network. As a compliance and enterprise solution, PostX MAP provides companies the options of deployment, when and how to encrypt, and policy enforcement from 100% on the desktop, 100% at the gateway, or any combination of gateway and desktop. The PostX FIPS Cryptography Kernel is the software module that provides the basic cryptographic functionality for the Messaging Application Platform."
645 SafeNet, Inc.
8029 Corporate Drive
Baltimore, MD 21236
USA

-Joel Rieger
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200416-0

CGX Cryptographic Module
(Software Version: 3.21.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/03/2006 Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Solaris 8 2/02 on Sun Blade 2000

-FIPS Approved algorithms: Triple-DES (Cert. #393); AES (Cert. 329); HMAC (Cert. #148); RNG (Cert. #49); SHS (Cert. #403)

-Other algorithms: DES; MD5; MD2; RSA (non-compliant); RC5; RIPEMD-128; RIPEMD-160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel™ VPN acceleration chips, cards, and EmbeddedIP™ intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms."
644 SafeNet, Inc.
8029 Corporate Drive
Baltimore, MD 21236
USA

-Joel Rieger
TEL: 410-931-7500
FAX: 410-931-7524

CST Lab: NVLAP 200416-0

CGX Cryptographic Module
(Software Version: 3.21.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/03/2006 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Linux 2.4.18-3 and Solaris 8.2/02

-FIPS Approved algorithms: Triple-DES (Cert. #393); AES (Cert. 329); HMAC (Cert. #148); RNG (Cert. #49); SHS (Cert. #403)

-Other algorithms: DES; MD5; MD2; RSA (non-compliant); RC5; RIPEMD-128; RIPEMD-160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

Multi-chip standalone

"Based on SafeNet's 20 years of security expertise and the most widely deployed VPN software in the industry, the CGX Cryptographic Library provides a high-level software interface to SafeNet SafeXcel™ VPN acceleration chips, cards, and EmbeddedIP™ intellectual property. The CGX library can be used as an API to hardware accelerators or for compiling software implementations of the latest industry standard algorithms."
643 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Glenn Constable
TEL: 919-462-1900 x212
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeNet Enterprise ATM Encryptor II, Model 600
(Hardware Versions: 901-11001-00x, 901-27001-00x, 901-37001-00x, 901-77001-00x, 901-41001-00x, 901-61001-00x, 901-51001-00x, 901-81001-00x; Firmware Version: 3.0)

(Note: Refer to the cryptographic module’s security policy for the details on the letter x designation)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/22/2006 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #268, #269 and #270); AES (Certs. #166, #167 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The SafeEnterpriseTM ATM Encryptor II provides data privacy and access control for connections between vulnerable public and private ATM networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in ATM T1, E1, T3, E3, OC-3c and OC-12c networks."
642 Open Source Software Institute
Administrative Office
P.O. Box 547
Oxford, MS 38655
USA

-John Weathersby
TEL: 601-427-0152
FAX: 601-427-0156

CST Lab: NVLAP 200017-0

OpenSSL FIPS Object Module
(Source Content Version: OpenSSLfips1.0.tar.gz; Resultant Compiled Software Version: 1.0)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a FIPS 140-2 non-compliant module.)

Validated to FIPS 140-2
Not Available

Security Policy

Certificate

Software 03/22/2006;
03/29/2006;
06/21/2006
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SuSE Linux Version 9.0 (gcc Compiler Version 3.3.1), and HPUX Version 11i (gcc Compiler Version 3.4.2)

-FIPS Approved algorithms: Triple-DES (Cert. #256); AES (Cert. #146); DSA (Cert. #108); SHS (Certs. #235 and #360); HMAC-SHA-1 (Cert. #95); RSA (Cert. #78); RNG (Cert. #111)

-Other algorithms: DES ((Cert. #258); Diffie-Hellman (key agreement, key establishment methodology provides between 112-bits and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

641 Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

-Entrust Sales

CST Lab: NVLAP 200017-0

Entrust TruePass™ Applet Cryptographic Module
(Software Version: 8.0)

(When operated in FIPS mode with FIPS validated browser services operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/22/2006;
05/28/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 SP4 and Windows XP SP2 running Microsoft VM for Java 5.0.0.3810 or Sun plug-in version 1.4.1; and Netscape Navigator Browser 7.0, (Certs. #7, #45, #47) or Microsoft Internet Explorer 6.0 SP1, (Certs. #76, #103); (operated in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #377); SHS (Cert. #379); RNG (Cert. #129); RSA (Cert. #91)

-Other algorithms: CAST 128; RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Entrust TruePass Applet Cryptographic Module 8.0 performs low level cryptographic operations - encryption, decryption and hashes - implemented in software using the high-level Java programming language. Currently, the module is imbedded into an applet as part of the TruePass product suite that allows integration of cryptographic security into web applications."
640 3e Technologies International, Inc.
700 King Farm Blvd.
Suite 600
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-525A-3 and 3e-525V-3 AirGuard™ Wireless Access Point
(Hardware Versions: 3e525A-3: HW V1.0(A), HW V1.0(B), HW V1.0(C), HW V1.0(D), and HW V1.0(E); 3e-525V-3: HW V1.0(E))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/22/2006;
08/01/2006;
02/12/2007;
04/26/2007
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #292); AES (Cert. 238); HMAC (Cert. #13); SHA-1 (Cert. #278); RNG (Cert. #22); CCM (Cert. #1)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; RC4; DES; AES CFB (non-compliant)

Multi-chip standalone

"The AirGuardTM model 525A-3 and model 525V-3 Wireless Access Points are packaged in rugged IP 66 weatherproof enclosure and conforms to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking for wireless applications. In access point or gateway mode, the 525A-3 can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps up to 108 Mbps. The 525V-3 incorporates an extra video module to provide capability for remote video surveillance and camera control."
639 ActivIdentity, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Eric Le Saint
TEL: 510-745-6211
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivIdentity Digital Identity Applet Suite v1/v2 on OCS ID-One Cosmo 64 v5
(Hardware Versions: P/N 77, Versions E302, E303-063683, E303-063684, E303-063792; Firmware Versions: ActivIdentity Applet Suite V1.1.6: ID applet v1.0.0.23, PKI applet v1.0.0.29, GC applet v1.0.0.27, SKI applet v1.0.0.16; ActivIdentity Applet Suite V1.1.6p: ID applet v1.0.0.25, PKI applet v1.0.0.32, GC applet v1.0.0.29, SKI applet v1.0.0.18; ActivIdentity Applet Suite V2.6.1: ACA applet v2.6.1, PKI/GC applet v2.6.1, ASC library v2.6.1; ActivIdentity Applet Suite V2.6.2: ACA applet v2.6.2, PKI/GC applet v2.6.2, ASC library v2.6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/22/2006;
05/26/2006;
08/29/2006;
10/03/2006;
07/24/2007
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #123); Triple-DES (Cert. #232); Triple-DES MAC (Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94)

-Other algorithms: DES (Cert. #246); DES MAC (Cert. #246, vendor affirmed)

Single-chip

"This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured to use with ActivIdentity applet suite v1.1.6 for enterprise deployment or with v2.6.1for the support of GSC-IS v2.1 and NIST SP800-73 Transitional Card Edge (for HSPD-12/PIV)."
638 Secure Computing Corporation
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Chuck Monroe
TEL: 651-628-2799
FAX: 651-628-2701

CST Lab: NVLAP 200017-0

Cryptographic Module for SecureOS®
(Software Version: 9.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/22/2006 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SecureOS® V6.1 by Secure Computing Corporation

-FIPS Approved algorithms: Triple-DES (Cert. #368); AES (Cert. #295); DSA (Cert. #141); SHS (Cert. #368); HMAC (Cert. #106); RSA (Cert. #85); RNG (Cert. #120)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cryptographic Module for SecureOS® is software providing cryptographic services for applications on versions of Sidewinder G2® Security Appliance™ and Sidewinder G2 Enterprise Manager™. Sidewinder G2 is a line of comprehensive unified threat management (UTM) security appliances consolidating a variety of Internet security functions including Application Defenses™ firewall, anti-virus, anti-spam, traffic anomaly detection, IDS/IPS, and more. It is Common Criteria EAL4+ certified as compliant with the US DoD Application-level Firewall Protection Profile for Medium Robustness."
637 D'Crypt Private Limited
20 Ayer Rajah Crescent
#08-08 Technopreneur Centre
Singapore, 139964
Singapore

-Quek Gim Chye
TEL: (65) 6776-9210
FAX: (65) 6873-0796

CST Lab: NVLAP 100432-0

d'Cryptor ZE Cryptographic Module
(Hardware Versions: P/N DC-ZEN2-30 v3.0, DC-ZEN4-30 v3.0; Firmware Versions: Kernel v3.0, LFM v1.0, AFM v1.0 (builds 1124783674, 1124783679)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/14/2006 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #298); Triple-DES (Cert. #371); SHS (Cert. #372); RSA (Cert. #90); HMAC (Cert. #108); RNG (Cert. #125)

-Other algorithms: DES (Cert. #328)

Multi-chip embedded

"d'Cryptor ZE is a micro-token targeted at high security embedded applications. Central to the next generation d'Cryptor products, the ZE provides cryptographic/key management services, secure key storage and supports interfaces such as UARTs, SSP, infrared, contact/contactless Smartcard and GPIOs."
636 Renesas Technology Corporation
450 Holger Way
San Jose, CA 95134-1368
USA

-Victor Tsai
TEL: 408-382-7735
FAX: 408-382-7490

CST Lab: NVLAP 100432-0

Aspects Software OS755 for Renesas XMobile Card Module
(Hardware Version: P/N AE46C1 Version 0.1; Firmware Version: OS755 Version 2.4.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/14/2006 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #327); Triple-DES MAC (Cert. #327; vendor affirmed); RNG (Cert. #75); RSA (Cert. #57); SHS (Cert. #315)

-Other algorithms: DES (Cert. #305); DES MAC (Cert. #305; vendor affirmed); Raw RSA; RSA cipher only with ISO9796 padding; DES (with ISO9797 m1/m2 padding); Triple-DES (with ISO9797 m1/m2 padding; non-compliant)

Single-chip

"Aspects OS755 for Renesas XMobile Card Module is the combination of a Java Card compliant Operating System that implements FIPS Approved cryptographic functions and a secure Single Chip Silicon hardware. This module is a flexible platform capable of post-issuance customization and updates, and that offers Java Card 2.1.1 technology and GlobalPlatform 2.1 services in addition to a range of FIPS Approved on-board random-number generator, hardware accelerated Triple-DES and RSA algorithms, especially designed for the XMobile Card."
635 TLC-Chamonix, LLC
120 Village Square
Suite 11
Orinda, CA 94563
USA

-Phil Smith
TEL: 877-479-4500
FAX: 877-639-3470

CST Lab: NVLAP 100432-0

WirelessWall Client
(Software Version: 3.3)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/03/2006;
05/20/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode), Windows 2000 SP4 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #301); AES (Cert. #211); SHS (Cert. #288); HMAC (Cert. #18); RSA (Cert. #41); RNG (Cert. #55)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); MD5

Multi-chip standalone

"The Cranite WirelessWall Client enables laptop, desktop, and handheld computer users to securely connect to WirelessWall-protected networks. The Client authenticates users, encrypts wireless network traffic, and blocks malicious attacks. Additionally, the Client optionally seamlessly roam from subnet to subnet without re-authenticating. The Client optionally integrates with the Windows logon, providing secure single signon functionality. Cranite's WirelessWall Client is simple to use and is validated to the government's rigorous FIPS-2 security standard."
634 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

VPN-1
(Firmware Version: NG with Application Intelligence R54)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 03/03/2006;
05/02/2008;
05/28/2009
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 2

- Tested: Dell Optiplex GX-1 running Secure Platform Operating System version NG with Application Intelligence R54

-FIPS Approved algorithms: Triple-DES (Cert. #333); AES (Cert. #88); SHS (Cert. #325); HMAC (Cert. #56); RSA (Cert. #63); RNG (Cert. #30)

-Other algorithms: DES (Cert. #311); CAST 40 bit; CAST 128 bit; MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 70 and 97 bits of encryption strength; non-compliant); RSA (PKCS #1, key wrapping, key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Check Point's VPN-1 version NG with Application Intelligence R54 is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point's Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
633 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3251 Mobile Access Router Card
(Hardware Version: 3.2; Firmware Version: 12.3(14)T2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/03/2006;
12/06/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #285); Triple-DES (Cert. #362); SHS (Cert. #361); HMAC (Cert. #96); RNG (Cert. #113)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; HMAC MD5; RSA (non-compliant)

Multi-chip embedded

"The module is a high-performance router card, which offers secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The unique functionality of this router card is that always on IP connectivity for networks in motion. This allows IP hosts on a mobile network to connect transparently to the parent network while the router is in motion."
632 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3220 Mobile Access Router Card
(Hardware Version: 3.2; Firmware Version: 12.3(14)T2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/03/2006;
12/06/2006;
05/28/2010;
02/23/2012
Overall Level: 1 

-Cryptographic Module Specification: Level 2
-Cryptographic Module Ports and Interfaces: Level 2
-Roles, Services, and Authentication: Level 2
-Finite State Model: Level 2
-Cryptographic Key Management: Level 2
-EMI/EMC Level 2
-Self-Tests: Level 2
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Cert. #285); Triple-DES (Cert. #362); SHS (Cert. #361); HMAC (Cert. #96); RNG (Cert. #113)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; HMAC MD5; RSA (non-compliant)

Multi-chip embedded

"The module is a high-performance router card, which offers secure data, voice and video communications, seamless mobility and interoperability across multiple wireless networks. The unique functionality of this router card is that always on IP connectivity for networks in motion. This allows IP hosts on a mobile network to connect transparently to the parent network while the router is in motion."
631 Good Technology, Inc.
101 Redwood Shores Parkway
Redwood City, CA 94065
USA

-Sriram Krishnan
TEL: 650-486-6000

CST Lab: NVLAP 200002-0

FIPSCrypto on Windows Mobile
(Software Version: 4.7.0.50906)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/03/2006;
05/18/2009;
01/28/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 Operating System

-FIPS Approved algorithms: AES (Cert. #134); Triple-DES (Cert. #240); SHS (Cert. #217); HMAC (Cert. #126)

-Other algorithms: N/A

Multi-chip standalone

"The FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1."
630 PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025
USA

-Vinnie Moscaritolo
TEL: 650-319-9000
FAX: 650-319-9001

CST Lab: NVLAP 100432-0

PGP Software Developer's Kit (SDK) Cryptographic Module
(Software Version: 3.5.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/03/2006;
05/08/2007;
03/07/2008;
07/28/2008;
08/21/2008;
12/03/2008
Overall Level: 1 

-Cryptographic Module Specification:Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with MAC OSX 10.4.2; Windows XP SP2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #379); AES (Cert. 308); DSA (Cert. #144); SHS (Cert. #381); HMAC (Cert. #114); RSA (Cert. #97); RNG (Cert. #131)

-Other algorithms: CAST-5; IDEA; Two-Fish; MD5; RIPEMD60; HMAC-MD5; Blow-Fish; ElGamal Encrypt/Decrypt (key wrapping; key establishment methodology provides between 112 to 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 to 128 bits of encryption strength); Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
629 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper NetScreen-5GT
(Hardware Version: P/N NS-5GT Version 1010; Firmware Versions: ScreenOS 5.0.0r9a.t and 5.0.0r9b.t)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/07/2006;
05/16/2006;
06/14/2006;
06/20/2006;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #239); Triple-DES (Cert. #329); DSA (Cert. #125); SHS (Cert. #286); RSA (Cert. #59); HMAC (Cert. #16); RNG (Cert. #58)

-Other algorithms: DES (Cert. #307); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The NetScreen-5GT appliance is a feature-rich, enterprise-class, network security solution that integrates multiple security functions - Stateful and Deep Inspection firewall, IPSec VPN, denial of service protection, antivirus and Web filtering. The NetScreen-5GT Ethernet solution is ideal for environments that need hardwired connectivity backed by robust network, application and payload level security. The NetScreen-5GT Ethernet is available with five Ethernet interfaces that can be deployed in a wide variety of configurations."
628 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166-9309
USA

-Michael Teal
TEL: 571-434-2129
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

DiamondLink/CL100
(Hardware Versions: P/Ns 5010D26200-4 Rev. C, 5010D26200-4 Rev. D, 5010D26200-5 Rev. D and 5010D26200-5 Rev. E; Firmware Versions: 2.1.9 and 2.4.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/27/2006 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24)

-Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"DiamondLink is a managed secure network appliance that features DiamondTEK's self protecting security computer. DiamondLink automatically identifies and authenticates the user to the network, encrypts communications and determines which data and servers the user is authorized to access. Security functions include token based user I&A, firewall filtering, IPSec, Data Driven Access Control (DDAC) capabilities and centralize management using the DiamondTEK DiamondCentral."
627 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166-9309
USA

-Michael Teal
TEL: 571-434-2129
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

DiamondVPN/CV100
(Hardware Versions: P/Ns 5010D27450 Rev. D and 5010D27450 Rev. F; Firmware Versions: 2.1.9 and 2.4.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/27/2006 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24)

-Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"DiamondVPN is a rack-mounted network security appliance that can be installed to enforce a single security policy for a workgroup or department operating on your enterprise network. The DiamondVPN can also be deployed at the edge of a corporate LAN for outbound communications security and control of access to the LAN. The DiamondVPN supports secure pass-through to devices protected by other DiamondTEK products. This allows full-path, end-to-end security in combination with conventional site-to-site and remote-to-site tunneled communications."
626 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166-9309
USA

-Michael Teal
TEL: 571-434-2129
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

DiamondPak/CP106
(Hardware Versions: P/Ns 5010D27630 Rev. C and 5010D27630 Rev. D; Firmware Versions: 2.1.9 and 2.4.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/27/2006 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #71); SHS (Cert. #63); HMAC-SHA-1 (Cert. #63, vendor affirmed); RSA (Cert. #19); RNG (Cert. #24)

-Other algorithms: DES (Cert. #132); DES MAC (Cert. #132, vendor affirmed); MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"DiamondPak is a rack-mounted network appliance designed for protecting multiple servers, each having DiamondTEK's self-protecting security computer with a single security profile. With DiamondPak's advanced access-control system for protecting critical backend systems, DiamondPak provides the same security protection that is used for our governement's most sensitive information."
625 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-David Norton
TEL: 978-288-7079
FAX: 978-288-4004

-David Passamonte
TEL: 978-288-8973
FAX: 978-288-4004

CST Lab: NVLAP 200427-0

VPN Router 1750, 2700 and 5000 with VPN Router Security Accelerator
(Hardware Versions: 1750, 2700 and 5000 with DM0011085; Firmware Version: 5.05_150)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/24/2006;
05/16/2006;
02/12/2007;
06/21/2007
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #158 and #367); AES (Certs. #48 and #292); SHS (Certs. #143 and #366); HMAC (Certs. #102 and #103); RSA (Cert. #83); RNG (Cert. #116)

-Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ANSI X9.31 RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RC2; RC4; MD2; MD5; HMAC MD5

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
624 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-David Norton
TEL: 978-288-7079
FAX: 978-288-4004

-David Passamonte
TEL: 978-288-8973
FAX: 978-288-4004

CST Lab: NVLAP 200427-0

VPN Router 1700, 1750, 2700 and 5000 with Hardware Accelerator
(Hardware Versions: 1700, 1750, 2700 and 5000 with DM0011052; Firmware Version: 5.05_150)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/24/2006;
05/16/2006;
04/26/2007;
06/21/2007
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #29 and #367); AES (Cert. #292); SHS (Certs. #51 and #366); HMAC (Certs. #101 and #103); RSA (Cert. #83); RNG (Cert. #116)

-Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RC2; RC4; MD2; MD5; HMAC MD5

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
623 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-David Norton
TEL: 978-288-7079
FAX: 978-288-4004

-David Passamonte
TEL: 978-288-8973
FAX: 978-288-4004

CST Lab: NVLAP 200427-0

VPN Router 600, 1700, 1750, 2700 and 5000
(Hardware Versions: 600, 1700, 1750, 2700 and 5000; Firmware Version: 5.05_150)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/24/2006;
05/16/2006;
04/26/2007;
06/21/2007
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #367); AES (Cert. 292); SHS (Cert. #366); HMAC (Cert. #103); RSA (Cert. #83); RNG (Cert. #116)

-Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ANSI X9.31 RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RC2; RC4; MD2; MD5; HMAC MD5

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
622 Lexmark International, Inc.
740 West Circle Road
Lexington, KY 40550
USA

-Sean Gibbons
TEL: 859-232-2000

CST Lab: NVLAP 200416-0

Lexmark PrintCryption
(Firmware Version: 1.3.0)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 01/19/2006;
12/13/2006;
01/04/2007
Overall Level: 1 

-Tested: T630, T632, T634, T640, T642, T644, C534, C760, C762, C912, C920, W820, W840, Lexmark ver. 2.4 O/S

-FIPS Approved algorithms: Triple-DES (Certs. #356, #357, #358, #359, #360 and #470); AES (Certs. #273, #274, #275, #276, #277 and #452); RSA (Certs. #73, #74, #75, #76, #77 and #171); SHS (Certs. #350, #351, #352, #353, #354 and #515); HMAC (Certs. #89, #90, #91, #92, #93 and #215); RNG (Certs. #100, #101, #102, #103, #104 and #237)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Lexmark PrintCryption Card is an option for the Lexmark series of output devices that enables the printing of host encrypted data. With this option installed, the printer is capable of decrypting print jobs encrypted with the AES algorithm. The Lexmark PrintCryption Card analyzes the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the confidential document to be printed."
621 NeoScale Systems, Inc.
1655 McCarthy Blvd.
Milpitas, CA 95035
USA

-Rose Quijano-Nguyen
TEL: 408-473-1313
FAX: 408-473-1307

-Chris Winter
TEL: 408-473-1393
FAX: 408-473-1307

CST Lab: NVLAP 200017-0

CryptoStor Tape 702 and 704
(Hardware Versions: FC702 - P/N 820-0004-01 Rev 2 and FC704 - P/N 820-0005-01 Rev 1; Firmware Version: 2.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/19/2006 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #275 and #285); AES (Certs. #173 and #183); SHS (Certs. #258 and #269); RSA (Cert. #26); HMAC (Cert. #25); RNG (Certs. #35 and #83)

-Other algorithms: N/A

Multi-chip standalone

"NeoScale CryptoStor Tape is a readily deployable, high-speed tape security appliance that compresses, encrypts and digitally signs data as it goes to tape media or virtual tape--without disrupting backup processes. CryptoStor dynamically intercepts backup/restore communications between hosts and tape libraries-centrally managing and fully off-loading tape media security functions. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery with the appliance or with a software-only utility."
620 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1841 Integrated Services Router with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Router with AIM- VPN/EPII-Plus
(Hardware Versions: 1841 and 2801; AIM-VPN/BPII-Plus Version: 1.0, Board Version: C1; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/06/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #219, #181 and #100); Triple-DES (Certs. #311, #283 and #213); SHS (Certs. #300, #267 and #401); HMAC (Certs. #29, #27 and #38); RNG (Cert. #31)

-Other algorithms: DES (Certs. #292, #275 and #235); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; HMAC-MD5; RSA (non-compliant); RC4

Multi-chip standalone

"The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
619 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2851 Integrated Services Router with AIM-VPN/EPII-Plus
(Hardware Version: 2851; AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/06/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #219, #96 and #100); Triple-DES (Certs. #311, #210 and 213); SHS (Certs. #300, #317 and #401); HMAC (Certs. #84, #50 and #38); RNG (Cert. #97)

-Other algorithms: DES (Certs. #292, #233 and #235); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; HMAC MD5; RSA (non-compliant); RC4

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance the Cisco 2800 Series features the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
618 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3825 Integrated Services Router with AIM-VPN/EPII-Plus and Cisco 3845 Integrated Services Router with AIM-VPN/HPII-Plus
(Hardware Versions: 3825 and 3845; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; AIM-VPN/HPII-Plus Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/06/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #210, #213 and #311); AES (Certs. #96, #100 and #219); RNG (Cert. #97); SHS (Certs. #300, #317 and #401); HMAC (Certs. #38, #50 and #84)

-Other algorithms: DES (Certs. #233, #235 and #292); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; HMAC-MD5; RC4; RSA (non-compliant)

Multi-chip standalone

"The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance the Cisco 3800 Series features the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
617 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2811 and Cisco 2821 Integrated Services Router with AIMVPN/ EPII-Plus
(Hardware Versions: 2811 and 2821; AIM Version: 1.0, Board Version: D0; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/06/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #219 and #100); Triple-DES (Certs. #311 and #213); SHS (Certs. #300 and #401); HMAC (Certs. #84 and #38); RNG (Cert. #97)

-Other algorithms: DES (Certs. #292 and #235); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96-bits of encryption strength; non-compliant); MD5; HMAC MD5; RSA (non-compliant); RC4

Multi-chip Standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance the Cisco 2800 Series features the ability to optionally add encryption acceleration advanced integration modules (AIMs)."
616 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1841 and Cisco 2801 Integrated Services Router
(Hardware Versions: 1841 and 2801; Firmware Version: 12.3(11)T03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/06/2006;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #219 and #181); Triple-DES (Certs. #311 and #283); SHS (Certs. #300 and #267); HMAC (Certs. #29 and #27); RNG (Cert. #31)

-Other algorithms: DES (Certs. #292 and #275); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96-bits of encryption strength; non-compliant); MD5; HMAC-MD5; RSA (non-compliant); RC4

Multi-chip standalone

"The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard."
615 WRQ, Inc.
1500 Dexter Avenue North
Seattle, WA 98109
USA

-Donovan Deakin
TEL: 206-217-7500
FAX: 206-217-7515

CST Lab: NVLAP 100432-0

Reflection Security Component for Java
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/06/2006 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Professional SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; Microsoft Windows 2000 Server SP3 and Q326886 Hotfix and Sun Microsystems Java Runtime Environment version 1.4.1; Mac OS X 10.3.5 and Apple Java Runtime Environment 1.4.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #305); AES (Cert. #213); RSA (Cert. #45); DSA (Cert. #126); SHS (Cert. #293); RNG (Cert. #57); HMAC (Cert. #20)

-Other algorithms: DES (Cert. #288); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112-bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip Standalone

"Reflection® for the Web provides terminal emulation from a web browser. With this server-based solution you can connect local or remote users to applications on IBM, HP, UNIX, and OpenVMS hosts. You can also use its comprehensive management, security, and customization features to boost IT efficiency and user productivity."
614 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan
Taiwan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886-3-424-4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200017-0

HICOS PKI Smart Card
(Hardware Version: HD65145C1; Software Version: GINA Applet: 1.0, PKI Applet: 1.0, FISC II Applet: 1.2; Firmware Version: HardMask: 1.0, SoftMask: 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/06/2006 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: RSA (Cert. #72); Triple-DES (Cert. #355); SHS (Cert. #357); RNG (Cert. #107); AES (Cert. #272); HMAC (Cert. #87); Triple-DES MAC (Cert. #355, vendor affirmed)

-Other algorithms:

Single-chip

"The HICOS PKI smart card module is a single chip implementation of a cryptographic module. The HICOS PKI smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HICOS PKI Smart Card cryptographic module contains an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart card chips."


Need Assistance?