CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016
All

Last Updated: 9/13/2016

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Val.
Date
Level / Description
725

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Certificate

Security Policy
Hardware12/15/2006Overall Level: 1

Multi-chip embedded
724

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Certificate

Security Policy
Hardware12/15/2006Overall Level: 1

Multi-chip embedded
723Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Tim Fox
TEL: +44 (0)1844 201800

CST Lab: NVLAP 200002-0
Secure Generic Sub-System (SGSS), Version 3.3
(Hardware Versions: 1213B130, Rev 2 and 1213D130, Rev 3a; Software Version: 2.5.7)

Validated to FIPS 140-2

Certificate

Security Policy

Vendor Product Link
Hardware12/18/2006
09/25/2007
Overall Level: 3

-FIPS Approved algorithms: DSA/SHS (Cert. #24)

-Other algorithms: N/A

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000 family, WebSentry™ family, HSM 8000 family, P3™CM family, PaySentry™, 3D Security Module and SafeSign® Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and SHA-1 hashing."
720Sterling Commerce, Inc.
4600 Lakehurst Court
Dublin, Ontario 43016-2000
USA

Garry Mayo
TEL: 469-524-2663
FAX: 469-524-2357

Dean Vallas
TEL: 469-524-2103
FAX: 469-524-2357

CST Lab: NVLAP 200556-0
Connect:Direct Secure+ Option
(Software Version: Version 4.5 on z/OS)
(When operated in FIPS mode using IBM eServer zSeries 900 CMOS Cryptographic Coprocessorvalidated to FIPS 140-1 under Cert. #118 operating in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software-Hybrid11/15/2006Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with IBM z/OS 1.6 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #423 and #28); SHS (Certs. #451 and #37); ECDSA (Cert. #25); DSA (Cert. #37)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Connect:Direct Secure+ Option provides server-based software file-transfer solutions for high-volume applications. Connect:Direct installations typically perform periodic, high-capacity file transfers between specific servers, often for financial services or federal government applications. This software supports multiple server platforms, including mainframe operating systems, UNIX platforms, and Windows servers."
717High Density Devices AS
Vestre Strandgate 26
Kristiansand N-4611
Norway

Aage Kalsaeg
TEL: +47 38 10 44 80
FAX: +47 38 10 44 99

CST Lab: NVLAP 100432-0
SecureD v.1.6.1
(Hardware Version: HW P/N SecureD v.1.6.1 Version 1.6.6; Firmware Version: 1.6.3)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware11/15/2006
01/05/2007
Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #427); AES (Cert. #383)

-Other algorithms: N/A

Multi-chip embedded

"SecureD is a hardware based encryption device that offers optimal, fully integrated, protection for stored data in IDE data bus based computer systems. SecureD operates fully transparent at the speed of ATA-6 AT API. SecureD is using AES 128/192/256 bits encryption/decryption, and is 100% operating system independent. No SW is installed. Ideal for encryption of disks in Desktop environment, Laptop, and USB/Firewire connected disks."
715RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

Jim Spence
TEL: 785-856-1300
FAX: 785-856-1302

CST Lab: NVLAP 100432-0
FIPSCOM Cryptographic Module
(Hardware Versions: P/N 7011-30967-000 Versions 050306, 030207 and 051208; Firmware Versions: 0722-05072-000, 0722-05073-000 and 0722-05073-001)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware11/06/2006
04/26/2007
12/18/2007
06/23/2008
Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #385); RSA (Cert. #139); SHS (Cert. #462)

-Other algorithms: DES; NDRNG

Multi-chip embedded

"The FIPSCOM is an embedded cryptographic module that providesencryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
712

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Certificate

Security Policy
Hardware10/27/2006
07/28/2009
Overall Level: 2

Multi-chip standalone
711JVC KENWOOD Corporation
1-16-2, Hakusan, Midori-ku,
Yokohama-shi, Kanagawa 226-8525
Japan

Tamaki Shimamura
TEL: +81 45 939 6254
FAX: +81 45 939 7093

Joe Watts
TEL: 678-474-4700
FAX: 678-474-4730

CST Lab: NVLAP 100432-0
Secure Cryptographic Module (SCM)
(Hardware Versions: P/N KWD-AE20, Version 1.0.0; Firmware Versions: A1.0.0 and A1.0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware10/16/2006
12/07/2011
01/31/2012
Overall Level: 1

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #363); SHS (Cert. #437)

-Other algorithms: DES; LFSR

Multi-chip embedded

"The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES (non-compliant) encryption."
704Utimaco® Safeware AG
Hohemarkstraße 22
Oberursel D-61440
Germany

US Corporate Headquarters
TEL: 508- 543-1008
FAX: 508- 543-1009

Dr. Christian Tobias
TEL: +49 6171 88 1711

CST Lab: NVLAP 200017-0
SafeGuard Easy
(Software Version: 4.20)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software09/15/2006Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Windows 2000 SP4, Windows Server 2000 SP4, Windows XP SP2, and Windows 2003 SP1 (All in single-user mode)

-FIPS Approved algorithms: AES (Cert. #364); Triple-DES (Cert. #416); HMAC (Cert. #162); SHS (Cert. #438)

-Other algorithms: Idea; Blowfish; XOR; Rijndael-256; Stealth-40; DES

Multi-chip standalone

"SafeGuard Easy (SGE) is a software product designed to protect user data on all types of Personal Computers (PCs) running Microsoft Windows 2000 or Microsoft Windows XP as operating system. SafeGuard Easy is installed on a PC to prevent unauthorised access to user data stored on hard disk partitions. In this context, user data means all files on hard disk partitions, i.e. data files, program files and even files of the operating system. The protection of the user data stored on hard disk partitions is realised by encryption. Encryption is done on sector level - not on file level."
700Blue Ridge Networks
14120 Parke Long Court
Suite 101
Chantilly, VA 20151
USA

Nancy Canty
TEL: 703-633-7331
FAX: 703-631-9588

CST Lab: NVLAP 200416-0
BorderGuard 5000 and 6000 Series
(Hardware Versions: BorderGuard 5100, 5200, 5400, 5500, 5600, 6100, 6200, 6400, 6500 and 6600; Firmware Version: DPF1 V7.3)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware08/22/2006Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #116 and #173); Triple-DES (Certs. #57 and #275 ); SHS (Certs. #49 and #258); HMAC (Certs. #21 and #22)

-Other algorithms: DES (Certs. #119 and #271); DES MAC (Certs. #119 and #271, vendor affirmed); IDEA; HMAC-MD5; MD5; RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits of encryption strength for Models 5100, 5200, 5400, 6100, 6200, and 6400; and between 112 and 150 bits of encryption strength for Models 5500, 5600, 6500, and 6600; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"The BorderGuard hardware models 5100, 5200, 5400, 5500, 5600, 6100, 6200, 6400, 6500, and 6600 version DPF 7.3 firmware are standalone hardware security appliances (routers) used to secure Internet traffic. The module is a multi-chip-standalone device."
690

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Certificate

Security Policy
Hardware07/19/2006
08/30/2006
02/17/2012
Overall Level: 1

Single-chip
688DigitalGlobe Inc.
1900 Pike Road
Longmont, CO 80501-6700
USA

Skip Cubbedge
TEL: 303-684-4516
FAX: 303-684-4048

CST Lab: NVLAP 200427-0
WorldView Wideband Transmitter FPGA
(Hardware Version: 668515-1)
(Bypass capability excluded from FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware07/13/2006Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #296)

-Other algorithms: N/A

Single-chip

"The WorldView Wideband Tramsmitter FPGA provides AES encryption services."
666Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder D-16547
Germany

Hasbi Kabacaoglu
TEL: +49-3303-525-656
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0
Revenector
(Hardware Version: P/N 58.0036.0001.00/06; 58.0036.0006.00/03; Firmware Version: 5.46)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware05/02/2006
05/30/2006
Overall Level: 3

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: RSA (Cert. # 109); SHS (Cert. #400)

-Other algorithms: N/A

Multi-chip embedded

"Revenector is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of Revenector is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
662Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0
AirFortress ® AF1100 Wireless Cryptographic Module
(Hardware Version: AF-1100; Firmware Version: 2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware04/26/2006
03/26/2010
05/17/2013
Overall Level: 2

-FIPS Approved algorithms: DES (Cert. #23); Triple-DES (Cert. #19); AES (Cert. #14); SHS (Cert. #316); HMAC (Cert. #62)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; IDEA, ANSI X9.31 RNG (formerly ANSI X9.17; non-compliant)

Multi-chip standalone

"The AirFortress® AF1100 Wireless Cryptographic Module is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware and deployable on any LAN or WAN, the AirFortress® AF1100 Wireless Cryptographic Module provides encryption, data integrity checking, authentication, access control, and data compression."
631Good Technology, Inc.
101 Redwood Shores Parkway
Redwood City, CA 94065
USA

Sriram Krishnan
TEL: 650-486-6000

CST Lab: NVLAP 200002-0
FIPSCrypto on Windows Mobile
(Software Version: 4.7.0.50906)

Validated to FIPS 140-2

Certificate

Security Policy
Software03/03/2006
05/18/2009
01/28/2010
Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 Operating System

-FIPS Approved algorithms: AES (Cert. #134); Triple-DES (Cert. #240); SHS (Cert. #217); HMAC (Cert. #126)

-Other algorithms: N/A

Multi-chip standalone

"The FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1."