CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 6/27/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
884 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks SSG 520M and SSG 550M
(Hardware Versions: P/N SSG 520M and SSG 550M; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/14/2007;
07/10/2008;
05/18/2009;
01/20/2011;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA (Cert. #218); SHS (Cert. #601); Triple-DES (Cert. #535); AES (Cert. #529); HMAC (Cert. #278); RSA (Cert. #239); RNG (Cert. #304)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks Secure Services Gateway 500 Series (SSG) represents a new class of purpose-built security appliance that delivers a perfect mix of performance, security and LAN/WAN connectivity for regional and branch office deployments. Traffic flowing in and out of the branch office is protected from worms, Spyware, Trojans, and malware by a complete set of Unified Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering."
883 TriCipher, Inc.
1900 Alameda de las Pulgas
Suite 112
San Mateo, CA 94403
USA

-Tim Renshaw
TEL: 650-372-1300

CST Lab: NVLAP 200416-0

TriCipher Common Core Cryptographic Module
(Software Version: 3.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/14/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun JDS Linux 2.4.19 and Microsoft Windows XP (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #571); RSA (Cert. #273); HMAC (Cert. #310); SHS (Cert. #649); RNG (Cert. #341)

-Other algorithms: DES; MD5; RSA (PKCS #5); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The CCCM provides all cryptographic functionality used by TriCipher's ID Tool, APIs and other client-side products."
882 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder® FIPS Module
(Software Version: 2.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/14/2007;
11/06/2008;
03/06/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Yellow Dog Linux 2.6 and Maemo Linux 5 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #545); AES (Cert. #549); SHS (Cert.#614); HMAC (Cert. #290); RNG (Cert. #317); DSA (Cert. #223); ECDSA (Cert. #57); RSA (Cert. #246)

-Other algorithms: DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; ECNR; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECIES

Multi-chip standalone

"The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
881 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress® Wireless Security Gateway
(Hardware Version: AF7500; Firmware Version: 2.5.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/30/2007;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188)

-Other algorithms: Diffie-Hellman (key agreement; key establishment provides 56 bits of encryption strength; non-compliant); DES; MD5; RSA (non-compliant); RNG (non-compliant)

Multi-chip standalone

"The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
880 ActivIdentity, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Stephane Ardiley
TEL: 510-745-6288
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

ActivIdentity Digital Identity Applet Suite V2 for PIV
(Hardware Version: HW P/N 77 Versions E303-063683 and E303-063684; Firmware Versions: ACA applet package v2.6.2.2 and 2.6.2.A3; PKI/GC applet package v2.6.2.3 and 2.6.2.A1; ASC library package v2.6.2.2 and 2.6.2.A1; PIV End-Point packages v2.6.2.6, v2.6.2.A1 and v2.6.2.A2)

(PIV Card Application: Cert. #7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2007;
12/18/2007;
01/25/2008;
04/29/2008;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Triple-DES Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94); CVL (Cert. #204)

-Other algorithms: DES; DES MAC

Single-chip

"This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured to use with ActivIdentity applet suite v2.6.2 for the support of GSC-IS v2.1, NIST SP800-73-1 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
879 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

PIX 515 and PIX 515E
(Hardware Versions: 515 and 515E; Firmware Version: 7.2.2.18)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2007;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #209 and #536); HMAC (Certs. #15 and #283); RNG (Cert. #309); RSA (Certs. #107 and #242); SHS (Certs. #285 and #606); Triple-DES (Certs. #298 and #538)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methology provides 80 bits of encryption strength; non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
878 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200427-0

Fortress Secure Client
(Software Versions: 3.1 [1], 3.1.1 [1], 3.2 [2], 3.2.1 [3] and 3.2.2 [3])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/30/2007;
04/04/2008;
08/11/2009;
11/20/2009;
03/26/2010;
08/20/2010;
05/17/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional with SP2 [1]; Windows 2000 Professional with SP4 [1]; Windows 2003 Server with SP2 [1]; Windows CE 3.0 [1]; Windows CE 4.0 [1 and 2]; Windows CE 5.0 [1, 2 and 3] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #607 [1], #1136 [2] and #1207 [3]); HMAC (Certs. #313 [1], #646 [2] and #702 [3]); RNG (Certs. #346 [1], #631 [2] and #668 [3]); SHS (Certs. #656 [1], #1057 [2] and #1110 [3]); Triple-DES (Certs. #579 [1], #828 [2] and #871 [3])

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
877 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

7206VXR NPE-G1, 7206VXR NPE-G2 and 7301 with VAM2+ and 7206VXR NPE-G2 with VSA
(Hardware Versions: 7206VXR Version: 2.9, NPE-G1 Version: 2.1, NPE-G2 Version: 1.0, VAM2+ Version: 1.0, VSA Version: 1.0, C7200-JC-PA Version: 1.0, 7301 Version: 2.0; Firmware Version: 12.4(11)T1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2007;
12/18/2007;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #91 and #173); HMAC (Certs. #39 and #203); RNG (Certs. #83, #266 and #267); SHS (Certs. #258, #500, #556 and #557); Triple-DES (Certs. #204 and #275)

-Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); DES; RSA (non-compliant); AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant)

Multi-chip standalone

"Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
876 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196-1078
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

KVL 3000 Plus
(Hardware Version: P/N CLN7493D Version 8; Firmware Version: R3.52.42)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2007 Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); SHS (Cert. #335); RNG (Cert. #121)

-Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR)

Multi-chip standalone

"The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
875 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Version: 5.2.3790.3959)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/30/2007;
12/18/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #221); RNG (Cert. #314); RSA (Cert. #245); SHS (Cert. #611); Triple-DES (Cert. #543)

-Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4

Multi-chip standalone

"The Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) is a FIPS 140-2 compliant, software-based, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, DSA and Diffie-Hellman) in a cryptographic module accessible via the Microsoft CryptoAPI (CAPI)."
874 3e Technologies International, Inc.
9715 Key West Avenue
5th Floor
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

-Chris Guo
TEL: 301-944-1294
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e Cryptographic Kernel Library
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/30/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #640); HMAC (Cert. #329); SHS (Cert. #675); Triple-DES (Cert. #593)

-Other algorithms: N/A

Multi-chip standalone

"The Cryptographic Kernel Library (CKL) is a software module that implements a set of cryptographic algorithms for use by a software application. The 3eTI CKL is a binary dynamic link library that is compiled from source code written in C, C++. This binary library resides in Windows kernel space."
873 Rockwell Collins, Inc.
400 Collins Road NE
Cedar Rapids, IA 52498
USA

-Jack Edington
TEL: 319-295-5997

-Robert Shreve
TEL: 319-295-2611

CST Lab: NVLAP 200002-0

Common Crypto Circuit Card Assembly
(Hardware Version: 944-2541-004; Software Version: 091-3186-006)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2007 Overall Level: 1 

-Physical Security: Level 2
-EMI/EMC: Level 2
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Cert. #169)

-Other algorithms: Serpent; Twofish; Triple-DES (non-compliant)

Multi-chip embedded

"The Common Crypto Circuit Card Assembly is a module designed for use in Link 16 communication platforms. The module can be used in an external cryptographic application or embedded in an internal application. The module hosts four commercial cryptographic algorithms for data encryption/decryption. The algorithms are stored in memory. One of the four algorithms is selected for use and loaded. The module accepts up to eight keys which are externally generated and loaded. The AES algorithm operates in a FIPS-approved mode."
872 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

PIX 525 and PIX 535
(Hardware Versions: 525 and 535; Firmware Version: 7.2.2.18)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/27/2007;
05/28/2010;
02/23/2012
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Certs. #209 and #536); HMAC (Certs. #15 and #283); RNG (Cert. #309); RSA (Certs. #107 and #242); SHS (Certs. #285 and #606); Triple-DES (Certs. #298 and #538)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
871 Cavium Networks
805 East Middlefield Road
Mountain View, CA 94043
USA

-Mike Scruggs
TEL: 650-623-7000

CST Lab: NVLAP 200427-0

Nitrox XL NFB FIPS Cryptographic Modules
(Hardware Versions: CN1120-VBD-03-0200, CN1010-VBD-03-0200 and CN1005-VBD-03-0200; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/27/2007 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed)

-Other algorithms: AES-MAC (Certs. #551 and #189; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength; non-compliant)

Multi-chip embedded

"The Nitrox XL NFB FIPS Cryptographic Module is a cryptographic module integrated into a PCI card that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
870 Cavium Networks
805 East Middlefield Road
Mountain View, CA 94043
USA

-Mike Scruggs
TEL: 650-623-7000

CST Lab: NVLAP 200427-0

Nitrox XL NFB FIPS Cryptographic Modules
(Hardware Versions: CN1120-VBD-03-0200, CN1010-VBD-03-0200, and CN1005-VBD-03-0200; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/27/2007 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed)

-Other algorithms: AES-MAC (Certs. #551 and #189; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength; non-compliant)

Multi-chip embedded

"The Cavium Nitrox NFB Cryptographic Modules are a cryptographic component of the Nitrox PCI acceleration board that provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
869 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2003 Kernel Mode Cryptographic Module (FIPS.SYS)
(Software Version: 5.2.3790.3959)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/27/2007;
12/18/2007
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64, and IA64) (single user mode)

-FIPS Approved algorithms: HMAC (Cert. #287); RNG(Cert. #313); SHS (Cert. #610); Triple-DES (Cert. #542)

-Other algorithms: DES; HMAC-MD5

Multi-chip standalone

"Kernel Mode Cryptographic Module (FIPS.SYS) is a FIPS 140-2 Level 1 compliant, general-purpose, software-based, cryptographic module residing at the Kernel Mode level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode drivers. It can be linked into other kernel mode services to permit the use of FIPS 140-2 Level 1 compliant cryptography."
868 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH)
(Software Version: 5.2.3790.3959)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/19/2007;
12/18/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #548); HMAC (Cert. #289); RNG (Cert. #316); RSA (Cert. #245); SHS (Cert. #613); Triple-DES (Cert. #544)

-Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
867 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886-3-424-4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200017-0

HICOS PKI Smart Card Chip
(Hardware Version: HD65257C1; Software Versions: GINA Applet: 1.0, PKI Applet: 2.0, FISC II Applet: 1.2, and GSM Applet 1.0; Firmware Versions: HardMask: 2.0 and SoftMask: 3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/19/2007 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: RSA (Cert. #234); Triple-DES (Cert. #530); SHS (Cert. #594); RNG (Cert. #298); AES (Cert. #522); HMAC (Cert. #272); Triple-DES MAC (Triple-DES Cert. #530, vendor affirmed)

-Other algorithms: COMP-128; AES-MAC (AES Cert. #522; non-compliant)

Single-chip

"The HICOS PKI Smart Card Chip module is a single chip implementation of a cryptographic module. The HICOS PKI Smart Card Chip module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HICOS PKI Smart Card Chip cryptographic module contains an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart card chips."
866 3e Technologies International, Inc.
9715 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-527A3 AirGuard™ Wireless Access Point, 3e-527A3 AirGuard™ Wireless Access Point with Outdoor Option and 3e-527A3MP AirGuard™ Wireless Access Point with Mobile Power
(Hardware Versions: 1.1, 1.1 and 1.1; Firmware Version: 4.0.10.23)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/27/2007 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #627); HMAC (Cert. #325); RNG (Cert. #359); SHS (Cert. #669); Triple-DES (Cert. #589)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; DES; AES CFB (non-compliant)

Multi-chip standalone

"The 3e-527A3 is a device that consists of electronic hardware, firmware, and a strong metal case. For purposes of FIPS 140-2, the module is considered to be a multi-chip standalone product. The 3e-527A3 operates as either a gateway connecting a local area network to wide area network (WAN) or as an access point within a local area network."
865 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition (ME)
(Software Versions: 2.1.0.2 [1], 2.1.0.3 [2], 2.1.0.6 [3] and 2.1.0.7 [4])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/19/2007;
12/20/2007;
01/04/2008;
10/16/2008;
04/03/2009;
08/20/2010;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with [1]: AIX 5L v5.2 (32-bit PowerPC); AIX 5L v5.2 (64-bit PowerPC); AIX 5L v5.3 (32-bit PowerPC); AIX 5L v5.3 (64-bit PowerPC); HP-UX 11.11 PA-RISC 2.0 (32-bit); HP-UX 11.23 PA-RISC2.0W (64-bit); HP-UX 11.23 Itanium 2 (32-bit); HP-UX 11.23 Itanium 2 (64-bit); Red Hat Enterprise Linux AS 4.0 (32-bit x86); Red Hat Enterprise Linux AS 4.0 (64-bit x86_64); Solaris 10 (32-bit SPARC v8); Solaris 10 (32-bit SPARC v8+); Solaris 10 (64-bit SPARC v9); Solaris 10 (64-bit x86_64); SuSE Linux Enterprise Server 9.0 (32-bit x86); SuSE Linux Enterprise Server 9.0 (64-bit x86_64); VxWorks 5.4 (PPC 604); VxWorks 5.5 (PPC 603); VxWorks 5.5 (PPC 604); VxWorks General Purpose Platform 6.0 (PPC 604); Windows Mobile 2003; Windows Mobile 2003 Phone Edition; Windows Mobile 5.0; Windows Mobile 5.0 Phone Edition; Windows 2003 Server SP1 (32-bit x86 - VS8.0 build); Windows 2003 Server SP1 (64-bit x86_64); Windows 2003 Server SP1 (Itanium 2). Tested as meeting Level 1 with [1] and [2]: Windows 2003 SP1 (32-bit x86 - VS6.0 build). Tested as meeting Level 1 with [3] Windows Vista Ultimate (32-bit x86). Tested as meeting Level 1 with [4] Red Hat Enterprise Linux v5 (64-bit IBM PowerPC Power3) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #644 [1], #673 [2] #1031 [3] and #1406 [4]); DSA (Certs. #242 [1], #254 [2], #348 [3] and #454 [4]); ECDSA (Certs. #68 [1], #74 [2], #124 [3] and #178 [4]); HMAC (Certs. #333 [1], #357 [2], #578 [3] and #827 [4]); RNG (Certs. #367 [1], #392 [2], #586 [3], #771 [4] and vendor affirmed: SP 800-90); RSA (Certs. #295 [1], #314[ 2], #493 [3] and #683 [4]); SHS (Certs. #679 [1], #706 [2], #984 [3] and #1276 [4]); Triple-DES (Certs. #596 [1], #618 [2], #788 [3] and #959 [4])

-Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES (non-compliant); RSA (key wrapping; key establishment methodology provides at least 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides at least 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 285 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
864 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

Key Management Facility Crypto Card (KMF CC)
(Hardware P/N T6722A Versions CLN7612B and CLN8306C; Firmware Version: R01.09)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/13/2007;
02/10/2011
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); RNG (Cert. #121); SHS (Cert. #335)

-Other algorithms: DES; DES-XL; DVI-XL; DVP-XL; DES MAC; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR); HCA; LFSR; NDRNG

Multi-chip embedded

"The KMF CC provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola's Key Management Facility (KMF). The KMF and KMF CC combine to provide these cryptographic services for Motorola's APCO-25 compliant Astro radio systems."
863

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/16/2007;
12/07/2007;
03/07/2008;
02/17/2012
Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

862

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/07/2007;
12/13/2013;
02/12/2014
Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

861 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Shaun Lee
TEL: +44 1189 243860

CST Lab: NVLAP 200583-0

Oracle Cryptographic Libraries for SSL
(Software Version: 10g (10.1.0.5))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/18/2007 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Sun Solaris 8.0 with Admin Suite 3.0.1 on Sun Ultra 60 Server

-FIPS Approved algorithms: Triple-DES (Cert. #573); AES (Cert. #608); SHS (Cert. #657); HMAC (Cert. #314); RSA (Cert. #281); RNG (Cert. #347)

-Other algorithms: RC4; RSA-MD5 (PKCS#1); HMAC-MD5; RSA (PKCS#5); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Oracle Cryptographic Libraries for SSL 10g (10.1.5) is a generic module used by the Oracle Corporation in a variety of its application suites. The module is used to provide support to cryptography, authentication, PKCS and certificate management for applications like the Oracle database server (Server and Client), Oracle Applications Server, Oracle Internet Directory, Web Cache and Apache. It provides a rich set of functionality and uses PKCS wallet structures for managing identities and trustpoints."
860 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

Digital Interface Unit Crypto Module (DIU CM)
(Hardware Version: T6721A, Version CLN7611C; Firmware Versions: R82.01.02, R82.01.03 and R82.01.05)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/06/2007 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82; vendor affirmed); AES (Cert. #2); RNG (Cert. #121); SHS (Cert. #335)

-Other algorithms: DES; DES-XL; DVI-XL; DVP-XL; HCA; ADP; LFSR; NDRNG; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The DIU CM provides secure voice and Over-the-Air-Rekeying (OTAR) advanced key management for Motorola's Digital Interface Unit (DIU). The DIU and DIU CM combine to provide these cryptographic services for Motorola's APCO-25 compliant family of console and base station radio infrastructure equipment."
859 VMware, Inc.
3145 Porter Drive
Palo Alto, CA 94304
USA

-Eric Masyk
TEL: 650-798-5820
FAX: 650-475-5001

CST Lab: NVLAP 200427-0

ACE Encryption Engine
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/06/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional with SP2; Microsoft Windows Vista Ultimate (single-user mode)

-FIPS Approved algorithms: AES (Certs. #533 and #534); DSA (Cert. #220); HMAC (Certs. #280 and #281); RNG (Certs. #306 and #307); RSA (Cert. #241); SHS (Certs. #603 and #604); Triple-DES (Cert. #536)

-Other algorithms: Diffie-Hellman (key agreement; non-compliant); DSA signature generation (non-compliant); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (sign/verify 512 bits; non-compliant)

Multi-chip standalone

"The ACE Encryption Engine allows virtual machines to be encapsulated into files which can be saved, copied, and provisioned. VMware Software Cryptographic Implementation is the kernel implementation that enables the VMware ACE application to perform its cryptographic functions such as hashing, encryption, digital signing, etc."
858 Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

Radio Network Controller Encryption Module Controller (RNC EMC)
(Hardware Version: T7289A; Firmware Version: R03.04.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/06/2007 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #530)

-Other algorithms: AES MAC (AES Cert. #530; vendor affirmed; P25 AES OTAR); DES; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ANSI X9.17 DRNG; 64 bit LFSR

Multi-chip standalone

"The RNC 3000 provides data communications between mobile data and host applications in an ASTRO integrated voice and data system. The RNC Encryption Module Controller provides data encryption services for the RNC 3000."
857 Tumbleweed Communications Corp.
700 Saginaw Drive
Redwood City, CA 94063
USA

-Stefan Kotes
TEL: 650-216-2082
FAX: 650-216-2565

CST Lab: NVLAP 100432-0

Tumbleweed Security Kernel
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/26/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2003 Server SP2; SuSE Linux 9 Enterprise Server SP3; Windows XP SP2; SunOS 5.10; IBM AIX 5.2.0.0 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #524 and #543); Triple-DES (Certs. #531 and #540); RSA (Certs. #237 and #244); ECDSA (Certs. #54 and #56); SHS (Certs. #597 and #608); RNG (Certs. #300 and #311); HMAC (Certs. #275 and #285)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Tumbleweed Security Kernel is a software module implemented as two dynamic libraries that provide all security functionalities for several products of Tumbleweed Communications Corp., including Validation Authority, SecureTransport, and MailGate."
856 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module V2.2
(Hardware Version: VBD-03-0100; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/26/2007;
11/20/2009
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #510 and #551); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #520 and #547); Triple-DES MAC (Triple-DES Certs. #520 and #547, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
855 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module for Luna® IS
(Hardware Version: VBD-03-0100; Firmware Version: 5.1.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/26/2007 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #510 and #511); Triple-DES (Certs. #520 and #521); DSA (Cert. #211); RSA (Cert. #224); ECDSA (Cert. #52); SHS (Cert. #581); HMAC (Cert. #263); Triple-DES MAC (Triple-DES Certs. #520 and #521, vendor affirmed); RNG (Cert. 288)

-Other algorithms: AES MAC (AES Certs. #510 and #511; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Luna® PCI for Luna ® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
854 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module V2.2
(Hardware Version: VBD-03-0100; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/26/2007;
11/20/2009
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #510 and #551); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #520 and #547); Triple-DES MAC (Triple-DES Certs. #520 and #547, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
853 Aladdin Knowledge Systems, Ltd.
35 Efal St.
Kiryat Arye, Petach Tikva 49511
Israel

-Yaniv Shor
TEL: +972 (0) 3-978-1342
FAX: +972.(0)3.978.1010

CST Lab: NVLAP 200556-0

eToken PRO HD
(Hardware Version: (32K and 64K) 4.28; Firmware Version: 2.7 on CardOS 4.2B)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/24/2007 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #555); Triple-DES MAC (Cert. #555, vendor affirmed); SHS (Cert. #627); RSA (Cert. #256); RNG (Cert. #325)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The eToken product offering provides a robust and flexible framework for integration with many of today's leading security solutions, providing a solution for strong authentication and password management needs. The eToken provides a complete set of easy-to-use password management applications that enable the user to securely store and manage all of their logon credentials on a single eToken device. They no longer need to remember numerous passwords for all of their applications and accounts - just the single eToken password."
852 Aladdin Knowledge Systems, Ltd.
35 Efal St.
Kiryat Arye, Petach Tikva 49511
Israel

-Yaniv Shor
TEL: +972 (0) 3-978-1342
FAX: +972-(0)3-978-1010

CST Lab: NVLAP 200556-0

eToken PRO, eToken NG-OTP and eToken NG-FLASH (128 MB, 512 MB and 1 GB)
(Hardware Versions: PRO (32K and 64K) 4.28, NG-OTP (32K and 64K) 2.25, NG-FLASH (32K) 4.27; Firmware Version: 2.7 on CardOS 4.2B)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/24/2007 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #555); Triple-DES MAC (Cert. #555, vendor affirmed); SHS (Cert. #627); RSA (Cert. #256); RNG (Cert. #325)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The eToken product offering provides a robust and flexible framework for integration with many of today's leading security solutions, providing a solution for strong authentication and password management needs. The eToken provides a complete set of easy-to-use password management applications that enable the user to securely store and manage all of their logon credentials on a single eToken device. They no longer need to remember numerous passwords for all of their applications and accounts - just the single eToken password."
851 QUALCOMM Inc.
5775 Morehouse Drive
San Diego, CA 92121
USA

-QGOV Sales & Marketing
TEL: 877-461-4411

CST Lab: NVLAP 200017-0

Cryptographic Extension for BREW® Cryptographic Engine
(Software Version: 2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/24/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with LG Firmware OS T98VZV05 with BREW 3.1 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #488); AES (Cert. #473); SHS (Cert.#541); HMAC (Cert. #230); RNG (Cert. #256); DSA (Cert. #194); ECDSA (Cert. #42); RSA (Cert. #194)

-Other algorithms: DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4; MD2; MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"QUALCOMMs Binary Runtime Environment for Wireless (BREW®) provides an integrated platform for developing, selling, and distributing wireless applications. The Cryptographic Extension for BREW® is a general-purpose, software-based cryptographic module packaged as a BREW® extension that can be invoked by BREW® applications to permit FIPS 140-2 Level 1 validated general-purpose cryptography."
850 Doremi Labs
1020 Chestnut Street
Burbank, CA 91506
USA

-Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

-Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 100432-0

Dolphin Board
(Hardware Version: P/N Version DOLPHIN-DCI-F; Firmware Versions: 22.00-0 and 22.00-1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007;
10/29/2007;
11/12/2008;
11/13/2008;
06/07/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #521 and #532); HMAC (Cert. #271); SHS (Cert. #593); RNG (Certs. #297 and #326)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of strength)

Multi-chip standalone

"The Dolphin Board is a PCI-card that provides a standard definition/high definition serial digital interface. This is the Doremi decoder card that contains the JPEG-2000 decoder hardware and BNC serial digital interface connectors used in the Doremi DCP-2000 Digital Cinema Server. The Dolphin Board utilizes a dual-link encoded serial digital interface for output of DCIcompliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e., trailers, advertisements, etc.)."
849 Comtech Mobile Datacom Corporation
20430 Century Blvd.
Gaithersburg, MD 20874
USA

-John Fossaceca
TEL: 240-686-2146
FAX: 240-686-3301

-Bill Vaughan
TEL: 240-686-3300
FAX: 240-686-3301

CST Lab: NVLAP 200427-0

MTM-203 Satellite Mobile Transceiver
(Hardware Version: P/N CMDC-203-X0GA1, Revision A2; Firmware Version: C.3.6.T)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/18/2007;
04/29/2008
Overall Level: 2 

-FIPS Approved algorithms: HMAC (Cert. #245); RNG (Cert. #271); SHS (Cert. #561); Triple-DES (Cert. #502)

-Other algorithms: DES

Multi-chip standalone

"CMDC's MTM-203 is a small, low power L-Band satellite transceiver for power, weight and space-restrictive applications. The MTM-203 is designed for easy integration into systems that benefit from secure, near real-time, over-the-horizon communications. The MTM-203 is based on battlefield proven technology that enables many new applications, such as handheld and covert devices. The module provides messaging connectivity worldwide with other mobile and terrestrial connected users of CMDC's proprietary network. CMDC's products operate on a variety of satellite providers without reconfiguration."
848 NetApp
495 East Java Drive
Sunnyvale, CA 94089
USA

-Ajay Singh
TEL: 408-822-9000
FAX: 408-822-4501

CST Lab: NVLAP 100432-0

Decru DataFort SCSI SEP v1.0
(Hardware Version: P/N 60-000343/A; Software Version: 27.8; Firmware Version: dccp_2_2_8_secure)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007;
02/23/2009
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511)

-Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2

Multi-chip embedded

"Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
847 NetApp
495 East Java Drive
Sunnyvale, CA 94089
USA

-Ajay Singh
TEL: 408-822-6000
FAX: 408-822-4501

CST Lab: NVLAP 100432-0

Decru DataFort LKM SEP v1.0
(Hardware Version: P/N 60-000388/A; Software Versions: 40.3 and 40.4; Firmware Version: dccn_1_7_10_secure)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007;
12/18/2007;
02/23/2009
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #445 and #523); ECDSA (Cert. #53); HMAC (Certs. #273, #274 and #212); RNG (Cert. #299); SHS (Certs. #595, #596 and #511)

-Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2

Multi-chip embedded

"Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
846 NetApp
495 East Java Drive
Sunnyvale, CA 94089
USA

-Ajay Singh
TEL: 408-822-6000
FAX: 408-822-4501

CST Lab: NVLAP 100432-0

Decru DataFort NAS SEP v1.0
(Hardware Version: P/N 60-000340/A; Software Version: 26.10; Firmware Version: dccn_1_7_10_secure)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007;
02/23/2009
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511)

-Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2

Multi-chip embedded

"Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
845 Utimaco® Safeware AG
Hohemarkstrasse 22
Oberursel, Hessen D-61440
Germany

-US Corporate Headquarters
TEL: 508-543-1008
FAX: 508-543-1009

-Dr. Christian Tobias
TEL: +49-6171-88-1711
FAX: +49-6171-88-1933

CST Lab: NVLAP 200017-0

SafeGuard Cryptographic Engine
(Software Version: 5.00)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/18/2007 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2; Microsoft Windows Server 2003 SP1; Free-BSD Version 5.4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #512 and #513); Triple-DES (Cert. #522); HMAC (Cert. #264); SHS (Certs. #582, #583 and #584); RNG (Cert. #289)

-Other algorithms: N/A

Multi-chip standalone

"SafeGuard Cryptographic Engine (SGCE) is a high-performance cryptographic library. It provides cryptographic services to the following products from the SafeGuard solutions: SafeGuard Enterprise, SafeGuard PrivateDisk, SafeGuard LAN Crypt and SafeGuard PrivateCrypto."
844 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Michael Poitner
TEL: 571-236-6942

CST Lab: NVLAP 200427-0

Sm@rtCafé Expert Embedded Security
(Hardware Version: HD65246C1A05BQBC; Firmware Versions: CH463JC_ITIGERRSA_V101 and CH463JC_ITIGERRSA_V102)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #239); AES (Cert. #132); SHS (Certs. #216 and #536); DSA (Cert. #102); RSA (Cert. #7); Triple-DES MAC (Cert. #239, vendor affirmed); RNG (Cert. #253)

-Other algorithms: DES; DES MAC

Single-chip

"Sm@rtCafé Expert Embedded Security was developed by G&D and constitutes a complete operating system for smart cards. Providing a complete set of International Organization for Standardization (ISO), Europay, MasterCard and Visa (EMV) and proprietary enhanced commands, the Sm@rtCafé Expert Embedded Security incorporates standards-based functionality along with its own optimized command set."
843 iDirect
13865 Sunrise Valley Drive
Herndon, VA 20171
USA

-Chris Burdick
TEL: 703-648-8000
FAX: 703-648-8014

CST Lab: NVLAP 200556-0

7350 iNFINITI Satellite Router [1], iConnex-700 [2], iConnex-100 [3], M1D1-T Universal Line Card [4] and 8350 iNFINITI Satellite Router [5]
(Hardware Versions: 9130-0062-0002 [1], 9101-2040-0201 [2], 9101-2040-0202 [3], 9101-0040-0008 [4] and 9000-0040-0013 [5]; Software Versions: iDS version 7.1.2 [1, 2, 3 and 4] and iDS version 7.1.3 [5])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007;
02/06/2008;
12/23/2008
Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #527 and #528); Triple-DES (Cert. # 534); SHS (Cert. #600); RNG (Cert. # 303); RSA (Cert. #238)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"An iDirect Time Division Multiple Access (TDMA) network is composed of a single outroute Single Channel Per Carrier (SCPC) and multiple inroute TDMA carriers. The iDirect TDMA network is optimized for satellite transmissions, squeezing the maximum performance out of the bandwidth provided by satellite links. The system is fully integrated with iDirectÆs Network Management System that provides configuration and monitoring functions. The iDirect network components consist of the Protocol Processor, Hub Line Card (also known as Universal Line Card), and the Ethernet switch with remote modem."
842 Dolby Laboratories, Inc.
100 Potrero Ave.
San Francisco, CA 94103
USA

-Matthew Robinson
TEL: 415-558-0200
FAX: 415-645-4000

CST Lab: NVLAP 100432-0

CAT904 Dolby® JPEG2000/MPEG2 Processor
(Hardware Version: P/N CAT904Z Versions FIPS_1.0, FIPS_1.0.1, FIPS_1.0.2 and FIPS_1.1; Firmware Version: 3.1.0.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/18/2007;
03/19/2008;
10/16/2008
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #519 and #520); SHS (Cert. #592); RNG (Cert. #296); HMAC (Cert. #270); RSA (Cert. #233)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The CAT904 Dolby® JPEG2000/MPEG2 processor performs all the cryptography, license management, and video decoding functions for the DSP100 Dolby Show Player, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality, outstanding reliability, and the highest level of security in the business. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets other key DCI specifications for security, data rate, and storage capacity."
841 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Mr. Greg Farmer
TEL: 434-455-9577

CST Lab: NVLAP 200002-0

P7170IP System Portable Two-Way FM Radios
(Hardware Versions: RU101219V22, RU101219V42, RU101219V52, RU101219V62, RU101219V72; Firmware Versions: [H8 version: J2R14B02; DSP version: F7R06A01] and [H8 versions: J2R15E05 and J2R16F01; DSP version: F7R06F03])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/21/2007;
04/29/2008;
03/06/2009
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #155 and #623)

-Other algorithms: DES; VGE (M/A-Com proprietary digital voice encryption algorithm), AES MAC (Cert. #623; vendor affirmed; P25 AES OTAR)

Multi-chip standalone

"The P7170IP is M/A COM's premier portable radio for critical communications. Guided by customer feedback, M/A COM designed the P7170IP to excel in the challenging environments that critical communications users encounter. The P7170IP provides a superior combination of features, functions, and physical attributes. It is light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the P7170IP provides exceptional performance even under adverse conditions."
840 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Mr. Greg Farmer
TEL: 434-455-9577

CST Lab: NVLAP 200002-0

P7130IP Select, P7150IP Scan Portable and M7100IP Mobile Two-Way FM Radio
(Hardware Versions: RU101188V1, RU101188V12, RU101188V22, RU101188V231, RU101188V21, KRY1011632/13, KRY1011632/11, RU101219V21, RU101219V61, RU101219V41, RU101219V71, RU101219V51, RU101219V73, RU101219V63; Firmware Versions: [H8 version: J2R14B02; DSP version: F7R06A01] and [H8 versions: J2R15E05 and J2R16F01; DSP version: F7R06F03])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/21/2007;
04/29/2008;
03/06/2009
Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #155 and #623)

-Other algorithms: DES; VGE (M/A-Com proprietary digital voice encryption algorithm), AES MAC (Cert. #623; vendor affirmed; P25 AES OTAR)

Multi-chip standalone

"P7130IP Select, P7150IP Scan Portable and M7100IP Mobile are M/A COM's premier radios for critical communications. Guided by customer feedback, M/A COM designed the P7130IP, P7150IP and M7100IP to excel in the challenging environments that critical communications users encounter. The radios provide a superior combination of features, functions, and physical attributes. They are light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the radios provide exceptional performance even under adverse conditions."
839 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: DS1955B PB6 - 6.00.02)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/21/2007;
10/29/2007
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #185); SHS (Cert. #167); DSA (Cert. #90); Triple-DES MAC (Cert. #185; vendor affirmed); RNG (Cert. #86)

-Other algorithms: RSA (non-compliant)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
838 Mitsubishi Electric Corporation Kamakura Works
325 Kamimachiya
Kamakura, Kanagawa 247-8520
Japan

-Masanori Sato
TEL: +81-467-41-6717
FAX: +81-467-41-6975

-Daizoh Funamoto
TEL: +81-467-41-6116
FAX: +81-467-41-6951

CST Lab: NVLAP 200017-0

Command Encryption Module
(Firmware Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 09/11/2007 Overall Level: 2 

-EMI/EMC: Level 3

-Operational Environment: Tested: as meeting Level 1 with HP Compaq DC 5100 Running Microsoft Windows 2000 SP4 and Zone Labs ZoneAlarm Pro Firewall version 6.1

-FIPS Approved algorithms: Triple-DES (Cert. #504)

-Other algorithms: N/A

Multi-chip standalone

"Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
837 MRV Communications
295 Foster St.
Littleton, MA 01460
USA

-Nicholas Minka

-Tim Bergeron

CST Lab: NVLAP 200427-0

LX-4000T and LX-8000S Series Console Servers
(Hardware Versions: 600-R3248 RevB, 600-R3249 RevB, 600-R3250 RevB, 600-R3251 RevB, 600-R3252 RevC, 600-R3253 RevC, 600-R3254 RevB, 600-R3255 RevB, 600-R3256 RevB, 600-R3257 RevB, 600-R3258 RevC, 600-R3259 RevC, and 600-R3265 RevA through 600-R3288 RevA (inclusive); Firmware Version: linuxito Version: 4.1.4 and ppciboot Version: 4.1.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/11/2007 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #348); DSA (Cert. #156); RNG (Cert. #166); RSA (Cert. #226); SHS (Cert. #423); Triple-DES (Cert. #408); HMAC (Cert. #151)

-Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 178 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The LX-4000T and LX-8000S Series Console Servers are a key component of MRV¦s Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization¦s networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV¦s Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access."
836 Thales e-Security
Meadow View House
Crendon Industrial Estate
Long Crendon
Aylesbury, Buckinghamshire HP18 9EQ
United Kingdom

-Tim Fox
TEL: +44 (0)1844 201800

CST Lab: NVLAP 200002-0

Secure Generic Sub-System (SGSS), Version 3.4
(Hardware Versions: 1213D130 Issue 6 [1], 1213H130 Issue 6B [1], 1213G130 Issue 6A [1] and 1213L130 Issue 6 [2]; Software Versions: 2.5.7 [1] and 2.5.14 [2])

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/11/2007;
09/25/2007;
12/23/2008
Overall Level: 3 

-FIPS Approved algorithms: DSA/SHS (Cert. #24)

-Other algorithms: N/A

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000, Datacryptor® Advanced Performance and Small Form Factor family (Link, Frame Relay, E1/T1, E3/T3, and IP models), WebSentry™ family, HSM 8000 family, P3™ CM family, 3D Security Module and the SafeSign® Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and SHA-1 hashing."
835 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna®PCM
(Hardware Versions: LTK-02-0301 and LTK-02-0501; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/05/2007 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #508); Triple-DES (Cert. #518); SHS (Cert #579); DSA (Cert #210); RSA (Cert #223); ECDSA (Cert #51); HMAC (Cert #261); Triple-DES MAC (Triple-DES Cert. #518, vendor affirmed); RNG (Cert #287)

-Other algorithms: DES; AES MAC (AES Cert. #508; non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
834 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Nokia VPN Appliance
(Hardware Versions: IP260, IP265, IP1220, and IP1260; Firmware Versions: IPSO v3.9 and Check Point VPN-1 NGX (R60) [HFA-03] and IPSO v4.1 and Check Point VPN-1 NGX (R60) [HFA-03])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/05/2007;
09/26/2007;
05/28/2009
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #442, #226 and #91); Triple-DES (Certs. #465, #466, #317 and #204); HMAC (Certs. #207, #208, #19 and #203); SHS (Certs. #508, #509, #291 and #500); DSA (Certs. #181 and #204); RSA (Certs. #166, #167 and #215); RNG (Certs. #229 and #201)

-Other algorithms: Cast; DES (Certs. #314 and #297); Triple-DES (K3 mode; non-compliant); MD5HMAC; MD5; Arcfour; Blowfish; Twofish; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
833 NetApp
495 East Java Drive
Sunnyvale, CA 94089
USA

-Ajay Singh
TEL: 408-822-6000
FAX: 408-822-4501

CST Lab: NVLAP 100432-0

Decru DataFort SAN SEP v2.0
(Hardware Versions: P/Ns 60-000191/A, 60-000337/A and 60-000337/B; Software Version: 27.8; Firmware Version: dcch2_4_2_10_secure)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/05/2007;
01/26/2009;
02/23/2009
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #445 and #446); ECDSA (Cert. #35); HMAC (Certs. #210, #211 and #212); RNG (Cert. #232); SHS (Certs. #192, #223 and #511)

-Other algorithms: TRNG; AKEP2 Protocol (used for authentication only); ECCDH (key agreement); Secret Sharing/Secret Recovery; KDF1; KDF2

Multi-chip embedded

"Decru's Storage Encryption Processor (SEP) is the primary cryptographic and key management engine for Decru DataFort products. Decru DataFort is a wire-speed storage security appliance. DataFort uses hardware-based encryption, authentication, secure access controls, and secure logging to protect networked storage in NAS, SAN, DAS and Tape environments. DataFort can be deployed transparently, with no changes to desktops, servers, applications, or user workflow."
832 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® CA4
(Hardware Version: LTK-02-0501; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/05/2007 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #508); Triple-DES (Cert. #518); SHS (Cert. #579); DSA (Cert. #210); RSA (Cert. #223); ECDSA (Cert. #51); HMAC (Cert. #261); Triple-DES MAC (Triple-DES Cert. #518, vendor affirmed); RNG (Cert. #287)

-Other algorithms: DES; AES MAC (AES Cert. #508; non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
831 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Client
(Software Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 09/05/2007;
03/26/2010;
05/17/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP, Microsoft Windows 2000 (single user mode)

-FIPS Approved algorithms: AES (Certs. #427 and #437); Triple-DES (Certs. #457 and #463); SHS (Certs. #498, #505 and #573); RNG (Certs. #221 and #227); HMAC (Certs. #201, #205 and #256)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; RSA (non-compliant)

Multi-chip standalone

"The Fortress Secure Client identifies network devices and encrypts and decrypts traffic transmitted to and from those devices. A plug-and-play solution, the Client encrypts and decrypts communication across the network and protects the device against attacks without user intervention."
830 Cryptek, Inc.
1501 Moran Road
Sterling, VA 20166-9309
USA

-Michael Teal
TEL: 571-434-2000
FAX: 571-434-2001

CST Lab: NVLAP 100432-0

CA100
(Software Version: 2.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/05/2007 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #340); SHS (Cert. #334); HMAC (Cert. #69); RNG (Cert. #92)

-Other algorithms: DES; DES MAC; MD5; HMAC-MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"CA100 is a centrally managed software IPSec client with VPN and firewall functionality. Unlike traditional IPSec software clients that have both the software client and associated policy locally stored on the client's system, the Cryptek CA100 user policies are stored and dynamically downloaded from our manager, the Cryptek CC200."
829 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder FIPS Module for Palm OS 5
(Software Version: 2.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 09/05/2007;
03/06/2009
Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Palm OS 5 (in single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #509); AES (Cert. #496); SHS (Cert. #566); HMAC (Cert. #250); RNG (Cert. #276); DSA (Cert. #203); RSA (Cert. #212)

-Other algorithms: DES; DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4; MD5; HMAC-MD5

Multi-chip standalone

"The Security Builder+ FIPS Module is a standards-based cryptographic toolkit that provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
828 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition (ME)
(Software Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/27/2007;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with AIX 5L v5.2 (32-bit PowerPC); AIX 5L v5.2 (64-bit PowerPC); AIX 5L v5.3 (32-bit PowerPC); AIX 5L v5.3 (64-bit PowerPC); HP-UX 11.11 PA-RISC 2.0 (32-bit); HP-UX 11.23 PA-RISC2.0W (64-bit); HP-UX 11.23 Itanium 2 (32-bit); HP-UX 11.23 Itanium 2 (64-bit); Red Hat Enterprise Linux AS 4.0 (32-bit x86); Red Hat Enterprise Linux AS 4.0 (64-bit x86_64); Solaris 10 (32-bit SPARC v8); Solaris 10 (32-bit SPARC v8+); Solaris 10 (64-bit SPARC v9); Solaris 10 (64-bit x86_64); SuSE Linux Enterprise Server 9.0 (32-bit x86); SuSE Linux Enterprise Server 9.0 (64-bit x86_64); VxWorks 5.4 (PPC 604); VxWorks 5.5 (PPC 603); VxWorks 5.5 (PPC 604); VxWorks General Purpose Platform 6.0 (PPC 604); Windows Mobile 2003; Windows Mobile 2003 SE; Windows Mobile 5.0 PocketPC; Windows Mobile 5.0 PocketPC Phone Edition; Windows 2003 Server SP1 (32-bit x86 - VS8.0 build); Windows 2003 SP1 (32-bit x86 - VS6.0 build); Windows 2003 Server SP1 (64-bit x86_64); Windows 2003 Server SP1 (Itanium 2) (in single-user mode)

-FIPS Approved algorithms: AES (Cert. #490); DSA (Cert. #199); ECDSA (Cert. #47); HMAC (Cert. #244); RNG (Cert. #270); RSA (Cert. #203); SHS (Cert. #560); Triple-DES (Cert. #501)

-Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECDRBG (non-compliant); RSA (key wrapping; key establishment methodology provides at least 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides at least 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 285 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
827 Research in Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry® Cryptographic Kernel
(Firmware Versions: 3.8.4.34 and 3.8.4.47)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 08/27/2007 Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 8700c with BlackBerry OS Version 4.2

-FIPS Approved algorithms: Triple-DES (Cert. #474); AES (Cert. #457); SHS (Cert. #521); HMAC (Cert. #217); RSA (Cert. #175); RNG (Cert. #242); ECDSA (Cert. #38)

-Other algorithms: EC Diffie-Hellman; ECMQV

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
826 Giritech
Herstedøstervej 27-29 C2
2620 Albertslund, Denmark

-Lars S. Christensen
TEL: +45 30 763 652
FAX: +45 43 47 54 87

CST Lab: NVLAP 200427-0

Cryptographic Support Library CryptFacility
(Software Version: 1.0.485)

(When operated in FIPS mode. This module contains the embedded module Crypto++ validated to FIPS 140-2 under Cert. #562 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/27/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional (in single-user mode)

-FIPS Approved algorithms: AES (Cert. #216); Triple-DES (Cert. #309); Skipjack (Cert. #14); ECDSA (Cert. #5); DSA (Cert. #79); SHS (Cert. #134); HMAC (Cert. #26); RNG (Cert. #61)

-Other algorithms: N/A

Multi-chip standalone

"The Girtech Cryptographic Support Library CryptFacility is a library implemented in the Giritech G/ON product line that performs all of its cryptographic functionality using a FIPS 140-2 validated library called Crypto++ (Cert #562)."
825 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Kevin Michelizzi
TEL: 425-707-1227
FAX: 425-936-7329

-Chien-Her Chin
TEL: 425-706-5116
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Microsoft Windows CE and Windows Mobile Enhanded Cryptographic Provider 6.00.1937 and Microsoft Windows Embedded Compact Enhanced Cryptographic Provider 7.00.1687
(Software Version: 6.00.1937 [1] and 7.00.1687 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/27/2007;
11/26/2007;
02/21/2008;
01/16/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows CE 6.0 [1], Microsoft Windows CE 6.0 R2 [1] and Microsoft Windows Embedded Compact 7 [2] (single user mode)

-FIPS Approved algorithms: AES (Cert. #516 [1] and #2024 [2]); HMAC (Cert. #267 [1] and #1227 [2]); RNG (Cert. #292 [1] and #1060 [2]); RSA (Cert. #230 [1] and #1052 [2]); SHS (Cert. #589 [1] and # 1774 [2]); Triple-DES (Cert. #526 [1] and #1308 [2])

-Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES

Multi-chip standalone

"Microsoft Windows Embedded Compact Enhanced Cryptographic Provider 7.00.1687 and the Microsoft Windows CE and Windows Mobile Enhanced Cryptographic Provider 6.00.1937 (RSAENH) are general-purpose, software-based, cryptographic modules for Windows Embedded Compact. Like cryptographic providers that ship with Microsoft Windows Embedded Compact, RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose cryptography. RSAENH meets the Level 1 FIPS 140-2 Validation requirements."
824 Hummingbird Connectivity, a Division of Open Text Corporation
38 Leek Crescent
Richmond Hill, Ontario L4B 4N8
Canada

-Xavier Chaillot
TEL: 514-281-5551 x261
FAX: 514-281-9958

CST Lab: NVLAP 200017-0

Hummingbird Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/27/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Pro with SP2 (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #206); DSA (Cert. #201); Triple-DES (Cert. #505); AES (Cert. #492); HMAC (Cert. #247); SHS (Cert. #563); RNG (Cert. #273)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; CAST; RC2; RC4; RC5; ECC; MD2; MD4; MD5; MDC2; RIPEMD

Multi-chip standalone

"The Hummingbird Cryptographic Module is a library which provides encryption and decryption services to Hummingbird Connectivity software during SSL or SSH connections. The Hummingbird Cryptographic Module is used in Exceed, a windows-based X11 server, NFS Maestro, a suite of NFS clients and servers, HostExplorer, a desktop and web-based terminal emulation suite and Connectivity Secure Shell, an implementation of the Secure Shell 2 protocol. The Hummingbird Cryptographic Module is available from Hummingbird Connectivity, a division of Open Text Corporation."
823 SafeNet, Inc.
4690 Millenium Drive
Belcamp, MD 21017
USA

-Hazem Hassan
TEL: 952-223-3139

-Wayne Whitlock
TEL: 443-327-1489

CST Lab: NVLAP 200427-0

Model 400 Smart Card
(Hardware Version: P5CT072EV7/TOPBC150 Version 1.0; Firmware Version: 3.0, EXFs: PIV application executable Version 19)

(PIV Card Application: Cert. #6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/22/2007;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #455); Triple-DES (Cert. #472); SHS (Cert. #519); RSA (Cert. #174); RNG (Cert. #241); CVL (Cert. #206)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant)

Single-chip

"SCCOS is a state-of-the-art operating system that offers wide range of authentication services together with the highest levels of security. It offers powerful implementaions for public and secret key encryption supporting RSA, DSA, Diffie-Hellman, SHA-1, Triple-DES, and AES."
822 VIACK Corporation
16701 NE 80th St.
Suite 100
Redmond, WA 98052
USA

-Peter Eng
TEL: 425-605-7400
FAX: 425-605-7405

CST Lab: NVLAP 100432-0

VIA3 VkCrypt Cryptographic Module
(Software Versions: 4.2 and 6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/17/2007;
03/07/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #478); RNG (Cert. #258); RSA (Cert. #195); SHS (Cert. #546); HMAC (Cert. #235)

-Other algorithms: RC2; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The VIA3 VkCrypt Cryptographic Module is a software cryptographic module that implements symmetric and public key encryption, digital signatures, and hashing. VIA3 is a secure online collaboration solution integrating real-time audio and video, instant messaging, application sharing, and access to workspaces."
821 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

ASA 5510, ASA 5520 and ASA 5540
(Hardware Versions: 5510, 5520, and 5540; Firmware Versions: 7.2.2.18[1], 7.2.2.27[2], 7.2.4.18[3] and 7.2.4.30[3])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/17/2007;
06/23/2008;
03/06/2009;
05/18/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #105, #536[1], #789[2] and #1010[3]); HMAC (Certs. #125, #283[1], #432[2] and #567[3]); RNG (Certs. #144, #309[1], #454[2] and #570[3]); RSA (Certs. #106, #242[1], #376[2] and #485[3]); SHS (Certs. #196, #606[1], #790[2] and #968[3]); Triple-DES (Certs. #217, #538[1], #682[2] and #779[3])

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 96 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
820 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JCE Provider Module
(Software Version: 3.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/13/2007;
10/12/2007;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium 4 w/ Windows XP SP2 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Windows XP SP2 with Sun JDK 1.5; 32-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 64-bit SPARC v9 w/ Solaris 10 with Sun JDK 1.5; 32-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 64-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 32-bit x86 Intel Pentium 4 w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 32-bit x86 Intel Pentium 4 w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit x86_64 AMD Opteron w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 32-bit SPARC v8+ w/ Solaris 10 with Sun JDK 1.5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #489); DSA (Cert. #198); HMAC (Cert. #243); RNG (Cert. #269); RSA (Cert. #202); SHS (Cert. #559); Triple-DES (Cert. #500)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 and SHA1; non-compliant, MD5); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
819 Wei Dai
13440 SE 24th Street
Bellevue, WA 98005
USA

-Wei Dai
TEL: 425-562-9677

-Donna Shaw
TEL: 978-720-2351

CST Lab: NVLAP 200002-0

Crypto++™ Library
(Software Version: 5.3.0 [32-bit and 64-bit])

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/13/2007;
08/17/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional with SP2 and Windows Server 2003 X64 with SP1 (single user mode)

-FIPS Approved algorithms: Skipjack (Cert. #17 ); Triple-DES (Cert. #512 ); AES (Cert. #499 ); SHS (Cert. #569 ); DSA (Cert. #206 ); RSA (Cert. #216 ); ECDSA (Cert. #49 ); HMAC (Cert. #253 ); RNG (Cert. #279 ); Triple-DES MAC (Cert #512 vendor afffirmed)

-Other algorithms: Diffie-Hellman (key agreement)

Multi-chip standalone

"The Crypto++ Library is a free, open source C++ class library providing public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms. Both 32-bit and 64-bit variants of the dynamic link library (DLL) are FIPS 140-2 Level 1 validated. The source code of the validated module is available upon request."
818 Arcot Systems, Inc.
455 West Maude Ave.
Suite 210
Sunnyvale, CA 94085-3517
USA

-Geoffrey Hird
TEL: 408-969-6100
FAX: 408-969-6290

CST Lab: NVLAP 200648-0

Arcot Core Security Module
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/10/2007;
10/16/2008;
12/03/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2; Microsoft Windows Server 2003 Service Pack 1 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #499); SHS (Cert. #558); HMAC (Cert. #242); RSA (Cert. #201); RNG (Cert. #268)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; RIPEMD-160

Multi-chip standalone

"The Arcot Core Security Module provides FIPS-certified cryptographic functionality to Arcot's authentication, encryption/decryption and digital signing products -- ArcotID "software smart card", Arcot WebFort Authentication Server, Arcot SignFort, and Arcot TransFort for 3-D Secure compliance."
817 RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

-Jim Spence
TEL: 785-856-1300
FAX: 785-856-1302

CST Lab: NVLAP 100432-0

DPHx Radio with LZA0577 or LZA0577/LZA0578 Cryptographic Module
(Hardware Versions: P/N DPHX5102X Versions 110504, 120104, 040805, 052005, 011606, 030206, 010507, 020707, 072007, 080407, 091207, 110507, 051308 and 091708; Firmware Versions: 722-05058-0000, 722-05059-0000, 722-05058-0001, 722-05059-0001, 722-05059-0002, 722-05059-0003, 722-05060-0000 and 722-05061-0000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/08/2007;
10/15/2007;
12/18/2007;
04/29/2008;
11/06/2008
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #436); RSA (Cert. #31); SHS (Cert. #504)

-Other algorithms: DES

Multi-chip standalone

"The DPHx Radio with OTAR is a multi-chip standalone cryptographic module encased in an opaque commercial grade enclosure. As a secure radio, the primary purpose for this device is to provide encrypted digital communication."
816 Neopost Industrie
113, Rue Jean-Marin Naudin
Bagneux, 92220
France

-Jean-Frantois Le Pottier
TEL: +00 33 1 36 45 30 37
FAX: +00 33 1 36 45 3010

CST Lab: NVLAP 100432-0

N95i/255 Secure Metering Module (SMM)
(Hardware Version: 4127410K Version B; Firmware Versions: 4130379C Version E41 (SH1) and 4126898B Version A (SH2))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/08/2007;
08/29/2007
Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS Approved algorithms: DSA (Cert. #120); SHS (Cert. #41); RNG (Cert. #38); ECDSA (Cert. #12)

-Other algorithms: N/A

Multi-chip embedded

"The IJ40/50/60 are Neopost mid range of Franking products that incorporate the N95i secure metering module for producing highly secure franking impressions to meet USPS postal requirements. These products are connected to Neopost online services server for greater customer options including E-confirmation for mail tracking."
815 Red Hat®, Inc. and Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Glen Beasley
TEL: 800-555-9SUN

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200648-0

Network Security Services (NSS) Cryptographic Module
(Software Version: 3.11.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/08/2007;
12/07/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 4 x86; Microsoft Windows XP SP 2; 64-bit Solaris 10; HP-UX B.11.11 with HP-UX Strong Random Number Generator (KRNG11i) bundle; Mac OS X 10.4 (single user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #410 and #469); AES (Cert. #352); SHS (Cert. #426); HMAC (Cert. #152); RSA (Cert. #152); DSA (Cert. #172); ECDSA (Certs. #30 and #37); RNG (Cert. #208)

-Other algorithms: RC2; RC4; MD2; DES; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
814 Red Hat®, Inc. and Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Glen Beasley
TEL: 800-555-9SUN

-Wan-Teh Chang
TEL: 650-567-9039
FAX: 650-567-9041

CST Lab: NVLAP 200648-0

Network Security Services (NSS) Cryptographic Module
(Software Version: 3.11.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/27/2007 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Red Hat Enterprise Linux Version 4 Update 1 AS on IBM xSeries 336 with Intel Xeon CPU; Trusted Solaris 8 4/01 on Sun Blade 2500 Workstation with UltraSPARC IIIi CPU

-FIPS Approved algorithms: Triple-DES (Cert. #469); AES (Cert. #352); SHS (Cert. #426); HMAC (Cert. #152); RSA (Cert. #152); DSA (Cert. 172); ECDSA (Cert. #30); RNG (Cert. #208)

-Other algorithms: RC2; RC4; MD2; DES; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength))

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
813 Xceedium, Inc.
30 Montgomery St., Suite 1020
Jersey City, NJ 07302
USA

-Marjo F. Mercado
TEL: 201-536-1000 x121
FAX: 201-536-1200

CST Lab: NVLAP 200556-0

GateKeeper
(Hardware Version: 4a; Firmware Version: 4.0.0f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/07/2007 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #480); Triple-DES (Cert. #493); SHS (Cert. #549); HMAC (Cert. #236); RSA (Cert. #197); RNG (Cert. #260)

-Other algorithms: Diffie-Hellman (key agreement; key establishment method provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment method provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant)

Multi-chip standalone

"Xceedium's GateKeeper is a hardened appliance that functions as a secure centralized management platform that enables IT operations to remotely manage data centers as one integrated system. A standardized security model can be developed to mitigate the risks of "untrusted" users; provide centralized access and policy, compartmentalize down to the port, define good and bad behavior, alert and restrict access to applications or commands. GateKeeper provides touch free support and includes all access methods and tools for in-band, out-of-band and power control."
812 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J Software Module
(Software Version: 3.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/07/2007;
10/12/2007;
01/04/2008;
10/16/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium 4 w/ Windows XP SP2 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Windows XP SP2 with Sun JDK 1.5; 32-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 64-bit SPARC v9 w/ Solaris 10 with Sun JDK 1.5; 32-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 64-bit Itanium2 w/ HP-UX 11.23 with HP JDK 5.0; 32-bit x86 Intel Pentium 4 w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 64-bit x86_64 Intel Pentium D w/ Red Hat Enterprise Linux AS 4.0 with Sun JDK 1.5; 32-bit x86 Intel Pentium 4 w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit x86_64 AMD Opteron w/ SUSE Linux Enterprise Server 9.0 with Sun JDK 1.5; 64-bit PowerPC w/ AIX 5L v5.3 with IBM JDK 1.5; 32-bit SPARC v8+ w/ Solaris 10 with Sun JDK 1.5 (in single-user mode)

-FIPS Approved algorithms: AES (Cert. #487); DSA (Cert. #197); HMAC (Cert. #240); RNG (Cert. #264); RSA (Cert. #199); SHS (Cert. #553); Triple-DES (Cert. #497)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; MD2; MD5; RIPEMD 160; RNG (X9.31 and SHA1; non-compliant, MD5); RC2; RC4; RC5; PBE (SHA256, SHA384, SHA512); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
811 Utimaco® Safeware AG
Germanusstrasse 4
Aachen, D-52080
Germany

-Rainer Herbertz
TEL: +49-241-1696-240
FAX: +49-241-1696-199

CST Lab: NVLAP 100432-0

CryptoServer CS
(Hardware Version: P/N CryptoServer CS, Version 2.0.2.0; Firmware Version: 2.0.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/31/2007 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #492); Triple-DES MAC (Cert. #492, vendor affirmed); AES (Cert. #479); SHS (Cert. #547); RSA (Certs. #196 and #204); RNG (Cert. #259); ECDSA (Cert. #44)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); IDEA; Safer; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; MDC-2; RIPEMD-160; Retail-TDES MAC; AES MAC (Cert. #479; non-compliant); DES

Multi-chip embedded

"The CryptoServer CS is an encapsulated, highly tamper protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verifying of data, random number generation, on-board secure key generation, key storage, and further key management functionality."
810 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-1000A and FortiGate-3600
(Hardware Versions: FortiGate-1000A (build C4WA49); FortiGate-3600 (build C4KW75); Firmware Version: FortiOS 3.00, build 8317, 061121)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/31/2007;
02/21/2008
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #486, #487, #489 and #490); RNG (Cert. #251); AES (Certs. #471, #472, #475 and #476); SHS (Certs. #539, #540, #543 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229, #232 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength; non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
809 AirMagnet, Inc.
1325 Chesapeake Terrace
Sunnyvale, CA 94089
USA

-Tony Ho
TEL: 408-400-1255
FAX: 408-744-1250

CST Lab: NVLAP 200648-0

SmartEdge Sensor AM-5010-11-AG, AM-5012-11AG, A5020 and A5023
(Hardware Versions: AM-5010-11-AG, AM-5012-11AG, A5020 and A5023; Firmware Version: 7.5.0-6285)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/31/2007 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #331); Triple-DES (Cert. #395); SHS (Cert. #406); RSA (Cert. #111); RNG (Cert. #152); HMAC (Cert. #135)

-Other algorithms: RC4; RC2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); DES; Triple-DES (non-approved mode; non-compliant); AES (non-approved mode; non-compliant); IDEA; Blowfish; Twofish

Multi-chip standalone

"The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
808 CipherOptics Inc.
701 Corporate Center Drive
Raleigh, NC 27607
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200017-0

CipherOptics SG100 and CipherOptics SG1002
(Hardware Version: A; Firmware Version: 5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/31/2007;
06/14/2010
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #209); RNG (Cert. #274)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength; non-compliant); MD5; HMAC MD5; DES

Multi-chip embedded

"The CipherOptics SG100 and SG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
807 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-200A/200A-HD, 300A/300A-HD and 500A/500A-HD
(Hardware Versions: FortiGate-200A/200A-HD, FortiGate 300A/300A-HD, and FortiGate 500A/500A-HD; Firmware Version: FortiOS 3.00, build 8317, 061121)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/31/2007;
02/21/2008
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #486, #487, #489 and #490); RNG (Cert. #251); AES (Certs. #471, #472, #475 and #476); SHS (Certs. #539, #540, #543 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229, #232 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength; non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
806 Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196-1078
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

ASTRO Subscriber Universal Crypto Module (UCM)
(Hardware Versions: P/Ns 0104020J49, 0104020J50, 0104020J51, 0104024J43, 0104024J44, 0104024J45, 0104025J11, 0104025J12, 0104027J01, NNTN7097A, NTN9801B, NTN9738C, NNTN5032D, NNTN5032F, NNTN5032G, NNTN5032H, NNTN7427A; Firmware Versions: R05.05.02 and R05.05.03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/31/2007;
04/04/2008
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #82); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121)

-Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"Encryption modules used in Motorola Astro family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
805 NetWeave Integrated Solutions, Inc.
490 Rt 33 W
Millstone Twp, NJ 08535
USA

-Scott Uroff
TEL: 805-583-2874
FAX: 805-583-0124

-Ron Byer
TEL: 732-786-8830 x120
FAX: 732-786-8832

CST Lab: NVLAP 200427-0

NetWeave Distributed Services NSK/D30
(Software Version: 2.2v1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/26/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Guardian D39 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #505); DSA (Cert. #209); HMAC (Cert. #258); RNG (Cert. #284); RSA (Cert. #220); SHS (Cert. #576); Triple-DES (Cert. #515)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; IDEA; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"NetWeave Distributed Services (NWDS) is a heterogeneous middleware product that provides a broad base of cross-platform computing services built on a secure high-performance messaging core. While NWDS runs on a variety of platforms, HP systems, particularly the HP NonStopTM Kernel can be found at the core of many NWDS implementations. Specifically, the NWDS NSK/D30 implementation supports HP NSK D39 environments. In all environments, NWDS was standardized on the XYGATE® Encryption Software Development Kit by XYPRO® for its cryptographic services, performance, flexibility and platform coverage."
804 XYPRO® Technology Corporation
3325 Cochran Street, Suite 200
Simi Valley, CA 93063
USA

-Sheila Johnson
TEL: 805-583-2874
FAX: 805-583-0124

-Scott Uroff
TEL: 805-583-2874
FAX: 805-583-0124

CST Lab: NVLAP 200427-0

XYGATE® /ESDK
(Software Version: 2.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/26/2007:
08/17/2007;
11/26/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP with SP 2; HP-UX 11.11; Solaris 10; HP Nonstop Server G06; HP Nonstop Server H06 (in single user mode)

-FIPS Approved algorithms: AES (Cert. #505); DSA (Cert. #209); HMAC (Cert. #258); RNG (Cert. #284); RSA (Cert. #220); SHS (Cert. #576); Triple-DES (Cert. #515)

-Other algorithms: Blowfish; CAST-128; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ElGamal; HMAC MD5; HMAC RIPE-MD; IDEA; MD2; MD4; MD5; RC2; RC4; RC5; RIPE-MD; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Skipjack (non-compliant)

Multi-chip standalone

"The XYGATE Encryption Software Development Kit [XESDK] is a dynamically linked software library that supplies: symmetric key encryption including the approved AES and TripleDES; hashing algorithms including the approved SHA-1 and SHA-256; public key encryption including RSA; signature algorithms including the approved RSA and DSA; secure session protocols such as SSH, SSL and TLS; and e-mail protocols such as PGP and S/MIME."
803 KoolSpan, Inc.
4962 Fairmont Ave.
2nd Floor
Bethesda, MD 20814
USA

-Tony Fascenda
TEL: 240-880-4400

CST Lab: NVLAP 200416-0

SecurEdge Lock
(Hardware Version: LRF05123; Firmware Version: 3.1.1)

(This module contains the embedded module Axalto Cryptoflex e-Gate 32 smart card validated to FIPS 140-2 under Cert. #242 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/26/2007;
08/29/2007
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #388); SHS (Cert. #464); Triple-DES (Cert. #97; key wrapping; key establishment methodology provides 80-bits of encryption strength); RNG (vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The KoolSpan Lock is a VHS-Cassette sized device that authenticates users and bridges their Ethernet traffic onto the network. It contains an embedded Smart Card and cryptographic processor. The case is tamper-resistant. Each Lock can support up to 512 simultaneous users each with 256-bit AES encryption. The Lock supports a "Keyless Exchange" and provides both Wi-Fi security and Remote Access (VPN) connections."
802 Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

-Entrust Sales

CST Lab: NVLAP 200017-0

Entrust Authority™ Security Toolkit 7.2 for the Java® Platform
(Software Version: 7.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 07/26/2007;
08/07/2007;
05/28/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Pro SP1 running Sun JRE 5.0 and Solaris 10 running Sun JRE 5.0 (Single-user mode)

-FIPS Approved algorithms: AES (Cert. #443); Triple-DES (Cert. #467); Triple-DES MAC (Cert. #467, vendor affirmed); DSA (Cert. #187); ECDSA, (Cert. #34); SHS (Cert. #510); HMAC (Cert. #209); RNG (Cert. #231); RSA (Cert. #168)

-Other algorithms: CAST128; CAST3; DES; IDEA; RC2; RC4; Rijndael; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); SPEKE; ElGamal; MD2; MD5; DES MAC; IDEA MAC; CAST128 MAC; HMAC-MD2; HMAC-MD5

Multi-chip standalone

"Entrust Authority™ Toolkits provide customers and partners with the ability to apply best-in-class security to almost any business application. These Toolkits provide a common set of services to permit developers to rapidly deploy applications that solve business problems without having to spend valuable development cycles developing these common services. Entrust Authority's standards-based, application programming interfaces (APIs) make it possible to implement a single enhanced Internet security architecture across multiple applications and platforms."
801 Secured User Inc.
11490 Commerce Park Drive
Suite 240
Reston, VA 20191
USA

-Ken Hetzer
TEL: 703-964-3164
FAX: 703-783-0446

-Bruce Mitchell
TEL: 703-964-3167
TEL: 647-477-7892
FAX: 647-477-5052

CST Lab: NVLAP 200697-0

SUSK Security Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/23/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single user mode)

-FIPS Approved algorithms: AES (Cert. #474); SHS (Cert. #542); HMAC (Cert. #231); RNG (Cert. #257)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The SUSK Security Module is a software-based cryptographic module. Secured User's product performs all of its work by transparently intercepting and transforming the data stream between entities. All of the cryptographic functionalities of the Secured User product are provided by the central shared library, SUSK Security Module. The cryptographic module offers Transport Layer Security (TLS) services along with bulk encryption and hashing services exclusively to Secured User application. This application is considered as host application to the module."
800 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-924-3406

CST Lab: NVLAP 100432-0

Cygnus X-2 Postal Security Device
(Hardware Versions: 1MEC BAC/BAE/BAF (Canada) and 1MES BAC/BAE/BAF (Canada Specimen))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/23/2007 Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS Approved algorithms: ECDSA (Cert. #48); DSA (Cert. #200); SHS (Cert. #562); Triple-DES (Cert. #503); Triple-DES MAC (Cert. #503, vendor affirmed); RNG (Cert. #272); HMAC (Cert. #246)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
799 Polycom, Inc.
4750 Willow Road
Pleasanton, CA 94588-2708
USA

-Robert V. Seiler
TEL: 978-292-5452
FAX: 928-292-5943

CST Lab: NVLAP 200427-0

VSX 7000e and VSX 8000
(Firmware Version: 8.5.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/23/2007 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #431); DSA (Cert. #178); RNG (Cert. #224); SHS (Cert. #501); Triple-DES (Cert. #460)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Polycom VSX products are state of the art video-conferencing nodes. These systems provide video-conferencing facilities using all the popular telecommunication protocols such as H.320 H.323, and Session Initiation Protocol (SIP) and include support of Integrated Services Digital Network (ISDN), Primary rate and Basic rate as well as serial interfaces for V.35, RS-499 and RS-530."
798 Polycom, Inc.
4750 Willow Road
Pleasanton, CA 94588-2708
USA

-Robert V. Seiler
TEL: 978-292-5452
FAX: 928-292-5943

CST Lab: NVLAP 200427-0

VSX 3000, VSX 5000, and VSX 7000s
(Firmware Version: 8.5.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/23/2007 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #431); DSA (Cert. #178); RNG (Cert. #224); SHS (Cert. #501); Triple-DES (Cert. #460)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Polycom VSX products are state of the art video-conferencing nodes. These systems provide video-conferencing facilities using all the popular telecommunication protocols such as H.320 H.323, and Session Initiation Protocol (SIP) and include support of Integrated Services Digital Network (ISDN), Primary rate and Basic rate as well as serial interfaces for V.35, RS-499 and RS-530."
797 Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

-Entrust Sales

CST Lab: NVLAP 200017-0

Entrust Security Kernel
(Software Version: 7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/03/2007;
05/28/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #495); AES (Cert. #484); DSA (Cert. #196); SHS (Cert. #551); RNG (Cert. #261); RSA (Cert. #198); HMAC (Cert. #238); ECDSA (Cert. #45)

-Other algorithms: DES; DES MAC; CAST; CAST3; CAST5; RC2; RC4; IDEA; MD2; MD5; RIPEMD-160; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); PAKE; AES MAC (non-compliant); NIST 800-90 DRBG RNG (non-compliant)

Multi-chip standalone

"The Kernel is a C++ class library of cryptographic functions bound together by a common object-oriented Application Programming Interface (API). Depending on the configuration and the runtime environment of the Kernel, the algorithms may be implemented in software, hardware, or a combination of both. The industry standard Cryptoki API, as described in PCKS #11, is used as the internal interface to hardware-based cryptographic tokens."
796 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Security Controller (FC-X)
(Hardware Version: FC-X; Firmware Versions: 4.1.1, 4.1.3, 4.1.4, 4.1.5 and 4.1.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/02/2007;
11/26/2007;
04/04/2008;
05/09/2008;
01/26/2009;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #389 and #390); SHS (Cert. #465 and #538); RNG (Certs. #189 and #190); HMAC (Cert. #174)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (non-compliant); SHS (non-compliant; FPGA); HMAC (non-compliant; FPGA)

Multi-chip standalone

"The Fortress Security Controller (FC-X) is a high performance electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a custom built multiple processor hardware platform and deployable on any LAN or WAN, the Fortress Security Controller (FC-X) provides encryption, data integrity checking, authentication, access control, and data compression."
795 ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009
USA

-Ed Smith
TEL: 760-476-4995
FAX: 760-476-4703

CST Lab: NVLAP 100432-0

Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module
(Hardware Versions: P/N 1010162, Version 1, P/N 1010163, Version 1, P/N 1075559, Version 1 and P/N 1075560, Version 1; Firmware Version: 01.03.05)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/26/2007;
08/31/2007;
07/09/2008;
07/08/2009
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #448, #449, #619 and #620); SHS (Cert. #800); HMAC (Cert. #441); ECDSA (Cert. #90); RNG (Cert. #461); KAS (SP 800-56A, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The ViaSat Enhanced Bandwidth Efficient Modem (EBEM-500) series Satcom Modem provides the latest in efficient modulation and coding for point-to-point Satcom connections. The EBEM-500 series offers embedded encryption, integrating the security functions into the modem to provide an integrated secure Satcom modem product. The EBEM-500 series is backward compatible with a wide range of legacy Satcom modems currently in use and supports the new improved efficiency modulation and coding. The EBEM-500 series supports user base-band data rates from 64 kbps up to 155.52 Mbps."
794 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress® Wireless Security Gateway
(Hardware Version: AF2100; Firmware Version: 2.5.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/02/2007;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; DES; RSA (non-compliant); ANSI X9.31 RNG (non-compliant); non-Approved RNG

Multi-chip standalone

"The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
793 Sagem Orga
Heinz-Nixdorf-Ring 1
33106 Paderborn, Germany

-Swantje Missfeldt
TEL: +49 52 51 88 90

CST Lab: NVLAP 100432-0

J-IDMark 64 Open
(Hardware Version: HW P/N 01016221; FW Versions: FFFFFFFF, 01016221, 02016247, 03016251)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/26/2007;
04/29/2008
Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: SHS (Cert. #525); RSA (Certs. #179 and #180); Triple-DES (Cert. #480); Triple-DES MAC (Cert. #480, vendor affirmed); AES (Cert. #459); RNG (Cert. #244)

-Other algorithms: N/A

Single-chip

"The J-IDMark 64 Open is a single chip cryptographic module, which combines an implementation of the latest Sun Java Card TM (Rev 2.2.1) [JCS] / Global Platform (Rev 2.1.1)[GP] specifications with a dual interface chip (with both ISO 7816 contact and ISO 14443 contactless protocols). The module meets the requirements to the FIPS 140-2, Level 4 for physical security, and to the Level 3 for other areas. The module loads and runs applets written in Java programming language. Additional features include biometric & PKI APIs in order to run "Match On Card" and cryptographic services properly."
792 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder® FIPS Java Module
(Software Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 06/26/2007;
07/20/2007;
10/12/2007;
03/06/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1, 1.4.2 and 1.5.0 running on Windows XP 32-bit; Windows XP 64-bit ; Red Hat Linux Application Server 3.0 32-bit; Red Hat Linux Application Server 4.0 64-bit ; Solaris 9 32-bit ; Solaris 9 64-bit; and Solaris 10 32-bit with 32 bit SPARC processor (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #485); AES (Cert. #469); SHS (Cert. #537); RSA (Cert. #191); HMAC (Cert. #227); RNG (Cert. #254); DSA (Cert. #193); ECDSA (Cert. #41)

-Other algorithms: ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC MQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Security Builder® FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder® FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder® PKI and Security Builder® SSL."
791 Research in Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x2921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry® Cryptographic Kernel
(Firmware Versions: 3.8.4.27 and 3.8.4.28)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 06/21/2007;
06/21/2007
Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 8700c with BlackBerry OS Version 4.2

-FIPS Approved algorithms: Triple-DES (Cert. #474); AES (Cert. #457); SHS (Cert. #521); HMAC (Cert. #217); RSA (Cert. #175); RNG (Cert. #242); ECDSA (Cert. #38)

-Other algorithms: EC Diffie-Hellman; ECMQV

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry® ."
790 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

Oberthur ID-One Cosmo 64 v5.4 D
(Hardware Version: P/N 77; Firmware Versions: E910-066491, E910-065972, E910-066421)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/19/2007 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #425); Triple-DES (Certs. #454 and #455); Triple-DES MAC (Certs. #454 and #455, vendor affirmed); SHS (Cert. #496); RSA (Cert. #160); RNG (Cert. #219)

-Other algorithms: AES MAC (Cert. #425; non-compliant); ECDSA (Cert. #32; non-compliant)

Single-chip

"This single chip module offers a highly secure architecture with state of the art on board cryptographic services such as Triple DES (128 and 192), AES (up to 256 bits), RSA (up to 2048) with ANSI X9.31 on board key generation, SHA1 & SHA 256, ISO 9796, ISO 9797, PKCS#1.5, OAEP, OSS, etc. Additional features include fingerprint Match on Card (ISO 19794-2), Logical Channels and Delegated Management. The module supports Java Card 2.2.1 and Global Platform 2.1.1.A. It is available with up to three communication interfaces (ISO 7816, ISO 14443 & USB)."
789 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-5050
(Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Versions: FortiOS 3.00, build 8317, 061121)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/19/2007;
02/21/2008
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #486, #487 and #490); RNG (Cert. #251); AES (Certs. #471, #472 and #476); SHS (Certs. #539, #540 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength; non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
788 Neopost Industrie
113, rue Jean-Marin Naudin
Bagneaux, 92220
France

-Jerome Modolo
TEL: +33 1 45 36 34 02
FAX: +33 1 45 36 30 10

CST Lab: NVLAP 100432-0

IJ25 Secure Metering Module (SMM)
(Hardware Version: 4127925W A; Firmware Version: 4130171L K01)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/19/2007 Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS Approved algorithms: DSA (Cert. #149); ECDSA (Cert. #17); RNG (Cert. #142); SHS (Cert. #392); HMAC (Cert. #123)

-Other algorithms: N/A

Multi-chip embedded

"The module provides services to a small office postal meter. The system's features include hand postage printing using ink jet technology, weighing scale interface, internal modem for remote recrediting, memory card for slogan and rate loading."
787 Attachmate Corporation
1500 Dexter Avenue North
Seattle, WA 98109
USA

-Steve Poole
TEL: 206-217-7500
FAX: 206-217-7515

CST Lab: NVLAP 100432-0

Attachmate Security Component for Java
(Software Version: 1.32)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/21/2007;
04/29/2008
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Red Hat Linux 4 x 64 and Sun Java Runtime 1.5.0; Mac OS X 10.4.3 and Apple Java Runtime 1.5.0; Windows XP and Sun Java Runtime 1.5.0 (single user)

-FIPS Approved algorithms: Triple-DES (Cert. #449); AES (Cert. #419); DSA (Cert. #174); RNG (Cert. #213); RSA (Cert. #156); SHS (Cert. #488); HMAC (Cert. #193)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Attachmate Security Component for Java provides SSL/TLS and cryptographic services for the Attachmate Reflection for the Web product. Reflection for the Web provides centrally managed terminal emulation within a web browser. This cross-platform, server-based solution connects users to applications on IBM, HP, Unix, and OpenVMS hosts, meeting host access needs while minimizing management costs, maximizing IT flexibility, and ensuring high-level security for administrative, terminal emulation, printer emulation, and file transfer operations."
786 L-3 Communications Linkabit
3033 Science Park Road
San Diego, CA 92121
USA

-Rick Roane
TEL: 858-597-9097
FAX: 858-552-9660

CST Lab: NVLAP 100432-0

MPM-1000
(Hardware Version: 119811-1; Firmware Version: 120435-03/119881-05)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/19/2007 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #439, #440 and #441); RNG (Cert. #228); DSA (Cert. #180); HMAC (Cert. #206); SHS (Cert. #507)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The MPM-1000 is a dual-use civilian/military modem used to transport IP data traffic over satellite communication links using a secure Multi-Frequency Time Division Multiple Access (MF-TDMA) protocol. The MPM-1000 also functions as a MIL-STD-165A modem for use in Single Channel Per Carrier (SCPC) Frequency Division Multiple Access (FDMA) satellite communications."
785 Siemens PLM Software Inc.
5800 Granite Parkway
Suite 600
Plano, TX 75024
USA

-Kevin White
TEL: 515-956-6849

-Vikas Singh
TEL: 651-855-6176

CST Lab: NVLAP 200427-0

Teamcenter Cryptographic Module
(Software Version: 1.1.1 [1] and 2.0 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/14/2007;
04/09/2010;
06/27/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (x86) [1], Solaris 8 (64-bit SPARC) [1], Solaris 10 (64-bit SPARC) [1], Windows 7 SP1 (x86 64-bit) [2], SUSE Linux 11.2 (x86 64-bit) [2] and Mac OS X 10.8 (x86 64-bit) [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #410 [1] and #2834 [2]); DSA (Certs. #170 [1] and #852 [2]); HMAC (Certs. #183 [1] and #1776 [2]); RNG (Certs. #204 [1] and #1277 [2]); RSA (Certs. #150 [1] and #1476 [2]); SHS (Certs. #477 [1] and #2376 [2]); Triple-DES (Certs. #443 [1] and #1694 [2]

-Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Teamcenter powers innovation and productivity by connecting people and processes with knowledge. Teamcenter is the de facto standard for PLM deployment, providing solutions to drive business performance goals. This includes the need to increase the yield of innovation, compress time-to-market, meet business and regulatory requirements, optimize operational resources and maximize globalization advantages. With this FCAP-FIPS certification status, Teamcenter now offers the best in class and highest levels of encryption to our security-conscious customers."
784 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200626-0

Reflex Magnetics Cryptographic Library
(Software Version: 1.0.0.61103)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/14/2007;
05/02/2008;
05/28/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP with SP2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #466); SHS (Cert. #534); RNG (Cert. #250); RSA (Cert. #188); HMAC (Cert. #225)

-Other algorithms: N/A

Multi-chip standalone

"The Reflex Magnetics Cryptographic Library v1.0 provides cryptographic support for the Check Point Software Technologies Ltd software products. The module is used to perform various cryptographic services including pseudo random number generation, and encryption/decryption using symmetric and asymmetric algorithms."
783 Global Relief Technologies, LLC.
40 Congress Street, Suite 300
Portsmouth, NH 03801
USA

-Chip Peter
TEL: 603-422-7333
FAX: 603-422-7331

CST Lab: NVLAP 200556-0

Rapid Data Management Software (RDMS)
(Software Version: 2.3.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/14/2007 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows© Mobile 5.0 (in single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #444); SHS (Cert. #478); HMAC (Cert. #184); RNG (Cert. #205)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Rapid Data Management Software (RDMS) is a software application developed by Global Relief Technologies (GRT) designed for installation on a Personal Digital Assistant (PDA) and cellular communications devices. The device is used during humanitarian and relief efforts in order to gather data and information quickly about the surrounding area to better decide where to allocate resources and what resources are needed."
782 Schweitzer Engineering Laboratories, Inc.
2545 NE Hopkins Court
Pullman, WA 99163-5603
USA

-Joe Casebolt
TEL: 509-336-2408
FAX: 509-336-2406

CST Lab: NVLAP 100432-0

SEL-3021 Serial Encrypting Transceiver
(Hardware Version: P/N SEL-3021 Versions (00016A10), (00016A10, ver. D) and (00006A10); Firmware Versions: SEL-3021-1-R101-V0-Z001001-D20070521, SEL-3021-1-R102-V0-Z001001-D20080505, SEL-3021-1-R103-V0-Z001001-D20081216, SEL-3021-1-R104-V0-Z001001-D20090319 and SEL-3021-1-R105-V0-Z001001-D20091120)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/14/2007;
06/20/2007;
05/20/2008;
01/26/2009;
03/30/2009;
12/08/2009;
11/16/2010
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #447); DSA (Cert. #182); SHS (Cert. #512); HMAC (Cert. #213); RNG (Cert. #234)

-Other algorithms: N/A

Multi-chip standalone

"The SEL-3021 Serial Encrypting Transceiver is a bump-in-the-wire encryption device providing strong cryptographic security to new serial communications links and an easy and effective security solution for existing serial communications networks. It is for use on both point-to-point byte oriented communications links and multi-drop networks. The SEL-3021 has preset configuration settings for popular SCADA or PCS protocols like DNP and MODBUS common to PLCs and RTUs. The SEL-3021 also has support for standard MODEM communications."
781 ARX (Algorithmic Research)
10 Nevatim Street
Kiryat Matalon, Petach Tikva 49561
Israel

-Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0

PrivateServer
(Hardware Version: 4.0; Firmware Version: 4.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/14/2007 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #349); Triple-DES (Cert. #409); RSA (Cert. #118); SHS (Cert. #424); Triple-DES MAC (Cert. #409, vendor affirmed); RNG (Cert. #185)

-Other algorithms: DES; DES MAC; DES Stream; MD5; ISO9796; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The PrivateServer is a high-performance cryptographic service provider. The PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include DES, Triple-DES, AES, DES-MAC, Triple-DES-MAC, RSA, SHA-1, SHA-256, SHA-512, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities."
780 Gemalto
101 Park Drive
Montgomeryville, PA 18936-9618
USA

-Nick Hislop
TEL: 215-390-2805
FAX: 215-390-2915

-David Teo
TEL: 512-257-3895
FAX: 512-257-3881

CST Lab: NVLAP 200427-0

SafesITe Large Memory Dual Interface Open Platform card
(Hardware Version: A1002878; Firmware Version: HM 4v1, SM 1v1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/31/2007 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #463); Triple-DES (Cert. #479); SHS (Cert. #531); RSA (Cert. #183); Triple-DES MAC (Cert. #479, vendor affirmed); RNG (Cert. #248)

-Other algorithms: DES

Multi-chip embedded

"The SafesITe Large Memory Dual Interface Open Platform card provides powerful features that drive PKI applications, digital signature and access control. With a large data storage capacity and two communication interfaces (contact and contactless), the SafesITe smartcard serves as a highly portable credential for securing personal identity, fraud prevention and supporting issuers' e-services strategies"
779 ViaSat UK Ltd.
Sandford Lane
Wareham, Dorset BH20 4DY
United Kingdom

-Tim D. Stone
TEL: 01929 55 44 00
FAX: 01929 55 25 25

CST Lab: NVLAP 200556-0

FlagStone Core
(Hardware Versions: 1.0.1.1a, 1.0.1.2a, 1.0.1.3, 1.0.2.1a, 1.0.2.2a and 1.0.2.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/18/2007;
09/12/2007;
07/27/2011
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #403 and #630); RNG (Certs. #198 and #361)

-Other algorithms: N/A

Multi-chip embedded

"The FlagStone Core is a multi-chip embedded cryptographic module used within the FlagStone Corporate and the FlagStone Freedom Drives. The FlagStone Core and subsequently the FlagStone Drives utilising the FlagStone Core provide access control and data encryption services to protect access to data stored on a HDD (Hard Disk Drive). All accessible sectors on a HDD connected to a FlagStone Core are encrypted."
778 Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Mehdi Bonyadi
TEL: 858-625-5163

-Gary Morton
TEL: 303-272-4738

CST Lab: NVLAP 200427-0

Sun Cryptographic Accelerator 6000
(Hardware Version: 375-3424, Revisions -02 and -03; Firmware Version: 1.0.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/18/2007 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #435); AES (Cert. #397); DSA (Cert. #92); SHS (Certs. #171 and #469); HMAC (Certs. #88 and #176); RSA (Cert. #142); RNG (Cert. #108)

-Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2

Multi-chip embedded

"The Sun Cryptographic Accelerator 6000 (SCA-6000) is a high performance hardware security module for Sun platforms (SPARC, x86, x64). It is a low-profile, short PCI-E (X8) card consisting of on-board cryptographic acceleration hardware and a secure cryptographic key store. SCA-6000 supports remote management functions. It has serial and USB ports for local administration. It enhances platform performance by off-loading compute intensive cryptographic calculations by accelerating both IPsec and SSL processing, and by performing many financial service functions. Supported on Linux and Solaris-10"
777 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 200556-0

Stealth MXP Passport
(Hardware Versions: 4.1 StealthMXP Passport 128MB, 4.1 StealthMXP Passport 256MB, 4.1 StealthMXP Passport 512MB, 4.1 StealthMXP Passport 1GB, 4.1 StealthMXP Passport 2GB, 4.1 StealthMXP Passport 4GB, 4.2 StealthMXP Passport 128MB, 4.2 StealthMXP Passport 256MB, 4.2 StealthMXP Passport 512MB, 4.2 StealthMXP Passport 1GB, 4.2 StealthMXP Passport 2GB, 4.2 StealthMXP Passport 4GB, 4.2 StealthMXP: Liquid Metal Passport 512MB, 4.2 StealthMXP: Liquid Metal Passport 1GB,4.2 StealthMXP: Liquid Metal Passport 2GB and 4.2 StealthMXP: Liquid Metal Passport 4GB with Version 2.3 of FPGA; Firmware Versions: 4.18, 4.19, 4.20 and 4.21 with Version 2.0 of Boot loader)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/18/2007;
08/07/2007;
09/25/2007;
11/06/2007;
12/20/2007;
01/28/2008;
06/23/2008;
05/31/2011;
04/24/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #416); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190)

-Other algorithms: N/A

Multi-chip standalone

"Stealth MXP Passport is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
776 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure® Kernel Mode Cryptographic Driver™ for Linux
(Software Version: 1.1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/18/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux RH EL 4 (in single user mode)

-FIPS Approved algorithms: AES (Cert. #462); SHS (Cert. #529); HMAC (Cert. #223); RNG (Cert. #247)

-Other algorithms: DES; Triple-DES (Cert. #478; non-compliant); Blowfish; MD5; HMAC-MD5; RC2; RIPEMD-160; HMAC-RIPEMD-160

Multi-chip standalone

"The F-Secure« Cryptographic LibraryÖ is a family of software modules for a number of Windows and Unix platforms. The modules provide an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The modules are designed and implemented to meet the Level 1 requirements of FIPS publication 140-2 when running on a GPC under various popular versions of Windows and Unix operating systems."
775 IBM® Corporation
IBM/Tivoli
PO Box 3499
Australia Fair
Southport, Queensland 4215
Australia

-Mike Thomas
TEL: +61 7 5552 4030
FAX: +61 7 5571 0420

-Peter Waltenberg
TEL: +61 7 5552 4016
FAX: +61 7 5571 0420

CST Lab: NVLAP 200427-0

IBM® Crypto for C
(Software Version: 1.4.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/18/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SUN Solaris 9 (UltraSparc), HPUX 11i (PA-RISC 2.0), AIX 5.2 (PowerPC), RHEL v4 (IA-32, AMD64, PowerPC, zSeries), SLES 9.1 (IA-32, PowerPC, zSeries), SLES 9.0 (AMD64), Windows Server 2003 with SP1 (AMD64, IA-32) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #426 and #468); Triple-DES (Certs. #456 and #484); SHS (Certs. #497 and #535); DSA (Certs. #177 and #192); RSA (Certs. #184 and #189); RNG (Certs. #220 and 252); HMAC (Certs. #200 and #226)

-Other algorithms: RC2; RC2-40; RC2-60; RC4; Blowfish; CAST; MD2; MD4; MD5; RIPEMD; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides a minimum of 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength); DES; RSA (encrypt/decrypt)

Multi-chip standalone

"The ICC is a C language implementation of cryptographic functions which uses the cryptographic library provided by the OpenSSL project. This enables IBM products to use an open source solution for cryptography and a FIPS 140-2 certified cryptographic provider."
774 Sagem Orga
Heinz-Nixdorf-Ring 1
33106 Paderborn, Germany

-Swantje Missfeldt
TEL: +49 52 51 88 90

CST Lab: NVLAP 100432-0

J-IDMark 64 PIV
(Hardware Version: P/N AT58803-H-AA; Firmware Version: 01016221/FFFFFFFF, PIV applet A0000002430015010100010601 V01)

(PIV Card Application: Cert. #8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/18/2007;
04/29/2008;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #525); RSA (Certs. #179 and #180); Triple-DES (Cert. #480); Triple-DES MAC (Cert. #480, vendor affirmed); AES (Cert. #459); RNG (Cert. #244); CVL (Cert. #207)

-Other algorithms: N/A

Single-chip

"The J-IDMark 64 PIV is a single chip cryptographic module, which combines a PIV FIPS 201 compliant applet (SP 800-73) loaded on J-IDMark 64 Open, a dual (contact & contactless) interface platform compliant with the latest Java CardTM 2.2/Global Platform 2.1.1 specifications, FIPS 140-2 Level 3 Approved and Level 4 Approved for physical security. Thus J-IDMark 64 PIV module is a reliable and standardized solution for PIV systems, which allow managing physical and logical access to Federal government facilities and systems, by help of identity credentials."
773 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Client
(Software Versions: 2.5.6 and 2.5.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 05/18/2007;
06/20/2007;
03/26/2010;
05/17/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP, 2000, CE 3.0, CE 4.0 and Linux Kernel 2.4.21-37:EL (in single-user mode)

-FIPS Approved algorithms: AES (Certs. #427 and #437); Triple-DES (Certs. #457 and #463); SHS (Certs. #498 and #505); RNG (Certs. #221 and #227); HMAC (Certs. #201 and #205)

-Other algorithms: DES; MD5; Blowfish; GUAVA; IDEA; Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
772

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/08/2007 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

771 Gemalto
Avenue du Pic de Bretagne
BP 100
Gemenos Cedex, 13881
France

-Anthony Vella
TEL: +33 4 42 36 61 38
FAX: +33 4 42 36 52 36

CST Lab: NVLAP 200427-0

GemXpresso R4 E36/E72 PK - MultiApp ID 36K/72K - TOP IM GX4
(Hardware Versions: GXP4-M2612410 and GXP4-A1007591; Firmware Version: GX4-S_E005 (MSA029))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/08/2007;
02/23/2009
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #435); Triple-DES (Cert. #462); SHS (Cert. #503); RSA (Cert. #164); Triple-DES MAC (Cert. #462, vendor affirmed); RNG (Cert. #226)

-Other algorithms: N/A

Single-chip

"GemXpresso R4 E36/E72 PK is based on a Gemplus Open OS Smart Card with a large EEPROM memory. The Smart Card platform provides Random Number generation, 3DES, AES, SHA-1 and RSA up to 2048 bits key length as well as RSA On Board Key generation up to 2048 bits long. The module conforms to Java Card 2.2.1 and Global Platform 2.1.1 standards, and is particularly designed to support any application dedicated to meet the very demanding requirements of multi-application government & enterprise security programs."
770 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200427-0

Check Point Crypto Core
(Software Versions: 1.2 (Win 2000/Win XP/Check Point Pre-Boot/Win Mobile 5/Symbian9) and 1.3 (Win 2003/Vista/Mac OS X 10.5))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/08/2007;
04/29/2008;
09/02/2008;
05/28/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 with SP4 (x86), Windows XP with SP2 (x86), Windows Mobile 5 (ARM and TI OMAP), Symbian 9 (ARM), Microsoft Windows Server 2003 SP2, Windows Vista Ultimate and Mac OS X v10.5 (single user mode)

-FIPS Approved algorithms: AES (Certs. #429 and #430); Triple-DES (Certs. #458 and #459); SHS (Cert. #499); RSA (Cert. #162); HMAC (Cert. #202); RNG (Cert. #222)

-Other algorithms: Blowfish; CAST-128; CAST-256; DES; MD5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-224 (non-compliant)

Multi-chip standalone

"Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Win 2K/XP/2K3/Vista, Check Point Pre-Boot, Win Mobile 5, Symbian 9 and Mac OS X. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries."
769 Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

-Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200427-0

Novell International Cryptographic Infrastructure (NICI)
(Software Version: 2.7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/04/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 with SP4; Microsoft Windows XP with SP 2; Red Hat Advanced Server 3.0 (in single-user mode)

-FIPS Approved algorithms: AES (Cert. #432); DSA (Cert. #179); HMAC (Cert. #204); RNG (Cert. #225); RSA (Cert. #163); SHS (Cert. #502); Triple-DES (Cert. #461);

-Other algorithms: ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; PKCS#12 PBE; UNIX Crypt; LMdigest (CIFS); TLS-KeyExchange-RSASign; NetWarePassword; X9.62 RNG (non-compliant)

Multi-chip standalone

"Novell International Cryptographic Infrastructure (NICI) is a cryptographic module written in C that employs the BSAFE library to provides keys, algorithms, key storage and usage mechanisms, and a key management system."
768 Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

-Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200427-0

Novell International Cryptographic Infrastructure (NICI)
(Software Version: 2.7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/04/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Novell Netware 6.5 SP3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #432); DSA (Cert. #179); HMAC (Cert. #204); RNG (Cert. #225); RSA (Cert. #163); SHS (Cert. #502); Triple-DES (Cert. #461);

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192-bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; PKCS#12 PBE; UNIX Crypt; LMdigest (CIFS); TLS KeyExchange-RSASign; NetWarePassword; X9.62 PRNG (non-compliant)

Multi-chip standalone

"Novell International Cryptographic Infrastructure (NICI) is a cryptographic module written in C that employs the BSAFE library to provides keys, algorithms, key storage and usage mechanisms, and a key management system."
767 Novell, Inc.
1800 South Novell Place
Provo, UT 84606
USA

-Developer Support
TEL: 801-861-7000

CST Lab: NVLAP 200427-0

Novell International Cryptographic Infrastructure (NICI)
(Software Version: 2.7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/04/2007 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 Server with SP3 and Q326886 (on Dell Optiplex GX400); Trusted Solaris 8 (on Sunblade 100); SuSE Linux Enterprise Server 8 (on IBM eServer e325)

-FIPS Approved algorithms: AES (Cert. #432); DSA (Cert. #179); HMAC (Cert. #204); RNG (Cert. #225); RSA (Cert. #163); SHS (Cert. #502); Triple-DES (Cert. #461);

-Other algorithms: ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80-bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD2; MD4; MD5; HMAC-MD5; RC2; RC4; RC5; CAST128; PKCS#12 PBE; UNIX Crypt; LMdigest (CIFS); TLS-KeyExchange-RSASign; NetWarePassword; X9.62 RNG (non-compliant)

Multi-chip standalone

"Novell International Cryptographic Infrastructure (NICI) is a cryptographic module written in C that employs the BSAFE library to provides keys, algorithms, key storage and usage mechanisms, and a key management system."
766 Attachmate Corporation
1500 Dexter Ave N
Seattle, WA 98109
USA

-Zeke Evans
TEL: 206-301-6891
FAX: 206-272-1346

-Joe Silagi
TEL: 206-217-7655
FAX: 206- 272-1346

CST Lab: NVLAP 200427-0

Attachmate Crypto Module
(Software Version: 1.0.170)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/04/2007 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Intel Itanium w/ HP-UX 11iv2 (IA64); Intel Itanium w/ Windows 2003 Server SP1 (IA64); Intel Pentium D w/ Windows 2003 Server SP1 (x64); Intel Pentium 4 w/ Windows 2003 Server SP1; AMD Opteron w/ Solaris 10; UltraSPARC w/ Solaris 8; AMD Opteron w/ SuSE Linux Enterprise Server 9.0 (x64); Intel Pentium 4 w/ SuSE Linux Enterprise Server 9.0; Intel Itanium w/ Red Hat Enterprise Linux 4.0 (IA64); Intel Pentium D w/ Red Hat Enterprise Linux 4.0 (x64); Intel Pentium 4 w/ Red Hat Enterprise Linux 4.0; PA-RISC w/ HP-UX 11iv1; Intel Pentium 4 w/ Sun Solaris 10 (used in single-user mode)

-FIPS Approved algorithms: AES (Cert. #417); Triple-DES (Cert. #447); SHS (Cert. #486); DSA (Cert. #173); RSA (Cert. #208); RNG (Cert. #212); HMAC (Cert. #191)

-Other algorithms: Arcfour; Blowfish; CAST; DES; RIPEMD-160; MD4; MD5; MD2; RC5; RC2; HMAC-MD5; HMAC-MD4; HMAC-MD2; HMAC-RIPEMD-160; DES MAC; RSA (key wrapping, key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Attachmate Crypto Module is used in a range of solutions from Attachmate, provider of host connectivity, systems and security management, and PC lifecycle management products."
765 PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025
USA

-Vinnie Moscaritolo
TEL: 650-319-9000
FAX: 650-319-9001

CST Lab: NVLAP 100432-0

PGP Software Developer's Kit (SDK) Cryptographic Module
(Software Versions: 3.7.1 and 3.8.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/04/2007;
05/08/2007;
10/22/2007;
03/07/2008;
07/28/2008;
08/21/2008;
12/03/2008
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.4.8; Windows XP Professional SP2 (single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #471); AES (Cert. #453); DSA (Cert. #183); SHS (Cert. #516); HMAC (Cert. #216); RSA (Cert. #172); RNG (Cert. #238)

-Other algorithms: AES (EME mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; ARC4-128; MD5; RIPEMD60; HMAC-MD5; Blow-Fish; ElGamal (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
764 Futurex, LLC
864 Old Boerne Road
Bulverde, TX 78163
USA

-Jason Anderson
TEL: 830-980-9782
FAX: 830-438-8782

CST Lab: NVLAP 100432-0

Excrypt Cryptographic Module
(Hardware Version: P/N 9750-0235-R, Version 1.1; Firmware Version: 2.4.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/04/2007 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #369); SHS (Cert. #369); RSA (Cert. #86); RNG (Cert. #122); HMAC (Cert. #133)

-Other algorithms: DES (Cert. #327); MD5

Multi-chip embedded

"The Excrypt Cryptographic Module (ECM) is a tamper-resistant / responding PCI compatible universal module that provides secure cryptographic processing. The ECM features an Ethernet 10 / 100 interface supporting up to 999 sockets, a serial port, and 1000 3DES / 1000 4096-bit RSA battery backed key storage. The ECM provides TDES and PKI support for key management and electronic payment / funds transfer security. The ECM is used in the ExcryptTM SSP, RMC, PCE, KMS, and SKI Series products."
763 Atmel
Maxwell Building
Scottish Enterprise Technology Park
East Kilbride, G75 0QG
Scotland

-Steve Mitchell
TEL: 00-44-1355-803000
FAX: 00-44-1355-242744

CST Lab: NVLAP 100432-0

jNet Citadel-OS on Atmel AT90SC144144CT
(Hardware Version: P/N AT90SC144144CT, Version AdvX V01.01; Firmware Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/04/2007 Overall Level: 3 

-Physical Security: Level 4 +EFP

-FIPS Approved algorithms: Triple-DES (Cert. #437); Triple-DES MAC (Cert. #437, vendor affirmed); SHS (Cert. #470); RSA (Cert. #144); AES (Cert. #399); RNG (Cert. #214)

-Other algorithms: NDRNG

Single-chip

"The jNet Citadel-OS on Atmel AT90SC144144CT is a Personal Identity Verification Smart Card, HSPD-12 implementation with dual interface I/O. The secure, smart card native OS is fully compliant with NIST 800-73-1 and FIPS PUB 201-1 requirements. The module is used for physical and logical access control to government resources. The AT90SC144144CT is a low-power, high-performance, 8/16-bit microcontroller with Flash program memory and EEPROM data memory, based on the secureAVR enhanced RISC architecture."
762 Data-Pac Mailing Systems Corp.
1217 Bay Road
Webster, NY 14580
USA

-Ken Yankloski
TEL: 585-787-7074
FAX: 585-671-1409

-John Keirsbilck
TEL: 585-787-7077
FAX: 585-671-1409

CST Lab: NVLAP 200427-0

AMERICA2 (PSD)
(Hardware Version: 1.0.25.5; Firmware Version: 1.0.20.5)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/04/2007 Overall Level: 2 

-Physical Security: Level 3 +EFT

-FIPS Approved algorithms: Triple-DES (Cert. #453); SHS (Cert. #492); HMAC (Cert. #196)

-Other algorithms: N/A

Multi-chip embedded

"The AMERICA2 (PSD) is a cryptographically secure, tamper proof device capable of storing customer postal credit and then dispensing valid postal indicia. As an embedded multi-chip Cryptographic Device, the AMERICA2 is enclosed within a tamper-response envelope that prevents all physically invasive attacks while still ensuring the retention of all postal data. The AMERICA2 (PSD) generates HMAC indicia as part of Data-Pac's IBI Light Symmetric postage system, which obviates the need for the digital signature used in traditional IBI franking. Data-Pac embeds the AMERICA2 into its line of Digit"
761 Gemalto
8311 North FM 620 Road
Austin, TX 78726
USA

-David Teo
TEL: 512-257-3895
FAX: 512-257-3881

CST Lab: NVLAP 100432-0

Cyberflex Access E-gate V3
(Hardware Version: P/N A1002431, Version A.12; Firmware Version: HardMask 3v1; SoftMask 1v1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/04/2007 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #451); Triple-DES (Cert. #468); Triple-DES MAC (Cert. #468, vendor affirmed); RNG (Cert. #236); RSA (Certs. #169 and #170); SHS (Cert. #514)

-Other algorithms: NDRNG; DES; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"The Cyberflex Access E-gate V3 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. The Cyberflex Access E-gate V3 serves as a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. The card incorporates the conventional ISO 7816-3 interface, as well as the USB interface normally resident in the smart card reader, making it especially suitable for usage as a USB token."
760 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

AirFortress® Wireless Security Gateway
(Hardware Version: AF7500; Firmware Version: 2.5.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/23/2007;
05/22/2007;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; RSA (non-compliant); RNG (non-compliant)

Multi-chip standalone

"The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
759 Icom Inc.
1-1-32 Kamiminami
Hirano-ku
Osaka 547-0003
Japan

-Chris Lougee
TEL: 425-454-8155
FAX: 425-450-1509

CST Lab: NVLAP 200427-0

Digital Unit UT-120 #10 and #11
(Hardware Version: 1.1; Firmware Version: 3.0 version 2.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/13/2007;
11/26/2007;
12/03/2007
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #422); SHS (Cert. #493); HMAC (Cert. #197)

-Other algorithms: DES; RNG (non-compliant)

Multi-chip embedded

"The UT-120 is an optional unit available for Icom radios that provides digital transmission and reception capabilities, as well as, providing secure communication with FIPS approved AES and non-FIPS approved DES."
758 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

PIX 525 and PIX 535
(Hardware Versions: 525 and 535; Firmware Version: 7.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/11/2007;
05/28/2010;
02/23/2012
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-FIPS Approved algorithms: Triple-DES (Certs.#298 and #384); AES (Certs. #209 and #320); RNG (Cert. #143); SHS (Certs. #285 and #393); HMAC (Certs. #15 and #124), RSA (Certs. #105 and #107), DSA (Certs. #150 and #152)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco PIX and ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. Cisco PIX Security Appliances and ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
757 Lexmark International, Inc.
740 West Circle Road
Lexington, KY 40550
USA

-Sean Gibbons
TEL: 859-232-2000

CST Lab: NVLAP 200416-0

Lexmark PrintCryption
(Firmware Version: 1.3.1)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 04/11/2007;
05/22/2007
Overall Level: 1 

-Tested: T640, T642, T644, C920, W840, C534, T630, T632, T634, C760, C762, C912, W820, X644e, X646e, X646dte, X850e, X852e, X854e, C772, C782, C935 and X945e; Lexmark ver. 2.4 O/S

-FIPS Approved algorithms: Triple-DES (Certs. #356, #357, #358, #359, #360, and #470); AES (Certs. #273, #274, #275, #276, #277, and #452); RSA (Certs. #73, #74, #75, #76, #77, and #171); SHS (Certs. #350, #351, #352, #353, #354, and #515); HMAC (Certs. #89, #90, #91, #92, #93, and #215); RNG (Certs. #100, #101, #102, #103, #104, and #237)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Lexmark PrintCryption Card is an option for the Lexmark T, C, W, and X series of output devices that enables the printing of host encrypted data. With this option installed, the printer is capable of decrypting print jobs encrypted with the AES algorithm. The Lexmark PrintCryption Card analyses the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the confidential document to be printed."
756 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Wireless Access Bridge ES520
(Hardware Version: ES520; Firmware Versions: 2.6.1, 2.6.3 and 2.6.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/11/2007;
05/22/2007;
12/07/2007;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #423); SHS (Cert. #494); HMAC (Cert #198); RNG (Cert. #218)

-Other algorithms: Diffie-Hellman (non-compliant key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); RSA (non-compliant); Blowfish; DES; RC2; RC4; RC5; Safer; Skipjack; DSA (non-compliant); MD2; MD4; MD5; GUAVA; IDEA; Triple-DES

Multi-chip standalone

"The Fortress Secure Wireless Access Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
755 Sharp Corporation
1-9-2, Nakase
Mihama-ku, Chiba-shi, Chiba 251-8520
Japan

-Kazuhiro Yaegawa
TEL: +81-43-299-8368
FAX: +81-43-299-8741

CST Lab: NVLAP 100432-0

SHARP JCOP31ID FIPS
(Hardware Version: P/N SM4128(V3)A7; Firmware Version: HAL v1.1.06, IBM JCOP31IDv2.2OS Release Level 0400)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/11/2007 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #439); Triple-DES MAC (Cert. #439, vendor affirmed); AES (Cert. #402); RSA (Cert. #147); RNG (Cert. #197); ECDSA (Cert. #33); SHS (Cert. #472)

-Other algorithms: DES; AES MAC (non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); ECSVDP

Single-chip

"The single-chip module is a 16-bit Sharp processor and a specifically modified version of the IBM JCOP 31-ID Java Card software satisfying the FIPS 140-2 requirements. The single-chip module provides an operational environment with up to 640 kBytes of Cryptographic Officer/Issuer available non-volatile memory. The defined user space allows for multiple validated applets to be concurrently loaded and used, as well as supporting re-issuance capability. The primary purpose for this device is to provide data security for Personnel Identification."
754

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/02/2007 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

753

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/02/2007 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

752 SecureLogix Corporation
13750 San Pedro
Suite 230
San Antonio, TX 78232
USA

-Jane Byrne
TEL: 210-402-9669
FAX: 210-402-6996

CST Lab: NVLAP 200556-0

ETM® System Software Application Java Comm Crypto Module, Version 5.0
(Software Version: 5.0.2 build 12-9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/23/2007 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #374); SHS (Cert. #376); HMAC (Cert. #110)

-Other algorithms: DES, Triple-DES (ECB, CBC, and OFB modes; non-compliant)

Multi-chip standalone

"The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. Some of the key components of the ETM System are: the Management Server, Report Server, Performance Manager, and Usage Manager. These components are written in the Java programming language and are used in a distributed architecture across an enterprise LAN or WAN. These components utilize a library of Triple DES encryption routines to secure their network communications."
751 SecureLogix Corporation
13750 San Pedro
Suite 230
San Antonio, TX 78232
USA

-Jane Byrne
TEL: 210-402-9669
FAX: 210-402-6996

CST Lab: NVLAP 200556-0

ETM® System Software Application C Comm Crypto Module, Version 5.0
(Software Version: 2.0 build 11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/23/2007 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #375); SHS (Cert. #377); HMAC (Cert. #111)

-Other algorithms: DES

Multi-chip standalone

"The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. The ETM System's C Language Applications Dynamic Link Library provides Triple DES encryption routines for Windows-based ETM Applications. The C Language DLL is used to secure network communications between the ETM Collection Server and ETM Call Recorder Cache Appliances."
750 IBM® Corporation
11505 Burnet Rd.
Austin, TX 78758
USA

-Jacqueline Wilson
TEL: 512-838-2702
FAX: 512-838-3509

-Martin Clausen
TEL: +45 45 23 33 38

CST Lab: NVLAP 200427-0

IBM CryptoLite for C
(Software Version: 3.23)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/23/2007 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with AIX 5200-07 (32-bit kernel), AIX 5200-07 (64-bit kernel), AIX 5300-03 (32-bit kernel), AIX 5300-03 (64-bit kernel) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #498); Triple-DES (Cert. #511); SHS (Cert. #568); DSA (Cert. #205); RSA (Cert. #214); RNG (Cert. #278); HMAC (Cert. #252)

-Other algorithms: RC2; CAST-5; CAST-6; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength); MD5; MD2; HMAC-MD2; HMAC-MD5; Whirlpool; Arc-Four; DES

Multi-chip standalone

"IBM CryptoLite is a C software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance."
749 Hitachi, Ltd.
Hitachi System Plaza Shin-Kawasaki
890 Kashimada, Saiwai-ku
Kawasaki, Kanagawa 212-8567
Japan

-Yoshiaki Kawatsura
TEL: 81-44-549-1755
FAX: 81-44-549-1756

-Manabu Natsume
TEL: 81-44-549-1755
FAX: 81-44-549-1756

CST Lab: NVLAP 100432-0

Hitachi One-Passport PKI Card Application on Athena Smartcard Solutions OS755 for Renesas XMobile Card Module
(Hardware Version: P/N AE46C1 Version 0.1; Firmware Version: OS755 Version 2.4.7; Application Program Product C-9550-702 One-Passport PKI Card Application Versions 03-00 and CX 03-00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/23/2007;
04/26/2007
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #428; key wrapping; key establishment methodology provides 80 bits of encryption strength); Triple-DES MAC (Cert. #428, vendor affirmed); SHS (Certs. #315 and #458); RSA (Certs. #57 and #135); RNG (Certs. #75 and #209)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Raw RSA; RSA cipher only with ISO9796 padding; DES (with ISO9797 m1/m2 padding); Triple-DES (with ISO9797 m1/m2 padding; non-compliant)

Single-chip

"The One-Passport PKI solution provides a remote access environment through the Internet for general commercial uses by private companies. It consists of XMC Cards, PC Software, and PDA Software. Under the One-Passport PKI environment, employees such as sales persons can access their corporate mail servers and other corporate information from their satellite office, home, or other places outside the office. In order to avoid unexpected leakage of information during such remote access, the One-Passport PKI solution uses the VPN technique and PKI based authentication method."
748 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 200556-0

Stealth MXP
(Hardware Versions: 4.0 StealthMXP 128MB, 4.0 StealthMXP 256MB, 4.0 StealthMXP 512MB, 4.0 StealthMXP 1GB, 4.0 StealthMXP 2GB, 4.0 StealthMXP 4GB, 4.1 StealthMXP 128MB, 4.1 StealthMXP 256MB, 4.1 StealthMXP 512MB, 4.1 StealthMXP 1GB, 4.1 StealthMXP 2GB, 4.1 StealthMXP 4GB, 4.2 StealthMXP 128MB, 4.2 StealthMXP 256MB, 4.2 StealthMXP 512MB, 4.2 StealthMXP 1GB, 4.2 StealthMXP 2GB, 4.2 StealthMXP 4GB, 4.2 StealthMXP: Liquid Metal 512MB, 4.2 StealthMXP: Liquid Metal 1GB, 4.2 StealthMXP: Liquid Metal 2GB and 4.2 StealthMXP: Liquid Metal 4GB with Version 2.3 of FPGA; Firmware Versions: 4.16, 4.18, 4.19, 4.20 and 4.21 with Version 2.0 of Boot loader)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/14/2007;
05/01/2007;
08/07/2007;
09/25/2007;
11/06/2007;
12/20/2007;
01/28/2008;
06/23/2008;
05/31/2011;
04/24/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #416); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190)

-Other algorithms: N/A

Multi-chip standalone

"Stealth MXP is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
747 SecureLogix Corporation
13750 San Pedro
Suite 230
San Antonio, TX 78232
USA

-Timothy J. Barton
TEL: 210-402-9669
FAX: 210-402-6996

-Jane Byrne
TEL: 210-402-9669
FAX: 210-402-6996

CST Lab: NVLAP 200556-0

ETM® System Firmware Appliance C Comm Crypto Module, Version 5.0
(Firmware Version: 5.02.20)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 03/23/2007 Overall Level: 1 

-Tested: ETM® System Appliance Model 3200 with Linux 2.6 (locked down)

-FIPS Approved algorithms: Triple-DES (Cert. #373); SHS (Cert. #375); HMAC (Cert. #109)

-Other algorithms: DES

Multi-chip embedded

"The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. Primary components of the ETM System are the ETM Appliances, custom designed devices installed inline on the telecommunication circuits to monitor and control VoIP, PRI, CAS, SS7, and analog voice traffic. The system uses a C library of TDES encryption routines to secure their network communications."
746 Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

-Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

-Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0

STS Secure for Linux
(Software Version: 1.0.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/23/2007;
06/13/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux 2.6 (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: NDRNG

Multi-chip standalone

"The STS Secure for Linux is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) and the Netfilter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
745 Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

-Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

-Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0

STS Secure for Windows CE
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/23/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: NDRNG

Multi-chip standalone

"The STS Secure for Windows CE is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
744 Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

-Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

-Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0

STS Secure for Windows XP, Embedded XP
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/22/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2, Windows XP Professional Embedded SP2 (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #157); RNG (Cert. #167); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: NDRNG

Multi-chip standalone

"The STS Secure for Windows XP, Embedded XP is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
743 Encryption Solutions, Inc.
1740 E. Garry Ave.
Suite 110
Santa Ana, CA 92705
USA

-Frederick C. Meyer
TEL: 949-660-0102
FAX: 949-660-0202

CST Lab: NVLAP 100432-0

SkyLOCK™ Encryption Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/09/2007 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows XP Professional SP2 running on an HP Pavilion dv8210us computer; Windows XP Professional SP2 running on an HP Pavilion zt1175 computer; Windows XP Professional SP2 running on a Dell Optiplex GX270 computer

-FIPS Approved algorithms: AES (Cert. #413); SHS (Cert. #482); HMAC (Cert. #187)

-Other algorithms: SkyLOCK™ Data Protection Scheme

Multi-chip standalone

"The SkyLOCK cryptographic module will be used by Encryption Solutions, Inc. to provide clients with a fast, efficient, and secure solution for protecting information, data and files. The SkyLOCK cryptographic module is the core of all products in the SkyLOCK family. With uses including data storage, file transfer, streaming, and email, SkyLOCK products cover a wide range of security applications and needs. These robust software products provide security in both wired and wireless environments."
742 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder® FIPS Module for ADS 1.2
(Software Version: 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/01/2007;
07/20/2007;
03/06/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Phillips RTK-E OS (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #452); AES (Cert. #421); SHS (Cert.#491); HMAC (Cert. #195); RNG (Cert. #217); DSA (Cert. #176); ECDSA (Cert. #31); RSA (Cert. #159)

-Other algorithms: DES-X; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Security Builder® FIPS Module for ADS 1.2 is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
741 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-nCipher Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

Ultralock Symmetric Module
(Hardware Version: 010-00007 a.00)

(When operated in FIPS mode and using the nForce Ultra Asymmetric Module validated to FIPS 140-2 under Cert. #740 and nCipher MiniHSM validated to FIPS 140-2 under Cert. #672 when operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/01/2007 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #345); AES (Cert. #263); SHS (Cert. #342); HMAC (Cert. #75)

-Other algorithms: DES; RC4; MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Ultralock Symmetric Module performs all the cryptography required for SSL/TLS applications. This module is a common element of the Britestream BN2010 SSL Security ASIC, the industry's first single-chip solution for completely off-loading SSL/TLS processing from host systems. The innovative in-line architecture combines TCP."
740 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nForce Ultra Asymmetric Module
(Hardware Version: 010-00007 a.00; Firmware Version: 610-00014 1.0.0.)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/01/2007 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #346); AES (Cert. #264); SHS (Cert. #343); RSA (Cert. #103); HMAC (Cert. #76); RNG (Cert. #96); DSA (Cert. #138)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The nForce Ultra Asymmetric Module performs various tasks associated with cryptographic key management including key generation, key wrapping, secure key storage and secure key transport as well as key zeroization. These functions comply with requirements for archieving FIPS 140-2 certification of the overall system that the module is used in."
739 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

ProtectServer Gold
(Hardware Version: Revisions B2, B3 and B4; Firmware Version: 2.03.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/01/2007;
03/20/2007;
04/26/2007;
01/26/2009
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #382); Triple-DES (Cert. #426); SHS (Cert. #457); HMAC (Cert. #171); RNG (Cert. #184); RSA (Cert. #134); DSA (Cert. #166); ECDSA (Cert. #26); Triple-DES MAC (Cert. #426, vendor affirmed)

-Other algorithms: DES; DES MAC; AES MAC (non-compliant); CAST 128; CAST MAC; IDEA; IDEA MAC; RC2; RC2 MAC; SEED; SEED MAC; MD2; MD5; HMAC MD5; RC4; RIPEMD-128; RIPEMD-160; HMAC RMD128; HMAC RMD160; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
738 3e Technologies International, Inc.
700 King Farm Blvd.
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-030-2 Security Server Cryptographic Core
(Software Version: 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/08/2007 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2000 Server with SP4 and Windows 2003 with SP1 (in single user mode)

-FIPS Approved algorithms: AES (Certs. #415 and #428); HMAC (Cert. #189); RNG (Cert. #210); RSA (Cert. #153); SHS (Cert. #484)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"The 3e-030-2 Security Server Cryptographic Core (Version 3.0) provides FIPS 140-2 validated cryptographic functionality for the 3eTI Security Server product, a RADIUS-like back-end Authentication Server, capable of dynamic key exchange, support of JITC DoD-signed certificates for PKI usage, and full 802.11i support. The 3e-030-2 provides the following FIPS-approved cryptographic algorithms: AES (ECB mode; 256-bit key size), SHA-1, HMAC-SHA1, RSA sign/verify, FIPS 186-2 (Appendix 3.1 and 3.2 3.3) PRNG. The 3e-030-2 also supports the following non-FIPS cryptographic algorithms: Diffie Hellman"
737 TriCipher, Inc.
1900 Alameda de las Pulgas
Suite 112
San Mateo, CA 94403
USA

-Tim Renshaw
TEL: 650-372-1300

CST Lab: NVLAP 200416-0

TriCipher Armored Credential System (TACS)
(Hardware Versions: 1000 and 2000; Firmware Versions: 3.1, build 255 and 3.1.1, build 261)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/08/2007 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #413); RSA (Cert. #120); SHS (Cert. #430); HMAC (Cert. #159); RNG (Cert. #170)

-Other algorithms: MD5; RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The TriCipher Armored Credential System (TACS) provides a single platform that can issue and support a flexible range of credentials from a single infrastructure."
736 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Simon Gerraty
TEL: 408-745-2348
FAX: 408-745-8905

CST Lab: NVLAP 100432-0

JUNOS-FIPS-L2 Cryptographic Module
((Chassis Model Numbers nnnn (T640, T320, M320 and M40e); Hardware P/Ns [nnnnBASE Rev A, RE-600 (RE3) Rev A,DOC-FIPS-140-2-L2-KIT Rev A] and [nnnnBASE Rev A, RE-1600 (RE4) Rev A, DOC-FIPS-140-2-L2-KIT Rev A]; Firmware Versions 7.2R1.7 and 7.4R1.7)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/06/2007 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #259 and #260); HMAC (Certs. #70, #71, #72, #73 and #79); DSA (Cert. #137); RNG (Cert. #93); RSA (Cert. #69); SHS (Certs. #336, #337, #338, #339 and #340); Triple-DES (Certs. #341, #342, #343 and #344)

-Other algorithms: DES (Certs. #316, #317, #318 and #319); MD5; Diffie-Hellmann (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The JUNOS-FIPS-L2 Cryptographic Module is a multi-chip standalone cryptographic module (for Juniper Networks T-Series and M-Series routers) that executes JUNOS-FIPS firmware. JUNOS-FIPS is a release of the JUNOS operating system, the first routing operating system designed specifically for the Internet. JUNOS is currently deployed in the largest and fastest-growing networks worldwide. A full suite of industrial-strength routing protocols, flexible policy language, and leading MPLS implementation efficiently scale to large numbers of network interfaces and routes."
735 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo
TEL: 954-888-6202
FAX: 954-888-6211

CST Lab: NVLAP 200002-0

Datacryptor® SONET/SDH v1.00
(Hardware Version: 1600X40 (Options 4 and 6) v1.00; Firmware Version: v1.00 (Rev43))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/06/2007 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #366); DSA (Cert. #159); SHS (Cert. #439); RNG (Cert. #175)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Datacryptor« SONET/SDH v1.00 is a multi-chip standalone cryptographic module. It secures communications using signed Diffie-Hellman key exchange and AES-256 encryption over SONET/SDH networks. It provides data encryption and OC-3, OC-12 and OC-48 data rates. The unit also provides integrated secure unit management capability employing the same techniques used for traffic encryption."
734 Thales Communications, Inc
22605 Gateway Center Drive
Clarksburg, MD 20871
USA

-George Korus
TEL: 240-864-7646

CST Lab: NVLAP 200002-0

Thales 25 Portable Radio
(Hardware Version: PRC6894; Firmware Version: 8.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/06/2007 Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: AES (Cert# 347); SHS (Cert# 421); HMAC (Cert# 150)

-Other algorithms: DES

Multi-chip standalone

"The Thales 25 portable radio (T25) is a small, light, and rugged radio that meets the requirements of the Association of Public Safety Communications Officials (APCO) Project 25 Common Air Interface (CAI) Standard. The T25 supports Project (P25) digital voice and data encryption operation, as well as Motorola Key Variable Loader (KVL). It supports full multi-mode operation over a frequency range of 136 to 174 MHz and features high quality, error-corrected, digital voice and AES Encryption."
733 Open Source Software Institute
Administrative Office
P.O. Box 547
Oxford, MS 38655
USA

-John Weathersby
TEL: 601-427-0152
FAX: 601-427-0156

CST Lab: NVLAP 200017-0

OpenSSL FIPS Object Module
(Source Content Version: opensslfips1.1.1.tar.gz; Resultant Compiled Software Version: 1.1.1)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files, including the specified OpenSSL distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a FIPS 140-2 non-compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 02/06/2007;
11/30/2007
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SuSE Linux Version 9.0 (gcc Compiler Version 3.3.1), and HPUX Version 11i (gcc Compiler Version 3.4.2) (in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #451); AES (Cert. #420); SHS (Cert. #490); HMAC (Cert. #194); RSA (Cert. #177); DSA (SigVer, Cert. #175);

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG (Cert. #216; non-compliant. This RNG shall not be used for any services requiring the use of random bits); DSA (SigGen and KeyGen, Cert. #175; non-compliant);

Multi-chip standalone

"The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from http://www.openssl.org/source/"
732 Hitachi, Ltd.
Hitachi System plaza Shinkawasaki,
890 Kashimada,
Saiwai
Kawasaki, Kanagawa Perfecture 212-8567
Japan

-Yutaka Takami
TEL: +81-44-549-1755
FAX: +81-44-549-1756

-Tomomi Haruna
TEL: +81-44-549-1755
FAX: +81-44-549-1756

CST Lab: NVLAP 200017-0

Personal Identity Verification Application on Hitachi MULTOS Smart Chip
(Hardware Version: AE45X1; Firmware Version: 1.0)

(PIV Card Application: Cert. #3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/25/2007 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: RNG (Cert. #186); Triple-DES (Cert. #429)

-Other algorithms: RSA (non-compliant)

Single-chip

"The HITACHI MULTOS Smart Chip is a single chip for smart cards with a dual interface (contact and contactless), which is compliant with MULTOS. The MULTOS OS is a high-security multi-application smart card operating system and Key Management Infrastructure which provides Card Issuers with the opportunity to define their own card programmes, delivering services with their own smart card applications or those of other third-party Application Providers."
731 Taua Biomatica S/A
Rua do Rosario 103 / 13 andar
Rio de Janeiro, RJ 20041-004
Brazil

-Marcio Lima
TEL: 55-21-2232-1321
FAX: 55-21-2531-0255

CST Lab: NVLAP 100432-0

Zyt Cryptographic Module
(Hardware Version: P/N PM400002-9, Version 3; Firmware Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/08/2007 Overall Level: 3 

-FIPS Approved algorithms: RSA (Certs. #36 and #37); SHS (Certs. #282 and #283); RNG (Cert. #47) Triple-DES (Cert. #294);

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip embedded

"Taua Biomatica has developed an innovative product, the Zyt, created to offer the highest security level for Internet transactions. It was designed to digitally sign documents and transactions, integrating the most modern biometrical technologies, digital certification and cryptography. It is composed of a fingerprint sensor for the user's positive identification, a smart card reader for private key and digital certificate storage, a liquid crystal for transaction display, and a USB port for communication with the PC."
730 Blue Ridge Networks
14120 Parke Long Court
Suite 101
Chantilly, VA 20151
USA

-Tom Gilbert
TEL: 703-631-0700
FAX: 703-631-9588

CST Lab: NVLAP 200416-0

BorderGuard X.509 VPN Client
(Software Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 01/08/2007 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (in single user mode)

-FIPS Approved algorithms: AES (Certs. #386 and #418); Triple-DES (Certs. #432 and #448); HMAC (Certs. #173 and #192); SHS (Certs. #463 and #487)

-Other algorithms: MD5; DES; IDEA; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (non-compliant); RNG (non-compliant)

Multi-chip standalone

"The BorderGuard VPN Client is a security enhanced VPN Client which is used for establishment of secure Virtual Private Network with a BorderGuard network security appliance and individual remote access users."


Need Assistance?