CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical , 1995-1997 , 1998 , 1999 , 2000 , 2001 , 2002 , 2003 , 2004 , 2005 , 2006 , 2007 , 2008 , 2009 , 2010 , 2011 , 2012 , 2013 , 2014 , 2015 , 2016
All

Last Update: 4/27/2016

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module Module
Type
Val.
Date
Level / Description
881 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0
AirFortress® Wireless Security Gateway
(Hardware Version: AF7500; Firmware Version: 2.5.6)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 11/30/2007
03/26/2010
05/17/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188)

-Other algorithms: Diffie-Hellman (key agreement; key establishment provides 56 bits of encryption strength; non-compliant); DES; MD5; RSA (non-compliant); RNG (non-compliant)

Multi-chip standalone

"The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
874 3e Technologies International, Inc.
9715 Key West Avenue
5th Floor
Rockville, MD 20850
USA

Ryon Coleman
TEL: 301-944-1277
FAX: 301-670-6989

Chris Guo
TEL: 301-944-1294
FAX: 301-670-6989

CST Lab: NVLAP 200427-0
3e Cryptographic Kernel Library
(Software Version: 1.0)

Validated to FIPS 140-2

Certificate

Security Policy
Software 11/30/2007
Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #640); HMAC (Cert. #329); SHS (Cert. #675); Triple-DES (Cert. #593)

-Other algorithms: N/A

Multi-chip standalone

"The Cryptographic Kernel Library (CKL) is a software module that implements a set of cryptographic algorithms for use by a software application. The 3eTI CKL is a binary dynamic link library that is compiled from source code written in C, C++. This binary library resides in Windows kernel space."
873 Rockwell Collins, Inc.
400 Collins Road NE
Cedar Rapids, IA 52498
USA

Jack Edington
TEL: 319-295-5997

Robert Shreve
TEL: 319-295-2611

CST Lab: NVLAP 200002-0
Common Crypto Circuit Card Assembly
(Hardware Version: 944-2541-004; Software Version: 091-3186-006)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 11/30/2007
Overall Level: 1

-Physical Security: Level 2
-EMI/EMC: Level 2
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Cert. #169)

-Other algorithms: Serpent; Twofish; Triple-DES (non-compliant)

Multi-chip embedded

"The Common Crypto Circuit Card Assembly is a module designed for use in Link 16 communication platforms. The module can be used in an external cryptographic application or embedded in an internal application. The module hosts four commercial cryptographic algorithms for data encryption/decryption. The algorithms are stored in memory. One of the four algorithms is selected for use and loaded. The module accepts up to eight keys which are externally generated and loaded. The AES algorithm operates in a FIPS-approved mode."
863

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Certificate

Security Policy
Hardware 11/16/2007
12/07/2007
03/07/2008
02/17/2012
Overall Level: 1

Multi-chip standalone
862

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Certificate

Security Policy
Hardware 11/07/2007
12/13/2013
02/12/2014
Overall Level: 1

Multi-chip standalone
858 Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196
USA

Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0
Radio Network Controller Encryption Module Controller (RNC EMC)
(Hardware Version: T7289A; Firmware Version: R03.04.00)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 11/06/2007
Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #530)

-Other algorithms: AES MAC (AES Cert. #530; vendor affirmed; P25 AES OTAR); DES; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ANSI X9.17 DRNG; 64 bit LFSR

Multi-chip standalone

"The RNC 3000 provides data communications between mobile data and host applications in an ASTRO integrated voice and data system. The RNC Encryption Module Controller provides data encryption services for the RNC 3000."
841 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

Mr. Greg Farmer
TEL: 434-455-9577

CST Lab: NVLAP 200002-0
P7170<sup>IP</sup> System Portable Two-Way FM Radios
(Hardware Versions: RU101219V22, RU101219V42, RU101219V52, RU101219V62, RU101219V72; Firmware Versions: [H8 version: J2R14B02; DSP version: F7R06A01] and [H8 versions: J2R15E05 and J2R16F01; DSP version: F7R06F03])
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 09/21/2007
04/29/2008
03/06/2009
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #155 and #623)

-Other algorithms: DES; VGE (M/A-Com proprietary digital voice encryption algorithm), AES MAC (Cert. #623; vendor affirmed; P25 AES OTAR)

Multi-chip standalone

"The P7170<sup>IP</sup> is M/A COM's premier portable radio for critical communications. Guided by customer feedback, M/A COM designed the P7170<sup>IP</sup> to excel in the challenging environments that critical communications users encounter. The P7170<sup>IP</sup> provides a superior combination of features, functions, and physical attributes. It is light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the P7170<sup>IP</sup> provides exceptional performance even under adverse conditions."
840 M/A Com, Inc.
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

Mr. Greg Farmer
TEL: 434-455-9577

CST Lab: NVLAP 200002-0
P7130<sup>IP</sup> Select, P7150<sup>IP</sup> Scan Portable and M7100<sup>IP</sup> Mobile Two-Way FM Radio
(Hardware Versions: RU101188V1, RU101188V12, RU101188V22, RU101188V231, RU101188V21, KRY1011632/13, KRY1011632/11, RU101219V21, RU101219V61, RU101219V41, RU101219V71, RU101219V51, RU101219V73, RU101219V63; Firmware Versions: [H8 version: J2R14B02; DSP version: F7R06A01] and [H8 versions: J2R15E05 and J2R16F01; DSP version: F7R06F03])
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 09/21/2007
04/29/2008
03/06/2009
Overall Level: 1

-FIPS Approved algorithms: AES (Certs. #155 and #623)

-Other algorithms: DES; VGE (M/A-Com proprietary digital voice encryption algorithm), AES MAC (Cert. #623; vendor affirmed; P25 AES OTAR)

Multi-chip standalone

"P7130<sup>IP</sup> Select, P7150<sup>IP</sup> Scan Portable and M7100<sup>IP</sup> Mobile are M/A COM's premier radios for critical communications. Guided by customer feedback, M/A COM designed the P7130<sup>IP</sup>, P7150<sup>IP</sup> and M7100<sup>IP</sup> to excel in the challenging environments that critical communications users encounter. The radios provide a superior combination of features, functions, and physical attributes. They are light and extremely durable, easy to use while wearing gloves, and produces loud and clear audio. A rugged high-tier portable, the radios provide exceptional performance even under adverse conditions."
838 Mitsubishi Electric Corporation Kamakura Works
325 Kamimachiya
Kamakura, Kanagawa 247-8520
Japan

Masanori Sato
TEL: +81-467-41-6717
FAX: +81-467-41-6975

Daizoh Funamoto
TEL: +81-467-41-6116
FAX: +81-467-41-6951

CST Lab: NVLAP 200017-0
Command Encryption Module
(Firmware Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Firmware 09/11/2007
Overall Level: 2

-EMI/EMC: Level 3

-Operational Environment: Tested: as meeting Level 1 with HP Compaq DC 5100 Running Microsoft Windows 2000 SP4 and Zone Labs ZoneAlarm Pro Firewall version 6.1

-FIPS Approved algorithms: Triple-DES (Cert. #504)

-Other algorithms: N/A

Multi-chip standalone

"Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
836 Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Tim Fox
TEL: +44 (0)1844 201800

CST Lab: NVLAP 200002-0
Secure Generic Sub-System (SGSS), Version 3.4
(Hardware Versions: 1213D130 Issue 6 [1], 1213H130 Issue 6B [1], 1213G130 Issue 6A [1] and 1213L130 Issue 6 [2]; Software Versions: 2.5.7 [1] and 2.5.14 [2])

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 09/11/2007
09/25/2007
12/23/2008
Overall Level: 3

-FIPS Approved algorithms: DSA/SHS (Cert. #24)

-Other algorithms: N/A

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000, Datacryptor® Advanced Performance and Small Form Factor family (Link, Frame Relay, E1/T1, E3/T3, and IP models), WebSentry™ family, HSM 8000 family, P3™ CM family, 3D Security Module and the SafeSign® Crypto Module. The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (DSA) and SHA-1 hashing."
817 RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

Jim Spence
TEL: 785-856-1300
FAX: 785-856-1302

CST Lab: NVLAP 100432-0
DPHx Radio with LZA0577 or LZA0577/LZA0578 Cryptographic Module
(Hardware Versions: P/N DPHX5102X Versions 110504, 120104, 040805, 052005, 011606, 030206, 010507, 020707, 072007, 080407, 091207, 110507, 051308 and 091708; Firmware Versions: 722-05058-0000, 722-05059-0000, 722-05058-0001, 722-05059-0001, 722-05059-0002, 722-05059-0003, 722-05060-0000 and 722-05061-0000)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 08/08/2007
10/15/2007
12/18/2007
04/29/2008
11/06/2008
Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #436); RSA (Cert. #31); SHS (Cert. #504)

-Other algorithms: DES

Multi-chip standalone

"The DPHx Radio with OTAR is a multi-chip standalone cryptographic module encased in an opaque commercial grade enclosure. As a secure radio, the primary purpose for this device is to provide encrypted digital communication."
794 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0
AirFortress® Wireless Security Gateway
(Hardware Version: AF2100; Firmware Version: 2.5.6)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 07/02/2007
03/26/2010
05/17/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #14); Triple-DES (Cert. #107); SHS (Cert. #316); HMAC (Cert. #62)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; DES; RSA (non-compliant); ANSI X9.31 RNG (non-compliant); non-Approved RNG

Multi-chip standalone

"The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
772

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Certificate

Security Policy
Hardware 05/08/2007
Overall Level: 2

Multi-chip standalone
762 Data-Pac Mailing Systems Corp.
1217 Bay Road
Webster, NY 14580
USA

Ken Yankloski
TEL: 585-787-7074
FAX: 585-671-1409

John Keirsbilck
TEL: 585-787-7077
FAX: 585-671-1409

CST Lab: NVLAP 200427-0
AMERICA2 (PSD)
(Hardware Version: 1.0.25.5; Firmware Version: 1.0.20.5)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 05/04/2007
Overall Level: 2

-Physical Security: Level 3 +EFT

-FIPS Approved algorithms: Triple-DES (Cert. #453); SHS (Cert. #492); HMAC (Cert. #196)

-Other algorithms: N/A

Multi-chip embedded

"The AMERICA2 (PSD) is a cryptographically secure, tamper proof device capable of storing customer postal credit and then dispensing valid postal indicia. As an embedded multi-chip Cryptographic Device, the AMERICA2 is enclosed within a tamper-response envelope that prevents all physically invasive attacks while still ensuring the retention of all postal data. The AMERICA2 (PSD) generates HMAC indicia as part of Data-Pac's IBI Light Symmetric postage system, which obviates the need for the digital signature used in traditional IBI franking. Data-Pac embeds the AMERICA2 into its line of Digit"
760 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0
AirFortress® Wireless Security Gateway
(Hardware Version: AF7500; Firmware Version: 2.5.2)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 04/23/2007
05/22/2007
03/26/2010
05/17/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #414); Triple-DES (Cert. #433); SHS (Cert. #483); HMAC (Cert. #188)

-Other algorithms: DES (Cert. #23); Diffie-Hellman (key agreement; key establishment methodology provides 56 bits of encryption strength; non-compliant); MD5; RSA (non-compliant); RNG (non-compliant)

Multi-chip standalone

"The AirFortress® Wireless Security Gateway is an electronic encryption module that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress® Wireless Security Gateway provides encryption, data integrity checking, authentication, access control, and data compression."
759 Icom Inc.
1-1-32 Kamiminami
Hirano-ku
, Osaka 547-0003
Japan

Chris Lougee
TEL: 425-454-8155
FAX: 425-450-1509

CST Lab: NVLAP 200427-0
Digital Unit UT-120 #10 and #11
(Hardware Version: 1.1; Firmware Version: 3.0 version 2.8)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 04/13/2007
11/26/2007
12/03/2007
Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #422); SHS (Cert. #493); HMAC (Cert. #197)

-Other algorithms: DES; RNG (non-compliant)

Multi-chip embedded

"The UT-120 is an optional unit available for Icom radios that provides digital transmission and reception capabilities, as well as, providing secure communication with FIPS approved AES and non-FIPS approved DES."
754

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Certificate

Security Policy
Hardware 04/02/2007
Overall Level: 2

Multi-chip standalone
753

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Certificate

Security Policy
Hardware 04/02/2007
Overall Level: 2

Multi-chip standalone
752 SecureLogix Corporation
13750 San Pedro
Suite 230
San Antonio, TX 78232
USA

Jane Byrne
TEL: 210-402-9669
FAX: 210-402-6996

CST Lab: NVLAP 200556-0
ETM® System Software Application Java Comm Crypto Module, Version 5.0
(Software Version: 5.0.2 build 12-9)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software 03/23/2007
Overall Level: 1

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #374); SHS (Cert. #376); HMAC (Cert. #110)

-Other algorithms: DES, Triple-DES (ECB, CBC, and OFB modes; non-compliant)

Multi-chip standalone

"The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. Some of the key components of the ETM System are: the Management Server, Report Server, Performance Manager, and Usage Manager. These components are written in the Java programming language and are used in a distributed architecture across an enterprise LAN or WAN. These components utilize a library of Triple DES encryption routines to secure their network communications."
751 SecureLogix Corporation
13750 San Pedro
Suite 230
San Antonio, TX 78232
USA

Jane Byrne
TEL: 210-402-9669
FAX: 210-402-6996

CST Lab: NVLAP 200556-0
ETM® System Software Application C Comm Crypto Module, Version 5.0
(Software Version: 2.0 build 11)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software 03/23/2007
Overall Level: 1

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #375); SHS (Cert. #377); HMAC (Cert. #111)

-Other algorithms: DES

Multi-chip standalone

"The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. The ETM System's C Language Applications Dynamic Link Library provides Triple DES encryption routines for Windows-based ETM Applications. The C Language DLL is used to secure network communications between the ETM Collection Server and ETM Call Recorder Cache Appliances."
747 SecureLogix Corporation
13750 San Pedro
Suite 230
San Antonio, TX 78232
USA

Timothy J. Barton
TEL: 210-402-9669
FAX: 210-402-6996

Jane Byrne
TEL: 210-402-9669
FAX: 210-402-6996

CST Lab: NVLAP 200556-0
ETM® System Firmware Appliance C Comm Crypto Module, Version 5.0
(Firmware Version: 5.02.20)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Firmware 03/23/2007
Overall Level: 1

-Tested: ETM® System Appliance Model 3200 with Linux 2.6 (locked down)

-FIPS Approved algorithms: Triple-DES (Cert. #373); SHS (Cert. #375); HMAC (Cert. #109)

-Other algorithms: DES

Multi-chip embedded

"The ETM System is a PBX/soft switch-independent, easy-to-use platform that supports security and management applications for real-time visibility, security, and control of telecommunications resources across the enterprise. Primary components of the ETM System are the ETM Appliances, custom designed devices installed inline on the telecommunication circuits to monitor and control VoIP, PRI, CAS, SS7, and analog voice traffic. The system uses a C library of TDES encryption routines to secure their network communications."
746 Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0
STS Secure for Linux
(Software Version: 1.0.1)

Validated to FIPS 140-2

Certificate

Security Policy
Software 03/23/2007
06/13/2007
Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Linux 2.6 (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: NDRNG

Multi-chip standalone

"The STS Secure for Linux is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) and the Netfilter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
745 Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0
STS Secure for Windows CE
(Software Version: 1.0)

Validated to FIPS 140-2

Certificate

Security Policy
Software 03/23/2007
Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: NDRNG

Multi-chip standalone

"The STS Secure for Windows CE is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
743 Encryption Solutions, Inc.
1740 E. Garry Ave.
Suite 110
Santa Ana, CA 92705
USA

Frederick C. Meyer
TEL: 949-660-0102
FAX: 949-660-0202

CST Lab: NVLAP 100432-0
SkyLOCK™ Encryption Module
(Software Version: 1.0)

Validated to FIPS 140-2

Certificate

Security Policy
Software 03/09/2007
Overall Level: 2

-Operational Environment: Tested as meeting Level 2 with Windows XP Professional SP2 running on an HP Pavilion dv8210us computer
Windows XP Professional SP2 running on an HP Pavilion zt1175 computer
Windows XP Professional SP2 running on a Dell Optiplex GX270 computer

-FIPS Approved algorithms: AES (Cert. #413); SHS (Cert. #482); HMAC (Cert. #187)

-Other algorithms: SkyLOCK™ Data Protection Scheme

Multi-chip standalone

"The SkyLOCK cryptographic module will be used by Encryption Solutions, Inc. to provide clients with a fast, efficient, and secure solution for protecting information, data and files. The SkyLOCK cryptographic module is the core of all products in the SkyLOCK family. With uses including data storage, file transfer, streaming, and email, SkyLOCK products cover a wide range of security applications and needs. These robust software products provide security in both wired and wireless environments."
741 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

nCipher Sales
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0
Ultralock Symmetric Module
(Hardware Version: 010-00007 a.00)
(When operated in FIPS mode and using the nForce Ultra Asymmetric Module validated to FIPS 140-2 under Cert. #740 and nCipher MiniHSM validated to FIPS 140-2 under Cert. #672 when operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 03/01/2007
Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #345); AES (Cert. #263); SHS (Cert. #342); HMAC (Cert. #75)

-Other algorithms: DES; RC4; MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Ultralock Symmetric Module performs all the cryptography required for SSL/TLS applications. This module is a common element of the Britestream BN2010 SSL Security ASIC, the industry's first single-chip solution for completely off-loading SSL/TLS processing from host systems. The innovative in-line architecture combines TCP."
734 Thales Communications, Inc.
22605 Gateway Center Drive
Clarksburg, MD 20871
USA

George Korus
TEL: 240-864-7646

CST Lab: NVLAP 200002-0
Thales 25 Portable Radio
(Hardware Version: PRC6894; Firmware Version: 8.0)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware 02/06/2007
Overall Level: 1

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: AES (Cert# 347); SHS (Cert# 421); HMAC (Cert# 150)

-Other algorithms: DES

Multi-chip standalone

"The Thales 25 portable radio (T25) is a small, light, and rugged radio that meets the requirements of the Association of Public Safety Communications Officials (APCO) Project 25 Common Air Interface (CAI) Standard. The T25 supports Project (P25) digital voice and data encryption operation, as well as Motorola Key Variable Loader (KVL). It supports full multi-mode operation over a frequency range of 136 to 174 MHz and features high quality, error-corrected, digital voice and AES Encryption."
733 Open Source Software Institute
Administrative Office
P.O. Box 547
Oxford, MS 38655
USA

John Weathersby
TEL: 601-427-0152
FAX: 601-427-0156

CST Lab: NVLAP 200017-0
OpenSSL FIPS Object Module
(Source Content Version: opensslfips1.1.1.tar.gz; Resultant Compiled Software Version: 1.1.1)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files, including the specified OpenSSL distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a FIPS 140-2 non-compliant module.)

Validated to FIPS 140-2

Certificate

Security Policy
Software 02/06/2007
11/30/2007
Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with SuSE Linux Version 9.0 (gcc Compiler Version 3.3.1), and HPUX Version 11i (gcc Compiler Version 3.4.2) (in single user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #451); AES (Cert. #420); SHS (Cert. #490); HMAC (Cert. #194); RSA (Cert. #177); DSA (SigVer, Cert. #175);

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG (Cert. #216; non-compliant. This RNG shall not be used for any services requiring the use of random bits); DSA (SigGen and KeyGen, Cert. #175; non-compliant);

Multi-chip standalone

"The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from http://www.openssl.org/source/"
730 Blue Ridge Networks
14120 Parke Long Court
Suite 101
Chantilly, VA 20151
USA

Tom Gilbert
TEL: 703-631-0700
FAX: 703-631-9588

CST Lab: NVLAP 200416-0
BorderGuard X.509 VPN Client
(Software Version: 4.0)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software 01/08/2007
Overall Level: 1

-Operational Environment: Tested as meeting Level 1 with Windows 2000 and Windows XP (in single user mode)

-FIPS Approved algorithms: AES (Certs. #386 and #418); Triple-DES (Certs. #432 and #448); HMAC (Certs. #173 and #192); SHS (Certs. #463 and #487)

-Other algorithms: MD5; DES; IDEA; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (non-compliant); RNG (non-compliant)

Multi-chip standalone

"The BorderGuard VPN Client is a security enhanced VPN Client which is used for establishment of secure Virtual Private Network with a BorderGuard network security appliance and individual remote access users."