CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 6/26/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
1079 Secuware
Torre Picasso
Plaza Pablo Ruiz Picasso, s/n.
Madrid, 28020
Spain

-Jorge López Hernández-Ardieta
TEL: +34 915-649-149
FAX: +34 915-629-697

TEL: +34 608-271-936

CST Lab: NVLAP 200658-0

Secuware Security Framework - Crypt4000 Module
(Software Version: 4.0)

(When obtained, built, installed, protected and initialized as assumed by the Crypto Officer role and specified in Section 8.2 of the provided Security Policy. Section 8.2 of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files shall be obtained via secure FTP. Any deviation from the specified verification, protection, installation and initialization procedures will result in a FIPS 140-2 non-compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/24/2008;
01/26/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single user mode)

-FIPS Approved algorithms: AES (Cert. #792); SHS (Cert. #905); HMAC (Cert. #513)

-Other algorithms: N/A

Multi-chip standalone

"The SCM is a function library implementing crypto services which is delivered to the final user as a SW cryptographic object module, running on Windows operating system in a General Purpose Computer. The logical cryptographic boundary for the SCM is the discrete block of object code containing the machine instructions and data generated from the SCM FIPS source, which will be allocated continuously in a main memory address space, as used by the calling application."
1078 MRV Communications Inc.
300 Apollo Drive
Chelmsford, MA 01824
USA

-Phil Bellino
TEL: 978-674-6870

-Tim Bergeron
TEL: 978-674-6860

CST Lab: NVLAP 200427-0

LX-4000T Series Console Servers
(Hardware Versions: 600-R3265 RevB through 600-R3288 RevB (inclusive) [1], 600-R3265 RevC through 600-R3288 RevC (inclusive) [2] and 600-R3265 RevD through 600-R3288 RevD (inclusive); Firmware Versions: linuxito Versions: (5.3.1 [1], 5.3.5 [2] and 5.3.8 [3]) and ppciboot Versions: (5.3.1 [1], 5.3.5 [2] and 5.3.8 [3]))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
12/11/2009;
5/16/2013;
05/31/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #854 and #855); DSA (Cert. #308); RNG (Cert. #489); RSA (Cert. #408); SHS (Certs. #848 and #849); Triple-DES (Certs. #704 and #705); HMAC (Certs. #471 and #472)

-Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG (non-compliant)

Multi-chip standalone

"The LX-4000T Series Console Servers are a key component of MRV's Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization's networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV's Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access."
1077 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba 200, 800, and 6000/SCII Mobility Controllers with ArubaOS FIPS Firmware
(Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS or 800-16-SX-AOS-STD-FIPS; 6000: (6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS) with [(minimum one: LC-2G-1, LC-2G24F-1 or LC-2G24FP-1) and (minimum one: SC-48-C1-1, SC-128-C1-1 or SC-256-C2-1)] (no more than four total); Firmware Versions: 200: A200_3.3.2.0-FIPS, A200_3.3.2.11-FIPS, A200_3.3.2.14-FIPS, A200_3.3.2.18-FIPS, A200_3.3.2.19-FIPS, A200_3.3.2.20-FIPS A200_3.3.2.21-FIPS, A200_3.4.2.3-FIPS, A200_3.4.4.0-FIPS or A200_3.4.5.1-FIPS; 800: A800_3.3.2.0-FIPS, A800_3.3.2.11-FIPS, A800_3.3.2.14-FIPS, A800_3.3.2.18-FIPS, A800_3.3.2.19-FIPS, A800_3.3.2.20-FIPS, A800_3.3.2.21-FIPS, A800_3.4.2.3-FIPS, A800_3.4.4.0-FIPS or A800_3.4.5.1-FIPS; 6000: A5000_3.3.2.0-FIPS, A5000_3.3.2.11-FIPS, A5000_3.3.2.14-FIPS, A5000_3.3.2.18-FIPS, A5000_3.3.2.19-FIPS, A5000_3.3.2.20-FIPS, A5000_3.3.2.21-FIPS, A5000_3.4.2.3-FIPS, A5000_3.4.4.0-FIPS or A5000_3.4.5.1-FIPS)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
03/30/2009;
07/29/2009;
10/23/2009;
10/25/2010;
01/07/2011;
03/14/2011;
07/19/2011;
02/06/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Cert. #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631)

-Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1076 JVC KENWOOD Corporation
1-16-2, Hakusan, Midori-ku
Yokohama-shi, Kanagawa 226-8525
Japan

-Tamaki Shimamura
TEL: +81 45 939 6254
FAX: +81 45 939 7093

-Joe Watts
TEL: 678-474-4700
FAX: 678-474-4730

CST Lab: NVLAP 100432-0

Secure Cryptographic Module (SCM)
(Hardware Version: P/N KWD-AE20, Version 1.0.0; Firmware Versions: A2.0.0 and A.2.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
01/26/2009;
02/19/2010;
12/07/2011;
01/31/2012
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #831 and #832); SHS (Cert. #827)

-Other algorithms: DES; DES MAC; LFSR; AES MAC (AES Cert. #831, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption."
1075 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS FIPS Firmware
(Hardware Versions: 3200: 3200-8-AOS-STD-FIPS-US; 3400: 3400-32-AOS-STD-FIPS-US; 3600: 3600-64-AOS-STD-FIPS-US; 6000: (6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS) with [(minimum one: LC-2G-1, LC-2G24F-1 or LC-2G24FP-1) and (one or two: M3mk1-G10X-10G2X)] (no more than four total); Firmware Versions: 3200, 3400 and 3600: (A3000_3.3.2.0-FIPS, A3000_3.3.2.11-FIPS, A3000_3.3.2.14-FIPS, A3000_3.3.2.18-FIPS, A3000_3.3.2.19-FIPS, A3000_3.3.2.20-FIPS, A3000_3.3.2.21-FIPS, A3000_3.4.2.3-FIPS, A3000_3.4.4.0-FIPS or A3000_3.4.5.1-FIPS); 6000: (ArubaOS_MMC_3.3.2.0-FIPS, ArubaOS_MMC_3.3.2.11-FIPS, ArubaOS_MMC_3.3.2.14-FIPS, ArubaOS_MMC_3.3.2.18-FIPS, ArubaOS_MMC_3.3.2.19-FIPS, ArubaOS_MMC_3.3.2.20-FIPS, ArubaOS_MMC_3.3.2.21-FIPS, ArubaOS_MMC_3.4.2.3-FIPS, ArubaOS_MMC_3.4.4.0-FIPS or ArubaOS_MMC_3.4.5.1-FIPS))

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
03/30/2009;
07/29/2009;
10/23/2009;
10/25/2010;
01/07/2011;
03/14/2011;
07/19/2011;
02/06/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #465 and #823); HMAC (Certs. #416 and #458); RNG (Cert. #475); RSA (Cert. #399); SHS (Certs. #768 and #823); Triple-DES (Certs. #482 and #694)

-Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security stan"
1074 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Nokia VPN Appliance
(Hardware Versions: IP390 and IP560; Firmware Versions: IPSO v4.1 and Check Point VPN-1 NGX (R60) [HFA-03])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
05/28/2009
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #397, #342, #442 and #497); Triple-DES (Certs. #507, #510, #465, #466, #435 and #406); HMAC (Certs. #248, #251, #207, #208, #176 and #146); SHS (Certs. #564, #567, #508, #509, #469 and #417); DSA (Certs. #202 and #204); RSA (Certs. #211, #213, #215 and #167); RNG (Certs. #275, #277, #229 and #230)

-Other algorithms: CAST; DES (Cert. #314); HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Triple-DES (K3 mode; non-compliant)

Multi-chip standalone

"The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1073 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Dave Norton
TEL: 978-288-7079
FAX: 978-288-4004

-Dragon Grebovich
TEL: 978-288-8069
FAX: 978-288-8153

CST Lab: NVLAP 200427-0

VPN Router 1750, 2700, 2750 and 5000 with VPN Router Security Accelerator
(Hardware Versions: 1750, 2700, 2750 and 5000 with DM0011085; Firmware Version: 07_05.100)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #102, #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #143, #738 and #739); Triple-DES (Certs. #158, #641 and #642)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); HMAC MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access"
1072 RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

-Jim Holthaus
TEL: 402-896-6406
FAX: 785-856-1302

CST Lab: NVLAP 100432-0

FIPSCOM Cryptographic Module
(Hardware Versions: P/N 7011-30967-000, Versions 100808 and 100908; Firmware Versions: 0722-05072-001 and 0722-05073-002)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #899); RSA (Cert. #139); SHS (Cert. #462)

-Other algorithms: DES

Multi-chip embedded

"The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
1071 CipherMax, Inc.
3 Results Way
Cupertino, CA 95014
USA

-Steven Tan
TEL: 408-777-8090
FAX: 408-861-3650

CST Lab: NVLAP 100432-0

CM140T
(Hardware Version: P/N 81-00048-01 Version ELC 9.2; Firmware Version: 5.4.0.36)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
02/23/2009
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #633); Triple-DES (Cert. #590); DSA (Cert. #241); RNG (Cert. #360); RSA (Cert. #289); SHS (Cert. #670); HMAC (Cert. #326)

-Other algorithms: MD5; Diffie-Hellman (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"CM140T provides a scalable, easy-to-manage storage security solution for tape backup in a compact 1U chassis. With support for 16 FC-port, any-to-any connectivity, storage access control, line-speed data compression, data integrity authentication, and automated key management, the CM140T delivers a complete solution for all tape-based applications."
1070 CipherMax, Inc.
3 Results Way
Cupertino, CA 95014
USA

-Steven Tan
TEL: 408-777-8090
FAX: 408-861-3650

CST Lab: NVLAP 100432-0

CM180D
(Hardware Version: P/N 81-00038-01 Version ILC 6.11; Firmware Version: 5.4.0.36)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/24/2008;
02/23/2009
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #629); Triple-DES (Cert. #590); DSA (Cert. #241); RNG (Cert. #360); RSA (Cert. #289); SHS (Cert. #670); HMAC (Cert. #326)

-Other algorithms: MD5; Diffie-Hellman (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength: non-compliant)

Multi-chip standalone

"CM180D delivers a complete solution for all primary and secondary disk-based storage application, with in-line encryption processing, discrete security administration controls, and a comprehensive, automated key management system. The integration of powerful encryption processing and high port count, any-to-any connectivity allows for CM180D to deliver an enormous amount of functionality with far less consumption space, power, and cooling than first generation in-line encryption appliances."
1069

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/09/2008;
12/11/2009
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1068 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Dave Norton
TEL: 978-288-7079
FAX: 978-288-4004

-Dragon Grebovich
TEL: 978-288-8069
FAX: 978-288-8153

CST Lab: NVLAP 200427-0

VPN Router 1750, 2700, 2750 and 5000 with Hardware Accelerator
(Hardware Versions: 1750, 2700, 2750 and 5000 with DM0011052; Firmware Version: 07_05.100)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/15/2008 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #101, #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #51, #738 and #739);Triple-DES (Certs. #29, #641 and #642)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); HMAC MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access"
1067 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Dave Norton
TEL: 978-288-7079
FAX: 978-288-4004

-Dragan Gribovich
TEL: 978-288-8069
FAX: 978-288-4004

CST Lab: NVLAP 200427-0

Nortel VPN Router 1010, 1050 and 1100
(Hardware Versions: 1010, 1050 and 1100; Firmware Version: 07_05.100)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/15/2008 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #738 and #739); Triple-DES (Certs. #641 and #642)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provide 80 or 96 bits of encryption strength; non-compliant); ECDH (non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FIPS 140-2 Level 1 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
1066 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Dave Norton
TEL: 978-288-7079
FAX: 978-288-4004

-Dragon Grebovich
TEL: 978-288-8069
FAX: 978-288-8153

CST Lab: NVLAP 200427-0

Nortel VPN Router 600, 1750, 2700, 2750 and 5000
(Hardware Versions: 600, 1750, 2700, 2750 and 5000; Firmware Version: 07_05.100)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/15/2008 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #738 and #739); Triple-DES (Certs. #641 and #642)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provide 80 or 96 bits of encryption strength; non-compliant); ECDH (non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
1065 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e
(Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3032E-030, Build Standard N; Firmware Version: 2.33.82-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/15/2008;
08/28/2009
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #397 and #754); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435 and #666); Triple-DES MAC (Triple-DES Certs. #435 and #666, vendor affirmed); DSA (Cert. #280); ECDSA (Cert. #81); SHS (Cert. #764); HMAC (Cert. #410); RSA (Cert. #356); RNG (Cert. #436)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1064 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7]
(Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Version: 2.33.82-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/15/2008;
08/28/2009;
01/28/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #397 and #754); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435 and #666); Triple-DES MAC (Triple-DES Certs. #435 and #666, vendor affirmed); DSA (Cert. #280); ECDSA (Cert. #81); SHS (Cert. #764); HMAC (Cert. #410); RSA (Cert. #356); RNG (Cert. #436)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1063 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7]
(Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Version: 2.33.82-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/15/2008;
08/28/2009;
01/28/2010
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #397 and #754); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435 and #666); Triple-DES MAC (Triple-DES Certs. #435 and #666, vendor affirmed); DSA (Cert. #280); ECDSA (Cert. #81); SHS (Cert. #764); HMAC (Cert. #410); RSA (Cert. #356); RNG (Cert. #436)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1062 BeCrypt Limited
130 Shaftesbury Avenue
London, W1D 5EU
United Kingdom

-Pali Surdhar
TEL: +44 (0)845 838 2050
FAX: +44 (0)845 838 2060

CST Lab: NVLAP 200648-0

BeCrypt DISK Protect
(Software Version: 4.2.10.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/15/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with real mode pre-boot environment (single-user mode)

-FIPS Approved algorithms: AES (Certs. #247 and #667); SHS (Certs. #324 and #700); HMAC (Cert. #351); RSA (Cert. #309); RNG (Cert. #386)

-Other algorithms: N/A

Multi-chip standalone

"BeCrypt DISK Protect is a full-disk encryption product that provides up to three layers of security: full disk encryption, strong pre-boot authentication, and optional removable media encryption."
1061 Sybase iAnywhere, A subsidiary of Sybase
One Sybase Drive
Dublin, CA 94568
USA

-Pali Surdhar
TEL: +44 (0)845 838 2050
FAX: +44 (0)845 838 2060

CST Lab: NVLAP 200648-0

DISK Protect for Afaria Security Manager
(Software Version: 4.2.10.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/15/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with real mode pre-boot environment (single-user mode)

-FIPS Approved algorithms: AES (Certs. #247 and #667); SHS (Certs. #324 and #700); HMAC (Cert. #351); RSA (Cert. #309); RNG (Cert. #386)

-Other algorithms: N/A

Multi-chip standalone

"DISK Protect for Afaria Security Manager is a full-disk encryption product that provides up to three layers of security: full disk encryption, strong pre-boot authentication, and optional removable media encryption."
1060 Secured User Inc.
11490 Commerce Park Drive
Suite 240
Reston, VA 20191
USA

-Ken Hetzer
TEL: 703-964-3164
FAX: 703-783-0446

-Bruce Mitchell
TEL: 703-964-3167; 647-477-7892
FAX: 647-477-5052

CST Lab: NVLAP 200697-0

SUSK Security Module
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/01/2008;
12/15/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2003 Server Service Pack 1; SuSe 10; Fedora 6; Red Hat 2.6; HP-UX B.11.11 and Windows Server 2003 X64 with SP1 (single user mode)

-FIPS Approved algorithms: AES (Certs. #474 and #770); SHS (Cert. #542); HMAC (Cert. #231); RNG (Cert. #257)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The SUSK Security Module is a software-based cryptographic module. Secured UserÆs product performs all of its work by transparently intercepting and transforming the data stream between entities. All of the cryptographic functionalities of the Secured User product are provided by the central shared library, SUSK Security Module. The cryptographic module offers Transport Layer Security (TLS) services along with bulk encryption and hashing services exclusively to Secured User application. This application is considered as host application to the module."
1059 ViaSat UK Ltd.
Sandford Lane
Wareham, BH20 4DY
United Kingdom

-Tim D. Stone
TEL: +44 01929 55 44 00
FAX: +44 01929 55 25 25

CST Lab: NVLAP 100432-0

PICOfreedom
(Hardware Versions: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/01/2008;
07/27/2011
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555)

-Other algorithms: RSA (encrypt/decrypt)

Multi-chip standalone

"The PICOfreedom provides FIPS 140-2 Approved security functionality to DiskOnKey USB flash drives. The PICOfreedom employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on FLASH memory. The module is a multi-chip standalone cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
1058 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Version: 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/01/2008;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with AIX 5L v5.3 (PowerPC 32-bit); AIX 5L v5.3 (PowerPC 64-bit); HP-UX 11.11 (PA-RISC 2.0 32-bit); HP-UX 11.23 (PA-RISC 2.0W 64-bit); HP-UX 11.31 (Itanium2 32-bit); HP-UX 11.31 (Itanium2 64-bit); Red Hat Enterprise Linux AS 4.0 (x86 32-bit) with LSB 3.0.3; Red Hat Enterprise Linux AS 5.0 (x86_64 64-bit) with LSB 3.0.3; Solaris 10 (SPARC v8 32-bit); Solaris 10 (SPARC v8+ 32-bit); Solaris 10 (SPARC v9 64-bit); Solaris 10 (x86_64 64-bit); VxWorks 5.5 (PowerPC 603 32-bit); VxWorks 5.5 (PowerPC 604 32-bit); VxWorks General Purpose Platform 6.0 (PowerPC 604); Windows Mobile 2003/Pocket PC (ARM 32-bit); Windows Mobile 5.0 (ARM 32-bit); Windows Mobile 6.0 Professional (ARM 32-bit); Windows 2003 Server SP2 (x86_64 64-bit) - Visual Studio 2005 SP1 build /MT option; Windows 2003 Server SP2 (Itanium 2 64-bit) - Visual Studio 2005 SP1 build /MT option; Windows 2003 Server SP2 (Itanium 2 64-bit) - Visual Studio 2005 SP1 build /MD option; Windows Vista Ultimate (x86 32-bit) - Visual Studio 2005 SP1 /MD option; Windows Vista Ultimate (x86_64 64-bit) - Visual Studio 2005 SP1 /MD option; Windows XP Professional SP2 (x86 32-bit) - Visual Studio 2005 SP1 /MT option (single user mode)

-FIPS Approved algorithms: AES (Cert. #810); AES GCM (Cert. #810, vendor affirmed: SP 800-38D); DRBG (Cert. #2); DSA (Cert. #300); ECDSA (Certs. #92 and #93); HMAC (Cert. #449); RNG (Cert. #466); RSA (Cert. #390); SHS (Cert. #807); Triple-DES (Cert. #690)

-Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1057 Vormetric Inc.
3131 Jay Street
Santa Clara, CA 95054
USA

-Phil Scott
TEL: 408-961-2509
FAX: 408-844-8638

-Frank Teruel
TEL: 408-961-6132
FAX: 408-844-8638

CST Lab: NVLAP 200017-0

NetBackup Media Server Encryption Option (MSEO) Driver
(Software Version: 6.1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/25/2008 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Advanced Server SP4; Windows 2003 Server Enterprise SP2 32-bit; Windows 2003 Server Enterprise SP2 64-bit; Windows 2003 Server Enterprise SP2 X64 Edition; Solaris 8 64-bit; Solaris 9 64-bit; Solaris 10 64-bit; Red Hat Linux Enterprise 4 Update 4 64-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #809); SHS (Cert. #806); HMAC (Cert. #448);

-Other algorithms: N/A

Multi-chip standalone

"The "Powered by Vormetric", NetBackup Media Server Encryption Option (MSEO) product from Symantec, provides a cost-effective, easy to manage data encryption solution for securing enterprise backup tapes. It is based on robust encryption methods and provides a centralized approach for the encryption process and key management."
1056 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder FIPS Java Module
(Software Versions: 2.2 and 2.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/25/2008;
03/06/2009;
10/02/2009;
12/08/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.6.0 running on Solaris 10, 32-bit; Solaris 10, 64-bit; Red Hat Linux AS 5.0, 32-bit; Red Hat Linux AS 5.0, 64-bit; Windows Vista, 32-bit; Windows Vista, 64-bit; Windows 2008 Server, 64-bit; NetBSD 2.0.3, 32-bit (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #686); AES (Cert. #804); SHS (Cert. #802); HMAC (Cert. #444); RNG (Cert. #462); DSA (Cert. #296); ECDSA (Cert. #91); RSA (Cert. #386); DRBG (Cert. #1)

-Other algorithms: ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
1055 Keycorp Limited
Level 5, Keycorp Tower
799 Pacific Highway
Chatswood NSW
Sydney, MD 2067
Australia

-Graeme Bradford
TEL: 703-635-7723
FAX: 301-948-1233

CST Lab: NVLAP 200416-0

Keycorp MULTOS I4F 80K with MULTOS PIV Card Application
(Hardware Version: SLE66CLX800PEM; Firmware Version: 1.0)

(PIV Card Application: Cert. #5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/25/2008;
05/28/2010;
02/06/2014
Overall Level: 2 

-Physical Security: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #605); RSA (Cert. #303); RNG (Cert. #376); CVL (Cert. #211)

-Other algorithms: RSA-AHASH; DES; Hardware RNG

Multi-chip standalone

"The Keycorp MULTOS I4F 80K Smart Card with MULTOS PIV Card Application can be employed in a wide range of solutions. The smart card provides a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Combined with the PIV Card Application it provides enhanced I&A functionality."
1054 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tony Ureche
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

BitLocker™ Drive Encryption
(Software Version: 6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 or 6.0.6002.22596)

(When operated in FIPS mode with Microsoft Kernel Mode Security Support Provider Interface and Microsoft Windows Cryptographic Primitives Library (Bcrypt.dll) validated to FIPS 140-2 under Cert. #1007 and Cert. #1008 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/25/2008;
07/29/2009;
01/20/2011;
10/04/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 (x86 version); Windows Server 2008 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert #415); SHS (Cert #753)

-Other algorithms: Elephant Diffuser

Multi-chip standalone

"Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
1053 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tony Ureche
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

BitLocker™ Drive Encryption
(Software Version: 6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861,6.0.6002.18005, 6.0.6002.18411 or 6.0.6002.22596)

(When operated in FIPS mode with Microsoft Kernel Mode Security Support Provider Interface and Microsoft Windows Cryptographic Primitives Library (Bcrypt.dll) validated to FIPS 140-2 under Cert. #1000 and Cert. #1001 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/25/2008;
07/29/2009;
05/28/2010;
10/04/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Vista Ultimate Edition SP1 (x86 Version); Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert #415); SHS (Cert #753)

-Other algorithms: Elephant Diffuser

Multi-chip standalone

"Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
1052 Gemalto
1140 Welsh Road
Suite 200
North Wales, PA 19454
USA

-Nick Hislop
TEL: 215-390-2805
FAX: 215-390-2825

CST Lab: NVLAP 100432-0

TOP IM CY2 with ACS PKI applet (formerly Cyberflex Access 64K V2 with PKI applets)
(Hardware Version: P/N A1002631; Firmware Versions: Hardmask 1V3, PKI Applet 1.11, PIN Manager Applet 1.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/17/2008;
11/21/2008
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64); Triple-DES (Cert. #312); Triple-DES MAC (Triple-DES Cert. #312, vendor affirmed)

-Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength))

Single-chip

"The Cyberflex Access 64K V2 with PKI applets provides secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K V2 serves as a highly portable, secure device for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K V2 supports on-card Triple-DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K V2 smart card fits well into physical and logical access, e-transactions and other applications."
1051 Open Source Software Institute
3610 Pearl Street
Hattiesburg, MS 39401
USA

-John Weathersby
TEL: 601-427-0152
FAX: 601-427-0156

CST Lab: NVLAP 200017-0

OpenSSL FIPS Object Module
(Software Version: 1.2, 1.2.1, 1.2.2, 1.2.3 or 1.2.4)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 2.3 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a FIPS 140-2 non-compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 11/17/2008;
11/20/2009;
12/08/2010;
05/12/2011;
03/07/2012;
03/14/2012;
05/29/2012;
06/21/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with OpenSuSE Linux 32-bit Version 10.2 (gcc Compiler Version 4.1.2 20061115 prerelease); OpenSuSE Linux 64-bit Version 10.2 (gcc Compiler Version 4.1.2 20061115 prerelease); Windows XP Pro SP2 32 bit (Microsoft Visual C++ version 8); Windows XP Pro SP2 64 bit (Microsoft Visual C++ version 8); µClinux Kernel Version 2.4.32 (gcc Compiler Version 3.4.4); Android 2.2 (gcc Compiler Version 4.4.0); VxWorks 6.7 (gcc Compiler Version 4.1.2); Wind River 1.4 (gcc Compiler Version 3.4.4); Wind River 4.0 (gcc Compiler Version 4.4.1); Apple iOS 5.0 (gcc Compiler Version 4.2.1); Apple OS X 11 32 bit (gcc Compiler Version 4.2.1); Apple OS X 11 64 bit (gcc Compiler Version 4.2.1) (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #627, #1011, #1066, #1259 and #1297); AES (Cert. #695, #1534, #1630, #1933 and #2011); DSA (Cert. #264, #475, #512, #616 and #637); SHS (Cert. #723, #1362, #1435, #1698 and #1761); HMAC (Cert. #373, #892, #957, #1167 and #1216); RSA (Cert. #323, #745, #804, #999 and #1040); RNG (Cert. #407, #826, #873, #1018 and #1053)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from www.openssl.org/source/"
1050 Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Mehdi Bonyadi
TEL: 858-625-5163
FAX: 858-926-9020

-Ling Qin
TEL: 408-276-0097
FAX: 858-526-9020

CST Lab: NVLAP 200427-0

Sun Crypto Accelerator 6000
(Hardware Versions: 375-3424, Revisions -02, -03 and -04; Firmware Versions: Bootstrap version 1.0.1 or 1.0.10, Operational firmware version 1.1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/04/2008;
12/17/2008;
05/18/2009
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #397 and #862); DSA (Cert. #319); ECDSA (Cert. #99); HMAC (Certs. #475 and #479); RNG (Cert. #493); RSA (Certs. #411 and #414); SHS (Certs. #853 and #857); Triple-DES (Cert. #435)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2

Multi-chip embedded

"The SCA-6000 is a high performance hardware security module for Sun SPARC, x86, x64 platforms in a lowprofile, short PCI-E (X8) card. Supported on Linux and Solaris-10, it provides on-board cryptographic acceleration hardware and key store. It supports remote management with serial and USB ports for local administration. It enhances performance by off-loading compute intensive cryptographic calculations, accelerating IPsec and SSL processing and performs many financial service functions. The SCA6000 performs primary cryptographic functions for the Sun KMS 2.X Key Management System."
1049 PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025
USA

-Vinnie Moscaritolo
TEL: 650-319-9000
FAX: 650-319-9001

CST Lab: NVLAP 200802-0

PGP Software Developer's Kit (SDK) Cryptographic Module
(Software Version: 3.10.3 and 3.11.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/27/2008;
12/03/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Mac OS X 10.5 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #471); AES (Cert. #453); RSA (Cert. #172); DSA (Cert. #183); SHS (Cert. #516); HMAC (Cert. #216); RNG (Cert. #238)

-Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD60; ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1048 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JCE Provider Module
(Software Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/27/2008;
01/26/2009;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.4.2; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.5; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.6 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389 and vendor affirmed: SP 800-90); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614)

-Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman; DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (SHA1 and Triple-DES); RIPEMD 160; RNG (X9.31 non-compliant, MD5 and SHA1); RC2; RC4; RC5; RSA OAEP (for key transport); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1047 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J Software Module
(Software Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/27/2008;
01/26/2009;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.4.2; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.5; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.6 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #670); DSA (Cert. #252); ECDSA (Cert. #73); HMAC (Cert. #354); RNG (Cert. #390 and vendor affirmed: SP 800-90); RSA (Cert. #312); SHS (Cert. #703); Triple-DES (Cert. #615)

-Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman; DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (SHA-1 and Triple-DES); RIPEMD 160; RNG (X9.31 non-compliant, MD5 and SHA-1); RC2; RC4; RC5; RSA OAEP (for key transport); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1046 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Wireless Access Bridge (SWAB) ES520
(Hardware Versions: ES520V1 and ES520V2; Firmware Versions: 2.6.11, 2.6.12 and 2.6.12.2500LR)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/08/2008;
07/09/2009;
07/28/2009;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #686); SHS (Cert. #714); HMAC (Cert. #365); RNG (Cert. #400)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); MD5; Hardware RNG

Multi-chip standalone

"The Fortress Secure Wireless Access Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1045 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

-Yu-Ling Cheng
TEL: +886 3 424-5883
FAX: +886 3 424-4167

CST Lab: NVLAP 200017-0

HiPKI SafGuard 1000 HSM
(Hardware Version: HSM-HW-10; Firmware Version: HSM-SW-T8051.10)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/16/2008 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #668); AES (Cert. #763); SHS (Cert. #770); RSA (Cert. #362); RNG (Cert. #439); Triple-DES MAC (Triple-DES Cert. #668, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Hi PKI SafGuard 1000 HSM is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed math accelerator for 1024-2048 bit public key signatures, and hashing). The HiPKI SafGuard 1000 HSM provides secure identity-based challenge-response authentication using smart cards and data encryption using FIPS approved Triple-DES and AES encryption."
1044 Gemalto
Arboretum Plaza II
9442 Capital of Texas Highway North, Suite 400
Austin, TX 78759
USA

-James McLaughlin
TEL: 512-257-3954
FAX: 512-257-3881

CST Lab: NVLAP 200427-0

Protiva PIV Applet v1.55 on Protiva TOP DL Card
(Hardware Versions: A1005291- CHIP.P5CD144.MPH051B, A1011108 - CHIP.P5CD144.MPH051B and A1047808 -CHIP.P5CD144.MPH051B; Firmware Version: GX4-FIPS EI08, Applet Version: Protiva PIV Applet v1.55)

(PIV Card Application: Cert. #22)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/15/2008;
02/23/2009;
06/09/2011;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #782); RNG (Cert. #450); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed); CVL (Cert. #214)

-Other algorithms: N/A

Single-chip

"This module is based on a Java platform (GemCombiXpresso R4) with 144K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. Module Ref# A1005963 - Card Ref# M1002255."
1043 Entrust, Inc.
One Hanover Park
16633 Dallas Parkway
Suite 800
Addison, TX 75001
USA

-Entrust Sales

CST Lab: NVLAP 200017-0

Entrust Entelligence™ Kernel-Mode Cryptomodule
(Software Version: 1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/15/2008;
05/28/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2; Microsoft Windows Vista Enterprise, 32-bit edition; Microsoft Windows Vista Ultimate SP1; 64-bit edition (single-user mode)

-FIPS Approved algorithms: AES (Cert. #738); Triple-DES (Cert. #655); Triple-DES MAC (Triple-DES Cert. #655, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The Entrust Entelligence Kernel-Mode Cryptomodule is a software module that implements AES encryption and decryption functions suitable for use in kernel-mode drivers on Windows platforms."
1042 SafeNet, Inc.
4690 Millennium Drive
Suite 400
Belcamp, MD 21017
USA

-Davin Baker
TEL: 443-327-1488

CST Lab: NVLAP 200017-0

SafeNet HighAssurance 4000 Gateway
(Hardware Version: A; Firmware Version: 5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/15/2008 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #209); RNG (Cert. #274)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength; non-compliant); MD5; HMAC MD5; DES

Multi-chip standalone

"The SafeNet HighAssurance 4000 Gateway is a high performance, integrated security appliance that offers Gigabit IPSec encryption. Housed in a tamper evident chassis, have two gigabit ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
1041 Optica Technologies Incorporated
2051 Dogwood Street
Suite 210
Louisville, CO 80027
USA

-William Colvin
TEL: 905-876-3147
FAX: 905-876-3479

-Gil Fisher
TEL: 720-214-2800 x12
FAX: 720-214-2805

CST Lab: NVLAP 200017-0

Optica Technologies Eclipz ESCON Tape Encryptor
(Hardware Version: 44200-04; Firmware Version: 1.3.10)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/15/2008 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #670); AES (Certs. #771 and #266); SHS (Certs. #776 and #345); HMAC (Certs. #422 and #78); RSA (Cert. #366); DSA (Cert. #289); RNG (Cert. #442); ECDSA (Cert. #84)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength)

Multi-chip standalone

"The Optica Technologies Eclipz ESCON Tape Encryptor is an inline encryption appliance that directly integrates hardware accelerated encryption into native ESCON channels. It provides fully transparent, high performance data encryption for legacy ESCON tape systems. Eclipz preserves legacy ESCON tape device investments and interoperates with leading appliance-based key management solutions. . It supports 4 ESCON channels within a single appliance. The encryptor provides encryption for tape backup and recovery operations, and tape-based information sharing with business partners."
1040 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3825 and Cisco 3845 Integrated Services Routers
(Hardware Versions: 3825 and 3845; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #96, #795 [1] and #1199 [2]); HMAC (Certs. #50, #436 [1] and #696 [2]); RNG (Certs. #456 [1] and #663 [2]); RSA (Certs. #379 [1] and #576 [2]); SHS (Certs. #317, #794 [1] and #1104 [2]); Triple-DES (Certs. #210, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard."
1039 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2851 Integrated Services Router
(Hardware Version: 2851; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #96, #795 [1] and #1199 [2]); HMAC (Certs. #50, #436 [1] and #696 [2]); RNG (Certs. #456 [1] and #663 [2]); RSA (Certs. #379 [1] and #576 [2]); SHS (Certs. #317, #794 [1] and #1104 [2]); Triple-DES (Certs. #210, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
1038 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2811 and Cisco 2821 Integrated Services Routers
(Hardware Versions: 2811and 2821; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #265, #795 [1] and #1199 [2]); HMAC (Certs. #77, #436 [1] and #696 [2]); RNG (Certs. #456 [1] and #663 [2]); RSA (Certs. #379 [1] and #576 [2]); SHS (Certs. #344, #794 [1] and #1104 [2]); Triple-DES (Certs. #347, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
1037 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1841 and Cisco 2801 Integrated Services Routers
(Hardware Versions: 1841, 280 and SDN-L V(3) BBM; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode with the tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2008;
08/28/2009;
10/23/2009;
05/28/2010;
06/07/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #181, #795 [1] and #1199 [2]); HMAC (Certs. #27, #436 [1] and #696 [2]); RNG (Certs. #456 [1] and #663 [2]); RSA (Certs. #379 [1] and 576 [2]); SHS (Certs. #267, #794 [1] and #1104 [2]); Triple-DES (Certs. #283, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard."
1036 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1841 Integrated Services Routers with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Routers with AIM-VPN/EPII-Plus
(Hardware Versions: 1841 and 2801; AIM-VPN/BPII-Plus Version: 1.0, Board Version: C1; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #100, #181, #795 [1] and #1192 [2]); HMAC (Certs. #27, #38, #436 [1] and #696 [2]); RNG (Certs. #80, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #383 and #576 [2]); SHS (Certs. #267, #401, #794 [1] and #1104 [2]); Triple-DES (Certs. #213, #283, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/BPII-Plus and AIM-VPN/EPII-Plus)."
1035 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2811 and Cisco 2821 Integrated Services Routers with AIM-VPN/EPII-Plus
(Hardware Versions: 2811 and 2821; AIM Version: 1.0, Board Version: D0; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #100, #265, #795 [1] and #1199 [2]); HMAC (Certs. #38, #77, #436 [1] and #696 [2]); RNG (Certs. #80, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #383 and #576 [2]); SHS (Certs. #344, #401, #794 [1] and #1104 [2]); Triple-DES (Certs. #213, #347, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2811 and 2821 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus)."
1034 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2851 Integrated Services Router with AIM-VPN/EPII-Plus
(Hardware Version: 2851, AIM Version: 1.0, Board Version: D0; Firmware Version: Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #96, #100, #795 [1] and #1199 [2]); HMAC (Certs. #38, #50, #436 [1] and #696 [2]); RNG (Certs. #80, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #383 and #576 [2]); SHS (Certs. #317, #401, #794 [1] and #1104 [2]); Triple-DES (Certs. #210, #213, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2851 router features the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus)."
1033 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3825 Integrated Services Routers with AIM-VPN/EPII-Plus and Cisco 3845 Integrated Services Routers with AIM-VPN/HPII-Plus
(Hardware Versions: 3825 and 3845; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; AIM-VPN/HPII-Plus Version: 1.0, Board Version: D0; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #96, #100, #795 [1] and #1199 [2]); HMAC (Certs. #38, #50, #436 [1] and #696 [2]); RNG (Certs. #80, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #383 and #576 [2]); SHS (Certs. #317, #401, #794 [1] and #1104 [2]); Triple-DES (Certs. #210, #213, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 3825 and 3845 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus and AIM-VPN/HPII-Plus)."
1032 Nortel Networks
600 Technology Park
Billerica, MA 01821
USA

-Dave Norton
TEL: 978-288-7079

-Dragan Grebovich
TEL: 978-288-8069
FAX: 978-670-8153

CST Lab: NVLAP 200427-0

VPN Client Software
(Software Version: 7_11.101)

(When operated in FIPS mode with Microsoft® Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/07/2008 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #721); HMAC (Cert. #389); RNG (Cert. #421); SHS (Cert. #740); Triple-DES (Cert. #644)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); DES; 40-bit DES; MD5; ECDH (non-compliant); HMAC-MD5

Multi-chip standalone

"The Contivity VPN Client provides stable, secure network access via Nortel VPN routers and VPN gateways. The client can be preconfigured and customized by IT administrators for quick install and connect, or easily configured by end users via the connection wizard. The VPN client works over all IP infrastructures including all wireless, broadband, and satellite services. The VPN client also supports seamless roaming, enabling a user to roam wirelessly without losing the virtual connection."
1031 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1841 with AIM-VPN/SSL-1 and Cisco 2801 with AIM-VPN/SSL-2 Integrated Services Routers
(Hardware Versions: 1841 and 2801, AIM-VPN/SSL-1 Version: 1.0, Board Version: 01, AIM-VPN/SSL-2 Version: 1.0, Board Version: 01; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #173, #181, #795 [1] and #1199 [2]); HMAC (Certs. #27, #39, #436 [1] and #696 [2]); RNG (Certs. #83, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #382 and #576 [2]); SHS (Certs. #258, #267, #794 [1] and #1104 [2]); Triple-DES (Certs. #275, #283, #683 [1] and #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-1 and AIM-VPN/SSL-2)."
1030 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2811 and Cisco 2821 Integrated Services Routers with AIM-VPN/SSL-2
(Hardware Versions: 2811 and 2821, AIM Version: 1.0, Board Version: 01; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #173, #265, #795 [1] and Cert. #1199 [2]); HMAC (Certs. #39, #77, #436 [1] and Cert. #696 [2]); RNG (Certs. #83, #456 [1] and Cert. #663 [2]); RSA (Certs. #379 [1], #382 [1] and Cert. #576 [2]); SHS (Certs. #258, #344, #794 [1] and Cert. #1104 [2]); Triple-DES (Certs. #275, #347, #683 [1] and Cert. #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2811 and 2821 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-2)."
1029 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3825 and Cisco 3845 Integrated Services Routers with AIM-VPN/SSL-3
(Hardware Versions: 3825 and 3845, AIM-VPN/SSL-3 Version: 1.0, Board Version: 01; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #96, #173, #795 [1] and Cert. #1199 [2]); HMAC (Certs. #50, #39, #436 [1] and Cert. #696 [2]); RNG (Certs. #83, #456 [1] and Cert. #663 [2]); RSA (Certs. #379 [1], #382 and Cert. #576 [2]); SHS (Certs. #258, #317, #794 [1] and Cert. #1104 [2]); Triple-DES (Certs. #210, #275, #683 [1] and Cert. #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 3825 and 3845 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-3)."
1028 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2851 Integrated Services Router with AIM-VPN/SSL-2
(Hardware Version: 2851, AIM Version: 1.0, Board Version: 01; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/07/2008;
08/28/2009;
10/23/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #96, #173, #795 [1] and Cert. #1199 [2]); HMAC (Certs. #50, #39, #436 [1] and Cert. #696 [2]); RNG (Certs. #83, #456 [1] and Cert. #663 [2]); RSA (Certs. #379 [1], #382 and Cert. #576 [2]); SHS (Certs. #258, #317, #794 [1] and Cert. #1104 [2]); Triple-DES (Certs. #210, #275, #683 [1] and Cert. #867 [2])

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES

Multi-chip standalone

"The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2851 router features the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-2)."
1027 Attachmate Corporation
1500 Dexter Ave N
Seattle, WA 98109
USA

-Diane Agemura
TEL: 206-217-7500
FAX: 206-272-1346

-Kjell Swedin
TEL: 206-217-7332
FAX: 206-272-1345

CST Lab: NVLAP 200427-0

Attachmate Cryptographic Module
(Software Version: 2.0.40)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/07/2008 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2003 Server SP2 (x86); Red Hat Enterprise Linux 4.0 (x86); Sun Solaris 10 (x86); Microsoft Windows 2003 Server SP2 (x64); SuSE Linux Enterprise Server 9.0 (x64); Solaris 10 (x64); Microsoft Windows 2003 Server SP2 (IA64); Red Hat Enterprise Linux 4.0 (IA64); HP-UX 11iv3 (IA64); Solaris 8 (UltraSPARC); HP-UX 11iv1 (PA-RISC); AIX 5.2 (Power5); SuSE Linux Enterprise Server 9.0 (s390); Red Hat Enterprise Linux 4.0 on Hercules 3.05 s390 Emulator on Red Hat Enterprise Linux 5.0 (s390x) (single user mode)

-FIPS Approved algorithms: AES (Cert. #808); DSA (Cert. #299); HMAC (Cert. #447); RNG (Cert. #465); RSA (Cert. #389); SHS (Cert. #805); Triple-DES (Cert. #689)

-Other algorithms: Arcfour; Blowfish; CAST; DES; RIPEMD-160; MD4; MD5; MD2; RC5; RC2; HMAC-MD5; HMAC-MD4; HMAC-MD2; HMAC-RIPEMD-160; SHA-224 (non-compliant); SHA-384 (non-compliant); HMAC SHA-224 (non-compliant); HMAC SHA-384 (non-compliant); CBC-DES MAC; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"The Attachmate Crypto Module is used in a range of solutions from Attachmate, provider of host connectivity, secure communications and systems and security management."
1026 Sun Microsystems, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Mehdi Bonyadi
TEL: 858-625-5163
FAX: 858-926-9020

-Ling Qin
TEL: 408-276-0097
FAX: 858-526-9020

CST Lab: NVLAP 200427-0

Sun Crypto Accelerator 6000
(Hardware Version: 375-3424, Revisions -02, -03 and -04; Firmware Version: Bootstrap versions 1.0.1 and 1.0.10, Operational firmware version 1.0.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/07/2008;
12/17/2008;
05/18/2009
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #397 and #856); DSA (Cert. #309); HMAC (Cert. #473); RNG (Cert. #490); RSA (Certs. #409 and #410); SHS (Certs. #469 and #850); Triple-DES (Cert. #435)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2

Multi-chip embedded

"The Sun Cryptographic Accelerator 6000 (SCA-6000) is a high performance hardware security module for Sun platforms (SPARC, x86, x64). It is a low-profile, short PCI-E (X8) card consisting of on-board cryptographic acceleration hardware and a secure cryptographic key store. SCA-6000 supports remote management functions. It has serial and USB ports for local administration. It enhances platform performance by off-loading compute intensive cryptographic calculations by accelerating both IPsec and SSL processing, and by performing many financial service functions. Supported on Linux and Solaris-10"
1025 BeCrypt Limited
130 Shaftesbury Avenue
London, W1D 5EU
United Kingdom

-Dr. Pali Surdhar, Certification Manager
TEL: +44 (0)845 838 2050
FAX: +44 (0)845 838 2060

CST Lab: NVLAP 200017-0

BeCrypt Cryptographic Library
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/07/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Linux Ubuntu 8.0.4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #764 and #765); SHS (Certs. #771 and #772); RNG (Cert. #440); RSA (Cert. #363); HMAC (Certs. #418 and #419)

-Other algorithms: N/A

Multi-chip standalone

"The BeCrypt Cryptographic Library provides core cryptographic functionality for BeCrypt's Enterprise security products including a range of market leading disk encryption, media encryption and data protection products. The cryptographic library provides a capability to develop complex and flexible security applications that require cryptographic functionality in both pre-OS and 32 bit operating environments."
1024 Inter-4, A Division of Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

-Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

-Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0

STS Secure for Linux
(Software Version: 1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/24/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux 2.6 (single user mode)

-FIPS Approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: N/A

Multi-chip standalone

"The STS Secure for Linux is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NetFilter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
1023 3e Technologies International, Inc.
9715 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Ryon Coleman
TEL: 301-944-1277

CST Lab: NVLAP 200427-0

3e-525A-3, 3e-525A-3 BASIC, 3e-525A-3 BASIC with TEC, 3e-525A-3MP, 3e-525A-3MP with TEC, 3e-525V-3, 3e-525Ve-3 and 3e-525Ve-4 AirGuard™ Wireless Access Points
(Hardware Versions: 2.0(A): (3e-525A-3 [2], 3e-525A-3 BASIC [2], 3e-525A-3 BASIC with TEC [2], 3e-525A-3MP [2], 3e-525A-3MP with TEC [2], 3e-525V-3 [2], 3e-525Ve-3 [2] and 3e-525Ve-4 [1]); and 2.1: (3e-525A-3 [2], 3e-525A-3MP [2], 3e-525V-3 [2] and 3e-525Ve-4 [1]); Firmware Versions: 4.3.2 [1] and 4.3.3 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/24/2008;
12/09/2008;
02/05/2010
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #238); CCM (Cert. #1); HMAC (Cert. #13); RNG (Cert. #22); SHS (Cert. #278); Triple-DES (Cert. #292)

-Other algorithms: AES CFB (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The AirGuard™ model 525A-3 and model 525V-3/4 Wireless Access Points are packaged in rugged IP 66 weatherproof enclosure and conforms to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking for wireless applications. In access point or gateway mode, the 525A-3 can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps up to 108 Mbps. The 525V-3/4 incorporates an extra video module to provide capability for remote video surveillance and camera control."
1022 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 200556-0

Outbacker MXP
(Hardware Versions: 1.0 Outbacker MXP 80 GB, 1.0 Outbacker MXP 120 GB, 1.0 Outbacker MXP 160 GB, 1.0 Outbacker MXP 250 GB, 1.0 Outbacker MXP 320 GB and 1.0 Outbacker MXP 500 GB with MXI AES: Part # 933000334R Version 1.0; Firmware Version: 4.23 with Version 2.1 of Boot loader)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/10/2008;
02/24/2009;
05/31/2011;
04/24/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190)

-Other algorithms: N/A

Multi-chip standalone

"Outbacker MXP is a USB Portable Security Device with authentication and cryptographic services. It provides up to 320 gigabytes of encrypted portable storage and digital identity operations for enterprise security and user authentication via biometric and password."
1021 CoCo Communications Corporation
999 3rd Ave, Suite 3700
Seattle, WA 98104
USA

-Jeff Meyer
TEL: 206-284-9387
FAX: 206-770-6461

-Mikhail Voloshin
TEL: 206-812-5735
FAX: 206-770-6461

CST Lab: NVLAP 200427-0

The CoCo Crypto Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/02/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP with SP2, Debian GNU/Linux 4.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #693); DSA (Cert. #263); HMAC (Cert. #370); RNG (Cert. #405); SHS (Cert. #720)

-Other algorithms: Diffie-Hellman; SSLeay RNG

Multi-chip standalone

"The CoCo Crypto Module provides cryptographic services for the core components of CoCo Communications' tactical and military product lines. With the CoCo Crypto Module, users of CoCo's mobile digital network systems can be assured that their communications are safe from spoofing, eavesdropping, and other forms of information attack. As used within the CoCo Communications product suite, the CoCo Crypto module is interchangeable with the OpenSSL DLL, allowing for easy deployment-time transition to suit the needs of the problem domain."
1020 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Harsha Nagaraja
TEL: 408-754-3010

CST Lab: NVLAP 200427-0

Aruba 200, 800 and 6000 Mobility Controller with ArubaOS FIPS Firmware
(Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, SC-48-C1-1, SC-128-C1-1, SC-256-C2-1, LC-2G-1, LC-2G24F-1, LC-2G24FP-1; Firmware Versions: A200_2.4.8.22-FIPS, A800_2.4.8.22-FIPS, A5000_2.4.8.22-FIPS, A200_2.4.8.23-FIPS, A800_2.4.8.23-FIPS, A5000_2.4.8.23-FIPS, A200_2.4.8.24-FIPS, A800_2.4.8.24-FIPS, A5000_2.4.8.24-FIPS, A200_2.4.8.25-FIPS, A800_2.4.8.25-FIPS, A5000_2.4.8.25-FIPS, A200_2.4.8.26-FIPS, A800_2.4.8.26-FIPS, A5000_2.4.8.26-FIPS, A200_2.4.8.27-FIPS, A800_2.4.8.27-FIPS or A5000_2.4.8.27-FIPS)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/02/2008;
10/16/2008;
03/19/2009;
02/12/2010;
09/07/2010;
03/14/2011;
06/09/2011
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Certs. #298, #299, #300 and #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631)

-Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1019 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Harsha Nagaraja
TEL: 408-754-3010

CST Lab: NVLAP 200427-0

Aruba 200, 800 and 6000 Mobility Controller with ArubaOS FIPS Firmware
(Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, SC-48-C1-1, SC-128-C1-1, SC-256-C2-1, LC-2G-1, LC-2G24F-1, LC-2G24FP-1; Firmware Versions: A200_3.1.1.7-FIPS, A200_3.1.1.29-FIPS, A800_3.1.1.7-FIPS, A800_3.1.1.29-FIPS, A5000_3.1.1.7-FIPS and A5000_3.1.1.29-FIPS)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/02/2008;
12/15/2008;
03/14/2011
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Certs. #298, #299, #300 and #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631)

-Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength: non-compliant)

Multi-chip standalone

"Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1018 Inter-4, A Division of Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

-Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

-Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0

STS Secure for Windows XP, Embedded XP
(Software Version: 1.2 5/30/2008)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/02/2008;
12/15/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2, Windows XP Professional Embedded SP2 (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #157); RNG (Cert. #167); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: N/A

Multi-chip standalone

"The STS Secure for Windows XP, Embedded XP is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's Tactinet networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless/wired traffic. In addition to data in transit (DIT), file based encryption protects files transferred to/from the platform via external USB drives."
1017 Inter-4, A Division of Sierra Nevada Corporation
1777 Montgomery Street
San Francisco, CA 94111
USA

-Paul Matz
TEL: 415-771-4444
FAX: 415-771-8444

-Dan Haddick
TEL: 415-771-4444
FAX: 415-771-8444

CST Lab: NVLAP 100432-0

STS Secure for Windows CE
(Software Version: 1.2 5/30/2008)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/02/2008;
12/15/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350)

-Other algorithms: N/A

Multi-chip standalone

"The STS Secure for Windows CE is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) & AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's Tactinet networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless/wired traffic. In addition to data in transit (DIT), file based encryption protects files tranferred to/from the platform via external USB drives, and sensitive data at rest (DAR) stored internally is also encrypted and zeroizable."
1016 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Secure Services Client FIPS Module
(Software Version: 1.0.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/22/2008;
08/22/2011;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP and Microsoft Windows 2000 (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #325); AES (Cert. #699); HMAC (Cert. #377); SHS (Cert. #727); Triple-DES (Cert. #630); RNG (Cert. #410)

-Other algorithms: RC4; DES; MD4; MD5; HMAC-MD5; DSA (non-compliant); AES (Cert. #699; key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman

Multi-chip standalone

"The Cisco Secure Services Client FIPS Module is a self contained crypto module that supports IEEE 802.11i (WPA2) key exchange and IEEE 802.1X wired and wireless authentication. The module provides cryptographic support for 802.1X EAP types such as EAP-TLS, EAP-FAST and PEAP as well as WPA2-PSK (Pre-shared key)."
1015 Lexmark International, Inc.
740 West New Circle Road
Lexington, KY 40550
USA

-Sean Gibbons
TEL: 859-232-2000
FAX: 859-232-3120

CST Lab: NVLAP 200416-0

Lexmark Encryption Plug-In
(Software Version: 1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/22/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #767); SHS (Cert. #774); HMAC (Cert. #420); RNG (Cert. #441)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"A secure rendering plug-in that provides AES encryption of print data from the host through a print server with the AES encrypted data continuing on to a Lexmark decryption-enabled device. The rendering plug-in uses the Lexmark device's public key such that only the target device will be able to decrypt the data."
1014 Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196
USA

-Scot Bennett
TEL: 847-576-6935

CST Lab: NVLAP 100432-0

Motorola Network Router (MNR) S2500
(Hardware Version: S2500 Base Unit P/N ST2500B Tanapa Number CLN1713E Revision B with S2500 Encryption Module P/N ST2516A Tanapa Number CLN8262C Revision C; Firmware Versions: XS-15.1.0.75, XS-15.1.0.76, XS-15.2.0.20, XS-15.4.0.60, XS-15.6.0.27 and XS-15.7.0.60)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/22/2008;
01/26/2009;
07/28/2009;
12/23/2009
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #581 and #588); AES (Certs. #611 and #625); DSA (Cert. #237); SHS (Certs. #659 and #693); HMAC (Certs. #322 and #342); RNG (Cert. #349); RSA (Cert. #283)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; HMAC-MD5

Multi-chip standalone

"MNR S2500 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S2500 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S2500 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1013 Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196
USA

-Scot Bennett
TEL: 847-576-6935

CST Lab: NVLAP 100432-0

Motorola Network Router (MNR) S6000
(Hardware Versions: S6000 Base Unit P/N ST6000C Tanapa Number CLN1780D Revision B with S6000 Encryption Module P/N ST6016A Tanapa Number CLN8261D Revision H [1] and S6000 Base Unit ST6000C Tanapa Number CLN1780C Revision A with S6000 Encryption Module P/N ST6016A Tanapa Number CLN8261D Revision H [2]; Firmware Versions: PS-15.1.0.75 [1, 2], GS-15.1.0.75 [1, 2], PS-15.1.0.76 [1, 2], GS-15.1.0.76 [1, 2], PS-15.2.0.20 [1, 2], GS-15.2.0.20 [1, 2], PS-15.4.0.60 [1, 2], GS-15.4.0.60 [1, 2], PS-15.6.0.27 [1, 2], GS-15.6.0.27 [1, 2], PS-15.7.0.60 [1, 2] and GS-15.7.0.60 [1, 2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/22/2008;
01/26/2009;
07/28/2009;
12/23/2009
Overall Level: 1 

-FIPS Approved algorithms: Triple-DES (Certs. #275 and #580); AES (Certs. #173 and #609); DSA (Cert. #236); SHS (Certs. #258 and #658); HMAC (Certs. #39 and #323); RNG (Cert. #348); RSA (Cert. #282)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; HMAC-MD5

Multi-chip standalone

"MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1012 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2003 Enhanced Cryptographic Provider (RSAENH)
(Software Version: 5.2.3790.4313)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/22/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #818); HMAC (Cert. #452); RNG (Cert. #470); RSA (Cert. #395); SHS (Cert. #816); Triple-DES (Cert. #691)

-Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA X9.31 signature verification (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)

Multi-chip standalone

"The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module.RSAENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
1011 Francotyp-Postalia
Triftweg 21-26
Birkenwerder, 16547
Germany

-Hasbi Kabacaoglu
TEL: +49-3303-525-656
FAX: +49-3303-525-669

CST Lab: NVLAP 100432-0

Revenector2008
(Hardware Versions: P/Ns 58.0036.0001.00/07 and 58.0036.0006.00/04; Firmware Version: 8.20)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS Approved algorithms: RSA (Cert. #365); SHS (Cert. #765)

-Other algorithms: N/A

Multi-chip embedded

"Revenector2008 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the Revenector2008 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
1010 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2008 Enhanced Cryptographic Provider (RSAENH)
(Software Versions: 6.0.6001.22202 and 6.0.6002.18005)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1009 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2008 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Versions: 6.0.6001.18000 and 6.0.6002.18005)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

Multi-chip standalone

"DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1008 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Microsoft Windows Server 2008 Cryptographic Primitives Library (bcrypt.dll)
(Software Versions: 6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009;
09/06/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

Multi-chip standalone

"BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1007 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows Server 2008 Kernel Mode Security Support Provider Interface (ksecdd.sys)
(Software Versions: 6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869)

(When operated in FIPS mode with Windows Server 2008 OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
02/23/2009;
07/30/2009;
10/16/2009;
02/09/2012;
09/27/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
1006 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2008 Code Integrity (ci.dll)
(Software Versions: 6.0.6001.18000 and 6.0.6002.18005)

(When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #355); SHS (Cert. #753)

-Other algorithms: MD5

Multi-chip standalone

"This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
1005 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2008 Winload OS Loader (winload.exe)
(Software Versions: 6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596)

(When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #1004 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009;
01/20/2011;
10/17/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753)

-Other algorithms: MD5

Multi-chip standalone

"This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
1004 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Server 2008 Boot Manager (bootmgr)
(Software Versions: 6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009;
01/20/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753)

-Other algorithms: N/A

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
1003 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Versions: 6.0.6001.18000 and 6.0.6002.18005)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

Multi-chip standalone

"DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1002 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Enhanced Cryptographic Provider (RSAENH)
(Software Versions: 6.0.6001.22202 and 6.0.6002.18005)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1001 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Microsoft Windows Vista Cryptographic Primitives Library (bcrypt.dll)
(Software Versions: 6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009;
09/06/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)

Multi-chip standalone

"BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1000 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows Vista Kernel Mode Security Support Provider Interface (ksecdd.sys)
(Software Versions: 6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869)

(When operated in FIPS mode with Windows Vista OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #979 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008;
07/24/2009;
10/16/2009;
02/09/2012;
09/27/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
999 Hewlett-Packard Company
19091 Pruneridge Ave., MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

HP StorageWorks Secure Key Manager
(Hardware Version: P/N AJ087A, Version 1.0; Firmware Version: 1.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008;
09/19/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #653); DSA (Cert. #244); HMAC (Cert. #338); RNG (Cert. #375); RSA (Cert. #302); SHS (Cert. #686); Triple-DES (Cert. #604)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; MD5; RC4; RC2

Multi-chip standalone

"The HP Secure Key Manager automates encryption key generation and management based on security policies. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
998 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-745-9600
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E7500
(Hardware Version: P/N 101-500163-50, Rev. A; Firmware Version: SonicOS v5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #636); AES (Cert. #705); DSA (Cert. #270); RNG (Cert. #416); RSA (Cert. #331); SHS (Cert. #733); HMAC (Cert. #383)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
997 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Microsoft Windows XP Kernel Mode Cryptographic Module (FIPS.SYS)
(Software Version: 5.1.2600.5512)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/15/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (single-user mode)

-FIPS Approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed)

-Other algorithms: DES; MD5; HMAC MD5

Multi-chip standalone

"FIPS.sys is a general-purpose, software-based, cryptographic module residing at the Kernel level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode services."
996 Alcatel-Lucent
600-700 Mountain Avenue
Murray Hill, NJ 07974
USA

-Paul Fowler
TEL: 908-582-1734

CST Lab: NVLAP 200427-0

Alcatel-Lucent VPN Firewall Bricks® 150, 700 AC and 700 DC
(Hardware Versions: 150, 700 AC and 700 DC; Firmware Version: 9.1.299)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #101, #672 and #747); DSA (Certs. #253 and #256); HMAC (Certs. #220, #356, #359 and #405); RNG (Cert. #391); SHS (Certs. #193, #705, #708 and #762); Triple-DES (Certs. #214, #617, #620 and #664)

-Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant)

Multi-chip standalone

"The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
995 Alcatel-Lucent
600-700 Mountain Avenue
Murray Hill, NJ 07974
USA

-Paul Fowler
TEL: 908-582-1734

CST Lab: NVLAP 200427-0

Alcatel-Lucent VPN Firewall Brick® 1200
(Hardware Versions: 1200 AC, 1200HS AC and 1200HS DC; Firmware Version: 9.1.299)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #266 and #672); DSA (Certs. #253 and #256); HMAC (Certs. #78, #356 and #359); RNG (Cert. #391); SHS (Certs. #345, #705 and #708); Triple-DES (Certs. #348, #617 and #620)

-Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant)

Multi-chip standalone

"The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
994 Alcatel-Lucent
600-700 Mountain Avenue
Murray Hill, NJ 07974
USA

-Paul Fowler
TEL: 908-582-1734

CST Lab: NVLAP 200427-0

Alcatel-Lucent VPN Firewall Brick® 50
(Hardware Version: 50; Firmware Version: 9.1.299)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #671 and #672); DSA (Certs. #253 and #256); HMAC (Certs. #355, #356 and #359); RNG (Cert. #391); SHS (Certs. #704, #705 and #708); Triple-DES (Certs. #616, #617 and #620)

-Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant)

Multi-chip standalone

"The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
993 Oracle Corporation
500 Eldorado Blvd.
Bldg 5
Broomfield, CO 80021
USA

-David Hostetter
TEL: 303-272-7126

CST Lab: NVLAP 100432-0

Key Token
(Hardware Version: P/N 314478004 Version G; Firmware Version: 1.20)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/06/2008;
05/05/2010
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #636)

-Other algorithms: N/A

Multi-chip standalone

"The Key Token is a part of the larger Encrypted Data-At-Rest Solution (EDRS). The primary purpose for this device is to provide secure key storage and key transport between the two other EDRS components. The additional two components that the EDRS includes are the Key Management Station (KMS) and the Encrypting Tape Drive (ETD)."
992 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-745-9600
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 4500, NSA 5000 and NSA E5500
(Hardware Versions: P/N 101-500166-50, Rev. A (NSA 4500); P/N 101-500088-50, Rev. A (NSA 5000); P/N 101-500165-50, Rev. A (NSA E5500); Firmware Version: SonicOS v5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #634); AES (Cert. #703); DSA (Cert. #268); RNG (Cert. #414); RSA (Cert. #329); SHS (Cert. #731); HMAC (Cert. #381)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
991 Athena Smartcard Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

-Ste´phanie Motre´
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0

Athena IDProtect Duo PIV
(Hardware Version: P/N AT90SC12872RCFT Revision M; Firmware Version: P/N Athena IDProtect Duo Version 0107.7099.0105; Software Version: P/N Athena PIV Applet Version 1.0)

(PIV Card Application: Cert. #12)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/15/2008;
04/12/2013;
02/06/2014;
05/28/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); RNG (Cert. #368); RSA (Cert. #296); SHS (Cert. #680); CVL (Cert. #210)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"The Athena IDProtect Duo PIV cryptographic module is compliant with FIPS 201 as an end point compliant card. The PIV application is hosted by the Athena IDProtect dual interface smart card operating system compliant with the Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 2 (Level 4 for Physical Security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
990 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows XP Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Version: 5.1.2600.5507)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/24/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP3 (in single user mode)

-FIPS Approved algorithms: DSA (Cert. #292); RNG (Cert. #448); SHS (Cert. #784); Triple-DES (Cert. #676); Triple-DES MAC (Triple-DES Cert. #676, vendor affirmed)

-Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4

Multi-chip standalone

"The Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider, designed for FIPS 140-2 compliance, is a software-based, cryptographic module. DSSENH encapsulates several different cryptographic algorithms (including SHA-1, DES, TDES, DSA) in a cryptographic module accessible via the Microsoft CryptoAPI."
989 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows XP Enhanced Cryptographic Provider (RSAENH)
(Software Version: 5.1.2600.5507)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/24/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #781); HMAC (Cert. #428); RNG (Cert. #447); RSA (Cert. #371); SHS (Cert. #783); Triple-DES (Cert. #675); Triple-DES MAC (Triple-DES Cert. #675, vendor affirmed)

-Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits)

Multi-chip standalone

"The Microsoft Enhanced Cryptographic Provider, designed for FIPS 140-2 compliance, is a software-based, cryptographic module. RSAENH encapsulates several different cryptographic algorithms (including SHS, DES, TDES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
988 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 200556-0

Stealth MXP Passport
(Hardware Versions: 4.3 Stealth MXP Passport Versions MUS3083C-FIPS, MUS3083D-FIPS, MUS3083E-FIPS, MUS3083F-FIPS, MUS3083G-FIPS, MUS3083E-MLCFIPS, MUS3083F-MLC-FIPS, MUS3083G-MLC-FIPS and MUS3083H-MLC-FIPS and 4.4 Stealth MXP Passport Versions MUS3086C-FIPS, MUS3086D-FIPS, MUS3086E-FIPS, MUS3086F-FIPS, MUS3086G-FIPS, MUS3086E-MLC-FIPS, MUS3086F-MLC-FIPS, MUS3086G-MLC-FIPS and MUS3086H-MLC-FIPS in Plastic (PL), Metal (ME) and Liquid Metal (LM) enclosures; Firmware Version: 4.21 with Version 2.1 of Boot loader)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/24/2008;
08/22/2008;
05/31/2011;
04/24/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190)

-Other algorithms: N/A

Multi-chip standalone

"Stealth MXP Passport is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services"
987 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 200556-0

Stealth MXP
(Hardware Versions: 4.3 Stealth MXP Versions MUS3082C-FIPS, MUS3082D-FIPS, MUS3082E-FIPS, MUS3082F-FIPS, MUS3082G-FIPS, MUS3082E-MLCFIPS, MUS3082F-MLC-FIPS, MUS3082G-MLC-FIPS and MUS3082H-MLC-FIPS and 4.4 Stealth MXP Versions MUS3085C-FIPS, MUS3085D-FIPS, MUS3085E-FIPS, MUS3085F-FIPS, MUS3085G-FIPS, MUS3085E-MLCFIPS, MUS3085F-MLC-FIPS, MUS3085G-MLC-FIPS and MUS3085H-MLC-FIPS in Plastic (PL), Metal (ME) and Liquid Metal (LM) enclosures; Firmware Version: 4.21 with Version 2.1 of Boot loader)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/24/2008;
08/22/2008;
05/31/2011;
04/24/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190)

-Other algorithms: N/A

Multi-chip standalone

"Stealth MXP is a USB mass storage device which implements hardware encryption dependant on user authentication. It provides not only secure encrypted storage, but management of digital identity credentials used for authentication and verification to enterprise and personal services."
986 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Version: 3.8.5.32a)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 07/24/2008 Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 8300 with BlackBerry OS Version 4.5

-FIPS Approved algorithms: Triple-DES (Cert. #671); AES (Certs. #774 and #775); SHS (Cert. #777); HMAC (Cert. #423); RSA (Cert. #367); RNG (Cert. #444); ECDSA (Cert. #85)

-Other algorithms: EC Diffie-Hellman; ECMQV

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
985 Route1® Inc.
155 University Avenue
Suite 1920
Toronto, Ontario M5H 3B7
Canada

-Jerry S. Iwanski
TEL: 416-848-8391

-Jeff Denberg
TEL: 416-848-8391

CST Lab: NVLAP 200427-0

Route1® FIPS Cryptographic Module
(Software Version: 2.1.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/17/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2003 SP1 (32-bit x86 - VC8.0 build) (in single-user mode)

-FIPS Approved algorithms: AES (Cert. #673); DSA (Cert. #254); ECDSA (Cert. #74); HMAC (Cert. #357); RNG (Cert. #392); RSA (Cert. #314); SHS (Cert. #706); Triple-DES (Cert. #618)

-Other algorithms: MD2; MD5; HMAC MD5; DES; DES40; RC2; RC4; RC5; ECAES (non-compliant); RSA (key wrapping, key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG SP 800-90 (non-compliant)

Multi-chip standalone

"The Route1 FIPS Cryptographic Module lies at the core of Route1®'s MobiNET™ a communications and service delivery platform focused on identity management and entitlement-based access to systems and resources. MobiNET™services are delivered on a number of digital form factors, such as mobile phones, handheld devices and Route1 MobiKEY™ an ultra-portable, smart-card enabled USB device. The Route1 FIPS Cryptographic Module's functionality includes a wide range of data encryption and asymmetric algorithms including AES, the RSA Public Key Cryptosystem, DSA, and the SHA family of message digests."
984 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-745-9600
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 3500
(Hardware Version: P/N 101-500073-50, Rev. A; Firmware Version: SonicOS v5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/17/2008 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #633); AES (Cert. #702); DSA (Cert. #267); RNG (Cert. #413); RSA (Cert. #328); SHS (Cert. #730); HMAC (Cert. #380)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
983 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-745-9600
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E6500
(Hardware Version: P/N 101-500164-50, Rev. C; Firmware Version: SonicOS v5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/17/2008 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #635); AES (Cert. #704); DSA (Cert. #269); RNG (Cert. #415); RSA (Cert. #330); SHS (Cert. #732); HMAC (Cert. #382)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
982 SonicWALL, Inc.
1143 Borregas Ave.
Sunnyvale, CA 94089-1306
USA

-Usha Sanagala
TEL: 408-745-9600
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

TZ 180, TZ 180W, TZ 190 and TZ 190W
(Hardware Versions: P/N 101-500161-50, Rev. A (TZ 180); P/N 101-500160-50, Rev. A (TZ 180W); P/N 101-500080-52, Rev. A (TZ 190); P/N 101-500101-52, Rev. A (TZ 190W); Firmware Version: SonicOS v5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/17/2008 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #632); AES (Cert. #701); DSA (Cert. #266); RNG (Cert. #412); RSA (Cert. #327); SHS (Cert. #729); HMAC (Cert. #379)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"SonicWALLÆs TZ Series is a high performance security platform that combines a deep packet inspection firewall, anti-virus, anti-spyware, intrusion prevention, content filtering, optional modular modem backup, and optional 802.11 b/g WLAN. These solutions allow small, remote, and branch offices to implement protection from the wide spectrum of emerging network threats."
981 FRAMA AG
Unterdorf
Lauperswil, CH-3438
Switzerland

-Beat C. Waelti
TEL: +41 34 496 98 98
FAX: +41 34 496 98 00

-Markus Arn
TEL: +41 34 496 98 98
FAX: +41 34 496 98 00

CST Lab: NVLAP 200636-0

FRAMA PSD-I
(Hardware Version: 2.4; Firmware Version: 1.0.6)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/17/2008 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #450); RSA (Cert. #157); SHS (Cert. #489); RNG (Cert. #215)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); CRC32

Multi-chip embedded

"The cryptographic module (called Postal Security Device, PSD) supports booking processes within postal meters as well as value loading processes in order to increase the postage credits. The postage credits are kept as CSPs within the PSD. In detail the use of cryptographic services, like the production of cryptographic keys, the encoding, decoding or signature and signature verification is part of PSD internal purposes to the booking processes mentioned above. The PSD uses the following algorithms in the approved mode of operation: Triple-DES; RSA; SHA-1; RNG acc. to FIPS 186-2."
980 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Code Integrity (ci.dll)
(Software Versions: 6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120 and 6.0.6002.18005)

(When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #979 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/21/2008;
07/29/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #354); SHS (Cert. #753)

-Other algorithms: MD5

Multi-chip standalone

"This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
979 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Winload OS Loader (winload.exe)
(Software Versions: 6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596)

(When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #978 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/21/2008;
07/29/2009;
10/17/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739 and 760); RSA (Cert. #354); SHS (Cert. #753)

-Other algorithms: MD5

Multi-chip standalone

"This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
978 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Boot Manager (bootmgr)
(Software Versions: 6.0.6001.18000 and 6.0.6002.18005)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/21/2008;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739 and 760); HMAC (Cert.#415); RSA (Cert. #354); SHS (Cert. #753)

-Other algorithms: N/A

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
977 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 4000, nShield F2 2000, nShield F2 500
(Hardware Versions: nC3023P-4K0, nC3023P-2K0, and nC3123P-500, Build Standard N; Firmware Version: 2.33.60-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/31/2008 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
976 SafeNet Inc.
350 Convention Way
Redwood City, CA 94063
USA

-Eric Murray
TEL: 650-261-2400
FAX: 650-261-2401

CST Lab: NVLAP 100432-0

DataSecure Appliance i430, i426, and i116
(Hardware Versions: P/N DS-0116-0100-00 (i116); P/Ns DS-0430-0100-00 and DS-0430-01NP-00 (i430); P/N DS-0426-0100-00 (i426); Firmware Version: 4.6.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2008;
11/06/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #565); AES (Cert. #588); DSA (Cert. #231); RNG (Cert. #335); RSA (Cert. #269); SHS (Cert. #640); HMAC (Cert. #306); Diffie-Hellman (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; SEED; MD5; RC4

Multi-chip standalone

"The Ingrian Networks DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
975 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3201 Wireless Mobile Interface Card with thermal plates
(Hardware Version: 800-25522-02; Firmware Version: S3201W7K9-12308JK)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2008;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #370 and #799); CCM (Cert. #11); SHS (Cert. #797); HMAC (Cert. #439); RNG (Cert. #459)

-Other algorithms: HMAC MD5; MD5; RC4; RSA (non-compliant)

Multi-chip embedded

"The C3201WMIC-TPAK9 provides wireless connectivity for the Cisco 3200 Series Mobile Access Router. The module can be configured as 802.11g Wireless Access Point, 802.11g Wireless Root Bridge or 802.11g Wireless Work Group Bridge and supports the 802.11b/g wi-fi standards for communications, and 802.11i for security."
974 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Michael Poitner
TEL: 650-312-1241
FAX: 650-312-8129

-Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

CST Lab: NVLAP 200427-0

Sm@rtCafé Expert 3.2
(Hardware Versions: P5CC073 M8.4 [1], P5CD080 M8.4 [2], P5CD080 PDM1.1 [2], P5CD144 M8.4 [3] and P5CD144 PDM1.1 [3]; Firmware Versions: CPDHxJC_RSEFI025CC073V202 [1], CPDIxJC_RSEFI025CD080V402 [2] and CPDYxJC_RSEFI025CD144V503 [3])

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2008;
01/11/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #744, #745 and #746); DSA (Cert. #276, #277 and 278); RSA (Certs. #349, #350 and #351); RNG (Certs. #432, #433 and #434); SHS (Certs. #759, #760 and #761); Triple-DES (Certs. #661, #662 and #663); Triple-DES MAC (Triple-DES Certs. #661, #662 and #663, vendor affirmed)

-Other algorithms: DES; DES MAC; DSA (512-bits and 768-bits; non-compliant); RSA (encrypt/decrypt)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert 3.2 is a Java Card 2.2.1 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), SEED(128 bit), AES(up to 256 bits), DSA(up to 1024 bits), OAEP Padding and Triple-DES. The Sm@rtCafé Expert 3.2 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
973 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 500 and nShield F2 10 PCI
(Hardware Versions: nC3023P-500, nC3023P-10, Build Standard N; Firmware Version: 2.33.60-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/30/2008 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
972 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock
(Hardware Versions: nC4031Z-10, nC4031U-10 and TSMC200; Build Standard N; Firmware Version: 2.33.60-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2008;
05/28/2010
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #685); AES GCM (Cert. #685 vendor affirmed); Triple-DES (Cert. #625); Triple-DES MAC (Triple-DES Cert. #625 vendor affirmed); DSA (Cert. #259); ECDSA (Cert. #76); SHS (Cert. #713); HMAC (Cert. #364); RSA (Cert. #320); RNG (Cert. #399)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
971 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3]
(Hardware Versions: nC4031Z-10 [1], nC3021U-10 [2] and TSMC200 [3]; Build Standard N; Firmware Version: 2.33.60-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/30/2008;
05/28/2010;
07/02/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #685); AES GCM (Cert. #685 vendfor affirmed); Triple-DES (Cert. #625); Triple-DES MAC (Triple-DES Cert. #625 vendor affirmed); DSA (Cert. #259); ECDSA (Cert. #76); SHS (Cert. #713); HMAC (Cert. #364); RSA (Cert. #320); RNG (Cert. #399)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher MiniHSM is a fully featured HSM supplied in a single chip package. The MiniHSM offers all the security and key management features of other nCipher modules - but with reduced processing speed. The MiniHSM is an OEM part and will be included within other appliances or products, for example switches or routers. The MiniHSM's real time clock, also makes it suitable for use as a time-stamping engine."
970 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI
(Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10; Build Standard N; Firmware Version: 2.33.60-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/24/2008 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
969 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco MDS 9506, 9509, 9216i and 9513 Multi-Layer SAN Switches
(Hardware Versions: 9216i: 1, 9506: 1, 9509: 2, 9513: 1; Supervisor: 13, Supervisor 1: 16, Supervisor 2: 4; Firmware Versions: 3.2 (2c) [1] and 4.1(3a) [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2008;
10/16/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES ([Certs. #662 and #663] [1] and Cert. #1188 [2]); DSA ([Certs. #245 and #246] [1] and Cert. #392 [2]); HMAC ([Certs. #344 and #345] [1] and Cert. #688 [2]); RNG ([Certs. #382 and #383] [1] and Cert. #656 [2]); RSA ([Certs. #306 and #307] [1] and Cert. #569 [2]); SHS ([Certs. #695 and #696] [1] and Cert. #1095 [2]); Triple-DES ([Certs. #609 and #610] [1] and #856 [2])

-Other algorithms: DES; RC4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Cisco MDS 9506, 9509, 9513, and 9216i deliver intelligent network services such as virtual storage-area networks (VSANs), comprehensive security, advanced traffic management, sophisticated diagnostics, and unified SAN management. In addition, these modules provide multiprotocol and multitransport integration and an open platform for embedding intelligent storage services such as network-based virtualization; as well as a multilayer approach to network and storage intelligence."
968 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500 and nShield F3 500 for netHSM
(Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Version: 2.33.60-2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/24/2008 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3 +EFP/EFT
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for netHSM, nShield 500 and nShield 500 for netHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
967 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nToken
(Hardware Version: nC2023P-000, Build Standard N; Firmware Version: 2.33.60)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2008 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #599); Triple-DES (Cert. #570); DSA (Cert. #233); SHS (Cert. #648); HMAC (Cert. #309); RNG (Cert. #340)

-Other algorithms: N/A

Multi-chip embedded

"The nCipher nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
966 nCipher Corporation Ltd.
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI
(Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10, Build Standard N; Firmware Version: 2.33.60-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/24/2008 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
965 nCipher Corporation Ltd.
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500 and nShield F3 500 for netHSM
(Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Version: 2.33.60-3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/24/2008 Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS Approved algorithms: AES (Cert. #599); AES GCM (Cert. #599, vendor affirmed); Triple-DES (Cert. #570); Triple-DES MAC (Triple-DES Cert. #570, vendor affirmed); DSA (Cert. #233); ECDSA (Cert. #64); SHS (Cert. #648); HMAC (Cert. #309); RSA (Cert. #274); RNG (Cert. #340)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for netHSM, nShield 500, and nShield 500 for netHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
964 Motorola, Inc.
1301 E. Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

Motorola Gold Elite Gateway Secure Card Crypto Engine (MGEG SCCE)
(Hardware Version: R01.00.00; Firmware Versions: R01.07.05, R01.07.06 and R01.13.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2008;
12/08/2010
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121)

-Other algorithms: DES-XL; DVI-XL; DVI-SPFL; DVP-XL; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR); DES; ADP; LFSR

Multi-chip embedded

"The MGEG Secure Card is a cPCI device which performs encryption and decryption for all voice traffic through the Motorola Gold Elite Gateway (MGEG)."
963 Gemalto and ActivIdentity, Inc.
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

-James McLaughlin
TEL: 512-257-3954
FAX: 512-257-3881

-Stephane Ardiley
TEL: 510-745-6288

CST Lab: NVLAP 200427-0

SafesITe TOP FIPS DM GX4 with ActivIdentity Digital Identity Applet Suite v2 for PIV
(Hardware Versions: GCX4-M2569422 and GCX4-A1004155; Firmware Versions: GCX4-FIPS EI07 and GCX4-FIPS EI08, Applet Versions: ACA v2.6.2.2 [1,2] and v2.6.2.3 [3], PKI/GC v2.6.2.3, ASC library package v2.6.2.2, PIV EP packages v2.6.2.6 [1], v2.6.2.7 [2] and 2.6.2.9 [3])

(PIV Card Application: Cert. #10)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2008;
07/09/2008;
11/18/2008;
05/11/2011;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #355); Triple-DES (Cert. #412); SHS (Cert. #427); RSA (Cert. #119); Triple-DES MAC (Triple-DES Cert. #412, vendor affirmed); RNG (Cert. # 168); CVL (Cert. #205)

-Other algorithms: N/A

Single-chip

"This module is based on a Gemalto Dual Interface (ISO7816 & ISO14443) Open OS Smart Card with a large (72K EEPROM) memory, with a cryptographic applet suite V 2.6.2 developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite provides services for authentication, access control, generic container and PKI. The module conforms to SP800-73-1 Transitional & End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
962 ActivIdentity, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Stephane Ardiley
TEL: 510-745-6288
FAX: 510- 574-0101

CST Lab: NVLAP 100432-0

ActivIdentity Digital Identity Applet Suite V2 for Extended PIV
(Hardware Versions: P/N 77 Versions E303-063683 and E303-063684; Firmware Versions: ACA applet package v2.6.2.A3, PKI/GC applet package v2.6.2.A1, ASC library package v2.6.2.A1, PIV End-Point package v2.6.2.A1 and v2.6.2.A2, SKI applet package v2.6.2.A2)

(PIV Card Application: Cert. #7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/12/2008;
06/23/2008;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #232); Triple-DES MAC (Triple-DES Cert. #232, vendor affirmed); SHS (Cert. #209); RSA (Cert. #43); RNG (Cert. #94); CVL (Cert. #204)

-Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured for use with ActivIdentity applet suite v2.6.2 for the support of GSC-IS v2.1, NIST SP800-73-1 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model. The validated product is similar to Applet v2.6.2a (FIPS 140-2 Cert. #880), but added the One Time Password applet."
961 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-5050 and FortiGate-5140
(Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5140 (build C4GL51); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Version: FortiOS 3.00, build 8317, 061121)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/05/2008;
06/13/2008
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #486, #487 and #490); RNG (Cert. #251); AES (Certs. #471, #472 and #476); SHS (Certs. #539, #540 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength; non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
960 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-924-3406

CST Lab: NVLAP 100432-0

Cygnus X3 PSD Cryptographic Module
(Hardware Version: 1R84000 Version A; Firmware Version: 01.00.06; Software Version: 01.04.07)

(When configured with the listed FIPS-Approved algorithms)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
05/18/2009
Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS Approved algorithms: DSA (Cert. #234); SHS (Cert. #650); AES (Cert. #600); RNG (Cert. #592)

-Other algorithms: N/A

Single-chip

"The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The Cygnus X3 PSD Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
959 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Peter Hayman
TEL: 919-462-1900 x273
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeEnterpriseTM Encryptor, Model 650
(Hardware Versions: 904-20044-004, 904-20055-004 and 904-21005-007; Firmware Version: 3.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
08/28/2009
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #268); AES (Certs.#391, and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76)

-Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping, key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The SafeEnterpriseTM SONET Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network."
958 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Catalyst 3750G Integrated Wireless LAN Controller
(Hardware Version: 02; Firmware Versions: 4.1.171.0[1] and 4.1.185.10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
11/17/2008;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #554[1], #555 and #906[2]); HMAC (Cert. #294); RNG (Certs. #322[1] and #519[2]); RSA (Certs. #249 and #250); SHS (Certs. #619 and #620)

-Other algorithms: AES-CTR (non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); Triple-DES (non-compliant); AES (Cert. #555; key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 3750G Wireless LAN Controller provides centralized control and scalability for medium to large-scale wireless LAN networks and supports IEEE 802.11i wireless security and is Wi-Fi certified for WPA2. Cisco WLAN Controllers support voice, video, data services, intrusion protection (including Management Frame Protection (MFP), intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the U.S. Department of Defense (DoD)."
957 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM)
(Hardware Versions: Chassis: 6506, 6509, 6506-E, 6509-E; Backplane: Hardware Versions 1.0, 1.1, 1.2 (6506-E), 1.0, 1.1, 1.2, 1.3, 1.4 (6509-E), 3.0, 3.2, 3.3 (6506, 6509); Supervisor Blade: Hardware Versions 4.0, 4.1, 4.2, 4.3, 4.4, 4.5, 4.6, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9 (SUP720-3B), 4.0, 4.5, 4.6, 5.1, 5.2, 5.3, 5.4, 5.5, 5.6, 5.7, 5.8, 5.9 (SUP720-3BXL); WiSM: Hardware Versions 1.0, 1.1, 1.2, 1.3, 1.4, 2.0, 2.1, 2.2, 2.3; Firmware Version: 12.2(18)SXF7, Build adventerprisek9 (Supervisor); 4.1.171.0[1] and 4.1.185.10[2] (WiSM))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
11/17/2008;
03/06/2009;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #554[1], #555 and #906[2]); HMAC (Cert. #294); RNG (Certs. #322[1] and #519[2]); RSA (Certs. #249 and #250); SHS (Certs. #619 and #620)

-Other algorithms: AES (AES Cert. #555, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES-CTR (non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); Triple-DES (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
956 AEP Networks
Focus 31, West Wing
Cleveland Road
New Hempstead, Herts HP2 7BW
United Kingdom

-David Miller
TEL: 011-44-1442458600
FAX: 44-1442458601

CST Lab: NVLAP 200017-0

AEP Advanced Configurable Cryptographic Environment (ACCE)
(Hardware Version: 2730_G1; Firmware Version: 1.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/05/2008 Overall Level: 4 

-FIPS Approved algorithms: Triple-DES (Cert. #599); AES (Cert. #648); DSA (Cert. #243); SHS (Cert. #681); RNG (Cert. #369); RSA (Cert. #297); Triple-DES MAC (Triple-DES Cert. #599, vendor affirmed).

-Other algorithms: MD5; DES; Diffie-Hellman

Multi-chip embedded

"AEP Advanced Configurable Cryptographic Environment (ACCE) crypto module offers the next generation security platform for managing cryptographic keys and protecting sensitive applications. The ACCE crypto module is a hardware security module (HSM) designed for managing mission critical applications that demand maximum security. It is ideally suited for companies that need secure key management for certification authorities, registration authorities, OCSP responders, smart card issuers, web servers and other applications."
955 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco 4402 and 4404 Wireless LAN Controllers
(Hardware Versions: 4402 and 4404, Revision Number: A0; Opacity Baffle Version: 1.0; Firmware Versions: 4.1.171.0[1] and 4.1.185.10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/05/2008;
11/17/2008;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #554[1], #555 and #906[2]); HMAC (Cert. #294); RNG (Certs. #322[1] and #519[2]); RSA (Certs. #249 and #250); SHS (Certs. #619 and #620)

-Other algorithms: AES (Cert. #555, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES-CTR (non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); Triple-DES (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
954 Trapeze Networks
5753 W. Las Positas Blvd.
Pleasanton, CA 94588
USA

TEL: 925-474-2602
FAX: 925-251-0642

CST Lab: NVLAP 100432-0

MX-200R-GS/MX-216R-GS Mobility Exchange WLAN Controllers
(Hardware Versions: P/Ns MX-200R-GS/MX-216R-GS Rev. A; Firmware Versions: MSS 6.1.0.3, MSS 6.1.0.4 and MSS 6.1.1.2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
11/13/2008;
08/28/2009
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #594); AES (Cert. #642); RNG (Cert. #365); RSA (Cert. #293); SHS (Cert. #677); HMAC (Cert. #331)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"Trapeze Networks delivers Smart Mobile WLAN network solutions, enabling govt. agencies and enterprises to deploy and manage scalable, secure, mobile applications. It supports the IEEE 802.11i security specification and wireless IDS, application-aware switching, location tracking, voice and seamless indoor/outdoor mobility. The Smart Mobile family of wireless products includes high-performance Mobility Exchange® WLAN controllers and Mobility Point® access points for secure indoor and outdoor wireless networks, Mobility System Software« and RingMaster® lifecycle WLAN management software."
953 Semtek Innovative Solutions Corporation
12777 High Bluff Drive
San Diego, CA 92130
USA

-Patrick Farrell
TEL: 858-436-2270
FAX: 858-436-2280

CST Lab: NVLAP 100432-0

Cipher Cryptographic Module
(Hardware Version: P/N 7000-0008; Firmware Version: 1.00)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
06/23/2008
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #720); Triple-DES (Cert. #643)

-Other algorithms: N/A

Single-chip

"The Cipher Cryptographic Module is a hardware module that provides physical protection for cryptographic keys and sensitive application code. The module can be used by point-of-sale manufacturers as a secure, drop-in solution to provide cardholder data encryption."
952 Motorola, Inc.
1301 E. Algonquin Rd.
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

MCC7500 Secure Card Crypto Engine Cryptographic Module
(Hardware Version: R01.00.00; Software Versions: R02.01.10, R02.01.11, R01.11.00 and R02.07.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/05/2008;
06/05/2009;
12/06/2010
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); AES (Cert. #2); SHS (Cert. #335); RNG (Cert. #121)

-Other algorithms: DES; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; LFSR; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The MCC7500 Secure Card Crypto Engine is a multiprocessor, cryptographic PCI card that provides encryption services for up to 60 audio streams for the Secure Operator Position (B1908) and Secure Archiving Interface Server (B1918). Each Secure Operator Position will contain one Secure Card providing encryption services for 60 simultaneous audio streams. Each Secure AIS will contain 1 or 2 Secure Cards providing encryption services for 60 or 120 audio streams, respectively. The Spare Crypto Card (B1924) may be used to upgrade an Operator Position or AIS."
951 TANDBERG Telecom AS
Philip Pedersens Vei 20
1366 Lysaker
Oslo, Norway

-Stig Ame Olsen
TEL: +47 67838418
FAX: +47 67125234

CST Lab: NVLAP 200697-0

TANDBERG MXP Codec
(Firmware Version: F6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 05/22/2008 Overall Level: 1 

-Tested: TANDBERG 6000 MXP server running Nucleus RTOS version 1.13.5 (PowerPC Freescale MPC8270), pSOS version 254 (video processor Phillips PNX1500) and DSP/BIOS version 5.20.05 (audio processor TI6713)

-FIPS Approved algorithms: Triple-DES (Cert. #514); AES (Cert. #504); DSA (Cert. #208); SHS (Cert. #574); RNG (Cert. #282); RSA (Cert. #218); HMAC (Cert. #257)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The TANDBERG MXP Codec is the firmware installed on nineteen various TANDBERG codec servers supporting a full line of videoconferencing systems designed for medium-to-large groups, as well as individual desktops. The firmware provides secure video conferencing through encryption and authentication for point-to-point calls and multipoint calls with the speed of up to 768 kbps."
950 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiClient Crypto Module
(Software Version: 3.0.470)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 05/22/2008;
06/13/2008
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional, SP2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #679 and #680); Triple-DES (Certs. #621 and #622); SHS (Certs. #709 and #710); HMAC (Certs. #360 and #361); RNG (Cert. #396); RSA (Cert. #317)

-Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 110 bits of encryption strength; non-compliant)

Multi-chip embedded

"The FortiClient Crypto Module provides cryptographic services for Fortinet's FortiClient Host Security product (hereafter referred to as FortiClient). The primary purpose of the module is providing cryptographic support for FortiClient's IPSec feature. The module also provides cryptographic support for protecting FortiClient's critical security parameters, passwords and configuration information. The module is distributed as part of the FortiClient software package."
949 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiClient Crypto Module
(Software Version: 3.0.470)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 05/22/2008;
06/13/2008
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX270 runnning Windows XP Professional; SP2 with security patches 907865, 27802, 928255, 885835, 888302, 885250, 873333, 890859, 896422, 899587, 899588, and 896423

-FIPS Approved algorithms: AES (Certs. #679 and #680); Triple-DES (Certs. #621 and #622); SHS (Certs. #709 and #710); HMAC (Certs. #360 and #361); RNG (Cert. #396); RSA (Cert. #317)

-Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 110 bits of encryption strength; non-compliant)

Multi-chip embedded

"The FortiClient Crypto Module provides cryptographic services for Fortinet's FortiClient Host Security product (hereafter referred to as FortiClient). The primary purpose of the module is providing cryptographic support for FortiClient's IPSec feature. The module also provides cryptographic support for protecting FortiClient's critical security parameters, passwords and configuration information. The module is distributed as part of the FortiClient software package."
948 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Secure ACS FIPS Module
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/22/2008;
08/22/2011;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server Service Pack 4; Windows 2003 Service Pack 1 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #566); HMAC (Cert. #303); RNG (Cert. #331); RSA (Cert. #263); SHS (Cert. #632)

-Other algorithms: AES (AES Cert. #566, vendor affirmed; key wrapping; key establishment methodology provides 128 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Cisco Secure ACS FIPS Module is a software library that supports WPA2 security and is contained within a defined cryptographic boundary. It provides FIPS 140-2 validated support for EAP-TLS, EAP-FAST, PEAP and AES key wrap for 802.11i PMK transfer."
947 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tony Ureche
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

BitLocker™ Drive Encryption
(Software Version: 6.0.6000.16386)

(When operated in FIPS mode with Microsoft Kernel Mode Security Support Provider Interface and Microsoft Windows Cryptographic Primitives Library (Bcrypt.dll) validated to FIPS 140-2 under Cert. #891 and Cert. #892 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/22/2008;
08/22/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Vista Ultimate Edition (x86 Version) and Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Cert #715); HMAC (Cert #386); SHS (Cert #737)

-Other algorithms: Elephant Diffuser

Multi-chip standalone

"Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
946 Authernative, Inc.
201 Redwood Shores Parkway
Suite 275
Redwood City, CA 94065
USA

-Len L. Mizrah
TEL: 650-587-5263
FAX: 650-587-5259

CST Lab: NVLAP 200427-0

Authernative® Cryptographic Module
(Software Version: 1.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 05/16/2008;
06/23/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 with Sun JRE 1.5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #697); HMAC (Cert. #375); RNG (Cert. #408); SHS (Cert. #725); Triple-DES (Cert. #629)

-Other algorithms: MD5

Multi-chip standalone

"The Authernative Cryptographic Module is a software cryptographic module that is implemented as a software library. This software library provides cryptographic services for all Authernative products. The module provides FIPS-Approved cryptographic services for encryption, decryption, key generation, secure hashing, and random number generation."
945 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-50B
(Hardware Version: FortiGate-50B (C5GB38); Firmware Version: FortiOS 3.00, build 8568,070918)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/16/2008 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #489, #583 and #584); AES (Certs. #475, #613 and #614); SHS (Certs. #543, #661 and #662); HMAC (Certs. #232, #316 and #317); RSA (Cert. #285); RNG (Cert. #345)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength; non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
944 Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

Oberthur ID-One Cosmo 128 v5.5 D
(Hardware Version: P/N B0; Firmware Version: F310-067735)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/16/2008;
05/20/2008;
06/23/2008;
08/02/2010;
12/07/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #657); Triple-DES (Cert. #606); Triple-DES MAC (Triple-DES Cert. #606, vendor affirmed); SHS (Cert. #688); RSA (Cert. #304); RNG (Cert. #377); ECDSA (Cert. #70)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES MAC (AES Cert. #657; non-compliant)

Single-chip

"This new generation Oberthur Smart Card programmable module offers a highly secure architecture with state of the art on board cryptographic services that includes NSA SUITE-B cryptography for Top Secret classified information (symmetric encryption, message digest, and digital signature). Additional features include Logical Channels and Delegated Management. The module supports Java Card 2.2.2 and Global Platform 2.1.1.A and offers a full 128KB of EEPROM for customer data and keys. It is available with two communication interfaces (ISO 7816 for contact and ISO 14443 for contactless)."
943 SafeNet, Inc.
4690 Millenium Drive
Belcamp, MD 21017
USA

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

iKey 4000 USB Token
(Hardware Version: 909-40002-000 and 909-40002-006; Firmware Version: 3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/16/2008 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #455 and #755); Triple-DES (Cert. #472); SHS (Cert. #519); RSA (Cert. #174); RNG (Cert. #241)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant)

Multi-chip standalone

"The iKey 4000 is a powerful and portable two-factor authentication USB device suited for applications demanding high security. The iKey 4000 offers wide range of authentication services together with the highest levels of security. It offers powerful implementations for public and secret key encryption supporting RSA, Diffie-Hellman, SHA-1, Triple-DES, and AES."
942 Guidance Software, Inc.
215 North Marengo Avenue
Suite 250
Pasadena, CA 91101
USA

-Ken Basore
TEL: 626-229-9191
FAX: 626-229-9199

CST Lab: NVLAP 200017-0

EnCase Enterprise Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/16/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Intel Pentium 4 running Windows XP Professional SP2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #666); DSA (Cert. #248); SHS (Cert. #698); HMAC (Cert. #350); RNG (vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"EnCase Enterprise has changed the landscape of enterprise and computer investigations by providing complete network visibility, immediate response and comprehensive, forensic-level analysis of servers and workstations anywhere on a network. EnCase« Enterprise is a scalable platform that integrates seamlessly with your existing systems to create an enterprise investigative infrastructure. This cutting-edge solution can be tailored to meet your unique needs, including the automation of time-consuming investigative processes, incident response and eDiscovery."
941 Ericsson, Inc.
6300 Legacy Drive
Plano, TX 75024
USA

-Robert Walls
TEL: 972-583-3592
FAX: 972-583-1848

CST Lab: NVLAP 100432-0

AUC-10 GARP Cryptographic Module
(Hardware Version: P/N ROJ 208 16/3 R1A/1; Firmware Version: CXC 106 0272 R1C)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/16/2008 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #678); RNG (Cert. #394)

-Other algorithms: N/A

Multi-chip embedded

"The AUC-10 GARP Cryptographic Module (CM) is a multi-chip embedded module composed of the AGEN2R WCDMA Authentication Vectors Generation application executing on an Ericsson proprietary Generic Application Regional Processor (GARP) board. The 3rd Generation Partner Project (3GPP) organization defines standards followed by the telephony industry for 3G networks (GSM and WCDMA). The Authentication Center (AUC) is the specific entity that provides authentication and ciphering data to the WCDMA system."
940 IBM® Corporation
9032 S Rita Rd
Tucson, AZ 85744
USA

-James Karp

-Paul Greco

CST Lab: NVLAP 200427-0

IBM System Storage TS1120 Tape Drive - Machine Type 3592, Model E05
(Hardware Version: 23R6564 EC level H82149; Firmware Version: 95P5203 EC level H82669)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/16/2008 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #631 and #632); RNG (Cert. #362); RSA (Cert. #291); SHS (Cert. #671)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG

Multi-chip embedded

"The TS1120 / 3592 E05 Tape Drive provides full line speed, fully validated, hardware implemented, AES 256 bit encryption and compression of customer data recorded to tape. It ensures data confidentiality in the event of a lost tape while also supporting additional cryptographic functions for authentication and secure transfer of key material."
939 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Versions: 3.8.5.11b and 3.8.5.11c)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 04/23/2008 Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 8300 with BlackBerry OS Version 4.3

-FIPS Approved algorithms: Triple-DES (Certs. #653 and #654); AES (Certs. #734, #735, #736 and #737); SHS (Certs. #751 and #752); HMAC (Certs. #400 and #401); RSA (Certs. #344 and #345); RNG (Certs. #428 and #429); ECDSA (Certs. #78 and #79)

-Other algorithms: EC Diffie-Hellman key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
938 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation Secure Flash Drive Cryptographic Module
(Hardware Versions: P/Ns 46.012.001.01 Version 1.0, 46.012.001.02 Version 1.0, 46.012.001.04 Version 1.0, and 46.012.001.08 Version 1.0; Firmware Versions: 1.3 and 1.33)

(Files distributed with the module mounted within the CD Drive are excluded from the validation.)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/17/2008;
02/24/2009;
10/26/2011;
04/24/2012
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #655); RNG (Cert. #380); RSA (Cert. #305); SHS (Certs. #689 and #691)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant)

Multi-chip standalone

"The IronKey Secure Flash Drive has been designed to be the world's most secure flash drive. The onboard AES, RSA, SHA, and RNG engines deliver the gold standard in data and identity protection for consumers, enterprises, and government users alike. For more information, visit https://www.ironkey.com."
937 Imation Corp.
Discovery Bldg. 1A-041
One Imation Place
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

MXI Cryptographic NAND Controller (CNC)
(Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/17/2008;
06/23/2008;
06/01/2011;
04/24/2012
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555)

-Other algorithms: RSA (encrypt/decrypt)

Multi-chip embedded

"The MXI Cryptographic NAND Controller (CNC) provides FIPS 140-2 Approved security functionality to DiskOnKey USB flash drives. The CNC employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on FLASH memory. The module is a multi-chip embedded cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
936 Verbatim Americas LLC
1200 West WT Harris Blvd.
Charlotte, NC 28262
USA

-Mark Rogers
TEL: 704-547-6600
FAX: 704-547-6522

CST Lab: NVLAP 100432-0

Store 'n' Go Corporate Secure FIPS
(Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/17/2008;
06/23/2008
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555)

-Other algorithms: RSA (encrypt/decrypt)

Multi-chip embedded

"The Store 'n' Go Corporate Secure FIPS provides FIPS 140-2 Approved security functionality to DiskOnKey flash drives. The Store 'n' Go Corporate Secure FIPS employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on DiskOnKey FLASH memory. The module is a multi-chip embedded cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
935 Tait Communications
558 Wairakei Road
Christchurch, 8053
New Zealand

-Gordon Martin
TEL: +64 3 358 6622

CST Lab: NVLAP 200002-0

TEL_crypto_module
(Firmware Version: 1.1.0 [A] and 1.1.1 [B])

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 04/17/2008;
04/26/2013;
05/22/2013
Overall Level: 1 

-Tested: Texas Instruments TMS320C5509 [A], TMS320C5510 [A], TMS320C5505A [B], and TMS320C5505M1 [B] Digital Signal Processors

-FIPS Approved algorithms: AES (Certs. #537 and #2328); Triple-DES (Certs. #539 and #1462); SHS (Certs. #672 and #2012); HMAC (Certs. #327 and #1443); RNG (Cert. #343) [A]

-Other algorithms: RNG (non-compliant) [B]

Single-chip

"Firmware implementation of the Tait FIPS 140-2 Crypto module used in the Tait Electronics Ltd digital product range."
934 Neopost Technologies
113 rue Jean-Marin Naudin
Bagneaux, 92220
France

-Patrick Blanluet
TEL: 33 1 45 36 30 00
FAX: 33 1 45 36 30 10

CST Lab: NVLAP 100432-0

PSD Model 105, 106, 115, 116, 125, 126, 127, 128, 101, 102, 111, 112, 121, 122, 130, 132, 137, 138
(Hardware Versions: P/Ns 4129955L, 4129955LD or 4150859LB; Firmware Versions: P/N 4145524DA Version 22.4.3, P/N 4148361JA Version 22.17, P/N 4149089SA Version 22.17.1, P/N 4151502FA Version 23.06 or P/N 4152277NB Version 23.08)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/17/2008;
09/12/2008;
01/26/2009;
06/18/2009;
04/09/2010;
07/02/2010;
03/15/2011;
07/05/2011;
02/23/2012;
04/12/2012
Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS Approved algorithms: Triple-DES (Cert. #558); Triple-DES MAC (Triple-DES Cert. #558, vendor affirmed); AES (Cert. #563); SHS (Cert. #629); RNG (Cert. #328); RSA (Cert. #260); HMAC (Cert. #300)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength; non-compliant)

Multi-chip embedded

"Neopost PSD (Postal Secure Device) for Middle to High Range Franking Machines."
933 Trapeze Networks
5753 W. Las Positas Blvd.
Pleasanton, CA 94588
USA

-Ted Fornoles
TEL: 925-474-2602
FAX: 925-251-0642

CST Lab: NVLAP 100432-0

MP-422F Mobility Point
(Hardware Version: P/N MP-422F Rev. A; Firmware Versions: MSS 6.1.0.3, MSS 6.1.0.4 and MSS 6.1.1.2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/08/2008;
11/06/2008;
08/28/2009
Overall Level: 2 

-FIPS Approved algorithms: AES CCM (Cert. #641); HMAC (Cert. #330); SHS (Cert. #676)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; RNG (non-compliant)

Multi-chip standalone

"Trapeze Networks delivers Smart Mobile WLAN network solutions, enabling govt. agencies and enterprises to deploy and manage scalable, secure, mobile applications. It supports the IEEE 802.11i security specification and wireless IDS, application-aware switching, location tracking, voice and seamless indoor/outdoor mobility. The Smart Mobile family of wireless products includes high-performance Mobility Exchange® LAN controllers and Mobility Point® access points for secure indoor and outdoor wireless networks, Mobility System Software® and RingMaster® lifecycle WLAN management software."
932 SanDisk Corporation
601 McCarthy Boulevard
Milpitas, CA 95035-0459
USA

-Daniel Shefer
TEL: 408-801-1563
FAX: 408-801-8508

CST Lab: NVLAP 100432-0

S2 FIPS DiskOnKey Controller
(Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600, 6.612 and 6.615)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/08/2008;
05/08/2008;
06/23/2008;
10/16/2008
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555)

-Other algorithms: RSA (encrypt/decrypt)

Multi-chip embedded

"The SanDisk S2 FIPS DiskOnKey Controller provides FIPS 140-2 Approved security functionality to SanDisk DiskOnKey USB flash drives. The S2 FIPS DiskOnKey Controller employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on DiskOnKey FLASH memory. The module is a multi-chip embedded cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
931 Secure Computing Corporation
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Chuck Monroe
TEL: 651-628-2799
FAX: 651-628-2701

CST Lab: NVLAP 200017-0

Cryptographic Module for SecureOS® v9.7.1
(Software Version: 9.7.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/31/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SecureOS® v6.1 and v7.0 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #548); AES (Cert. #552); DSA (Cert. #225); SHS (Cert. #617); HMAC (Cert. #293); RSA (Cert. #248); RNG (Cert. #320)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cryptographic Module for SecureOS® is software providing cryptographic services for applications on versions of Sidewinder® and Sidewinder G2® Security Appliance™. Sidewinder is a line of comprehensive network gateway security appliances consolidating a variety of Internet security functions including TrustedSource™, IPS, firewall, VPN, anti-virus, anti-spam, SSL decryption, and more. Sidewinder G2® is Common Criteria EAL4+ certified as compliant with the US DoD Application-level Firewall Protection Profile for Medium Robustness."
930 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

Atalla Cryptographic Subsystem (ACS)
(Hardware Version: P/N 543856-001; Firmware Versions: Loader Version 1.0, PSMCU Version 7.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/14/2008;
09/19/2011
Overall Level: 4 

-FIPS Approved algorithms: AES (Cert. #406); RNG (Cert. #200); RSA (Cert. #148); SHS (Cert. #473)

-Other algorithms: N/A

Multi-chip embedded

"The ACS is a multi-chip embedded cryptographic module. It consists of a secure hardware platform (a full length PCI Card) and a secure firmware loader. The purpose of the module is to load application programs, called "personalities," in a secure manner."
929 Kingston Technology Company
17600 Newhope Street
Fountain Valley, CA 92708
USA

-Mark Akoubian
TEL: 714-438-2719
FAX: 714-427-3598

CST Lab: NVLAP 100432-0

Kingston S2 CM
(Hardware Version: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2008;
04/04/2008;
06/23/2008
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555)

-Other algorithms: RSA (encrypt/decrypt)

Multi-chip embedded

"The Kingston S2 CM is the core component of this performance secure USB Flash Drive. All data stored in the userÆs private partition is encrypted in hardware without reducing performance. The Kingston S2 CM provides encryption, user authentication and access control independent of the host software and hardware."
928 Comtech Mobile Datacom Corporation
20430 Century Blvd.
Gaithersburg, MD 20874
USA

-John Fossaceca
TEL: 240-686-2146
FAX: 240-686-3301

-Bill Vaughan
TEL: 240-686-3300
FAX: 240-686-3301

CST Lab: NVLAP 200427-0

MTM-203 Satellite Mobile Transceiver
(Hardware Version: P/N CMDC-203-X0GA1, Revision A2; Firmware Versions: Commercial Firmware: C.3.7.Y and C.3.7.Z, and Boot Code: 2.3.E)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/18/2008;
04/29/2008;
12/03/2008
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #626); HMAC (Cert. #245); RNG (Cert. #271); SHS (Cert. #561); Triple-DES (Cert. #502)

-Other algorithms: AES (key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; RNG (non-compliant); Triple-DES (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"CMDC's MTM-203 is a small, low power L-Band satellite transceiver for power, weight and space-restrictive applications. The MTM-203 is designed for easy integration into systems that benefit from secure, near real-time, over-the-horizon communications. The MTM-203 is based on battlefield proven technology that enables many new applications, such as handheld and covert devices. The module provides messaging connectivity worldwide with other mobile and terrestrial connected users of CMDC's proprietary network. CMDC's products operate on a variety of satellite providers without reconfiguration."
927 Mocana Corporation
350 Sansome Street
Suite 210
San Francisco, CA 94104
USA

-Lee Cheng
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Module
(Software Versions: 3.06.1, 3.06.1a and 4.2f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/14/2008;
05/08/2008;
06/05/2009;
11/20/2009;
12/08/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows CE 4.2; Linux Kernel 2.6; uCLinux Kernel 2.4; VxWorks 5.5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #665); Triple-DES (Cert. #611); SHS (Cert. #697); HMAC (Cert. #349); RSA (Cert. #308); DSA (Cert. #247); RNG (Certs. #384 and #443)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Mocana Cryptographic Module is used in conjunction with Mocana's scalable, high performance embedded security solutions. These include: Mocana EAP supplicant/authenticator, Mocana SSL/TLS Client & Server, Mocana SSH Client & Server and Mocana IPsec/IKE."
926

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/11/2008;
12/03/2008
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

925 Athena Smartcard Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

-Ste´phanie Motre´
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0

Athena IDProtect
(Hardware Version: P/N AT90SC25672RCT Revision D; Firmware Version: 0106.6340.0101)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/14/2008;
04/12/2013;
05/28/2014
Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #560); Triple-DES MAC (Triple-DES Cert. #560, vendor affirmed); AES (Cert. #577); SHS (Cert. #633); RNG (Cert. #332); RSA (Cert. #264)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength))

Single-chip

"Athena Smartcard Solutions is a global smart card company offering a wide range of smart card products and solutions for Government, Enterprise and Financial institutions. Athena's products include advanced smart card operating systems, cross-platform cryptographic middleware and innovative biometric and card management solutions as well as advanced smart card readers. Athena offers FIPS and VISA certified Java Card solutions for ID and Finance on various smart card silicon and in a variety of form-factors."
924 Certicom Corp.
5520 Explorer Drive
4th Floor
Mississauga, Ontario L4W 5L1
Canada

-sales@certicom.com
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200017-0

Security Builder® FIPS Module
(Firmware Versions: 4.0 B and 4.0 S)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 03/14/2008;
03/06/2009
Overall Level: 1 

-Tested: ARM 920T processor, running Hand Held Products BASE firmware 31205423-052; Hand Held Products Scanner firmware 31205480-025

-FIPS Approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
923 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200427-0

AirFortress® Wireless Security Gateways
(Hardware Versions: AF2100 and AF7500; Firmware Version: 3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/29/2008;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #550); HMAC (Cert. #291); RNG (Cert. #318); SHS (Cert. #615); Triple-DES (Cert. #546)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"The AirFortress® Wireless Security Gateways are electronic encryption modules that enforces network access rights and encrypts and decrypts communication across a WLAN. Installed by the vendor onto a production-quality hardware platform and deployable on any LAN or WAN, the AirFortress« Wireless Security Gateways provide encryption, data integrity checking, authentication, access control, and data compression."
922 Software House
6 Technology Park Drive
Westford, MA 01886
USA

-Rick Focke
TEL: 978-577-4266
FAX: 978-577-4392

CST Lab: NVLAP 200697-0

iSTAR eX Controller
(Hardware Version: STAREX004W-64; Firmware Version: 4.1.1.12045)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 02/29/2008;
03/07/2008;
02/10/2011
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #433); RNG (Cert. #283); SHS (Cert. #575); RSA (Cert. #219)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The iSTAR eX controller is a security door controller which is connected to at least one card reader and a door. The iSTAR eX controller works from a database stored internally in memory for determining access privilege of an individual. When a card is swiped by a reader the data goes to the iSTAR eX controller. The controller then sends a notify message to the access database to determine if access is allowed. If access is granted then the iSTAR eX controller sends an open command back to the door and access is granted. If access is not granted the door remains closed and locked."
921 Sterling Commerce, Inc.
4600 Lakehurst Court
Dublin, OH 43016-2000
USA

-Shryl Tidmore
TEL: 469-524-2681
FAX: 972-953-2690

-Terrence Shaw
TEL: 469-524-2413
FAX: 972-953-2816

CST Lab: NVLAP 200556-0

Sterling Crypto-C
(Software Version: 1.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/29/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Sun Solaris 10; IBM AIX 5L(TM) 5.3; and HP-UX 11i v2 (single-user mode)

-FIPS Approved algorithms: SHS (Cert. #655); HMAC (Cert. #312); RSA (Cert. #280); DSA (Cert. #235); RNG (Cert. #403); Triple-DES (Cert. #578); AES (Cert. #605)

-Other algorithms: DES; RC2; RC4; Blowfish; CAST; MD2; MD4; MD5; RIPEMD; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Sterling Crypto-C is a software module implemented as two dynamic libraries. Sterling Crypto-C provides security capabilities, such as encryption, authentication, and signature generation and verification for Sterling Commerce's managed file transfer solutions."
920 Security First Corp.
22362 Gilberto Suite 130
Rancho Santa Margarita, CA 92688
USA

-Rick Orsini
TEL: 949-858-7525
FAX: 949-858-7092

CST Lab: NVLAP 100432-0

SecureParser
(Software Versions: 4.5.0 and 4.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/29/2008 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3-Operational Environment: Tested as meeting Level 1 with Windows XP, Window Server 2003, Red Hat Linux Enterprise v4, SUSE Linux Enterprise v10 (single user mode)

-FIPS Approved algorithms: AES (Certs. #594 and #687); RNG (Certs. #330 and #401); RSA (Certs. #262 and #321); DSA (Certs. #229 and #260); SHS (Certs. #631and #716); HMAC (Certs. #302 and #366); ECDSA (Certs. #63 and #77)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength)

Multi-chip standalone

"The SecureParser is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
919 Hughes Network Systems
11717 Exploration Lane
Germantown, MD 20876
USA

-Vivek Gupta
TEL: 301-548-1292
FAX: 301-428-1868

CST Lab: NVLAP 200556-0

Hughes Crypto Kernel
(Firmware Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 02/29/2008 Overall Level: 1 

-Tested: Hughes 7700S Satellite Router running VxWorks 5.4

-FIPS Approved algorithms: AES (Cert. #616); SHS (Cert. #664); HMAC (Cert. #319); DSA (Cert. #239); RNG (Cert. #351)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 128 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-1."
918 Open Source Software Institute
Administrative Office
P.O. Box 547
Oxford, MS 38655
USA

-John Weathersby
TEL: 601-427-0152
FAX: 601-427-0156

CST Lab: NVLAP 200017-0

OpenSSL FIPS Object Module
(Source Content Version: 1.1.2; Resultant Compiled Software Version: 1.1.2)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files, including the specified OpenSSL distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation, protection, and initialization shall be completed as specified in Appendix C of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a FIPS 140-2 non-compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 02/29/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SuSE Linux Version 10.2 (gcc Compiler Version 4.1.2)

-FIPS Approved algorithms: Triple-DES (Cert. #613); AES (Cert. #668); SHS (Cert. #701); HMAC (Cert. #352); RSA (Cert. #310); RNG (Cert. #387)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (Cert. #250; non-compliant)

Multi-chip standalone

"The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from http://www.openssl.org/source/"
917 CardLogix Corporation
16 Hughes, Suite 100
Irvine, CA 92618
USA

-Ken Indorf
TEL: 949-380-1312
FAX: 949-380-1428

CST Lab: NVLAP 100432-0

CardLogix Credentsys-J
(Hardware Version: P/N AT90SC12872RCFT Rev. J; Firmware Version: Credentsys-J PIV applet Version 2.3.0.8, OS755 Version 07.0107.04)

(PIV Card Application: Cert. #9)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 02/13/2008;
04/29/2008;
02/06/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #566); Triple-DES MAC (Triple-DES Cert. #566, vendor affirmed); AES (Cert. #595); RNG (Cert. #339); RSA (Cert. #272); SHS (Cert. #644); CVL (Cert. #208)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"CREDENTSYS-J is a secure smart card that is designed for National ID systems and multi-use enterprise security environments. The CREDENTSYS-J card is based on Java Card TM 2.2.1 and Global Platform 2.1.1 architectures and is readily deployable into existing or new PKI environments. CREDENTSYS-J cards offer a combination of high performance and cost-effectiveness by running on advanced 32-bit RISC processor cores with TDES and PKI cryptographic accelerations."
916 SafeNet Inc.
350 Convention Way
Redwood City, CA 94063
USA

-Eric Murray
TEL: 650-261-2400
FAX: 650-261-2401

CST Lab: NVLAP 100432-0

DataSecure Appliance i416, i426 and i116
(Hardware Versions: P/N DS-0116-0100-00 (i116); P/N DS-0416-0100-00 (i416); P/N DS-0426-0100-00 (i426); Firmware Version: 4.6.2p01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/29/2008;
11/06/2008
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #565); AES (Cert. #588); DSA (Cert. #231); RNG (Cert. #335); RSA (Cert. #269); SHS (Cert. #640); HMAC (Cert. #306)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; SEED; MD5; RC4

Multi-chip standalone

"The SafeNet DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
915 Hughes Network Systems
11717 Exploration Lane
Germantown, MD 20876
USA

-Vivek Gupta
TEL: 301-548-1292
FAX: 301-428-1868

CST Lab: NVLAP 200556-0

Hughes Crypto Kernel
(Software Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 02/13/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #616); SHS (Cert. #664); HMAC (Cert. #319); DSA (Cert. #239); RNG (Cert. #351)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 128 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-1."
914 SBI Net Systems Co., Ltd.
Meguro Tokyu Bldg.
5th Floor
2-13-17
Kamiosaki Shinagawa-ku,, Tokyo 141-0021
Japan

-Hidemitsu Noguchi
TEL: +81 3 5447 2551
FAX: +81 3 5447 2552

CST Lab: NVLAP 200427-0

C4CS Lite and CSL software cryptographic modules
(Software Versions: 2.1.0 (C4CS Lite) and 2.1.0 (CSL))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/07/2008;
08/29/2008
Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows 2000 with SP3 and Q326886 Hotfix running on a Dell Optiplex GX400

-FIPS Approved algorithms: AES (Cert. #360); SHS (Cert. #435); RNG (Cert. #173); HMAC (Cert. #160); RSA (Cert. #207)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); C4Custom (C4CS Lite only); SSS

Multi-chip standalone

"C4CS Lite and CSL are software cryptographic modules that provide symmetric/asymmetric ciphers, hash functions, and secret sharing schemes in FIPS mode."
913 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 200427-0

Cisco Aironet LWAPP AP1131AG and AP1242AG Wireless LAN Access Points
(Hardware Versions: 1131 Revision C0, 1242 Revision A0; Firmware Versions: 4.1.171.0[1] and 4.1.185.10[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/07/2008;
03/07/2008;
11/06/2008;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #370, #591[1] and #592[1], #905[2] and #907[2]); HMAC (Certs. #308[1] and #498[2]); RNG (Certs. #337[1] and #520[2]); RSA (Certs. #270[1] and #441[2]); SHS (Certs. #642[1] and #895[2])

-Other algorithms: RC4; MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Cisco LWAPP Aironet 1131 & 1242 access points deliver the versatility, high capacity, security, and enterprise-class features required for small, medium and large Government deployments. In FIPS 140-2 mode of operation, the Cisco APs support the LWAPP, MFP, IEEE 802.11i & IEEE 802.1x standards & AES for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security. The Cisco APs are also Wi-FI CERTIFIED for IEEE 802.11a, IEEE 802.11b and IEEE 802.11g radio standards."
912 Sterling Commerce, Inc.
4600 Lakehurst Court
PO Box 8000
Dublin, OH 43016-2000
USA

-Shryl Tidmore
TEL: 469-524-2681

-Adrian Glanvill
TEL: 614-793-3757

CST Lab: NVLAP 200017-0

Sterling FIPS Crypto-J Module
(Software Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/12/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.3.1, 1.4.2 and 1.5.0 running on Windows XP 32-bit; Windows XP 64-bit; Red Hat Linux Application Server 3.0 32-bit; Red Hat Linux Application Server 4.0 64-bit; Solaris 9 32-bit; Solaris 9 64-bit; Solaris 10 32 bit SPARC (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #485); AES (Cert. #469); SHS (Cert. #537); HMAC (Cert. #227); RNG (Cert. #254); DSA (Cert. #193); ECDSA (Cert. #41); RSA (Cert. #191)

-Other algorithms: ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; DESX; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Sterling FIPS Crypto-J Module is a cryptographic toolkit for Java language users, providing services of various cryptographic algorithms such as hash algorithms, encryption schemes, message authentication, and public key cryptography."
911 Harris Corporation
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Dennis L. Warheit
TEL: 434-455-9205

CST Lab: NVLAP 200427-0

Harris Corporation Wireless Systems Cryptographic Library (SECLIB)
(Software Version: R1A)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/07/2008;
07/02/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Windows Server 2003 SP2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #637); Triple-DES (Cert. #591); SHS (Cert. #673); HMAC (Cert. #328); RNG (Cert. #363)

-Other algorithms: AES MAC (AES Cert. #637; non-compliant); DES; DES MAC

Multi-chip standalone

"The Harris Corporation Wireless Systems Cryptographic Library is a software-based cryptographic module that provides encryption, authentication, and other security support services to various M/A-Com product applications. It specifically satisfies FIPS 140-2 Level 1 requirements."
910 IBM® Corporation
Nymollevej 91
Lyngby, DK-2800
Denmark

-Crypto Competence Center Copenhagen
TEL: +45 4523 4441
FAX: +45 4523 6802

CST Lab: NVLAP 200427-0

IBM CryptoLite for Java
(Software Version: 4.2)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/07/2008;
03/07/2008;
06/24/2008
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista with Sun Java JRE 1.6.0 (single user mode)

-FIPS Approved algorithms: AES (Cert. #659); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECDSA (Cert. #71); HMAC (Cert. #341); RNG (Cert. #379); SHS (Cert. #692)

-Other algorithms: N/A

Multi-chip standalone

"The IBM CryptoLite for Java (CLiJ) v4 is a Java Cryptographic Extension (JCE) compliant cross-platform software library which provides APIs for the cryptographic functions specified in NSA Suite B. CLiJ includes specific high performance implementations of a number of cryptographic algorithms and services. CliJ has highly optimized elliptic curve operations and very efficient implementation of finite field arithmetic.CLiJ can be used on any JVM running Java version 1.5 or higher. CLiJ is compliant with ANSI X9.62, ANSI X9.63 and IEEE 1363."
909 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Kostas Vassilakis
TEL: 203-924-3610
FAX: 203-924-3409

CST Lab: NVLAP 100432-0

Pitney Bowes Cryptographic Coprocessor for Virtual Meter (CCV)
(Hardware Versions: P/Ns 41U0438 and 12R8561, Model 4764-001; Firmware Version: Miniboot FW v1.25, Segment 2 FW v1.3, CCV Application FW v3.02.05)

(When operated with module IBM eServer Cryptographic Coprocessor Security Module validated to FIPS 140-2 under Cert. #661 and operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/07/2008 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #215); Triple-DES MAC (Triple-DES Cert. #215, vendor affirmed); SHS (Cert. #194); DSA (Cert. #147); RNG (Cert. #132)

-Other algorithms: DES MAC

Multi-chip embedded

"The Pitney Bowes Cryptographic Coprocessor for Virtual Meter (CCV) module provides security services to support the secure accounting and cryptographic functions necessary for value evidencing of electronic transactions, such as the United States Postal Service Information-Based Indicium Program (USPS IBIP)."
908 GlobalSCAPE, Inc.
6000 Northwest Parkway
Suite 100
San Antonio, TX 78249
USA

-Mike Hambidge
TEL: 210-293-7921
FAX: 210-690-8824

CST Lab: NVLAP 200556-0

GlobalSCAPE® Cryptographic Module
(Software Version: 1.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/07/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #618); Triple-DES (Cert. #586); DSA (Cert. #240); SHS (Cert. #666); RSA (Cert. #287); HMAC (Cert. #320); RNG (Cert. #388)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD2; MD4; MD5; MDC2; RIPEMD160; Blowfish; CAST5; RC2; RC4; RC5; IDEA

Multi-chip standalone

"The GlobalSCAPE® Cryptographic Module (GSCM) provides cryptographic services for the GlobalSCAPE family of software products such as Secure FTP Server and EFT Server. The services include symmetric/asymmetric encryption/decryption, digital signatures, message digest, message authentication, random number generation, and SSL/TLS support. The GSCM is intended for use by applications through the moduleÆs Application Programming Interface (API), which is based on the OpenSSL API defined by the OpenSSL Project."
907 SBI Net Systems Co., Ltd.
Meguro Tokyu Bldg.
5th Floor
2-13-17
Kamiosaki Shinagawa-ku,, Tokyo 141-0021
Japan

-Hidemitsu Noguchi
TEL: +81 3 5447 2551
FAX: +81 3 5447 2552

CST Lab: NVLAP 200427-0

C4CS Lite and CSL software cryptographic modules
(Software Versions: 1.1.0 (C4CS Lite) and 1.1.0 (CSL))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/07/2008;
08/29/2008
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #360); SHS (Cert. #435); RNG (Cert. #173); HMAC (Cert. #160); RSA (Cert. #207)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); C4Custom (C4CS Lite only); SSS

Multi-chip standalone

"C4CS Lite and CSL are software cryptographic modules that provide symmetric/asymmetric ciphers, hash functions, and secret sharing schemes in FIPS mode."
906 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

ASA 5505 and ASA 5550
(Hardware Versions: 5505 and 5550; Firmware Versions: 7.2.2.18[1], 7.2.4.18[2] and 7.2.4.30[2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/25/2008;
03/06/2009;
05/18/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #105, #536[1], #564 and #1010[2]); HMAC (Certs. #125, #283[1], #301 and #567[2]); RNG (Certs. #144, #309[1], #329 and #570[2]); RSA (Certs. #106, #242[1], #261 and #485[2]); SHS (Certs. #196, #606[1], #630 and #968[2]); Triple-DES (Certs. #217, #538[1], #559 and #779[2])

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
905 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-200A/200A-HD, FortiGate-300A/300A-HD, FortiGate-500A/500A-HD and FortiGate-800
(Hardware Versions: FortiGate-200/200A-HD (build C4AY89); FortiGate-300/300A-HD (build C4FK88); FortiGate-500/500A-HD (build C4BE21); FortiGate-800 (build C4UT39); Firmware Version: FortiOS 3.00, build 8317, 061121)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/25/2008;
02/21/2008
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #486, #487, #489 and #490); RNG (Cert. #251); AES (Certs. #471, #472, #475 and #476); SHS (Certs. #539, #540, #543 and #544); RSA (Cert. #193); HMAC (Certs. #228, #229, #232 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength; non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
904 Foundry Networks
4980 Great America Pkwy
Santa Clara, CA 95054
USA

-Michael Hong
TEL: 408-207-1700

CST Lab: NVLAP 200427-0

Foundry Networks FIPS 140-2 Cryptographic Module
(Hardware Versions: FN1120-VBD-03-0200, FN1010-VBD-03-0200 and FN1005-VBD-03-0200; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/23/2008 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-DES Certs. #547 and #286, vendor affirmed)

-Other algorithms: AES-MAC (Certs. #551 and #189; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"The Foundry Networks FIPS 140-2 Cryptographic Modules resides on PCI card and provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
903 Foundry Networks
4980 Great America Pkwy
Santa Clara, CA 95054
USA

-Michael Hong
TEL: 408-207-1700

CST Lab: NVLAP 200427-0

Foundry Networks FIPS 140-2 Cryptographic Module
(Hardware Versions: FN1120-VBD-03-0200, FN1010-VBD-03-0200 and FN1005-VBD-03-0200; Firmware Version: 4.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/23/2008 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #551 and #189); DSA (Cert. #224); ECDSA (Cert. #58); HMAC (Cert. #292); RNG (Cert. #319); RSA (Cert. #247); SHS (Cert. #616); Triple-DES (Certs. #547 and #286); Triple-DES MAC (Triple-Des Certs. #547 and #286, vendor affirmed)

-Other algorithms: AES-MAC (Certs. #551 and #189; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; HMAC-MD5; KCDSA; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; GENERIC-SECRET; SSL PRE-MASTER; SEED; RC2-MAC; RC5-MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryptino strength); EC Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"The Foundry Networks FIPS 140-2 Cryptographic Module resides on a PCI card and provides cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. It is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
902 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks NetScreen-5GT
(Hardware Version: NS-5GT; Firmware Versions: 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/23/2008;
07/10/2008;
05/18/2009;
01/20/2011;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #532); AES (Cert. #525); DSA (Cert. #216); SHS (Cert. #598); RNG (Cert. #301); RSA (Cert. #235); HMAC (Cert. #276)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The NetScreen-5GT appliance is a feature-rich, enterprise-class, network security solution that integrates a complete set of best-in-class UTM security features including IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering which allow the NetScreen-5GT to defend the network against worms, Spyware, Trojans, malware and other emerging attacks. The NetScreen-5GT Ethernet solution is ideal for environments that need hardwired connectivity backed by robust network, application and payload level security."
901 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks NetScreen-500
(Hardware Version: NS-500; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/16/2008;
07/10/2008;
05/18/2009;
01/20/2011;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3

-FIPS Approved algorithms: DSA (Cert. #214); SHS (Cert. #590); Triple-DES (Cert. #527); AES (Cert. #517); HMAC (Cert. #268); RSA (Cert. #231); RNG (Cert. #293)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The NetScreen-500 is a purpose-built, security system designed to provide a flexible, high performance solution for medium and large enterprise central sites and service providers. The NetScreen-500 security system integrates firewall, DoS, VPN and traffic management functionality in a low-profile, modular chassis. It provides high levels of total throughput for firewall and VPN plus support for virtual systems and security zones."
900 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks SSG 5 and SSG 20
(Hardware Versions: P/N SSG-5 and SSG-20; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/16/2008;
07/10/2008;
05/18/2009;
01/20/2011;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #533); AES (Cert. #526); DSA (Cert. #217); SHS (Cert. #599); RNG (Cert. #302); RSA (Cert. #236); HMAC (Cert. #277)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks Secure Services Gateway 5 (SSG 5) and Secure Services Gateway 20 (SSG 20) are purpose-built security appliances that deliver a perfect blend of performance, security and LAN\WAN connectivity for small branch office and small business deployments. Traffic flowing in and out of the branch office can be protected from worms, Spyware, Trojans, and malware by a complete set of Universal Threat Management (UTM) security features including Stateful firewall, IPSec VPN, IPS, Antivirus (includes Anti-Spyware, Anti-Adware, Anti-Phishing), Anti-Spam, and Web Filtering."
899 IBM® Corporation
Nymøllevej 91
Lyngby, DK-2800
Denmark

-Crypto Competence Center Copenhagen
TEL: +45-4523-4441
FAX: +45-4523-6802

CST Lab: NVLAP 200427-0

IBM CryptoLite for C
(Software Version: 4.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 01/16/2008 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Vista Ultimate; Red Hat Enterprise Linux v4 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #615); Triple-DES (Cert. #585); SHS (Cert. #663); DSA (Cert. #238); RSA (Cert. #286); RNG (Cert. #350); HMAC (Cert. #318); ECDSA (Cert. #66)

-Other algorithms: DES; CAST-5; CAST-6; RC2; ArcFour; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides 112 to 256 bits of encryption strength; non-compliant less than 112 bits of encryptino strength); RSA (key wrapping; key establishment methodology provides 112 to 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD5; Whirlpool; HMAC MD5

Multi-chip standalone

"IBM CryptoLite is a C software package providing advanced cryptographic services in a very small footprint. CryptoLite supports public key encryption, digital signatures, symmetric ciphers, hash functions, message authentication codes, and other cryptographic algorithms through a simple programming interface. There are no runtime dependencies and the code has been optimized for high performance."
898 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks NetScreen-204 and NetScreen-208
(Hardware Versions: NS-204 and NS-208; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/16/2008;
07/10/2008;
05/18/2009;
01/20/2011;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA (Cert. #215); SHS (Cert. #591); Triple-DES (Cert. #528); AES (Cert. #518); HMAC (Cert. #269); RSA (Cert. #232); RNG (Cert. #294)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks NetScreen-200 Series is one of the most versatile pair of security appliances available today. They easily integrate and secure many different network environments, including medium and large enterprise offices, e-business sites, data centers, and carrier infrastructure. Complete with either four or eight auto-sensing 10/100 Base-T Ethernet ports, the NetScreen-200 Series performs firewall functions at wire speed (375 Mbps on the NetScreen-204 and NetScreen-208)."
897 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks NetScreen-5200 and NetScreen-5400
(Hardware Versions: NS-5200 and NS-5400; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/16/2008;
07/10/2008;
05/18/2009;
01/20/2011;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA (Cert. #212); SHS (Cert. #587); Triple-DES (Cert. #524); AES (Cert. #514); HMAC (Cert. #265); RSA (Cert. #228); RNG (Cert. #290)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks NetScreen-5000 series is a line of purpose-built, high-performance firewall/VPN security systems designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5000 series consists of two products: the 2-slot NetScreen-5200 system and the 4-slot NetScreen-5400 system. NetScreen-5000 security systems integrate firewall, VPN, DoS and DDoS protection, and traffic-management functionality, in a low-profile modular chassis."
896 Juniper Networks, Inc.
1194 N. Mathilda Avenue
Building 3
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks ISG 1000 and ISG 2000
(Hardware Versions: P/N NS-ISG-1000 and NS-ISG-2000; Firmware Versions: ScreenOS 5.4.0r4, v5.4.0r5, 5.4.0r6, 5.4.0r7, 5.4.0r8, 5.4.0r9, 5.4.0r10, 5.4.0r11, 5.4.0r12, 5.4.0r13, 5.4.0r14, 5.4.0r15, 5.4.0r16, 5.4.0r17, 5.4.0r18 and 5.4.0r19)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/16/2008;
07/10/2008;
05/18/2009;
01/20/2011;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: DSA (Cert. #213); SHS (Cert. #588); Triple-DES (Cert. #525); AES (Cert. #515); HMAC (Cert. #266); RSA (Cert. #229); RNG (Cert. #219)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength: non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks NetScreen ISG 1000 and ISG 2000 are Internet security devices that integrate firewall, virtual private networking (VPN), and traffic shaping functions. Through the VPN, the NetScreen ISG devices provide the following: IPSec standard security, Triple-DES, and Advanced Encryption Standard (AES) encryption, Manual and automated IKE (ISAKMP), and Use of RSA and DSA certificates."
895 Xirrus, Inc.
370 N. Westlake Blvd.
Suite 200
Westlake Village, CA 91362
USA

-Patrick Parker
TEL: 805-497-0955
FAX: 866-462-3980

CST Lab: NVLAP 100432-0

Xirrus Wireless LAN Array
(Hardware Versions: Models: XS-3900 P/Ns 190-0001-001, 190-0001-002, 190-0001-003, 190-0001-004 Version B1; XS-3700 P/Ns 190-0005-001, 190-0005-002, 190-0005-003, 190-0005-004 Version B1; XS-3500 P/Ns 190-0004-001, 190-0004-003 Version A1; WFX-3900 P/N 190-0016-001 Version A1; WFX-3700 P/N 190-0017-001 Version A1; WFX 3500 P/N 190-0018-001 Version A; XS4 P/N 190-0092-001 Version A; XS8 P/N 190-0091-001 Version A; XS16 P/N 190-0090-001 Version A; Firmware Version: 3.2-0477)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/10/2008 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #470); RNG (Cert. #255); HMAC (Cert. #304); SHS (Cert. #638); RSA (Cert. #290)

-Other algorithms: RC4; MD5

Multi-chip standalone

"The Xirrus Wireless LAN Array represents the next generation in enterprise wireless LAN architecture - combining the functionality of a WLAN switch and Integrated Access Points (IAPs) in a single device. The WLAN Array delivers Gigabit-class Wi-Fi bandwidth to an extended coverage area simplifying the wireless LAN setup."
894 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Version: 6.0.6000.16386)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #226); RNG (Cert. #321); SHS (Cert. #618); Triple-DES (Cert. #549); Triple-DES MAC (Triple-DES Cert. #549, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4

Multi-chip standalone

"DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
893 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Vista Enhanced Cryptographic Provider (RSAENH)
(Software Version: 6.0.6000.16386)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #553); HMAC (Cert. #297); RNG (Cert. #321); RSA (Certs. #255 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
892 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Microsoft Windows Cryptographic Primitives Library (bcrypt.dll)
(Software Version: 6.0.6000.16386)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #553); DSA (Cert. #227); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4

Multi-chip standalone

"BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
891 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Microsoft Kernel Mode Security Support Provider Interface (ksecdd.sys)
(Software Versions: 6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #890 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008;
10/16/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5

Multi-chip standalone

"KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
890 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Code Integrity (ci.dll)
(Software Version: 6.0.6000.16386)

(When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #889 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #255); SHS (Cert. #618)

-Other algorithms: N/A

Multi-chip standalone

"This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
889 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Winload OS Loader (winload.exe)
(Software Versions: 6.0.6000.16386, 6.0.6000.16476 and 6.0.6000.20586)

(When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #888 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #424); RSA (Cert. #255); SHS (Cert. #618)

-Other algorithms: N/A

Multi-chip standalone

"This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
888 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Dave Friant
TEL: 425-704-7984
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Boot Manager (bootmgr)
(Software Version: 6.0.6000.16386)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/10/2008 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition (x86 Version); Microsoft Windows Vista Ultimate Edition (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #424); HMAC (Cert.#298); RSA (Cert. #255); SHS (Cert. #618)

-Other algorithms: N/A

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
887 ARX (Algorithmic Research)
10 Nevatim Street
Kiryat Matalon, Petach Tikva 49561
Israel

-Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0

CoSign
(Hardware Version: 4.0; Firmware Version: 4.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/07/2008;
03/07/2008;
10/02/2009
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #498 and #523); Triple-DES MAC (Triple-DES Cert. #498, vendor affirmed); SHS (Certs. #554 and #586); HMAC (Cert. #241); RNG (Cert. #265); RSA (Cert. #227)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organizationÆs end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data."
886 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Client Bridge
(Hardware Version: 1.0; Firmware Version: 2.1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/07/2008;
03/26/2010;
05/17/2013
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #545); Triple-DES (Cert. #541); SHS (Cert. #609); RNG (Cert. #312); HMAC (Cert. #286)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); RSA (non-compliant); MD2; MD5; Blowfish; CAST; IDEA; RC2; RC4; RC5

Multi-chip standalone

"The Fortress Secure Client Bridge is a hardware module designed to deliver security on wireless and wired devices that cannot run the Fortress Secure Client software. A plug-and-play solution, the Secure Client Bridge encrypts and decrypts communication across the WLAN and LAN and protects the device against attacks without user intervention."
885 L-3 Communications Linkabit
3033 Science Park Road
San Diego, CA 92121
USA

-Rick Roane
TEL: 858-597-9097
FAX: 858-552-9660

CST Lab: NVLAP 100432-0

MPM-1000, 70 MHz Layout 1; MPM-1000, 70 MHz Layout 2; and MPM-1000, L-Band
(Hardware Versions: P/N 119811-1, 119903-30 and 119903-3; Firmware Version: 121423-00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/07/2008;
02/23/2009
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #439, #440 and #441); RNG (Cert. #228); DSA (Cert. #180); HMAC (Cert. #206); SHS (Cert. #507)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The MPM-1000 is a dual-use civilian/military modem used to transport IP data traffic over satellite communication links using a secure Multi-Frequency Time Division Multiple Access (MF-TDMA) protocol. The MPM-1000 also functions as a MIL-STD-165A modem for use in Single Channel Per Carrier (SCPC) Frequency Division Multiple Access (FDMA) satellite communications."


Need Assistance?