CMVP Main Page

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine if their product utilizes an embedded validated cryptographic module. There is inevitably a larger number of security products or applications available which use embedded validated cryptographic modules, than the number of modules which are found in this list. In addition, it is possible that other vendors, who are not found in this list, might incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the product or application that is being offered is either a validated cryptographic module itself (e.g. VPN, SmartCard, etc) or the product or application uses an embedded validated cryptographic module (toolkit, etc). Ask the vendor to supply a signed letter stating their application, product or module is a validated module or incorporates a validated module, the module provides all the cryptographic services in the solution, and reference the modules validation certificate number from this listing.

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSEC. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the indicated vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
1223	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085-4121 USA -John L. Sellers, Director of Federal Markets TEL: 703-338-4994	ProxySG 510 and ProxySG 810 (Hardware Versions: 100-02639, 106-02838, 106-02868, 100-02641, 106-02834 and 106-02884; Firmware Version: 5.3.1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/17/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #859); Triple-DES (Cert. #706); RSA (Cert. #413); DSA (Cert. #310); SHS (Cert. #854); HMAC (Cert. #476); RNG (Cert. #491) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet), and to provide acceleration and compression of transmitted data. The ProxySG is one of several appliance lines manufactured by Blue Coat"
1222	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085-4121 USA -John L. Sellers, Director of Federal Markets TEL: 703-338-4994	ProxySG 8100 (Hardware Versions: 100-02644, 106-02835 and 106-02883; Firmware Version: 5.3.1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/17/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #859); Triple-DES (Cert. #706); RSA (Cert. #413); DSA (Cert. #310); SHS (Cert. #854); HMAC (Cert. #476); RNG (Cert. #491) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet), and to provide acceleration and compression of transmitted data. The ProxySG is one of several appliance lines manufactured by Blue Coat"
1221	Bull SAS Rue Jean Jaurès B.P.68 Les Clayes sous Bois, 78340 France -Jean-Luc CHARDON TEL: +33 1 30 80 79 14 FAX: +33 1 30 80 78 87 -Pierre-Jean AUBOURG TEL: +33 1 30 80 77 02 FAX: +33 1 30 80 78 87	CHR Cryptographic Module (Hardware Version: 003/A; Firmware Version: V1.02-00L) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/17/2009	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: RSA (Cert. #438); SHS (Cert. #893) -Other algorithms: N/A Multi-chip standalone "The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR."
1219	Check Point Software Technologies Ltd. 12007 Sunrise Valley Dr. Suite 130 Reston, VA 20191 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972 3-7534561	VPN-1 (Firmware Version: NGX R65 with hot fix HFA 30) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	10/27/2009; 11/20/2009	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Tested: Dell PowerEdge 1750 and Power-1 5070 with Check Point SecurePlatform Operating System, version NGX R65 HFA 30 -FIPS-approved algorithms: Triple-DES (Certs. #338, #733, #824 and #825); AES (Certs. #257 and #1130); SHS (Certs. #332, #890, #1053 and #1054); HMAC (Certs. #67, #502, #642 and #643); RSA (Certs. #66, #132 and #537); RNG (Certs. #90 and #628) -Other algorithms: CAST 40 bit; CAST 128 bit; DES (Cert. #314); MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength) Multi-chip standalone "Check Point's VPN-1 version NGX (R65) with hot fix HFA 30 is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point's Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
1218	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Harinder Sood TEL: 301-944-1325 FAX: 301-670-6989	3e-636S-1 Accelerated Crypto Module (Hardware Version: 1.0(A); Firmware Version: 4.3.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1022 and #1023); Triple-DES (Certs. #783 and #784); SHS (Certs. #976 and #977); HMAC (Certs. #571 and #572); RNG (Cert. #583); RSA (Cert. #490) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip embedded "3eTI's 3e-636S-1 Accelerated Crypto Module provides AES and Triple-DES data encryption, SHS secure hashing, and HMAC keyed hashing at very high levels of sustained bandwidth. The 3e-636S-1 leverages built-in hardware-based cryptography to greatly accelerate device performance. The 3e-636S-1 is a robust, stand-alone inline encryptor which can straightforwardly be inserted into a network where FIPS 140-2 Validation is required. The 3e-636S-1 helps customers meet Federal Cryptography requirements at extremely high levels of performance, where traditional software-based algorithm implementation"
1217	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-546-4744	Cygnus X3 PSD Cryptographic Module (Hardware Version: P/N 1R84000 Version A; Software Version: 01.05.05; Firmware Version: 01.00.06) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2009	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: DSA (Cert. #234); SHS (Cert. #650); AES (Cert. #600); RNG (Cert. #592); HMAC (Cert. #311) -Other algorithms: N/A Single-chip "The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1216	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Peter Hayman TEL: 919-462-1900 x273 FAX: (919) 462-1933	SafeEnterprise™ Encryptor, Model 600 (Hardware Versions: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10014-00x, 904-10112-00x, 904-10113-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-25005-00x, 904-30013-00x, 904-511i0-00x and 943-511i0-00x; Firmware Version: 3.4.0.1) (Note: Refer to the cryptographic module’s security policy for the details on the letter i and x designations) Security Policy Certificate	Hardware	10/22/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #647); AES (Certs. #711, #713 and #725); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DSA (non-compliant) Multi-chip standalone "The SafeEnterprise™ Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks."
1214	Juniper Networks, Inc. One Rogers St. Sixth Floor Cambridge, MA 02142 USA -Robert Smith TEL: 617-949-4067 FAX: 617-547-1031	Odyssey Security Component Portable (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	10/19/2009	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #785 and #786); Triple-DES (Cert. #680); SHS (Cert. #788); HMAC (Cert. #431); DSA (Cert. #294); RSA (Cert. #374); RNG (Cert. #452) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / Portable is a C language version that can be compiled without modification for a variety of operating systems."
1213	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94002 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco 4402 and 4404 Wireless LAN Controllers (Hardware Versions: [4402, Revision Number A0 and 4404, Revision Number A0]; Opacity Baffle Version 1.0; Firmware Versions: 5.2.157.0, 5.2.178.5 or 5.2.193.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009; 11/20/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
1212	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101	Voice Processing Module Cryptographic Module (VPMCM) (Hardware Version: VPMCRYPTO_B; Firmware Versions: R01.01.03 and R01.00.00 (AES Cert. #819)) (When operated with AES Cert. #819) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The Motorola Voice Processing Module Cryptographic Module provides cryptographic services to the Voice Processing Module in which it is embedded. The Voice Processing Module provides dispatch console audio routing between a dispatch operator (e.g., 911 dispatcher), peripherals, and a local network."
1211	Motorola, Inc. 1 Motorola Plaza Holtsville, NY 11742 USA -Steven Chew TEL: 631-738-3507 FAX: 631-738-4164 -Bert Scaramozzino TEL: 631-738-3215 FAX: 631-738-4164	Motorola Wireless Fusion on Windows CE Cryptographic Module (Hardware Version: CX 55222; Software Version: 3.00.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hybrid	11/18/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows CE 6.0 -FIPS-approved algorithms: AES (Certs. #1035 and #1037); SHS (Cert. #988); HMAC (Cert. #581) -Other algorithms: RC4; TKIP Multi-chip standalone "Motorola Wireless Fusion Cryptographic Module is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
1210	Motorola, Inc. 1 Motorola Plaza Holtsville, NY 11742 USA -Steven Chew TEL: 631-738-3507 FAX: 631-738-4164 -Bert Scaramozzino TEL: 631-738-3215 FAX: 631-738-4164	Motorola Wireless Fusion on Windows Mobile Cryptographic Module (Hardware Version: CX 55222; Software Version: 3.00.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hybrid	11/18/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Mobile 6.1 -FIPS-approved algorithms: AES (Certs. #1036 and #1038); SHS (Cert. #989); HMAC (Cert. #582) -Other algorithms: RC4; TKIP Multi-chip standalone "Motorola Wireless Fusion Cryptographic Module is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
1209	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Peter Hayman TEL: 919-462-1900 x273 FAX: 919-462-1933	SafeEnterprise™ Encryptor, Model 650 (Hardware Versions: 904-53260-007 and 943-53270-007; Firmware Version: 3.4.0.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #647); AES (Certs. #710, #725 and #964); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DSA (non-compliant) Multi-chip standalone "The SafeEnterprise™ Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
1208	ARX (Algorithmic Research) 10 Nevatim Street Kiryat Matalon, Petach Tikva 49561 Israel -Ezer Farhi TEL: 972-3-9279529	CoSign (Hardware Version: 4.0; Firmware Version: 4.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #498 and #523); Triple-DES MAC (Triple-DES Cert. #498, vendor affirmed); SHS (Certs. #554 and #586); HMAC (Cert. #241); RNG (Cert. #265); RSA (Cert. #227) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data."
1207	Juniper Networks, Inc. One Rogers St. Sixth Floor Cambridge, MA 02142 USA -Robert Smith TEL: 617-949-4067 FAX: 617-547-1031	Odyssey Security Component User Mode and Odyssey Security Component Kernel Mode (Software Versions: Version 2.0 (Odyssey Security Component User Mode) and Version 2.0 (Odyssey Security Component Kernel Mode)) Validated to FIPS 140-2 Security Policy Certificate	Software	10/19/2009	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2; Microsoft Windows 2000 SP3 (single-user mode) -FIPS-approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / User Mode is a user mode binary module for the Windows operating system. OSC / Kernel Mode is a kernel-mode binary module for the Windows operating system."
1206	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94002 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Catalyst 3750G Integrated Wireless LAN Controller (Hardware Versions: P/N WS-C3750G, Version 02 and P/N 69-1707-01 (FIPS Kit); Firmware Versions: 5.2.157.0, 5.2.178.5 and 5.2.193.0) (When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009; 11/20/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 3750G Wireless LAN Controller provides centralized control and scalability for medium to large-scale wireless LAN networks and supports IEEE 802.11i wireless security and is Wi-Fi certified for WPA2. Cisco WLAN Controllers support voice, video, data services, intrusion protection (including Management Frame Protection (MFP), intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the U.S. Department of Defense (DoD)."
1205	Lexar Media, Inc. 47300 Bayside Parkway Fremont, CA 94538 USA -Mehdi Asnaashari TEL: 510-413-1200 FAX: 510-440-3499	JumpDrive SAFE S3000 (Hardware Versions: P/Ns LAD2GBCENAG600 [1,2], LAD4GBCENAG600 [1,2], LAD8GBCENAG600 [1,2] and LAD16GCENAG600 [1,2], Versions FC4410-EF-AB [1] and FC4410-EF-AC [2]; Firmware Version: 1511) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #877 and #990); HMAC (Cert. #491); RNG (Cert. #503); RSA (Cert. #424); SHS (Certs. #869 and #957); Triple-DES (Cert. #719) -Other algorithms: AES (Cert. #877, key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "Lexar Media introduces JumpDrive SAFE S3000, the world's first FIPS 140-2 Level 3 approved secure USB flash drive. The advanced flash drive combines an onboard cryptographic controller that encrypts all data stored on the secure partition by approved hardware-based AES 256bit, a smartcard chip that provides key management through proven technology, and a ruggedized tamper resistant housing to create a complete portable secure storage solution for all users looking to protect their data. For more information please visit http://www.lexar.com."
1204	Midland Radio Corporation 5900 Parretta Drive Kansas City, MO 64120 USA -David Berneking TEL: 816-462-0421	Midland Radio Base Station Cryptographic Module (Hardware Versions: 91-1060A, 91-1060B, 91-1110A, 91-1110B, 91-4050A, 91-4050B, 91-4100A, 91-4100B, 91-4100C, 91-4100D, 91-7100B and 91-8100B; Firmware Version: FIPS_ver010b) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #485); SHS (Cert. #945); HMAC (Cert. #548); DRBG (Cert. #7) -Other algorithms: DES Multi-chip standalone "The Midland BTIII Base Stations provide Project 25 encrypted and clear voice, data and Short Message Service communications in accordance with the Project 25 Digital Land Mobile Radio standards suite. In addition, conventional analog radio voice communications are supported. It is multi-chip standalone cryptographic module validated at a FIPS 140-2 Security Level 1."
1203	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 6000e, nShield F3 1500e, nShield F3 500e and nShield F3 10e (Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500 and nC4033E-030, Build Standard N; Firmware Version: 2.38.4-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1202	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 500 and nShield F2 10 PCI (Hardware Versions: nC3023P-500, nC3023P-10, Build Standard N; Firmware Version: 2.38.4-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #994 an #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1201	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 4000, nShield F2 2000 and nShield F2 500 (Hardware Versions: nC3023P-4K0, nC3023P-2K0, and nC3123P-500, Build Standard N; Firmware Version: 2.38.4-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1200	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI (Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10; Build Standard N; Firmware Version: 2.38.4-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #994 and #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1199	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 4000, nShield F3 2000, nShield F3 2000 for NetHSM, nShield F3 500 and nShield F3 500 for NetHSM (Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Version: 2.38.4-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 + EFP/EFT -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1198	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI (Hardware Versions: nC4033P-500, nC4033P-500N, and nC4033P-10, Build Standard N; Firmware Version: 2.38.4-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #994 and #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nCipher modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1197	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 6000e, nShield F3 1500e, nShield F3 500e and nShield F3 10e (Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500 and nC4033E-030, Build Standard N; Firmware Version: 2.38.4-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1196	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e (Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3032E-030, Build Standard N; Firmware Version: 2.38.4-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1195	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 4000, nShield F3 2000, nShield F3 2000 for NetHSM, nShield F3 500 and nShield F3 500 for NetHSM (Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Version: 2.38.4-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1194	Juniper Networks, Inc. One Rogers St. Sixth Floor Cambridge, MA 02142 USA -Robert Smith TEL: 617-949-4067 FAX: 617-547-1031	Juniper Network Connect Cryptographic Module (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	10/06/2009	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP Professional SP2 running on a Dell Optiplex GX270; Microsoft Windows 2000 Professional SP3 running on a Dell Optiplex GX400 -FIPS-approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Juniper Network Connect Cryptographic Module (JNCCM) is a general purpose cryptographic library. The JNCCM is a user mode binary module for the Windows operating system."
1193	Neopost Technologies 113 Rue Jean Marin Naudin Bagneux, 92220 France -Nathalie Tortellier TEL: 33 1 45 36 30 00 FAX: 33 1 45 36 30 10	PSD Model C22 (Hardware Version: P/N 4129955LD; Firmware Version: P/N 4145980DA Version 22.12) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/06/2009	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: AES (Cert. #563); SHS (Cert. #629); RNG (Cert. #328); RSA (Cert. #260); HMAC (Cert. #300); ECDSA (Cert. #62) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength) Multi-chip embedded "Neopost Canadian PSD (Postal Secure Device) for Low to High Range Franking machines."
1192	Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan -Hirotaka Kondo TEL: +81-46-202-8074 FAX: +81-46-202-6304	Sony Security Module (Hardware Version: 1.0.0; Firmware Version: 1.0.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/06/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 - -FIPS-approved algorithms: AES (Certs. #901 and #902); RNG (Cert. #517); RSA (Cert. #437); SHS (Cert. #882) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The Sony Security Module (SSM) is a multi-chip embedded cryptographic module that is encapsulated in a hard opaque commercial grade metal case. The cryptographic boundary is defined as the entire metal case perimeter, including all hardware, software, and firmware encapsulated within. The interfaces are all traces that cross the crypto graphic boundary. The primary purpose of the SSM is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1191	SanDisk Corporation 601 McCarthy Boulevard Milpitas, CA 95035 USA -Rotem Sela TEL: +972-4-9078811 FAX: +972-4-9078777	TrustedFlash v1.0 - microSD (Hardware Versions: HermonS2TM 256MB, HermonS2TM 512MB, HermonS2TM 1GB and HermonS2TM 2GB; Firmware Version: v1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2009; 11/20/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #643); RNG (Cert. #366); RSA (Cert. #294); SHS (Cert. #678); Triple-DES (Cert. #595) -Other algorithms: AES MAC (AES Cert. #643; non-compliant); DES; RNG; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip embedded "TrustedFlash(TM) v1.0 - microSD is SanDisk's proprietary TrustedFlash v1.0 security technology implemented on the microSD form factor which provides a platform for the implementation of an advance security technology that complies with FIPS 140-2 level 3 requirements. TrustedFlash provides authentication and data encryption that can be used with secured applications including e-commerce, protected digital content distribution and enabling users to play protected content, services and applications on authorized TrustedFlash-enabled devices, such as mobile phones, portable media players, etc."
1190	Raytheon Oakley Systems, Inc. 2755 E. Cottonwood Parkway Suite 600 Salt Lake City, UT 84121 USA -Mindy Gilbert TEL: 801-733-1443 FAX: 801-944-5800 -Morgan Greenwood TEL: 801-733-1433 FAX: 801-844-5800	FIPS Linux Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	09/21/2009	Overall Level: 1  -Operational Environment: Red Hat Enterprise Linux v4 (single-user mode) -FIPS-approved algorithms: AES (Cert. #943); HMAC (Cert. #524); SHS (Cert. #919) -Other algorithms: N/A Multi-chip standalone "The Raytheon Oakley Systems FIPS Linux Cryptographic Module is a software module providing cryptographic functionality for the Raytheon Oakley Systems InnerView insider threat product. InnerView is an enterprise monitoring, threat detection, and policy enforcement solution."
1189	Juniper Networks, Inc. One Rogers St. Sixth Floor Cambridge, MA 02142 USA -Robert Smith TEL: 617-949-4067 FAX: 617-547-1031	Odyssey Security Component (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	10/28/2009	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP Professional SP2 running on a Dell Optiplex GX270; Microsoft Windows 2000 Professional SP3 running on a Dell Optiplex GX400 -FIPS-approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / User Mode is a user mode binary module for the Windows operating system."
1188	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94002 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252 and AP1522 Wireless LAN Access Points (Hardware Versions: AP1131 Revision S0, AP1142 Revision A0, AP1242 Revision P0, AP1252 Revision F0 and AP1522 Outdoor Mesh Revision L0; Firmware Versions: 5.2.157.0, 5.2.178.5 and 5.2.193.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/20/2009; 11/20/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1005, #1006, #1007, #1008 and #1009); HMAC (Certs. #564, #565 and #566); RNG (Certs. #567, #568 and #569); RSA (Certs. #482, #483 and #484); SHS (Certs. #965, #966 and #967) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); RC4; MD5; HMAC MD5 Multi-chip standalone "The Cisco Aironet Lightweight 1142, 1131, 1252, 1242, 1522 access points deliver the versatility, high capacity and enterprise class security required for small, medium and large Government indoor and outdoor wireless deployments. In FIPS 140-2 mode of operation, the Cisco APs support the LWAPP, MFP, IEEE 802.11i & IEEE 802.1x standards & AES for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security."
1187	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, Florida 33326 USA -Juan Asenjo TEL: 954-888-6202 FAX: 954-888-6211	Datacryptor® Gig Ethernet v1.0 and v1.1 (Hardware Version: 1600X409 v1.00; Firmware Versions: v1.0 and v1.1) Security Policy Certificate Vendor Product Link	Hardware	09/21/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #454); DSA (Cert. #184); SHS (Cert. #517); RNG (Cert. #239) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Datacryptor® Gig Ethernet v1.0 and v1.1 are multi-chip standalone cryptographic modules. They secure communications using signed Diffie-Hellman key exchange and AES-256 encryption over Gigabit Ethernet networks. They provide data encryption over 1000baseX (802.3z) with supported media types of 1000BaseSX (short-haul fiber), 1000BaseLX (long-haul fiber) or 1000BaseCX (single twisted-pair copper). The units also provide integrated secure unit management capability employing the same techniques used for traffic encryption."
1186	Midland Radio Corporation 5900 Parretta Drive Kansas City, MO 64120 USA -David Kingsolver TEL: 816-462-0421	Syn-Tech III P25 Radio Series (Hardware Versions: STP105B, STP404A, STP404B, STM1050B, STM1055B, STM1115B, STM4040A, STM4045A, STM4040B, STM4045B, STM4085A, STM4085B, SDT1090, SDT4080A and SDT4080B; Firmware Versions: Control Micro-Processor Boot Firmware Version: 1.00 Build:1080, Control Micro-Processor Firmware Version: MDV 1.01 Build:3320, Digital Signal Processor(DSP) Firmware Version: SPV 1.03 Build:0556;) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #645); SHS (Cert. #916); HMAC (Cert. #521); DRBG (Cert. #5) -Other algorithms: DES Multi-chip standalone "The Midland Syn-Tech III P25 radios provide Project 25 encrypted and clear voice, data and Short Message Service communications in accordance with the Project 25 Digital Land Mobile Radio standards suite. In addition, conventional analog radio voice communications are supported. It is a multi-chip standalone cryptographic module consisting of production grade components in accordance to FIPS 140-2 security level 1."
1185	RELM Wireless Corporation 7100 Technology Drive West Melbourne, FL 32904 USA -Jim Holthaus TEL: 402-896-6406 FAX: 785-856-1302	FIPSCOM Cryptographic Module (Hardware Versions: P/N 7011-30967-000, Versions 071609 [1] and 071709 [2]; Firmware Versions: 0722-05072-000 [1] and 0722-05072-001 [2] (bootcodes) and 0722-05073-004 [1,2] (application)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2009; 10/16/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #899); RSA (Cert. #139); SHS (Cert. #462) -Other algorithms: DES; AES (AES Cert. #899, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip embedded "The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
1184	Fortinet, Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-5050 and FortiGate-5140 (Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5140 (build C4GL51); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Version: FortiOS 3.0, build8931, 081110) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/21/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #490, #742 and #743); RNG (Cert. #530); AES (Certs. #476, #925 and #926); SHS (Certs. #544, #909 and #910); RSA (Cert. #449); HMAC (Certs. #233, #516 and #517) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1183		Validated to FIPS 140-2 Security Policy Certificate	Software	08/31/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1182	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Suresh Subramanian TEL: 408-346-5682 FAX: 408-346-3463	Network Security Platform Sensor M-6050 and M-8000 (M-8000 P and M-8000 S) (Hardware Versions: P/Ns M-6050 (IAP-M65K-ISA, IFO-M65K-ISA, IIP-M65K-ISA) V1.4 and M-8000 (IAP-M80K-ISA, IFO-M80K-ISA, IIP-M80K-ISA) V1.4; Firmware Version: 4.1.11.26) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Blowfish; DES; MD5; TACACS Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are IPS & IDS systems that protect network infrastructures & endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, & encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments & permits the customer to receive real-time network status updates & alerts, implement customized security policies & incident response plans, & perform forensic analysis of attacks."
1181	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101	Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Version: P/N 5185912Y01; Firmware Version: R01.00.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); DES; DES-XL; DVP-XL; ADP; LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1180	Security First Corp. 22362 Gilberto #130 Rancho Santa Margarita, CA 92688 USA -Rick Orsini TEL: 949-858-7525 FAX: 949-858-7092	SecureParser® (Hardware Version: P/N AC2020-S, Version 1.0; Software Version: 4.7.0; Firmware Version: 1.0) (When operated in FIPS mode) Security Policy Certificate	Hybrid	08/31/2009	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Ubuntu 8; Windows 2003 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1017, #1027 and #1028); RNG (Cert. #584); RSA (Cert. #491); DSA (Cert. #346); SHS (Certs. #980 and #981); HMAC (Certs. #575 and #576); ECDSA (Cert. #123) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1027, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength) Multi-chip standalone "The SecureParser® is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
1179	SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA -Tom Dickens TEL: 408-392-4324 FAX: 408-392-0319	Hydra PC Personal Edition FIPS Module (Hardware Versions: P/Ns 880070103F [1], 880070104F [2] and 880070105F [3], Versions 01.00.01 [1,2] and 01.00.02 [3]; Firmware Versions: 01.02.12 [1] and 01.02.13 [2,3]) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/31/2009; 10/30/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #846, #850 and #858); SHS (Certs. #837 and #852); RNG (Cert. #486); DRBG (Cert. #3); ECDSA (Certs. #96 and #97) -Other algorithms: EC-Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #846, key wrapping) Multi-chip standalone "The Hydra PC Personal Edition FIPS Module is a multifunctional security device providing the U. S. Government's Suite B standard algorithms, including AES, ECC, and SHA-2. The Hydra PC Personal Edition FIPS Module stores encrypted files on a replaceable miniSD/miniSDHC memory card for almost unlimited storage capacity. An exclusive authentication feature can limit the use of a Hydra PC Personal Edition FIPS Module to a specifically designated enclave, preventing all external use even if the user knows the logon PIN. Comes with Microsoft Windows file interface."
1178	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® CA4 (Hardware Version: LTK-02-0501; Firmware Version: 4.6.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #933); DSA (Cert. #331); ECDSA (Cert. #116); HMAC (Cert. #522); RNG (Cert. #534); RSA (Cert. #452); SHS (Cert. #917); Triple-DES (Cert. #747); Triple-DES MAC (Triple-DES Cert. #747, vendor affirmed) -Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; AES-MAC, DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
1177	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCM (Hardware Version: LTK-02-0501; Firmware Version: 4.6.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #933); DSA (Cert. #331); ECDSA (Cert. #116); HMAC (Cert. #522); RNG (Cert. #534); RSA (Cert. #452); SHS (Cert. #917); Triple-DES (Cert. #747); Triple-DES MAC (Triple-DES Cert. #747, vendor affirmed) -Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; AES-MAC, DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1176	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.6.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #510 and #934); DSA (Cert. #332); ECDSA (Cert. #117); HMAC (Cert. #523); RNG (Cert. #535); RSA (Cert. #453); SHS (Cert. #918); Triple-DES (Certs. #520 and #748); Triple-DES MAC (Triple-DES Certs. #520 and #748, vendor affirmed) -Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1175		Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/13/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
1174	Hewlett-Packard Company, Atalla Security Products 19091 Pruneridge Ave. MS 4441 Cupertino, CA 95014 USA -Jane Blanchard TEL: 408-447-2168 FAX: 408-447-5525	Atalla Cryptographic Subsystem (ACS) (Hardware Version: P/N 545517-002; Firmware Version: Loader Version 1.02, PSMCU Version 7.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 4  -FIPS-approved algorithms: AES (Cert. #406); RNG (Cert. #200); RSA (Cert. #531); SHS (Cert. #473) -Other algorithms: N/A Multi-chip embedded "The Atalla Cryptographic Subsystem (ACS) is a multiple-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1173	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200	SSG 520M and SSG 550M (Hardware Versions: P/Ns SSG-520M (SSG 520M) and SSG-550M (SSG 550M); Firmware Version: ScreenOS 6.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #712); AES (Cert. #867); DSA (Cert. #315); RNG (Cert. #497); RSA (Cert. #418); SHS (Cert. #861); HMAC (Cert. #483); ECDSA (Cert. #104) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The SSG 500 Series consists of high-performance security platforms for regional branch office and medium-sized, standalone businesses that want to stop internal and external attacks, prevent unauthorized access and achieve regulatory compliance. The SSG 550/SSG 550M provides 1+ Gbps of stateful firewall performance and 500 Mbps of IPSec VPN performance, while the SSG 520/SSG 520M provides 650 Mbps of stateful firewall performance and 300 Mbps of IPSec VPN performance."
1172	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200	SSG 320M and SSG 350M (Hardware Versions: P/Ns SSG-320M (SSG 320M) and SSG-350M (SSG 350M); Firmware Version: ScreenOS 6.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #713); AES (Cert. #868); DSA (Cert. #316); RNG (Cert. #498); RSA (Cert. #419); SHS (Cert. #862); HMAC (Cert. #484); ECDSA (Cert. #105) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The SSG 300 Series comprises high-performance security platforms that help businesses stop internal and external attacks, prevent unauthorized access, and achieve regulatory compliance. The SSG 350M provides 500 Mbps of stateful firewall performance and 225 Mbps of IPSec VPN performance, while the SSG 320M provides 400 Mbps of stateful firewall performance and 175 Mbps of IPSec VPN performance."
1171	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200	SSG 140 (Hardware Version: P/N SSG-140; Firmware Version: ScreenOS 6.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #714); AES (Cert. #869); DSA (Cert. #317); RNG (Cert. #499); RSA (Cert. #420); SHS (Cert. #863); HMAC (Cert. #485); ECDSA (Cert. #106) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The SSG 140 is a high-performance security platform for branch offices and small/medium sized standalone businesses that want to stop internal and external attacks, prevent unauthorized access, and achieve regulatory compliance. The SSG 140 is a modular platform that delivers more than 350 Mbps of stateful firewall traffic and 100 Mbps of IPSec VPN traffic."
1170	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200	SSG 5 and SSG 20 (Hardware Versions: P/Ns SSG-5 (SSG 5) and SSG-20 (SSG 20); Firmware Version: ScreenOS 6.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #711 and #715); AES (Certs. #866 and #870); DSA (Certs. #314 and #318); RNG (Certs. #496 and #500); RSA (Certs. #417 and #421); SHS (Certs. #860 and #864); HMAC (Certs. #482 and #486); ECDSA (Certs. #103 and #107) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The SSG 5 and SSG 20 are high-performance security platforms for small branch office and standalone businesses that want to stop internal and external attacks, prevent unauthorized access and achieve regulatory compliance. Both the SSG 5 and SSG 20 deliver 160 Mbps of stateful firewall traffic and 40 Mbps of IPSec VPN traffic."
1169	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200	NetScreen-ISG 1000 and NetScreen-ISG 2000 (Hardware Versions: P/Ns NS-ISG-1000 (NetScreen-ISG 1000) and NS-ISG-2000 (NetScreen-ISG 2000); Firmware Version: ScreenOS 6.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #709); AES (Cert. #864); DSA (Cert. #312); RNG (Cert. #494); RSA (Cert. #415); SHS (Cert. #858); HMAC (Cert. #480); ECDSA (Cert. #101) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks ISG 1000 and ISG 2000 are fully integrated firewall/VPN systems that provide multi-gigabit performance, modular architecture and rich virtualization capabilities. They provide an ideal solution for large enterprise, data center, and service provider networks. The ISG Series firewall/VPN-based systems deliver security features such as Intrusion Prevention System (IPS), anti-spam, Web filtering, and Internet Content Adaptation Protocol (ICAP) antivirus redirection support."
1168	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200	NetScreen-5200 and NetScreen-5400 (Hardware Versions: P/Ns NS-5200/NS-5000-MGT2 (NetScreen-5200), NS-5200/NS-5000-MGT3 (NetScreen-5200), NS-5400/NS-5000-MGT2 (NetScreen-5400) and NS-5400/NS-5000-MGT3 (NetScreen-5400); Firmware Version: ScreenOS 6.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #710); AES (Cert. #865); DSA (Cert. #313); RNG (Cert. #495); RSA (Cert. #416); SHS (Cert. #859); HMAC (Cert. #481); ECDSA (Cert. #102) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks NetScreen-5000 Series is a line of purpose built, high-performance security systems designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5000 Series consists of two products, the 2-slot NetScreen-5200 and the 4-slot NetScreen-5400. The NetScreen-5000 Series security systems integrate firewall, DoS and DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
1167	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.6.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510 and #934); DSA (Cert. #332); ECDSA (Cert. #117); HMAC (Cert. #523); RNG (Cert. #535); RSA (Cert. #453); SHS (Cert. #918); Triple-DES (Certs. #520 and #748); Triple-DES MAC (Triple-DES Certs. #520 and #748, vendor affirmed) -Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1166	Accellion, Inc. 1900 Embarcadero Road, Suite 207 Palo Alto, CA 94303 USA -Prateek Jain TEL: 650-739-0095 FAX: 650-739-0561	Secure File Transfer Appliance (Hardware Version: P/N ACFIPS-01 Version 1.0.0; Firmware Versions: FTA_8_0_3 and FTA_8_0_136) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 10/02/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Certs. #843, #844 and #845); SHS (Certs. #835, #836 and #842); HMAC (Cert. #468); DSA (Cert. #307); Triple-DES (Cert. #771) -Other algorithms: Triple-DES (Cert. #771, key wrapping; key establishment methodology provides 80 bits of encryption strength); AES (Cert. #845, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Blowfish; MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Accellion Secure File Transfer Appliance is a key component of Accellion's secure file transfer solution that enables enterprises an easy to use solution for securely transferring large files. It helps eliminate FTP servers and offload file attachments from email resulting in improved email performance and reduced email storage. Extensive tracking and reporting tools enable companies to demonstrate compliance with SOX, HIPAA, FDA, and GLB regulations. Accellion appliances provide the highest level of security and ease of use of any enterprise file transfer solution."
1165	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Bridge (Hardware Versions: ES520V1, ES520V2 and ES300; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/18/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; Hardware RNG Multi-chip standalone "The Fortress Secure Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1164	Meru Networks 894 Ross Drive Sunnyvale, CA 94089 USA -Joe Epstein TEL: 408-215-5300 FAX: 408-215-5301	Meru Networks Security Gateway SG1000 Cryptographic Module (Hardware Version: P/N MN-SG1000; Firmware Version: 1.0-27) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #720); AES (Certs. #903 and #904); SHS (Cert. #894); HMAC (Cert. #493); RSA (Cert. #440); RNG (Cert. #518); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength) -Other algorithms: MD5; AES (Cert. #903, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Multi-chip embedded "The Meru Networks Security Gateway SG1000 Cryptographic Module is a high performance purpose built security solution for Wireless LAN deployments. The Meru Networks Security Gateway SG1000 Cryptographic Module provides a FIPS 140-2 Level 3 security solution conforming to the IEEE 802.11i security standards. The Meru Networks Security Gateway SG1000 Cryptographic Module is installed in a slot in the Meru Networks Security Gateway SG1000 appliance."
1163	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module for Luna® IS (Hardware Version: VBD-03-0100; Firmware Versions: 5.2.5 and 5.2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510, #910 and #913); Triple-DES (Certs. #520, #728 and #738); DSA (Certs. #320 and #326); RSA (Certs. #442, #444, #454 and #455); ECDSA (Certs. #110 and #112); SHS (Certs. #898 and #900); HMAC (Certs. #507 and #509); Triple-DES MAC (Triple DES Certs. #520, #728 and #738; vendor affirmed); RNG (Certs. #522 and #523) -Other algorithms: AES MAC (AES Certs. #510, #910 and #913; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip embedded "The Luna® PCI for Luna® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
1162	Brocade Communications 1745 Technology Drive San Jose, CA 95110 USA -Greg Farris TEL: 408-333-7315	Brocade Encryption Switch/FS8-18 Cryptographic Module (Hardware Versions: BES P/N 60-1001079-01 and FS8-18 P/N 60-1001078-01) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/29/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #596 and #851); AES GCM (AES Cert. #851, vendor affirmed); RNG (Cert. #358); HMAC (Cert. #346); SHS (Certs. #645 and #844); RSA (Certs. #337 and #407) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); ECC-CDH (non-compliant); AES (Cert. #596, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip embedded "Cryptographic module for the Brocade Encryption Switch and FS8-18."
1161	Fortinet, Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-1000A and FortiGate-3600 (Hardware Versions: FortiGate 1000A (build C4WA49) and FortiGate 3600 (build C4KW75); Firmware Version: FortiOS 3.0, build8931, 081110) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/29/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #742, #743, #489 and #490); RNG (Cert. #530); AES (Certs. #925, #926, #475 and #476); SHS (Certs. #909, #910, #543 and #544); RSA (Cert. #449); HMAC (Certs. #516, #517, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1160	Motorola, Inc. 1301 East Algonquin Rd. Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	KVL 3000 Plus (Hardware Version: P/N T6717A; Firmware Version: R03.52.45) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/29/2009	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; LFSR; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR) Multi-chip standalone "The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
1159	RSA Security, Inc. 228 South Street Hopkinton, MA 01748 USA -Jeff Stone TEL: 508-249-1189 -Nirav Mehta TEL: 508-249-2964	RSA BSAFE® Crypto-Kernel (Software Version: 1.3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/29/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP2 (x86 Celeron); Windows Server 2003 SP2 (x64 AMD Athlon X2); Windows Server 2003 SP2 (Itanium 2) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1105); HMAC (Cert. #617); SHS (Cert. #1028) -Other algorithms: AES-XTS Multi-chip standalone "RSA BSAFE® Crypto-Kernel is a cryptographic library from RSA, The Security Division of EMC, to provide symmetric encryption, hashing, and message authentication code creation, in the operating system kernel. It provides Advanced Encryption Standard (AES) cipher, SHA-256 message digest, and HMAC capabilities."
1158	AirMagnet, Inc. 830 E. Arques Ave. Sunnyvale, CA 94085 USA -Tony Ho TEL: 408-400-1255 FAX: 408-744-1250	SmartEdge Sensor A5020, A5023, A5120 and A5123 (Hardware Versions: A5020, A5023, A5120 and A5123; Firmware Version: 8.5.0-12047) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/29/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #331); Triple-DES (Cert. #395); SHS (Cert. #406); RSA (Cert. #111); RNG (Cert. #152); HMAC (Cert. #135) -Other algorithms: RC4; RC2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); DES; Triple-DES (non-compliant); AES (non-compliant); IDEA; Blowfish; Twofish Multi-chip standalone "The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
1157	Sun Microsystems, Inc. 500 Eldorado Blvd., Bldg 5 Broomfield, CO 80021 USA -Alexander Stewart TEL: 303-272-7572 FAX: 303-272-3023	Sun StorageTek™ T10000A Tape Drive (Hardware Version: P/N 315462802; Firmware Versions: 1.40.108, 1.41.110 and 1.41.111) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/16/2009; 09/02/2009	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #495, #647, #941, #942 and #967); DRBG (Cert. #6); HMAC (Certs. #398 and #540); SHS (Certs. #736 and #937); RSA (Cert. #334) -Other algorithms: AES (Cert. #941, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5 Multi-chip standalone "The Sun StorageTek™ T10000A tape drive provides 500 GB native capacity and 120 MB/sec throughput. The T10000A is designed for maximum security and performance in enterprise-level applications. It employs AES-256 encryption to protect and authenticate customer data while also using AES-256 to provide secure and authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Sun KMA 2.x to provide a secure end-to-end management solution."
1156	Sun Microsystems, Inc. 500 Eldorado Blvd., Bldg 5 Broomfield, CO 80021 USA -Alexander Stewart TEL: 303-272-7572 FAX: 303-272-3023	Sun StorageTek™ T10000B Tape Drive (Hardware Version: P/N 315488302; Firmware Versions: 1.40.208, 1.41.210 and 1.41.211) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/16/2009; 09/02/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #495, #647, #941, #942 and #967); DRBG (Cert. #6); HMAC (Certs. #398 and #540); SHS (Certs. #736 and #937); RSA (Cert. #334) -Other algorithms: AES (Cert. #941, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5 Multi-chip standalone "The Sun StorageTek™ T10000B tape drive provides 1 TB native capacity and 120 MB/sec throughput using the same media and with backward read compatibility to the T10000A. Designed for maximum security and performance, the T10000B provides AES-256 encryption to protect and authenticate customer data and to provide secure, authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Sun KMA 2.x to provide a secure end-to-end management solution."
1155	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Mike Soto TEL: 408-902-8125 FAX: 408-853-3122	Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3) (Hardware Versions: 6506, 6509, 6506-E and 6509-E; Backplane chassis: Hardware Versions 1.1 (6506-E), 1.4 (6509-E), 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 5.7(SUP720-3B), 5.7 (SUP720-3BXL), 2.1 (SUP720-10GbE); IPSec VPN SPA; Hardware Version 1.0; Firmware Versions: Modular IOS 12.2(33)SXI and 12.2(33)SXI1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/16/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert #598); HMAC (Certs. #348 and #550); RNG (Certs. #356 and #554); SHS (Certs. #647 and #948); Triple-DES (Cert #569) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "The Catalyst 6500 series switches with the IPSec VPN SPA offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1154	Digi International, Inc. 11001 Bren Road East Minnetonka, MN 55343 USA -Brian O'Rourke TEL: 952-912-3444 FAX: 952-912-4952	Digi Passport 4 FIPS, 8 FIPS, 16 2 AC FIPS, 32 2 AC FIPS and 48 2 AC FIPS (Hardware Version: Rev. 1.1; Firmware Version: 1.2.0F) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/16/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #821); Triple-DES (Cert. #693); SHS (Cert. #819); RSA (Cert. #398); DSA (Cert. #301); RNG (Cert. #473); HMAC (Cert. #454) -Other algorithms: RC4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES Multi-chip standalone "The latest entry in Digi's advanced console management line, the Digi Passport provides secure remote access to the console ports of computer systems and network equipment. In addition to conventional serial console connections, the Digi Passport connects to the service processors of the leading server vendors. It also provides SMASH extensions to each of these network-based access protocols."
1153	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Mike Soto TEL: 408-902-8125 FAX: 408-853-3122	Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3) (Hardware Versions: 6506, 6509, 6506-E and 6509-E; Backplane chassis: Hardware Versions 1.1(6506-E), 1.4 (6509-E) and 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 5.7 (SUP720-3B), 5.7 (SUP720-3BXL) and 2.1 (SUP720-10GbE); IPSec VPN SPA: Hardware Version 1.0; Firmware Versions: IOS 12.2(33)SXI and IOS 12.2(33)SXI1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/01/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #598); HMAC (Certs. #348 and #549); RNG (Certs. #356 and #553); SHS (Certs. #647 and #947); Triple-DES (Cert. #569) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant) Multi-chip standalone "The Catalyst 6500 series switches with the VPN Services Port Adapter offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1152	IBM Corporation 9032 S Rita Road Tucson, AZ 85744 USA -David L. Swanson TEL: 520-799-5515 -Christine Knibloe TEL: 520-799-5719	IBM System Storage LTO Ultrium 4 Tape Drive (Hardware Versions: 23R9539 (Fibre Channel), 23R9904 (SAS), and 95P4613 (SCSI); Firmware Versions: df080911bf_89Bb.FC.fips.ro (Fibre Channel), df080911bf_89Bb.SAS.fips.ro (SAS), and df080911bf_89Bb.SCSI.fips.ro (SCSI)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/01/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #918 and #919); AES GCM (Certs. #918 and #919, vendor affirmed); RNG (Cert. #527); RSA (Cert. #446); SHS (Cert. #906) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IBM LTO Ultrium 4 Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Three different host interface types of the LTO Ultrium 4 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
1151	Rajant Corporation 400 E. King Street Malvern, PA 19355 USA -Marty Lamb TEL: 610-873-6788 x209	BreadCrumb® ME2 1S2F (Hardware Version: ME2 1S2F; Firmware Version: 10.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/01/2009	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #791 and #908); RSA (Cert. #378); SHS (Cert. #792); HMAC (Cert. #434); RNG (Cert. #455); -Other algorithms: RC4; MD5; Diffie-Hellman; AES (Cert #791, key wrapping) Multi-chip standalone "The Rajant BreadCrumb® ME2 1S2F is a rugged wireless transmitter-receiver that forms a mesh network (using InstaMesh®) when used in conjunction with other BreadCrumb® devices. This portable wireless mesh network node supports an open-standard IEEE 802.11 b/g radio with up to two antennas to enable data, voice and video applications."
1150		Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/22/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
1149	IronKey, Inc. 5150 El Camino Real, Suite C31 Los Altos, CA 94022 USA -Gil Spencer TEL: 650-492-4055 FAX: 650-967-4650	IronKey S200/D200 (Hardware Versions: P/Ns D2-S200-S01, D2-S200-S02, D2-S200-S04, D2-S200-S08, D2-S200-S16, D2-D200-S01, D2-D200-S02, D2-D200-S04, D2-D200-S08, D2-D200-S16 and D2-D200-S32; Firmware Versions: 2.0, 2.0.1, 2.0.2, 2.0.3 and 2.0.5) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009; 08/28/2009; 10/02/2009; 11/20/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1034); RNG (Cert. #587); RSA (Cert. #494); SHS (Certs. #986 and #987); HMAC (Cert. #579) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IronKey Secure Flash Drive includes a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1148	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Clint Winebrenner TEL: 919-564-9143	Cisco Unified Wireless IP Phone 7921G and 7925G (Hardware Versions: 7921G and 7925G; Firmware Version: 1.3(2)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #987 and #988); HMAC (Certs. #555 and #556); RNG (Cert. #560); RSA (Cert. #475); SHS (Certs. #954 and #955); Triple-DES (Cert. #773) -Other algorithms: HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); MD5 Multi-chip standalone "For workers who need to communicate while moving about the workplace or campus, the Cisco Unified Wireless IP Phone 7921G and 7925G provide wired phone capabilities in an easy-to-navigate, menu directed wireless phone. These phones can be programmed with six extensions or a combination of extensions and speed dials. Each have a 2-inch color display; speakerphone capabilities, a new combination charger and speakerphone stand. Additionally, the 7925G provides support for bluetooth headsets."
1147		Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/18/2009	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1146	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Version: 3.8.5.51) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	06/24/2009	Overall Level: 1  -Tested: BlackBerry Storm 9500 with BlackBerry OS Version 4.7 -FIPS-approved algorithms: Triple-DES (Cert. #750); AES (Certs. #946 and #947); SHS (Cert. #921); HMAC (Cert. #526); RSA (Cert. #456); RNG (Cert. #536); ECDSA (Cert. #118) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1145	Oberthur Technologies 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christopher Goyet TEL: 703-263-0100 FAX: 703-263-0503	Oberthur ID-One Cosmo 128 v5.5 for DoD CAC (Hardware Version: B0; Firmware Versions: F310-067733 with ASC library package v2.6.2B.3, ACA applet package v2.6.2B.4, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.4, and SMA applet package v2.6.2B.3) (PIV Card Application: Cert. #15) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #606); Triple-DES MAC (Triple-DES Cert. #606, vendor affirmed); RSA (Cert. #304); RNG (Cert. #377) -Other algorithms: RSA (key transport; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "This module is based on the Oberthur Dual Interface (ISO7816 & ISO14443) ID-One Cosmo family of Smart Cards that provide a secure Javacard platform with data storage and enhanced cryptographic processing capabilities specifically designed to fit the needs of government and enterprise personnel identification applications. This configuration runs ActivIdentity applet suite V 2.6.2B into its 144K EEPROM memory. The Applet Suite provides services for authentication, access control, generic container and PKI. It conforms to SP800-73-1 Transitional & End-Point Card Edge (for HSPD-12/PIV)."
1144	SCsquare Ltd. 2A Habarzel St. Ramat Hahayal Tel Aviv, 69710 Israel -Yossi Fixman TEL: +972-3-7657-331 FAX: +972-3-649-4975	Apollo OS V4.03 on SLE66CX680PE m1534-a13 (Firmware Version 4.03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	06/24/2009	Overall Level: 3  -Tested: SLE66CX680PE m1534-a13 smart card controller IC -FIPS-approved algorithms: Triple-DES (Cert. #701); DSA (Cert. #306); SHS (Cert. #839); RNG (Cert.#483); RSA (Cert. #406); HMAC (Cert. #464) -Other algorithms: ECDSA (non-compliant) Single-chip "Apollo OS V4.03 on SLE66CX680PE is a multi-purpose smart card utilizing an ISO 7816 file system. Apollo OS V4.03 is implemented as firmware in ROM of an Infineon SLE66CX680PE smart card controller IC."
1143	Mitsubishi Electric Corporation Kamakura Works 325 Kamimachiya Kamakura, Kanagawa 247-8520 Japan -Masanori Sato TEL: +81-467-41-6640 FAX: +81-467-41-6975 -Koichiro Sasaki TEL: +81-467-41-6670 FAX: +81-467-41-6975	Command Encryption Module (Firmware Version: 1.1) (When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Firmware	06/24/2009	Overall Level: 2  -EMI/EMC: Level 3 -Tested: HP Compaq DC 5100 Running Microsoft Windows 2000 SP4 and Zone Labs Zone Alarm Pro Firewall version 7.0.481.000 -FIPS-approved algorithms: Triple-DES (Cert. #759) -Other algorithms: N/A Multi-chip standalone "Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
1142		Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/03/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1141	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	Cisco ASA 5505, 5510, 5520, 5540 and 5550 Security Appliances (Hardware Versions: 5505, 5510, 5520, 5540 and 5550; Firmware Versions: 8.0.4.16 and 8.0.4.28) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009; 07/17/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #564 and #966); HMAC (Certs. #125, #301 and #539); RNG (Certs. #144, #329 and #545); RSA (Certs. #106, #261 and #467); SHS (Certs. #196, #630 and #935); Triple-DES (Certs. #217, #559 and #760) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); ECDH (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
1140	EF Johnson Technologies 1440 Corporate Drive Irving, TX 75038-2401 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	Johnson Encryption Machine 2 (JEM2) (Hardware Version: 023-3900-183; Firmware Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/25/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #917); SHS (Cert. #904); HMAC (Cert. #512); DSA (Cert. #328); RNG (Cert. #526) -Other algorithms: AES (Cert. #917, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (AES Cert. #917, vendor affirmed; P25 AES OTAR); DES Multi-chip standalone "The EF Johnson Technologies Johnson Encryption Machine 2 (JEM2) is a cryptographic module meeting the FIPS140-2, Level 1 requirement. The JEM2 provides cryptographic operations to support Project 25 infrastructure. The JEM2 supports AES OTAR, AES, DSA, SHA-1, SHA-256, SHA-512, and HMAC FIPS Approved algorithms."
1139	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019 -Mike Soto TEL: 408-902-8125	Cisco 3271 High Performance Mobile Access Router Card (HMARC) (Hardware Version: A0; Firmware Version: 12.4(15)T7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/28/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #890 and #945); HMAC (Certs. #497 and #530); RNG (Cert. #511); RSA (Cert. #432); SHS (Certs. #881 and #920); Triple-DES (Certs. #727 and #749) -Other algorithms: DES; DES-MAC; TDES-MAC (non-compliant); MD5; MD4; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength) Multi-chip embedded "The Cisco 3271 Rugged ISR is a high-performance, ruggedized router designed to support multiple applications running concurrently over wired or wireless networks. With onboard hardware encryption, the Cisco 3271 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks."
1138	NitroSecurity Inc 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169	NitroView ESM/Receiver Cryptographic Module (Hardware Version: NS-ESMRCV-2250-R; Software Versions: 8.0.0.20080605 and 8.2.0) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroView ESM/Receiver is a multi-chip standalone cryptographic module consisting of production grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1137	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	ProtectServer Gold (PSG) (Hardware Version: Revision B4; Firmware Version: 2.07.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009; 07/24/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #921); DSA (Cert. #329); ECDSA (Cert. #114); HMAC (Cert. #515); RNG (Cert. #529); RSA (Cert. #448); SHS (Cert. #908); Triple-DES (Cert. #741); Triple-DES MAC (Triple-DES Cert. #741, vendor affirmed) -Other algorithms: AES MAC (AES Cert. #921; non-compliant); CAST 128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECIES; IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; SEED MAC Multi-chip standalone "The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
1136	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arie, Petach Tikva Israel -Chanan Lavi TEL: 972-3-9781111 FAX: 972-3-9781010	Aladdin eToken PRO (Java) HD (Hardware Versions: P/N Aladdin eToken PRO (Java) HD Version 4.29; Firmware Versions: 0106.7130.0207 or 0106.8015.0508 with Aladdin eToken v1.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #681); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); SHS (Cert. #789) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "Aladdin eToken PRO (Java) HD offers strong authentication and guaranteed non-repudiation for sensitive applications such a eBanking, stock trading, eCommerce and financial transactions. Aladdin eToken PRO (Java) HD is based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and Global Platform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
1135	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arie, Petach Tikva Israel -Chanan Lavi TEL: 972-3-9781111 FAX: 972-3-9781010	Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC (Hardware Versions: P/Ns Aladdin eToken PRO (Java) Version 4.29 and Aladdin eToken PRO (Java) SC Versions 7 or 8; Firmware Versions: 0106.7130.0207 or 0106.8015.0508 with Aladdin eToken v1.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #681); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); SHS (Cert. #789) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC offers strong authentication and guaranteed non-repudiation for sensitive applications such a eBanking, stock trading, eCommerce and financial transactions. Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC are based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and Global Platform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits incl"
1134	Mobile Armor, Inc. 400 South Woods Mill Road Suite 300 St. Louis, MO 63017 USA -Brian Wood TEL: 443-468-1238	Mobile Armor Cryptographic Module (Software Version: 3.0) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista; Microsoft Windows Vista 64-bit; Red Hat Enterprise Linux 5.1; Red Hat Enterprise Linux 5.1 64-bit; Fedora Core 8; Fedora Core 8 64-bit; Ubuntu 7.10; Ubuntu 7.10 64-bit; Apple OS X 10.5; Windows Mobile 6 (single user mode) -FIPS-approved algorithms: AES (Cert. #820); Triple-DES (Cert. #692); SHS (Cert. #818); HMAC (Cert. #453); RNG (Cert. #472) -Other algorithms: N/A Multi-chip standalone "The Mobile Armor Cryptographic Module 3.0 is a multi-chip standalone software module running on a standard IBM compatible personal computer, an Intel-based Mac, or a mobile device. On the PC, the software module can execute within a Linux, Microsoft Windows or Mac OS X operating system; while on a mobile device the module can be executed within a Windows Mobile Operating System."
1133	Stonewood Group Sanford Lane Wareham, Dorset BH20 4DY United Kingdom -Tim D. Stone TEL: +44 1929 55 44 00 FAX: +44 1929 55 25 25	FlagStone Core (Hardware Versions: V2.0.1.1, V2.0.1.2, V2.0.1.3, V2.0.2.1, V2.0.2.2, V2.0.2.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009; 06/01/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #922 and #923); RNG (Cert. #531) -Other algorithms: N/A Multi-chip embedded "The FlagStone Core is a multi-chip embedded cryptographic module used within the Eclypt and the Eclypt Freedom Drives. The FlagStone Core, and subsequently the Eclypt and Eclypt Freedom Drives utilising the FlagStone Core, provide access control and data encryption services to protect access to data stored on a HDD (Hard Disk Drive). All accessible sectors on a HDD connected to a FlagStone Core are encrypted."
1132	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766	McAfee Endpoint Encryption for Files and Folders (Software Versions: 3.1.1.7 and 3.1.2.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2009; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista 32; Microsoft Windows Vista 64; Microsoft Windows XP Professional (single-user mode) -FIPS-approved algorithms: AES (Cert. #891); DSA (Cert. #323); RNG (Cert. #512); SHS (Cert. #884) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RC5; AES (non-compliant) Multi-chip standalone "McAfee Endpoint Encryption for Files and Folders is a user transparent and high performing client software for encryption of files and folders on local drives, network shares, removable media and CD/DVD. E-mail attachments may also be encrypted for both internal and external recipients. In addition, the centralized McAfee Endpoint Encryption management system provides flexible and powerful management of encryption policies and keys, robust recovery tools, policy enforcement and remote deployment."
1131	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766	McAfee Endpoint Encryption for PCs (Software Versions: 5.1.6 and 5.1.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2009; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista 64; Microsoft Windows Vista 32; Microsoft Windows XP Professional (single-user mode) -FIPS-approved algorithms: AES (Cert. #893); DSA (Cert. #325); RNG (Cert. #514); SHS (Cert. #886) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "McAfee Endpoint Encryption for PC is a high performance software solution that provides sector-level encryption of a PC's hard drive in a manner that is totally transparent to the user. In addition, the centralized McAfee Endpoint Encryption management system provides robust recovery tools, administration, and implementation."
1130	CommVault Systems, Inc. 2 Crescent Place Oceanport, NJ 07757 USA -Zahid Ilkal, Product Manager TEL: 732-870-4812 FAX: 732-870-4525	CommVault Crypto Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	05/12/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Intel Core2 Duo w/ Microsoft Windows 2003; Intel Core2 Duo w/ Redhat Linux 5.0; UltraSPARC II w/ Sun Solaris 10 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #700); AES (Cert. #847); SHS (Cert. #838); HMAC (Cert. #465); RSA (Cert. #405); RNG (Cert. #482) -Other algorithms: DES; Blowfish; Serpent; Twofish; MD5; HMAC-MD5 Multi-chip standalone "CommVault Crypto Library (CVCL) is a cryptographic software module used in various products by CommVault Systems, Inc. The module provides a collection of FIPS Approved and Non-FIPS Approved cryptographic services for key generation, symmetric and asymmetric encryption, hash, HMAC and signature generation/verification."
1129	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -William McIntosh TEL: 813-288-7388 x117	Fortress Secure Client (Software Version: 4.1.1 Build 4278X) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/06/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP 4, Windows XP Professional SP 2, Windows 2003 Server SP2, Windows Vista Ultimate Edition (single-user mode) -FIPS-approved algorithms: AES (Cert. #975); HMAC (Cert. #547); RNG (Cert. #552); SHS (Cert. #944); Triple-DES (Cert. #768) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; RSA (non-compliant) Multi-chip standalone "The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
1128	NeoScale Systems, Inc. 1655 McCarthy Blvd Milpitas, CA 95035 USA -Marcus Streets TEL: 011-44-1223-723613 FAX: 011-44-1223-723601	CryptoStor Tape FC702R and FC704R (Hardware Versions: FC702R - P/N FA00005-00, Rev 6 and FC704R - P/N FA00006-00 Rev 8; Firmware Version: 2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/12/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #516); AES (Certs. #173 and #506); SHS (Certs. #258 and #577); RSA (Cert. #221); HMAC (Certs. #39 and #259); RNG (Cert. #285) -Other algorithms: N/A Multi-chip standalone "NeoScale CryptoStor Tape is a family of readily deployable, high-speed tape security appliances that compress, encrypt and digitally sign data as it goes to tape media or virtual tape without disrupting backup processes. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery. Used in conjunction with the NeoScale CryptoStor KeyVault key management system, CryptoStor Tape provides an automated, secure and open key sharing capability between locations, businesses or applications."
1127	NeoScale Systems, Inc. 1655 McCarthy Blvd. Milpitas, CA 95035 USA -Marcus Streets TEL: 011-44-1223-723613 FAX: 011-44-1223-723601	CryptoStor Tape SC702R (Hardware Version: P/N FAS00004-00 Rev 6; Firmware Version: 2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/12/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #516); AES (Certs. #173 and #506); SHS (Certs. #258 and #577); RSA (Cert. #221); HMAC (Certs. #39 and #259); RNG (Cert. #285) -Other algorithms: N/A Multi-chip standalone "NeoScale CryptoStor Tape is a family of readily deployable, high-speed tape security appliances that compress, encrypt and digitally sign data as it goes to tape media or virtual tape without disrupting backup processes. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery. Used in conjunction with the NeoScale CryptoStor KeyVault key management system, CryptoStor Tape provides an automated, secure and open key sharing capability between locations, businesses or applications."
1126	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-5050 Chassis with FortiGate-5001A-DW Blade (Hardware Versions: FortiGate-5001A-DW (P4CJ36), ADM-XB2 (AMC28F), ADM-FB8 (P4FB78) and FG-5050 (C4QP38); Firmware Version: FortiOS 3.00, build8864,080819) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/12/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); AES (Certs. #612, #613 and #614); SHS (Certs. #660, #661 and #662); RSA (Certs. #284 and #285); HMAC (Certs. #315, #316 and #317) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1125	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Bridge (Hardware Versions: ES520V1 and ES520V2; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/14/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5 Multi-chip standalone "The Fortress Secure Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1124	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766	McAfee Endpoint Encryption for Mobile (Software Versions: 2.3.0.5 and 2.4.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/01/2009; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Mobile 5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #892); DSA (Cert. #324); RNG (Cert. #513); SHS (Cert. #885) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "McAfee Endpoint Encryption for Mobile is a security system for smart phones and pocket PCs that prevents the data stored on such devices from being read or used by an unauthorized person. In simple terms, McAfee Endpoint Encryption for Mobile takes control of a user's data away from the operating system."
1123	Mobile Armor, Inc. 400 South Woods Mill Rd. Suite 300 Chesterfield, MO 63017 USA -Brian Wood TEL: 314-590-0900 FAX: 314-590-0995	Mobile Armor Cryptographic Module 3.5 (Software Version: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/24/2009	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Windows XP Professional SP2 running on Dell Optiplex GX270; Windows 2000 Professional SP3 running on Dell Optiplex GX400; Windows Server 2003 SP1 running on Dell Optiplex GX270; Red Hat Enterprise Linux Version 5 running on IBM System x3455; SUSE Linux Enterprise Server 10 SP1 running on IBM System x3455 -FIPS-approved algorithms: AES (Cert. #920); HMAC (Cert. #514); RNG (Cert. #528); SHS (Cert. #907); Triple-DES (Cert. #740) -Other algorithms: DES Multi-chip standalone "The Mobile Armor Cryptographic Module provides the core cryptographic functionality of Mobile Armor's Enterprise Mobile Data Security products which provide enterprise-level data encryption and device management."
1122	Kanguru Solutions 1360 Main St. Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462	Kanguru Biolock (Software Version: 1.0.1.8) (This module contains the embedded module Crypto++ validated to FIPS 140-2 under Cert. #819 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/14/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #499); SHS (Cert. #569); HMAC (Cert. #253); RNG (Cert. #279); DSA (Cert. #206); Triple-DES (Cert. #512 ) -Other algorithms: N/A Multi-chip standalone "Kanguru Solutions is the leader in portable secure storage devices. Kanguru Biolock addresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
1121	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Cygnus X-2 Postal Security Device (Hardware Versions: 1MEC BBC/BAJ (Canada), 1MES BBC/BAJ (Canada), 1MCT BBC/BAJ (Canada), 1MET BBC/BAJ (Canada), 1M00 BBC/BAJ (US) and 1M05 BBC/BAJ (US)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2009	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: ECDSA (Cert. #48); DSA (Cert. #200); SHS (Cert. #562); Triple-DES (Cert. #503); Triple-DES MAC (Triple-DES Cert. #503, vendor affirmed); RNG (Cert. #272); HMAC (Cert. #246) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1120	TecSec, Atmel, CPI Card Group, and Athena Smartcard 1048 Dead Run Drive McLean, VA 22101-2121 USA -Ron Parsons TEL: 301-639-5510 FAX: 703-506-1484	TecSec PIV Eagle Card - Contact (Hardware Version: P/N Atmel AT90SC144144CT Revision G; Software Version: P/N TecSec Contact PIV Applet Version 1.01 JCT; Firmware Version: P/N Athena IDProtect XL Version 010A.7204.0004) (PIV Card Application: Cert. #11) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #592); Triple-DES MAC (Triple-DES Cert. #592, vendor affirmed); AES (Cert. #639); SHS (Cert. #674); RNG (Cert. #364); RSA (Cert. #292) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "The TecSec PIV Eagle Card - Contact cryptographic module provides data security for government and enterprise personnel identification. The primary purpose of this device is to enable the creation of a dual-chip PIV smart card as described in [FIPS201] that is fully compliant with the end-point service specified in SP800-73-1. The CM contains two Java Card applets implementing the PIV functionality (the Software) running on a GlobalPlatform Java Card operating system (the Firmware). The CM is physically connected to a smart card contact plate as defined in [7816-1] and [7816-2]."
1119	LiteScape Technologies, Inc. 1000 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 USA -Kayvan Alikhani	LiteScape SPAR (Hardware Version: 021013A; Firmware Version: 1.0.7, Bootloader: v52b4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #822); HMAC (Certs. #455, #456 and #457); SHS (Certs. #820, #821 and #822) -Other algorithms: N/A Multi-chip standalone "SPAR (Secure Personal Authentication Reader) is a multi-factor authentication device that provides RFID, Biometric and Magnetic-card interfaces. Using the SPAR at the edge of VOIP networks when coupled with devices such as IP phone terminals dramatically increases the security, validation and personalization process for business applications."
1118	TecSec, Atmel, CPI Card Group, and Athena Smartcard 1048 Dead Run Drive McLean, VA 22101-2121 USA -Ron Parsons TEL: 301-639-5510 FAX: 703-506-1484	TecSec PIV Eagle Card - Contactless (Hardware Version: P/N Atmel AT90SC12872RCFT Revision M; Software Version: P/N TecSec Contactless PIV Applet Version 1.0 JCL; Firmware Version: P/N Athena ID Protect Duo Version 0107.7099.0105) (PIV Card Application: Cert. #11) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); SHS (Cert. #680); RNG (Cert. #368); RSA (Cert. #296) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "TecSec PIV Eagle Card - Contactless is a cryptographic module that may be configured as a contact or contactless PIV application. With this unique solution, a dual-chip product can be created without changing the user experience that assures the information stored on the contact chip is not compromised through the contactless interface. The CM is based on the Athena OS755 Java Card smart card operating system that is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 2 (Level 4 for physical security)."
1117	Chunghwa Telecom Co., Ltd. Telecommunication Laboratories 12, Lane 551, Min-Tsu Road SEC.5, Yang-Mei, Taoyuan, Taiwan 326 Republic of China -Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 -Char-Shin Miou TEL: +886-3-424-4381 FAX: +886-3-424-4129	HiKey - Flash and HiKey PKI Token (Hardware Versions: 1.5 and 1.8; Software Version: Card OS version 3.1 with GINA Applet: 1.0, PKI Applet: 2.0, FISC II Applet: 1.2; Firmware Version: 1.25) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RSA (Cert. #434); Triple-DES (Cert. #732); SHS (Cert. #889); RNG (Cert. #515); HMAC (Cert. #501); Triple-DES MAC (Cert. #732, vendor affirmed); AES (Cert. #896); -Other algorithms: AES-MAC (AES Cert. #896; non-compliant) Multi-chip standalone "The HiKey Flash and HiKey PKI Token modules are multi-chip standalone implementations of a cryptographic module. The Hikey - Flash and HiKey PKI Token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HiKey - Flash and HiKey PKI Token cryptographic modules contain an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart cards."
1116	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba AP-65, AP-70 and AP-85 Wireless Access Points (Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 and AP-85TX-F1 Rev. 01; Firmware Versions: Aruba OS 3.3.2-FIPS, ArubaOS 3.3.2.11-FIPS and ArubaOS 3.3.2.14-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009; 05/18/2009; 07/24/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #895 and #900); HMAC (Certs. #500 and #503); RNG (Cert. #516); RSA (Certs. #433 and #436); SHS (Certs. #887, #888 and #892); Triple-DES (Certs. #731 and #734) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1115	Safend Ltd. 32 Habarzel Street Tel Aviv, 69710 Israel -Alon Barel TEL: +972-3-644-2662 x225 FAX: +972-3-648-6146	Safend Cryptographic Library (Software Version: 3.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2009; 05/18/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional (single-user mode) -FIPS-approved algorithms: AES (Cert. #879); SHS (Cert. #870); HMAC (Cert. #492); RNG (Cert. #504) -Other algorithms: DES; SHA-256 (Cert. #870; non-compliant) Multi-chip standalone "The Safend Cryptographic Library offers reliable, simple and tamper-proof endpoint monitoring, device identification, and blocking based on administrator-defined policies. Protects all local, physical communications ports including USB, Firewire and PCMCIA, wireless endpoints such as WiFi, Bluetooth and IrDA, and removable and physical storage devices such as CD/DVD-RWs and iPods."
1114	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086-5301 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-310B (Hardware Version: C4ZF35; Firmware Version: FortiOS 3.00, build8864,080819) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/03/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #612, #613 and #614); Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); SHS (Certs. #660, #661 and #662); HMAC (Certs. #315, #316 and #317); RSA (Certs. #284 and #285) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1113	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-200A/200A-HD; FortiGate-300A/300A-HD; FortiGate-500A/500A-HD; FortiGate-800 (Hardware Versions: FortiGate-200/200A-HD (build C4AY89), FortiGate-300/300A-HD (build C4FK88), FortiGate-500/500A-HD (build C4BE21), FortiGate-800 (build C4UT39); Firmware Version: FortiOS 3.0, build8931, 081110) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/03/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #742, #743, #489 and #490); RNG (Cert. #530); AES (Certs. #925, #926, #475 and #476); SHS (Certs. #909, #910, #543 and #544); RSA (Cert. #449); HMAC (Certs. #516, #517, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1112	Technical Communications Corporation 100 Domino Drive Concord, MA 01742-2892 USA -Fidel Camero TEL: 978- 287-6303 FAX: 978-371-1280	CipherTalk® 8000 Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Mobile 5.0; Windows Mobile 6.1; Windows XP Embedded with SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #848); SHS (Cert. #840); RNG (Cert. #484); HMAC (Cert. #466) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 149 bits of encryption strength); Twofish Multi-chip standalone "The CipherTalk® 8000 Cryptographic Module is an Operating System Agnostic cipher engine, encapsulating all the cryptographic functions for TCC's CipherTalk family of wireless products. Its functions include encryption and key exchange algorithms, authentication algorithms, and integrity and verification algorithms."
1111	Open Source Software Institute 3610 Pearl Street Hattiesburg, MS 39401 USA -Steve Marquess TEL: 301-524-9915 FAX: 301-831-8447	OpenSSL FIPS Runtime Module (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	04/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Fedora Linux 9; Microsoft Windows XP SP 2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #623 and #624); AES (Certs. #681 and #682); SHS (Certs. #711 and #712); HMAC (Certs. #362 and #363); RSA (Certs. #318 and #319); DSA (Certs. #257 and #258); RNG (Certs. #397 and 398) -Other algorithms: DES; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL v0.9.8 product."
1110	Gesellschaft für sichere Mobile Kommunikation mbH Marienstrasse 11 Berlin, 10117 Germany -Bjoern Rupp TEL: +49 700 2797 8835 -Frank Rieger TEL: +49 700 2797 8835	CryptoPhone Security Kernel (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	03/26/2009; 07/08/2009	Overall Level: 1  -Operational Environment: Windows Mobile 5.0; Windows Mobile 6.1; Windows XP Embedded with SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #849); SHS (Cert. #841); RNG (Cert. #485); HMAC (Cert. #467) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 149 bits of encryption strength); Twofish Multi-chip standalone "The CryptoPhone Security Kernel is a portable multi-platform cryptographic module that provides strong encryption, authentication, key exchange, message integrity verification, and secure memory abstraction services to GSMK CryptoPhone encryption products. All GSMK products come with full source code for independent review."
1109	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba AP-120 Series Wireless Access Points (Hardware Versions: AP-124-F1 Rev. 01and AP-125-F1 Rev. 01; Firmware Versions: ArubaOS 3.3.2-FIPS, ArubaOS 3.3.2.11-FIPS and ArubaOS 3.3.2.14-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/26/2009; 05/18/2009; 07/24/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #861 and #900); HMAC (Certs. #478 and #503); RNG (Cert. #516); RSA (Certs. #435 and #436); SHS (Certs. #891, #856 and #892); Triple-DES (Certs. #708 and #734) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1108	Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.) 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701	Secure Firewall (Sidewinder) 1100E (Hardware Version: 1100; Firmware Version: 7.0.1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1107	Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.) 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701	Secure Firewall (Sidewinder) 2150E (Hardware Version: 2150; Firmware Version: 7.0.1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1106	Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.) 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701	Secure Firewall (Sidewinder) 4150E (Hardware Version: 4150; Firmware Version: 7.0.1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1105	AJA Video Systems, Inc. 443 Crown Point Circle Grass Valley, CA 95945 USA -Fred Dominikus TEL: 530-274-2048 FAX: 530-274-9442	JPG2K (Hardware Version: 102387-00; Firmware Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/26/2009	Overall Level: 3  -FIPS-approved algorithms: RSA (Cert. #392) -Other algorithms: N/A Multi-chip embedded "The JPG2K is a PCIe card that provides a platform for secure media processing."
1104	NitroSecurity Inc 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169	NitroView Receiver Cryptographic Module (Hardware Version: NS-RCV-2250-R; Software Versions: 8.0.0.20080605 and 8.2.0) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/26/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroView Receiver is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1103	NitroSecurity Inc 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169	NitroView ESM Cryptographic Module (Hardware Versions: NS-ESM-4245-R, NS-ESMR-4200-R and NS-ESM-5750-R; Software Versions: 8.0.0.20080605 and 8.2.0) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/26/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroView ESM is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1102	Hewlett-Packard Company 19091 Pruneridge Ave. MS 4441 Cupertino, CA 95014 USA -Jane Blanchard TEL: 408-447-2168 FAX: 408-447-5525	HP StorageWorks Secure Key Manager (Hardware Version: P/N AJ087B, Version 1.1; Firmware Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #653); DSA (Cert. #244); HMAC (Cert. #470); RNG (Cert. #375); RSA (Cert. #302); SHS (Cert. #847); Triple-DES (Cert. #604) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); KAS (vendor affirmed, key establishment methodology provides 80 bits of encryption strength); DES; MD5; RC4 Multi-chip standalone "The HP Secure Key Manager automates encryption key generation and management based on security policies. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
1101	PGP Corporation 200 Jefferson Dr. Menlo Park, CA 94025 USA -Vinnie Moscaritolo TEL: 650-319-9000 FAX: 650-319-9001	PGP Software Developer's Kit (SDK) Cryptographic Module (Software Version: 3.12.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/26/2009	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Mac OS X 10.5; Linux, 32-bit: Fedora Core 6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #753, #754 and #755); AES (Certs. #951, #954 and #955); RSA (Certs. #459, #460 and #461); DSA (Certs. #334, #335 and #336); SHS (Certs. #925, #926 and #927); HMAC (Certs. #529, #531 and #532); RNG (Certs. #538, #539 and 540) -Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD60; ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1100	Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972-37534561	Check Point Crypto Core (Software Version: 1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/26/2009; 05/28/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Mobile 6.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #430); Triple-DES (Cert. #459); SHS (Cert. #499); RSA (Cert. #162); HMAC (Cert. #202); RNG (Cert. #222); Triple-DES MAC (Triple-DES Cert. #459; vendor-affirmed) -Other algorithms: Blowfish; CAST-128; CAST-256; DES; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows Mobile 6. The module provides cryptographic services accessible user mode on the respective platforms through implementation of platform specific binaries."
1099	Gemalto Austin Arboretum Plaza II 9442 Capital of Texas Hwy North Suite 4 Austin, TX 78759 USA -Pedro Martinez TEL: 512-257-3871 FAX: 512-257-3881	Gemalto .NET Smart Card (Hardware Version: Infineon SLE 88CFX4000P; Firmware Versions: .Net Platform and Content Manager v2.2; FIPS Assembly v1.1; FIPS Access Manager v1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/10/2009; 03/19/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #719); AES (Cert. #877); RNG (Cert. #503); RSA (Cert. #424); SHS (Cert. #869); HMAC (Cert. #491) -Other algorithms: AES (key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "The Gemalto .NET v2.2 Smart Card Platform implements a subset of the .NET Framework with high end cryptographic capabilities, including Random Number Generation, on Board Key Generation, and encryption and hashing algorithms such as 3DES, AES, SHA, and 2048 bit RSA. The combination of advanced programmability provided by the .NET Framework and the high end security features make .NET v2.2 a perfect support for Enterprise and Government security solutions."
1098	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-3016B, FortiGate-3600A and FortiGate-3810A-E4 (Hardware Versions: C4XA14, V3BU94 and C3GV75; Firmware Version: FortiOS 3.00, build8785, 080605) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/10/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #612, #613 and #614); Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); SHS (Certs. #660, #661 and #662); HMAC (Certs. #315, #316 and #317); RSA (Certs. #284 and #285) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1097	NitroSecurity Inc. 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169	NitroGuard IPS cryptographic module (Hardware Versions: NS-IPS-620R-4C-B, NS-IPS-1220R-6C-B, NS-IPS-1220R-4C-2F-B, NS-IPS-620R-4C-BFS, NS-IPS-4245-R-4BTX, NS-IPS-4245-R-4BSX; Software Versions: 8.0.0.20080605 and 8.2.0) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/03/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroGuard IPS is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device. The network interface cards do not contain any security-relevant functionality. They are within the cryptographic boundary but are excluded from the evaluation."
1096		Validated to FIPS 140-2 Security Policy Certificate	Firmware	02/24/2009; 04/03/2009	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1095	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086-5301 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiWiFi-50B (Hardware Version: C5WF27; Firmware Version: FortiOS 3.00, build8802,080626) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/03/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #489, #583 and #584); AES (Certs. #475, #613; #614 and #758); SHS (Certs. #543, #661 and #662); HMAC (Certs. #232, #316 and #317); RSA (Cert. #285); RNG (Cert. #345) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5; DES Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1094	ERUCES, Inc. 11142 Thompson Ave. Lenexa, KS 66219 USA -Dr. Bassam Khulusi TEL: 913-310-0888 FAX: 913-859-9797 -Oggy Vasic TEL: 913-310-0888 FAX: 913-859-9797	Tricryption Cryptographic Module (Software Version: 7.0) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 R2; Red Hat Enterprise Linux 5 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #684); AES (Cert. #796); SHS (Cert.#795); HMAC (Cert. #437); RSA (Cert. #380); RNG (Cert. #457); ECDSA (Cert. #88) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "Tricryption Cryptographic Module is a software library providing cryptographic services for ERUCES' Tricryption family of high volume encryption & key management products including key servers, file, database, executables encryption, and special services (anonymization, de-identification, & privacy protection)."
1093	Vertex Standard Co., Ltd. 4-8-8 Nakameguro Meguro-Ku, Tokyo 153-8644 Japan -Yukimasa Tomita TEL: 81-3-5725-6112 FAX: 81-3-5725-6201	Vertex Standard Cryptographic Module 001 (Hardware Version: P/N 013790D; Firmware Version: 71.72) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/03/2009	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #813); SHS (Cert. #813) -Other algorithms: DES; LFSR Multi-chip embedded "The Vertex Standard Cryptographic Module 001 (VSCM) is a cryptographic module (also processes digital data) that is to be incorporated into two-way digital radio products. These digital radios are for use in communication with other APCO Project 25 compatible devices."
1092	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (Software Version: 3.0.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/24/2009; 03/06/2009	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux AS 4.0 (x86 32-bit) with LSB 3.0.3; Windows Vista Ultimate (x86 32-bit) - Visual Studio 2005 SP1 /MD option; Windows XP Professional SP2 (x86 32-bit) - Visual Studio 2005 SP1 /MT option (single user mode) -FIPS-approved algorithms: AES (Cert. #860); AES GCM (Cert. #860, vendor affirmed: SP 800-38D); DRBG (Cert. #4); DSA (Cert. #311); ECDSA (Certs. #98 and #100); HMAC (Cert. #477); RNG (Cert. #492); RSA (Cert. #412); SHS (Cert. #855); Triple-DES (Cert. #707) -Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1091	Kanguru Solutions 1360 Main St. Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462	KanguruLock (Software Version: 1.0.4.25) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single user mode) -FIPS-approved algorithms: AES (Cert. #243); SHS (Cert. #321); HMAC (Cert. #51); RNG (Cert. #78) -Other algorithms: N/A Multi-chip standalone "Kanguru Solutions is the leader in portable secure storage devices. KanguruLockaddresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
1090	Proxim Wireless Corporation 1561 Buckeye Drive Milpitas, CA 95035 USA -Cor van de Water TEL: 408-383-7626 FAX: 408-383-7680 -Kishore Gandham TEL: 408-383-7665	Tsunami MP.11 HS 245054_R, Tsunami MP.11 HS 245054_RC and Tsunami MP.11 HS 245054_S (Hardware Version: 2.0.0; Firmware Version: 1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/24/2009; 09/18/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #794 and #830); Triple-DES (Cert. #695); SHS (Cert. #826); DSA (Cert. #302); RSA (Cert. #400); HMAC (Cert. #461); RNG (Cert. #477) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Proxim Tsunami MP.11 HS 245054_R, 245054_RC, and 245054_S wireless products offer fixed and mobile WiMAX capabilities to distribute wireless broadband access supporting video, voice, and data applications. In FIPS mode, the modules support proprietary WORP protocol for wireless transmission and serial, TLS, SSH, and SNMP for management."
1089	Motorola, Inc. 6480 Via Del Oro San Jose, CA, CA 95119 USA -Colin R. Cooper TEL: 408-528-2871 FAX: 408-528-2903	RFS7000 RF Switch (Hardware Version: RFS7000; Firmware Versions: RFS7000-1.0.0.0-020GR and RFS7000-1.0.0.0-022GR) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	02/09/2009; 06/01/2009	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "Designed for large scale, high bandwidth deployments, the RFS7000 Wireless Switch from Motorola provides robust, highly scalable support for seamless enterprise mobility. Motorola's Wi-NG architecture, optimized for enterprise mobility and multimedia applications, simplifies network deployment and management, provides superior performance, security and scalability, and supports emerging RF technologies. Built on this platform, the RFS7000 enables campus wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service (QoS) and increased voice capacity."
1088	Motorola, Inc. 6480 Via Del Oro San Jose, CA, CA 95119 USA -Colin R. Cooper TEL: 408-528-2871 FAX: 408-528-2903	WS5100 Wireless Switch (Hardware Version: WS5100; Firmware Versions: WS5100-3.0.0.0-020GR and WS5100-3.0.0.0-022GR) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/09/2009; 06/01/2009	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #648 and #649); AES (Certs. #726, #727 and #772); SHS (Certs. #744 and #745); HMAC (Certs. #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The WS5100 Wireless Switch from Motorola provides enhanced support for enterprise mobility and multimedia applications, as well as security and manageability. Based on Motorola's Wi-NG (Wireless Next Generation) architecture, the WS5100 enables seamless campus-wide roaming, more robust failover capabilities, enhanced security, improved mobile client battery life, and increased voice capacity. Robust security features includes an IPSec VPN gateway, and secure guest access provisioning. The WS5100 supports 48 802.11 a/b/g Access Ports/Points for L2/L3 adoption and mobility."
1087	Lenel Systems International, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA -Robert Pethick TEL: 585-248-9720 FAX: 585-248-9185	FIPS Key Generator (Software Version: 2.1) (When operated with Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #382 operating in FIPS mode and Communication Server validated to FIPS 140-2 under Cert. #1086 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/09/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single-user mode) -FIPS-approved algorithms: AES (Cert. #327); RNG (Cert. #149); RSA (Cert. #81); SHS (Cert. #364); RNG (vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The FIPS Key Generator module's primary purpose is to provide a cryptographically secure means for generating 128-bit AES keys to be used as Master Keys within Lenel's Communication Server module. The FIPS Key Generator module is part of the Lenel advanced access control and alarm monitoring system which is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, biometrics and smart card support, is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1086	Lenel Systems International, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA -Robert Pethick TEL: 585-248-9720 FAX: 585-248-9185	Communication Server (Software Versions: 5.11.216 + Hot Fix 2.0.3 and 5.12.012 + Hot Fix 2.0.3) (When operated in FIPS mode with Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #382 operating in FIPS mode and FIPS Key Generator validated to FIPS 140-2 under Cert. #1087) Validated to FIPS 140-2 Security Policy Certificate	Software	02/09/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single-user mode) -FIPS-approved algorithms: AES (Cert. #327); RNG (Cert. #149); RSA (Cert. #81); SHS (Cert. #364); RNG (vendor affirmed) -Other algorithms: RC2 Multi-chip standalone "The Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1085	Gemalto and ActivIdentity Inc. Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA -Vincent Prothon TEL: 512-257-3810 FAX: 512-257-3881 -Stephane Ardiley TEL: 510-745-6288 FAX: 510-745-0101	SafesITe TOP DL GX4 - FIPS with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV (Hardware Versions: A1005291 - CHIP.P5CD144.MPH051B and A1011108 - CHIP.P5CD144.MPH051B; Firmware Version: GX4-FIPS EI08, Applet Versions: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.3, SMA applet package v2.6.2B.3) (PIV Card Application: Cert. #14) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/03/2009; 02/23/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #782); RNG (Cert. # 450); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed) -Other algorithms: N/A Single-chip "This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (128K EEPROM) memory, with a cryptographic applet suite V 2.6.2b developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container, PKI, One Time password and Secure Messaging (SMA). The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2"
1084	NetLib® A Subsidiary of Communication Horizons, LLC 65 High Ridge Road Suite 428 Stamford, CT 06905 USA -Neil Weicher TEL: 203-321-1278 x91	NetLib® Encryptionizer® for SQL Server (Software Version: 8.601.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	02/03/2009; 06/04/2009	Overall Level: 1  -EMI/EMC: Level 2 -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server; Windows 2003 Server; Windows 2003 x64 Server (single user mode) -FIPS-approved algorithms: AES (Cert. #857); SHS (Cert. #851); HMAC (Cert. #474) -Other algorithms: N/A Multi-chip standalone "The NetLib® Encryptionizer® for SQL Server 8.601.1 provides encryption of data stored in MS SQL Server databases and backups. It can be deployed without programming and without adding any administrative overhead. The purpose of whole database encryption is to make a database unusable if it is stolen, copied, downloaded, lost, or otherwise improperly accessed."
1083	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x72921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Versions: 3.8.5.42[1], 3.8.5.48[1] and 3.8.5.50a[2]) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	01/22/2009; 01/30/2009; 02/24/2009	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 9000 with BlackBerry OS Versions 4.6[1][2] and 4.6.1[2] -FIPS-approved algorithms: Triple-DES (Certs. #717, #718 and #739); AES (Certs. #873, #874, #875, #876, #915 and #924); SHS (Certs. #867, #868 and #902); HMAC (Certs. #489, #490 and #511); RSA (Certs. #422, #423 and #445); RNG (Certs. #501, #502 and #525); ECDSA (Certs. #108, #109 and #113) -Other algorithms: EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1082	Teletec Corporation 5617-107 Departure Drive Raleigh, NC 27616 USA -Diane Hunter TEL: 919-954-7300 FAX: 919-954-7500 -Harry Taji TEL: +962 65824941 FAX: +962 65844950	"Guardian" Subscriber Encryption Module (Hardware Version: R2; Firmware Versions: Main firmware: 1.00.02, Bootloader firmware: 1.00.01) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/22/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #826); SHS (Cert. #825); HMAC (Cert. #460); RNG (Cert. #476) -Other algorithms: N/A Multi-chip embedded ""Guardian" Subscriber Encryption Module (SEM) is a multi-chip embedded cryptographic module intended to be installed in conventional FM radio equipment to provide digital level of encryption with 256-bit AES cipher. Key and configuration are loaded using programming cable and specific software executed on a generic Windows personal computer. Module supports secure update of internal firmware, providing a mean for future enhancements."
1081	IBM Corporation 11400 Burnet Road Austin, TX 78758 USA -Tom Benjamin TEL: 512-286-5319 FAX: 512-436-8009	IBM Java JCE FIPS 140-2 Cryptographic Module (Software Version: 1.3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/22/2009; 03/13/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 using IBM JVM 1.6 (single-user mode) -FIPS-approved algorithms: AES (Cert. #805); DSA (Cert. #297); HMAC (Cert. #445); RNG (Cert. #463); RSA (Cert. #387); SHS (Cert. #803); Triple-DES (Cert. #687) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits and greater than 256-bits of encryption strength); MD5 Multi-chip standalone "The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.6 level and higher."
1080	BigFix, Inc. 1480 64th St. Suite 200 Emeryville, CA 94608 USA -Noah Salzman TEL: 510-740-0308 FAX: 510-652-6742 -Peter Loer TEL: 510-740-5158 FAX: 510-652-6742	BigFix Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	01/07/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Operational Environment: Tested as meeting Level 2 with AIX 5.2 running on IBM P610; HP-UX 11.11 running on HP C3000; SUSE Linux Enterprise Server 9 running on IBM eServer 325; Mac OS X 10.3.6 running on iMac G4; Red Hat Enterprise Linux 4 Update 2 Advanced Server running on HP XW4100 Pentium 4; Red Hat Enterprise Linux 4 Update 2 Advanced Server 64-bit running on HP ProLiant DL145 G2; Solaris 9 SPARC running on Sun Blade 150; Solaris 10 SPARC running on Sun Blade 150; Solaris 10 x86 running on Dell Precision 650; Windows 2000 Pro with SP3 running on Dell Optiplex GX400; Windows 2003 Enterprise Edition with SP1 running on Dell Optiplex GX270; Windows XP Pro with SP2 running on Dell Optiplex GX270 -FIPS-approved algorithms: Triple-DES (Cert. #688); AES (Cert. #806); DSA (Cert. #298); SHS (Cert. #804); HMAC (Cert. #446); RSA (Cert. #388); RNG (Cert. #464) -Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The BigFix Cryptographic Module 1.0 is a software library that runs on a wide variety of computing platforms and performs encryption, hashing, and random number generation functions."

Need Assistance?