CMVP Main Page

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

*** NOTE: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the module vendor.

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#	Vendor / CST Lab	Cryptographic Module	Module Type	Val. Date	Level / Description
1250	CipherOptics, Inc. 701 Corporate Center Drive Raleigh, NC 27607 USA -Ed Finn TEL: 412-262-2571 x102 FAX: 412-262-2574 CST Lab: NVLAP 200017-0	CipherOptics ESG100 and CipherOptics ESG1002 (Hardware Versions: ESG100, A and ESG1002, A; Firmware Version: 2.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/29/2009; 06/14/2010	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #209); RNG (Cert. #274) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5; HMAC MD5; DES; NDRNG Multi-chip standalone "The CipherOptics ESG100 and ESG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
1249	Oberthur Technologies 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503 CST Lab: NVLAP 100432-0	Oberthur ID-One Cosmo V7-n Lite (Hardware Version: P/N C6; Firmware Versions: FC10 with op-codes (069778 or 017964)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/29/2009; 02/05/2010; 08/02/2010	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); RNG (Cert. #480); RSA (Cert. #403); SHS (Cert. #833) -Other algorithms: Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 80 bits of encryption strength) Single-chip "This new generation Oberthur Smart Card programmable modules offers a highly secure architecture with state of the art on board cryptographic services that include Data Encryption Standard (2TDEA and 3TDEA) for symmetric encryption; Secure Hash Algorithm (SHA up to 512) for message digest; Elliptic-Curve Diffie-Hellman (ECDH) for key agreement and Digital Signature Algorithm (ECDSA up to f =521) for digital signatures. Additional features include Logical Channels and Delegated Management. The module supports Java Card 2.2.2 and Global Platform 2.1.1.A and is available in variable EEPROM sizes."
1248	Oberthur Technologies 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503 CST Lab: NVLAP 100432-0	Oberthur ID-One Cosmo V7-a (Hardware Versions: P/Ns BF [1, 2], C0 [3, 4], C3 [3, 4] and CF [5, 6]; Firmware Versions: 0801 with op-codes (071621 and 070534) [1], (071621 and 071891) [2], (071631 and 070544) [3], (071631 and 071901) [4], (071641 and 070554) [5] or (071641 and 071911) [6]) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/29/2009; 02/05/2010	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #770); Triple-DES MAC (Triple-DES Cert. #770, vendor affirmed); AES (Cert. #978); RNG (Cert. #555); RSA (Cert. #471); SHS (Cert. #949) -Other algorithms: Triple-DES (Triple-DES Cert. #770, key wrapping; key establishment methodology provides 80 bits of encryption strength) Single-chip "This new generation Smart Card programmable module offers a highly secure architecture with state of the art on board cryptographic services that include and even exceed NSA SUITE-B cryptography with Advanced Encryption Standard (AES up to 256); Secure Hash Algorithm (SHA up to 512); Elliptic-Curve Diffie-Hellman (ECDH) and Digital Signature Algorithm (ECDSA up to P-521). The module supports Java Card 2.2.2 and Global Platform 2.1.1.A with Delegated Management, and is available with contact (ISO 7816) and contactless (ISO 14443) communication interfaces."
1247	Good Technology, Inc. 101 Redwood Shores Parkway Suite 400 Redwood City, CA 94065 USA -Sriram Krishnan TEL: 650-486-6000 CST Lab: NVLAP 200002-0	FIPSCrypto on Windows Mobile (Software Version: 4.7.0.50906) Validated to FIPS 140-2 Security Policy Certificate	Software	12/29/2009; 02/05/2010; 06/02/2010; 10/25/2010; 01/20/2011; 07/19/2011; 10/18/2011; 04/04/2012; 09/27/2012; 10/25/2012; 04/24/2013	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows CE 5.2 -FIPS-approved algorithms: AES (Cert. #1219); Triple-DES (Cert. #879); SHS (Cert. #1122); HMAC (Cert. #712) -Other algorithms: N/A Multi-chip standalone "The FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1."
1246	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-923-3206 FAX: 203-924-3406 CST Lab: NVLAP 200427-0	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: MAXQ1959B-F50#; Firmware Version: 9.01.00; Indicia Type 0, 1, 2, 5, 7 and 8) (When operated in FIPS mode and configured by Pitney Bowes, Inc.) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/29/2009	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: DSA (Cert. #363); HMAC (Cert. #631); RNG (Cert. #623); SHS (Cert. #1043); Triple-DES (Cert. #817); Triple-DES MAC (Triple-DES Cert. #817, vendor affirmed) -Other algorithms: RNG (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
1243	Secure64 Software Corporation 5600 South Quebec Street Suite 320D Greenwood Village, CO 80111 USA -Christopher Worley TEL: 303-242-5890 FAX: 720-489-0694 CST Lab: NVLAP 200416-0	Secure64 Cryptographic Module (Firmware Version: 1.2) Validated to FIPS 140-2 Security Policy Certificate	Firmware	12/29/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested: Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx2660; Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx3600 -FIPS-approved algorithms: AES (Certs. #882 and #956); Triple-DES (Cert. #722); RNG (Cert. #507); SHS (Certs. #874 and #936); HMAC (Cert. #580); DSA (Cert. #350); RSA (Certs. #495 and #426) -Other algorithms: N/A Multi-chip standalone "The Secure64 Cryptographic Module is a firmware module designed for use only with systems based on Secure64 SourceT, a limited operational environment running on an Intel Itanium-based server platform. The Secure64 Cryptographic Module provides cryptographic functions that can be used by applications running in this environment. Example applications include DNSSEC signing (secure DNS using digital signatures), certificate management applications, etc. Example functions include key generation, secure key storage, encryption, decryption, hashing, and digital signing."
1242	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94002 USA -Global Certification Team TEL: FAX: CST Lab: NVLAP 100432-0	Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) (Hardware Versions: Chassis: Catalyst 6506 switch with FIPS Kit P/N 800-27009 [1], Catalyst 6506-E switch with FIPS Kit P/N 800-27009 [2], Catalyst 6509 switch with FIPS Kit P/N 800-26335 [3] and Catalyst 6509-E switch with FIPS Kit P/N 800-26335 [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL and WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2(18)SXF11, Cisco IOS Release 12.2.33-SXH5 and Cisco IOS Release 12.2(18)SXF7; WiSM: 5.2.157.0, 5.2.178.5, 5.2.193.0 and 5.2.193.11; Hardware)) (When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/29/2009; 07/02/2010; 07/30/2010; 08/22/2011; 02/23/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
1241	Bloombase, Inc. 955 Benecia Avenue Sunnyvale, CA 94085 USA -Certification Team TEL: 855-256-6622 FAX: 650-618-9898 CST Lab: NVLAP 200427-0	Bloombase Cryptographic Module (Software Version: 8.0) Validated to FIPS 140-2 Security Policy Certificate	Software	12/29/2009; 07/02/2010; 01/24/2013; 03/15/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Bloombase SpitfireOS 5 (single-user mode), JRE 1.6 -FIPS-approved algorithms: AES (Cert. #1041); HMAC (Cert. #583); RSA (Cert. #496); RNG (Cert. #591); SHS (Cert. #991) -Other algorithms: N/A Multi-chip standalone "Bloombase Cryptographic Module for multi-platforms is a scalable, generic and multipurpose module used by various Bloombase products, performing a broad range of approved cryptographic operations including encryption, key generation, key storage and zeroization, signature generation and verification, hashing, keyed hashing and random number generation, supporting services including cryptography, authentication, PKCS and key management, etc."
1239	Giesecke & Devrient and ActivIdentity Inc. 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Stephane Ardiley TEL: 510-745-6288 FAX: 510-745-0101 CST Lab: NVLAP 200427-0	Sm@rtCafé Expert 3.2 by Giesecke & Devrient with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV (Hardware Versions: P5CD080 M8.4 [1], P5CD080 PDM1.1 [1], P5CD144 M8.4 [2] and P5CD144 PDM1.1 [2]; Firmware Versions: CPDIxJC_RSEFI025CD080V402 [1] and CPDYxJC_RSEFI025CD144V503 [2], Applet Versions [1,2]: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.4, SMA applet package v2.6.2B.3) (PIV Card Application: Cert. #17) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/07/2009; 01/11/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #745 and #746); DSA (Certs. #277 and #278); RSA (Certs. #350 and #351); RNG (Certs. #433 and #434); SHS (Certs. #760 and #761); Triple-DES (Certs. #662 and #663); Triple-DES MAC (Triple-DES Certs. #662 and #663, vendor affirmed) -Other algorithms: DES; DES MAC; DSA (512-bits and 768-bits; non-compliant) Single-chip "This product combines the Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert(SCE) 3.2 and the ActivIdentity(AI) Applet framework v2.6.2b. SCE 3.2 is a JC2.2.1 & GP2.1.1 compliant dual-interface module supporting, at a minimum 2048-bit RSA, SHA-256 hash and 256-bit AES. AI Applet framework works over dual-interface and supports GSC-IS v2.1 & NIST SP800-73-1(for HSPD-12/PIV). The product supports Secure issuance and post-issuance along with SMA protocol(secure messaging) and One Time Password solution. Combined product is suitable for government and corporate deployments"
1237	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x72921 FAX: 519-886-4839 CST Lab: NVLAP 200017-0	BlackBerry Cryptographic Library (Software Version: 2.0.0.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/07/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional 2002 with SP3, 32-bit edition (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #819); AES (Cert. #1122); SHS (Cert. #1045); HMAC (Cert. #633); RNG (Cert. #625); ECDSA (Cert. #131) -Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry½ Cryptographic Library is a software module that provides cryptographic services to many BlackBerry½ desktop products such as the BlackBerry½ Enterprise Server, BlackBerry½ Desktop Software, and many other BlackBerry½ products."
1236	Oberthur Technologies 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503 -N/A TEL: N/A FAX: N/A CST Lab: NVLAP 100432-0	Oberthur ID-One Cosmo V7-n (Hardware Versions: P/Ns B0 [1,2], BA [1,2], C8 [1,2], C4 [1,2], C7 [1,2] and CA [1,2]; Firmware Versions: FC10 with op-codes 069778 [1] or 071964 [2]) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/07/2009; 02/05/2010; 08/02/2010	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); AES (Cert. #840); RNG (Cert. #480); RSA (Cert. #403); SHS (Cert. #833) -Other algorithms: Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 80 bits of encryption strength) Single-chip "This new generation Smart Card programmable module offers a highly secure architecture with state of the art on board cryptographic services that include and even exceed NSA SUITE-B cryptography with Advanced Encryption Standard (AES up to 256); Secure Hash Algorithm (SHA up to 512); Elliptic-Curve Diffie-Hellman (ECDH) and Digital Signature Algorithm (ECDSA up to P-521). The module supports Java Card 2.2.2 and Global Platform 2.1.1.A with Delegated Management, and is available with contact (ISO 7816) and contactless (ISO 14443) communication interfaces."
1235	Advanced Communications Concepts Inc 8831 N.Capital of Texas Highway Suite 212 Austin, TX 78759 USA -Eric Sweeney TEL: 512-275-6245 CST Lab: NVLAP 200427-0	TUCrypt Cryptographic Module (Software Version: 2.32.0.0) Validated to FIPS 140-2 Security Policy Certificate	Software	12/07/2009; 01/28/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Pro (32-bit edition), Microsoft Windows Vista (32-bit and 64-bit editions), and Microsoft Windows 7 (32-bit and 64-bit editions) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1057, #1058 and #1102); SHS (Certs. #1003, #1004 and #1025); HMAC (Certs. #595, #596 and #616) -Other algorithms: AES (Certs. #1057, #1058 and #1102, key wrapping) Multi-chip standalone "The TUCrypt Cryptographic Module is a multi-chip standalone software module that executes on a IBM compatable personal computer. The software module is intended to be used by other ACCI software to provide FIPS 140-2 approved cryptographic services."
1234	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-923-3206 FAX: 203-924-3406 CST Lab: NVLAP 200427-0	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: MAXQ1959B-F50#; Firmware Versions: 6.01.02 and 8.01.03; Indicia Type 0, 2 and 5) (When operated in FIPS mode and configured by Pitney Bowes, Inc.) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2009; 01/06/2010	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: DSA (Cert. #353); RNG (Cert. #604); SHS (Cert. #1010); Triple-DES (Cert. #797); Triple-DES MAC (Triple-DES Cert. #797; vendor-affirmed) -Other algorithms: RNG (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
1233	Brocade Communications 1745 Technology Drive San Jose, CA 95110 USA -Greg Farris TEL: 408-333-7315 FAX: 408-333-8101 CST Lab: NVLAP 100432-0	Brocade 7500 SAN Extension Switch Cryptographic Module (Hardware Version: P/N Brocade 7500 Version H; Firmware Version: Fabric OS v6.0.0) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #731); Triple-DES (Cert. #652); SHS (Cert. #749); HMAC (Cert. #397); RNG (Cert. #426); RSA (Cert. #342) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Brocade 7500 SAN Extension Switch Cryptographic Module provides an enterprise building block for consolidation, data mobility, and business continuity solutions that improve efficiency and cost savings. It combines FCIP extension with Fibre Channel switching and routing to provide local and remote storage and SAN connectivity while isolating SAN fabrics and IP WAN networks."
1232	Brocade Communications 1745 Technology Drive San Jose, CA 95110 USA -Greg Farris TEL: 408-333-7315 FAX: 408-333-8101 CST Lab: NVLAP 100432-0	Brocade DCX Backbone and 48000 Director (Hardware Version: P/Ns Brocade DCX Version C and Brocade 48000 Version L; Firmware Version: Fabric OS v6.0.0) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #731); Triple-DES (Cert. #652); SHS (Cert. #749); HMAC (Cert. #397); RNG (Cert. #426); RSA (Cert. #342) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Brocade DCX Backbone consolidates server-to-server, server-to-storage and storage-to-storage traffic into a logical, multiprotocol infrastructure. It is designed to support existing and emerging protocols, including 8Gb Fibre Channel, FICON®, FCIP, IPFC, 10 Gigabit Ethernet, Converged Enhanced Ethernet (CEE), and Fibre Channel over Ethernet (FCoE). The Brocade 48000 Director delivers 4, 8, and 10 Gbit/sec Fibre Channel performance, high availability and multiprotocol connectivity, including Fibre Channel Routing, FCIP, iSCSI, and fabric-based applications."
1231	MeshDynamics, Inc. 2953 Bunker Hill Lane Suite 400 Santa Clara, CA 95054 USA -Francis daCosta TEL: 408-373-7700 FAX: 408-516-8987 CST Lab: NVLAP 200648-0	MD4000-FIPS Structured Mesh™ Module (Hardware Version: MD4000-FIPS; Firmware Version: 2.5.72) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/30/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #728); SHS (Cert. #746); RNG (Cert. #425); HMAC (Cert. #394) -Other algorithms: RC4; MD5; HMAC-MD5; AES (Cert. #728; key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "Multi-Radio Wireless Mesh Networking Node. Nodes connect to each other forming a "MESH" network. Data from Client devices connected to the mesh node, is routed according to the destination address. Client devices need to authenticate before they can join the network. All data from client is encrypted using AES-CCM using temporal keys generated using WPA2/802.11i standard."
1230	Tropos Networks 555 Del Rey Ave. Sunnyvale, CA 94085 USA -Roman Arutyunov TEL: 408-331-6825 FAX: 408-331-6801 -Sreedhar Kamishetti TEL: 408-331-6881 FAX: 408-331-6801 CST Lab: NVLAP 200427-0	Tropos Control Element Management System (Software Version: 7.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/30/2009	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Operational Environment: Tested as meeting Level 1 with CentOS 5 (x86) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1084 and #1086); Triple-DES (Certs. #799 and #800); SHS (Certs. #1018 and #1019); HMAC (Certs. #608 and #609); RNG (Certs. #608 and #609); RSA (Certs. #511 and #512) -Other algorithms: Blowcrypt; MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Tropos Control is a comprehensive management system that streamlines the deployment, optimization, maintenance, and control of large-scale wireless networks. Tropos Control uses FIPS 140-2 approved algorithms to provide secured communication to Tropos routers and to its web-based client application."
1229	BitArmor Systems, Inc. Three Gateway Center 401 Liberty Avenue Suite 1900 Pittsburgh, PA 15222 USA -Hugh Docherty CST Lab: NVLAP 200556-0	BitArmor Secure Cryptographic Engine (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	11/30/2009; 12/11/2009	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (32-bit); SuSE Linux Enterprise Server 10.0 (32-bit); Windows Server 2003 (32-bit); Windows Server 2008 (64-bit); Windows 7 Enterprise (32-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1101); Triple-DES (Cert. #802); SHS (Cert. #1024); HMAC (Cert. #614); RNG (Cert. #613) -Other algorithms: DES; MD5; HMAC-MD5 Multi-chip standalone "BitArmor DataControl is an advanced software solution that provides disk encryption and device independent file/folder encryption. It provides precise access control for data on the Windows operating system. BitArmor DataControl includes automatic key management that is transparent to users and a central console for management of users and access privileges."
1228	Atos Wordline S.A./N.V. Haachtsesteenweg 1442 ChaussTe de Haecht Brussels, 1130 Belgium -Filip Demaertelaere TEL: +32-2-727-6167 FAX: +32-2-727-6250 -Sam Yala TEL: +32-2-727-6194 FAX: +32-2-727-6250 CST Lab: NVLAP 200636-0	DEP/PCI v4 (Hardware Versions: PCI card: 033-120010-1.0; Alarm card: 033-120020-2.0; Firmware Versions: Boot firmware: 4.0.l; FPGA firmware: 661442; Alarm firmware: 5.0.m) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/24/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #883); SHS (Cert. #875) -Other algorithms: N/A Multi-chip embedded "The DEP/PCI (a PCI adapter board) is a hardware cryptographic module, also known as a hardware security module (HSM). Its boot software together with its cryptographic coprocessor implements different cryptographic algorithms which are used for secure key entry, secure application loading and secure boot firmware update. The alarm firmware implements the tamper detection and tamper responsive logic."
1227	Kingston Technology, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA -John Terpening TEL: 714-427-3743 FAX: 714-435-2628 CST Lab: NVLAP 100432-0	DataTraveler 5000 (DT5000) (Hardware Version: P/N 88007021F, Version 01.00.02; Firmware Version: 03.00.04) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/07/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1015 and #1016); SHS (Certs. #972, #973 and #974); ECDSA (Cert. #122); DRBG (Cert. #10); RNG (Cert. #582); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Kingston's ultra-secure DataTraveler 5000 USB Flash drive protects sensitive data with FIPS 140-2 Level 2 certification and 256-bit AES hardware-based encryption in XEX mode. Secured by Spyrus, DT5000 uses elliptic curve cryptography encryption algorithms (ECC) that meet the Suite B standards approved by the U.S. government. The drive features complex password protection and locks down after 10 intrusion attempts. DT5000 is waterproof (up to 4 feet) and features a rugged, titanium-coated steel casing."
1226	Eastman Kodak Company 343 State Street Rochester, NY 14650 USA -Nancy Telfer TEL: 585-477-8399 FAX: 585-477-8789 CST Lab: NVLAP 200427-0	Eastman Kodak Company® Secure Module 3000 (Hardware Version: 4F6138 Version A; Firmware Version: 1.0-068) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/24/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1071, #1072 and #1076); HMAC (Certs. #603 and #604); RNG (Cert. #606); RSA (Cert. #508); SHS (Certs. #1012 and #1013) -Other algorithms: HMAC-MD5; MD5; RSA (key wrapping; key establishment methodology provides 112-bits of encryption strength) Multi-chip embedded "The Kodak Secure Module 3000 is a fully DCI compliant cryptographic module that is the core of the Kodak Digital Cinema content playback system. The Secure Module converts the packaged, compressed and encrypted data into raw image, sound, subtitles and auxiliary data used in exhibition. It performs security functions such as media decryption, link encryption, forensic watermarking, and key management."
1225	SafeNet, Inc. 20 Colonnade Road Ottawa, Ontario K2E 7M6 Canada -Iain Holness TEL: 613-221-5049 FAX: 613-723-5079 CST Lab: NVLAP 200002-0	SafeEnterpriseTM Encryptor, Model 650 (Hardware Version: 904-23160-007; Firmware Version: 3.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/24/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #268); AES (Certs. #391 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeEnterpriseTM SONET Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network."
1224	BeCrypt Limited 130 Shaftesbury Avenue London, W1D 5EU United Kingdom -Dr. Pali Surhar, Certification Manager TEL: +44 (0)845 838 2050 FAX: +44 (0)845 838 2060 CST Lab: NVLAP 200017-0	BeCrypt Cryptographic Library (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	11/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional 32-bit with SP3; Windows XP Professional 64-bit with SP2; Linux Ubuntu 8.10; MAC OS X (single-user mode) -FIPS-approved algorithms: AES (Certs. #1087 and #1088); SHS (Certs. #1020 and #1021); RNG (Cert. #610); RSA (Cert. #513); HMAC (Certs. #610 and #611) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; Triple-DES (non-compliant); RC2 Multi-chip standalone "The BeCrypt Cryptographic Library provides core cryptographic functionality for BeCrypt's Enterprise security products including a range of market leading disk encryption, media encryption and data protection products. The cryptographic library provides a capability to develop complex and flexible security applications that require cryptographic functionality in both pre-OS and 32 bit/64 bit operating environments."
1223	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085-4121 USA -Wendi Ittah TEL: 703-399-0535 CST Lab: NVLAP 200017-0	ProxySG 510 and ProxySG 810 (Hardware Versions: 100-02639, 106-02838, 106-02868, 100-02641, 106-02834 and 106-02884; Firmware Version: 5.3.1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/17/2009; 12/13/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #859); Triple-DES (Cert. #706); RSA (Cert. #413); DSA (Cert. #310); SHS (Cert. #854); HMAC (Cert. #476); RNG (Cert. #491) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet), and to provide acceleration and compression of transmitted data. The ProxySG is one of several appliance lines manufactured by Blue Coat"
1222	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085-4121 USA -Wendi Ittah TEL: 703-399-0535 CST Lab: NVLAP 200017-0	ProxySG 8100 (Hardware Versions: 100-02644, 106-02835 and 106-02883; Firmware Version: 5.3.1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/17/2009; 12/07/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #859); Triple-DES (Cert. #706); RSA (Cert. #413); DSA (Cert. #310); SHS (Cert. #854); HMAC (Cert. #476); RNG (Cert. #491) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet), and to provide acceleration and compression of transmitted data. The ProxySG is one of several appliance lines manufactured by Blue Coat"
1221	Bull SAS Rue Jean Jaurès B.P.68 Les Clayes sous Bois, 78340 France -Jean-Luc CHARDON TEL: +33 1 30 80 79 14 FAX: +33 1 30 80 78 87 -Pierre-Jean AUBOURG TEL: +33 1 30 80 77 02 FAX: +33 1 30 80 78 87 CST Lab: NVLAP 200017-0	CHR Cryptographic Module (Hardware Version: 003/A [1] or 004/A [2]; Firmware Version: V1.02-00L [1] or V1.03-00L [2]) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/17/2009; 07/05/2011	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: RSA (Cert. #438); SHS (Cert. #893) -Other algorithms: N/A Multi-chip standalone "The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR."
1220	SkyRecon Systems 8 rue La Fayette Paris, 75009 France -Patrick Prajs TEL: +33 (0)1 73 54 02 60 -Jean-Baptiste LERNOUT TEL: 33 (0)1.73.54.02.72 CST Lab: NVLAP 200697-0	SkyRecon Cryptographic Module (SCM) (Software Version: 1.04) Validated to FIPS 140-2 Security Policy Certificate	Software	12/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional with SP3 (single-user mode) -FIPS-approved algorithms: AES (Cert. #931); SHS (Cert. #914); RNG (Cert. #532); HMAC (Cert. #613) -Other algorithms: N/A Multi-chip standalone "SkyRecon Cryptographic Module (SCM) is a software-based dynamically linked cryptographic library containing several validated cryptographic algorithms. Software developers can link the SkyRecon Cryptographic Module (SCM) into their applications to provide FIPS 140-2 compliant cryptographic support."
1219	Check Point Software Technologies Ltd. 12007 Sunrise Valley Dr. Suite 130 Reston, VA 20191 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972 3-7534561 CST Lab: NVLAP 200002-0	VPN-1 [1] and Security Gateway with firewall and vpn Software Blades [2] (Firmware Versions: NGX R65 with hot fix HFA 30 [1] and R70.1 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	10/27/2009; 11/20/2009; 07/27/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Tested: Dell PowerEdge 1750 and Power-1 5070 with Check Point SecurePlatform Operating System, version NGX R65 HFA 30 -FIPS-approved algorithms: Triple-DES (Certs. #338, #733, #824, #825, #1114 and #1115); AES (Certs. #257, #1130 and #1728); SHS (Certs. #332, #890, #1053, #1054, #1511 and #1512); HMAC (Certs. #67, #502, #642, #643, #1003 and #1004); RSA (Certs. #66, #132, #537 and #853); RNG (Certs. #90, #628 and #917) -Other algorithms: CAST 40 bit; CAST 128 bit; DES (Cert. #314); MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength) Multi-chip standalone "Check Point's Security Gateway Software Blades R70.1 and VPN-1 R65 with hot fix HFA 30 provide an integrated software solution combining a firewall, vpn, and the hardened SecurePlatform operating system. Designed to meet the requirements of Internet, intranet, and extranet vpns it provides secure connectivity to corporate networks with remote and mobile users, branch offices, and business partners."
1218	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Harinder Sood TEL: 301-944-1325 FAX: 301-670-6989 CST Lab: NVLAP 200427-0	3e-636S-1 Accelerated Crypto Module (Hardware Version: 1.0(A); Firmware Version: 4.3.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1022 and #1023); Triple-DES (Certs. #783 and #784); SHS (Certs. #976 and #977); HMAC (Certs. #571 and #572); RNG (Cert. #583); RSA (Cert. #490) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip embedded "3eTI's 3e-636S-1 Accelerated Crypto Module provides AES and Triple-DES data encryption, SHS secure hashing, and HMAC keyed hashing at very high levels of sustained bandwidth. The 3e-636S-1 leverages built-in hardware-based cryptography to greatly accelerate device performance. The 3e-636S-1 is a robust, stand-alone inline encryptor which can straightforwardly be inserted into a network where FIPS 140-2 Validation is required. The 3e-636S-1 helps customers meet Federal Cryptography requirements at extremely high levels of performance, where traditional software-based algorithm implementation"
1217	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-546-4744 CST Lab: NVLAP 100432-0	Cygnus X3 PSD Cryptographic Module (Hardware Version: P/N 1R84000 Version A; Software Version: 01.05.05; Firmware Version: 01.00.06) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2009	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: DSA (Cert. #234); SHS (Cert. #650); AES (Cert. #600); RNG (Cert. #592); HMAC (Cert. #311) -Other algorithms: N/A Single-chip "The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1216	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Peter Hayman TEL: 919-462-1900 x273 FAX: (919) 462-1933 CST Lab: NVLAP 200002-0	SafeEnterprise™ Encryptor, Model 600 (Hardware Versions: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10014-00x, 904-10112-00x, 904-10113-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-25005-00x, 904-30013-00x, 904-511i0-00x and 943-511i0-00x; Firmware Version: 3.4.0.1) (Note: Refer to the cryptographic module’s security policy for the details on the letter i and x designations) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #647); AES (Certs. #711, #713 and #725); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DSA (non-compliant) Multi-chip standalone "The SafeEnterprise™ Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks."
1215	SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA -Tom Dickens TEL: 408-392-9131 FAX: 408-392-0319 CST Lab: NVLAP 100432-0	Hydra PC FIPS Sector-based Encryption Module (Hardware Version: P/N 88007021F, Version 01.00.02; Firmware Version: 03.00.04) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2009; 05/05/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1015 and #1016); SHS (Certs. #972, #973 and #974); ECDSA (Cert. #122); DRBG (Cert. #10); RNG (Cert. #582); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength) -Other algorithms: EC-Diffie-Hellman (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength) Multi-chip standalone "The Hydra PC FIPS Sector-based Encryption Module provides hardware-based, sector by sector full disk encryption providing the protective military strength of the U. S. Government's Suite B algorithm standards, including AES, ECDSA, SHA-2, and EC-DH. The USB encryption device comes with an easy to use, user-friendly interface that operates on the Microsoft Windows operating systems without installing any drivers."
1214	Juniper Networks, Inc. One Rogers St. Sixth Floor Cambridge, MA 02142 USA -Robert Smith TEL: 617-949-4067 FAX: 617-547-1031 CST Lab: NVLAP 100432-0	Odyssey Security Component Portable (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	10/19/2009	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #785 and #786); Triple-DES (Cert. #680); SHS (Cert. #788); HMAC (Cert. #431); DSA (Cert. #294); RSA (Cert. #374); RNG (Cert. #452) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / Portable is a C language version that can be compiled without modification for a variety of operating systems."
1213	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94002 USA -Global Certification Team TEL: FAX: CST Lab: NVLAP 100432-0	Cisco 4402 and 4404 Wireless LAN Controllers (Hardware Versions: 4402, Revision Number A0 and 4404, Revision Number A0; with FIPS Kit AIRWLC4400FIPSKIT=, version A0; with Opacity Baffle Version 1.0; Firmware Versions: 5.2.157.0, 5.2.178.5, 5.2.193.0 and 5.2.193.11) (When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009; 11/20/2009; 07/02/2010; 07/30/2010; 08/22/2011; 02/23/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
1212	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 CST Lab: NVLAP 100432-0	Voice Processing Module Cryptographic Module (VPMCM) /Telephone Media Gateway Cryptographic Module (TMGCM) (Hardware Versions: VPMCRYPTO_B or VPMCRYPTO_C; Firmware Versions: R01.01.03, R01.01.04, R01.01.05, R01.02.08 or R01.05.00) (When operated in FIPS mode with AES Cert. #819) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009; 12/06/2010; 07/05/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); DVP-XL; DVI-XL; DES-XL; LFSR; ADP Multi-chip embedded "The Motorola Voice Processing Module Cryptographic Module provides cryptographic services to the Voice Processing Module in which it is embedded. The Voice Processing Module provides dispatch console audio routing between a dispatch operator (e.g., 911 dispatcher), peripherals, and a local network."
1211	Motorola, Inc. 1 Motorola Plaza Holtsville, NY 11742 USA -Steven Chew TEL: 631-738-3507 FAX: 631-738-4164 -Bert Scaramozzino TEL: 631-738-3215 FAX: 631-738-4164 CST Lab: NVLAP 200648-0	Motorola Wireless Fusion on Windows CE Cryptographic Module (Hardware Version: CX 55222; Software Version: 3.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software-Hybrid	11/18/2009; 05/05/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows CE 6.0 -FIPS-approved algorithms: AES (Certs. #1035 and #1037); SHS (Cert. #988); HMAC (Cert. #581) -Other algorithms: RC4; TKIP Multi-chip standalone "Motorola Wireless Fusion Cryptographic Module is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
1210	Motorola, Inc. 1 Motorola Plaza Holtsville, NY 11742 USA -Steven Chew TEL: 631-738-3507 FAX: 631-738-4164 -Bert Scaramozzino TEL: 631-738-3215 FAX: 631-738-4164 CST Lab: NVLAP 200648-0	Motorola Wireless Fusion on Windows Mobile Cryptographic Module (Hardware Version: CX 55222; Software Version: 3.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software-Hybrid	11/18/2009; 05/05/2010; 06/02/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Mobile 6.1 and 6.5 -FIPS-approved algorithms: AES (Certs. #1036 and #1038); SHS (Cert. #989); HMAC (Cert. #582) -Other algorithms: RC4; TKIP Multi-chip standalone "Motorola Wireless Fusion Cryptographic Module is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
1209	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Peter Hayman TEL: 919-462-1900 x273 FAX: 919-462-1933 CST Lab: NVLAP 200002-0	SafeEnterprise™ Encryptor, Model 650 (Hardware Versions: 904-53260-007 and 943-53270-007; Firmware Versions: 3.4.0.1 and 3.4.0.2) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009; 08/02/2010	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #647); AES (Certs. #710, #725 and #964); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DSA (non-compliant) Multi-chip standalone "The SafeEnterprise™ Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
1208	ARX (Algorithmic Research) 10 Nevatim Street Kiryat Matalon, Petach Tikva 49561 Israel -Ezer Farhi TEL: 972-3-9279529 CST Lab: NVLAP 200002-0	CoSign (Hardware Version: 4.0; Firmware Version: 4.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #498 and #523); Triple-DES MAC (Triple-DES Cert. #498, vendor affirmed); SHS (Certs. #554 and #586); HMAC (Cert. #241); RNG (Cert. #265); RSA (Cert. #227) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data."
1207	Juniper Networks, Inc. One Rogers St. Sixth Floor Cambridge, MA 02142 USA -Robert Smith TEL: 617-949-4067 FAX: 617-547-1031 CST Lab: NVLAP 100432-0	Odyssey Security Component User Mode and Odyssey Security Component Kernel Mode (Software Versions: Version 2.0 (Odyssey Security Component User Mode) and Version 2.0 (Odyssey Security Component Kernel Mode)) Validated to FIPS 140-2 Security Policy Certificate	Software	10/19/2009	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2; Microsoft Windows 2000 SP3 (single-user mode) -FIPS-approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / User Mode is a user mode binary module for the Windows operating system. OSC / Kernel Mode is a kernel-mode binary module for the Windows operating system."
1206	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94002 USA -Global Certification Team TEL: FAX: CST Lab: NVLAP 100432-0	Cisco Catalyst 3750G Integrated Wireless LAN Controller (Hardware Versions: P/N WS-C3750G, Version 02 and P/N 69-1707-01 (FIPS Kit); Firmware Versions: 5.2.157.0, 5.2.178.5, 5.2.193.0 and 5.2.193.11) (When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009; 11/20/2009; 07/02/2010; 07/30/2010; 08/22/2011; 02/23/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 3750G Wireless LAN Controller provides centralized control and scalability for medium to large-scale wireless LAN networks and supports IEEE 802.11i wireless security and is Wi-Fi certified for WPA2. Cisco WLAN Controllers support voice, video, data services, intrusion protection (including Management Frame Protection (MFP), intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the U.S. Department of Defense (DoD)."
1205	Lexar Media, Inc. 47300 Bayside Parkway Fremont, CA 94538 USA -Mehdi Asnaashari TEL: 510-413-1200 FAX: 510-440-3499 CST Lab: NVLAP 100432-0	JumpDrive SAFE S3000 (Hardware Versions: P/Ns LAD2GBCENAG600 [1,2], LAD4GBCENAG600 [1,2], LAD8GBCENAG600 [1,2] and LAD16GCENAG600 [1,2], Versions FC4410-EF-AB [1] and FC4410-EF-AC [2]; Firmware Version: 1511) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #877 and #990); HMAC (Cert. #491); RNG (Cert. #503); RSA (Cert. #424); SHS (Certs. #869 and #957); Triple-DES (Cert. #719) -Other algorithms: AES (Cert. #877, key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "Lexar Media introduces JumpDrive SAFE S3000, the world's first FIPS 140-2 Level 3 approved secure USB flash drive. The advanced flash drive combines an onboard cryptographic controller that encrypts all data stored on the secure partition by approved hardware-based AES 256bit, a smartcard chip that provides key management through proven technology, and a ruggedized tamper resistant housing to create a complete portable secure storage solution for all users looking to protect their data. For more information please visit http://www.lexar.com."
1204	Midland Radio Corporation 5900 Parretta Drive Kansas City, MO 64120 USA -David Berneking TEL: 816-462-0421 CST Lab: NVLAP 200427-0	Midland Radio Base Station Cryptographic Module (Hardware Versions: 91-1060A, 91-1060B, 91-1110A, 91-1110B, 91-4050A, 91-4050B, 91-4100A, 91-4100B, 91-4100C, 91-4100D, 91-7100B and 91-8100B; Firmware Version: FIPS_ver010b) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #485); SHS (Cert. #945); HMAC (Cert. #548); DRBG (Cert. #7) -Other algorithms: DES Multi-chip standalone "The Midland BTIII Base Stations provide Project 25 encrypted and clear voice, data and Short Message Service communications in accordance with the Project 25 Digital Land Mobile Radio standards suite. In addition, conventional analog radio voice communications are supported. It is multi-chip standalone cryptographic module validated at a FIPS 140-2 Security Level 1."
1203	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001 CST Lab: NVLAP 200017-0	nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect (Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500, nC4033E-030, nC4033E-6K0N, nC4033E-1K5N and nC4033E-500N, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009; 12/08/2009; 02/17/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant) Multi-chip embedded "The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, nShield 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1202	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001 CST Lab: NVLAP 200017-0	nShield F2 500 and nShield F2 10 PCI (Hardware Versions: nC3023P-500, nC3023P-10, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009; 02/17/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #994 an #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant) Multi-chip embedded "The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1201	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001 CST Lab: NVLAP 200017-0	nShield F2 4000, nShield F2 2000 and nShield F2 500 (Hardware Versions: nC3023P-4K0, nC3023P-2K0, and nC3123P-500, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009; 02/17/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant) Multi-chip embedded "The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1200	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001 CST Lab: NVLAP 200017-0	nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI (Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10; Build Standard N; Firmware Versions: 2.38.4-2 and 2.83.7-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009; 02/17/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #994 and #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant) Multi-chip embedded "The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1199	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001 CST Lab: NVLAP 200017-0	nShield F3 4000, nShield F3 2000, nShield F3 2000 for NetHSM, nShield F3 500 and nShield F3 500 for NetHSM (Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009; 02/17/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 +EFP/EFT -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1198	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001 CST Lab: NVLAP 200017-0	nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI (Hardware Versions: nC4033P-500, nC4033P-500N, and nC4033P-10, Build Standard N; Firmware Versions: 2.38.4-3 and 2.38.7-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009; 02/17/2010	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #994 and #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant) Multi-chip embedded "The nCipher modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1197	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001 CST Lab: NVLAP 200017-0	nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect (Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500, nC4033E-030, nC4033E-6K0N, nC4033E-1K5N and nC4033E-500N, Build Standard N; Firmware Versions: 2.38.4-3 and 2.38.7-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009; 12/08/2009; 02/17/2010	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant) Multi-chip embedded "The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, nShield 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1196	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001 CST Lab: NVLAP 200017-0	nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e (Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3032E-030, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009; 02/17/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant) Multi-chip embedded "The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1195	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001 CST Lab: NVLAP 200017-0	nShield F3 4000, nShield F3 2000, nShield F3 2000 for NetHSM, nShield F3 500 and nShield F3 500 for NetHSM (Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Versions: 2.38.4-3 and 2.38.7-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009; 02/17/2010	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1194	Juniper Networks, Inc. One Rogers St. Sixth Floor Cambridge, MA 02142 USA -Robert Smith TEL: 617-949-4067 FAX: 617-547-1031 CST Lab: NVLAP 100432-0	Juniper Network Connect Cryptographic Module (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	10/06/2009	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP Professional SP2 running on a Dell Optiplex GX270; Microsoft Windows 2000 Professional SP3 running on a Dell Optiplex GX400 -FIPS-approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Juniper Network Connect Cryptographic Module (JNCCM) is a general purpose cryptographic library. The JNCCM is a user mode binary module for the Windows operating system."
1193	Neopost Technologies 113 Rue Jean Marin Naudin Bagneux, 92220 France -Nathalie Tortellier TEL: 33 1 45 36 30 00 FAX: 33 1 45 36 30 10 CST Lab: NVLAP 100432-0	PSD Models C22, C28, C35 and C56 (Hardware Versions: P/N 4129955LD or P/N 4150859LB; Firmware Versions: P/N 4148747LA Version 22.12.2, P/N 4151948VA Version 23.06 or P/N 4151948VB Version 23.08) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/06/2009; 04/09/2010; 01/13/2011; 03/15/2011; 07/05/2011; 12/01/2011; 04/12/2012	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: AES (Cert. #563); SHS (Cert. #629); RNG (Cert. #328); RSA (Cert. #260); HMAC (Cert. #300); ECDSA (Cert. #62) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength) Multi-chip embedded "Neopost Canadian PSD (Postal Secure Device) for Low to High Range Franking machines."
1192	Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan -Hirotaka Kondo TEL: +81-46-202-8074 FAX: +81-46-202-6304 CST Lab: NVLAP 100432-0	Sony Security Module (Hardware Version: 1.0.0; Firmware Version: 1.0.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/06/2009; 01/06/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #901 and #902); RNG (Cert. #517); RSA (Cert. #437); SHS (Cert. #882) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The Sony Security Module (SSM) is a multi-chip embedded cryptographic module that is encapsulated in a hard opaque commercial grade metal case. The cryptographic boundary is defined as the entire metal case perimeter, including all hardware, software, and firmware encapsulated within. The interfaces are all traces that cross the crypto graphic boundary. The primary purpose of the SSM is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1191	SanDisk Corporation 601 McCarthy Boulevard Milpitas, CA 95035 USA -Rotem Sela TEL: +972-4-9078811 FAX: +972-4-9078777 CST Lab: NVLAP 200427-0	TrustedFlash v1.0 - microSD (Hardware Versions: HermonS2TM 256MB, HermonS2TM 512MB, HermonS2TM 1GB and HermonS2TM 2GB; Firmware Version: v1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2009; 11/20/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #643); RNG (Cert. #366); RSA (Cert. #294); SHS (Cert. #678); Triple-DES (Cert. #595) -Other algorithms: AES MAC (AES Cert. #643; non-compliant); DES; RNG; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip embedded "TrustedFlash™ v1.0 - microSD is SanDisk's proprietary TrustedFlash v1.0 security technology implemented on the microSD form factor which provides a platform for the implementation of an advance security technology that complies with FIPS 140-2 level 3 requirements. TrustedFlash provides authentication and data encryption that can be used with secured applications including e-commerce, protected digital content distribution and enabling users to play protected content, services and applications on authorized TrustedFlash-enabled devices, such as mobile phones, portable media players, etc."
1190	Raytheon Oakley Systems, Inc. 2755 E. Cottonwood Parkway Suite 600 Salt Lake City, UT 84121 USA -Mindy Gilbert TEL: 801-733-1443 FAX: 801-944-5800 -Morgan Greenwood TEL: 801-733-1433 FAX: 801-844-5800 CST Lab: NVLAP 200427-0	FIPS Linux Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	09/21/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v4 (single-user mode) -FIPS-approved algorithms: AES (Cert. #943); HMAC (Cert. #524); SHS (Cert. #919) -Other algorithms: N/A Multi-chip standalone "The Raytheon Oakley Systems FIPS Linux Cryptographic Module is a software module providing cryptographic functionality for the Raytheon Oakley Systems InnerView insider threat product. InnerView is an enterprise monitoring, threat detection, and policy enforcement solution."
1189	Juniper Networks, Inc. One Rogers St. Sixth Floor Cambridge, MA 02142 USA -Robert Smith TEL: 617-949-4067 FAX: 617-547-1031 CST Lab: NVLAP 100432-0	Odyssey Security Component (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	10/28/2009	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP Professional SP2 running on a Dell Optiplex GX270; Microsoft Windows 2000 Professional SP3 running on a Dell Optiplex GX400 -FIPS-approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / User Mode is a user mode binary module for the Windows operating system."
1188	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94002 USA -Global Certification Team TEL: FAX: CST Lab: NVLAP 100432-0	Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252 and AP1522 Wireless LAN Access Points (Hardware Versions: AP1131 Revision S0, AP1142 Revision A0, AP1242 Revision P0, AP1252 Revision F0 and AP1522 Outdoor Mesh Revision L0; with FIPS Kit AIRLAP-FIPSKIT=, version B0; Firmware Versions: 5.2.157.0, 5.2.178.5, 5.2.193.0 and 5.2.193.11) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/20/2009; 11/20/2009; 07/02/2010; 07/30/2010; 09/17/2010; 08/22/2011; 02/23/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1005, #1006, #1007, #1008 and #1009); HMAC (Certs. #564, #565 and #566); RNG (Certs. #567, #568 and #569); RSA (Certs. #482, #483 and #484); SHS (Certs. #965, #966 and #967) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); RC4; MD5; HMAC MD5 Multi-chip standalone "The Cisco Aironet Lightweight 1142, 1131, 1252, 1242, 1522 access points deliver the versatility, high capacity and enterprise class security required for small, medium and large Government indoor and outdoor wireless deployments. In FIPS 140-2 mode of operation, the Cisco APs support the LWAPP, MFP, IEEE 802.11i & IEEE 802.1x standards & AES for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security."
1187	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Juan Asenjo TEL: 954-888-6202 FAX: 954-888-6211 CST Lab: NVLAP 200002-0	Datacryptor® Gig Ethernet v1.0 and v1.1 (Hardware Version: 1600X409 v1.00; Firmware Versions: v1.0 and v1.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/21/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #454); DSA (Cert. #184); SHS (Cert. #517); RNG (Cert. #239) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Datacryptor® Gig Ethernet v1.0 and v1.1 are multi-chip standalone cryptographic modules. They secure communications using signed Diffie-Hellman key exchange and AES-256 encryption over Gigabit Ethernet networks. They provide data encryption over 1000baseX (802.3z) with supported media types of 1000BaseSX (short-haul fiber), 1000BaseLX (long-haul fiber) or 1000BaseCX (single twisted-pair copper). The units also provide integrated secure unit management capability employing the same techniques used for traffic encryption."
1186	Midland Radio Corporation 5900 Parretta Drive Kansas City, MO 64120 USA -David Kingsolver TEL: 816-462-0421 CST Lab: NVLAP 200427-0	Syn-Tech III P25 Radio Series (Hardware Versions: STP105B, STP404A, STP404B, STM1050B, STM1055B, STM1115B, STM4040A, STM4045A, STM4040B, STM4045B, STM4085A, STM4085B, SDT1090, SDT4080A and SDT4080B; Firmware Versions: Control Micro-Processor Boot Firmware Version: 1.00 Build:1080, Control Micro-Processor Firmware Version: MDV 1.01 Build:3320, Digital Signal Processor(DSP) Firmware Version: SPV 1.03 Build:0556;) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #645); SHS (Cert. #916); HMAC (Cert. #521); DRBG (Cert. #5) -Other algorithms: DES Multi-chip standalone "The Midland Syn-Tech III P25 radios provide Project 25 encrypted and clear voice, data and Short Message Service communications in accordance with the Project 25 Digital Land Mobile Radio standards suite. In addition, conventional analog radio voice communications are supported. It is a multi-chip standalone cryptographic module consisting of production grade components in accordance to FIPS 140-2 security level 1."
1185	RELM Wireless Corporation 7100 Technology Drive West Melbourne, FL 32904 USA -Jim Holthaus TEL: 402-896-6406 FAX: 785-856-1302 CST Lab: NVLAP 100432-0	FIPSCOM Cryptographic Module (Hardware Versions: P/N 7011-30967-000, Versions (011111, 071609 or 042009) [1] or (011211, 071709 or 042109) [2]; Firmware Versions: 0722-05072-000 [1] or 0722-05072-001 [2] (bootcodes) and 0722-05073-007 [011x11], 0722-05073-004 [071x09] or 0722-05073-003 [042x09] (application)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2009; 10/16/2009; 05/11/2011	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #899); RSA (Cert. #139); SHS (Cert. #462) -Other algorithms: DES; AES (AES Cert. #899, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip embedded "The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
1184	Fortinet, Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021 CST Lab: NVLAP 200017-0	FortiGate-5050 and FortiGate-5140 (Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5140 (build C4GL51); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Version: FortiOS 3.0, build8931, 081110) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/21/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #490, #742 and #743); RNG (Cert. #530); AES (Certs. #476, #925 and #926); SHS (Certs. #544, #909 and #910); RSA (Cert. #449); HMAC (Certs. #233, #516 and #517) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1183	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Certificate	Software	08/31/2009; 10/26/2010	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1182	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Suresh Subramanian TEL: 408-346-5682 FAX: 408-346-3463 CST Lab: NVLAP 100432-0	Network Security Platform Sensor M-6050 and M-8000 (M-8000 P and M-8000 S) (Hardware Versions: P/Ns M-6050 (IAP-M65K-ISA, IFO-M65K-ISA, IIP-M65K-ISA) V1.4 and M-8000 (IAP-M80K-ISA, IFO-M80K-ISA, IIP-M80K-ISA) V1.4; Firmware Version: 4.1.11.26) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Blowfish; DES; MD5; TACACS Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are IPS & IDS systems that protect network infrastructures & endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, & encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments & permits the customer to receive real-time network status updates & alerts, implement customized security policies & incident response plans, & perform forensic analysis of attacks."
1181	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 CST Lab: NVLAP 100432-0	Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.00.00 or R01.01.03] and [R01.00.00 (AES Cert. #819)]) (When operated in FIPS mode with firmware [R01.00.00 (AES Cert. #819)]) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009; 03/05/2010	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); DES; DES-XL; DVP-XL; ADP; LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1180	Security First Corp. 22362 Gilberto #130 Rancho Santa Margarita, CA 92688 USA -Rick Orsini TEL: 949-858-7525 FAX: 949-858-7092 CST Lab: NVLAP 100432-0	SecureParser® (Hardware Version: P/N AC2020-S, Version 1.0; Software Version: 4.7.0; Firmware Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software-Hybrid	08/31/2009	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Ubuntu 8; Windows 2003 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1017, #1027 and #1028); RNG (Cert. #584); RSA (Cert. #491); DSA (Cert. #346); SHS (Certs. #980 and #981); HMAC (Certs. #575 and #576); ECDSA (Cert. #123) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1027, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength) Multi-chip standalone "The SecureParser® is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
1179	SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA -Tom Dickens TEL: 408-392-4324 FAX: 408-392-0319 CST Lab: NVLAP 100432-0	Hydra PC FIPS File Encryption Module (Hardware Versions: P/Ns 880070103F [1], 880070104F [2] and 880070105F [3], Versions 01.00.01 [1,2] and 01.00.02 [3]; Firmware Versions: 01.02.12 [1] and 01.02.13 [2,3]) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/31/2009; 10/30/2009; 04/09/2010	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #846, #850 and #858); SHS (Certs. #837 and #852); RNG (Cert. #486); DRBG (Cert. #3); ECDSA (Certs. #96 and #97) -Other algorithms: EC-Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #846, key wrapping) Multi-chip standalone "The Hydra PC FIPS File Encryption Module is a multifunctional security device providing the U. S. Government's Suite B standard algorithms, including AES, ECC, and SHA-2. The Hydra PC FIPS File Encryption Module stores encrypted files on a replaceable miniSD/miniSDHC memory card for almost unlimited storage capacity. An exclusive authentication feature can limit the use of a Hydra PC FIPS File Encryption Module to a specifically designated enclave, preventing all external use even if the user knows the logon PIN. Comes with Microsoft Windows file interface."
1178	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	Luna® CA4 (Hardware Version: LTK-02-0501; Firmware Version: 4.6.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009; 05/17/2010	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #933); DSA (Cert. #331); ECDSA (Cert. #116); HMAC (Cert. #522); RNG (Cert. #534); RSA (Cert. #452); SHS (Cert. #917); Triple-DES (Cert. #747); Triple-DES MAC (Triple-DES Cert. #747, vendor affirmed) -Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; AES-MAC (Cert. #933; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
1177	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	Luna® PCM (Hardware Version: LTK-02-0501; Firmware Version: 4.6.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009; 05/17/2010	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #933); DSA (Cert. #331); ECDSA (Cert. #116); HMAC (Cert. #522); RNG (Cert. #534); RSA (Cert. #452); SHS (Cert. #917); Triple-DES (Cert. #747); Triple-DES MAC (Triple-DES Cert. #747, vendor affirmed) -Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; AES-MAC (Cert. #933; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1176	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	Luna® PCI Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.6.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #510 and #934); DSA (Cert. #332); ECDSA (Cert. #117); HMAC (Cert. #523); RNG (Cert. #535); RSA (Cert. #453); SHS (Cert. #918); Triple-DES (Certs. #520 and #748); Triple-DES MAC (Triple-DES Certs. #520 and #748, vendor affirmed) -Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1175	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/13/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
1174	Hewlett-Packard Company 19091 Pruneridge Ave. MS 4441 Cupertino, CA 95014 USA -Theresa Conejero TEL: 408-447-2964 FAX: 408-447-5525 CST Lab: NVLAP 100432-0	Atalla Cryptographic Subsystem (ACS) (Hardware Version: P/N 545517-002; Firmware Version: Loader Version 1.02, PSMCU Version 7.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009; 09/19/2011	Overall Level: 4  -FIPS-approved algorithms: AES (Cert. #406); RNG (Cert. #200); RSA (Cert. #531); SHS (Cert. #473) -Other algorithms: N/A Multi-chip embedded "The Atalla Cryptographic Subsystem (ACS) is a multiple-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1173	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200 CST Lab: NVLAP 100432-0	SSG 520M and SSG 550M (Hardware Versions: P/Ns SSG-520M (SSG 520M) and SSG-550M (SSG 550M); Firmware Version: ScreenOS 6.2.0r3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 01/28/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #712); AES (Cert. #867); DSA (Cert. #315); RNG (Cert. #497); RSA (Cert. #418); SHS (Cert. #861); HMAC (Cert. #483); ECDSA (Cert. #104) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The SSG 500 Series consists of high-performance security platforms for regional branch office and medium-sized, standalone businesses that want to stop internal and external attacks, prevent unauthorized access and achieve regulatory compliance. The SSG 550/SSG 550M provides 1+ Gbps of stateful firewall performance and 500 Mbps of IPSec VPN performance, while the SSG 520/SSG 520M provides 650 Mbps of stateful firewall performance and 300 Mbps of IPSec VPN performance."
1172	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200 CST Lab: NVLAP 100432-0	SSG 320M and SSG 350M (Hardware Versions: P/Ns SSG-320M (SSG 320M) and SSG-350M (SSG 350M); Firmware Version: ScreenOS 6.2.0r3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 01/28/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #713); AES (Cert. #868); DSA (Cert. #316); RNG (Cert. #498); RSA (Cert. #419); SHS (Cert. #862); HMAC (Cert. #484); ECDSA (Cert. #105) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The SSG 300 Series comprises high-performance security platforms that help businesses stop internal and external attacks, prevent unauthorized access, and achieve regulatory compliance. The SSG 350M provides 500 Mbps of stateful firewall performance and 225 Mbps of IPSec VPN performance, while the SSG 320M provides 400 Mbps of stateful firewall performance and 175 Mbps of IPSec VPN performance."
1171	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200 CST Lab: NVLAP 100432-0	SSG 140 (Hardware Version: P/N SSG-140; Firmware Version: ScreenOS 6.2.0r3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 01/28/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #714); AES (Cert. #869); DSA (Cert. #317); RNG (Cert. #499); RSA (Cert. #420); SHS (Cert. #863); HMAC (Cert. #485); ECDSA (Cert. #106) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The SSG 140 is a high-performance security platform for branch offices and small/medium sized standalone businesses that want to stop internal and external attacks, prevent unauthorized access, and achieve regulatory compliance. The SSG 140 is a modular platform that delivers more than 350 Mbps of stateful firewall traffic and 100 Mbps of IPSec VPN traffic."
1170	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200 CST Lab: NVLAP 100432-0	SSG 5 and SSG 20 (Hardware Versions: P/Ns SSG-5 (SSG 5) and SSG-20 (SSG 20); Firmware Version: ScreenOS 6.2.0r3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 01/28/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #711 and #715); AES (Certs. #866 and #870); DSA (Certs. #314 and #318); RNG (Certs. #496 and #500); RSA (Certs. #417 and #421); SHS (Certs. #860 and #864); HMAC (Certs. #482 and #486); ECDSA (Certs. #103 and #107) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The SSG 5 and SSG 20 are high-performance security platforms for small branch office and standalone businesses that want to stop internal and external attacks, prevent unauthorized access and achieve regulatory compliance. Both the SSG 5 and SSG 20 deliver 160 Mbps of stateful firewall traffic and 40 Mbps of IPSec VPN traffic."
1169	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200 CST Lab: NVLAP 100432-0	NetScreen-ISG 1000 and NetScreen-ISG 2000 (Hardware Versions: P/Ns NS-ISG-1000 (NetScreen-ISG 1000) and NS-ISG-2000 (NetScreen-ISG 2000); Firmware Version: ScreenOS 6.2.0r3a) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 01/28/2010; 02/12/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #709); AES (Cert. #864); DSA (Cert. #312); RNG (Cert. #494); RSA (Cert. #415); SHS (Cert. #858); HMAC (Cert. #480); ECDSA (Cert. #101) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks ISG 1000 and ISG 2000 are fully integrated firewall/VPN systems that provide multi-gigabit performance, modular architecture and rich virtualization capabilities. They provide an ideal solution for large enterprise, data center, and service provider networks. The ISG Series firewall/VPN-based systems deliver security features such as Intrusion Prevention System (IPS), anti-spam, Web filtering, and Internet Content Adaptation Protocol (ICAP) antivirus redirection support."
1168	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200 CST Lab: NVLAP 100432-0	NetScreen-5200 and NetScreen-5400 (Hardware Versions: P/Ns NS-5200/NS-5000-MGT2 (NetScreen-5200), NS-5200/NS-5000-MGT3 (NetScreen-5200), NS-5400/NS-5000-MGT2 (NetScreen-5400) and NS-5400/NS-5000-MGT3 (NetScreen-5400); Firmware Version: ScreenOS 6.2.0r3a) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 01/28/2010; 02/12/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #710); AES (Cert. #865); DSA (Cert. #313); RNG (Cert. #495); RSA (Cert. #416); SHS (Cert. #859); HMAC (Cert. #481); ECDSA (Cert. #102) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks NetScreen-5000 Series is a line of purpose built, high-performance security systems designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5000 Series consists of two products, the 2-slot NetScreen-5200 and the 4-slot NetScreen-5400. The NetScreen-5000 Series security systems integrate firewall, DoS and DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
1167	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	Luna® PCI Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.6.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510 and #934); DSA (Cert. #332); ECDSA (Cert. #117); HMAC (Cert. #523); RNG (Cert. #535); RSA (Cert. #453); SHS (Cert. #918); Triple-DES (Certs. #520 and #748); Triple-DES MAC (Triple-DES Certs. #520 and #748, vendor affirmed) -Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1166	Accellion, Inc. 1900 Embarcadero Road, Suite 207 Palo Alto, CA 94303 USA -Prateek Jain TEL: 650-739-0095 FAX: 650-739-0561 CST Lab: NVLAP 100432-0	Secure File Transfer Appliance (Hardware Version: P/N ACFIPS-01 Version 1.0.0; Firmware Versions: FTA_8_0_3, FTA_8_0_136 and FTA_8_0_488) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 10/02/2009; 12/08/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Certs. #843, #844 and #845); SHS (Certs. #835, #836 and #842); HMAC (Cert. #468); DSA (Cert. #307); Triple-DES (Cert. #771) -Other algorithms: Triple-DES (Cert. #771, key wrapping; key establishment methodology provides 80 bits of encryption strength); AES (Cert. #845, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Blowfish; MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Accellion Secure File Transfer Appliance is a key component of Accellion's secure file transfer solution that enables enterprises an easy to use solution for securely transferring large files. It helps eliminate FTP servers and offload file attachments from email resulting in improved email performance and reduced email storage. Extensive tracking and reporting tools enable companies to demonstrate compliance with SOX, HIPAA, FDA, and GLB regulations. Accellion appliances provide the highest level of security and ease of use of any enterprise file transfer solution."
1165	Fortress Technologies, Inc. 1 Technology Park Dr Westford, MA 01886-3140 USA -Certification Director TEL: 978-923-6400 FAX: 978-923-6498 CST Lab: NVLAP 200416-0	Fortress Secure Bridge (Hardware Versions: ES520V1, ES520V2 and ES300; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/18/2009; 03/26/2010	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; Hardware RNG Multi-chip standalone "The Fortress Secure Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1164	Meru Networks 894 Ross Drive Sunnyvale, CA 94089 USA -Joe Epstein TEL: 408-215-5300 FAX: 408-215-5301 CST Lab: NVLAP 100432-0	Meru Networks Security Gateway SG1000 Cryptographic Module (Hardware Version: P/N MN-SG1000; Firmware Version: 1.0-27) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #720); AES (Certs. #903 and #904); SHS (Cert. #894); HMAC (Cert. #493); RSA (Cert. #440); RNG (Cert. #518); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength) -Other algorithms: MD5; AES (Cert. #903, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Multi-chip embedded "The Meru Networks Security Gateway SG1000 Cryptographic Module is a high performance purpose built security solution for Wireless LAN deployments. The Meru Networks Security Gateway SG1000 Cryptographic Module provides a FIPS 140-2 Level 3 security solution conforming to the IEEE 802.11i security standards. The Meru Networks Security Gateway SG1000 Cryptographic Module is installed in a slot in the Meru Networks Security Gateway SG1000 appliance."
1163	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	Luna® PCI Cryptographic Module for Luna® IS (Hardware Version: VBD-03-0100; Firmware Versions: 5.2.5 and 5.2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510, #910 and #913); Triple-DES (Certs. #520, #728 and #738); DSA (Certs. #320 and #326); RSA (Certs. #442, #444, #454 and #455); ECDSA (Certs. #110 and #112); SHS (Certs. #898 and #900); HMAC (Certs. #507 and #509); Triple-DES MAC (Triple DES Certs. #520, #728 and #738; vendor affirmed); RNG (Certs. #522 and #523) -Other algorithms: AES MAC (AES Certs. #510, #910 and #913; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip embedded "The Luna® PCI for Luna® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
1162	Brocade Communications 1745 Technology Drive San Jose, CA 95110 USA -Greg Farris TEL: 408-333-7315 CST Lab: NVLAP 100432-0	Brocade Encryption Switch/FS8-18 Cryptographic Module (Hardware Versions: BES [P/Ns 60-1001079-01 Rev. B and C] and FS8-18 [P/Ns 60-1001078-01 Rev. B and C]) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/29/2009; 12/22/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #596 and #851); AES GCM (AES Cert. #851, vendor affirmed); RNG (Cert. #358); HMAC (Cert. #346); SHS (Certs. #645 and #844); RSA (Certs. #337 and #407) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); ECC-CDH (non-compliant); AES (Cert. #596, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip embedded "Cryptographic module for the Brocade Encryption Switch and FS8-18."
1161	Fortinet, Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021 CST Lab: NVLAP 200017-0	FortiGate-1000A and FortiGate-3600 (Hardware Versions: FortiGate 1000A (build C4WA49) and FortiGate 3600 (build C4KW75); Firmware Version: FortiOS 3.0, build8931, 081110) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/29/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #742, #743, #489 and #490); RNG (Cert. #530); AES (Certs. #925, #926, #475 and #476); SHS (Certs. #909, #910, #543 and #544); RSA (Cert. #449); HMAC (Certs. #516, #517, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1160	Motorola, Inc. 1301 East Algonquin Rd. Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770 CST Lab: NVLAP 100432-0	KVL 3000 Plus (Hardware Versions: P/N T6717A and T6717B; Firmware Versions: R03.52.45, R03.53.01 and R03.53.02) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/29/2009; 01/31/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; LFSR; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR) Multi-chip standalone "The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
1159	RSA, The Security Division of EMC 228 South Street Hopkinton, MA 01748 USA -Jeff Stone TEL: 508-249-1189 -Nirav Mehta TEL: 508-249-2964 CST Lab: NVLAP 200427-0	RSA BSAFE® Crypto-Kernel (Software Versions: 1.3.1 [1] and 1.3.1.1 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/29/2009; 08/20/2010; 09/07/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP2 (x86 Celeron) [1]; Windows Server 2003 SP2 (Itanium 2) [1]; Windows Server 2003 SP2 (x64 AMD Athlon X2) [2] (single-user mode) -FIPS-approved algorithms: AES (Certs. #1105 [1] and #1415 [2]); HMAC (Certs. #617 [1] and #835 [2]); SHS (Certs. #1028 [1] and #1285 [2]) -Other algorithms: AES-XTS Multi-chip standalone "RSA BSAFE® Crypto-Kernel is a cryptographic library from RSA, The Security Division of EMC, to provide symmetric encryption, hashing, and message authentication code creation, in the operating system kernel. It provides Advanced Encryption Standard (AES) cipher, SHA-256 message digest, and HMAC capabilities."
1158	AirMagnet, Inc. 830 E. Arques Ave. Sunnyvale, CA 94085 USA -Tony Ho TEL: 408-400-1255 FAX: 408-744-1250 CST Lab: NVLAP 200648-0	SmartEdge Sensor A5020, A5023, A5120 and A5123 (Hardware Versions: A5020, A5023, A5120 and A5123; Firmware Version: 8.5.0-12047) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/29/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #331); Triple-DES (Cert. #395); SHS (Cert. #406); RSA (Cert. #111); RNG (Cert. #152); HMAC (Cert. #135) -Other algorithms: RC4; RC2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); DES; Triple-DES (non-compliant); AES (non-compliant); IDEA; Blowfish; Twofish Multi-chip standalone "The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
1157	Oracle Corporation 500 Eldorado Blvd. Bldg 5 Broomfield, CO 80021 USA -David Hostetter TEL: 303-272-7126 CST Lab: NVLAP 100432-0	Sun StorageTek™ T10000A Tape Drive (Hardware Version: P/N 315462802; Firmware Versions: 1.40.108, 1.41.110 and 1.41.111) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/16/2009; 09/02/2009; 05/05/2010	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #495, #647, #941, #942 and #967); DRBG (Cert. #6); HMAC (Certs. #398 and #540); SHS (Certs. #736 and #937); RSA (Cert. #334) -Other algorithms: AES (Cert. #941, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5 Multi-chip standalone "The Sun StorageTek™ T10000A tape drive provides 500 GB native capacity and 120 MB/sec throughput. The T10000A is designed for maximum security and performance in enterprise-level applications. It employs AES-256 encryption to protect and authenticate customer data while also using AES-256 to provide secure and authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Sun KMA 2.x to provide a secure end-to-end management solution."
1156	Oracle Corporation 500 Eldorado Blvd. Bldg 5 Broomfield, CO 80021 USA -David Hostetter TEL: 303-272-7126 CST Lab: NVLAP 100432-0	Sun StorageTek™ T10000B Tape Drive (Hardware Version: P/N 315488302; Firmware Versions: 1.40.208, 1.41.210 and 1.41.211) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/16/2009; 09/02/2009; 05/05/2010	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #495, #647, #941, #942 and #967); DRBG (Cert. #6); HMAC (Certs. #398 and #540); SHS (Certs. #736 and #937); RSA (Cert. #334) -Other algorithms: AES (Cert. #941, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5 Multi-chip standalone "The Sun StorageTek™ T10000B tape drive provides 1 TB native capacity and 120 MB/sec throughput using the same media and with backward read compatibility to the T10000A. Designed for maximum security and performance, the T10000B provides AES-256 encryption to protect and authenticate customer data and to provide secure, authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Sun KMA 2.x to provide a secure end-to-end management solution."
1155	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3) (Hardware Versions: 6506, 6509, 6506-E and 6509-E; Backplane chassis: Hardware Versions 1.1 (6506-E), 1.4 (6509-E), 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 5.7(SUP720-3B), 5.7 (SUP720-3BXL), 2.1 (SUP720-10GbE); IPSec VPN SPA; Hardware Version 1.0; Firmware Versions: Modular IOS 12.2(33)SXI and 12.2(33)SXI1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/16/2009; 05/28/2010; 02/23/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Cert #598); HMAC (Certs. #348 and #550); RNG (Certs. #356 and #554); SHS (Certs. #647 and #948); Triple-DES (Cert #569) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "The Catalyst 6500 series switches with the IPSec VPN SPA offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1154	Digi International, Inc. 11001 Bren Road East Minnetonka, MN 55343 USA -Brian O'Rourke TEL: 952-912-3444 FAX: 952-912-4952 CST Lab: NVLAP 200648-0	Digi Passport 4 FIPS, 8 FIPS, 16 2 AC FIPS, 32 2 AC FIPS and 48 2 AC FIPS (Hardware Version: Rev. 1.1 [1] or Rev. 1.1.1 [2]; Firmware Version: 1.2.0F [1] or 1.2.0.1F [1][2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/16/2009; 11/27/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #821); Triple-DES (Cert. #693); SHS (Cert. #819); RSA (Cert. #398); DSA (Cert. #301); RNG (Cert. #473); HMAC (Cert. #454) -Other algorithms: RC4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES Multi-chip standalone "The latest entry in Digi's advanced console management line, the Digi Passport provides secure remote access to the console ports of computer systems and network equipment. In addition to conventional serial console connections, the Digi Passport connects to the service processors of the leading server vendors. It also provides SMASH extensions to each of these network-based access protocols."
1153	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3) (Hardware Versions: 6506, 6509, 6506-E and 6509-E; Backplane chassis: Hardware Versions 1.1(6506-E), 1.4 (6509-E) and 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 5.7 (SUP720-3B), 5.7 (SUP720-3BXL) and 2.1 (SUP720-10GbE); IPSec VPN SPA: Hardware Version 1.0; Firmware Versions: IOS 12.2(33)SXI and IOS 12.2(33)SXI1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/01/2009; 05/28/2010; 02/23/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #598); HMAC (Certs. #348 and #549); RNG (Certs. #356 and #553); SHS (Certs. #647 and #947); Triple-DES (Cert. #569) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant) Multi-chip standalone "The Catalyst 6500 series switches with the VPN Services Port Adapter offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1152	IBM® Corporation 9032 S Rita Road Tucson, AZ 85744 USA -David L. Swanson TEL: 520-799-5515 -Christine Knibloe TEL: 520-799-5719 CST Lab: NVLAP 200427-0	IBM System Storage LTO Ultrium 4 Tape Drive (Hardware Versions: 23R9539 (Fibre Channel), 23R9904 (SAS), and 95P4613 (SCSI); Firmware Versions: df080911bf_89Bb.FC.fips.ro (Fibre Channel), df080911bf_89Bb.SAS.fips.ro (SAS), and df080911bf_89Bb.SCSI.fips.ro (SCSI)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/01/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #918 and #919); AES GCM (Certs. #918 and #919, vendor affirmed); RNG (Cert. #527); RSA (Cert. #446); SHS (Cert. #906) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IBM LTO Ultrium 4 Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Three different host interface types of the LTO Ultrium 4 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
1151	Rajant Corporation 400 E. King Street Malvern, PA 19355 USA -Marty Lamb TEL: 610-873-6788 x209 CST Lab: NVLAP 200416-0	BreadCrumb® ME2 1S2F (Hardware Version: ME2 1S2F; Firmware Version: 10.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/01/2009	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #791 and #908); RSA (Cert. #378); SHS (Cert. #792); HMAC (Cert. #434); RNG (Cert. #455); -Other algorithms: RC4; MD5; Diffie-Hellman; AES (Cert #791, key wrapping) Multi-chip standalone "The Rajant BreadCrumb® ME2 1S2F is a rugged wireless transmitter-receiver that forms a mesh network (using InstaMesh®) when used in conjunction with other BreadCrumb® devices. This portable wireless mesh network node supports an open-standard IEEE 802.11 b/g radio with up to two antennas to enable data, voice and video applications."
1150	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/22/2009; 12/11/2009; 05/03/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
1149	Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid TEL: 408-737-4308 CST Lab: NVLAP 100432-0	Imation S200/D200 (Hardware Versions: P/Ns D2-S200-S01, D2-S200-S02, D2-S200-S04, D2-S200-S08, D2-S200-S16, D2-D200-S01, D2-D200-S02, D2-D200-S04, D2-D200-S08, D2-D200-S16 and D2-D200-S32; Firmware Versions: 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.5, 2.0.6, 2.0.8 and 2.0.9) (Files distributed with the module mounted within the CD Drive are excluded from the validation.) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009; 08/28/2009; 10/02/2009; 11/20/2009; 12/22/2009; 03/26/2010; 08/02/2010; 10/26/2011; 04/24/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1034); RNG (Cert. #587); RSA (Cert. #494); SHS (Certs. #986 and #987); HMAC (Cert. #579) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IronKey Secure Flash Drive includes a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1148	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Unified Wireless IP Phone 7921G and 7925G (Hardware Versions: 7921G and 7925G; Firmware Version: 1.3(2), 1.4(1) or 1.4(3)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009; 05/28/2010; 02/09/2012; 02/23/2012; 01/24/2013	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #987 and #988); HMAC (Certs. #555 and #556); RNG (Cert. #560); RSA (Cert. #475); SHS (Certs. #954 and #955); Triple-DES (Cert. #773) -Other algorithms: HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); MD5 Multi-chip standalone "For workers who need to communicate while moving about the workplace or campus, the Cisco Unified Wireless IP Phone 7921G and 7925G provide wired phone capabilities in an easy-to-navigate, menu directed wireless phone. These phones can be programmed with six extensions or a combination of extensions and speed dials. Each have a 2-inch color display; speakerphone capabilities, a new combination charger and speakerphone stand. Additionally, the 7925G provides support for bluetooth headsets."
1147	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/18/2009	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1146	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x72921 FAX: 519-886-4839 CST Lab: NVLAP 200017-0	BlackBerry Cryptographic Kernel (Firmware Version: 3.8.5.51) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	06/24/2009; 01/28/2010	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry Storm 9500 with BlackBerry OS Version 4.7 -FIPS-approved algorithms: Triple-DES (Cert. #750); AES (Certs. #946 and #947); SHS (Cert. #921); HMAC (Cert. #526); RSA (Cert. #456); RNG (Cert. #536); ECDSA (Cert. #118) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1145	Oberthur Technologies 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christopher Goyet TEL: 703-263-0100 FAX: 703-263-0503 CST Lab: NVLAP 100432-0	Oberthur ID-One Cosmo 128 v5.5 for DoD CAC (Hardware Version: B0; Firmware Versions: F310-067735 with ASC library package v2.6.2B.3, ACA applet package v2.6.2B.4, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.4, and SMA applet package v2.6.2B.3) (PIV Card Application: Cert. #15) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009; 08/02/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #606); Triple-DES MAC (Triple-DES Cert. #606, vendor affirmed); RSA (Cert. #304); RNG (Cert. #377) -Other algorithms: RSA (key transport; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "This module is based on the Oberthur Dual Interface (ISO7816 & ISO14443) ID-One Cosmo family of Smart Cards that provide a secure Javacard platform with data storage and enhanced cryptographic processing capabilities specifically designed to fit the needs of government and enterprise personnel identification applications. This configuration runs ActivIdentity applet suite V 2.6.2B into its 144K EEPROM memory. The Applet Suite provides services for authentication, access control, generic container and PKI. It conforms to SP800-73-1 Transitional & End-Point Card Edge (for HSPD-12/PIV)."
1144	SCsquare Ltd. 2A Habarzel St. Ramat Hahayal Tel Aviv, 69710 Israel -Yossi Fixman TEL: +972-3-7657-331 FAX: +972-3-649-4975 CST Lab: NVLAP 200636-0	Apollo OS V4.03 on SLE66CX680PE m1534-a13 (Firmware Version 4.03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	06/24/2009	Overall Level: 3  -Tested: SLE66CX680PE m1534-a13 smart card controller IC -FIPS-approved algorithms: Triple-DES (Cert. #701); DSA (Cert. #306); SHS (Cert. #839); RNG (Cert.#483); RSA (Cert. #406); HMAC (Cert. #464) -Other algorithms: ECDSA (non-compliant) Single-chip "Apollo OS V4.03 on SLE66CX680PE is a multi-purpose smart card utilizing an ISO 7816 file system. Apollo OS V4.03 is implemented as firmware in ROM of an Infineon SLE66CX680PE smart card controller IC."
1143	Mitsubishi Electric Corporation Kamakura Works 325 Kamimachiya Kamakura, Kanagawa 247-8520 Japan -Masanori Sato TEL: +81-467-41-6640 FAX: +81-467-41-6975 -Koichiro Sasaki TEL: +81-467-41-6670 FAX: +81-467-41-6975 CST Lab: NVLAP 200017-0	Command Encryption Module (Firmware Version: 1.1) (When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Firmware	06/24/2009	Overall Level: 2  -EMI/EMC: Level 3 -Tested: HP Compaq DC 5100 Running Microsoft Windows 2000 SP4 and Zone Labs Zone Alarm Pro Firewall version 7.0.481.000 -FIPS-approved algorithms: Triple-DES (Cert. #759) -Other algorithms: N/A Multi-chip standalone "Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
1142	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/03/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1141	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco ASA 5505, 5510, 5520, 5540 and 5550 Security Appliances (Hardware Versions: 5505, 5510, 5520, 5540, 5550, FIPS Kit (Cisco-FIPS-KIT=): Revision -B0 and ASA 5505 FIPS Kit (ASA5505-FIPSKIT=): Revision -A0; Firmware Versions: 8.0.4.16, 8.0.4.28, 8.0.5, 8.2.1 and 8.2.2.9) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009; 07/17/2009; 01/28/2010; 02/12/2010; 05/05/2010; 05/28/2010; 06/02/2010; 02/23/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #564, #966 and #1258); HMAC (Certs. #125, #301, #539 and #735); RNG (Certs. #144, #329, #545 and #701); RSA (Certs. #106, #261, #467 and #604); SHS (Certs. #196, #630, #935 and #1153); Triple-DES (Certs. #217, #559, #760 and #897) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); ECDH (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
1140	EF Johnson Technologies 1440 Corporate Drive Irving, TX 75038-2401 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120 CST Lab: NVLAP 100432-0	Johnson Encryption Machine 2 (JEM2) (Hardware Version: 023-3900-183; Firmware Versions: 2.0 and 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/25/2009; 07/02/2010	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #917); SHS (Cert. #904); HMAC (Cert. #512); DSA (Cert. #328); RNG (Cert. #526) -Other algorithms: AES (Cert. #917, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (AES Cert. #917, vendor affirmed; P25 AES OTAR); DES Multi-chip standalone "The EF Johnson Technologies Johnson Encryption Machine 2 (JEM2) is a cryptographic module meeting the FIPS140-2, Level 1 requirement. The JEM2 provides cryptographic operations to support Project 25 infrastructure. The JEM2 supports AES OTAR, AES, DSA, SHA-1, SHA-256, SHA-512, and HMAC FIPS Approved algorithms."
1139	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 3271 High Performance Mobile Access Router Card (HMARC) (Hardware Version: A0; Firmware Version: 12.4(15)T7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/28/2009; 05/28/2010; 02/23/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #890 and #945); HMAC (Certs. #497 and #530); RNG (Cert. #511); RSA (Cert. #432); SHS (Certs. #881 and #920); Triple-DES (Certs. #727 and #749) -Other algorithms: DES; DES-MAC; TDES-MAC (non-compliant); MD5; MD4; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength) Multi-chip embedded "The Cisco 3271 Rugged ISR is a high-performance, ruggedized router designed to support multiple applications running concurrently over wired or wireless networks. With onboard hardware encryption, the Cisco 3271 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks."
1138	NitroSecurity Inc 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169 CST Lab: NVLAP 200427-0	NitroView ESM/Receiver Cryptographic Module (Hardware Version: NS-ESMRCV-2250-R; Software Versions: 8.0.0.20080605 and 8.2.0) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroView ESM/Receiver is a multi-chip standalone cryptographic module consisting of production grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1137	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	ProtectServer Gold (PSG) (Hardware Version: Revision B2 and B3 [1], B4 [2] or C [3]; Firmware Version: 2.07.00[2], 2.08.00 [1-3] or 3.00.03 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009; 07/24/2009; 03/28/2011; 11/08/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #921 and #1582); DSA (Certs. #329 and #488); ECDSA (Certs. #114 and #193); HMAC (Certs. #515 and #928); RNG (Certs. #529 and #851); RSA (Certs. #448 and #772); SHS (Certs. #908 and #1401); Triple-DES (Certs. #741 and #1038); Triple-DES MAC (Triple-DES Certs. #741 and #1038, vendor affirmed) -Other algorithms: AES MAC (AES Certs. #921 and #1582; non-compliant); ARIA, and ARIA MAC; CAST 128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECIES; IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; SEED MAC Multi-chip standalone "The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
1136	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arie, Petach Tikva Israel -Chanan Lavi TEL: 972-3-9781111 FAX: 972-3-9781010 CST Lab: NVLAP 100432-0	Aladdin eToken PRO (Java) HD and Aladdin eToken Anywhere HD (Hardware Versions: P/N Aladdin eToken PRO (Java) HD Version 4.29 or 4.30 and Aladdin eToken Anywhere HD Version 4.33; Firmware Versions: 0106.7130.0207, 0106.8015.0508 or 0106.8015.0808 with Aladdin eToken v1.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009; 07/02/2010; 10/26/2011	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #681); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); SHS (Cert. #789) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "Aladdin eToken PRO (Java) HD offers strong authentication and guaranteed non-repudiation for sensitive applications such a eBanking, stock trading, eCommerce and financial transactions. Aladdin eToken PRO (Java) HD is based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and Global Platform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
1135	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arie, Petach Tikva Israel -Chanan Lavi TEL: 972-3-9781111 FAX: 972-3-9781010 CST Lab: NVLAP 100432-0	Aladdin eToken PRO (Java), Aladdin eToken Anywhere and Aladdin eToken PRO (Java) SC (Hardware Versions: P/Ns Aladdin eToken PRO (Java) Version 4.29 or 4.30, Aladdin eToken Anywhere Version 4.33 and Aladdin eToken PRO (Java) SC Versions 7 or 8; Firmware Versions: 0106.7130.0207, 0106.8015.0508 or 0106.8015.0808 with Aladdin eToken v1.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009; 07/02/2010; 10/26/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #681); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); SHS (Cert. #789) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC offers strong authentication and guaranteed non-repudiation for sensitive applications such a eBanking, stock trading, eCommerce and financial transactions. Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC are based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and Global Platform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits incl"
1134	Mobile Armor, Inc. 400 South Woods Mill Road Suite 300 St. Louis, MO 63017 USA -Brian Wood TEL: 443-468-1238 CST Lab: NVLAP 200427-0	Mobile Armor Cryptographic Module (Software Version: 3.0) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista; Microsoft Windows Vista 64-bit; Red Hat Enterprise Linux 5.1; Red Hat Enterprise Linux 5.1 64-bit; Fedora Core 8; Fedora Core 8 64-bit; Ubuntu 7.10; Ubuntu 7.10 64-bit; Apple OS X 10.5; Windows Mobile 6 (single user mode) -FIPS-approved algorithms: AES (Cert. #820); Triple-DES (Cert. #692); SHS (Cert. #818); HMAC (Cert. #453); RNG (Cert. #472) -Other algorithms: N/A Multi-chip standalone "The Mobile Armor Cryptographic Module 3.0 is a multi-chip standalone software module running on a standard IBM compatible personal computer, an Intel-based Mac, or a mobile device. On the PC, the software module can execute within a Linux, Microsoft Windows or Mac OS X operating system; while on a mobile device the module can be executed within a Windows Mobile Operating System."
1133	ViaSat UK Ltd. Sanford Lane Wareham, Dorset BH20 4DY United Kingdom -Tim D. Stone TEL: +44 1929 55 44 00 FAX: +44 01929 55 25 25 CST Lab: NVLAP 200556-0	FlagStone Core (Hardware Versions: V2.0.1.1, V2.0.1.2, V2.0.1.3, V2.0.2.1, V2.0.2.2, V2.0.2.3, V2.0.3.3, V2.0.3.4, V2.0.5.3 and V2.0.5.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009; 06/01/2009; 01/06/2010; 06/21/2011; 07/27/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #922 and #923); RNG (Cert. #531) -Other algorithms: N/A Multi-chip embedded "The FlagStone Core is a multi-chip embedded cryptographic module used within the Eclypt and the Eclypt Freedom Drives. The FlagStone Core, and subsequently the Eclypt and Eclypt Freedom Drives utilising the FlagStone Core, provide access control and data encryption services to protect access to data stored on a HDD (Hard Disk Drive). All accessible sectors on a HDD connected to a FlagStone Core are encrypted."
1132	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766 CST Lab: NVLAP 100432-0	McAfee Endpoint Encryption for Files and Folders (Software Versions: 3.1.1.7 and 3.1.2.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2009; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista 32; Microsoft Windows Vista 64; Microsoft Windows XP Professional (single-user mode) -FIPS-approved algorithms: AES (Cert. #891); DSA (Cert. #323); RNG (Cert. #512); SHS (Cert. #884) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RC5; AES (non-compliant) Multi-chip standalone "McAfee Endpoint Encryption for Files and Folders is a user transparent and high performing client software for encryption of files and folders on local drives, network shares, removable media and CD/DVD. E-mail attachments may also be encrypted for both internal and external recipients. In addition, the centralized McAfee Endpoint Encryption management system provides flexible and powerful management of encryption policies and keys, robust recovery tools, policy enforcement and remote deployment."
1131	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766 CST Lab: NVLAP 100432-0	McAfee Endpoint Encryption for PCs (Software Versions: 5.1.6, 5.1.7 and 5.1.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2009; 07/24/2009; 02/12/2010; 03/28/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista 64; Microsoft Windows Vista 32; Microsoft Windows XP Professional (single-user mode) -FIPS-approved algorithms: AES (Cert. #893); DSA (Cert. #325); RNG (Cert. #514); SHS (Cert. #886) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "McAfee Endpoint Encryption for PC is a high performance software solution that provides sector-level encryption of a PC's hard drive in a manner that is totally transparent to the user. In addition, the centralized McAfee Endpoint Encryption management system provides robust recovery tools, administration, and implementation."
1130	CommVault Systems, Inc. 2 Crescent Place Oceanport, NJ 07757 USA -Zahid Ilkal, Product Manager TEL: 732-870-4812 FAX: 732-870-4525 CST Lab: NVLAP 200017-0	CommVault Crypto Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	05/12/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Intel Core2 Duo w/ Microsoft Windows 2003; Intel Core2 Duo w/ Redhat Linux 5.0; UltraSPARC II w/ Sun Solaris 10 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #700); AES (Cert. #847); SHS (Cert. #838); HMAC (Cert. #465); RSA (Cert. #405); RNG (Cert. #482) -Other algorithms: DES; Blowfish; Serpent; Twofish; MD5; HMAC-MD5 Multi-chip standalone "CommVault Crypto Library (CVCL) is a cryptographic software module used in various products by CommVault Systems, Inc. The module provides a collection of FIPS Approved and Non-FIPS Approved cryptographic services for key generation, symmetric and asymmetric encryption, hash, HMAC and signature generation/verification."
1129	Fortress Technologies, Inc. 1 Technology Park Dr Westford, MA 01886-3140 USA -Certification Director TEL: 978-923-6400 FAX: 978-923-6498 CST Lab: NVLAP 200427-0	Fortress Secure Client (Software Version: 4.1.1 Build 4278X) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/06/2009; 03/26/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP 4, Windows XP Professional SP 2, Windows 2003 Server SP2, Windows Vista Ultimate Edition (single-user mode) -FIPS-approved algorithms: AES (Cert. #975); HMAC (Cert. #547); RNG (Cert. #552); SHS (Cert. #944); Triple-DES (Cert. #768) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; RSA (non-compliant) Multi-chip standalone "The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
1128	NeoScale Systems, Inc. 1655 McCarthy Blvd Milpitas, CA 95035 USA -Marcus Streets TEL: 011-44-1223-723613 FAX: 011-44-1223-723601 CST Lab: NVLAP 200017-0	CryptoStor Tape FC702R and FC704R (Hardware Versions: FC702R - P/N FA00005-00, Rev 6 and FC704R - P/N FA00006-00 Rev 8; Firmware Version: 2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/12/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #516); AES (Certs. #173 and #506); SHS (Certs. #258 and #577); RSA (Cert. #221); HMAC (Certs. #39 and #259); RNG (Cert. #285) -Other algorithms: N/A Multi-chip standalone "NeoScale CryptoStor Tape is a family of readily deployable, high-speed tape security appliances that compress, encrypt and digitally sign data as it goes to tape media or virtual tape without disrupting backup processes. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery. Used in conjunction with the NeoScale CryptoStor KeyVault key management system, CryptoStor Tape provides an automated, secure and open key sharing capability between locations, businesses or applications."
1127	NeoScale Systems, Inc. 1655 McCarthy Blvd. Milpitas, CA 95035 USA -Marcus Streets TEL: 011-44-1223-723613 FAX: 011-44-1223-723601 CST Lab: NVLAP 200017-0	CryptoStor Tape SC702R (Hardware Version: P/N FAS00004-00 Rev 6; Firmware Version: 2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/12/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #516); AES (Certs. #173 and #506); SHS (Certs. #258 and #577); RSA (Cert. #221); HMAC (Certs. #39 and #259); RNG (Cert. #285) -Other algorithms: N/A Multi-chip standalone "NeoScale CryptoStor Tape is a family of readily deployable, high-speed tape security appliances that compress, encrypt and digitally sign data as it goes to tape media or virtual tape without disrupting backup processes. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery. Used in conjunction with the NeoScale CryptoStor KeyVault key management system, CryptoStor Tape provides an automated, secure and open key sharing capability between locations, businesses or applications."
1126	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021 CST Lab: NVLAP 200017-0	FortiGate-5050 Chassis with FortiGate-5001A-DW Blade (Hardware Versions: FortiGate-5001A-DW (P4CJ36), ADM-XB2 (AMC28F), ADM-FB8 (P4FB78) and FG-5050 (C4QP38); Firmware Version: FortiOS 3.00, build8864,080819) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/12/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); AES (Certs. #612, #613 and #614); SHS (Certs. #660, #661 and #662); RSA (Certs. #284 and #285); HMAC (Certs. #315, #316 and #317) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1125	Fortress Technologies, Inc. 1 Technology Park Dr Westford, MA 01886-3140 USA -Certification Director TEL: 978-923-6400 FAX: 978-923-6498 CST Lab: NVLAP 200416-0	Fortress Secure Bridge (Hardware Versions: ES520V1 and ES520V2; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/14/2009; 03/26/2010	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5 Multi-chip standalone "The Fortress Secure Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1124	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766 CST Lab: NVLAP 100432-0	McAfee Endpoint Encryption for Mobile (Software Versions: 2.3.0.5 and 2.4.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/01/2009; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Mobile 5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #892); DSA (Cert. #324); RNG (Cert. #513); SHS (Cert. #885) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "McAfee Endpoint Encryption for Mobile is a security system for smart phones and pocket PCs that prevents the data stored on such devices from being read or used by an unauthorized person. In simple terms, McAfee Endpoint Encryption for Mobile takes control of a user's data away from the operating system."
1123	Mobile Armor, Inc. 400 South Woods Mill Rd. Suite 300 Chesterfield, MO 63017 USA -Brian Wood TEL: 314-590-0900 FAX: 314-590-0995 CST Lab: NVLAP 200427-0	Mobile Armor Cryptographic Module 3.5 (Software Version: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/24/2009	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Windows XP Professional SP2 running on Dell Optiplex GX270; Windows 2000 Professional SP3 running on Dell Optiplex GX400; Windows Server 2003 SP1 running on Dell Optiplex GX270; Red Hat Enterprise Linux Version 5 running on IBM System x3455; SUSE Linux Enterprise Server 10 SP1 running on IBM System x3455 -FIPS-approved algorithms: AES (Cert. #920); HMAC (Cert. #514); RNG (Cert. #528); SHS (Cert. #907); Triple-DES (Cert. #740) -Other algorithms: DES Multi-chip standalone "The Mobile Armor Cryptographic Module provides the core cryptographic functionality of Mobile Armor's Enterprise Mobile Data Security products which provide enterprise-level data encryption and device management."
1122	Kanguru Solutions 1360 Main St. Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200648-0	Kanguru Biolock (Software Version: 1.0.1.8) (This module contains the embedded module Crypto++ validated to FIPS 140-2 under Cert. #819 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/14/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #499); SHS (Cert. #569); HMAC (Cert. #253); RNG (Cert. #279); DSA (Cert. #206); Triple-DES (Cert. #512 ) -Other algorithms: N/A Multi-chip standalone "Kanguru Solutions is the leader in portable secure storage devices. Kanguru Biolock addresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
1121	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406 CST Lab: NVLAP 100432-0	Cygnus X-2 Postal Security Device (Hardware Versions: 1MEC BBC/BAJ (Canada), 1MES BBC/BAJ (Canada), 1MCT BBC/BAJ (Canada), 1MET BBC/BAJ (Canada), 1M00 BBC/BAJ (US) and 1M05 BBC/BAJ (US)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2009	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: ECDSA (Cert. #48); DSA (Cert. #200); SHS (Cert. #562); Triple-DES (Cert. #503); Triple-DES MAC (Triple-DES Cert. #503, vendor affirmed); RNG (Cert. #272); HMAC (Cert. #246) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1120	TecSec, Atmel, CPI Card Group, and Athena Smartcard 1048 Dead Run Drive McLean, VA 22101-2121 USA -Ron Parsons TEL: 301-639-5510 FAX: 703-506-1484 CST Lab: NVLAP 100432-0	TecSec PIV Eagle Card - Contact (Hardware Version: P/N Atmel AT90SC144144CT Revision G; Software Version: P/N TecSec Contact PIV Applet Version 1.01 JCT; Firmware Version: P/N Athena IDProtect XL Version 010A.7204.0004) (PIV Card Application: Cert. #11) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #592); Triple-DES MAC (Triple-DES Cert. #592, vendor affirmed); AES (Cert. #639); SHS (Cert. #674); RNG (Cert. #364); RSA (Cert. #292) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "The TecSec PIV Eagle Card - Contact cryptographic module provides data security for government and enterprise personnel identification. The primary purpose of this device is to enable the creation of a dual-chip PIV smart card as described in [FIPS201] that is fully compliant with the end-point service specified in SP800-73-1. The CM contains two Java Card applets implementing the PIV functionality (the Software) running on a GlobalPlatform Java Card operating system (the Firmware). The CM is physically connected to a smart card contact plate as defined in [7816-1] and [7816-2]."
1119	LiteScape Technologies, Inc. 1000 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 USA -Kayvan Alikhani CST Lab: NVLAP 200427-0	LiteScape SPAR (Hardware Version: 021013A; Firmware Version: 1.0.7, Bootloader: v52b4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #822); HMAC (Certs. #455, #456 and #457); SHS (Certs. #820, #821 and #822) -Other algorithms: N/A Multi-chip standalone "SPAR (Secure Personal Authentication Reader) is a multi-factor authentication device that provides RFID, Biometric and Magnetic-card interfaces. Using the SPAR at the edge of VOIP networks when coupled with devices such as IP phone terminals dramatically increases the security, validation and personalization process for business applications."
1118	TecSec, Atmel, CPI Card Group, and Athena Smartcard 1048 Dead Run Drive McLean, VA 22101-2121 USA -Ron Parsons TEL: 301-639-5510 FAX: 703-506-1484 CST Lab: NVLAP 100432-0	TecSec PIV Eagle Card - Contactless (Hardware Version: P/N Atmel AT90SC12872RCFT Revision M; Software Version: P/N TecSec Contactless PIV Applet Version 1.0 JCL; Firmware Version: P/N Athena ID Protect Duo Version 0107.7099.0105) (PIV Card Application: Cert. #11) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); SHS (Cert. #680); RNG (Cert. #368); RSA (Cert. #296) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "TecSec PIV Eagle Card - Contactless is a cryptographic module that may be configured as a contact or contactless PIV application. With this unique solution, a dual-chip product can be created without changing the user experience that assures the information stored on the contact chip is not compromised through the contactless interface. The CM is based on the Athena OS755 Java Card smart card operating system that is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 2 (Level 4 for physical security)."
1117	Chunghwa Telecom Co., Ltd. Telecommunication Laboratories 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei, Taoyuan, Taiwan 326 Republic of China -Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 -Char-Shin Miou TEL: +886-3-424-4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200017-0	HiKey - Flash and HiKey PKI Token (Hardware Versions: 1.5 and 1.8; Software Version: Card OS version 3.1 with GINA Applet: 1.0, PKI Applet: 2.0, FISC II Applet: 1.2; Firmware Version: 1.25) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2009; 11/17/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RSA (Cert. #434); Triple-DES (Cert. #732); SHS (Cert. #889); RNG (Cert. #515); HMAC (Cert. #501); Triple-DES MAC (Triple-DES Cert. #732, vendor affirmed); AES (Cert. #896); -Other algorithms: AES MAC (AES Cert. #896; non-compliant) Multi-chip standalone "The HiKey Flash and HiKey PKI Token modules are multi-chip standalone implementations of a cryptographic module. The Hikey - Flash and HiKey PKI Token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HiKey - Flash and HiKey PKI Token cryptographic modules contain an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart cards."
1116	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba AP-65, AP-70 and AP-85 Wireless Access Points (Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 or AP-85TX-F1 Rev. 01; Firmware Versions: ArubaOS 3.3.2.18-FIPS, ArubaOS 3.3.2.19-FIPS, ArubaOS 3.3.2.20-FIPS, ArubaOS 3.3.2.21-FIPS, ArubaOS 3.4.2.3-FIPS, ArubaOS 3.4.4.0-FIPS or ArubaOS 3.4.5.1-FIPS) (When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009; 05/18/2009; 07/24/2009; 12/10/2009; 02/12/2010; 05/05/2010; 10/25/2010; 01/31/2011; 03/14/2011; 07/19/2011; 02/06/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #895 and #900); HMAC (Certs. #500 and #503); RNG (Cert. #516); RSA (Certs. #433 and #436); SHS (Certs. #887, #888 and #892); Triple-DES (Certs. #731 and #734) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1115	Safend Ltd. 32 Habarzel Street Tel Aviv, 69710 Israel -Alon Barel TEL: +972-3-644-2662 x225 FAX: +972-3-648-6146 CST Lab: NVLAP 200556-0	Safend Cryptographic Library (Software Version: 3.3 or 3.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2009; 05/18/2009; 07/05/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional (single-user mode) -FIPS-approved algorithms: AES (Cert. #879); SHS (Cert. #870); HMAC (Cert. #492); RNG (Cert. #504) -Other algorithms: DES; SHA-256 (Cert. #870; non-compliant) Multi-chip standalone "The Safend Cryptographic Library offers reliable, simple and tamper-proof endpoint monitoring, device identification, and blocking based on administrator-defined policies. Protects all local, physical communications ports including USB, Firewire and PCMCIA, wireless endpoints such as WiFi, Bluetooth and IrDA, and removable and physical storage devices such as CD/DVD-RWs and iPods."
1114	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086-5301 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021 CST Lab: NVLAP 200017-0	FortiGate-310B (Hardware Version: C4ZF35; Firmware Version: FortiOS 3.00, build8864,080819) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/03/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #612, #613 and #614); Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); SHS (Certs. #660, #661 and #662); HMAC (Certs. #315, #316 and #317); RSA (Certs. #284 and #285) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1113	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021 CST Lab: NVLAP 200017-0	FortiGate-200A/200A-HD; FortiGate-300A/300A-HD; FortiGate-500A/500A-HD; FortiGate-800 (Hardware Versions: FortiGate-200/200A-HD (build C4AY89), FortiGate-300/300A-HD (build C4FK88), FortiGate-500/500A-HD (build C4BE21), FortiGate-800 (build C4UT39); Firmware Version: FortiOS 3.0, build8931, 081110) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/03/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #742, #743, #489 and #490); RNG (Cert. #530); AES (Certs. #925, #926, #475 and #476); SHS (Certs. #909, #910, #543 and #544); RSA (Cert. #449); HMAC (Certs. #516, #517, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1112	Technical Communications Corporation 100 Domino Drive Concord, MA 01742-2892 USA -Fidel Camero TEL: 978- 287-6303 FAX: 978-371-1280 CST Lab: NVLAP 200017-0	CipherTalk® 8000 Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Mobile 5.0; Windows Mobile 6.1; Windows XP Embedded with SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #848); SHS (Cert. #840); RNG (Cert. #484); HMAC (Cert. #466) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 149 bits of encryption strength); Twofish Multi-chip standalone "The CipherTalk® 8000 Cryptographic Module is an Operating System Agnostic cipher engine, encapsulating all the cryptographic functions for TCC's CipherTalk family of wireless products. Its functions include encryption and key exchange algorithms, authentication algorithms, and integrity and verification algorithms."
1111	Open Source Software Institute 3610 Pearl Street Hattiesburg, MS 39401 USA -Steve Marquess TEL: 301-524-9915 FAX: 301-831-8447 CST Lab: NVLAP 200648-0	OpenSSL FIPS Runtime Module (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	04/03/2009; 05/28/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Fedora Linux 9; Microsoft Windows XP SP 2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #623 and #624); AES (Certs. #681 and #682); SHS (Certs. #711 and #712); HMAC (Certs. #362 and #363); RSA (Certs. #318 and #319); DSA (Certs. #257 and #258); RNG (Certs. #397 and 398) -Other algorithms: DES; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL v0.9.8 product."
1110	Gesellschaft für sichere Mobile Kommunikation mbH Marienstrasse 11 Berlin, 10117 Germany -Bjoern Rupp TEL: +49 700 2797 8835 -Frank Rieger TEL: +49 700 2797 8835 CST Lab: NVLAP 200017-0	CryptoPhone Security Kernel (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	03/26/2009; 07/08/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Mobile 5.0; Windows Mobile 6.1; Windows XP Embedded with SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #849); SHS (Cert. #841); RNG (Cert. #485); HMAC (Cert. #467) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 149 bits of encryption strength); Twofish Multi-chip standalone "The CryptoPhone Security Kernel is a portable multi-platform cryptographic module that provides strong encryption, authentication, key exchange, message integrity verification, and secure memory abstraction services to GSMK CryptoPhone encryption products. All GSMK products come with full source code for independent review."
1109	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba AP-120 Series Wireless Access Points (Hardware Versions: AP-124-F1 Rev. 01and AP-125-F1 Rev. 01; Firmware Versions: ArubaOS 3.3.2.18-FIPS, ArubaOS 3.3.2.19-FIPS, ArubaOS 3.3.2.20-FIPS, ArubaOS 3.3.2.21-FIPS, ArubaOS 3.4.2.3-FIPS, ArubaOS 3.4.4.0-FIPS or ArubaOS 3.4.5.1-FIPS) (When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/26/2009; 05/18/2009; 07/24/2009; 12/10/2009; 02/12/2010; 05/05/2010; 10/25/2010; 01/31/11; 03/14/2011; 07/19/2011; 02/06/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #861 and #900); HMAC (Certs. #478 and #503); RNG (Cert. #516); RSA (Certs. #435 and #436); SHS (Certs. #891, #856 and #892); Triple-DES (Certs. #708 and #734) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1108	Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.) 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200017-0	Secure Firewall (Sidewinder) 1100E (Hardware Version: 1100; Firmware Version: 7.0.1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1107	Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.) 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200017-0	Secure Firewall (Sidewinder) 2150E (Hardware Version: 2150; Firmware Version: 7.0.1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1106	Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.) 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200017-0	Secure Firewall (Sidewinder) 4150E (Hardware Version: 4150; Firmware Version: 7.0.1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1105	AJA Video Systems, Inc. 443 Crown Point Circle Grass Valley, CA 95945 USA -Fred Dominikus TEL: 530-274-2048 FAX: 530-274-9442 CST Lab: NVLAP 100432-0	JPG2K (Hardware Versions: 102387-00, 102387-02 and 102387-03; Firmware Versions: 1.0, 1.5 and 1.6) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/26/2009; 01/06/2010; 10/13/2011	Overall Level: 3  -FIPS-approved algorithms: RSA (Cert. #392) -Other algorithms: N/A Multi-chip embedded "The JPG2K is a PCIe card that provides a platform for secure media processing."
1104	NitroSecurity Inc 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169 CST Lab: NVLAP 200427-0	NitroView Receiver Cryptographic Module (Hardware Version: NS-RCV-2250-R; Software Versions: 8.0.0.20080605 and 8.2.0) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/26/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroView Receiver is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1103	NitroSecurity Inc 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169 CST Lab: NVLAP 200427-0	NitroView ESM Cryptographic Module (Hardware Versions: NS-ESM-4245-R, NS-ESMR-4200-R and NS-ESM-5750-R; Software Versions: 8.0.0.20080605 and 8.2.0) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/26/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroView ESM is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1102	Hewlett-Packard Company 19091 Pruneridge Ave. MS 4441 Cupertino, CA 95014 USA -Theresa Conejero TEL: 408-447-2964 FAX: 408-447-5525 CST Lab: NVLAP 100432-0	HP StorageWorks Secure Key Manager (Hardware Version: P/N AJ087B, Version 1.1; Firmware Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2009; 09/19/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #653); DSA (Cert. #244); HMAC (Cert. #470); RNG (Cert. #375); RSA (Cert. #302); SHS (Cert. #847); Triple-DES (Cert. #604) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); KAS (vendor affirmed, key establishment methodology provides 80 bits of encryption strength); DES; MD5; RC4 Multi-chip standalone "The HP Secure Key Manager automates encryption key generation and management based on security policies. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
1101	PGP Corporation, a division of Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -Vinnie Moscaritolo TEL: 650-527-8000 FAX: 650-527-1984 CST Lab: NVLAP 200802-0	PGP Software Developer's Kit (SDK) Cryptographic Module (Software Versions: 4.0.0 and 4.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/26/2009; 07/02/2010; 07/30/2010; 01/13/2011	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Mac OS X 10.6; Linux, 32-bit: CentOS 5.4 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #905, #906 and #907); AES (Certs. #1288, #1289 and #1290); RSA (Certs. #614, #615 and #616); DSA (Certs. #414, #415 and #416); SHS (Certs. #1182, #1183 and #1184); HMAC (Certs. #748, #749 and #750); RNG (Certs. #717, #718 and #719) -Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD60; ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1100	Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972-37534561 CST Lab: NVLAP 200427-0	Check Point Crypto Core (Software Version: 1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/26/2009; 05/28/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Mobile 6.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #430); Triple-DES (Cert. #459); SHS (Cert. #499); RSA (Cert. #162); HMAC (Cert. #202); RNG (Cert. #222); Triple-DES MAC (Triple-DES Cert. #459; vendor-affirmed) -Other algorithms: Blowfish; CAST-128; CAST-256; DES; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows Mobile 6. The module provides cryptographic services accessible user mode on the respective platforms through implementation of platform specific binaries."
1099	Gemalto Austin Arboretum Plaza II 9442 Capital of Texas Hwy North Suite 4 Austin, TX 78759 USA -Pedro Martinez TEL: 512-257-3871 FAX: 512-257-3881 CST Lab: NVLAP 100432-0	Gemalto .NET Smart Card (Hardware Version: Infineon SLE 88CFX4000P; Firmware Versions: .Net Platform and Content Manager v2.2; FIPS Assembly v1.1; FIPS Access Manager v1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/10/2009; 03/19/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #719); AES (Cert. #877); RNG (Cert. #503); RSA (Cert. #424); SHS (Cert. #869); HMAC (Cert. #491) -Other algorithms: AES (key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "The Gemalto .NET v2.2 Smart Card Platform implements a subset of the .NET Framework with high end cryptographic capabilities, including Random Number Generation, on Board Key Generation, and encryption and hashing algorithms such as 3DES, AES, SHA, and 2048 bit RSA. The combination of advanced programmability provided by the .NET Framework and the high end security features make .NET v2.2 a perfect support for Enterprise and Government security solutions."
1098	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021 CST Lab: NVLAP 200017-0	FortiGate-3016B, FortiGate-3600A and FortiGate-3810A-E4 (Hardware Versions: C4XA14, V3BU94 and C3GV75; Firmware Version: FortiOS 3.00, build8785, 080605) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/10/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #612, #613 and #614); Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); SHS (Certs. #660, #661 and #662); HMAC (Certs. #315, #316 and #317); RSA (Certs. #284 and #285) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1097	NitroSecurity Inc. 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169 CST Lab: NVLAP 200427-0	NitroGuard IPS cryptographic module (Hardware Versions: NS-IPS-620R-4C-B, NS-IPS-1220R-6C-B, NS-IPS-1220R-4C-2F-B, NS-IPS-620R-4C-BFS, NS-IPS-4245-R-4BTX, NS-IPS-4245-R-4BSX; Software Versions: 8.0.0.20080605 and 8.2.0) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/03/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroGuard IPS is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device. The network interface cards do not contain any security-relevant functionality. They are within the cryptographic boundary but are excluded from the evaluation."
1096	CST Lab: NVLAP 200002-0	Validated to FIPS 140-2 Security Policy Certificate	Firmware	02/24/2009; 04/03/2009	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1095	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086-5301 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021 CST Lab: NVLAP 200017-0	FortiWiFi-50B (Hardware Version: C5WF27; Firmware Version: FortiOS 3.00, build8802,080626) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/03/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #489, #583 and #584); AES (Certs. #475, #613; #614 and #758); SHS (Certs. #543, #661 and #662); HMAC (Certs. #232, #316 and #317); RSA (Cert. #285); RNG (Cert. #345) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5; DES Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1094	ERUCES, Inc. 11142 Thompson Ave. Lenexa, KS 66219 USA -Dr. Bassam Khulusi TEL: 913-310-0888 FAX: 913-859-9797 -Oggy Vasic TEL: 913-310-0888 FAX: 913-859-9797 CST Lab: NVLAP 200017-0	Tricryption Cryptographic Module (Software Version: 7.0) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 R2; Red Hat Enterprise Linux 5 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #684); AES (Cert. #796); SHS (Cert.#795); HMAC (Cert. #437); RSA (Cert. #380); RNG (Cert. #457); ECDSA (Cert. #88) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "Tricryption Cryptographic Module is a software library providing cryptographic services for ERUCES' Tricryption family of high volume encryption & key management products including key servers, file, database, executables encryption, and special services (anonymization, de-identification, & privacy protection)."
1093	Vertex Standard Co., Ltd. 4-8-8 Nakameguro Meguro-Ku, Tokyo 153-8644 Japan -Yukimasa Tomita TEL: 81-3-5725-6112 FAX: 81-3-5725-6201 CST Lab: NVLAP 100432-0	Vertex Standard Cryptographic Module 001 (Hardware Version: P/N 013790D; Firmware Version: 71.72) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/03/2009	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #813); SHS (Cert. #813) -Other algorithms: DES; LFSR Multi-chip embedded "The Vertex Standard Cryptographic Module 001 (VSCM) is a cryptographic module (also processes digital data) that is to be incorporated into two-way digital radio products. These digital radios are for use in communication with other APCO Project 25 compatible devices."
1092	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® Crypto-C Micro Edition (Software Versions: 3.0.0.1 [1], 3.0.0.14 [2], 3.0.0.15 [3] and 3.0.0.19 [4]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/24/2009; 03/06/2009; 09/07/2010; 03/28/2011; 10/04/2011; 04/02/2012; 12/12/2012; 01/24/2013	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux AS 4.0 (x86 32-bit) with LSB 3.0.3 [1]; Windows Vista Ultimate (x86 32-bit) - Visual Studio 2005 SP1 /MD option [1]; Windows XP Professional SP2 (x86 32-bit) - Visual Studio 2005 SP1 /MT option [1]; Linux 2.6.28-rt16 PowerPC (32-bit) [2, 4]; NetBSD v2.0.3 (x86 32-bit) [3]; NetBSD v2.0.3 MIPS (RM7035c 32-bit) [3] (single user mode) -FIPS-approved algorithms: AES (Certs. #860 [1], #1771 [2, 4] and #1951 [3]); AES GCM (Certs. #860 [1], #1771 [2, 4] and #1951 [3], vendor affirmed: SP 800-38D); DRBG (Certs. #4 [1], #122 [2, 4] and #172 [3]); DSA (Certs. #311 [1], #554 [2, 4] and #623 [3]); ECDSA (Certs. #98 [1], #100 [1], #239 [2, 4], #240 [2, 4], #281 [3] and #282 [3]); HMAC (Certs. #477 [1], #1040 [2, 4] and #1177 [3]); RNG (Certs. #492 [1], #943 [2, 4] and #1027 [3]); RSA (Certs. #412 [1], #887 [2, 4] and #1012 [3]); SHS (Certs. #855 [1], #1555 [2, 4] and #1713 [3]); Triple-DES (Certs. #707 [1], #1147 [2, 4] and #1268 [3]) -Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1091	Kanguru Solutions 1360 Main St. Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200648-0	KanguruLock (Software Version: 1.0.4.25) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single user mode) -FIPS-approved algorithms: AES (Cert. #243); SHS (Cert. #321); HMAC (Cert. #51); RNG (Cert. #78) -Other algorithms: N/A Multi-chip standalone "Kanguru Solutions is the leader in portable secure storage devices. KanguruLockaddresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
1090	Proxim Wireless Corporation 1561 Buckeye Drive Milpitas, CA 95035 USA -Cor van de Water TEL: 408-383-7626 FAX: 408-383-7680 -Kishore Gandham TEL: 408-383-7665 CST Lab: NVLAP 200556-0	Tsunami MP.11 HS 245054_R, Tsunami MP.11 HS 245054_RC and Tsunami MP.11 HS 245054_S (Hardware Version: 2.0.0; Firmware Version: 1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/24/2009; 09/18/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #794 and #830); Triple-DES (Cert. #695); SHS (Cert. #826); DSA (Cert. #302); RSA (Cert. #400); HMAC (Cert. #461); RNG (Cert. #477) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Proxim Tsunami MP.11 HS 245054_R, 245054_RC, and 245054_S wireless products offer fixed and mobile WiMAX capabilities to distribute wireless broadband access supporting video, voice, and data applications. In FIPS mode, the modules support proprietary WORP protocol for wireless transmission and serial, TLS, SSH, and SNMP for management."
1089	Motorola, Inc. 6480 Via Del Oro San Jose, CA, CA 95119 USA -Colin R. Cooper TEL: 408-528-2871 FAX: 408-528-2903 CST Lab: NVLAP 200648-0	RFS7000 RF Switch (Hardware Version: RFS7000; Firmware Versions: RFS7000-1.0.0.0-020GR and RFS7000-1.0.0.0-022GR) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	02/09/2009; 06/01/2009	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "Designed for large scale, high bandwidth deployments, the RFS7000 Wireless Switch from Motorola provides robust, highly scalable support for seamless enterprise mobility. Motorola's Wi-NG architecture, optimized for enterprise mobility and multimedia applications, simplifies network deployment and management, provides superior performance, security and scalability, and supports emerging RF technologies. Built on this platform, the RFS7000 enables campus wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service (QoS) and increased voice capacity."
1088	Motorola, Inc. 6480 Via Del Oro San Jose, CA, CA 95119 USA -Colin R. Cooper TEL: 408-528-2871 FAX: 408-528-2903 CST Lab: NVLAP 200648-0	WS5100 Wireless Switch (Hardware Version: WS5100; Firmware Versions: WS5100-3.0.0.0-020GR and WS5100-3.0.0.0-022GR) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/09/2009; 06/01/2009	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #648 and #649); AES (Certs. #726, #727 and #772); SHS (Certs. #744 and #745); HMAC (Certs. #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The WS5100 Wireless Switch from Motorola provides enhanced support for enterprise mobility and multimedia applications, as well as security and manageability. Based on Motorola's Wi-NG (Wireless Next Generation) architecture, the WS5100 enables seamless campus-wide roaming, more robust failover capabilities, enhanced security, improved mobile client battery life, and increased voice capacity. Robust security features includes an IPSec VPN gateway, and secure guest access provisioning. The WS5100 supports 48 802.11 a/b/g Access Ports/Points for L2/L3 adoption and mobility."
1087	Lenel Systems International, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA -Robert Pethick TEL: 585-248-9720 FAX: 585-248-9185 CST Lab: NVLAP 100432-0	FIPS Key Generator (Software Version: 2.1) (When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode), (Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) or (Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #382 operating in FIPS mode)]) Validated to FIPS 140-2 Security Policy Certificate	Software	02/09/2009; 03/14/2012	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1; Windows 7; Windows Server 2008 (single-user mode) -FIPS-approved algorithms: AES (Certs. #327 and #1650); RNG (Certs. #149 and #882) -Other algorithms: N/A Multi-chip standalone "The FIPS Key Generator module's primary purpose is to provide a cryptographically secure means for generating 128-bit AES keys to be used as Master Keys within Lenel's Communication Server module. The FIPS Key Generator module is part of the Lenel advanced access control and alarm monitoring system which is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, biometrics and smart card support, is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1086	Lenel Systems International, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA -Robert Pethick TEL: 585-248-9720 FAX: 585-248-9185 CST Lab: NVLAP 100432-0	Communication Server (Software Versions: 5.11.216 + Hot Fix 2.0.3 and 5.12.012 + Hot Fix 2.0.3) (When operated in FIPS mode with Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #382 operating in FIPS mode and FIPS Key Generator validated to FIPS 140-2 under Cert. #1087) Validated to FIPS 140-2 Security Policy Certificate	Software	02/09/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single-user mode) -FIPS-approved algorithms: AES (Cert. #327); RNG (Cert. #149); RSA (Cert. #81); SHS (Cert. #364); RNG (vendor affirmed) -Other algorithms: RC2 Multi-chip standalone "The Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1085	Gemalto and ActivIdentity Inc. Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA -James McLaughlin TEL: 512-257-3954 FAX: 512-257-3881 -Stephane Ardiley TEL: 510-745-6288 FAX: 510-745-0101 CST Lab: NVLAP 200427-0	SafesITe TOP DL GX4 - FIPS with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV (Hardware Versions: A1005291 - CHIP.P5CD144.MPH051B, A1011108 - CHIP.P5CD144.MPH051B and A1047808 - CHIP.P5CD144.MPH051B; Firmware Version: GX4-FIPS EI08, Applet Versions: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.3, SMA applet package v2.6.2B.3) (PIV Card Application: Cert. #14) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/03/2009; 02/23/2009; 02/24/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #782); RNG (Cert. # 450); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed) -Other algorithms: N/A Single-chip "This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (128K EEPROM) memory, with a cryptographic applet suite V 2.6.2b developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container, PKI, One Time password and Secure Messaging (SMA). The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2"
1084	NetLib® A Subsidiary of Communication Horizons, LLC 65 High Ridge Road Suite 428 Stamford, CT 06905 USA -Neil Weicher TEL: 203-321-1278 x91 CST Lab: NVLAP 200416-0	NetLib® Encryptionizer® for SQL Server (Software Version: 8.601.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	02/03/2009; 06/04/2009; 04/12/2011	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server; Windows 2003 Server; Windows 2003 x64 Server (single user mode) -FIPS-approved algorithms: AES (Cert. #857); SHS (Cert. #851); HMAC (Cert. #474) -Other algorithms: N/A Multi-chip standalone "The NetLib® Encryptionizer® for SQL Server 8.601.1 provides encryption of data stored in MS SQL Server databases and backups. It can be deployed without programming and without adding any administrative overhead. The purpose of whole database encryption is to make a database unusable if it is stolen, copied, downloaded, lost, or otherwise improperly accessed."
1083	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x72921 FAX: 519-886-4839 CST Lab: NVLAP 200017-0	BlackBerry Cryptographic Kernel (Firmware Versions: 3.8.5.42[1], 3.8.5.48[1] and 3.8.5.50a[2]) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	01/22/2009; 01/30/2009; 02/24/2009	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 9000 with BlackBerry OS Versions 4.6[1][2] and 4.6.1[2] -FIPS-approved algorithms: Triple-DES (Certs. #717, #718 and #739); AES (Certs. #873, #874, #875, #876, #915 and #924); SHS (Certs. #867, #868 and #902); HMAC (Certs. #489, #490 and #511); RSA (Certs. #422, #423 and #445); RNG (Certs. #501, #502 and #525); ECDSA (Certs. #108, #109 and #113) -Other algorithms: EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1082	Teletec Corporation 5617-107 Departure Drive Raleigh, NC 27616 USA -Diane Hunter TEL: 919-954-7300 FAX: 919-954-7500 -Harry Taji TEL: +962 65824941 FAX: +962 65844950 CST Lab: NVLAP 200427-0	"Guardian" Subscriber Encryption Module (Hardware Version: R2; Firmware Versions: Main firmware: 1.00.02, Bootloader firmware: 1.00.01) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/22/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #826); SHS (Cert. #825); HMAC (Cert. #460); RNG (Cert. #476) -Other algorithms: N/A Multi-chip embedded ""Guardian" Subscriber Encryption Module (SEM) is a multi-chip embedded cryptographic module intended to be installed in conventional FM radio equipment to provide digital level of encryption with 256-bit AES cipher. Key and configuration are loaded using programming cable and specific software executed on a generic Windows personal computer. Module supports secure update of internal firmware, providing a mean for future enhancements."
1081	IBM® Corporation 11400 Burnet Road Austin, TX 78758 USA -Tom Benjamin TEL: 512-286-5319 FAX: 512-436-8009 CST Lab: NVLAP 200427-0	IBM Java JCE FIPS 140-2 Cryptographic Module (Software Version: 1.3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/22/2009; 03/13/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 using IBM JVM 1.6 (single-user mode) -FIPS-approved algorithms: AES (Cert. #805); DSA (Cert. #297); HMAC (Cert. #445); RNG (Cert. #463); RSA (Cert. #387); SHS (Cert. #803); Triple-DES (Cert. #687) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits and greater than 256-bits of encryption strength); MD5 Multi-chip standalone "The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.6 level and higher."
1080	BigFix, Inc. 1480 64th St. Suite 200 Emeryville, CA 94608 USA -Noah Salzman TEL: 510-740-0308 FAX: 510-652-6742 -Peter Loer TEL: 510-740-5158 FAX: 510-652-6742 CST Lab: NVLAP 200017-0	BigFix Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	01/07/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Operational Environment: Tested as meeting Level 2 with AIX 5.2 running on IBM P610; HP-UX 11.11 running on HP C3000; SUSE Linux Enterprise Server 9 running on IBM eServer 325; Mac OS X 10.3.6 running on iMac G4; Red Hat Enterprise Linux 4 Update 2 Advanced Server running on HP XW4100 Pentium 4; Red Hat Enterprise Linux 4 Update 2 Advanced Server 64-bit running on HP ProLiant DL145 G2; Solaris 9 SPARC running on Sun Blade 150; Solaris 10 SPARC running on Sun Blade 150; Solaris 10 x86 running on Dell Precision 650; Windows 2000 Pro with SP3 running on Dell Optiplex GX400; Windows 2003 Enterprise Edition with SP1 running on Dell Optiplex GX270; Windows XP Pro with SP2 running on Dell Optiplex GX270 -FIPS-approved algorithms: Triple-DES (Cert. #688); AES (Cert. #806); DSA (Cert. #298); SHS (Cert. #804); HMAC (Cert. #446); RSA (Cert. #388); RNG (Cert. #464) -Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The BigFix Cryptographic Module 1.0 is a software library that runs on a wide variety of computing platforms and performs encryption, hashing, and random number generation functions."