CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 4/3/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
1250 CipherOptics, Inc.
701 Corporate Center Drive
Raleigh, NC 27607
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200017-0

CipherOptics ESG100 and CipherOptics ESG1002
(Hardware Versions: ESG100, A and ESG1002, A; Firmware Version: 2.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/29/2009;
06/14/2010
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #209); RNG (Cert. #274)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength; non-compliant); MD5; HMAC MD5; DES; NDRNG

Multi-chip standalone

"The CipherOptics ESG100 and ESG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
1249 Oberthur Technologies
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

Oberthur ID-One Cosmo V7-n Lite
(Hardware Version: P/N C6; Firmware Versions: FC10 with op-codes (069778 or 017964))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/29/2009;
02/05/2010;
08/02/2010
Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); RNG (Cert. #480); RSA (Cert. #403); SHS (Cert. #833)

-Other algorithms: Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Single-chip

"This new generation Oberthur Smart Card programmable modules offers a highly secure architecture with state of the art on board cryptographic services that include Data Encryption Standard (2TDEA and 3TDEA) for symmetric encryption; Secure Hash Algorithm (SHA up to 512) for message digest; Elliptic-Curve Diffie-Hellman (ECDH) for key agreement and Digital Signature Algorithm (ECDSA up to f =521) for digital signatures. Additional features include Logical Channels and Delegated Management. The module supports Java Card 2.2.2 and Global Platform 2.1.1.A and is available in variable EEPROM sizes."
1248 Oberthur Technologies
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

Oberthur ID-One Cosmo V7-a
(Hardware Versions: P/Ns BF [1, 2], C0 [3, 4], C3 [3, 4] and CF [5, 6]; Firmware Versions: 0801 with op-codes (071621 and 070534) [1], (071621 and 071891) [2], (071631 and 070544) [3], (071631 and 071901) [4], (071641 and 070554) [5] or (071641 and 071911) [6])

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/29/2009;
02/05/2010
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #770); Triple-DES MAC (Triple-DES Cert. #770, vendor affirmed); AES (Cert. #978); RNG (Cert. #555); RSA (Cert. #471); SHS (Cert. #949)

-Other algorithms: Triple-DES (Triple-DES Cert. #770, key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Single-chip

"This new generation Smart Card programmable module offers a highly secure architecture with state of the art on board cryptographic services that include and even exceed NSA SUITE-B cryptography with Advanced Encryption Standard (AES up to 256); Secure Hash Algorithm (SHA up to 512); Elliptic-Curve Diffie-Hellman (ECDH) and Digital Signature Algorithm (ECDSA up to P-521). The module supports Java Card 2.2.2 and Global Platform 2.1.1.A with Delegated Management, and is available with contact (ISO 7816) and contactless (ISO 14443) communication interfaces."
1247 Good Technology, Inc.
430 N. Mary Avenue
Suite 200
Sunnyvale, CA 94085
USA

-Rick Pitz
TEL: 408-212-7878

CST Lab: NVLAP 200002-0

FIPSCrypto on Windows Mobile
(Software Version: 4.7.0.50906)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/29/2009;
02/05/2010;
06/02/2010;
10/25/2010;
01/20/2011;
07/19/2011;
10/18/2011;
04/04/2012;
09/27/2012;
10/25/2012;
04/24/2013;
10/18/2013
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows CE 5.2

-FIPS Approved algorithms: AES (Cert. #1219); Triple-DES (Cert. #879); SHS (Cert. #1122); HMAC (Cert. #712)

-Other algorithms: N/A

Multi-chip standalone

"The FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1."
1246 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-923-3206
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: MAXQ1959B-F50#; Firmware Version: 9.01.00; Indicia Type 0, 1, 2, 5, 7 and 8)

(When operated in FIPS mode and configured by Pitney Bowes, Inc.)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/29/2009 Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS Approved algorithms: DSA (Cert. #363); HMAC (Cert. #631); RNG (Cert. #623); SHS (Cert. #1043); Triple-DES (Cert. #817); Triple-DES MAC (Triple-DES Cert. #817, vendor affirmed)

-Other algorithms: RNG (non-compliant)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
1243 Secure64 Software Corporation
5600 South Quebec Street
Suite 320D
Greenwood Village, CO 80111
USA

-Christopher Worley
TEL: 303-242-5890
FAX: 720-489-0694

CST Lab: NVLAP 200416-0

Secure64 Cryptographic Module
(Firmware Version: 1.2)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 12/29/2009 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx2660; Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx3600

-FIPS Approved algorithms: AES (Certs. #882 and #956); Triple-DES (Cert. #722); RNG (Cert. #507); SHS (Certs. #874 and #936); HMAC (Cert. #580); DSA (Cert. #350); RSA (Certs. #495 and #426)

-Other algorithms: N/A

Multi-chip standalone

"The Secure64 Cryptographic Module is a firmware module designed for use only with systems based on Secure64 SourceT, a limited operational environment running on an Intel Itanium-based server platform. The Secure64 Cryptographic Module provides cryptographic functions that can be used by applications running in this environment. Example applications include DNSSEC signing (secure DNS using digital signatures), certificate management applications, etc. Example functions include key generation, secure key storage, encryption, decryption, hashing, and digital signing."
1242 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 94002
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM)
(Hardware Versions: Chassis: Catalyst 6506 switch with FIPS Kit P/N 800-27009 [1], Catalyst 6506-E switch with FIPS Kit P/N 800-27009 [2], Catalyst 6509 switch with FIPS Kit P/N 800-26335 [3] and Catalyst 6509-E switch with FIPS Kit P/N 800-26335 [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL and WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2(18)SXF11, Cisco IOS Release 12.2.33-SXH5 and Cisco IOS Release 12.2(18)SXF7; WiSM: 5.2.157.0, 5.2.178.5, 5.2.193.0 and 5.2.193.11; Hardware))

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/29/2009;
07/02/2010;
07/30/2010;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
1241 Bloombase, Inc.
955 Benecia Avenue
Sunnyvale, CA 94085
USA

-Certification Team
TEL: 855-256-6622
FAX: 650-618-9898

CST Lab: NVLAP 200427-0

Bloombase Cryptographic Module
(Software Version: 8.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/29/2009;
07/02/2010;
01/24/2013;
03/15/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Bloombase SpitfireOS 5 (single-user mode), JRE 1.6

-FIPS Approved algorithms: AES (Cert. #1041); HMAC (Cert. #583); RSA (Cert. #496); RNG (Cert. #591); SHS (Cert. #991)

-Other algorithms: N/A

Multi-chip standalone

"Bloombase Cryptographic Module for multi-platforms is a scalable, generic and multipurpose module used by various Bloombase products, performing a broad range of approved cryptographic operations including encryption, key generation, key storage and zeroization, signature generation and verification, hashing, keyed hashing and random number generation, supporting services including cryptography, authentication, PKCS and key management, etc."
1239 Giesecke & Devrient and ActivIdentity Inc.
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Michael Poitner
TEL: 650-312-1241
FAX: 650-312-8129

-Stephane Ardiley
TEL: 510-745-6288
FAX: 510-745-0101

CST Lab: NVLAP 200427-0

Sm@rtCafé Expert 3.2 by Giesecke & Devrient with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV
(Hardware Versions: P5CD080 M8.4 [1], P5CD080 PDM1.1 [1], P5CD144 M8.4 [2] and P5CD144 PDM1.1 [2]; Firmware Versions: CPDIxJC_RSEFI025CD080V402 [1] and CPDYxJC_RSEFI025CD144V503 [2], Applet Versions [1,2]: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.4, SMA applet package v2.6.2B.3)

(PIV Card Application: Cert. #17)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/07/2009;
01/11/2012;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #745 and #746); DSA (Certs. #277 and #278); RSA (Certs. #350 and #351); RNG (Certs. #433 and #434); SHS (Certs. #760 and #761); Triple-DES (Certs. #662 and #663); Triple-DES MAC (Triple-DES Certs. #662 and #663, vendor affirmed); CVL (Cert. #213)

-Other algorithms: DES; DES MAC; DSA (512-bits and 768-bits; non-compliant)

Single-chip

"This product combines the Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert(SCE) 3.2 and the ActivIdentity(AI) Applet framework v2.6.2b. SCE 3.2 is a JC2.2.1 & GP2.1.1 compliant dual-interface module supporting, at a minimum 2048-bit RSA, SHA-256 hash and 256-bit AES. AI Applet framework works over dual-interface and supports GSC-IS v2.1 & NIST SP800-73-1(for HSPD-12/PIV). The product supports Secure issuance and post-issuance along with SMA protocol(secure messaging) and One Time Password solution. Combined product is suitable for government and corporate deployments"
1237 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Library
(Software Version: 2.0.0.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/07/2009 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional 2002 with SP3, 32-bit edition (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #819); AES (Cert. #1122); SHS (Cert. #1045); HMAC (Cert. #633); RNG (Cert. #625); ECDSA (Cert. #131)

-Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry½ Cryptographic Library is a software module that provides cryptographic services to many BlackBerry½ desktop products such as the BlackBerry½ Enterprise Server, BlackBerry½ Desktop Software, and many other BlackBerry½ products."
1236 Oberthur Technologies
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

-N/A
TEL: N/A
FAX: N/A

CST Lab: NVLAP 100432-0

Oberthur ID-One Cosmo V7-n
(Hardware Versions: P/Ns B0 [1,2], BA [1,2], C8 [1,2], C4 [1,2], C7 [1,2] and CA [1,2]; Firmware Versions: FC10 with op-codes 069778 [1] or 071964 [2])

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/07/2009;
02/05/2010;
08/02/2010
Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); AES (Cert. #840); RNG (Cert. #480); RSA (Cert. #403); SHS (Cert. #833)

-Other algorithms: Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Single-chip

"This new generation Smart Card programmable module offers a highly secure architecture with state of the art on board cryptographic services that include and even exceed NSA SUITE-B cryptography with Advanced Encryption Standard (AES up to 256); Secure Hash Algorithm (SHA up to 512); Elliptic-Curve Diffie-Hellman (ECDH) and Digital Signature Algorithm (ECDSA up to P-521). The module supports Java Card 2.2.2 and Global Platform 2.1.1.A with Delegated Management, and is available with contact (ISO 7816) and contactless (ISO 14443) communication interfaces."
1235 Advanced Communications Concepts Inc
8831 N.Capital of Texas Highway
Suite 212
Austin, TX 78759
USA

-Eric Sweeney
TEL: 512-275-6245

CST Lab: NVLAP 200427-0

TUCrypt Cryptographic Module
(Software Version: 2.32.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/07/2009;
01/28/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Pro (32-bit edition), Microsoft Windows Vista (32-bit and 64-bit editions), and Microsoft Windows 7 (32-bit and 64-bit editions) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1057, #1058 and #1102); SHS (Certs. #1003, #1004 and #1025); HMAC (Certs. #595, #596 and #616)

-Other algorithms: AES (Certs. #1057, #1058 and #1102, key wrapping)

Multi-chip standalone

"The TUCrypt Cryptographic Module is a multi-chip standalone software module that executes on a IBM compatable personal computer. The software module is intended to be used by other ACCI software to provide FIPS 140-2 approved cryptographic services."
1234 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-923-3206
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: MAXQ1959B-F50#; Firmware Versions: 6.01.02 and 8.01.03; Indicia Type 0, 2 and 5)

(When operated in FIPS mode and configured by Pitney Bowes, Inc.)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2009;
01/06/2010
Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS Approved algorithms: DSA (Cert. #353); RNG (Cert. #604); SHS (Cert. #1010); Triple-DES (Cert. #797); Triple-DES MAC (Triple-DES Cert. #797; vendor-affirmed)

-Other algorithms: RNG (non-compliant)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
1233 Brocade Communications
1745 Technology Drive
San Jose, CA 95110
USA

-Greg Farris
TEL: 408-333-7315
FAX: 408-333-8101

CST Lab: NVLAP 100432-0

Brocade 7500 SAN Extension Switch Cryptographic Module
(Hardware Version: P/N Brocade 7500 Version H; Firmware Version: Fabric OS v6.0.0)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2009 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #731); Triple-DES (Cert. #652); SHS (Cert. #749); HMAC (Cert. #397); RNG (Cert. #426); RSA (Cert. #342)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Brocade 7500 SAN Extension Switch Cryptographic Module provides an enterprise building block for consolidation, data mobility, and business continuity solutions that improve efficiency and cost savings. It combines FCIP extension with Fibre Channel switching and routing to provide local and remote storage and SAN connectivity while isolating SAN fabrics and IP WAN networks."
1232 Brocade Communications
1745 Technology Drive
San Jose, CA 95110
USA

-Greg Farris
TEL: 408-333-7315
FAX: 408-333-8101

CST Lab: NVLAP 100432-0

Brocade DCX Backbone and 48000 Director
(Hardware Version: P/Ns Brocade DCX Version C and Brocade 48000 Version L; Firmware Version: Fabric OS v6.0.0)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/30/2009 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #731); Triple-DES (Cert. #652); SHS (Cert. #749); HMAC (Cert. #397); RNG (Cert. #426); RSA (Cert. #342)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Brocade DCX Backbone consolidates server-to-server, server-to-storage and storage-to-storage traffic into a logical, multiprotocol infrastructure. It is designed to support existing and emerging protocols, including 8Gb Fibre Channel, FICON®, FCIP, IPFC, 10 Gigabit Ethernet, Converged Enhanced Ethernet (CEE), and Fibre Channel over Ethernet (FCoE). The Brocade 48000 Director delivers 4, 8, and 10 Gbit/sec Fibre Channel performance, high availability and multiprotocol connectivity, including Fibre Channel Routing, FCIP, iSCSI, and fabric-based applications."
1231 MeshDynamics, Inc.
2953 Bunker Hill Lane
Suite 400
Santa Clara, CA 95054
USA

-Francis daCosta
TEL: 408-373-7700
FAX: 408-516-8987

CST Lab: NVLAP 200648-0

MD4000-FIPS Structured Mesh™ Module
(Hardware Version: MD4000-FIPS; Firmware Version: 2.5.72)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/30/2009 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #728); SHS (Cert. #746); RNG (Cert. #425); HMAC (Cert. #394)

-Other algorithms: RC4; MD5; HMAC-MD5; AES (Cert. #728; key wrapping; key establishment methodology provides 128 bits of encryption strength)

Multi-chip standalone

"Multi-Radio Wireless Mesh Networking Node. Nodes connect to each other forming a "MESH" network. Data from Client devices connected to the mesh node, is routed according to the destination address. Client devices need to authenticate before they can join the network. All data from client is encrypted using AES-CCM using temporal keys generated using WPA2/802.11i standard."
1230 Tropos Networks
555 Del Rey Ave.
Sunnyvale, CA 94085
USA

-Roman Arutyunov
TEL: 408-331-6825
FAX: 408-331-6801

-Sreedhar Kamishetti
TEL: 408-331-6881
FAX: 408-331-6801

CST Lab: NVLAP 200427-0

Tropos Control Element Management System
(Software Version: 7.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/30/2009 Overall Level: 1 

-Roles, Services, and Authentication: Level 3

-Operational Environment: Tested as meeting Level 1 with CentOS 5 (x86) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1084 and #1086); Triple-DES (Certs. #799 and #800); SHS (Certs. #1018 and #1019); HMAC (Certs. #608 and #609); RNG (Certs. #608 and #609); RSA (Certs. #511 and #512)

-Other algorithms: Blowcrypt; MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Tropos Control is a comprehensive management system that streamlines the deployment, optimization, maintenance, and control of large-scale wireless networks. Tropos Control uses FIPS 140-2 approved algorithms to provide secured communication to Tropos routers and to its web-based client application."
1229 BitArmor Systems, Inc.
Three Gateway Center
401 Liberty Avenue
Suite 1900
Pittsburgh, PA 15222
USA

-Hugh Docherty

CST Lab: NVLAP 200556-0

BitArmor Secure Cryptographic Engine
(Software Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 11/30/2009;
12/11/2009
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (32-bit); SuSE Linux Enterprise Server 10.0 (32-bit); Windows Server 2003 (32-bit); Windows Server 2008 (64-bit); Windows 7 Enterprise (32-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1101); Triple-DES (Cert. #802); SHS (Cert. #1024); HMAC (Cert. #614); RNG (Cert. #613)

-Other algorithms: DES; MD5; HMAC-MD5

Multi-chip standalone

"BitArmor DataControl is an advanced software solution that provides disk encryption and device independent file/folder encryption. It provides precise access control for data on the Windows operating system. BitArmor DataControl includes automatic key management that is transparent to users and a central console for management of users and access privileges."
1228 Atos Wordline S.A./N.V.
Haachtsesteenweg 1442 ChaussTe de Haecht
Brussels, 1130
Belgium

-Filip Demaertelaere
TEL: +32-2-727-6167
FAX: +32-2-727-6250

-Sam Yala
TEL: +32-2-727-6194
FAX: +32-2-727-6250

CST Lab: NVLAP 200636-0

DEP/PCI v4
(Hardware Versions: PCI card: 033-120010-1.0; Alarm card: 033-120020-2.0; Firmware Versions: Boot firmware: 4.0.l; FPGA firmware: 661442; Alarm firmware: 5.0.m)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/24/2009 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #883); SHS (Cert. #875)

-Other algorithms: N/A

Multi-chip embedded

"The DEP/PCI (a PCI adapter board) is a hardware cryptographic module, also known as a hardware security module (HSM). Its boot software together with its cryptographic coprocessor implements different cryptographic algorithms which are used for secure key entry, secure application loading and secure boot firmware update. The alarm firmware implements the tamper detection and tamper responsive logic."
1227 Kingston Technology, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

-John Terpening
TEL: 714-427-3743
FAX: 714-435-2628

CST Lab: NVLAP 100432-0

DataTraveler 5000 (DT5000)
(Hardware Version: P/N 88007021F, Version 01.00.02; Firmware Version: 03.00.04)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/07/2009 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1015 and #1016); SHS (Certs. #972, #973 and #974); ECDSA (Cert. #122); DRBG (Cert. #10); RNG (Cert. #582); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Kingston's ultra-secure DataTraveler 5000 USB Flash drive protects sensitive data with FIPS 140-2 Level 2 certification and 256-bit AES hardware-based encryption in XEX mode. Secured by Spyrus, DT5000 uses elliptic curve cryptography encryption algorithms (ECC) that meet the Suite B standards approved by the U.S. government. The drive features complex password protection and locks down after 10 intrusion attempts. DT5000 is waterproof (up to 4 feet) and features a rugged, titanium-coated steel casing."
1226 Eastman Kodak Company
343 State Street
Rochester, NY 14650
USA

-Nancy Telfer
TEL: 585-477-8399
FAX: 585-477-8789

CST Lab: NVLAP 200427-0

Eastman Kodak Company® Secure Module 3000
(Hardware Version: 4F6138 Version A; Firmware Version: 1.0-068)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/24/2009 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1071, #1072 and #1076); HMAC (Certs. #603 and #604); RNG (Cert. #606); RSA (Cert. #508); SHS (Certs. #1012 and #1013)

-Other algorithms: HMAC-MD5; MD5; RSA (key wrapping; key establishment methodology provides 112-bits of encryption strength)

Multi-chip embedded

"The Kodak Secure Module 3000 is a fully DCI compliant cryptographic module that is the core of the Kodak Digital Cinema content playback system. The Secure Module converts the packaged, compressed and encrypted data into raw image, sound, subtitles and auxiliary data used in exhibition. It performs security functions such as media decryption, link encryption, forensic watermarking, and key management."
1225 SafeNet, Inc.
20 Colonnade Road
Ottawa, Ontario K2E 7M6
Canada

-Iain Holness
TEL: 613-221-5049
FAX: 613-723-5079

CST Lab: NVLAP 200002-0

SafeEnterpriseTM Encryptor, Model 650
(Hardware Version: 904-23160-007; Firmware Version: 3.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/24/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #268); AES (Certs. #391 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The SafeEnterpriseTM SONET Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network."
1224 BeCrypt Limited
130 Shaftesbury Avenue
London, W1D 5EU
United Kingdom

-Dr. Pali Surhar, Certification Manager
TEL: +44 (0)845 838 2050
FAX: +44 (0)845 838 2060

CST Lab: NVLAP 200017-0

BeCrypt Cryptographic Library
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 11/24/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional 32-bit with SP3; Windows XP Professional 64-bit with SP2; Linux Ubuntu 8.10; MAC OS X (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1087 and #1088); SHS (Certs. #1020 and #1021); RNG (Cert. #610); RSA (Cert. #513); HMAC (Certs. #610 and #611)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; Triple-DES (non-compliant); RC2

Multi-chip standalone

"The BeCrypt Cryptographic Library provides core cryptographic functionality for BeCrypt's Enterprise security products including a range of market leading disk encryption, media encryption and data protection products. The cryptographic library provides a capability to develop complex and flexible security applications that require cryptographic functionality in both pre-OS and 32 bit/64 bit operating environments."
1223 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085-4121
USA

-Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200017-0

ProxySG 510 and ProxySG 810
(Hardware Versions: 100-02639, 106-02838, 106-02868, 100-02641, 106-02834 and 106-02884; Firmware Version: 5.3.1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/17/2009;
12/13/2011
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #859); Triple-DES (Cert. #706); RSA (Cert. #413); DSA (Cert. #310); SHS (Cert. #854); HMAC (Cert. #476); RNG (Cert. #491)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet), and to provide acceleration and compression of transmitted data. The ProxySG is one of several appliance lines manufactured by Blue Coat"
1222 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085-4121
USA

-Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200017-0

ProxySG 8100
(Hardware Versions: 100-02644, 106-02835 and 106-02883; Firmware Version: 5.3.1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/17/2009;
12/07/2011
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #859); Triple-DES (Cert. #706); RSA (Cert. #413); DSA (Cert. #310); SHS (Cert. #854); HMAC (Cert. #476); RNG (Cert. #491)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet), and to provide acceleration and compression of transmitted data. The ProxySG is one of several appliance lines manufactured by Blue Coat"
1221 Bull SAS
Rue Jean Jaurès
B.P.68
Les Clayes sous Bois, 78340
France

-Jean-Luc CHARDON
TEL: +33 1 30 80 79 14
FAX: +33 1 30 80 78 87

-Pierre-Jean AUBOURG
TEL: +33 1 30 80 77 02
FAX: +33 1 30 80 78 87

CST Lab: NVLAP 200017-0

CHR Cryptographic Module
(Hardware Version: 003/A [1] or 004/A [2]; Firmware Version: V1.02-00L [1] or V1.03-00L [2])

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/17/2009;
07/05/2011
Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS Approved algorithms: RSA (Cert. #438); SHS (Cert. #893)

-Other algorithms: N/A

Multi-chip standalone

"The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR."
1220 SkyRecon Systems
8 rue La Fayette
Paris, 75009
France

-Patrick Prajs
TEL: +33 (0)1 73 54 02 60

-Jean-Baptiste LERNOUT
TEL: 33 (0)1.73.54.02.72

CST Lab: NVLAP 200697-0

SkyRecon Cryptographic Module (SCM)
(Software Version: 1.04)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/03/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional with SP3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #931); SHS (Cert. #914); RNG (Cert. #532); HMAC (Cert. #613)

-Other algorithms: N/A

Multi-chip standalone

"SkyRecon Cryptographic Module (SCM) is a software-based dynamically linked cryptographic library containing several validated cryptographic algorithms. Software developers can link the SkyRecon Cryptographic Module (SCM) into their applications to provide FIPS 140-2 compliant cryptographic support."
1219 Check Point Software Technologies Ltd.
12007 Sunrise Valley Dr.
Suite 130
Reston, VA 20191
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972 3-7534561

CST Lab: NVLAP 200002-0

VPN-1 [1] and Security Gateway with firewall and vpn Software Blades [2]
(Firmware Versions: NGX R65 with hot fix HFA 30 [1] and R70.1 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 10/27/2009;
11/20/2009;
07/27/2011
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-Tested: Dell PowerEdge 1750 and Power-1 5070 with Check Point SecurePlatform Operating System, version NGX R65 HFA 30

-FIPS Approved algorithms: Triple-DES (Certs. #338, #733, #824, #825, #1114 and #1115); AES (Certs. #257, #1130 and #1728); SHS (Certs. #332, #890, #1053, #1054, #1511 and #1512); HMAC (Certs. #67, #502, #642, #643, #1003 and #1004); RSA (Certs. #66, #132, #537 and #853); RNG (Certs. #90, #628 and #917)

-Other algorithms: CAST 40 bit; CAST 128 bit; DES (Cert. #314); MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Check Point's Security Gateway Software Blades R70.1 and VPN-1 R65 with hot fix HFA 30 provide an integrated software solution combining a firewall, vpn, and the hardened SecurePlatform operating system. Designed to meet the requirements of Internet, intranet, and extranet vpns it provides secure connectivity to corporate networks with remote and mobile users, branch offices, and business partners."
1218 3e Technologies International, Inc.
9715 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-636S-1 Accelerated Crypto Module
(Hardware Version: 1.0(A); Firmware Version: 4.3.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2009 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1022 and #1023); Triple-DES (Certs. #783 and #784); SHS (Certs. #976 and #977); HMAC (Certs. #571 and #572); RNG (Cert. #583); RSA (Cert. #490)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5

Multi-chip embedded

"3eTI's 3e-636S-1 Accelerated Crypto Module provides AES and Triple-DES data encryption, SHS secure hashing, and HMAC keyed hashing at very high levels of sustained bandwidth. The 3e-636S-1 leverages built-in hardware-based cryptography to greatly accelerate device performance. The 3e-636S-1 is a robust, stand-alone inline encryptor which can straightforwardly be inserted into a network where FIPS 140-2 Validation is required. The 3e-636S-1 helps customers meet Federal Cryptography requirements at extremely high levels of performance, where traditional software-based algorithm implementation"
1217 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-546-4744

CST Lab: NVLAP 100432-0

Cygnus X3 PSD Cryptographic Module
(Hardware Version: P/N 1R84000 Version A; Software Version: 01.05.05; Firmware Version: 01.00.06)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2009 Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS Approved algorithms: DSA (Cert. #234); SHS (Cert. #650); AES (Cert. #600); RNG (Cert. #592); HMAC (Cert. #311)

-Other algorithms: N/A

Single-chip

"The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1216 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Peter Hayman
TEL: 919-462-1900 x273
FAX: (919) 462-1933

CST Lab: NVLAP 200002-0

SafeEnterprise™ Encryptor, Model 600
(Hardware Versions: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10014-00x, 904-10112-00x, 904-10113-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-25005-00x, 904-30013-00x, 904-511i0-00x and 943-511i0-00x; Firmware Version: 3.4.0.1)

(Note: Refer to the cryptographic module’s security policy for the details on the letter i and x designations)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2009 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #647); AES (Certs. #711, #713 and #725); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); DSA (non-compliant)

Multi-chip standalone

"The SafeEnterprise™ Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks."
1215 SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131-2203
USA

-Tom Dickens
TEL: 408-392-9131
FAX: 408-392-0319

CST Lab: NVLAP 100432-0

Hydra PC FIPS Sector-based Encryption Module
(Hardware Version: P/N 88007021F, Version 01.00.02; Firmware Version: 03.00.04)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/22/2009;
05/05/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1015 and #1016); SHS (Certs. #972, #973 and #974); ECDSA (Cert. #122); DRBG (Cert. #10); RNG (Cert. #582); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength)

-Other algorithms: EC-Diffie-Hellman (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength)

Multi-chip standalone

"The Hydra PC FIPS Sector-based Encryption Module provides hardware-based, sector by sector full disk encryption providing the protective military strength of the U. S. Government's Suite B algorithm standards, including AES, ECDSA, SHA-2, and EC-DH. The USB encryption device comes with an easy to use, user-friendly interface that operates on the Microsoft Windows operating systems without installing any drivers."
1214 Juniper Networks, Inc.
One Rogers St.
Sixth Floor
Cambridge, MA 02142
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Odyssey Security Component Portable
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/19/2009;
12/11/2013
Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #785 and #786); Triple-DES (Cert. #680); SHS (Cert. #788); HMAC (Cert. #431); DSA (Cert. #294); RSA (Cert. #374); RNG (Cert. #452)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / Portable is a C language version that can be compiled without modification for a variety of operating systems."
1213 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 94002
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco 4402 and 4404 Wireless LAN Controllers
(Hardware Versions: 4402, Revision Number A0 and 4404, Revision Number A0; with FIPS Kit AIRWLC4400FIPSKIT=, version A0; with Opacity Baffle Version 1.0; Firmware Versions: 5.2.157.0, 5.2.178.5, 5.2.193.0 and 5.2.193.11)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/19/2009;
11/20/2009;
07/02/2010;
07/30/2010;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
1212 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

Voice Processing Module Cryptographic Module (VPMCM) /Telephone Media Gateway Cryptographic Module (TMGCM)
(Hardware Versions: VPMCRYPTO_B or VPMCRYPTO_C; Firmware Versions: R01.01.03, R01.01.04, R01.01.05, R01.02.08, R01.05.00 or R01.07.00)

(When operated in FIPS mode with AES Cert. #819)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/19/2009;
12/06/2010;
07/05/2011;
06/14/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); DVP-XL; DVI-XL; DES-XL; LFSR; ADP

Multi-chip embedded

"The Motorola Voice Processing Module Cryptographic Module provides cryptographic services to the Voice Processing Module in which it is embedded. The Voice Processing Module provides dispatch console audio routing between a dispatch operator (e.g., 911 dispatcher), peripherals, and a local network."
1211 Motorola, Inc.
1 Motorola Plaza
Holtsville, NY 11742
USA

-Steven Chew
TEL: 631-738-3507
FAX: 631-738-4164

-Bert Scaramozzino
TEL: 631-738-3215
FAX: 631-738-4164

CST Lab: NVLAP 200648-0

Motorola Wireless Fusion on Windows CE Cryptographic Module
(Hardware Version: CX 55222; Software Version: 3.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 11/18/2009;
05/05/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows CE 6.0

-FIPS Approved algorithms: AES (Certs. #1035 and #1037); SHS (Cert. #988); HMAC (Cert. #581)

-Other algorithms: RC4; TKIP

Multi-chip standalone

"Motorola Wireless Fusion Cryptographic Module is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
1210 Motorola, Inc.
1 Motorola Plaza
Holtsville, NY 11742
USA

-Steven Chew
TEL: 631-738-3507
FAX: 631-738-4164

-Bert Scaramozzino
TEL: 631-738-3215
FAX: 631-738-4164

CST Lab: NVLAP 200648-0

Motorola Wireless Fusion on Windows Mobile Cryptographic Module
(Hardware Version: CX 55222; Software Version: 3.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 11/18/2009;
05/05/2010;
06/02/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Mobile 6.1 and 6.5

-FIPS Approved algorithms: AES (Certs. #1036 and #1038); SHS (Cert. #989); HMAC (Cert. #582)

-Other algorithms: RC4; TKIP

Multi-chip standalone

"Motorola Wireless Fusion Cryptographic Module is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
1209 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Peter Hayman
TEL: 919-462-1900 x273
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeEnterprise™ Encryptor, Model 650
(Hardware Versions: 904-53260-007 and 943-53270-007; Firmware Versions: 3.4.0.1 and 3.4.0.2)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/19/2009;
08/02/2010
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #647); AES (Certs. #710, #725 and #964); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); DSA (non-compliant)

Multi-chip standalone

"The SafeEnterprise™ Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
1208 ARX (Algorithmic Research)
10 Nevatim Street
Kiryat Matalon, Petach Tikva 49561
Israel

-Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0

CoSign
(Hardware Version: 4.0; Firmware Version: 4.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/19/2009 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #498 and #523); Triple-DES MAC (Triple-DES Cert. #498, vendor affirmed); SHS (Certs. #554 and #586); HMAC (Cert. #241); RNG (Cert. #265); RSA (Cert. #227)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data."
1207 Juniper Networks, Inc.
One Rogers St.
Sixth Floor
Cambridge, MA 02142
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Odyssey Security Component User Mode and Odyssey Security Component Kernel Mode
(Software Versions: Version 2.0 (Odyssey Security Component User Mode) and Version 2.0 (Odyssey Security Component Kernel Mode))

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/19/2009;
12/11/2013
Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2; Microsoft Windows 2000 SP3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / User Mode is a user mode binary module for the Windows operating system. OSC / Kernel Mode is a kernel-mode binary module for the Windows operating system."
1206 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 94002
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Catalyst 3750G Integrated Wireless LAN Controller
(Hardware Versions: P/N WS-C3750G, Version 02 and P/N 69-1707-01 (FIPS Kit); Firmware Versions: 5.2.157.0, 5.2.178.5, 5.2.193.0 and 5.2.193.11)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/19/2009;
11/20/2009;
07/02/2010;
07/30/2010;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 3750G Wireless LAN Controller provides centralized control and scalability for medium to large-scale wireless LAN networks and supports IEEE 802.11i wireless security and is Wi-Fi certified for WPA2. Cisco WLAN Controllers support voice, video, data services, intrusion protection (including Management Frame Protection (MFP), intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the U.S. Department of Defense (DoD)."
1205 Lexar Media, Inc.
47300 Bayside Parkway
Fremont, CA 94538
USA

-Mehdi Asnaashari
TEL: 510-413-1200
FAX: 510-440-3499

CST Lab: NVLAP 100432-0

JumpDrive SAFE S3000
(Hardware Versions: P/Ns LAD2GBCENAG600 [1,2], LAD4GBCENAG600 [1,2], LAD8GBCENAG600 [1,2] and LAD16GCENAG600 [1,2], Versions FC4410-EF-AB [1] and FC4410-EF-AC [2]; Firmware Version: 1511)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/19/2009 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #877 and #990); HMAC (Cert. #491); RNG (Cert. #503); RSA (Cert. #424); SHS (Certs. #869 and #957); Triple-DES (Cert. #719)

-Other algorithms: AES (Cert. #877, key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Lexar Media introduces JumpDrive SAFE S3000, the world's first FIPS 140-2 Level 3 approved secure USB flash drive. The advanced flash drive combines an onboard cryptographic controller that encrypts all data stored on the secure partition by approved hardware-based AES 256bit, a smartcard chip that provides key management through proven technology, and a ruggedized tamper resistant housing to create a complete portable secure storage solution for all users looking to protect their data. For more information please visit http://www.lexar.com."
1204 Midland Radio Corporation
5900 Parretta Drive
Kansas City, MO 64120
USA

-David Berneking
TEL: 816-462-0421

CST Lab: NVLAP 200427-0

Midland Radio Base Station Cryptographic Module
(Hardware Versions: 91-1060A, 91-1060B, 91-1110A, 91-1110B, 91-4050A, 91-4050B, 91-4100A, 91-4100B, 91-4100C, 91-4100D, 91-7100B and 91-8100B; Firmware Version: FIPS_ver010b)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #485); SHS (Cert. #945); HMAC (Cert. #548); DRBG (Cert. #7)

-Other algorithms: DES

Multi-chip standalone

"The Midland BTIII Base Stations provide Project 25 encrypted and clear voice, data and Short Message Service communications in accordance with the Project 25 Digital Land Mobile Radio standards suite. In addition, conventional analog radio voice communications are supported. It is multi-chip standalone cryptographic module validated at a FIPS 140-2 Security Level 1."
1203 Thales - nCipher
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect
(Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500, nC4033E-030, nC4033E-6K0N, nC4033E-1K5N and nC4033E-500N, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
12/08/2009;
02/17/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, nShield 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1202 Thales - nCipher
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 500 and nShield F2 10 PCI
(Hardware Versions: nC3023P-500, nC3023P-10, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #994 an #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1201 Thales - nCipher
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 4000, nShield F2 2000 and nShield F2 500
(Hardware Versions: nC3023P-4K0, nC3023P-2K0, and nC3123P-500, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1200 Thales - nCipher
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI
(Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10; Build Standard N; Firmware Versions: 2.38.4-2 and 2.83.7-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #994 and #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1199 Thales - nCipher
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 4000, nShield F3 2000, nShield F3 2000 for NetHSM, nShield F3 500 and nShield F3 500 for NetHSM
(Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3 +EFP/EFT
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1198 Thales - nCipher
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI
(Hardware Versions: nC4033P-500, nC4033P-500N, and nC4033P-10, Build Standard N; Firmware Versions: 2.38.4-3 and 2.38.7-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #994 and #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nCipher modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1197 Thales - nCipher
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect
(Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500, nC4033E-030, nC4033E-6K0N, nC4033E-1K5N and nC4033E-500N, Build Standard N; Firmware Versions: 2.38.4-3 and 2.38.7-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
12/08/2009;
02/17/2010
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, nShield 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1196 Thales - nCipher
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e
(Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3032E-030, Build Standard N; Firmware Versions: 2.38.4-2 and 2.38.7-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1195 Thales - nCipher
92 Montvale Ave.
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200017-0

nShield F3 4000, nShield F3 2000, nShield F3 2000 for NetHSM, nShield F3 500 and nShield F3 500 for NetHSM
(Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Versions: 2.38.4-3 and 2.38.7-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/06/2009;
02/17/2010
Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS Approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564)

-Other algorithms: ARC FOUR; Aria; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DSA (FIPS 186-3; non-compliant); ECDSA (FIPS 186-3; non-compliant)

Multi-chip embedded

"The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1194 Juniper Networks, Inc.
One Rogers St.
Sixth Floor
Cambridge, MA 02142
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Network Connect Cryptographic Module
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/06/2009;
12/11/2013
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP Professional SP2 running on a Dell Optiplex GX270; Microsoft Windows 2000 Professional SP3 running on a Dell Optiplex GX400

-FIPS Approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Juniper Network Connect Cryptographic Module (JNCCM) is a general purpose cryptographic library. The JNCCM is a user mode binary module for the Windows operating system."
1193 Neopost Technologies
113 Rue Jean Marin Naudin
Bagneux, 92220
France

-Nathalie Tortellier
TEL: 33 1 45 36 30 00
FAX: 33 1 45 36 30 10

CST Lab: NVLAP 100432-0

PSD Models C22, C28, C35 and C56
(Hardware Versions: P/N 4129955LD or P/N 4150859LB; Firmware Versions: P/N 4148747LA Version 22.12.2, P/N 4151948VA Version 23.06 or P/N 4151948VB Version 23.08)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/06/2009;
04/09/2010;
01/13/2011;
03/15/2011;
07/05/2011;
12/01/2011;
04/12/2012;
01/01/2014
Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS Approved algorithms: AES (Cert. #563); SHS (Cert. #629); RNG (Cert. #328); RSA (Cert. #260); HMAC (Cert. #300);

-Other algorithms: ECDSA (Cert. #62; non-compliant); RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength; non-compliant)

Multi-chip embedded

"Neopost Canadian PSD (Postal Secure Device) for Low to High Range Franking machines."
1192 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81-46-202-8074
FAX: +81-46-202-6304

CST Lab: NVLAP 100432-0

Sony Security Module
(Hardware Version: 1.0.0; Firmware Version: 1.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/06/2009;
01/06/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #901 and #902); RNG (Cert. #517); RSA (Cert. #437); SHS (Cert. #882)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Sony Security Module (SSM) is a multi-chip embedded cryptographic module that is encapsulated in a hard opaque commercial grade metal case. The cryptographic boundary is defined as the entire metal case perimeter, including all hardware, software, and firmware encapsulated within. The interfaces are all traces that cross the crypto graphic boundary. The primary purpose of the SSM is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1191 SanDisk Corporation
601 McCarthy Boulevard
Milpitas, CA 95035
USA

-Rotem Sela
TEL: +972-4-9078811
FAX: +972-4-9078777

CST Lab: NVLAP 200427-0

TrustedFlash v1.0 - microSD
(Hardware Versions: HermonS2TM 256MB, HermonS2TM 512MB, HermonS2TM 1GB and HermonS2TM 2GB; Firmware Version: v1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/21/2009;
11/20/2009
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #643); RNG (Cert. #366); RSA (Cert. #294); SHS (Cert. #678); Triple-DES (Cert. #595)

-Other algorithms: AES MAC (AES Cert. #643; non-compliant); DES; RNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"TrustedFlash™ v1.0 - microSD is SanDisk's proprietary TrustedFlash v1.0 security technology implemented on the microSD form factor which provides a platform for the implementation of an advance security technology that complies with FIPS 140-2 level 3 requirements. TrustedFlash provides authentication and data encryption that can be used with secured applications including e-commerce, protected digital content distribution and enabling users to play protected content, services and applications on authorized TrustedFlash-enabled devices, such as mobile phones, portable media players, etc."
1190 Raytheon Oakley Systems, Inc.
2755 E. Cottonwood Parkway
Suite 600
Salt Lake City, UT 84121
USA

-Mindy Gilbert
TEL: 801-733-1443
FAX: 801-944-5800

-Morgan Greenwood
TEL: 801-733-1433
FAX: 801-844-5800

CST Lab: NVLAP 200427-0

FIPS Linux Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/21/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v4 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #943); HMAC (Cert. #524); SHS (Cert. #919)

-Other algorithms: N/A

Multi-chip standalone

"The Raytheon Oakley Systems FIPS Linux Cryptographic Module is a software module providing cryptographic functionality for the Raytheon Oakley Systems InnerView insider threat product. InnerView is an enterprise monitoring, threat detection, and policy enforcement solution."
1189 Juniper Networks, Inc.
One Rogers St.
Sixth Floor
Cambridge, MA 02142
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Odyssey Security Component
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/28/2009;
12/11/2013
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP Professional SP2 running on a Dell Optiplex GX270; Microsoft Windows 2000 Professional SP3 running on a Dell Optiplex GX400

-FIPS Approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / User Mode is a user mode binary module for the Windows operating system."
1188 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 94002
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252 and AP1522 Wireless LAN Access Points
(Hardware Versions: AP1131 Revision S0, AP1142 Revision A0, AP1242 Revision P0, AP1252 Revision F0 and AP1522 Outdoor Mesh Revision L0; with FIPS Kit AIRLAP-FIPSKIT=, version B0; Firmware Versions: 5.2.157.0, 5.2.178.5, 5.2.193.0 and 5.2.193.11)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/20/2009;
11/20/2009;
07/02/2010;
07/30/2010;
09/17/2010;
08/22/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1005, #1006, #1007, #1008 and #1009); HMAC (Certs. #564, #565 and #566); RNG (Certs. #567, #568 and #569); RSA (Certs. #482, #483 and #484); SHS (Certs. #965, #966 and #967)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); RC4; MD5; HMAC MD5

Multi-chip standalone

"The Cisco Aironet Lightweight 1142, 1131, 1252, 1242, 1522 access points deliver the versatility, high capacity and enterprise class security required for small, medium and large Government indoor and outdoor wireless deployments. In FIPS 140-2 mode of operation, the Cisco APs support the LWAPP, MFP, IEEE 802.11i & IEEE 802.1x standards & AES for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security."
1187 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo
TEL: 954-888-6202
FAX: 954-888-6211

CST Lab: NVLAP 200002-0

Datacryptor® Gig Ethernet v1.0 and v1.1
(Hardware Version: 1600X409 v1.00; Firmware Versions: v1.0 and v1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/21/2009 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #454); DSA (Cert. #184); SHS (Cert. #517); RNG (Cert. #239)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Datacryptor® Gig Ethernet v1.0 and v1.1 are multi-chip standalone cryptographic modules. They secure communications using signed Diffie-Hellman key exchange and AES-256 encryption over Gigabit Ethernet networks. They provide data encryption over 1000baseX (802.3z) with supported media types of 1000BaseSX (short-haul fiber), 1000BaseLX (long-haul fiber) or 1000BaseCX (single twisted-pair copper). The units also provide integrated secure unit management capability employing the same techniques used for traffic encryption."
1186 Midland Radio Corporation
5900 Parretta Drive
Kansas City, MO 64120
USA

-David Kingsolver
TEL: 816-462-0421

CST Lab: NVLAP 200427-0

Syn-Tech III P25 Radio Series
(Hardware Versions: STP105B, STP404A, STP404B, STM1050B, STM1055B, STM1115B, STM4040A, STM4045A, STM4040B, STM4045B, STM4085A, STM4085B, SDT1090, SDT4080A and SDT4080B; Firmware Versions: Control Micro-Processor Boot Firmware Version: 1.00 Build:1080, Control Micro-Processor Firmware Version: MDV 1.01 Build:3320, Digital Signal Processor(DSP) Firmware Version: SPV 1.03 Build:0556;)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/21/2009 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #645); SHS (Cert. #916); HMAC (Cert. #521); DRBG (Cert. #5)

-Other algorithms: DES

Multi-chip standalone

"The Midland Syn-Tech III P25 radios provide Project 25 encrypted and clear voice, data and Short Message Service communications in accordance with the Project 25 Digital Land Mobile Radio standards suite. In addition, conventional analog radio voice communications are supported. It is a multi-chip standalone cryptographic module consisting of production grade components in accordance to FIPS 140-2 security level 1."
1185 RELM Wireless Corporation
7100 Technology Drive
West Melbourne, FL 32904
USA

-Jim Holthaus
TEL: 402-896-6406
FAX: 785-856-1302

CST Lab: NVLAP 100432-0

FIPSCOM Cryptographic Module
(Hardware Versions: P/N 7011-30967-000, Versions (011111, 071609 or 042009) [1] or (011211, 071709 or 042109) [2]; Firmware Versions: 0722-05072-000 [1] or 0722-05072-001 [2] (bootcodes) and 0722-05073-007 [011x11], 0722-05073-004 [071x09] or 0722-05073-003 [042x09] (application))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/21/2009;
10/16/2009;
05/11/2011
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #899); RSA (Cert. #139); SHS (Cert. #462)

-Other algorithms: DES; AES (AES Cert. #899, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip embedded

"The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
1184 Fortinet, Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-5050 and FortiGate-5140
(Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5140 (build C4GL51); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Version: FortiOS 3.0, build8931, 081110)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 09/21/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #490, #742 and #743); RNG (Cert. #530); AES (Certs. #476, #925 and #926); SHS (Certs. #544, #909 and #910); RSA (Cert. #449); HMAC (Certs. #233, #516 and #517)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1183

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Software 08/31/2009;
10/26/2010
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1182 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Suresh Subramanian
TEL: 408-346-5682
FAX: 408-346-3463

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-6050 and M-8000 (M-8000 P and M-8000 S)
(Hardware Versions: P/Ns M-6050 (IAP-M65K-ISA, IFO-M65K-ISA, IIP-M65K-ISA) V1.4 and M-8000 (IAP-M80K-ISA, IFO-M80K-ISA, IIP-M80K-ISA) V1.4; Firmware Version: 4.1.11.26)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Blowfish; DES; MD5; TACACS

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are IPS & IDS systems that protect network infrastructures & endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, & encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments & permits the customer to receive real-time network status updates & alerts, implement customized security policies & incident response plans, & perform forensic analysis of attacks."
1181 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.00.00 or R01.01.03] and [R01.00.00 (AES Cert. #819)])

(When operated in FIPS mode with firmware [R01.00.00 (AES Cert. #819)])

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009;
03/05/2010
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); DES; DES-XL; DVP-XL; ADP; LFSR

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1180 Security First Corp.
22362 Gilberto #130
Rancho Santa Margarita, CA 92688
USA

-Rick Orsini
TEL: 949-858-7525
FAX: 949-858-7092

CST Lab: NVLAP 100432-0

SecureParser®
(Hardware Version: P/N AC2020-S, Version 1.0; Software Version: 4.7.0; Firmware Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 08/31/2009 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Ubuntu 8; Windows 2003 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1017, #1027 and #1028); RNG (Cert. #584); RSA (Cert. #491); DSA (Cert. #346); SHS (Certs. #980 and #981); HMAC (Certs. #575 and #576); ECDSA (Cert. #123)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1027, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength)

Multi-chip standalone

"The SecureParser® is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
1179 SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131-2203
USA

-Tom Dickens
TEL: 408-392-4324
FAX: 408-392-0319

CST Lab: NVLAP 100432-0

Hydra PC FIPS File Encryption Module
(Hardware Versions: P/Ns 880070103F [1], 880070104F [2] and 880070105F [3], Versions 01.00.01 [1,2] and 01.00.02 [3]; Firmware Versions: 01.02.12 [1] and 01.02.13 [2,3])

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 08/31/2009;
10/30/2009;
04/09/2010
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #846, #850 and #858); SHS (Certs. #837 and #852); RNG (Cert. #486); DRBG (Cert. #3); ECDSA (Certs. #96 and #97)

-Other algorithms: EC-Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #846, key wrapping)

Multi-chip standalone

"The Hydra PC FIPS File Encryption Module is a multifunctional security device providing the U. S. Government's Suite B standard algorithms, including AES, ECC, and SHA-2. The Hydra PC FIPS File Encryption Module stores encrypted files on a replaceable miniSD/miniSDHC memory card for almost unlimited storage capacity. An exclusive authentication feature can limit the use of a Hydra PC FIPS File Encryption Module to a specifically designated enclave, preventing all external use even if the user knows the logon PIN. Comes with Microsoft Windows file interface."
1178 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® CA4
(Hardware Version: LTK-02-0501; Firmware Version: 4.6.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009;
05/17/2010
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #933); DSA (Cert. #331); ECDSA (Cert. #116); HMAC (Cert. #522); RNG (Cert. #534); RSA (Cert. #452); SHS (Cert. #917); Triple-DES (Cert. #747); Triple-DES MAC (Triple-DES Cert. #747, vendor affirmed)

-Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
1177 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCM
(Hardware Version: LTK-02-0501; Firmware Version: 4.6.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009;
05/17/2010
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #933); DSA (Cert. #331); ECDSA (Cert. #116); HMAC (Cert. #522); RNG (Cert. #534); RSA (Cert. #452); SHS (Cert. #917); Triple-DES (Cert. #747); Triple-DES MAC (Triple-DES Cert. #747, vendor affirmed)

-Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1176 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.6.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #510 and #934); DSA (Cert. #332); ECDSA (Cert. #117); HMAC (Cert. #523); RNG (Cert. #535); RSA (Cert. #453); SHS (Cert. #918); Triple-DES (Certs. #520 and #748); Triple-DES MAC (Triple-DES Certs. #520 and #748, vendor affirmed)

-Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1175

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/13/2009 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip embedded

1174 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

Atalla Cryptographic Subsystem (ACS)
(Hardware Version: P/N 545517-002; Firmware Version: Loader Version 1.02, PSMCU Version 7.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009;
09/19/2011
Overall Level: 4 

-FIPS Approved algorithms: AES (Cert. #406); RNG (Cert. #200); RSA (Cert. #531); SHS (Cert. #473)

-Other algorithms: N/A

Multi-chip embedded

"The Atalla Cryptographic Subsystem (ACS) is a multiple-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1173 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

SSG 520M and SSG 550M
(Hardware Versions: P/Ns SSG-520M (SSG 520M) and SSG-550M (SSG 550M); Firmware Version: ScreenOS 6.2.0r3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
01/28/2010;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #712); AES (Cert. #867); DSA (Cert. #315); RNG (Cert. #497); RSA (Cert. #418); SHS (Cert. #861); HMAC (Cert. #483); ECDSA (Cert. #104)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The SSG 500 Series consists of high-performance security platforms for regional branch office and medium-sized, standalone businesses that want to stop internal and external attacks, prevent unauthorized access and achieve regulatory compliance. The SSG 550/SSG 550M provides 1+ Gbps of stateful firewall performance and 500 Mbps of IPSec VPN performance, while the SSG 520/SSG 520M provides 650 Mbps of stateful firewall performance and 300 Mbps of IPSec VPN performance."
1172 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

SSG 320M and SSG 350M
(Hardware Versions: P/Ns SSG-320M (SSG 320M) and SSG-350M (SSG 350M); Firmware Version: ScreenOS 6.2.0r3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
01/28/2010;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #713); AES (Cert. #868); DSA (Cert. #316); RNG (Cert. #498); RSA (Cert. #419); SHS (Cert. #862); HMAC (Cert. #484); ECDSA (Cert. #105)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The SSG 300 Series comprises high-performance security platforms that help businesses stop internal and external attacks, prevent unauthorized access, and achieve regulatory compliance. The SSG 350M provides 500 Mbps of stateful firewall performance and 225 Mbps of IPSec VPN performance, while the SSG 320M provides 400 Mbps of stateful firewall performance and 175 Mbps of IPSec VPN performance."
1171 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

SSG 140
(Hardware Version: P/N SSG-140; Firmware Version: ScreenOS 6.2.0r3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
01/28/2010;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #714); AES (Cert. #869); DSA (Cert. #317); RNG (Cert. #499); RSA (Cert. #420); SHS (Cert. #863); HMAC (Cert. #485); ECDSA (Cert. #106)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The SSG 140 is a high-performance security platform for branch offices and small/medium sized standalone businesses that want to stop internal and external attacks, prevent unauthorized access, and achieve regulatory compliance. The SSG 140 is a modular platform that delivers more than 350 Mbps of stateful firewall traffic and 100 Mbps of IPSec VPN traffic."
1170 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

SSG 5 and SSG 20
(Hardware Versions: P/Ns SSG-5 (SSG 5) and SSG-20 (SSG 20); Firmware Version: ScreenOS 6.2.0r3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
01/28/2010;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #711 and #715); AES (Certs. #866 and #870); DSA (Certs. #314 and #318); RNG (Certs. #496 and #500); RSA (Certs. #417 and #421); SHS (Certs. #860 and #864); HMAC (Certs. #482 and #486); ECDSA (Certs. #103 and #107)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The SSG 5 and SSG 20 are high-performance security platforms for small branch office and standalone businesses that want to stop internal and external attacks, prevent unauthorized access and achieve regulatory compliance. Both the SSG 5 and SSG 20 deliver 160 Mbps of stateful firewall traffic and 40 Mbps of IPSec VPN traffic."
1169 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

NetScreen-ISG 1000 and NetScreen-ISG 2000
(Hardware Versions: P/Ns NS-ISG-1000 (NetScreen-ISG 1000) and NS-ISG-2000 (NetScreen-ISG 2000); Firmware Version: ScreenOS 6.2.0r3a)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
01/28/2010;
02/12/2010;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #709); AES (Cert. #864); DSA (Cert. #312); RNG (Cert. #494); RSA (Cert. #415); SHS (Cert. #858); HMAC (Cert. #480); ECDSA (Cert. #101)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks ISG 1000 and ISG 2000 are fully integrated firewall/VPN systems that provide multi-gigabit performance, modular architecture and rich virtualization capabilities. They provide an ideal solution for large enterprise, data center, and service provider networks. The ISG Series firewall/VPN-based systems deliver security features such as Intrusion Prevention System (IPS), anti-spam, Web filtering, and Internet Content Adaptation Protocol (ICAP) antivirus redirection support."
1168 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

NetScreen-5200 and NetScreen-5400
(Hardware Versions: P/Ns NS-5200/NS-5000-MGT2 (NetScreen-5200), NS-5200/NS-5000-MGT3 (NetScreen-5200), NS-5400/NS-5000-MGT2 (NetScreen-5400) and NS-5400/NS-5000-MGT3 (NetScreen-5400); Firmware Version: ScreenOS 6.2.0r3a)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
01/28/2010;
02/12/2010;
12/11/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #710); AES (Cert. #865); DSA (Cert. #313); RNG (Cert. #495); RSA (Cert. #416); SHS (Cert. #859); HMAC (Cert. #481); ECDSA (Cert. #102)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5

Multi-chip standalone

"The Juniper Networks NetScreen-5000 Series is a line of purpose built, high-performance security systems designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5000 Series consists of two products, the 2-slot NetScreen-5200 and the 4-slot NetScreen-5400. The NetScreen-5000 Series security systems integrate firewall, DoS and DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
1167 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.6.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/31/2009 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #510 and #934); DSA (Cert. #332); ECDSA (Cert. #117); HMAC (Cert. #523); RNG (Cert. #535); RSA (Cert. #453); SHS (Cert. #918); Triple-DES (Certs. #520 and #748); Triple-DES MAC (Triple-DES Certs. #520 and #748, vendor affirmed)

-Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1166 Accellion, Inc.
1900 Embarcadero Road, Suite 207
Palo Alto, CA 94303
USA

-Prateek Jain
TEL: 650-739-0095
FAX: 650-739-0561

CST Lab: NVLAP 100432-0

Secure File Transfer Appliance
(Hardware Version: P/N ACFIPS-01 Version 1.0.0; Firmware Versions: FTA_8_0_3, FTA_8_0_136 and FTA_8_0_488)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009;
10/02/2009;
12/08/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Certs. #843, #844 and #845); SHS (Certs. #835, #836 and #842); HMAC (Cert. #468); DSA (Cert. #307); Triple-DES (Cert. #771)

-Other algorithms: Triple-DES (Cert. #771, key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); AES (Cert. #845, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Blowfish; MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Accellion Secure File Transfer Appliance is a key component of Accellion's secure file transfer solution that enables enterprises an easy to use solution for securely transferring large files. It helps eliminate FTP servers and offload file attachments from email resulting in improved email performance and reduced email storage. Extensive tracking and reporting tools enable companies to demonstrate compliance with SOX, HIPAA, FDA, and GLB regulations. Accellion appliances provide the highest level of security and ease of use of any enterprise file transfer solution."
1165 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Bridge
(Hardware Versions: ES520V1, ES520V2 and ES300; Firmware Version: 5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 08/18/2009;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; Hardware RNG

Multi-chip standalone

"The Fortress Secure Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1164 Meru Networks
894 Ross Drive
Sunnyvale, CA 94089
USA

-Joe Epstein
TEL: 408-215-5300
FAX: 408-215-5301

CST Lab: NVLAP 100432-0

Meru Networks Security Gateway SG1000 Cryptographic Module
(Hardware Version: P/N MN-SG1000; Firmware Version: 1.0-27)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #720); AES (Certs. #903 and #904); SHS (Cert. #894); HMAC (Cert. #493); RSA (Cert. #440); RNG (Cert. #518); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength)

-Other algorithms: MD5; AES (Cert. #903, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant);

Multi-chip embedded

"The Meru Networks Security Gateway SG1000 Cryptographic Module is a high performance purpose built security solution for Wireless LAN deployments. The Meru Networks Security Gateway SG1000 Cryptographic Module provides a FIPS 140-2 Level 3 security solution conforming to the IEEE 802.11i security standards. The Meru Networks Security Gateway SG1000 Cryptographic Module is installed in a slot in the Meru Networks Security Gateway SG1000 appliance."
1163 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module for Luna® IS
(Hardware Version: VBD-03-0100; Firmware Versions: 5.2.5 and 5.2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2009 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #510, #910 and #913); Triple-DES (Certs. #520, #728 and #738); DSA (Certs. #320 and #326); RSA (Certs. #442, #444, #454 and #455); ECDSA (Certs. #110 and #112); SHS (Certs. #898 and #900); HMAC (Certs. #507 and #509); Triple-DES MAC (Triple DES Certs. #520, #728 and #738; vendor affirmed); RNG (Certs. #522 and #523)

-Other algorithms: AES MAC (AES Certs. #510, #910 and #913; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Luna® PCI for Luna® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
1162 Brocade Communications
1745 Technology Drive
San Jose, CA 95110
USA

-Greg Farris
TEL: 408-333-7315

CST Lab: NVLAP 100432-0

Brocade Encryption Switch/FS8-18 Cryptographic Module
(Hardware Versions: BES [P/Ns 60-1001079-01 Rev. B and C] and FS8-18 [P/Ns 60-1001078-01 Rev. B and C])

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/29/2009;
12/22/2009
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #596 and #851); AES GCM (AES Cert. #851, vendor affirmed); RNG (Cert. #358); HMAC (Cert. #346); SHS (Certs. #645 and #844); RSA (Certs. #337 and #407)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); ECC-CDH (non-compliant); AES (Cert. #596, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip embedded

"Cryptographic module for the Brocade Encryption Switch and FS8-18."
1161 Fortinet, Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-1000A and FortiGate-3600
(Hardware Versions: FortiGate 1000A (build C4WA49) and FortiGate 3600 (build C4KW75); Firmware Version: FortiOS 3.0, build8931, 081110)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/29/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #742, #743, #489 and #490); RNG (Cert. #530); AES (Certs. #925, #926, #475 and #476); SHS (Certs. #909, #910, #543 and #544); RSA (Cert. #449); HMAC (Certs. #516, #517, #232 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1160 Motorola, Inc.
1301 East Algonquin Rd.
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101
FAX: 847-538-2770

CST Lab: NVLAP 100432-0

KVL 3000 Plus
(Hardware Versions: P/N T6717A and T6717B; Firmware Versions: R03.52.45, R03.53.01 and R03.53.02)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/29/2009;
01/31/2011
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); SHS (Cert. #335); RNG (Cert. #121)

-Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; LFSR; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR)

Multi-chip standalone

"The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
1159 RSA, The Security Division of EMC
228 South Street
Hopkinton, MA 01748
USA

-Jeff Stone
TEL: 508-249-1189

-Nirav Mehta
TEL: 508-249-2964

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-Kernel
(Software Versions: 1.3.1 [1] and 1.3.1.1 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/29/2009;
08/20/2010;
09/07/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP2 (x86 Celeron) [1]; Windows Server 2003 SP2 (Itanium 2) [1]; Windows Server 2003 SP2 (x64 AMD Athlon X2) [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1105 [1] and #1415 [2]); HMAC (Certs. #617 [1] and #835 [2]); SHS (Certs. #1028 [1] and #1285 [2])

-Other algorithms: AES-XTS

Multi-chip standalone

"RSA BSAFE® Crypto-Kernel is a cryptographic library from RSA, The Security Division of EMC, to provide symmetric encryption, hashing, and message authentication code creation, in the operating system kernel. It provides Advanced Encryption Standard (AES) cipher, SHA-256 message digest, and HMAC capabilities."
1158 AirMagnet, Inc.
830 E. Arques Ave.
Sunnyvale, CA 94085
USA

-Tony Ho
TEL: 408-400-1255
FAX: 408-744-1250

CST Lab: NVLAP 200648-0

SmartEdge Sensor A5020, A5023, A5120 and A5123
(Hardware Versions: A5020, A5023, A5120 and A5123; Firmware Version: 8.5.0-12047)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/29/2009 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #331); Triple-DES (Cert. #395); SHS (Cert. #406); RSA (Cert. #111); RNG (Cert. #152); HMAC (Cert. #135)

-Other algorithms: RC4; RC2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); DES; Triple-DES (non-compliant); AES (non-compliant); IDEA; Blowfish; Twofish

Multi-chip standalone

"The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
1157 Oracle Corporation
500 Eldorado Blvd.
Bldg 5
Broomfield, CO 80021
USA

-David Hostetter
TEL: 303-272-7126

CST Lab: NVLAP 100432-0

Sun StorageTek™ T10000A Tape Drive
(Hardware Version: P/N 315462802; Firmware Versions: 1.40.108, 1.41.110 and 1.41.111)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/16/2009;
09/02/2009;
05/05/2010
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Certs. #495, #647, #941, #942 and #967); DRBG (Cert. #6); HMAC (Certs. #398 and #540); SHS (Certs. #736 and #937); RSA (Cert. #334)

-Other algorithms: AES (Cert. #941, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The Sun StorageTek™ T10000A tape drive provides 500 GB native capacity and 120 MB/sec throughput. The T10000A is designed for maximum security and performance in enterprise-level applications. It employs AES-256 encryption to protect and authenticate customer data while also using AES-256 to provide secure and authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Sun KMA 2.x to provide a secure end-to-end management solution."
1156 Oracle Corporation
500 Eldorado Blvd.
Bldg 5
Broomfield, CO 80021
USA

-David Hostetter
TEL: 303-272-7126

CST Lab: NVLAP 100432-0

Sun StorageTek™ T10000B Tape Drive
(Hardware Version: P/N 315488302; Firmware Versions: 1.40.208, 1.41.210 and 1.41.211)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/16/2009;
09/02/2009;
05/05/2010
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #495, #647, #941, #942 and #967); DRBG (Cert. #6); HMAC (Certs. #398 and #540); SHS (Certs. #736 and #937); RSA (Cert. #334)

-Other algorithms: AES (Cert. #941, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The Sun StorageTek™ T10000B tape drive provides 1 TB native capacity and 120 MB/sec throughput using the same media and with backward read compatibility to the T10000A. Designed for maximum security and performance, the T10000B provides AES-256 encryption to protect and authenticate customer data and to provide secure, authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Sun KMA 2.x to provide a secure end-to-end management solution."
1155 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3)
(Hardware Versions: 6506, 6509, 6506-E and 6509-E; Backplane chassis: Hardware Versions 1.1 (6506-E), 1.4 (6509-E), 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 5.7(SUP720-3B), 5.7 (SUP720-3BXL), 2.1 (SUP720-10GbE); IPSec VPN SPA; Hardware Version 1.0; Firmware Versions: Modular IOS 12.2(33)SXI and 12.2(33)SXI1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/16/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert #598); HMAC (Certs. #348 and #550); RNG (Certs. #356 and #554); SHS (Certs. #647 and #948); Triple-DES (Cert #569)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"The Catalyst 6500 series switches with the IPSec VPN SPA offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1154 Digi International, Inc.
11001 Bren Road East
Minnetonka, MN 55343
USA

-Brian O'Rourke
TEL: 952-912-3444
FAX: 952-912-4952

CST Lab: NVLAP 200648-0

Digi Passport 4 FIPS, 8 FIPS, 16 2 AC FIPS, 32 2 AC FIPS and 48 2 AC FIPS
(Hardware Version: Rev. 1.1 [1] or Rev. 1.1.1 [2]; Firmware Version: 1.2.0F [1] or 1.2.0.1F [1][2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/16/2009;
11/27/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #821); Triple-DES (Cert. #693); SHS (Cert. #819); RSA (Cert. #398); DSA (Cert. #301); RNG (Cert. #473); HMAC (Cert. #454)

-Other algorithms: RC4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES

Multi-chip standalone

"The latest entry in Digi's advanced console management line, the Digi Passport provides secure remote access to the console ports of computer systems and network equipment. In addition to conventional serial console connections, the Digi Passport connects to the service processors of the leading server vendors. It also provides SMASH extensions to each of these network-based access protocols."
1153 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3)
(Hardware Versions: 6506, 6509, 6506-E and 6509-E; Backplane chassis: Hardware Versions 1.1(6506-E), 1.4 (6509-E) and 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 5.7 (SUP720-3B), 5.7 (SUP720-3BXL) and 2.1 (SUP720-10GbE); IPSec VPN SPA: Hardware Version 1.0; Firmware Versions: IOS 12.2(33)SXI and IOS 12.2(33)SXI1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/01/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #598); HMAC (Certs. #348 and #549); RNG (Certs. #356 and #553); SHS (Certs. #647 and #947); Triple-DES (Cert. #569)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); MD5; HMAC-MD5; RSA (non-compliant)

Multi-chip standalone

"The Catalyst 6500 series switches with the VPN Services Port Adapter offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1152 IBM® Corporation
9032 S Rita Road
Tucson, AZ 85744
USA

-David L. Swanson
TEL: 520-799-5515

-Christine Knibloe
TEL: 520-799-5719

CST Lab: NVLAP 200427-0

IBM System Storage LTO Ultrium 4 Tape Drive
(Hardware Versions: 23R9539 (Fibre Channel), 23R9904 (SAS), and 95P4613 (SCSI); Firmware Versions: df080911bf_89Bb.FC.fips.ro (Fibre Channel), df080911bf_89Bb.SAS.fips.ro (SAS), and df080911bf_89Bb.SCSI.fips.ro (SCSI))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/01/2009 Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #918 and #919); AES GCM (Certs. #918 and #919, vendor affirmed); RNG (Cert. #527); RSA (Cert. #446); SHS (Cert. #906)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IBM LTO Ultrium 4 Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Three different host interface types of the LTO Ultrium 4 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
1151 Rajant Corporation
400 E. King Street
Malvern, PA 19355
USA

-Marty Lamb
TEL: 610-873-6788 x209

CST Lab: NVLAP 200416-0

BreadCrumb® ME2 1S2F
(Hardware Version: ME2 1S2F; Firmware Version: 10.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/01/2009 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #791 and #908); RSA (Cert. #378); SHS (Cert. #792); HMAC (Cert. #434); RNG (Cert. #455);

-Other algorithms: RC4; MD5; Diffie-Hellman; AES (Cert #791, key wrapping)

Multi-chip standalone

"The Rajant BreadCrumb® ME2 1S2F is a rugged wireless transmitter-receiver that forms a mesh network (using InstaMesh®) when used in conjunction with other BreadCrumb® devices. This portable wireless mesh network node supports an open-standard IEEE 802.11 b/g radio with up to two antennas to enable data, voice and video applications."
1150

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/22/2009;
12/11/2009;
05/03/2012
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip embedded

1149 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation S200/D200
(Hardware Versions: P/Ns D2-S200-S01, D2-S200-S02, D2-S200-S04, D2-S200-S08, D2-S200-S16, D2-D200-S01, D2-D200-S02, D2-D200-S04, D2-D200-S08, D2-D200-S16 and D2-D200-S32; Firmware Versions: 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.5, 2.0.6, 2.0.8 and 2.0.9)

(Files distributed with the module mounted within the CD Drive are excluded from the validation.)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2009;
08/28/2009;
10/02/2009;
11/20/2009;
12/22/2009;
03/26/2010;
08/02/2010;
10/26/2011;
04/24/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1034); RNG (Cert. #587); RSA (Cert. #494); SHS (Certs. #986 and #987); HMAC (Cert. #579)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IronKey Secure Flash Drive includes a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1148 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Unified Wireless IP Phone 7921G and 7925G
(Hardware Versions: 7921G and 7925G; Firmware Versions: 1.3(2), 1.4(1), 1.4(3) or 1.4(5))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2009;
05/28/2010;
02/09/2012;
02/23/2012;
01/24/2013;
10/25/2013
Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #987 and #988); HMAC (Certs. #555 and #556); RNG (Cert. #560); RSA (Cert. #475); SHS (Certs. #954 and #955); Triple-DES (Cert. #773)

-Other algorithms: HMAC MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"For workers who need to communicate while moving about the workplace or campus, the Cisco Unified Wireless IP Phone 7921G and 7925G provide wired phone capabilities in an easy-to-navigate, menu directed wireless phone. These phones can be programmed with six extensions or a combination of extensions and speed dials. Each have a 2-inch color display; speakerphone capabilities, a new combination charger and speakerphone stand. Additionally, the 7925G provides support for bluetooth headsets."
1147

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/18/2009 Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1146 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Version: 3.8.5.51)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 06/24/2009;
01/28/2010
Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry Storm 9500 with BlackBerry OS Version 4.7

-FIPS Approved algorithms: Triple-DES (Cert. #750); AES (Certs. #946 and #947); SHS (Cert. #921); HMAC (Cert. #526); RSA (Cert. #456); RNG (Cert. #536); ECDSA (Cert. #118)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1145 Oberthur Technologies
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christopher Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

Oberthur ID-One Cosmo 128 v5.5 for DoD CAC
(Hardware Version: B0; Firmware Versions: F310-067735 with ASC library package v2.6.2B.3, ACA applet package v2.6.2B.4, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.4, and SMA applet package v2.6.2B.3)

(PIV Card Application: Cert. #15)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2009;
08/02/2010;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #606); Triple-DES MAC (Triple-DES Cert. #606, vendor affirmed); RSA (Cert. #304); RNG (Cert. #377); CVL (Cert. #212)

-Other algorithms: RSA (key transport; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"This module is based on the Oberthur Dual Interface (ISO7816 & ISO14443) ID-One Cosmo family of Smart Cards that provide a secure Javacard platform with data storage and enhanced cryptographic processing capabilities specifically designed to fit the needs of government and enterprise personnel identification applications. This configuration runs ActivIdentity applet suite V 2.6.2B into its 144K EEPROM memory. The Applet Suite provides services for authentication, access control, generic container and PKI. It conforms to SP800-73-1 Transitional & End-Point Card Edge (for HSPD-12/PIV)."
1144 SCsquare Ltd.
2A Habarzel St.
Ramat Hahayal
Tel Aviv, 69710
Israel

-Yossi Fixman
TEL: +972-3-7657-331
FAX: +972-3-649-4975

CST Lab: NVLAP 200636-0

Apollo OS V4.03 on SLE66CX680PE m1534-a13
(Firmware Version 4.03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 06/24/2009 Overall Level: 3 

-Tested: SLE66CX680PE m1534-a13 smart card controller IC

-FIPS Approved algorithms: Triple-DES (Cert. #701); DSA (Cert. #306); SHS (Cert. #839); RNG (Cert.#483); RSA (Cert. #406); HMAC (Cert. #464)

-Other algorithms: ECDSA (non-compliant)

Single-chip

"Apollo OS V4.03 on SLE66CX680PE is a multi-purpose smart card utilizing an ISO 7816 file system. Apollo OS V4.03 is implemented as firmware in ROM of an Infineon SLE66CX680PE smart card controller IC."
1143 Mitsubishi Electric Corporation Kamakura Works
325 Kamimachiya
Kamakura, Kanagawa 247-8520
Japan

-Masanori Sato
TEL: +81-467-41-6640
FAX: +81-467-41-6975

-Koichiro Sasaki
TEL: +81-467-41-6670
FAX: +81-467-41-6975

CST Lab: NVLAP 200017-0

Command Encryption Module
(Firmware Version: 1.1)

(When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 06/24/2009 Overall Level: 2 

-EMI/EMC: Level 3

-Tested: HP Compaq DC 5100 Running Microsoft Windows 2000 SP4 and Zone Labs Zone Alarm Pro Firewall version 7.0.481.000

-FIPS Approved algorithms: Triple-DES (Cert. #759)

-Other algorithms: N/A

Multi-chip standalone

"Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
1142

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/03/2009 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1141 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco ASA 5505, 5510, 5520, 5540 and 5550 Security Appliances
(Hardware Versions: 5505, 5510, 5520, 5540, 5550, FIPS Kit (Cisco-FIPS-KIT=): Revision -B0 and ASA 5505 FIPS Kit (ASA5505-FIPSKIT=): Revision -A0; Firmware Versions: 8.0.4.16, 8.0.4.28, 8.0.5, 8.2.1 and 8.2.2.9)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/24/2009;
07/17/2009;
01/28/2010;
02/12/2010;
05/05/2010;
05/28/2010;
06/02/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #105, #564, #966 and #1258); HMAC (Certs. #125, #301, #539 and #735); RNG (Certs. #144, #329, #545 and #701); RSA (Certs. #106, #261, #467 and #604); SHS (Certs. #196, #630, #935 and #1153); Triple-DES (Certs. #217, #559, #760 and #897)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
1140 EF Johnson Technologies
1440 Corporate Drive
Irving, TX 75038-2401
USA

-John Oblak
TEL: 507-837-5116
FAX: 507-837-5120

CST Lab: NVLAP 100432-0

Johnson Encryption Machine 2 (JEM2)
(Hardware Version: 023-3900-183; Firmware Versions: 2.0 and 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/25/2009;
07/02/2010
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #917); SHS (Cert. #904); HMAC (Cert. #512); DSA (Cert. #328); RNG (Cert. #526)

-Other algorithms: AES (Cert. #917, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (AES Cert. #917, vendor affirmed; P25 AES OTAR); DES

Multi-chip standalone

"The EF Johnson Technologies Johnson Encryption Machine 2 (JEM2) is a cryptographic module meeting the FIPS140-2, Level 1 requirement. The JEM2 provides cryptographic operations to support Project 25 infrastructure. The JEM2 supports AES OTAR, AES, DSA, SHA-1, SHA-256, SHA-512, and HMAC FIPS Approved algorithms."
1139 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3271 High Performance Mobile Access Router Card (HMARC)
(Hardware Version: A0; Firmware Version: 12.4(15)T7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/28/2009;
05/28/2010;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #890 and #945); HMAC (Certs. #497 and #530); RNG (Cert. #511); RSA (Cert. #432); SHS (Certs. #881 and #920); Triple-DES (Certs. #727 and #749)

-Other algorithms: DES; DES-MAC; TDES-MAC (non-compliant); MD5; MD4; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Cisco 3271 Rugged ISR is a high-performance, ruggedized router designed to support multiple applications running concurrently over wired or wireless networks. With onboard hardware encryption, the Cisco 3271 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks."
1138 NitroSecurity Inc
230 Commerce Way
Portsmouth, NH 03801
USA

-Bill Virtue
TEL: 603-570-3936
FAX: 603-766-8169

CST Lab: NVLAP 200427-0

NitroView ESM/Receiver Cryptographic Module
(Hardware Version: NS-ESMRCV-2250-R; Software Versions: 8.0.0.20080605 and 8.2.0)

(When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/28/2009;
10/23/2009
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The NitroView ESM/Receiver is a multi-chip standalone cryptographic module consisting of production grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1137 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

ProtectServer Gold (PSG)
(Hardware Version: Revision B2 and B3 [1], B4 [2] or C [3]; Firmware Version: 2.07.00[2], 2.08.00 [1-3] or 3.00.03 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/22/2009;
07/24/2009;
03/28/2011;
11/08/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #921 and #1582); DSA (Certs. #329 and #488); ECDSA (Certs. #114 and #193); HMAC (Certs. #515 and #928); RNG (Certs. #529 and #851); RSA (Certs. #448 and #772); SHS (Certs. #908 and #1401); Triple-DES (Certs. #741 and #1038); Triple-DES MAC (Triple-DES Certs. #741 and #1038, vendor affirmed)

-Other algorithms: AES MAC (AES Certs. #921 and #1582; non-compliant); ARIA, and ARIA MAC; CAST 128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECIES; IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; SEED MAC

Multi-chip standalone

"The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
1136 Aladdin Knowledge Systems, Ltd.
35 Efal St.
Kiryat Arie, Petach Tikva Israel

-Chanan Lavi
TEL: 972-3-9781111
FAX: 972-3-9781010

CST Lab: NVLAP 100432-0

Aladdin eToken PRO (Java) HD and Aladdin eToken Anywhere HD
(Hardware Versions: P/N Aladdin eToken PRO (Java) HD Version 4.29 or 4.30 and Aladdin eToken Anywhere HD Version 4.33; Firmware Versions: 0106.7130.0207, 0106.8015.0508 or 0106.8015.0808 with Aladdin eToken v1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/22/2009;
07/02/2010;
10/26/2011
Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #681); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); SHS (Cert. #789)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"Aladdin eToken PRO (Java) HD offers strong authentication and guaranteed non-repudiation for sensitive applications such a eBanking, stock trading, eCommerce and financial transactions. Aladdin eToken PRO (Java) HD is based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and Global Platform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
1135 Aladdin Knowledge Systems, Ltd.
35 Efal St.
Kiryat Arie, Petach Tikva Israel

-Chanan Lavi
TEL: 972-3-9781111
FAX: 972-3-9781010

CST Lab: NVLAP 100432-0

Aladdin eToken PRO (Java), Aladdin eToken Anywhere and Aladdin eToken PRO (Java) SC
(Hardware Versions: P/Ns Aladdin eToken PRO (Java) Version 4.29 or 4.30, Aladdin eToken Anywhere Version 4.33 and Aladdin eToken PRO (Java) SC Versions 7 or 8; Firmware Versions: 0106.7130.0207, 0106.8015.0508 or 0106.8015.0808 with Aladdin eToken v1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/22/2009;
07/02/2010;
10/26/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #681); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); SHS (Cert. #789)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC offers strong authentication and guaranteed non-repudiation for sensitive applications such a eBanking, stock trading, eCommerce and financial transactions. Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC are based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and Global Platform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits incl"
1134 Mobile Armor, Inc.
400 South Woods Mill Road
Suite 300
St. Louis, MO 63017
USA

-Brian Wood
TEL: 443-468-1238

CST Lab: NVLAP 200427-0

Mobile Armor Cryptographic Module
(Software Version: 3.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/22/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista; Microsoft Windows Vista 64-bit; Red Hat Enterprise Linux 5.1; Red Hat Enterprise Linux 5.1 64-bit; Fedora Core 8; Fedora Core 8 64-bit; Ubuntu 7.10; Ubuntu 7.10 64-bit; Apple OS X 10.5; Windows Mobile 6 (single user mode)

-FIPS Approved algorithms: AES (Cert. #820); Triple-DES (Cert. #692); SHS (Cert. #818); HMAC (Cert. #453); RNG (Cert. #472)

-Other algorithms: N/A

Multi-chip standalone

"The Mobile Armor Cryptographic Module 3.0 is a multi-chip standalone software module running on a standard IBM compatible personal computer, an Intel-based Mac, or a mobile device. On the PC, the software module can execute within a Linux, Microsoft Windows or Mac OS X operating system; while on a mobile device the module can be executed within a Windows Mobile Operating System."
1133 ViaSat UK Ltd.
Sanford Lane
Wareham, Dorset BH20 4DY
United Kingdom

-Tim D. Stone
TEL: +44 1929 55 44 00
FAX: +44 01929 55 25 25

CST Lab: NVLAP 200556-0

FlagStone Core
(Hardware Versions: V2.0.1.1, V2.0.1.2, V2.0.1.3, V2.0.2.1, V2.0.2.2, V2.0.2.3, V2.0.3.3, V2.0.3.4, V2.0.5.3 and V2.0.5.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/22/2009;
06/01/2009;
01/06/2010;
06/21/2011;
07/27/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #922 and #923); RNG (Cert. #531)

-Other algorithms: N/A

Multi-chip embedded

"The FlagStone Core is a multi-chip embedded cryptographic module used within the Eclypt and the Eclypt Freedom Drives. The FlagStone Core, and subsequently the Eclypt and Eclypt Freedom Drives utilising the FlagStone Core, provide access control and data encryption services to protect access to data stored on a HDD (Hard Disk Drive). All accessible sectors on a HDD connected to a FlagStone Core are encrypted."
1132 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Mike Siegel
TEL: 888-847-8766

CST Lab: NVLAP 100432-0

McAfee Endpoint Encryption for Files and Folders
(Software Versions: 3.1.1.7 and 3.1.2.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/22/2009;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista 32; Microsoft Windows Vista 64; Microsoft Windows XP Professional (single-user mode)

-FIPS Approved algorithms: AES (Cert. #891); DSA (Cert. #323); RNG (Cert. #512); SHS (Cert. #884)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RC5; AES (non-compliant)

Multi-chip standalone

"McAfee Endpoint Encryption for Files and Folders is a user transparent and high performing client software for encryption of files and folders on local drives, network shares, removable media and CD/DVD. E-mail attachments may also be encrypted for both internal and external recipients. In addition, the centralized McAfee Endpoint Encryption management system provides flexible and powerful management of encryption policies and keys, robust recovery tools, policy enforcement and remote deployment."
1131 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Mike Siegel
TEL: 888-847-8766

CST Lab: NVLAP 100432-0

McAfee Endpoint Encryption for PCs
(Software Versions: 5.1.6, 5.1.7 and 5.1.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/22/2009;
07/24/2009;
02/12/2010;
03/28/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista 64; Microsoft Windows Vista 32; Microsoft Windows XP Professional (single-user mode)

-FIPS Approved algorithms: AES (Cert. #893); DSA (Cert. #325); RNG (Cert. #514); SHS (Cert. #886)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"McAfee Endpoint Encryption for PC is a high performance software solution that provides sector-level encryption of a PC's hard drive in a manner that is totally transparent to the user. In addition, the centralized McAfee Endpoint Encryption management system provides robust recovery tools, administration, and implementation."
1130 CommVault Systems, Inc.
2 Crescent Place
Oceanport, NJ 07757
USA

-Zahid Ilkal, Product Manager
TEL: 732-870-4812
FAX: 732-870-4525

CST Lab: NVLAP 200017-0

CommVault Crypto Library
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 05/12/2009;
05/17/2013
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Intel Core2 Duo w/ Microsoft Windows 2003; Intel Core2 Duo w/ Redhat Linux 5.0; UltraSPARC II w/ Sun Solaris 10 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #700); AES (Cert. #847); SHS (Cert. #838); HMAC (Cert. #465); RSA (Cert. #405); RNG (Cert. #482)

-Other algorithms: DES; Blowfish; Serpent; Twofish; MD5; HMAC-MD5

Multi-chip standalone

"CommVault Crypto Library (CVCL) is a cryptographic software module used in various products by CommVault Systems, Inc. The module provides a collection of FIPS Approved and Non-FIPS Approved cryptographic services for key generation, symmetric and asymmetric encryption, hash, HMAC and signature generation/verification."
1129 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200427-0

Fortress Secure Client
(Software Version: 4.1.1 Build 4278X)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/06/2009;
03/26/2010;
05/17/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP 4, Windows XP Professional SP 2, Windows 2003 Server SP2, Windows Vista Ultimate Edition (single-user mode)

-FIPS Approved algorithms: AES (Cert. #975); HMAC (Cert. #547); RNG (Cert. #552); SHS (Cert. #944); Triple-DES (Cert. #768)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; RSA (non-compliant)

Multi-chip standalone

"The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
1128 NeoScale Systems, Inc.
1655 McCarthy Blvd
Milpitas, CA 95035
USA

-Marcus Streets
TEL: 011-44-1223-723613
FAX: 011-44-1223-723601

CST Lab: NVLAP 200017-0

CryptoStor Tape FC702R and FC704R
(Hardware Versions: FC702R - P/N FA00005-00, Rev 6 and FC704R - P/N FA00006-00 Rev 8; Firmware Version: 2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/12/2009;
01/01/2014
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #275 and #516); AES (Certs. #173 and #506); SHS (Certs. #258 and #577); HMAC (Certs. #39 and #259); RNG (Cert. #285)

-Other algorithms: RSA (Cert. #221; non-compliant)

Multi-chip standalone

"NeoScale CryptoStor Tape is a family of readily deployable, high-speed tape security appliances that compress, encrypt and digitally sign data as it goes to tape media or virtual tape without disrupting backup processes. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery. Used in conjunction with the NeoScale CryptoStor KeyVault key management system, CryptoStor Tape provides an automated, secure and open key sharing capability between locations, businesses or applications."
1127 NeoScale Systems, Inc.
1655 McCarthy Blvd.
Milpitas, CA 95035
USA

-Marcus Streets
TEL: 011-44-1223-723613
FAX: 011-44-1223-723601

CST Lab: NVLAP 200017-0

CryptoStor Tape SC702R
(Hardware Version: P/N FAS00004-00 Rev 6; Firmware Version: 2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/12/2009;
01/01/2014
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #275 and #516); AES (Certs. #173 and #506); SHS (Certs. #258 and #577); HMAC (Certs. #39 and #259); RNG (Cert. #285)

-Other algorithms: RSA (Cert. #221; non-compliant)

Multi-chip standalone

"NeoScale CryptoStor Tape is a family of readily deployable, high-speed tape security appliances that compress, encrypt and digitally sign data as it goes to tape media or virtual tape without disrupting backup processes. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery. Used in conjunction with the NeoScale CryptoStor KeyVault key management system, CryptoStor Tape provides an automated, secure and open key sharing capability between locations, businesses or applications."
1126 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-5050 Chassis with FortiGate-5001A-DW Blade
(Hardware Versions: FortiGate-5001A-DW (P4CJ36), ADM-XB2 (AMC28F), ADM-FB8 (P4FB78) and FG-5050 (C4QP38); Firmware Version: FortiOS 3.00, build8864,080819)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/12/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); AES (Certs. #612, #613 and #614); SHS (Certs. #660, #661 and #662); RSA (Certs. #284 and #285); HMAC (Certs. #315, #316 and #317)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1125 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Secure Bridge
(Hardware Versions: ES520V1 and ES520V2; Firmware Version: 5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/14/2009;
03/26/2010;
05/17/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5

Multi-chip standalone

"The Fortress Secure Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1124 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Mike Siegel
TEL: 888-847-8766

CST Lab: NVLAP 100432-0

McAfee Endpoint Encryption for Mobile
(Software Versions: 2.3.0.5 and 2.4.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/01/2009;
07/24/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Mobile 5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #892); DSA (Cert. #324); RNG (Cert. #513); SHS (Cert. #885)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"McAfee Endpoint Encryption for Mobile is a security system for smart phones and pocket PCs that prevents the data stored on such devices from being read or used by an unauthorized person. In simple terms, McAfee Endpoint Encryption for Mobile takes control of a user's data away from the operating system."
1123 Mobile Armor, Inc.
400 South Woods Mill Rd.
Suite 300
Chesterfield, MO 63017
USA

-Brian Wood
TEL: 314-590-0900
FAX: 314-590-0995

CST Lab: NVLAP 200427-0

Mobile Armor Cryptographic Module 3.5
(Software Version: 3.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/24/2009 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows XP Professional SP2 running on Dell Optiplex GX270; Windows 2000 Professional SP3 running on Dell Optiplex GX400; Windows Server 2003 SP1 running on Dell Optiplex GX270; Red Hat Enterprise Linux Version 5 running on IBM System x3455; SUSE Linux Enterprise Server 10 SP1 running on IBM System x3455

-FIPS Approved algorithms: AES (Cert. #920); HMAC (Cert. #514); RNG (Cert. #528); SHS (Cert. #907); Triple-DES (Cert. #740)

-Other algorithms: DES

Multi-chip standalone

"The Mobile Armor Cryptographic Module provides the core cryptographic functionality of Mobile Armor's Enterprise Mobile Data Security products which provide enterprise-level data encryption and device management."
1122 Kanguru Solutions
1360 Main St.
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200648-0

Kanguru Biolock
(Software Version: 1.0.1.8)

(This module contains the embedded module Crypto++ validated to FIPS 140-2 under Cert. #819 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/14/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #499); SHS (Cert. #569); HMAC (Cert. #253); RNG (Cert. #279); DSA (Cert. #206); Triple-DES (Cert. #512 )

-Other algorithms: N/A

Multi-chip standalone

"Kanguru Solutions is the leader in portable secure storage devices. Kanguru Biolock addresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
1121 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484-8000
USA

-Douglas Clark
TEL: 203-924-3206
FAX: 203-924-3406

CST Lab: NVLAP 100432-0

Cygnus X-2 Postal Security Device
(Hardware Versions: 1MEC BBC/BAJ (Canada), 1MES BBC/BAJ (Canada), 1MCT BBC/BAJ (Canada), 1MET BBC/BAJ (Canada), 1M00 BBC/BAJ (US) and 1M05 BBC/BAJ (US))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/14/2009 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: ECDSA (Cert. #48); DSA (Cert. #200); SHS (Cert. #562); Triple-DES (Cert. #503); Triple-DES MAC (Triple-DES Cert. #503, vendor affirmed); RNG (Cert. #272); HMAC (Cert. #246)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1120 TecSec, Atmel, CPI Card Group, and Athena Smartcard
1048 Dead Run Drive
McLean, VA 22101-2121
USA

-Ron Parsons
TEL: 301-639-5510
FAX: 703-506-1484

CST Lab: NVLAP 100432-0

TecSec PIV Eagle Card - Contact
(Hardware Version: P/N Atmel AT90SC144144CT Revision G; Software Version: P/N TecSec Contact PIV Applet Version 1.01 JCT; Firmware Version: P/N Athena IDProtect XL Version 010A.7204.0004)

(PIV Card Application: Cert. #11)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2009;
02/06/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-Cryptographic Key Management: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #592); Triple-DES MAC (Triple-DES Cert. #592, vendor affirmed); AES (Cert. #639); SHS (Cert. #674); RNG (Cert. #364); RSA (Cert. #292); CVL (Cert. #209)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"The TecSec PIV Eagle Card - Contact cryptographic module provides data security for government and enterprise personnel identification. The primary purpose of this device is to enable the creation of a dual-chip PIV smart card as described in [FIPS201] that is fully compliant with the end-point service specified in SP800-73-1. The CM contains two Java Card applets implementing the PIV functionality (the Software) running on a GlobalPlatform Java Card operating system (the Firmware). The CM is physically connected to a smart card contact plate as defined in [7816-1] and [7816-2]."
1119 LiteScape Technologies, Inc.
1000 Bridge Parkway, Suite 200
Redwood Shores, CA 94065
USA

-Kayvan Alikhani

CST Lab: NVLAP 200427-0

LiteScape SPAR
(Hardware Version: 021013A; Firmware Version: 1.0.7, Bootloader: v52b4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2009 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #822); HMAC (Certs. #455, #456 and #457); SHS (Certs. #820, #821 and #822)

-Other algorithms: N/A

Multi-chip standalone

"SPAR (Secure Personal Authentication Reader) is a multi-factor authentication device that provides RFID, Biometric and Magnetic-card interfaces. Using the SPAR at the edge of VOIP networks when coupled with devices such as IP phone terminals dramatically increases the security, validation and personalization process for business applications."
1118 TecSec, Atmel, CPI Card Group, and Athena Smartcard
1048 Dead Run Drive
McLean, VA 22101-2121
USA

-Ron Parsons
TEL: 301-639-5510
FAX: 703-506-1484

CST Lab: NVLAP 100432-0

TecSec PIV Eagle Card - Contactless
(Hardware Version: P/N Atmel AT90SC12872RCFT Revision M; Software Version: P/N TecSec Contactless PIV Applet Version 1.0 JCL; Firmware Version: P/N Athena ID Protect Duo Version 0107.7099.0105)

(PIV Card Application: Cert. #11)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2009;
02/06/2014
Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); SHS (Cert. #680); RNG (Cert. #368); RSA (Cert. #296); CVL (Cert. #210)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"TecSec PIV Eagle Card - Contactless is a cryptographic module that may be configured as a contact or contactless PIV application. With this unique solution, a dual-chip product can be created without changing the user experience that assures the information stored on the contact chip is not compromised through the contactless interface. The CM is based on the Athena OS755 Java Card smart card operating system that is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 2 (Level 4 for physical security)."
1117 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886-3-424-4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200017-0

HiKey - Flash and HiKey PKI Token
(Hardware Versions: 1.5 and 1.8; Software Version: Card OS version 3.1 with GINA Applet: 1.0, PKI Applet: 2.0, FISC II Applet: 1.2; Firmware Version: 1.25)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/07/2009;
11/17/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: RSA (Cert. #434); Triple-DES (Cert. #732); SHS (Cert. #889); RNG (Cert. #515); HMAC (Cert. #501); Triple-DES MAC (Triple-DES Cert. #732, vendor affirmed); AES (Cert. #896);

-Other algorithms: AES MAC (AES Cert. #896; non-compliant)

Multi-chip standalone

"The HiKey Flash and HiKey PKI Token modules are multi-chip standalone implementations of a cryptographic module. The Hikey - Flash and HiKey PKI Token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HiKey - Flash and HiKey PKI Token cryptographic modules contain an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart cards."
1116 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-65, AP-70 and AP-85 Wireless Access Points
(Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 or AP-85TX-F1 Rev. 01; Firmware Versions: ArubaOS 3.3.2.18-FIPS, ArubaOS 3.3.2.19-FIPS, ArubaOS 3.3.2.20-FIPS, ArubaOS 3.3.2.21-FIPS, ArubaOS 3.4.2.3-FIPS, ArubaOS 3.4.4.0-FIPS or ArubaOS 3.4.5.1-FIPS)

(When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/03/2009;
05/18/2009;
07/24/2009;
12/10/2009;
02/12/2010;
05/05/2010;
10/25/2010;
01/31/2011;
03/14/2011;
07/19/2011;
02/06/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #895 and #900); HMAC (Certs. #500 and #503); RNG (Cert. #516); RSA (Certs. #433 and #436); SHS (Certs. #887, #888 and #892); Triple-DES (Certs. #731 and #734)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1115 Safend Ltd.
32 Habarzel Street
Tel Aviv, 69710
Israel

-Alon Barel
TEL: +972-3-644-2662 x225
FAX: +972-3-648-6146

CST Lab: NVLAP 200556-0

Safend Cryptographic Library
(Software Version: 3.3 or 3.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/03/2009;
05/18/2009;
07/05/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional (single-user mode)

-FIPS Approved algorithms: AES (Cert. #879); SHS (Cert. #870); HMAC (Cert. #492); RNG (Cert. #504)

-Other algorithms: DES; SHA-256 (Cert. #870; non-compliant)

Multi-chip standalone

"The Safend Cryptographic Library offers reliable, simple and tamper-proof endpoint monitoring, device identification, and blocking based on administrator-defined policies. Protects all local, physical communications ports including USB, Firewire and PCMCIA, wireless endpoints such as WiFi, Bluetooth and IrDA, and removable and physical storage devices such as CD/DVD-RWs and iPods."
1114 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086-5301
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-310B
(Hardware Version: C4ZF35; Firmware Version: FortiOS 3.00, build8864,080819)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/03/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #612, #613 and #614); Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); SHS (Certs. #660, #661 and #662); HMAC (Certs. #315, #316 and #317); RSA (Certs. #284 and #285)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1113 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-200A/200A-HD; FortiGate-300A/300A-HD; FortiGate-500A/500A-HD; FortiGate-800
(Hardware Versions: FortiGate-200/200A-HD (build C4AY89), FortiGate-300/300A-HD (build C4FK88), FortiGate-500/500A-HD (build C4BE21), FortiGate-800 (build C4UT39); Firmware Version: FortiOS 3.0, build8931, 081110)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/03/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #742, #743, #489 and #490); RNG (Cert. #530); AES (Certs. #925, #926, #475 and #476); SHS (Certs. #909, #910, #543 and #544); RSA (Cert. #449); HMAC (Certs. #516, #517, #232 and #233)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 -bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength; non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1112 Technical Communications Corporation
100 Domino Drive
Concord, MA 01742-2892
USA

-Fidel Camero
TEL: 978- 287-6303
FAX: 978-371-1280

CST Lab: NVLAP 200017-0

CipherTalk® 8000 Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/03/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Mobile 5.0; Windows Mobile 6.1; Windows XP Embedded with SP2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #848); SHS (Cert. #840); RNG (Cert. #484); HMAC (Cert. #466)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 149 bits of encryption strength); Twofish

Multi-chip standalone

"The CipherTalk® 8000 Cryptographic Module is an Operating System Agnostic cipher engine, encapsulating all the cryptographic functions for TCC's CipherTalk family of wireless products. Its functions include encryption and key exchange algorithms, authentication algorithms, and integrity and verification algorithms."
1111 Open Source Software Institute
3610 Pearl Street
Hattiesburg, MS 39401
USA

-Steve Marquess
TEL: 301-524-9915
FAX: 301-831-8447

CST Lab: NVLAP 200648-0

OpenSSL FIPS Runtime Module
(Software Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 04/03/2009;
05/28/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Fedora Linux 9; Microsoft Windows XP SP 2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #623 and #624); AES (Certs. #681 and #682); SHS (Certs. #711 and #712); HMAC (Certs. #362 and #363); RSA (Certs. #318 and #319); DSA (Certs. #257 and #258); RNG (Certs. #397 and 398)

-Other algorithms: DES; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL v0.9.8 product."
1110 Gesellschaft für sichere Mobile Kommunikation mbH
Marienstrasse 11
Berlin, 10117
Germany

-Bjoern Rupp
TEL: +49 700 2797 8835

-Frank Rieger
TEL: +49 700 2797 8835

CST Lab: NVLAP 200017-0

CryptoPhone Security Kernel
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/26/2009;
07/08/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Mobile 5.0; Windows Mobile 6.1; Windows XP Embedded with SP2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #849); SHS (Cert. #841); RNG (Cert. #485); HMAC (Cert. #467)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 149 bits of encryption strength); Twofish

Multi-chip standalone

"The CryptoPhone Security Kernel is a portable multi-platform cryptographic module that provides strong encryption, authentication, key exchange, message integrity verification, and secure memory abstraction services to GSMK CryptoPhone encryption products. All GSMK products come with full source code for independent review."
1109 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-120 Series Wireless Access Points
(Hardware Versions: AP-124-F1 Rev. 01and AP-125-F1 Rev. 01; Firmware Versions: ArubaOS 3.3.2.18-FIPS, ArubaOS 3.3.2.19-FIPS, ArubaOS 3.3.2.20-FIPS, ArubaOS 3.3.2.21-FIPS, ArubaOS 3.4.2.3-FIPS, ArubaOS 3.4.4.0-FIPS or ArubaOS 3.4.5.1-FIPS)

(When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/26/2009;
05/18/2009;
07/24/2009;
12/10/2009;
02/12/2010;
05/05/2010;
10/25/2010;
01/31/11;
03/14/2011;
07/19/2011;
02/06/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #861 and #900); HMAC (Certs. #478 and #503); RNG (Cert. #516); RSA (Certs. #435 and #436); SHS (Certs. #891, #856 and #892); Triple-DES (Certs. #708 and #734)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1108 Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.)
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200017-0

Secure Firewall (Sidewinder) 1100E
(Hardware Version: 1100; Firmware Version: 7.0.1.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/09/2009 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1107 Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.)
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200017-0

Secure Firewall (Sidewinder) 2150E
(Hardware Version: 2150; Firmware Version: 7.0.1.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/09/2009 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1106 Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.)
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200017-0

Secure Firewall (Sidewinder) 4150E
(Hardware Version: 4150; Firmware Version: 7.0.1.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/09/2009 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1105 AJA Video Systems, Inc.
443 Crown Point Circle
Grass Valley, CA 95945
USA

-Fred Dominikus
TEL: 530-274-2048
FAX: 530-274-9442

CST Lab: NVLAP 100432-0

JPG2K
(Hardware Versions: 102387-00, 102387-02 and 102387-03; Firmware Versions: 1.0, 1.5 and 1.6)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/26/2009;
01/06/2010;
10/13/2011
Overall Level: 3 

-FIPS Approved algorithms: RSA (Cert. #392)

-Other algorithms: N/A

Multi-chip embedded

"The JPG2K is a PCIe card that provides a platform for secure media processing."
1104 NitroSecurity Inc
230 Commerce Way
Portsmouth, NH 03801
USA

-Bill Virtue
TEL: 603-570-3936
FAX: 603-766-8169

CST Lab: NVLAP 200427-0

NitroView Receiver Cryptographic Module
(Hardware Version: NS-RCV-2250-R; Software Versions: 8.0.0.20080605 and 8.2.0)

(When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/26/2009;
10/23/2009
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The NitroView Receiver is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1103 NitroSecurity Inc
230 Commerce Way
Portsmouth, NH 03801
USA

-Bill Virtue
TEL: 603-570-3936
FAX: 603-766-8169

CST Lab: NVLAP 200427-0

NitroView ESM Cryptographic Module
(Hardware Versions: NS-ESM-4245-R, NS-ESMR-4200-R and NS-ESM-5750-R; Software Versions: 8.0.0.20080605 and 8.2.0)

(When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/26/2009;
10/23/2009
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The NitroView ESM is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1102 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

HP StorageWorks Secure Key Manager
(Hardware Version: P/N AJ087B, Version 1.1; Firmware Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/14/2009;
09/19/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #653); DSA (Cert. #244); HMAC (Cert. #470); RNG (Cert. #375); RSA (Cert. #302); SHS (Cert. #847); Triple-DES (Cert. #604)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); KAS (vendor affirmed, key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; MD5; RC4

Multi-chip standalone

"The HP Secure Key Manager automates encryption key generation and management based on security policies. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
1101 PGP Corporation, a division of Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-Vinnie Moscaritolo
TEL: 650-527-8000
FAX: 650-527-1984

CST Lab: NVLAP 200802-0

PGP Software Developer's Kit (SDK) Cryptographic Module
(Software Versions: 4.0.0 and 4.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/26/2009;
07/02/2010;
07/30/2010;
01/13/2011
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Mac OS X 10.6; Linux, 32-bit: CentOS 5.4 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #905, #906 and #907); AES (Certs. #1288, #1289 and #1290); RSA (Certs. #614, #615 and #616); DSA (Certs. #414, #415 and #416); SHS (Certs. #1182, #1183 and #1184); HMAC (Certs. #748, #749 and #750); RNG (Certs. #717, #718 and #719)

-Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD60; ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1100 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200427-0

Check Point Crypto Core
(Software Version: 1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/26/2009;
05/28/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Mobile 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #430); Triple-DES (Cert. #459); SHS (Cert. #499); RSA (Cert. #162); HMAC (Cert. #202); RNG (Cert. #222); Triple-DES MAC (Triple-DES Cert. #459; vendor-affirmed)

-Other algorithms: Blowfish; CAST-128; CAST-256; DES; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows Mobile 6. The module provides cryptographic services accessible user mode on the respective platforms through implementation of platform specific binaries."
1099 Gemalto
Austin Arboretum Plaza II 9442
Capital of Texas Hwy North
Suite 4
Austin, TX 78759
USA

-Pedro Martinez
TEL: 512-257-3871
FAX: 512-257-3881

CST Lab: NVLAP 100432-0

Gemalto .NET Smart Card
(Hardware Version: Infineon SLE 88CFX4000P; Firmware Versions: .Net Platform and Content Manager v2.2; FIPS Assembly v1.1; FIPS Access Manager v1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/10/2009;
03/19/2009
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #719); AES (Cert. #877); RNG (Cert. #503); RSA (Cert. #424); SHS (Cert. #869); HMAC (Cert. #491)

-Other algorithms: AES (key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"The Gemalto .NET v2.2 Smart Card Platform implements a subset of the .NET Framework with high end cryptographic capabilities, including Random Number Generation, on Board Key Generation, and encryption and hashing algorithms such as 3DES, AES, SHA, and 2048 bit RSA. The combination of advanced programmability provided by the .NET Framework and the high end security features make .NET v2.2 a perfect support for Enterprise and Government security solutions."
1098 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiGate-3016B, FortiGate-3600A and FortiGate-3810A-E4
(Hardware Versions: C4XA14, V3BU94 and C3GV75; Firmware Version: FortiOS 3.00, build8785, 080605)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/10/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #612, #613 and #614); Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); SHS (Certs. #660, #661 and #662); HMAC (Certs. #315, #316 and #317); RSA (Certs. #284 and #285)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1097 NitroSecurity Inc.
230 Commerce Way
Portsmouth, NH 03801
USA

-Bill Virtue
TEL: 603-570-3936
FAX: 603-766-8169

CST Lab: NVLAP 200427-0

NitroGuard IPS cryptographic module
(Hardware Versions: NS-IPS-620R-4C-B, NS-IPS-1220R-6C-B, NS-IPS-1220R-4C-2F-B, NS-IPS-620R-4C-BFS, NS-IPS-4245-R-4BTX, NS-IPS-4245-R-4BSX; Software Versions: 8.0.0.20080605 and 8.2.0)

(When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/03/2009;
10/23/2009
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The NitroGuard IPS is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device. The network interface cards do not contain any security-relevant functionality. They are within the cryptographic boundary but are excluded from the evaluation."
1096

CST Lab: NVLAP 200002-0


Validated to FIPS 140-2

Security Policy

Certificate

Firmware 02/24/2009;
04/03/2009
Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1095 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086-5301
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiWiFi-50B
(Hardware Version: C5WF27; Firmware Version: FortiOS 3.00, build8802,080626)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/03/2009 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #489, #583 and #584); AES (Certs. #475, #613; #614 and #758); SHS (Certs. #543, #661 and #662); HMAC (Certs. #232, #316 and #317); RSA (Cert. #285); RNG (Cert. #345)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5; DES

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1094 ERUCES, Inc.
11142 Thompson Ave.
Lenexa, KS 66219
USA

-Dr. Bassam Khulusi
TEL: 913-310-0888
FAX: 913-859-9797

-Oggy Vasic
TEL: 913-310-0888
FAX: 913-859-9797

CST Lab: NVLAP 200017-0

Tricryption Cryptographic Module
(Software Version: 7.0)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/03/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 R2; Red Hat Enterprise Linux 5 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #684); AES (Cert. #796); SHS (Cert.#795); HMAC (Cert. #437); RSA (Cert. #380); RNG (Cert. #457); ECDSA (Cert. #88)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Tricryption Cryptographic Module is a software library providing cryptographic services for ERUCES' Tricryption family of high volume encryption & key management products including key servers, file, database, executables encryption, and special services (anonymization, de-identification, & privacy protection)."
1093 Vertex Standard Co., Ltd.
4-8-8 Nakameguro
Meguro-Ku, Tokyo 153-8644
Japan

-Yukimasa Tomita
TEL: 81-3-5725-6112
FAX: 81-3-5725-6201

CST Lab: NVLAP 100432-0

Vertex Standard Cryptographic Module 001
(Hardware Version: P/N 013790D; Firmware Version: 71.72)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/03/2009 Overall Level: 1 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #813); SHS (Cert. #813)

-Other algorithms: DES; LFSR

Multi-chip embedded

"The Vertex Standard Cryptographic Module 001 (VSCM) is a cryptographic module (also processes digital data) that is to be incorporated into two-way digital radio products. These digital radios are for use in communication with other APCO Project 25 compatible devices."
1092 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Versions: 3.0.0.1 [1], 3.0.0.14 [2], 3.0.0.15 [3], 3.0.0.19 [4] and 3.0.0.21 [5])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/24/2009;
03/06/2009;
09/07/2010;
03/28/2011;
10/04/2011;
04/02/2012;
12/12/2012;
01/24/2013;
04/03/2014
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux AS 4.0 (x86 32-bit) with LSB 3.0.3 [1]; Windows Vista Ultimate (x86 32-bit) - Visual Studio 2005 SP1 /MD option [1]; Windows XP Professional SP2 (x86 32-bit) - Visual Studio 2005 SP1 /MT option [1]; Linux 2.6.28-rt16 PowerPC (32-bit) [2, 4]; NetBSD v2.0.3 (x86 32-bit) [3]; NetBSD v2.0.3 MIPS (RM7035c 32-bit) [3]; TimeSys Linux 2.6.2.33-rt (ARM 32-bit) [5]; TimeSys Linux 3.0.0-rt (ARM 32-bit) [5] (single user mode)

-FIPS Approved algorithms: AES (Certs. #860 [1], #1771 [2, 4], #1951 [3] and #2808 [5]); AES GCM (Certs. #860 [1], #1771 [2, 4], #1951 [3] and #2808 [5], vendor affirmed: SP 800-38D); DRBG (Certs. #4 [1], #122 [2, 4], #172 [3] and #480 [5]); DSA (Certs. #311 [1], #554 [2, 4], #623 [3] and #850 [5]); ECDSA (Certs. #98 [1], #100 [1], #239 [2, 4], #240 [2, 4], #281 [3], #282 [3], #491 [5] and #492 [5]); HMAC (Certs. #477 [1], #1040 [2, 4], #1177 [3] and #1759 [5]); RNG (Certs. #492 [1], #943 [2, 4], #1027 [3] and #1274 [5]); RSA (Certs. #412 [1], #887 [2, 4], #1012 [3] and #1470 [5]); SHS (Certs. #855 [1], #1555 [2, 4], #1713 [3] and #2356 [5]); Triple-DES (Certs. #707 [1], #1147 [2, 4], #1268 [3] and #1686 [5])

-Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1091 Kanguru Solutions
1360 Main St.
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200648-0

KanguruLock
(Software Version: 1.0.4.25)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/24/2009 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single user mode)

-FIPS Approved algorithms: AES (Cert. #243); SHS (Cert. #321); HMAC (Cert. #51); RNG (Cert. #78)

-Other algorithms: N/A

Multi-chip standalone

"Kanguru Solutions is the leader in portable secure storage devices. KanguruLockaddresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
1090 Proxim Wireless Corporation
1561 Buckeye Drive
Milpitas, CA 95035
USA

-Cor van de Water
TEL: 408-383-7626
FAX: 408-383-7680

-Kishore Gandham
TEL: 408-383-7665

CST Lab: NVLAP 200556-0

Tsunami MP.11 HS 245054_R, Tsunami MP.11 HS 245054_RC and Tsunami MP.11 HS 245054_S
(Hardware Version: 2.0.0; Firmware Version: 1.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/24/2009;
09/18/2009
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #794 and #830); Triple-DES (Cert. #695); SHS (Cert. #826); DSA (Cert. #302); RSA (Cert. #400); HMAC (Cert. #461); RNG (Cert. #477)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Proxim Tsunami MP.11 HS 245054_R, 245054_RC, and 245054_S wireless products offer fixed and mobile WiMAX capabilities to distribute wireless broadband access supporting video, voice, and data applications. In FIPS mode, the modules support proprietary WORP protocol for wireless transmission and serial, TLS, SSH, and SNMP for management."
1089 Motorola, Inc.
6480 Via Del Oro
San Jose, CA, CA 95119
USA

-Colin R. Cooper
TEL: 408-528-2871
FAX: 408-528-2903

CST Lab: NVLAP 200648-0

RFS7000 RF Switch
(Hardware Version: RFS7000; Firmware Versions: RFS7000-1.0.0.0-020GR and RFS7000-1.0.0.0-022GR)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 02/09/2009;
06/01/2009
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Designed for large scale, high bandwidth deployments, the RFS7000 Wireless Switch from Motorola provides robust, highly scalable support for seamless enterprise mobility. Motorola's Wi-NG architecture, optimized for enterprise mobility and multimedia applications, simplifies network deployment and management, provides superior performance, security and scalability, and supports emerging RF technologies. Built on this platform, the RFS7000 enables campus wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service (QoS) and increased voice capacity."
1088 Motorola, Inc.
6480 Via Del Oro
San Jose, CA, CA 95119
USA

-Colin R. Cooper
TEL: 408-528-2871
FAX: 408-528-2903

CST Lab: NVLAP 200648-0

WS5100 Wireless Switch
(Hardware Version: WS5100; Firmware Versions: WS5100-3.0.0.0-020GR and WS5100-3.0.0.0-022GR)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/09/2009;
06/01/2009
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #648 and #649); AES (Certs. #726, #727 and #772); SHS (Certs. #744 and #745); HMAC (Certs. #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The WS5100 Wireless Switch from Motorola provides enhanced support for enterprise mobility and multimedia applications, as well as security and manageability. Based on Motorola's Wi-NG (Wireless Next Generation) architecture, the WS5100 enables seamless campus-wide roaming, more robust failover capabilities, enhanced security, improved mobile client battery life, and increased voice capacity. Robust security features includes an IPSec VPN gateway, and secure guest access provisioning. The WS5100 supports 48 802.11 a/b/g Access Ports/Points for L2/L3 adoption and mobility."
1087 Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, NY 14534
USA

-Robert Pethick
TEL: 585-248-9720
FAX: 585-248-9185

CST Lab: NVLAP 100432-0

FIPS Key Generator
(Software Version: 2.1)

(When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode), (Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) or (Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #382 operating in FIPS mode)])

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/09/2009;
03/14/2012
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1; Windows 7; Windows Server 2008 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #327 and #1650); RNG (Certs. #149 and #882)

-Other algorithms: N/A

Multi-chip standalone

"The FIPS Key Generator module's primary purpose is to provide a cryptographically secure means for generating 128-bit AES keys to be used as Master Keys within Lenel's Communication Server module. The FIPS Key Generator module is part of the Lenel advanced access control and alarm monitoring system which is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, biometrics and smart card support, is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1086 Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, NY 14534
USA

-Robert Pethick
TEL: 585-248-9720
FAX: 585-248-9185

CST Lab: NVLAP 100432-0

Communication Server
(Software Versions: 5.11.216 + Hot Fix 2.0.3 and 5.12.012 + Hot Fix 2.0.3)

(When operated in FIPS mode with Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #382 operating in FIPS mode and FIPS Key Generator validated to FIPS 140-2 under Cert. #1087)

Validated to FIPS 140-2

Security Policy

Certificate

Software 02/09/2009 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #327); RNG (Cert. #149); RSA (Cert. #81); SHS (Cert. #364); RNG (vendor affirmed)

-Other algorithms: RC2

Multi-chip standalone

"The Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1085 Gemalto and ActivIdentity Inc.
Arboretum Plaza II
9442 Capital of Texas Highway North
Suite 400
Austin, TX 78759
USA

-James McLaughlin
TEL: 512-257-3954
FAX: 512-257-3881

-Stephane Ardiley
TEL: 510-745-6288
FAX: 510-745-0101

CST Lab: NVLAP 200427-0

SafesITe TOP DL GX4 - FIPS with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV
(Hardware Versions: A1005291 - CHIP.P5CD144.MPH051B, A1011108 - CHIP.P5CD144.MPH051B and A1047808 - CHIP.P5CD144.MPH051B; Firmware Version: GX4-FIPS EI08, Applet Versions: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.3, SMA applet package v2.6.2B.3)

(PIV Card Application: Cert. #14)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/03/2009;
02/23/2009;
02/24/2011;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #782); RNG (Cert. # 450); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed); CVL (Cert. #214)

-Other algorithms: N/A

Single-chip

"This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (128K EEPROM) memory, with a cryptographic applet suite V 2.6.2b developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container, PKI, One Time password and Secure Messaging (SMA). The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2"
1084 NetLib®
A Subsidiary of Communication Horizons, LLC
65 High Ridge Road
Suite 428
Stamford, CT 06905
USA

-Neil Weicher
TEL: 203-321-1278 x91

CST Lab: NVLAP 200416-0

NetLib® Encryptionizer® for SQL Server
(Software Version: 8.601.1)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 02/03/2009;
06/04/2009;
04/12/2011
Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Windows 2000 Server; Windows 2003 Server; Windows 2003 x64 Server (single user mode)

-FIPS Approved algorithms: AES (Cert. #857); SHS (Cert. #851); HMAC (Cert. #474)

-Other algorithms: N/A

Multi-chip standalone

"The NetLib® Encryptionizer® for SQL Server 8.601.1 provides encryption of data stored in MS SQL Server databases and backups. It can be deployed without programming and without adding any administrative overhead. The purpose of whole database encryption is to make a database unusable if it is stolen, copied, downloaded, lost, or otherwise improperly accessed."
1083 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Versions: 3.8.5.42[1], 3.8.5.48[1] and 3.8.5.50a[2])

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 01/22/2009;
01/30/2009;
02/24/2009
Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 9000 with BlackBerry OS Versions 4.6[1][2] and 4.6.1[2]

-FIPS Approved algorithms: Triple-DES (Certs. #717, #718 and #739); AES (Certs. #873, #874, #875, #876, #915 and #924); SHS (Certs. #867, #868 and #902); HMAC (Certs. #489, #490 and #511); RSA (Certs. #422, #423 and #445); RNG (Certs. #501, #502 and #525); ECDSA (Certs. #108, #109 and #113)

-Other algorithms: EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1082 Teletec Corporation
5617-107 Departure Drive
Raleigh, NC 27616
USA

-Diane Hunter
TEL: 919-954-7300
FAX: 919-954-7500

-Harry Taji
TEL: +962 65824941
FAX: +962 65844950

CST Lab: NVLAP 200427-0

"Guardian" Subscriber Encryption Module
(Hardware Version: R2; Firmware Versions: Main firmware: 1.00.02, Bootloader firmware: 1.00.01)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/22/2009 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #826); SHS (Cert. #825); HMAC (Cert. #460); RNG (Cert. #476)

-Other algorithms: N/A

Multi-chip embedded

""Guardian" Subscriber Encryption Module (SEM) is a multi-chip embedded cryptographic module intended to be installed in conventional FM radio equipment to provide digital level of encryption with 256-bit AES cipher. Key and configuration are loaded using programming cable and specific software executed on a generic Windows personal computer. Module supports secure update of internal firmware, providing a mean for future enhancements."
1081 IBM® Corporation
11400 Burnet Road
Austin, TX 78758
USA

-Tom Benjamin
TEL: 512-286-5319
FAX: 512-436-8009

CST Lab: NVLAP 200427-0

IBM Java JCE FIPS 140-2 Cryptographic Module
(Software Version: 1.3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/22/2009;
03/13/2009
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 using IBM JVM 1.6 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #805); DSA (Cert. #297); HMAC (Cert. #445); RNG (Cert. #463); RSA (Cert. #387); SHS (Cert. #803); Triple-DES (Cert. #687)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits and greater than 256 bits of encryption strength); MD5

Multi-chip standalone

"The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.6 level and higher."
1080 BigFix, Inc.
1480 64th St.
Suite 200
Emeryville, CA 94608
USA

-Noah Salzman
TEL: 510-740-0308
FAX: 510-652-6742

-Peter Loer
TEL: 510-740-5158
FAX: 510-652-6742

CST Lab: NVLAP 200017-0

BigFix Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 01/07/2009 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-Operational Environment: Tested as meeting Level 2 with AIX 5.2 running on IBM P610; HP-UX 11.11 running on HP C3000; SUSE Linux Enterprise Server 9 running on IBM eServer 325; Mac OS X 10.3.6 running on iMac G4; Red Hat Enterprise Linux 4 Update 2 Advanced Server running on HP XW4100 Pentium 4; Red Hat Enterprise Linux 4 Update 2 Advanced Server 64-bit running on HP ProLiant DL145 G2; Solaris 9 SPARC running on Sun Blade 150; Solaris 10 SPARC running on Sun Blade 150; Solaris 10 x86 running on Dell Precision 650; Windows 2000 Pro with SP3 running on Dell Optiplex GX400; Windows 2003 Enterprise Edition with SP1 running on Dell Optiplex GX270; Windows XP Pro with SP2 running on Dell Optiplex GX270

-FIPS Approved algorithms: Triple-DES (Cert. #688); AES (Cert. #806); DSA (Cert. #298); SHS (Cert. #804); HMAC (Cert. #446); RSA (Cert. #388); RNG (Cert. #464)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The BigFix Cryptographic Module 1.0 is a software library that runs on a wide variety of computing platforms and performs encryption, hashing, and random number generation functions."


Need Assistance?