CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 4/11/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
1475 Wind River Systems, Inc.
1500 Wind River Way
Alameda, CA 94501
USA

-Millind Kukanur
TEL: 510-749-2494

CST Lab: NVLAP 200658-0

Network Security Services (NSS)
(Software Version: 3.12.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 12/28/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with Wind River Linux Secure 1.0 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #949); AES (Cert. #1374); DSA (Cert. #450); ECDSA (Cert. #174); SHS (Cert. #1256); RSA (Cert. #673); DRBG (Cert. #49); HMAC (Cert. #807)

-Other algorithms: MD5; MD2; RC2; RC4; DES; SEED; Camellia; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 bits and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security standards."
1474 Check Point Software Technologies Ltd.
12007 Sunrise Valley Dr.
Suite 130
Reston, VA 20191
USA

-Malcolm Levy
TEL: 703-234-0100 x218

CST Lab: NVLAP 200002-0

Connectra
(Firmware Version: NGX R66.1 with hotfix 1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 12/28/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Connectra-1 3070 General Purpose Computer with Check Point SecurePlatform Operating System, version NGX R66.1 hotfix 1

-FIPS Approved algorithms: Triple-DES (Certs. #944 and #984); AES (Certs. #1369 and #1458); SHS (Certs. #1251 and #1319); HMAC (Certs. #802 and #855); RSA (Certs. #670 and #713); RNG (Cert. #756)

-Other algorithms: CAST 40 bit; CAST 128 bit; DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 202 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength)

Multi-chip standalone

"Check Point Connectra that unifies SSL VPN, IPSec VPN, and integrated intrusion prevention for secure connectivity for mobile and remote workers while protecting enterprise networks and endpoints from external threats. Connectra includes centralized management and DynamicID SMS authentication."
1473 Adara Networks, Inc.
2150 N. First Street
San Jose, CA 95131
USA

-Lillian Withrow
TEL: 408-433-4900
FAX: 408-456-0190

CST Lab: NVLAP 100432-0

OpenSSL NPX Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/28/2010 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with FreeBSD 8.0 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #942); AES (Cert. #1367); DSA (Cert. #447); SHS (Cert. #1248); RNG (Cert. #753); RSA (Cert. #667); HMAC (Cert. #801)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Adara Networks product is an open standards and open architecture based full stack router that provides high performance multipath routing capabilities, end to end QOS, data interoperability, virtualization web services, federation of databases, and a secure cloud computing platform for inter-enterprise collaborations. It can be visualized as a transparent performance overlay network which improves performance and provides innovative features and tightened security over a legacy network infrastructure."
1472 Enova Technology Corporation
1st Floor, No. 11, Research & Development 2nd Road, Science-based Industrial Park
Hsin Chu City, Taiwan 30076
Republic of China

-Robert Wann
TEL: +886 3 577 2767
FAX: +886 3 577 2770

CST Lab: NVLAP 100432-0

X-Wall MX-256C
(Hardware Version: X-Wall MX-256C; Firmware Version: 1.1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/28/2010 Overall Level: 1 

-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #250)

-Other algorithms: N/A

Single-chip

"The patented X-Wall MX-256C (MX-256C) ASIC is the 7th gen of Enova X-Wall real-time Full Disk Encryption technology. Engineered specifically to encrypt entire drive (MBR, FAT, and OS) at SATA wire speed (sustained AES 256-bit throughput of 120MB/sec). MX-256C, a SATA to SATA chip engineered to include the full SATA protocol stacks, is transparent to host/drive. Authentication is separated from the core design of the MX-256C and can be versatile which may include Smartcard, Pre-boot PIN, TPM or Fingerprint. The MX-256C contains no NVM. Therefore at each power on reset authentication is needed."
1471 Enova Technology Corporation
1st Floor, No. 11, Research & Development 2nd Road, Science-based Industrial Park
Hsin Chu, Taiwan 30076
Republic of China

-Robert Wann
TEL: +886 3 577 2767
FAX: +886 3 577 2770

CST Lab: NVLAP 100432-0

X-Wall MX-256
(Hardware Version: X-Wall MX-256; Firmware Version: 1.1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/28/2010 Overall Level: 1 

-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #60)

-Other algorithms: N/A

Single-chip

"The patented X-Wall MX-256 (MX-256) ASIC is the 7th gen of Enova X-Wall real-time Full Disk Encryption technology. Engineered specifically to encrypt entire drive (MBR, FAT, and OS) at SATA wire speed (sustained AES 256-bit throughput of 120MB/sec).MX-256, a SATA to SATA chip engineered to include the full SATA protocol stacks, is transparent to host/drive. Authentication is separated from the core design of the MX-256 and can be versatile which may include Smartcard, Pre-boot PIN, TPM or Fingerprint. The MX-256 contains no NVM. Therefore at each power on reset authentication is needed."
1470 IBM Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010
FAX: 845-433-7510

-James Sweeny
TEL: 845-435-7453
FAX: 845-435-8530

CST Lab: NVLAP 200658-0

IBM® z/OS® Version 1 Release 11 ICSF PKCS#11 Cryptographic Module
(Hardware Versions: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048); Software Versions: APAR OA32012 and APAR OA30951; Firmware Versions: CPACF (FC3863 w/ System Driver Level 77) and optional 4765-001 (e1ced7a0))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software-Hybrid 12/28/2010;
06/01/2011;
10/4/2011
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with IBM System z10® Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, optional Crypto Express3 Card (Accelerator (CEX3A))] [IBM System z10® Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (aka FC3863) includes FC3863 w/System Driver Level 77 and z/OS® V1R11]; (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1332 and #976); Triple-DES (Certs. #931 and #769); DSA (Cert. #437); ECDSA (Cert. #171); RSA (Certs. #644, #645 and #691); SHS (Certs. #946 and #1218); HMAC (Cert. #780); RNG (Cert. #734)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Triple-DES (non-compliant); DSA (non-compliant); HMAC (non-compliant); RC4; BLOWFISH; MD5; MD2; RIPE-MD; EC Brainpool

Multi-chip standalone

"The ICSF PKCS #11 module consists of software-based cryptographic algorithms, as well as symmetric and hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF) and RSA Hardware clear key modular math cryptography provided through the Crypto Express3 card (CEX3A). The RSA hardware support is accessed through auxiliary module CSFINPVT which acts as a pipe between ICSF PKCS #11 and the cryptographic cards."
1469 JVC KENWOOD Corporation
1-16-2, Hakusan, Midori-ku
Yokohama-shi, Kanagawa 226-8525
Japan

-Tamaki Shimamura
TEL: +81 45 939 6254
FAX: +81 45 939 7093

-Joe Watts
TEL: 678-474-4700
FAX: 678-474-4730

CST Lab: NVLAP 100432-0

Secure Cryptographic Module (SCM)
(Hardware Version: P/N KWD-AE20, Version 1.0.0; Firmware Version: A2.0.2 or A2.0.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/28/2010;
12/07/2011;
01/31/2012;
04/02/2012
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #831 and #832); SHS (Cert. #827)

-Other algorithms: DES; DES MAC; LFSR; AES MAC (AES Cert. #831, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption."
1468 SafeNet, Inc.
20 Colonnade Road
Suite 200
Nepean, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCI 7000 Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.8.1 or 4.8.2)

(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/28/2010;
02/10/2011;
12/03/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #510 and #1298); Triple-DES (Certs. #520 and #912); Triple-DES MAC (Triple-DES Certs. #520 and #912, vendor affirmed); SHS (Cert. #1190); DSA (Cert. #420); RSA (Cert. #620); ECDSA (Cert. #154); HMAC (Cert. #755); RNG (Cert. #723)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA X509; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; AES (Certs. #510 and #1298, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #912, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1467 Motorola, Inc.
One Motorola Plaza
Holtsville, NY 11742
USA

-Jay Greenrose
TEL: 631-738-3844
FAX: 631-738-4656

-Mariya Wright
TEL: 914-574-8189
FAX: 631-738-4656

CST Lab: NVLAP 200648-0

Motorola EMS Cryptographic Module
(Firmware Versions: DAABDS00-001-R00 and DAABGS00-001-R00)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 12/21/2010;
11/17/2011
Overall Level: 1 

-Tested: DS6878 with Micrium OS II V2.85; CR0078 with Micrium OS II V2.85; STB2078 with Micrium OS II V2.85; DS3578 with Micrium OS II V2.85; STB3578-CF007WR with Micrium OS II V2.85; FLB3578-CF007WR with Micrium OS II V2.85

-FIPS Approved algorithms: AES (Certs. #1395 and #1397); SHS (Certs. #1266 and #1268); HMAC (Certs. #819 and #821)

-Other algorithms: N/A

Multi-chip standalone

"The Motorola EMS Cryptographic Module provides FIPS 140-2 Level 1 certified encryption and security practices to protect data sensitive transmission between the Motorola Embedded deices which include cordless scanners, cradles and terminals."
1466 Motorola, Inc.
One Motorola Plaza
Holtsville, NY 11742
USA

-Jay Greenrose
TEL: 631-738-3844
FAX: 631-738-4656

-Mariya Wright
TEL: 914-574-8189
FAX: 631-738-4656

CST Lab: NVLAP 200648-0

Motorola EMS Cryptographic Module
(Software Versions: DAABES00-001-R00 and DAABFS00-001-R00)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/21/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with MC9596 with Windows Mobile 6.5; MT2070 with Windows CE 5.0; MT2090 with Windows CE 5.0 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1398 and #1396); SHS (Certs. #1267 and #1269); HMAC (Certs. #820 and #822); RNG (Certs. #764 and #765)

-Other algorithms: N/A

Multi-chip standalone

"The Motorola EMS Cryptographic Module provides FIPS 140-2 Level 1 certified encryption and security practices to protect data sensitive transmission between the Motorola Embedded deices which include cordless scanners, cradles and terminals."
1465 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 4000 PIKE
(Hardware Version: P/N 5175330H04; Firmware Version: R01.00.00)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/21/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1401); ECDSA (FIPS 186-3, vendor affirmed); SHS (Cert. 1272); RNG (Cert. #768)

-Other algorithms: AES MAC (AES Cert. #1401, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1401, key wrapping); DES; DES-XL; DVP-XL; DVI-XL; ADP

Single-chip

"The KVL 4000 PIKE provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1464 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 4000 PIKE
(Hardware Version: P/N 5175330H04; Firmware Version: R01.00.00)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 12/21/2010 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1401); ECDSA (FIPS 186-3, vendor affirmed); SHS (Cert. 1272); RNG (Cert. #768)

-Other algorithms: AES MAC (AES Cert. #1401, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1401, key wrapping); DES; DES-XL; DVP-XL; DVI-XL; ADP

Single-chip

"The KVL 4000 PIKE provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1463 Symantec Corporation
350 Ellis St, PO Box 7011
Mountain View, CA 94043
USA

-Rama Vissapragada
TEL: 650-527-0217
FAX: 650-527-1984

CST Lab: NVLAP 100432-0

Encryption Plus Cryptographic Library
(Software Version: 1.0.5)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/21/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Mac OS X (32-bit and 64-bit); Windows 7 (32-bit and 64-bit); Windows Vista (32-bit and 64-bit); Windows XP (32-bit and 64-bit); Windows Server 2008 (32-bit and 64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1420); HMAC (Cert. #838); SHS (Cert. #1288); RNG (Cert. #777)

-Other algorithms: N/A

Multi-chip standalone

"The Encryption Plus Cryptographic Library (EPCL) provides cryptographic services to the Symantec Corporation for Symantec, GuardianEdge, Encryption Anywhere, and Encryption Plus families of data protection products."
1462 Adara Networks, Inc.
2150 N. First Street
San Jose, CA 95131
USA

-Lillian Withrow
TEL: 408-433-4900
FAX: 408-456-0190

CST Lab: NVLAP 100432-0

Kernel NPX Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 12/21/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with FreeBSD 8.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1410); HMAC (Cert. #831); SHS (Cert. #1280); Triple-DES (Cert. #963)

-Other algorithms: N/A

Multi-chip standalone

"The Adara Networks product is an open standards and open architecture based full stack router that provides high performance multipath routing capabilities, end to end QOS, data interoperability, virtualization web services, federation of databases and a secure cloud computing platform for inter-enterprise collaborations. It can be visualized as a transparent performance overlay network which improves performance and provides innovative features and tightened security over a legacy network infrastructure."
1461 Neopost Technologies
113 rue Jean-Marin Naudin
Bagneaux, 92220
France

-Patrick Blanluet
TEL: 33 1 45 36 30 00
FAX: 33 1 45 36 30 10

CST Lab: NVLAP 100432-0

NETSET2 PSD
(Hardware Version: P/N 4129955LD or P/N 4150859LB; Firmware Version: P/N 4149085NA Version 22.19)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 12/09/2010;
07/05/2011
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #563); SHS (Cert. #629); RNG (Cert. #328); RSA (Cert. #260); HMAC (Cert. #300)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength; non-compliant)

Multi-chip embedded

"Neopost PSD (Postal Secure Device) for Middle to High Range Franking Machines."
1460 IBM Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, GA 30328
USA

-Scott Sinsel
TEL: 404-236-2722
FAX: 404-236-2632

CST Lab: NVLAP 200416-0

Proventia GX Series Security Appliances
(Hardware Versions: GX4004, GX5008, GX5108, GX5208 and GX6116; Firmware Version: 3.1, 4.1 or 4.3)

(With Firmware Version 3.1, 4.1 or 4.3 and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/29/2010;
12/07/2011;
04/02/2012;
04/24/2012;
02/14/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1182, #1183 and #1184); HMAC (Certs. #682, #683 and #684); RNG (Certs. #653, #654 and #655); RSA (Certs. #563, #564 and #565); SHS (Certs. #1091, #1092 and #1093)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"The IBM Proventia Network Intrusion Prevention System (IPS) stops Internet threats before they impact your business and delivers protection to all three layers of the network: core, perimeter and remote segments. Preemptive protection, or protection that works ahead of the threat, is available from IBM Internet Security Systems through its proprietary combination of line-speed performance, security intelligence and a modular protection engine that enables security convergence."
1459 Morpho - e-Documents Division 
11, Boulevard Galliéni 
Issy Les Moulineaux, 92130
France

-M. Maximilien N’GUYEN 
TEL: +33 (0)1 58 11 88 37 
FAX: +33 (0)1 58 11 89 93 

CST Lab: NVLAP 100432-0

ypsID
(Hardware Version: P/N AT90SC25672RCT-USB; Firmware Version: 01029069 - FFFFFFF or 020000202 - FFFFFFF)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/29/2010;
04/06/2011;
07/19/2011
Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: SHS (Cert. #1113); RSA (Certs. #580 and #581); Triple-DES (Cert. #872); Triple-DES MAC (Triple-DES Cert. #872, vendor affirmed); RNG (Cert. #671)

-Other algorithms: Triple-DES (Cert. #872, key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Single-chip

"The ypsid common cryptographic module lies at the core of the Sagem Orga authentication and signature tokens for corporate employees, civil servants, and e-commerce / e-banking online clients. This module is the base for : ypsid SmartCard S2 converged smart card access badges with PKI, minex II approved biometric fingerprint Match-on-card and One time password (OTP) and ypsid Keys: E*, E1, and E2 USB cryptographic keys presenting driverless and zero footprint two factor OTP authentication and digital signature."
1458

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/23/2010 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1457 Motorola Solutions, Inc.
1301 East Algonquin Rd
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

ASTRO Subscriber Universal Crypto Module (UCM)
(Hardware Versions: P/Ns 0104020J49, 0104020J50, 0104020J51, 0104024J43, 0104024J44, 0104024J45, 0104025J11, 0104025J12, 0104027J01, NNTN7097A, NTN9801B, NTN9738C, NNTN5032D, NNTN5032F, NNTN5032G, NNTN5032H, NNTN7427A and NNTN7427C; Firmware Versions: R05.06.00, R05.06.01, R05.07.10, R05.07.11, R05.07.12 or R05.07.15)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/29/2010;
01/31/2011;
03/28/2011;
07/05/2011
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-FIPS Approved algorithms: AES (Certs. #2 and #1296); Triple-DES (Cert. #82); SHS (Cert. #335); RNG (Cert. #121); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed)

-Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; AES MAC (AES Cert. #2, vendor affirmed; P25 AES OTAR); AES (Cert. #2, key wrapping; key establishment provides 256 bits of encryption strength)

Multi-chip embedded

"Encryption modules used in Motorola Astro family of radios. Provides secure voice and data capabilities as well as APCO Over-the-Air-Rekeying and advanced key management."
1456 ARX (Algorithmic Research)
10 Nevatim Street
Kiryat Matalon, Petach Tikva 49561
Israel

-Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0

PrivateServer
(Hardware Version: 4.7; Firmware Version: 4.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/29/2010 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1267); Triple-DES (Cert. #899); RSA (Cert. #608); SHS (Cert. #1167); Triple-DES MAC (Cert. #899, vendor affirmed); RNG (Cert. #708); ECDSA (Cert. #151); HMAC (Cert. #737)

-Other algorithms: DES; DES MAC; DES Stream; ISO9796; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; DES MAC; MD5

Multi-chip standalone

"The PrivateServer is a high-performance cryptographic service provider. PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES-MAC, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capability."
1455 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

7206VXR NPE-G2 with VSA
(Hardware Version: 7206VXR Version: 2.9 with NPE-G2 Version: 1.0 and VSA Version: 1.0; Firmware Version: 12.4(15)T10 or 12.4(15)T14)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/29/2010;
07/27/2011;
02/23/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #91); HMAC (Cert. #203); RNG (Cert. #786); RSA (Cert. #707); SHS (Certs. #500 and #1303); Triple-DES (Cert. #204)

-Other algorithms: MD4; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); DES; AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant); GDOI (key wrapping, key establishment methodology provides 128 or 256 bits of encryption strength)

Multi-chip standalone

"Cisco Modular Access Routers are routers that provide data protection on a network providing packet encryption. The module performs all of the functions typical of a router. In addition to the normal routing functions, the module also provides packet encryption. The module is capable of encrypting traffic between one or more modules: providing a secure connection at the packet level."
1454 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Version: 3.8.6.5)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 11/29/2010 Overall Level: 1 

-Design Assurance: Level 3

-Tested: BlackBerry 9800 with BlackBerry OS Version 6.0

-FIPS Approved algorithms: Triple-DES (Cert. #956); AES (Certs. #1402 and #1403); SHS (Cert. #1273); HMAC (Cert. #824); RSA (Cert. #682); RNG (Cert. #769); ECDSA (Cert. #177)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1453 SafeNet, Inc.
20 Colonnade Road
Suite 200
Nepean, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCI 7000 Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.8.1 or 4.8.2)

(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/22/2010;
02/10/2011;
12/03/2012
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #510 and #1298); Triple-DES (Certs. #520 and #912); Triple-DES MAC (Triple-DES Certs. #520 and #912, vendor affirmed); SHS (Cert. #1190); DSA (Cert. #420); RSA (Cert. #620); ECDSA (Cert. #154); HMAC (Cert. #755); RNG (Cert. #723)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA X509; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; AES (Certs. #510 and #1298, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #912, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1452 AvaLAN Wireless Systems, Inc.
125A Castle Drive
Madison, AL 35758
USA

-Michael Derby, Founder/CTO
TEL: 650-575-7332
FAX: 650-249-3591

-Jason Hennig
TEL: 650-206-2321
FAX: 650-249-3591

CST Lab: NVLAP 200017-0

AW140
(Hardware Version: AW140 r1.1; Firmware Version: 1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/22/2010 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #1291)

-Other algorithms: N/A

Multi-chip embedded

"The AW140 is a modular AES cryptographic subassembly that can be embedded into finished communications products. AW140's cryptographic boundary is encapsulated within this subassembly and allows finished products to inherit the AW140's NIST FIPS 140-2 validation."
1451 Seagate Technology, LLC
389 Disc Drive
Longmont, CO 80503
USA

-Monty Forehand
TEL: 720-684-2835

CST Lab: NVLAP 200017-0

Seagate® Momentus® Thin Self-Encrypting Drives TCG Opal FIPS 140 Module
(HW 9WC142 [1, 2, 3, 4, 5, 6, 7, 8] or 9WC14C [3, 4, 7, 8]; Firmware Versions: FW 1003HPMA [1], 1002HPBA [2], 1001DEMA [3], 1001SDMA [4], 1004HPMA [5], 1003HPBA [6], 1002DEMA [7] or 1002SDMA [8])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/22/2010;
07/18/2012
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1392 and #1341); RSA (Cert. #648); SHS (Cert. #1223); RNG (Cert. #737)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate® Momentus® Thin Self-Encrypting Drive (SED) FIPS 140 Module is embedded in Seagate Momentus Thin SED model disk drives. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
1450 Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat, 13705
France

-Arnaud Lotigier
TEL: +33 4 42 36 0 74
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 200427-0

TOP DL V2
(Hardware Version: A1023378; Firmware Version: Build#11 - M1005011+ Softmask V03)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/15/2010 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938)

-Other algorithms: N/A

Single-chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory available. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1449 Patrick Townsend Security Solutions
406 Legion Way SE
Suite 300
Olympia, WA 98501
USA

-Paul Ohmart
TEL: 360-357-8971

-Patrick Townsend
TEL: 800-357-1019

CST Lab: NVLAP 200658-0

Alliance Key Manager
(Software Version: 2.0.0)

(When operated with the Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1320 operating in FIPS mode (approved algorithms retested on listed operating environment))

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/15/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with rPath Linux, Version 2.6.29 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1245 and #1486); RNG (Certs. #692 and #810); SHS (Certs. #1144 and #1342); HMAC (Certs. #728 and #875); RSA (Cert. #729)

-Other algorithms: MD5, RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Alliance Key Manager implements a client/server interface for key administration. The user application has the client role, and the key manager has the server role. The user opens a secure connection to the key server, sends an administrative request (create a key, change a key, etc.), receives a response from the server, and the session is disconnected."
1448 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, AP1262, CAP3502e and CAP3502i Wireless LAN Access Points
(Hardware Versions: AP1131 Revision S0, AP1142 Revision G0, AP1242 Revision P0, AP1252 Revision F0, AP1262 Revision B0, CAP3502e Revision B0 and CAP3502i Revision B0; FIPS Kit AIRLAP-FIPSKIT=, Version B0; Firmware Versions: 7.0.98.0, 7.0.98.213, 7.0.116.0, 7.0.230.0, 7.0.240.0, 7.0.250.0, 7.2.103.0, 7.2.115.1 or 7.2.115.2)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/15/2010;
02/24/2011;
05/12/2011;
08/22/2011;
02/23/2012;
05/10/2012;
03/28/2013;
05/03/2013;
05/16/2013;
07/12/2013;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1352, #1353, #1354, #1355, #1356, #1357, #1358, #1359, #1360 and #1361); HMAC (Certs. #791, #792, #793, #794, #795, #796 and #797); RNG (Certs. #744, #745, #746 and #747); RSA (Certs. #658, #659, #660 and #661); SHS (Certs. #1235, #1236, #1237, #1238, #1239, #1240 and #1241)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); RC4; MD5; HMAC MD5

Multi-chip standalone

"The Cisco Aironet Lightweight 3502i, 3502e, 1262, 1142, 1131, 1252, and 1242 access points deliver the versatility, high capacity and enterprise class security required for small, medium and large Government indoor and outdoor wireless deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11a/g/n, 802.11i & 802.1x standards, IETF CAPWAP standard and are Wi-Fi Alliance certified for WPA2 security."
1447 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco 5508 Wireless LAN Controller
(Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Versions: 7.0.98.0, 7.0.98.213 or 7.0.116.0)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/15/2010;
02/24/2011;
05/12/2011;
08/22/2011;
02/23/2012
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1446 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Aironet Lightweight AP1522, AP1524PS and AP1524SB Wireless LAN Access Points
(Hardware Versions: AP1522 Outdoor Mesh Revision L0, AP1524PS Revision E0 and AP1524SB Revision B0; FIPS Kit Version AIRLAP-FIPSKIT=; Firmware Versions: 7.0.98.0, 7.0.98.213, 7.0.116.0, 7.0.230.0, 7.0.240.0, 7.0.250.0, 7.2.103.0, 7.2.115.1 or 7.2.115.2)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/15/2010;
02/24/2011;
05/12/2011;
08/22/2011;
02/23/2012;
05/10/2012;
03/28/2013;
05/03/2013;
05/16/2013;
07/12/2013;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1356 and #1357); HMAC (Cert. #794); RNG (Cert. #746); RSA (Cert. #660); SHS (Cert. #1238)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); RC4; MD5; HMAC MD5

Multi-chip standalone

"The Cisco Aironet Lightweight 1522 and 1524 access points deliver the versatility, high capacity and enterprise class security required for small, medium and large Government indoor and outdoor wireless deployments. In FIPS 140-2 mode of operation, the Cisco APs support the IEEE 802.11a/g/n, 802.11i & 802.1x standards, IETF CAPWAP standard and are Wi-Fi Alliance certified for WPA2 security."
1445 Quantum Corporation
1650 Technology Drive
Suite 700
San Jose, CA 95110-1382
USA

-Steve McKissick
TEL: 425-201-1546
FAX: 425-201-1233

CST Lab: NVLAP 200658-0

Scalar Key Manager
(Software Version: 2.0.3.a)

(When operated with the Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1320 operating in FIPS mode (approved algorithms retested on listed operating environment))

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/15/2010;
12/06/2010;
03/15/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with rPath Linux, Version 2.6.29 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1255 and #1499); RNG (Certs. #698 and #816); SHS (Certs. #1151 and #1350); HMAC (Certs. #734 and #882); RSA (Cert. #736)

-Other algorithms: MD5, RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Scalar Key Manager implements a client/server interface for key administration. The user application has the client role, and the key manager has the server role. The user opens a secure connection to the key server, sends an administrative request (create a key, change a key, etc.), receives a response from the server, and the session is disconnected."
1444 Rajant Corporation
400 E. King Street
Malvern, PA 19355
USA

-Marty Lamb
TEL: 610-873-6788 x209

CST Lab: NVLAP 200416-0

Rajant Corporation BreadCrumb ME3
(Hardware Versions: ME3-24 [1] and ME3-09 [2]; Firmware Versions: 10.13 [1] and 10.13a [2])

(When operated in FIPS mode and the Loctite® 425 material applied as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 11/15/2010;
04/12/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3

-FIPS Approved algorithms: AES (Certs. #1300 and #1301); RSA (Cert. #622); SHS (Cert. #1191); HMAC (Cert. #756); RNG (Cert. #724)

-Other algorithms: RC4; MD5; Diffie-Hellman; AES (Cert. #1300, key wrapping)

Multi-chip standalone

"The Rajant Corporation's BreadCrumb® ME3-24 is a rugged wireless transmitter-receiver that forms a highly mobile mesh network (using InstaMesh®) when used in conjunction with other BreadCrumb® devices. This portable wireless mesh network node supports an open-standard IEEE 802.11 b/g radio to enable data, voice and video applications."
1443 Cloakware, Inc.
8219 Leesburg Pike
Suite 350
Vienna, VA 22182-2656
USA

-Trevor Brown
TEL: 613-271-9446 x299
FAX: 613-271-9447

-Garney Adams
TEL: 613-271-9446 x307
FAX: 613-271-9447

CST Lab: NVLAP 200017-0

Cloakware Security Kernel
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/08/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux (RHEL) AS 5.0; Solaris 10; Windows Server 2008 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1306 and #1309); Triple-DES (Cert. #914); SHS (Cert. #1197); RNG (Cert. #731); HMAC (Cert. #761); RSA (Cert. #663), DSA (Cert. #441)

-Other algorithms: Diffie-Hellman (key agreement, key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cloakware Security Kernel from Cloakware, Inc. is a module contained in a single library designed to provide cryptographic functionality within calling applications operating on multi-chip standard server platforms. This single library is linked at run-time to a C/C++ library, which can be called by host applications to provide cryptographic services. This library can also be dynamically loaded at runtime by a Java application running within a Java Virtual Machine (JVM) via Java Native Interface (JNI), providing cryptographic services to the Java application."
1442 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation S200/D200
(Hardware Versions: P/Ns D2-S200-S01, D2-S200-S02, D2-S200-S04, D2-S200-S08, D2-S200-S16, D2-D200-S01, D2-D200-S02, D2-D200-S04, D2-D200-S08, D2-D200-S16 and D2-D200-S32; Firmware Versions: 2.0.10, 2.0.11, 2.0.12 or 2.0.13)

(Files distributed with the module mounted within the CD Drive are excluded from the validation.)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/08/2010;
12/06/2010;
01/13/2011;
06/01/2011;
10/26/2011;
04/24/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1034); RNG (Cert. #587); RSA (Cert. #494); SHS (Certs. #986 and #987); HMAC (Cert. #579)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IronKey Secure Flash Drive includes a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1441 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

Atalla Cryptographic Subsystem (ACS)
(Hardware Versions: P/N 610113-001 Rev. A and B; Firmware Version: Loader Version 0.64, PSMCU Version 0.96)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/08/2010;
06/21/2011;
09/19/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1305 and #1311); RNG (Cert. #728); RSA (Cert. #625); SHS (Cert. #1194)

-Other algorithms: N/A

Multi-chip embedded

"The Atalla Cryptographic Subsystem (ACS) is a multi-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1440 Nexus Wireless
Artists Cour
15 Manette Street
London, W1D 4AP
United Kingdom

-Paul Richards
TEL: +44-207-734-0200
FAX: +44-207-734-0210

CST Lab: NVLAP 200416-0

Nexus FIPS 140-2 Crypto Module
(Hardware Version: 1.0; Firmware Versions: ES0408_RL01_R1_01_000 version 1.01.000 and ES0408_RL02_R1_00_000 version 1.00.000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/08/2010 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #914); DSA (Cert. #337); SHS (Certs. #901 and #928); HMAC (Cert. #533); RNG (Cert. #524)

-Other algorithms: DES; AES MAC (AES Cert. #914, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Nexus FIPS140-2 Crypto Module is a single-board security module designed to conform to FIPS140-2 standards and primarily intended for use in P25 radio equipment. The module supports both KFD and KMF management implementations, including a dedicated 3-wire KFD interface. It includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSKEK keys in non-volatile memory within the FIPS module, with protection from unauthorized disclosure or modification. The FIPS Module executes encryption and decryption of P25 Phase 1 voice and data tra"
1439 Secure64 Software Corporation
5600 South Quebec Street
Suite 320D
Greenwood Village, CO 80111
USA

-Christopher Worley
TEL: 303-242-5890
FAX: 720-489-0694

CST Lab: NVLAP 200416-0

Secure64 Cryptographic Module
(Firmware Version: 1.3)

(The tamper evident seals installed as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 11/08/2010 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx2660; Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx3600

-FIPS Approved algorithms: AES (Certs. #882 and #956); Triple-DES (Cert. #722); RNG (Cert. #507); SHS (Certs. #874 and #1198); HMAC (#762); DSA (Cert. #436); RSA (Certs. #495, #426 and #627)

-Other algorithms: N/A

Multi-chip standalone

"The Secure64 Cryptographic Module is a firmware module designed for use only with systems based on Secure64« SourceT«, a limited operational environment running on an Intel Itanium-based server platform. The Secure64 Cryptographic Module provides cryptographic functions that can be used by applications running in this environment. Example applications include DNSSEC signing (secure DNS using digital signatures), certificate management applications, etc. Example functions include key generation, secure key storage, encryption, decryption, hashing, and digital signing."
1438 Kingston Technology, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

-John Terpening
TEL: 714-427-3743
FAX: 714-435-2628

CST Lab: NVLAP 100432-0

DataTraveler 6000
(Hardware Versions: P/Ns (880074002F, 880074003F and 880074004F), Version 02.00.01; Firmware Version: 03.00.0C)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/03/2010 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1259, #1260, #1261, #1262, #1263 and #1264); SHS (Certs. #1155, #1156, #1157, #1158, #1159, #1160, #1161, #1162 and #1163); ECDSA (Certs. #147, #148 and #149); DRBG (Certs. #29, #30 and #31); RNG (Certs. #703, #704 and #705)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength)

Multi-chip standalone

"Kingston's ultra-secure DataTraveler 6000 USB Flash drive protects sensitive data with FIPS 140-2 Level 3 validation and 256-bit AES hardware-based encryption in XTS mode. Secured by SPYRUS, DT6000 uses elliptic curve cryptography encryption algorithms (ECC) that meet the Suite B standards approved by the U.S. government. The drive features complex password protection and locks down after 10 intrusion attempts."
1437 Ian Donnelly Systems, Inc.
17752 Preston Road
Dallas, TX 75252
USA

-Ian Donnelly
TEL: 972-931-7630
FAX: 972-380-8866

CST Lab: NVLAP 100432-0

KEY-UP Cryptographic Module
(Hardware Versions: P/N KEY-UP, Versions II-A and III-A; Firmware Version: 5.1 or 5.1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/03/2010;
07/27/2011
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #900); Triple-DES MAC (Triple-DES Cert. #900, vendor affirmed); SHS (Cert. #359); RNG (Cert. #127)

-Other algorithms: DES; DUKPT; TR-31

Multi-chip standalone

"Hardware Security Module."
1436 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco ASA 5505, 5510, 5520, 5540, 5550, 5580-20 and 5580-40 Security Appliances
(Hardware Versions: 5505 [1,2], 5510 [1], 5520 [1], 5540 [1], 5550 [1], 5580-20 [3], 5580-40 [3], [FIPS Kit (Cisco-FIPSKIT=): Revision -B0] [1], [ASA 5505 FIPS Kit (ASA5505-FIPS-KIT=): Revision -A0] [2] and [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT=)] [3]; Firmware Version: 8.3.2 and 8.3.2.13)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/03/2010;
05/12/2011;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #105, #564, #1394 and #1407); HMAC (Certs. #125, #301, #818 and #828); RNG (Certs. #144, #329, #763 and #772); RSA (Certs. #106, #261, #680 and #684); SHS (Certs. #196, #630, #1265 and #1277); Triple-DES (Certs. #217, #559, #954 and #960)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
1435 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco 4402 and 4404 Wireless LAN Controllers
(Hardware Versions: 4402, Revision Number R0 and 4404, Revision Number R0; FIPS Kit AIRWLC4400FIPSKIT=, Version A0; Opacity Baffle Version 1.0; Firmware Versions: 7.0.98.0, 7.0.98.213 or 7.0.116.0)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/02/2010;
02/24/2011;
05/12/2011;
08/22/2011;
02/23/2012
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 4400 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1434 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2] and P/N 800-26335 [3, 4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL or WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2.33-SXI3 or Cisco IOS Release 12.2.33-SXH5; WiSM: 7.0.98.0, 7.0.98.213 or 7.0.116.0)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 11/02/2010;
02/24/2011;
05/12/2011;
08/22/2011;
02/23/2012
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1433 IBM® Corporation
12 - 14 Marine Parade
Seabank Centre
Southport, QLD 4215
Australia

-Alex Hennekam
TEL: +61 7-5552-4045
FAX: +61 7 5571 0420

-Peter Waltenburg
TEL: +61 - 5552-4016
FAX: +61 7 5571 0420

CST Lab: NVLAP 200658-0

IBM® Crypto for C
(Software Version: 8.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/02/2010;
12/21/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008® 64-bit operating system (x86-64); Microsoft Windows Server 2008® 32-bit operating system (x86-64); AIX® 6.1 64-bit operating system (PowerPC 64); Solaris® 10 64-bit operating system (UltraSparc-64); Red Hat Linux Enterprise Server 5 32-bit operating system (x86-64); Red Hat Linux Enterprise Server 5 64-bit operating system (x86-64, zSeries-64 and PowerPC-64) (single user mode)

-FIPS Approved algorithms: AES (Certs. #1318, #1319, #1320, #1321, #1322, #1323, #1324, #1325, #1326, #1327, #1328, #1329, #1330 and #1331); Triple-DES (Certs. #917, #918, #919, #920, #921, #922, #923, #924, #925, #926, #927, #928, #929 and #930); DSA (Certs. #422, #423, #424, #425, #426, #427, #428, #429, #430, #431, #432, #433, #434 and #435); ECDSA (Certs. #157, #158, #159, #160, #161, #162, #163, #164, #165, #166, #167, #168, #169 and #170); RSA (Certs. #630, #631, #632, #633, #634, #635, #636, #637, #638, #639, #640, #641, #642 and #643); SHS (Certs. #1204, #1205, #1206, #1207, #1208, #1209, #1210, #1211, #1212, #1213, #1214, #1215, #1216 and #1217); HMAC (Cert. #766, #767, #768, #769, #770, #771, #772, #773, #774, #775, #776, #777, #778 and #779); DRBG (Cert. #34, #35, #36, #37, #38, #39, #40, #41, #42, #43, #44, #45, #46 and #47)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; MDC2; RIPEMD; HMAC MD5; DES; CAST; Camellia; Blowfish; RC4; RC2

Multi-chip standalone

"The IBM Crypto for C® v8.0 (ICC) cryptographic module is implemented in the C programming language. It is packaged as dynamic (shared) libraries usable by applications written in a language that supports C language linking conventions (e.g. C, C++, Java, Assembler, etc.) for use on commercially available operating systems. The ICC allows these applications to access cryptographic functions using an Application Programming Interface (API) provided through an ICC import library and based on the API defined by the OpenSSL group."
1432

CST Lab: NVLAP 200802-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/26/2010 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1431 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086-5301
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiOS
(Firmware Version: FortiOS 4.0, build6341, 100617)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 11/03/2010 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Tested: FortiGate-80C; FortiGate-200B; FortiGate-310B; FortiGate-620B; FortiGate-800; FortiGate-1240B; FortiGate-3016B; FortiGate-3600A; FortiGate-3810A-E4; FortiGate-5001A-DW

-FIPS Approved algorithms: AES (Certs. #1404 and #1409); Triple-DES (Certs. #957 and #962); RNG (Cert. #770); SHS (Certs. #1274 and #1279); HMAC (Certs. #825 and #830); RSA (Cert. #686)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC SHA-256 (non-compliant)

Multi-chip standalone

"The FortiOS is a firmware based operating system that runs exclusively on FortinetÆs FortiGate/FortiWiFi product family (PC-based, purpose built appliances)The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
1430 Security First Corp.
22362 Gilberto #130
Rancho Santa Margarita, CA 92688
USA

-Rick Orsini
TEL: 949-858-7525
FAX: 949-858-7092

CST Lab: NVLAP 100432-0

SecureParser®
(Software Version: 4.7.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/25/2010;
03/15/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2003 SP2 running on a Dell Optiplex GX620; Microsoft Windows XP Professional SP2 running on a Dell Optiplex GX620; Red Hat Enterprise Linux Version 5.1 running on a SGI Altix XE240

-FIPS Approved algorithms: AES (Certs. #1381 and #1382); RNG (Cert. #754); RSA (Cert. #668); DSA (Cert. #448); SHS (Cert. #1249); HMAC (Cert. #813); ECDSA (Cert. #173)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1381, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength)

Multi-chip standalone

"The SecureParser® is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
1429 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Data Processor Cryptographic Module
(Software Version: 3.2.2.5)

(When operated in FIPS mode per the installation instructions found in the Security Policy section: Approved Mode of Operation)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/25/2010 Overall Level: 2 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2008 running on a Dell Optiplex 755

-FIPS Approved algorithms: AES (Cert. #1449); HMAC (Cert. #850); RNG (Cert. #793); SHS (Cert. #1313)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Data Processor component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication and encryption/decryption between the various components via Central, Data Processor, Data Collector, and Agent that complete the SecureVue software application suite."
1428 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Data Collector Cryptographic Module
(Software Version: 3.2.2.5)

(When operated in FIPS mode per the installation instructions found in the Security Policy section: Approved Mode of Operation)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/25/2010 Overall Level: 2 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2008 running on a Dell Optiplex 755

-FIPS Approved algorithms: AES (Cert. #1449); HMAC (Cert. #850); RNG (Cert. #793); SHS (Cert. #1313)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Data Collector component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication, encryption/decryption, and key generation between the various components via Central, Data Processor, Data Collector, and Agent that complete the SecureVue software application suite."
1427 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Agent Cryptographic Module
(Software Version: 3.2.2.5)

(When operated in FIPS mode per the installation instructions found in the Security Policy section: Approved Mode of Operation)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/25/2010 Overall Level: 2 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2008 running on a Dell Optiplex 755

-FIPS Approved algorithms: AES (Cert. #1449); HMAC (Cert. #850); RNG (Cert. #793); SHS (Cert. #1313)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Agent component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication and encryption/decryption between the various components via Central, Data Processor, Data Collector, and Agent that complete the SecureVue software application suite."
1426 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Central Cryptographic Module
(Software Version: 3.2.2.5)

(When operated in FIPS mode per the installation instructions found in the Security Policy section: Approved Mode of Operation)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/25/2010 Overall Level: 2 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2008 running on a Dell Optiplex 755

-FIPS Approved algorithms: AES (Cert. #1449); HMAC (Cert. #850); RNG (Cert. #793); SHS (Cert. #1313)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Central component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication, encryption/decryption, and key generation between the various components via Central, Data Processor, Data Collector, and Agent that complete the SecureVue software application suite."
1425 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 94002
USA

-Global Certification Team
TEL:
FAX:

CST Lab: NVLAP 100432-0

Cisco Catalyst 3750G Integrated Wireless LAN Controller
(Hardware Versions: P/N WS-C3750G, Version M0 and P/N 69-1707-01 (FIPS Kit); Firmware Versions: 7.0.98.0, 7.0.98.213 or 7.0.116.0)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/25/2010;
02/24/2011;
05/12/2011;
08/22/2011;
02/23/2012
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 3750G WLAN Controller delivers centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco 3750G Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The 3750G WLAN Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1424 Just Rams PLC
Unit 6 Iron Bridge Close
Iron Bridge Business Park
Off Great Central Way
London, Middelsex NW10 0UF
United Kingdom

-Patrick Warley
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

-Francesco Rivieccio
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

CST Lab: NVLAP 200017-0

Integral 256 bit AES Drive and Integral 256 bit AES MAC Drive
(Hardware Versions: YFD1GBSPLCRYATV1INTL, YFD2GBSPLCRYATV1INTL, YFD4GBSPLCRYATV1INTL, YFD8GBSPLCRYATV1INTL, YFD16GSPLCRYATV1INTL, YFD32GBCRYPTOINTL, YFD2GBCRYPTOMACINTL, YFD4GBCRYPTOMACINTL, YFD8GBCRYPTOMACINTL, YFD16GBCRYPTOMACINTL and YFD32GBCRYPTOMACINTL; Software Version: 4.0; Firmware Version: PS2251-65)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 10/25/2010;
09/19/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1205); SHA (Cert. #1108); RNG (Cert. #666)

-Other algorithms: RSA (non-compliant); H/W RNG

Multi-chip standalone

"The Integral Crypto Drive offers Premium AES 256 bit security, and is the most secure and durable of all Integral USB Flash Drives. It has Brute-force password attack protection and has a 22 different language interface and zero footprint. Integral 256 bit AES Drive capacities available are 1GB, 2GB, 4GB, 8GB, 16GB, 32GB Integral 256 bit AES MAC Drive capacities available are 2GB, 4GB, 8GB, 16GB, 32GB"
1423 Apani Networks
1800 E. Imperial Hwy., Suite 210
Brea, CA 92821
USA

-Cory Stockhoff
TEL: 714-674-1600
FAX: 714-674-1755

CST Lab: NVLAP 200556-0

Apani Kernel Crypto Module
(Software Version: V1.0.1)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/25/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 32-bit and 64-bit Microsoft® Windows® XP; 32-bit and 64-bit Microsoft Windows Server® 2003; 32-bit and 64-bit Microsoft Windows Server® 2008 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1313); Triple-DES (Cert. #915); SHS (Cert. #1201); HMAC (Cert. #764)

-Other algorithms: N/A

Multi-chip standalone

"The AKCM is a software library that runs on a wide variety of computing platforms and performs encryption, hashing and message authentication generation functions."
1422 ARX (Algorithmic Research)
10 Nevatim Street
Kiryat Matalon, Petach Tikva 49561
Israel

-Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0

CoSign
(Hardware Version: 7.0; Firmware Version: 5.2 and 6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/25/2010;
01/22/2013
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #939, #940, #1437 and #1438); Triple-DES MAC (Triple-DES Certs. #939 and #1437, vendor affirmed); SHS (Certs. #1244, #1245, #1970 and #1971); HMAC (Certs. #799 and #1405); RNG (Certs. #750 and #1139); RSA (Certs. #665 and #1177)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data."
1421 Juniper Networks, Inc.
1194 North Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper J-Series Services Routers: J2320, J2350, J4350 and J6350
(Hardware Versions: P/Ns J-2320-JH (J2320), J-2350-JH (J2350), J-4350-JB (J4350) and J-6350-JB (J6350); Firmware Version: JUNOS-FIPS 9.3R3)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/25/2010;
12/11/2013
Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1165, #1166 and #1167); DSA (Cert. #382); ECDSA (Cert. #139); HMAC (Certs. #665, #666, #667 and #668); RNG (Cert. #645); RSA (Cert. #553); SHS (Certs. #1077, #1078, #1079 and #1080); Triple-DES (Certs. #843, #844 and #845)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"Juniper Networks J Series Routers extend enterprise applications and deliver reliable connectivity to remote offices with a powerful blend of high-performance network protection and advanced services. J Series Services Routers leverage the modular JUNOS Software and Juniper's rich product and partner portfolio to consolidate market leading security, application optimization, and voice capabilities onto a single, easy to manage platform. Our innovate security approach inseparably integrates routing and firewalls for exceptional performance."
1420

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2010 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1419

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/14/2010 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1418 Persistent Systems, LLC
303 Fifth Avenue Suite 207
New York, NY 10016
USA

-David Holmer
TEL: 212-561-5895
FAX: 212-202-3625

CST Lab: NVLAP 100432-0

Persistent Systems Wave Relay Quad Radio Router and Man Portable Unit (Generation 2, Generation 3 Single/Dual, and Generation 4)
(Hardware Versions: Man Portable Unit (Generation 2 P/N MPU2 Versions 3.0 or 3.1, Generation 3 Single P/N MPU3S Versions 1.0, 1.1, 1.2, 1.3, 1.4, 1.4.1 or 1.5, Generation 3 Dual P/N MPU3D Versions 1.0, 1.1, 1.2, 1.3, 1.4 or 1.5, Generation 4 P/N MPU4 Versions 1.0, 1.0.1, 1.1, 1.2 or 1.3), Quad Radio Router (P/N QRS Versions 2.1, 2.2 or 2.3); Firmware Versions: 17.3.42 or 18.0.10)

(When operated with the tamper evident material installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/05/2010;
10/29/2010;
04/04/2012
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1241 and #1242); DSA (Cert. #409); HMAC (Certs. #725 and #726); RNG (Cert. #689); RSA (Cert. #595); SHS (Certs. #1140 and #1141); Triple-DES (Cert. #889)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The Wave Relay Mobile Ad Hoc Networking System provides persistent wireless network connectivity between highly mobile users in a true peer-to-peer topology."
1417 Persistent Systems, LLC
303 Fifth Avenue Suite 207
New York, NY 10016
USA

-David Holmer
TEL: 212-561-5895
FAX: 212-202-3625

CST Lab: NVLAP 100432-0

Persistent Systems Wave Relay Single, Dual, and Quad Radio Board
(Hardware Versions: P/N WR-BRD-DUAL Versions 1.0, 1.1, 1.2, 1.3, 1.4, 1.4.1 or 1.5, P/N WR-BRD SINGLE Versions 1.0, 1.0.1, 1.1, 1.2 or 1.3, P/N WR-BRD-QUAD Versions 2.1, 2.2 or 2.3; Firmware Versions: 17.3.42 or 18.0.10)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/05/2010;
04/04/2012
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1241 and #1242); DSA (Cert. #409); HMAC (Certs. #725 and #726); RNG (Cert. #689); RSA (Cert. #595); SHS (Certs. #1140 and #1141); Triple-DES (Cert. #889)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip embedded

"The Wave Relay Mobile Ad Hoc Networking System provides persistent wireless network connectivity between highly mobile users in a true peer-to-peer topology."
1416 Oberthur Technologies
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

ID-One PIV (Type B)
(Hardware Versions: P/Ns BF [1, 2] and C0 [3, 4]; Firmware Version: 0801 (with op-codes (071621 and 070534) [1], (071621 and 071891) [2], (071631 and 070544) [3] or (071631 and 071901) [4]) with ID-One PIV Applet Suite V2.3.2 [*] or V2.3.2-a [**])

(PIV Card Application: Cert. #19 [*] or #26 [**])

(When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 10/06/2010;
11/24/2010;
12/21/2010;
02/10/2011;
07/05/2011;
10/04/2011;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #770); Triple-DES MAC (Triple-DES Cert. #770, vendor affirmed); AES (Cert. #978); RNG (Cert. #555); RSA (Cert. #471); ECDSA (Cert. #120); SHS (Cert. #949); CVL (Cert. #4); CVL (Certs. #216 and #221)

-Other algorithms: Triple-DES (Triple-DES Cert. #770, key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); AES (AES Cert. #978, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #978; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"This new generation PIV Card addresses current & future needs of both Federal and Corporate customers with built-in support for all the cryptographic algorithms defined in SP800-78-2 including TDEA, AES, RSA, ECDSA, & ECDH with all possible key sizes as well as key history for over 20 retired decryption keys. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption, & secure post issuance management in the PIV system. Its fingerprint match-on-card has been validated in the MINEX II PIV Biometric interoperability program."
1415 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

TZ 100, TZ 100W, TZ 200, TZ 200W, TZ 210 and TZ 210W
(Hardware Versions P/N 101-500267-50, Rev. A (TZ 100); P/N 101-500268-51, Rev. A (TZ 100W); P/N 101-500262-51, Rev. A (TZ 200); P/N 101-500246-53, Rev. A (TZ 200W); P/N 101-500218-51, Rev. A (TZ 210); P/N 101-500214-54, Rev. A (TZ 210W); Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/28/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1200); Triple-DES (Cert. #868); SHS (Cert. #1105); DSA (Cert. #398); RNG (Cert. #664); RSA (Cert. #577); HMAC (Cert. #697)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"SonicWALL's TZ Series is a high performance security platform that combines anti-virus, anti-spyware, intrusion prevention, content filtering, 3G connectivity and redundancy with 802.11 b/g/n wireless for an ultimate SMB security package. These solutions allow remote and branch offices to easily implement network protection from a wide spectrum of emerging threats."
1414 Oberthur Technologies
4250 Pleasant Valley Road
Chantilly, VA 20151-1221
USA

-Christophe Goyet
TEL: 703-263-0100
FAX: 703-263-0503

CST Lab: NVLAP 100432-0

ID-One PIV (Type A)
(Hardware Versions: P/Ns B0 and BA; Firmware Version: FC10 (with op-codes 069778 or 071964) with ID-One PIV Applet Suite V2.3.2 [1], V2.3.2-a [2] or V2.3.4 [3])

(PIV Card Application: Cert. #18 [1], #25 [2] or #36 [3])

(When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/28/2010;
11/24/2010;
12/21/2010;
02/10/2011;
07/05/2011;
10/04/2011;
02/22/2013;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); AES (Cert. #840); RNG (Cert. #480); RSA (Cert. #403); ECDSA (Cert. #94); SHS (Cert. #833); CVL (Cert. #3); CVL (Certs. #215 and #220)

-Other algorithms: Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); AES (AES Cert. #840, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #840; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"This new generation PIV Card addresses current and future needs of both Federal & Corporate customers with built-in support for all the cryptographic algorithms defined in SP800-78-2 including TDEA, AES, RSA, ECDSA, & ECDH with all possible key sizes as well as key history for over 20 retired decryption keys. It offers Identity proofing (storage of personal data), User authentication, Card authentication, digital signature, encryption, and secure post issuance management in the PIV system. Its fingerprint match-on-card has been validated in the MINEX II PIV Biometric interoperability program."
1413 Icom Inc.
1-1-32, Kamiminami
Hirano-Ku, Osaka 547-0003
Japan

-Masaaki Takahashi
TEL: 425-450-6043

CST Lab: NVLAP 200427-0

UT-125 FIPS #10 Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/28/2010 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #1303); HMAC (Cert. #758); RNG (Cert. #726); SHS (Cert. #1193)

-Other algorithms: AES MAC (AES Cert. #1303, vendor affirmed; P25 AES OTAR); DES; DES-MAC

Multi-chip embedded

"The UT-125 FIPS #10 is an optional unit available for Icom radios that provides secure voice and data capabilities as well as APCO OTAR and advanced key management."
1412 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Bishakha Banerjee
TEL: 408-936-6843
FAX: 408-936-1801

-Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 100432-0

JUNOS-FIPS 9.3 L2 OS Cryptographic Module
(Firmware Version: 9.3R2.8)

(When operated only on the specific platforms specified on the reverse. The routing engine and chassis configured with tamper evident seals installed as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 09/28/2010 Overall Level: 2 

-Design Assurance: Level 3

-Tested: M40e [RE-A-1000-2048], M120 [RE-A-1000-2048], M120 [RE-A-2000-4096], M320 [RE-A-1000-2048], M320 [RE-A-2000-4096], MX240 [RE-S-2000-4096], MX480 [RE-S-2000-4096], MX960 [RE-S-2000-4096], T320 [RE-A-2000-4096], T640 [RE-A-2000-4096] and T1600 [RE-A-2000-4096]

-FIPS Approved algorithms: AES (Certs. #1049, #1050 and #1051); DSA (Cert. #351); ECDSA (Cert. #127); RNG (Cert. #599); RSA (Cert. #501); HMAC (Certs. #590, #591, #592 and #593); SHS (Certs. #998, #999, #1000 and #1001); Triple-DES (Certs. #793, #794 and #795)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Juniper Networks M, T and MX series routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software, which provides both management and control functions as well as all IP routing."
1411 Security First Corp.
22362 Gilberto #130
Rancho Santa Margarita, CA 92688
USA

-Rick Orsini
TEL: 949-858-7525
FAX: 949-858-7092

CST Lab: NVLAP 100432-0

SecureParser®
(Software Version: 4.7.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/03/2010 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Ubuntu 8; Windows Server 2003; Windows XP (single user mode)

-FIPS Approved algorithms: AES (Certs. #1222 and #1223); RNG (Cert. #678); RSA (Cert. #590); DSA (Cert. #405); SHS (Cert. #1124); HMAC (Cert. #714); ECDSA (Cert. #144)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1222, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength)

Multi-chip standalone

"The SecureParser® is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
1410 AudioCodes
1 Hayarden St.
Airport City, Lod 70151
Israel

-Yair Elharrar
TEL: +972-3-976-4055
FAX: +972-3-976-4223

CST Lab: NVLAP 200002-0

BS-500
(Hardware Version: FASB0885; Firmware Version: 5.80AM.023)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/23/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1114 and #1169); Triple-DES (Certs. #811 and #847); RSA (Cert. #556) HMAC (Cert. #669); SHS (Cert. #1037); RNG (Cert. #646)

-Other algorithms: Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; DES; RC4; MD5

Multi-chip embedded

"Voice-over-IP media gateway"
1409 Open Text Corporation
38 Leek Crescent
Richmond Hill, Ontario L4B 4N8
Canada

-Jonathan Carroll
TEL: 514-281-5551 x222
FAX: 514-281-9958

CST Lab: NVLAP 200017-0

Open Text Cryptographic Module
(Software Version: 14.0.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 09/21/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista with SP1 (32-bit edition); Microsoft Windows Vista with SP1 (64-bit edition) (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #541); DSA (Cert. #371); Triple-DES (Cert. #829); AES (Cert. #1143); HMAC (Cert. #650); SHS (Cert. #1061); RNG (Cert. #633)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; CAST; RC2; RC4; RC5; ECC; MD2; MD4; MD5; MDC2; RIPEMD; Message-digest based PRNG

Multi-chip standalone

"The Open Text Cryptographic Module is a library which provides encryption and decryption services to Hummingbird Connectivity software during SSL or SSH connections. The Open Text Cryptographic Module is used in Exceed, a windows-based X11 server, NFS Maestro, a suite of NFS clients and servers, HostExplorer, a desktop and web-based terminal emulation suite and Connectivity Secure Shell, an implementation of the Secure Shell 2 protocol."
1408 Aladdin Knowledge Systems, Ltd.
35 Efal St.
Kiryat Arie, Petach Tikva Israel

-Chanan Lavi
TEL: 972-3-9781111
FAX: 972-3-9781010

CST Lab: NVLAP 100432-0

Aladdin eToken NG-FLASH (Java) [1], Aladdin eToken NG-FLASH Anywhere [1] and Aladdin eToken NG-OTP (Java) [2]
(Hardware Versions: 5 [1] and 3.0 [2]; Firmware Versions: Athena IDProtect Version 0106.8015.0508, 0106.8015.0808 and Aladdin eToken Version 1.1)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/15/2010;
10/26/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #681); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); SHS (Cert. #789)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Aladdin eToken NG-FLASH (Java) and Aladdin eToken NG-OTP (Java) offer strong authentication and guaranteed non-repudiation for sensitive applications such as eBanking, stock trading, eCommerce and financial transactions. The modules are based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generation, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
1407 G4S Technology Limited
Challenge House, International Drive
Tewkesbury, Gloucestershire GL20 8UQ
United Kingdom

-Steve Amos
TEL: +44 1684 850977
FAX: +44 1684 294845

-Kevin Hollingworth
TEL: +44 1684 850977
FAX: +44 1684 294845

CST Lab: NVLAP 200427-0

Symmetry Cryptographic Module
(Software Version: 1.2.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/15/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP with SP3; Microsoft Windows 7; Microsoft Windows Vista with SP2; Microsoft Windows Server 2003 with SP2; Microsoft Windows Server 2008 with SP2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1314); HMAC (Cert. #765); SHS (Cert. #1202)

-Other algorithms: N/A

Multi-chip standalone

"The Symmetry Cryptographic Module provides AES 256 bit encryption functionality to enable a client application to provide a secure channel for transmission of data across a network."
1406 Fortinet, Inc.
1090 Kifer Road
Sunnyvale, CA 94086
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021

CST Lab: NVLAP 200556-0

FortiAnalyzer
(Firmware Version: v4.0.0,build6087,091105)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 09/15/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Tested: FortiAnalyzer-1000B with the FortiAnalyzer 4.0.0 operating system

-FIPS Approved algorithms: AES (Certs. #1206 and #1213); Triple-DES (Certs. #870 and #874); SHS (Certs. #1109 and #1117); RSA (Cert. #584); HMAC (Certs. #701 and #707); RNG (Cert. #667)

-Other algorithms: Diffie-Hellman (key agreement; key establishment method provides between 80 and 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data."
1405 SECUDE AG
Bergegg
Emmetten, 6376
Switzerland

-Michael Kummer
TEL: 770-360-5530
FAX: 678-659-9429

CST Lab: NVLAP 100432-0

FinallySecure Enterprise Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 10/7/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 7; Windows XP; Windows Vista (single-user mode)

-FIPS Approved algorithms: AES (Cert. #958); HMAC (Cert. #534); RNG (Cert. #541); SHS (Cert. #930)

-Other algorithms: N/A

Multi-chip standalone

"SECUDE's FinallySecure Enterprise software-only product provides sector-by-sector Full Disk Encryption (FDE) services to the General Purpose Computer (GPC) with hardening Pre-Boot Authentication (PBA) capabilities. The software is able to prevent all unauthorized access to user data including the operating system with varying degrees of security depending on customer preference. The FinallySecure Enterprise cryptographic module is the core underlying component providing cryptographic functionalities for the software in all aspects."
1404 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

SRA EX6000 and SRA EX7000
(Hardware Versions: P/Ns 101-500210-58 Rev. A (SRA EX6000) and 101-500188-58 Rev. A (SRA EX7000); Firmware Version: SRA 10.5.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 09/15/2010 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #807, #808 and #809); AES (Certs. #1110, #1111 and #1112); SHS (Certs. #1033, #1034 and #1035); RNG (Cert. #617); RSA (Certs. #523 and #524); HMAC (Certs. #622, #623 and #624)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4

Multi-chip standalone

"Built on Aventail's powerful, proven SSL VPN platform, the SonicWALL Aventail SRA EX6000 and SRA EX7000 appliances provide granular access control for any type of remote access by first detecting the identity and the security of the end point, protecting applications with granular policy based on who the user is and the trust established for the end point used for access, and then connecting authorized employees and business partners effortlessly from a broad range of cross-platform devices only to authorized resources."
1403 Hewlett Packard®, Inc.
10810 Farnam Drive
NBN02
Omaha, NE 68154
USA

-Nagesh Kuriyavar
TEL: 402-758-7262
FAX: 402-758-7332

-Brad Kenyon
TEL: 402-758-7265
FAX: 402-758-7332

CST Lab: NVLAP 200658-0

HP OpenCall HLR Cryptographic Module
(Software Versions: E10.21 or E10.22)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 09/15/2010;
03/28/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with HP Nonstop v J06.08 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1308); SHS (Cert. #1196), HMAC (Cert. #760); RNG (Cert. #730)

-Other algorithms: HP Proprietary Algorithm

Multi-chip standalone

"The HP OpenCall HLR Cryptographic Module provides cryptographic services that allows the HP OpenCall HLR to protect sensitive application and subscriber data at rest and during transit."
1402 IBM Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, GA 30328
USA

-Scott Sinsel
TEL: 404-236-2722
FAX: 404-236-2632

CST Lab: NVLAP 200416-0

SiteProtector Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 09/15/2010;
12/07/2011
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2003 R2 Standard, Version 5.2 SP 2 on an IBM eServer 326m running on an AMD Opteron Processor 270

-FIPS Approved algorithms: AES (Cert. #1181); HMAC (Cert. #681); RNG (Cert. #652); RSA (Cert. #562); SHS (Cert. #1090)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"IBM Proventia® Management SiteProtectorTM system is a security management system that provides centralized command and control, analysis, reporting and workflow for all ISS IBM Protection devices and select third-party security solutions including network IPS, Network Multi-Function, Server, Endpoint, Vulnerability Assessment, Application Assessment, and DLP. All of these IBM ISS security components have a common update and policy management system as well. The SiteProtector system provides an in-depth security event analysis capability that is specific to the needs of security analysts."
1401 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086-5301
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiOS
(Firmware Version: FortiOS 4.00, build6204, 091113)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 09/10/2010 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: FortiGate-310B; FortiGate-500A; FortiGate-620B; FortiGate-800; FortiGate-3600; FortiGate-3600A; FortiGate-5001A-DW; FortiWiFi-50B; FortiWiFi-60B

-FIPS Approved algorithms: AES (Certs. #1154, #1155 and #1156); Triple-DES (Certs. #835 and #836); RNG (Cert. #639); SHS (Certs. #1068 and #1069); HMAC (Certs. #657 and #658); RSA (Cert. #546)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"The FortiOS is a firmware based operating system that runs exclusively on FortinetÆs FortiGate/FortiWiFi product family (PC-based, purpose built appliances)The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
1400 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 2400
(Hardware Version: P/N 101-500219-53, Rev. A; Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/30/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1198); Triple-DES (Cert. #866); SHS (Cert. #1103); DSA (Cert. #397); RNG (Cert. #662); RSA (Cert. #575); HMAC (Cert. #695)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
1399 LifeSize Communications, Inc.
901 S. Mopac Expressway
Bldg 3 Suite 300
Austin, TX 78746
USA

TEL: 512-347-9300
FAX: 512-347-9301

CST Lab: NVLAP 200017-0

Cryptographic Security Kernel
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 08/30/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux kernel 2.4 (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #532); DSA (Cert. #365); AES (Cert. #1123); HMAC (Cert. #634); Triple-DES (Cert. #820); SHS (Cert. #1046); RNG (Cert. #626)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"The LifeSize Room, Team, and Express product lines employ the LifeSize Cryptographic Security Kernel to provide the cryptographic functionality necessary to secure high-definition audio and video conference communications."
1398 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 240
(Hardware Version: P/N 101-500240-54, Rev. A; Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/30/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1196); SHS (Cert. #1102); DSA (Cert. #396); RNG (Cert. #661); Triple-DES (Cert. #865); RSA (Cert. #574); HMAC (Cert. #694)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
1397 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation Secure Flash Drive
(Hardware Versions: P/Ns IK040401, IK040402, IK040404 and IK040408; Firmware Version: 1.3.9)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/30/2010;
10/26/2011;
04/24/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #655); HMAC (Cert. #615); RNG (Cert. #380); RSA (Cert. #494); SHS (Certs. #691 and #986)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IronKey Secure Flash Drive has been designed to be the world's most secure flash drive. The onboard AES, RSA, SHA, and RNG engines deliver the gold standard in data and identity protection for consumers, enterprises, and government users alike. For more information, visit https://www.ironkey.com."
1396 Fortinet Inc.
1090 Kifer Road
Sunnyvale, CA 94086-5301
USA

-Jeff Lake, Vice President, Federal Operations
TEL: 678-402-8021
FAX: 678-402-8021

CST Lab: NVLAP 200017-0

FortiMail OS
(Firmware Version: FortiMail OS 3.00, build 529, 091029)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 08/30/2010 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested as meeting Level 1 with FortiMail-100; FortiMail-400; FortiMail-400B; FortiMail-2000A; FortiMail-4000A

-FIPS Approved algorithms: AES (Cert. #1231); Triple-DES (Cert. #884); RNG (Cert. #682); SHS (Cert. #1131); HMAC (Cert. #718); RSA (Cert. #591)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength);

Multi-chip standalone

"FortiMail OS is a firmware based operating system that runs exclusively on Fortinet's FortiMail product family (PC-based, purpose built appliances). FortiMail offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities."
1395 SafeNet, Inc.
20 Colonnade Road
Suite 200
Nepean, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCM Key Export (KE) Cryptographic Module
(Hardware Version: LTK-02-0501; Firmware Version: 4.6.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2010;
09/02/2010
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #933); SHS (Cert. #917); HMAC (Cert. #522); RSA (Cert. #452); Triple-DES (Cert. #747); Triple-DES MAC (Triple-DES Cert. #747, vendor affirmed); DSA (Cert. #331); ECDSA (Cert. #116); RNG (Cert. #534)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #933; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1394 SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131-2203
USA

-Tom Dickens
TEL: 408-392-9131
FAX: 408-392-0319

CST Lab: NVLAP 100432-0

SPYRUS FIPS Sector-based Encryption Module
(Hardware Versions: P/Ns 880074002F, 880074003F and 880074004F, Version 02.00.01; Firmware Version: 03.00.0C)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2010;
09/07/2010;
03/28/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1259, #1260, #1261, #1262, #1263 and #1264); SHS (Certs. #1155, #1156, #1157, #1158, #1159, #1160, #1161, #1162 and #1163); ECDSA (Certs. #147, #148 and #149); DRBG (Certs. #29, #30 and #31); RNG (Certs. #703, #704 and #705)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength)

Multi-chip standalone

"The SPYRUS FIPS Sector-based Encryption Module provides hardware-based, sector by sector full disk encryption providing the protective military strength of the U. S. Government's Suite B algorithm standards, including AES, ECDSA, SHA-2, and EC-DH. The USB encryption device comes with an easy to use, user-friendly interface that operates on the Microsoft Windows operating systems, Linux, and MAC without installing any drivers."
1393 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Douglas Clark
TEL: 203-923-3206
FAX: 203-924-3406

CST Lab: NVLAP 200427-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: MAXQ1959B-F50#; Firmware Version: 5.01.01)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/18/2010;
09/13/2010
Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: ECDSA (Cert. #153); HMAC (Cert. #746); RNG (Cert. #715); SHS (Cert. #1177); Triple-DES (Cert. #904); Triple-DES MAC (Triple-DES Cert. #904, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Canda Post Indicia. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
1392 Doremi Labs
1020 Chestnut St.
Burbank, CA 91506
USA

-Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

-Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 200802-0

Dolphin DCI 1.2
(Hardware Versions: DOLPHIN-DCI-1.2-A0, DOLPHIN-DCI-1.2-A1, DOLPHIN-DCI-1.2-C0 and DOLPHIN-DCI-1.2-C1; Firmware Versions: (2.0.4, 99.03 and 22.03-0) or (2.0.4, 99.03 and 22.03-1))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/12/2010;
06/07/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #521, #532 and #1252); HMAC (Certs. #271 and #731); SHS (Certs. #593 and #1148); RNG (Certs. #326, #693, #696 and #700); RSA (Certs. #600 and #601)

-Other algorithms: MD5; HMAC-MD5; TRNGs; RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength);

Multi-chip embedded

"The Dolphin DCI 1.2 is a PCI-card that provides a standard definition/high definition serial digital interface. This is a Doremi decoder hardware card that contains a JPEG-2000 decoder hardware and BNC serial digital interface connectors used in Doremi Digital Cinema Servers like the DCP-2000. The Dolphin DCI 1.2 utilizes a dual-link encoded serial digital interface for output of DCI compliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e. trailers, advertisement, etc.)."
1391 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Peter Hayman
TEL: 919-462-1900 x273
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeNet Ethernet Encryptor, Branch Office
(Hardware Version: 943-50200-004; Firmware Version: 1.0.6.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/12/2010 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1243); HMAC (Cert. #740); RNG (Cert. #690); RSA (Cert. #596); SHS (Cert. #1142); Triple-DES (Cert. #890)

-Other algorithms: SEED (CFB with key length 128); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Camellia (CFG with key length 256)

Multi-chip standalone

"The SafeNet Ethernet Encryptor Branch Office provides data privacy and access control for connections between vulnerable public and private networks. It employs a FIPS-approved AES algorithm and can be deployed in 10 Megabit Ethernet networks. The encryptor can be centrally controlled or managed across multiple remote stations using SafeNet's Security Management Center (SMC), a SNMPv3-based security management system."
1390 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team
TEL:
FAX: 919-882-8791

CST Lab: NVLAP 200427-0

Cisco ASR 1002f, ASR 1002 with ESP5 or ESP10, ASR 1004 with RP 1 or RP 2 and ESP10 or ESP20, and ASR 1006 with dual RP 1 or dual RP 2 and dual ESP10 or dual ESP20
(Hardware Versions: ASR1002f, ASR1002, ASR1004 and ASR1006; Embedded Services Processor (ESP) Hardware versions: ASR1000-ESP5, ASR1000-ESP10 and ASR1000-ESP20; Route Processor (RP) Hardware versions: ASR-1000-RP1 and ASR-1000-RP2; Firmware Version: 2.4.2t)

(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/12/2010;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #333 and #1250); HMAC (Certs. #137 and #730); RSA (Cert. #599); RNG (Certs. #154 and #695); SHS (Certs. #408 and #1147); Triple-DES (Certs. #398 and #894)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA(key wrapping; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Cisco has reinvented edge routing with the Cisco ASR 1000 Series Aggregation Services Routers. The ASR 1000 Series consists of three different versions: the ASR 1002, the ASR 1004, and the ASR 1006 Router. All three models use the innovative and powerful Cisco QuantumFlow Processor, which provides a huge leap in performance and resiliency for network processors. The Cisco ASR 1000 delivers multiple services embedded in the Cisco QuantumFlow Processor at wire speeds of up to 20 Gbps. The ASR 1000 architecture supports both software redundancy and hardware redundancy (ASR 1006) capabilities."
1389 IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0

IBM® z/OS® Version 1 Release 10 System SSL Cryptographic Module
(Hardware Versions: FC3863 w/System Driver Level 76, CEX2A and CEX2C [CEX2A and CEX2C are separately configured versions of 4764-001 (P/Ns 12R6536, 12R8241, 12R8561 or 41U0438)]; Software Versions: APAR OA26457 and APAR OA26109; Firmware Versions: 4764-001(2096a16d) or 4764-001(c16f4102))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 08/12/2010 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Tested as meeting Level 1 with IBM System z10™ Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, Crypto Express2 Card (Coprocessor (CEX2C)); Crypto Express2 Card (Accelerator (CEX2A)) and Crypto Express2 Cards (Coprocessor (CEX2C) and Accelerator (CEX2A))] [IBM System z10™ Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 76 and z/OS® V1R10] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #976, #1106, and #1107); Triple-DES (Certs. #769, #804, and #805); DSA (Certs. #355 and #356); RSA (Certs. #517, #518, #519, #520, and #521); SHS (Certs. #946, #1029, and #1030); HMAC (Certs. #618 and #619); RNG (Certs. #614 and #615)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2.

Multi-chip standalone

"System SSL is a set of generic services provided in z/OS® to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS® to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS® to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1388 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Momentus® FDE Drives FIPS 140 Module
(Hardware Versions: ST9500422AS [1], ST9250412AS [1, 2], ST9320427ASG [3], ST9250414ASG [3] and ST9160419ASG [3]; Firmware Version: 500 [1], 070 [2] and 030 [3])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/12/2010;
01/25/2013
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #797 and #1341); HMAC (Cert. #594); SHS (Cert. #1223); RNG (Cert. #737); RSA (Cert. #648); Triple-DES (Cert. #697)

-Other algorithms: DES

Multi-chip standalone

"The Momentus® FDE Drives, FIPS 140 Modules are FIPS 140-2 Level 2 modules which provide full disk encryption with user authentication These products are designed to prevent data breaches due to loss or theft on the road, in the office. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms in two FIPS-Approved modes: ATA Enhanced Security Mode and DriveTrust Security Mode. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, and authenticated FW download."
1387 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 5 Kernel Crypto API Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. This module contains the embedded module Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #815 (Approved algorithms retested on listed operating environment) operating in FIPS mode. Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs is automatically verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.4 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1224); Triple-DES (Cert. #882); SHS (Cert. #1125); HMAC (Certs. #715 and #812); RNG (Cert. #679); DSA (Certs. #406 and #449)

-Other algorithms: DES, Triple-DES (CTR mode; non-compliant)

Multi-chip standalone

"The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 5 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator."
1386 Red Hat®, Inc.
314 Littleton Road
Raleigh, NC 27606
USA

-Irina Boverman
TEL: 978 392 1000

-Karl Wirth
TEL: 978 392 1000

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 5 OpenSwan Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9 of the provided Security Policy. This module contains the embedded modules Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1320 operating in FIPS mode and the Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #815 (Approved algorithms retested on listed operating environment) operating in FIPS mode. Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs is automatically verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.4 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #943); AES (Cert. #1368); SHS (Cert. #1250); RSA (Cert. #669); RNG (Cert. #755); DSA (Cert. #449); HMAC (Certs. #661, #662 and #663)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 bits and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC2; RC4; DES; MD2; MD5

Multi-chip standalone

"The Red Hat Enterprise Linux 5 OpenSwan Cryptographic Module is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec."
1385 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 5 OpenSSH Client Cryptographic Module
(Software Version: 1.1)

(When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1320 operating in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module.))

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
09/06/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.4 and Red Hat Enterprise Linux 5.8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1160, #1161 and #1162); Triple-DES (Certs. #839, #840 and #841); DSA (Certs. #378, #379 and #380); RNG (Certs. #642, #643 and #644); RSA (Certs. #549, #550 and #552); HMAC (Certs. #661, #662 and #663)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 5.4 or RHEL 5.8. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1384 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 5 OpenSSH-Server Cryptographic Module
(Software Version: 1.1)

(When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1320 operating in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
09/06/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.4 and Red Hat Enterprise Linux 5.8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1160, #1161 and #1162); Triple-DES (Certs. #839, #840 and #841); DSA (Certs. #378, #379 and #380); RNG (Certs. #642, #643 and #644); RSA (Certs. #549, #550 and #552); HMAC (Certs. #661, #662 and #663)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The OpenSSH server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 5.4 or RHEL 5.8. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1383 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Bishakha Banerjee
TEL: 408-936-6843
FAX: 408-936-1801

-Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 100432-0

JUNOS-FIPS 9.3 OS Cryptographic Module
(Firmware Version: 9.3R2.8)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 09/13/2010;
10/29/2010
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: M7i [RE-850-1536] and M10i[RE-850-1536]

-FIPS Approved algorithms: AES (Certs. #1049, #1050 and #1051); DSA (Cert. #351); ECDSA (Cert. #127); RNG (Cert. #599); RSA (Cert. #501); HMAC (Certs. #590, #591, #592 and #593); SHS (Certs. #998, #999, #1000 and #1001); Triple-DES (Certs. #793, #794 and #795)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Juniper Networks M7i and M10i routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software which provides both management and control functions as well as all IP routing."
1382 ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009
USA

-Ed Smith
TEL: 760-476-4995
FAX: 760-476-4703

CST Lab: NVLAP 100432-0

Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module
(Hardware Versions: P/Ns 1010162 [1, 2, 3], 1010162 with ESEM [2, 3], 1075559 [1, 2 3], 1075559 with ESEM [2, 3], 1010163 [1, 2, 3], 1010163 with ESEM [2, 3], 1075560 [1, 2, 3] and 1075560 with ESEM [2, 3], Version 1; Firmware Versions: 01.03.05 [1] and 02.01.04 [2], or 02.01.05 [3])

(The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/12/2010;
10/04/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1203 and #1204); SHS (Cert. #1107); HMAC (Cert. #699); ECDSA (Cert. #143); RNG (Cert. #665)

-Other algorithms: EC Diffie-Hellman (key agreement)

Multi-chip standalone

"The ViaSat Enhanced Bandwidth Efficient Modem (EBEM-500) series Satcom Modem provides the latest in efficient modulation and coding for point-to-point Satcom connections. The EBEM-500 series offers embedded encryption, integrating the security functions into the modem to provide an integrated secure Satcom modem product. The EBEM-500 series is backward compatible with a wide range of legacy Satcom modems currently in use and supports the new improved efficiency modulation and coding. The EBEM-500 series supports user base-band data rates from 64 kbps up to 155.52 Mbps."
1381 Accellion, Inc.
1900 Embarcadero Road, Suite 207
Palo Alto, CA 94303
USA

-Prateek Jain
TEL: 650-739-0095
FAX: 650-739-0561

CST Lab: NVLAP 100432-0

Accellion Secure File Transfer Cryptographic Module
(Software Version: FTALIB_1_0_1)

Revoked

Security Policy

Certificate

Software 08/12/2010 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Red Hat Linux Version 5.1 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #843, #844 and #845); Triple-DES (Cert. #771); HMAC (Cert. #639); DSA (Cert. #307); SHS (Certs. #836, #842 and #1051)

-Other algorithms: Triple-DES (Cert. #771, key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Blowfish; MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Accellion Secure File Transfer Cryptographic Module is a key component of Accellion's secure file transfer solution. This solution enables enterprises to securely transfer large files. It helps eliminate FTP servers and offload file attachments from email resulting in improved email performance and reduced email storage. Extensive tracking and reporting tools are provided to demonstrate compliance with SOX, HIPAA, FDA and GLB regulations. The Accellion solution provide the highest level of security and ease of use of any enterprise file transfer solution."
1380 WinMagic Inc.
200 Matheson Boulevard West
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Alexandr Mazuruc
TEL: 905-502-7000 ext. 225
FAX: 905-502-7001

CST Lab: NVLAP 200017-0

SecureDoc® Disk Encryption Cryptographic Engine
(Software Version: 4.7)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/26/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista; Mac OS X 10.5 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1046 and #1047); SHS (Cert. #996); HMAC (Cert. #588); RNG (Cert. #597);

-Other algorithms: N/A

Multi-chip standalone

"SecureDoc® Disk Cryptographic Engine provides cryptographic services and key management for the SecureDoc« Disk Encryption products employing PKCS-11 cryptographic token standard. SecureDoc® software delivers full disk encryption and other data protection solutions for General Purpose Computers, laptops and removable media."
1379 WinMagic Inc.
200 Matheson Boulevard West
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Alexandr Mazuruc
TEL: 905-502-7000 ext. 225
FAX: 905-502-7001

CST Lab: NVLAP 200017-0

SecureDoc® Disk Encryption Cryptographic Engine
(Software Version: 4.7)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 10/26/2010 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX620 running Microsoft Windows XP Professional Service Pack (SP) 2

-FIPS Approved algorithms: AES (Certs. #1046 and #1047); SHS (Cert. #996); HMAC (Cert. #588); RNG (Cert. #597)

-Other algorithms: N/A

Multi-chip standalone

"SecureDoc® Cryptographic Engine provides cryptographic services and key management for the SecureDoc« Disk Encryption products employing PKCS-11 cryptographic token standard. SecureDoc® software delivers full disk encryption and other data protection solutions for General Purpose Computers, laptops and removable media."
1378 IBM® Corporation
9032 S Rita Rd
Tucson, AZ 85744
USA

-David L. Swanson
TEL: 520-799-5515

-Christine Knibloe
TEL: 520-799-5719

CST Lab: NVLAP 200427-0

IBM System Storage TS1130 Tape Drive - Machine Type 3592, Model E06
(Hardware Version: 45E8855 EC Level L31095; Firmware Version: 46X1651 EC Level L31096)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/03/2010 Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #918, #919 and #1273); RNG (Cert. #711); RSA (Cert. #611); SHS (Cert. #1173)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The TS1130 / 3592 E06 Tape Drive provides full line speed, fully validated, hardware implemented, AES 256-bit encryption and compression of customer data recorded to tape. It ensures data confidentiality in the event of a lost tape while also supporting additional cryptographic functions for authentication and secure transfer of key material."
1377 GDC Technology (USA), LLC
3500 W. Olive Ave. Suite 940
Burbank, CA 91505
USA

-Arun Kishore
TEL: 877-743-2872
FAX: 877-643-2872

CST Lab: NVLAP 100432-0

DCI Board
(Hardware Versions: Z-OEM-DCI-R0, Z-OEM-DCI-R2 and Z-OEM-DCI-R3; Firmware Versions: 1.0 or 1.1, Security Manager Firmware Version 1.2.11)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 08/03/2010;
05/11/2011;
12/13/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1278 and #1286); SHS (Certs. #1176, #1178, #1179 and #1180); RNG (Certs. #713 and #716); RSA (Certs. #610 and #613); HMAC (Certs. #743 and #747)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"A digital cinema media block designed to be compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management, ASM communications and logging."
1376 Dolby Laboratories, Inc.
100 Potrero Avenue
San Francisco, CA 94103
USA

-Matthew Robinson
TEL: 415-558-0200
FAX: 415-863-1373

CST Lab: NVLAP 100432-0

CAT862 Dolby® JPEG 2000/MPEG-2 Media Block IDC
(Hardware Versions: P/N CAT862Z, Revisions FIPS_1.0, FIPS_1.1 and FIPS_1.2; Firmware Version: 4.1.4_FIPS)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #519, #520 and #1067); SHS (Certs. #592 and #1086); RSA (Cert. #233); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The CAT862 Dolby® JPEG2000/MPEG2 Media Block IDC performs all the cryptography, license management, and video decoding functions for the DSS200 Dolby Screen Server, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality and outstanding reliability. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets DCI specifications for security, data rate, storage capacity, and redundancy."
1375 VT iDirect, Inc.
13865 Sunrise Valley Drive
Herndon, VA 20171
USA

-Gregory Quiggle
TEL: 703-259-6405
FAX: 703-648-8015

CST Lab: NVLAP 200556-0

Evolution® e8350 Satellite Router [1], iNFINITI® 7350 Satellite Router [2], iNFINITI® iConnex 700 Satellite Router [3], Evolution® iConnex e800 Satellite Router [4], iNFINITI® M1D1-T Line Card [5], iNFINITI® M1D1-T Line Card w/ 10 MHz [6] and iNFINITI® M1D1-T-IND Line Card [7]
(Hardware Versions: Part #E0000051-0003 [1], Part #9130-0062-0002 [2], Part #9101-2040-0201 [3], Part #E0000403-0201 [4], Part #9101-0040-0008 [5], Part #9101-0040-0108 [6] and Part #9101-0040-0116 [7]; Software Version: iDS version 8.3.12.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/22/2010 Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #528, #1246 and #1251); Triple-DES (Cert. #893); SHS (Cert. #1146); RSA (Cert. #598); RNG (Cert. #694)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"iDirect's AES-based bidirectional link encryption, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical."
1374 AccessData Corp
384 South 400 West
Lindon, UT 84042
USA

-Jeff Looman
TEL: 801-377-5410

CST Lab: NVLAP 200427-0

AccessData Secure Network Communications FIPS 140-2 Module
(Software Version: 1.0)

(This module contains the embedded module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/26/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1307); HMAC (Cert. #759); RNG (Cert. #729); RSA (Cert. #626); SHS (Cert. #1195)

-Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment mechanism provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The AccessData Secure Network Communications FIPS 140-2 Object Module is a cryptographic module that operates as a multi-chip component library positioned between the FIPS 140-2 validated OpenSSL FIPS Object Module version 1.1.2 API and a host application. The AccessData Secure Network Communications module provides to any AccessData application that incorporates it, electronic encryption designed to prevent unauthorized access to data transferred across a physical or wireless TCP/IP network."
1373 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Amol Kabe
TEL: 415-344-4447

-Gordon Chaffee
TEL: 415-247-7353

CST Lab: NVLAP 200017-0

Steelhead 250 and Steelhead 550 Appliances
(Hardware Versions: 250 and 550; Firmware Version: 4.1.10)

(When operated in FIPS mode with tamper evident seals and security panels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792)

-Other algorithms: DSA; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-Tiger; EC Diffie-Hellman

Multi-chip standalone

"The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1372 KoolSpan, Inc.
4962 Fairmont Avenue
Bethesda, MD 20814
USA

-Bill Supernor
TEL: 240-880-4407
FAX: 240-238-7534

CST Lab: NVLAP 200416-0

KoolSpan TrustChip Developer Kit (TDK) Cryptographic Library
(Software Version: 3.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/21/2010;
04/12/2011
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Fedora 10 running on an Intel Core 2 Duo; MAC OS X 10.5 running on an Intel Core 2 Duo; Windows Mobile 6.1 running on an ARM 32-bit; Windows XP running on an Intel Core 2 Duo; Linux 2.6 (Android) running on an ARM 7 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1108); SHS (Cert. #1031); HMAC (Cert. #641)

-Other algorithms: N/A

Multi-chip standalone

"The KoolSpan TrustChip® Developer Kit (TDK) Cryptographic Library provides cross-platform cryptographic security functions for application developers to integrate cryptographic services into a library, application, or system."
1371 FalconStor Software, Inc.
2 Huntington Quadrangle
Melville, NY 11747
USA

-Yeggy Javadi
TEL: 631-773-6745
FAX: 631-777-6882

-Wai Lam
TEL: 631-962-1116
FAX: 631-501-7633

CST Lab: NVLAP 200427-0

FalconStor Cryptographic Module
(Software Version: 3.12.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/21/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Oracle Enterprise Linux 5.3

-FIPS Approved algorithms: AES (Cert. #1173); DRBG (Cert. #22); DSA (Cert. #384); HMAC (Cert. #674); RSA (Cert. #558); SHS (Cert. #1085); Triple-DES (Cert. #850)

-Other algorithms: Camellia; DES; Diffie-Hellman; MD2; MD5; RC2; RC4; SEED

Multi-chip standalone

"Cryptographic Library for Authentication and Encryption Implementations for All FalconStor Software Products"
1370 Firetide, Inc.
140 Knowles Dr.
Los Gatos, CA 95032
USA

-Murali Repakula
TEL: 408-355-7203
FAX: 408-399-7756

CST Lab: NVLAP 100432-0

HotPort 7000-Series Wireless Mesh Nodes: HotPort 7100 and HotPort 7200
(Hardware Versions: HotPort 7100 Version 1.0 and HotPort 7200 Version 1.0;
Firmware Versions: 7.3(F).0.0 or 7.9(F).0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010;
07/05/2013
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1114 and #1235); HMAC (Cert. #720); RNG (Cert. #618); RSA (Cert. #592); SHS (Cert. #1133)

-Other algorithms: AES (non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Firetide HotPort 7100 indoor and HotPort 7200 are dual radio mimo mesh nodes that provide wireless backhaul infrastructure, bandwidth needed to expand the reach of the existing networks, and other wireless capabilities for defence, municipal, industrial, and enterprise users, while adding a variety of fixed and mobile applications; city-wide video surveillance, traffic management, and intelligent transportation systems, infrastructure access for mobile city workers, and wireless broadband for underserved areas."
1369 Cavium Networks
805 E. Middlefield Road
Mountain View, CA 94043
USA

-TA Ramanujam
TEL: 650-623-7039
FAX: 650-625-9751

CST Lab: NVLAP 100432-0

NITROX XL 1600-NFBE HSM Family
(Hardware Versions: CN1620-NFBE1NIC-2.0-G [1], CN1620-NFBE2NIC-2.0-G [1], CN1620-NFBE3NIC-2.0-G [1], CN1610-NFBE1NIC-2.0-G [1], CN1620-NFBE1NIC-2.0-FW1.2-G [2], CN1620-NFBE2NIC-2.0-FW1.2-G [2], CN1620-NFBE3NIC-2.0-FW1.2-G [2], CN1610-NFBE1NIC-2.0-FW1.2-G [2], CN1620-NFBE1-2.0-G [1], CN1620-NFBE2-2.0-G [1], CN1620-NFBE3-2.0-G [1], CN1610-NFBE1-2.0-G [1], CN1620-NFBE1-2.0-FW1.2-G [2], CN1620-NFBE2-2.0-FW1.2-G [2], CN1620-NFBE3-2.0-FW1.2-G [2], CN1610-NFBE1-2.0-FW1.2-G [2], CN1620-NFBE1-3.0-FW1.1-G [1], CN1620-NFBE2-3.0-FW1.1-G [1], CN1620-NFBE3-3.0-FW1.1-G [1], CN1620-NFBE1-3.0-FW1.2-G [2], CN1620-NFBE2-3.0-FW1.2-G [2] and CN1620-NFBE3-3.0-FW1.2-G [2]; Firmware Versions: 1.1 [1] and 1.2 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010;
12/06/2010;
12/27/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1265 and #1266); DRBG (Cert. #32); ECDSA (Cert. #150); HMAC (Cert. #736); KAS (Cert. #5); RNG (Cert. #707); RSA (Cert. #607); SHS (Certs. #1165 and #1166); Triple-DES (Cert. #898)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE

Multi-chip embedded

"The NITROX XL 1600-NFBE HSM adapter family delivers the worldÆs fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets"
1368 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Peter Hayman
TEL: 919-462-1900 x273
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeNet Encryptor, Model 650
(Hardware Versions: 904-53260-007 and 943-53270-007; Firmware Versions: 3.5 and 3.5.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010;
09/07/2010
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #710, #725 and #1233); Triple-DES (Cert. #647); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
1367 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Peter Hayman
TEL: 919-462-1900 x273
FAX: 919-462-1933

CST Lab: NVLAP 200002-0

SafeNet Encryptor, Model 600
(Hardware Versions: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10014-00x, 904-10112-00x, 904-10113-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-25005-00x, 904-30013-00x, 904-511i0-00x and 943-511i0-00x; Firmware Version: 3.5)

(When operated in FIPS mode)
(Note: Refer to the cryptographic module’s security policy for the details on the letter i and x designations)


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010;
08/12/2010
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #647); AES (Certs. #713, #725 and #1232); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks."
1366 Lexmark International, Inc.
740 West New Circle Rd.
Lexington, KY 40550
USA

-Graydon Dodson
TEL: 859-232-6483

CST Lab: NVLAP 200416-0

Lexmark PrintCryption
(Firmware Versions: 1.3.2a and 1.3.2i)

(Requires Option P/N 30G0829 to enable the PrintCryption firmware.)

Validated to FIPS 140-2

Security Policy

Certificate

Firmware 07/21/2010;
08/12/2010
Overall Level: 1 

-Tested: Lexmark X463de Printer with ARM9 processor on Lexmark Linux v2.6; Lexmark X651de Printer with IBM750CL processor on Lexmark Linux v2.6

-FIPS Approved algorithms: AES (Certs. #1208 and #1209); SHS (Certs. #1111 and #1112); RNG (Certs. #669 and #670); RSA (Certs. #578, #579 and FIPS 186-3, vendor affirmed); HMAC (Certs. #703 and #704)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Lexmark PrintCryption is an option for the Lexmark printers that enables the transfer and printing of encrypted print jobs. With the PrintCryption module installed, the printer is capable of decrypting print jobs encrypted with the AES (FIPS 197) algorithm. The Lexmark PrintCryption analyzes the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the confidential document to be printed."
1365 ProStor Systems, Inc.
5555 Central Avenue
Suite 100
Boulder, CO 80301
USA

-Chris Alaimo
TEL: 303-545-2535 x228
FAX: 303-545-2665

CST Lab: NVLAP 200697-0

InfiniVault Server
(Hardware Version: Model 30; Firmware Version: 2.4.0)

(When operated in FIPS mode with the embedded module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/21/2010 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #1214); RNG (Cert. #470)

-Other algorithms: Blowfish; Triple-DES (non-compliant); SHA-1 (non-compliant); MD5

Multi-chip standalone

"InfiniVault Server is part of a hardware Network Attached Storage device running on a Windows Storage Server 2003 R2 x64 SP2 OS."
1364 Marvell Semiconductor, Inc.
5488 Marvell Lane
Santa Clara, CA 95054
USA

-Lei Poo
TEL: 408-222-5194
FAX: 408-988-0135

CST Lab: NVLAP 200648-0

Solaris 2
(Hardware Versions: 88i8925, 88i8922, 88i8945 and 88i8946; Firmware Version: Solaris2-FIPS-FW-V1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/21/2010 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1153 and #723); SHS (Cert. #1067); HMAC (Cert. #656); RSA (Cert. #545); RNG (Cert. #638)

-Other algorithms: AES (Cert. #1153, key wrapping; key establishment methodology provides 128 bits of encryption strength);

Single-chip

"Solaris 2 is a highly integrated and custom System-on-Chip (SOC) product, customized for high performance hard disk drives. It employs the latest read/write channel technology with advanced detection and correction capabilities suitable for high density drives. Its unique all-in-one security design features enable an efficient and secure implementation of the full drive encryption (FDE) functions that support Trusted Computing Group (TCG) based access control, authentication and FDE key management. FIPS-Approved algorithms supported include AES, SHA, HMAC, RSA and RNG."
1363 Ipswitch, Inc.
10 Maguire Road
Suite 220
Lexington, MA 02421
USA

-Mark Riordan
TEL: 608-824-3632

CST Lab: NVLAP 200427-0

MOVEit Crypto
(Software Version: 1.2.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/12/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5 (x86); Red Hat Enterprise Linux 5 (x64); Windows Server 2008 (x86); Windows Server 2008 (x64) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1226); HMAC (Cert. #716); RNG(Cert. #680); SHS (Cert. #1126)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"MOVEit Crypto is a compact and fast dynamically-linked library for Windows and Linux. It provides AES encryption, SHA-1 and SHA-2 hashing, and pseudo-random number generation. Both 32-bit and 64-bit versions are available for each operating system. MOVEit Crypto is a member of the MOVEit security and file transfer product family."
1362 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

ASTRO PDEG Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Version: R02.03.01 or R02.03.02)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010;
05/12/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #819, #1295 and #1297); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); AES (AES Cert. #819, key wrapping; key establishment methodology provides 256 bits of encryption strength); LFSR

Single-chip

"The ASTRO PDEG MACE provides secure key management and data encryption for the Astro System."
1361 Cavium Networks
805E Middlefield Road
Mountain View, CA 94043
USA

-Michael Scruggs
TEL: 650-623-7005
FAX: 650-625-9751

CST Lab: NVLAP 200427-0

NITROX XL CN15xx-NFBE FIPS Cryptographic Modules
(Hardware Versions: CN1520-VBD-04-0200, CN1510-VBD-04-0200, CN1505-VBD-04-0200, CN1520-VBD-04-0201, CN1510-VBD-04-0201 and CN1505-VBD-04-0201; Firmware Versions: CN1520: 4.7.1(CN1520); CN1510: 4.7.1(CN1510) and CN1505: 4.7.1(CN1505))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #803 and #1135); DSA (Cert. #370); HMAC (Cert. #645); RNG (Cert. #630); RSA (Cert. #539); SHS (Cert. #1056); Triple-DES (Certs. #685 and #827); Triple-DES MAC (Triple-DES Cert. #685, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; RSA X-509; ARIA; MD2; MD5; HAS-160; AES-MAC (AES Cert. #803; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Generic-Secret; SSL PRE-MASTER; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Cavium Nitrox XL NFBE FIPS Cryptographic Modules are a cryptographic component of the Nitrox XL NFBE cryptographic acceleration boards that provide cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
1360 Cavium Networks
805E Middlefield Road
Mountain View, CA 94043
USA

-Michael Scruggs
TEL: 650-623-7005
FAX: 650-625-9751

CST Lab: NVLAP 200427-0

NITROX XL CN15xx-NFBE FIPS Cryptographic Module
(Hardware Versions: CN1520-VBD-04-0200, CN1510-VBD-04-0200, CN1505-VBD-04-0200, CN1520-VBD-04-0201, CN1510-VBD-04-0201 and CN1505-VBD-04-0201; Firmware Versions: CN1520: 4.7.1(CN1520); CN1510: 4.7.1(CN1510) and CN1505: 4.7.1(CN1505))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #803 and #1135); DSA (Cert. #370); HMAC (Cert. #645); RNG (Cert. #630); RSA (Cert. #539); SHS (Cert. #1056); Triple-DES (Certs. #685 and #827); Triple-DES MAC (Triple-DES Cert. #685, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; RSA X-509; ARIA; MD2; MD5; HAS-160; AES-MAC (AES Cert. #803; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Generic-Secret; SSL PRE-MASTER; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Cavium Nitrox XL NFBE FIPS Cryptographic Modules are a cryptographic component of the Nitrox XL NFBE cryptographic acceleration boards that provide cryptographic key protection and acceleration for both asymmetric and symmetric encryption operations. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering and zeroization of plaintext cryptographic material in the event the enclosure is opened."
1359 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto CDC Module for MEAP
(Software Version: 1.1)

(When operated in FIPS140_MODE or FIPS140_SSL_MODE)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/12/2010;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP3 with Java ME SDK 3.0 Runtime Environment (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1244); DSA (Cert. #410); DRBG (Cert. #28); ECDSA (Cert. #146); HMAC (Cert. #727); RNG (Cert. #691); RSA (Cert. #597); SHS (Cert. #1143); Triple-DES (Cert. #891)

-Other algorithms: DES; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC MD-5; MD4; MD5; PBE; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP

Multi-chip standalone

"RSA BSAFE TLS-J ME security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements"
1358 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto CDC Module
(Software Version: 1.1)

(When operated in FIPS140_MODE or FIPS140_SSL_MODE)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/12/2010;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP3 with Java ME SDK 3.0 Runtime Environment (single user mode)

-FIPS Approved algorithms: AES (Cert. #1244); DSA (Cert. #410); DRBG (Cert. #28); ECDSA (Cert. #146); HMAC (Cert. #727); RNG (Cert. #691); RSA (Cert. #597); SHS (Cert. #1143); Triple-DES (Cert. #891)

-Other algorithms: DES; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC MD-5; MD4; MD5; PBE; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP

Multi-chip standalone

"RSA BSAFE TLS-J ME security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements"
1357 Unisys Corporation
2470 Highcrest Road
Roseville, MN 55113
USA

-James Heit
TEL: 651-635-7739

-Mary Ann Bucher
TEL: 651-635-7551

CST Lab: NVLAP 200427-0

Unisys OS 2200 Cryptographic Library
(Software Version: 1R1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 07/12/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Unisys OS 2200 Operating System (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1293); DSA (Cert. #418); HMAC (Cert. #753); RNG (Cert. #721); RSA (Cert. #619); SHS (Cert. #1187); Triple-DES (Cert. #910)

-Other algorithms: DES; Diffie-Hellman; HMAC MD5; MD2; MD5; RC4

Multi-chip standalone

"The Unisys OS 2200 Cryptographic Library provides Unisys OS 2200 programs with access to FIPS-approved cryptographic services."
1356 Texas Instruments
6550 Chase Oaks Blvd
Plano, TX 75023
USA

-Jack Gregory
TEL: 214-567-6526
FAX: 214-567-0070

CST Lab: NVLAP 200802-0

DLP Cinema®, Series 2 Enigma Link Decryptor
(Hardware Version: 2509488 (Rev. G or Rev. H or Rev. I); Software Versions: 1.4(19) or 1.5(21) or 1.6(22) or 1.7(23) or 1.8(24); Firmware Version: 2.12(12))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010;
08/12/2010;
01/13/2011;
12/07/2011;
11/30/2012;
04/11/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #999, #1000, #1001, #1002 and #1014); HMAC (Cert. #568); SHS (Cert. #971); RSA (Cert. #487); RNG (Cert. #581)

-Other algorithms: EC Diffie-Hellman; TI S-box; NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Texas Instruments Enigma Cryptographic Module is a multi-chip embedded cryptographic module designed to protect digital movie content in accordance with Digital Cinema Initiatives V1.2. The Enigma is a Link Decryptor module designed to reside within a host cinema projector."
1355 Schneider Electric
1 High St.
North Andover, MA 01845
USA

-Richard Dubois
TEL: 978-975-9587
FAX: 978-975-9782

-Elvira Chang
TEL: 978-975-9651
FAX: 978-975-9698

CST Lab: NVLAP 200697-0

Continuum Network Security Module
(Firmware Versions: ACX Series v1.100021 and NetController II v2.100021)

(When operated only on the specific platforms specified)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 07/12/2010 Overall Level: 2 

-Tested: [ACX Series Rev 2a (with ACX Series v1.100021 firmware) and NetController II Rev B (with NetController II v 2.100021 firmware)] with Multi-Threaded Real Time OS (ThreadX version G3.0e.3.0b)

-FIPS Approved algorithms: Triple-DES (Cert. #752); SHS (Cert. #924); RNG (Cert. #537); HMAC (Cert. #528)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RNG (non-compliant)

Multi-chip standalone

"The Continuum Network Security module is part of the NetController II or ACX Series of controllers to provide the most secure method of communications amongst peer controllers and Cyberstation Workstations on the Ethernet/IP network by providing FIPS 140-2 certified encryption algorithms that are used by the IPSec/IKE protocol built into these controllers to automate building operations for HVAC, Lighting, and Physical Access Control."
1354 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI 3000 and Luna® PCI 7000 Cryptographic Modules, V3.0
(Hardware Version: VBD-03-0100; Firmware Versions: 4.7.1(3000) and 4.7.1(7000))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #510 and #1135); DSA (Cert. #370); ECDSA (Cert. #135); HMAC (Cert. #645); RNG (Cert. #630); RSA (Cert. #539); SHS (Cert. #1056); Triple-DES (Certs. #520 and #827); Triple-DES MAC (Triple-DES Cert. #520, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; RSA X-509; ARIA; MD2; MD5; HAS-160; AES-MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Generic-Secret; SSL PRE-MASTER; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman

Multi-chip embedded

"Luna® PCI is a family of high-security cryptographic PCI accelerator cards (the same cards that power the acclaimed Luna½ SA Network HSM). Luna PCI offers dedicated hardware-based key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware-secured key generation, storage, secure key backup, and accelerated encryption"
1353 AirMagnet, Inc.
830 E. Arques Ave.
Sunnyvale, CA 94085
USA

-Tony Ho
TEL: 408-400-1255
FAX: 408-744-1250

CST Lab: NVLAP 200648-0

SmartEdge Sensor A5200, A5205, A5220 and A5225
(Hardware Versions: A5200, A5205, A5220 and A5225; Firmware Version: 8.5.0-12097)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 07/12/2010 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #331); Triple-DES (Cert. #395); SHS (Cert. #406); RSA (Cert. #111); RNG (Cert. #152); HMAC (Cert. #135)

-Other algorithms: RC4; RC2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); DES; Triple-DES (non-compliant); AES (non-compliant); IDEA; Blowfish; Twofish

Multi-chip standalone

"The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
1352 Telephonics Corp.
815 Broad Hollow Road
Farmingdale, NY 11735
USA

-Barry Wernick
TEL: 631-755-7321
FAX: 631-549-6588

CST Lab: NVLAP 100432-0

TruLink Control Logic Module CL6792-M1
(Hardware Version: P/N 010.6792-01 Rev. H1; Firmware Versions: Boot: SW7098 v2.5 and Application: SW7099 v8.12)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #871); HMAC (Cert. #487); SHS (Cert. #865)

-Other algorithms: N/A

Multi-chip embedded

"TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio."
1351 Telephonics Corp.
815 Broad Hollow Road
Farmingdale, NY 11735
USA

-Barry Wernick
TEL: 631-755-7321
FAX: 631-549-6588

CST Lab: NVLAP 100432-0

TruLink Control Logic Module CL6882-M1
(Hardware Version: P/N 010.6882-01 Rev. B1; Firmware Versions Boot: SW7158 v2.4 and Application: SW7151 v1.12)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #872); HMAC (Cert. #488); SHS (Cert. #866)

-Other algorithms: N/A

Multi-chip embedded

"TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio."
1350 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI-e 3000, Luna® PCI-e 3000 Short-Form Factor (SFF), Luna® PCI-e 7000 and Luna® PCI-e 7000 SFF Cryptographic Modules, V3.0
(Hardware Versions: 3000 and 7000: VBD-04-0100; 3000 SFF and 7000 SFF: VBD-04-0102 and VBD-04-0103; Firmware Versions: 3000 and 3000 SFF: 4.7.1(3000); 7000 and 7000 SFF: 4.7.1(7000))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010;
07/27/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #510 and #1135); DSA (Cert. #370); ECDSA (Cert. #135); HMAC (Cert. #645); RNG (Cert. #630); RSA (Cert. #539); SHS (Cert. #1056); Triple-DES (Certs. #520 and #827); Triple-DES MAC (Triple-DES Cert. #520, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; RSA X-509; ARIA; MD2; MD5; HAS-160; AES-MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Generic-Secret; SSL PRE-MASTER; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman

Multi-chip embedded

"For maximum security, Luna PCI-E offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high security design ensures the integrity and protection of encryption keys throughout their life cycle. Luna PCI-E provides hardware secure key generation, storage, secure key backup and accelerated encryption in a range of models and configurations, offering a wide selection of security, performance and operational capabilities. The PCI Express bus on Luna PCI-E easily plugs into the host computer and provides reliable protection for data, applications, and dig"
1349 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI-e 3000, Luna® PCI-e 3000 Short-Form Factor (SFF), Luna® PCI-e 7000 and Luna® PCI-e 7000 SFF Cryptographic Modules, V3.0
(Hardware Versions: 3000 and 7000: VBD-04-0100; 3000 SFF and 7000 SFF: VBD-04-0102 and VBD-04-0103; Firmware Versions: 3000 and 3000 SFF: 4.7.1(3000); 7000 and 7000 SFF: 4.7.1(7000))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010;
07/27/2011
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #510 and #1135); DSA (Cert. #370); ECDSA (Cert. #135); HMAC (Cert. #645); RNG (Cert. #630); RSA (Cert. #539); SHS (Cert. #1056); Triple-DES (Certs. #520 and #827); Triple-DES MAC (Triple-DES Cert. #520, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; RSA X-509; ARIA; MD2; MD5; HAS-160; AES-MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Generic-Secret; SSL PRE-MASTER; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman

Multi-chip embedded

"For maximum security, Luna PCI-E offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high security design ensures the integrity and protection of encryption keys throughout their life cycle. Luna PCI-E provides hardware secure key generation, storage, secure key backup and accelerated encryption in a range of models and configurations, offering a wide selection of security, performance and operational capabilities. The PCI Express bus on Luna PCI-E easily plugs into the host computer and provides reliable protection for data, applications, and dig"
1348 Motorola, Inc.
6480 Via Del Oro
San Jose, CA, CA 95119
USA

-Colin R. Cooper
TEL: 408-528-2871
FAX: 408-528-2903

CST Lab: NVLAP 200648-0

Wireless Access Point AP-7131N-44040-FGR, AP-7131N-44040-FWW, AP-7131N-44040-FIL, AP-7131N-66040-FGR, AP-7131N-66040-FWW and AP-7131N-66040-FIL
(Hardware Versions: AP-7131N-44040-FGR [1], AP-7131N-44040-FWW [1], AP-7131N-44040-FIL [1], AP-7131N-66040-FGR [2], AP-7131N-66040-FWW [2] and AP-7131N-66040-FIL [2]; Firmware Versions: AP7131N v4.0.0.0-035GR [1], AP7131N v4.0.1.0-003GR[1], AP7131N v4.0.0.0-035GRN [2] or AP7131N v4.0.1.0-003GRN[2])

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/22/2010;
09/15/2010;
07/19/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #831 and #832); AES (Certs. #1147, #1148, #1149 and #1150); SHS (Certs. #1063 and #1064); HMAC (Certs. #652 and #653); RSA (Cert. #543); RNG (Certs. #635 and #636)

-Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); AES (non-compliant); SHS (non-compliant)

Multi-chip standalone

"The AP-7131 802.11 Wireless Access Point delivers the throughput, coverage and resiliency required to build an all-wireless enterprise. The dual-radio design provides simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and non-data applications such as Motorola''s Wireless IPS"
1347 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Terry Fletcher
TEL: 613-221-5009
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI 3000 and Luna® PCI 7000 Cryptographic Modules, V3.0
(Hardware Version: VBD-03-0100; Firmware Versions: 3000: 4.7.1(3000); 7000: 4.7.1(7000))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/22/2010 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #510 and #1135); DSA (Cert. #370); ECDSA (Cert. #135); HMAC (Cert. #645); RNG (Cert. #630); RSA (Cert. #539); SHS (Cert. #1056); Triple-DES (Certs. #520 and #827); Triple-DES MAC (Triple-DES Cert. #520, vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; RSA X-509; ARIA; MD2; MD5; HAS-160; AES-MAC (AES Cert. #510; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Generic-Secret; SSL PRE-MASTER; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman

Multi-chip embedded

"Luna® PCI is a family of high-security cryptographic PCI accelerator cards (the same cards that power the acclaimed Luna+ SA Network HSM). Luna PCI offers dedicated hardware-based key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware-secured key generation, storage, secure key backup, and accelerated encryption"
1346 Tripwire, Inc.
101 SW Main St.
Suite 1500
Portland, OR 97204
USA

-Will Claridge / Sr. Dir. Engineering
TEL: 503-276-7594
FAX: 503-276-7643

CST Lab: NVLAP 200802-0

Tripwire Cryptographic Module
(Software Versions: 1.1 and 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 06/22/2010;
07/02/2010
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Sun Java 1.5 on Windows 2003 Server (32-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1159); RSA (Cert. #548); RNG (Cert. #641); HMAC (Cert. #660); SHS (Cert. #1072); DSA (Cert. #376)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5;

Multi-chip standalone

"The Tripwire Cryptographic Module supports many FIPS approved cryptographic operations, providing other Tripwire products and Java-based applications access to these algorithms."
1345 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-8000 S
(Hardware Version: P/N M-8000 S, Version 1.40; Firmware Version: 5.1.15.12)

(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/01/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505)

-Other algorithms: N/A

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network SecurityManagement system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1344 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-8000 P
(Hardware Version: P/N M-8000 P, Version 1.40; Firmware Version: 5.1.15.12)

(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/22/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network SecurityManagement system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1343 AudioCodes
1 Hayarden St.
Airport City, Lod 70151
Israel

-Yair Elharrar
TEL: +972-3-976-4055
FAX: +972-3-976-4223

CST Lab: NVLAP 200002-0

Media Pack Family MP-112 [1] and MP-124 [2]
(Hardware Versions: GGWV00281 [1] and GGWU00022 [2]; Firmware Version: 5.60A.025.001)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/15/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #912, #741 and #740); Triple-DES (Certs. #737 and #657); RSA (Certs. #443 and #346); HMAC (Certs. #508, #403 and #402); SHS (Certs. #899, #755 and #754); RNG (Cert. #430)

-Other algorithms: HMAC-MD5; DES; RC4; MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Voice-over-IP media gateway"
1342 AudioCodes
1 Hayarden St.
Airport City, Lod 70151
Israel

-Yair Elharrar
TEL: +972-3-976-4055
FAX: +972-3-976-4223

CST Lab: NVLAP 200002-0

Trunk Pack Module TPM-6300 D6 [1] and TPM-6300 D21 [2]
(Hardware Versions: FASB00646 [1] and FASB00645 [2]; Firmware Version: 5.60AV.004.002)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/15/2010 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #911, #741 and #740); Triple-DES (Certs. #736 and #657); RSA (Certs. #443 and #346); HMAC (Certs. #403 and #402); RNG (Cert. #430); SHS (Certs. #755 and #754)

-Other algorithms: HMAC-MD5; DES; RC4; MD5; Diffie Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Voice-over-IP media gateway"
1341 Chunghwa Telecom Co., Ltd.
12, Lane 551, Min-Tsu Road SEC.5,
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886-3-424-4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200017-0

HICOS PKI Smart Card Chip
(Hardware Versions: HD65257C1 and HD65255C1; Software Version: PKI Applet: 2.1; Firmware Versions: HardMask: 2.1 and SoftMask: 3.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/09/2010 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1220); RSA (Cert. #589); SHS (Cert. #1123); HMAC (Cert. #713); Triple-DES (Cert. #880); Triple-DES MAC (Cert. #880, vendor affirmed); RNG (Cert. #677)

-Other algorithms: MD5; HMAC-MD5; RIPEMD-160; HMAC-RIPEMD-160

Single-chip

"The HICOS PKI Smart Card Chip module is a single chip implementation of a cryptographic module. The HICOS PKI Smart Card Chip module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HICOS PKI Smart Card Chip cryptographic module contains an implementation of the Open Platform (OP) Version 2.1.1 specification defining a secure infrastructure for post-issuance programmable smart card chips."
1340 AEP Networks
Focus 31, West Wing
Cleveland Road
Hemel Hempstead, Hertfordshire HP2 7BW
United Kingdom

-David Miller
TEL: +44-1442458600
FAX: +44-1442458601

CST Lab: NVLAP 200017-0

Advanced Configurable Cryptographic Environment (ACCE) 2
(Hardware Version: 2730-G2; Firmware Version: V2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/09/2010 Overall Level: 4 

-FIPS Approved algorithms: Triple-DES (Certs. #210 and #896); AES (Certs. #96 and #1257); DSA (Cert. #411); SHS (Cert. #1152); RNG (Cert. #699); RSA (Cert. #603); Triple-DES MAC (Cert. #896, vendor affirmed)

-Other algorithms: MD5; DES; Diffie-Hellman (non-compliant)

Multi-chip embedded

"Advanced Configurable Cryptographic Environment (ACCE) 2 crypto module offers the next generation security platform for managing cryptographic keys and protecting sensitive applications. The (ACCE) 2 crypto module is a hardware security module (HSM) designed for managing mission critical applications that demand maximum security. It is ideally suited for companies that need secure key management for certification authorities, registration authorities, OCSP responders, smart card issuers, web servers and other applications."
1339 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Nils Dussart
TEL: 1-800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows Server 2008 R2 BitLocker™ Drive Encryption
(Software Versions: 6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675)

(When operated in FIPS mode with Windows Server 2008 R2 Boot Manager (bootmgr) (Cert. #1321), Windows Server 2008 R2 Winload OS Loader (winload.exe) (Cert. #1333), Windows Server 2008 R2 Code Integrity (ci.dll) (Cert. #1334), Microsoft Windows Server 2008 R2 Kernel Mode Cryptographic Primitives Library (cng.sys) (Cert. #1335) and Microsoft Windows Server 2008 R2 Cryptographic Primitives Library (bcryptprimitives.dll) (Cert. #1336) all validated under FIPS 140-2 and all operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/15/2010;
03/28/2011;
06/01/2011;
10/04/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (x64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

-Other algorithms: Elephant Diffuser

Multi-chip standalone

"Windows BitLocker Drive Encryption is a data protection feature available in Windows Server 2008 R2. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
1338 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows Server 2008 R2 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Version: 6.1.7600.16385)

(When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1334 operating in FIPS mode and Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1335 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
06/01/2011;
06/21/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Microsoft Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #390); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4

Multi-chip standalone

"DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1337 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH)
(Software Version: 6.1.7600.16385)

(When operated in FIPS mode with Windows Server 2008 R2 Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1334 operating in FIPS mode and Microsoft Windows Server 2008 R2 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1335 operating in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/19/2010;
06/01/2011;
06/21/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Microsoft Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #687); SHS (Cert. #1081); RSA (Certs. #559 and #568); Triple-DES (Cert. #846)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1336 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows Server 2008 R2 Cryptographic Primitives Library (bcryptprimitives.dll)
(Software Version: 6.1.7600.16385 or 6.1.7601.17514)

(When operated in FIPS mode with Windows Server 2008 R2 Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1334 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
06/01/2011;
06/21/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Microsoft Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1168 and #1187); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); DSA (Cert. #391); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4

Multi-chip standalone

"BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows components and applications running on Windows. The cryptographic module, bcryptprimitives.dll, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1335 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows Server 2008 R2 Kernel Mode Cryptographic Primitives Library (cng.sys)
(Software Versions: 6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076)

(When operated in FIPS mode with Windows Server 2008 R2 Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1333 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
06/01/2011;
06/21/2011;
02/09/2012;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Microsoft Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1168 and #1187); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #27); ECDSA (Cert. #142); HMAC (Cert. #686); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4

Multi-chip standalone

"CNG.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Server 2008 R2 kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
1334 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows Server 2008 R2 Code Integrity (ci.dll)
(Software Version: 6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108)

(When operated in FIPS mode with Windows Server 2008 R2 Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1333 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/15/2010;
06/01/2011;
06/21/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Microsoft Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #568); SHS (Cert. #1081)

-Other algorithms: MD5

Multi-chip standalone

"This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
1333 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows Server 2008 R2 Winload OS Loader (winload.exe)
(Software Versions: 6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675)

(When operated in FIPS mode with Windows Server 2008 R2 Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #1321 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/15/2010;
06/01/2011;
06/21/2011;
10/17/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1168 and #1177); RSA (Cert. #568); SHS (Cert. #1081)

-Other algorithms: MD5

Multi-chip standalone

"This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
1332 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Nils Dussart
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows 7 BitLocker™ Drive Encryption
(Software Versions: 6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675)

(When operated in FIPS mode with Windows 7 Boot Manager (bootmgr) (Cert. #1319), Windows 7 Winload OS Loader (winload.exe) (Cert. #1326), Windows 7 Code Integrity (ci.dll) (Cert. #1327), Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) (Cert. #1328) and Microsoft Windows 7 Cryptographic Primitives Library (bcryptprimitives.dll) (Cert. #1329) all validated under FIPS 140-2 and all operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 11/15/2010;
03/28/2011;
06/01/2011;
10/04/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 7 Ultimate Edition (x86 Version); Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); SHS (Cert. #1081)

-Other algorithms: Elephant Diffuser

Multi-chip standalone

"Windows BitLocker Drive Encryption is a data protection feature available in Windows 7 Enterprise and Windows 7 Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
1331 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows 7 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)
(Software Version: 6.1.7600.16385)

(When operated in FIPS mode with Windows 7 Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1327 operating in FIPS mode and Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1328 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
06/01/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #385); RNG (Cert. #649); SHS (Cert. #1081); Triple-DES (Cert. #846); Triple-DES MAC (Triple-DES Cert. #846, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4

Multi-chip standalone

"DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1330 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows 7 Enhanced Cryptographic Provider (RSAENH)
(Software Version: 6.1.7600.16385)

(When operated in FIPS mode with Windows 7 Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1327 operating in FIPS mode and Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1328 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/18/2010;
06/01/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1168); DRBG (Cert. #23); HMAC (Cert. #673); SHS (Cert. #1081); RSA (Certs. #557 and #559); Triple-DES (Cert. #846)

-Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 256-bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1329 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 7 Cryptographic Primitives Library (bcryptprimitives.dll)
(Software Version: 6.1.7600.16385 or 6.1.7601.17514)

(When operated in FIPS mode with Windows 7 Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1327 operating in FIPSmode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
06/01/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4

Multi-chip standalone

"The cryptographic module, bcryptprimitives.dll, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1328 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys)
(Software Versions: 6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076)

(When operated in FIPS mode with Windows 7 Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1326 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 08/12/2010;
06/01/2011;
02/09/2012;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)

-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4

Multi-chip standalone

"CNG.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows 7 kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
1327 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows 7 Code Integrity (ci.dll)
(Software Version: 6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108)

(When operated in FIPS mode with Windows 7 Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1326 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/15/2010;
06/01/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #557); SHS (Cert. #1081)

-Other algorithms: MD5

Multi-chip standalone

"This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
1326 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows 7 Winload OS Loader (winload.exe)
(Software Versions: 6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675)

(When operated in FIPS mode with Windows 7 Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #1319 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/15/2010;
06/01/2011;
10/17/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1168 and 1177); RSA (Cert. #557); SHS (Cert. #1081)

-Other algorithms: MD5

Multi-chip standalone

"This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
1325 PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025
USA

-Vinnie Moscaritolo
TEL: 650-319-9000
FAX: 650-319-9001

CST Lab: NVLAP 200802-0

PGP Cryptographic Engine
(Software Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/22/2010 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 (Kernel Mode); Mac OS X 10.5 (i386) (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #848 and #895); AES (Certs. #1170 and #1253); SHS (Certs. #1082 and #1149); HMAC (Certs. #670 and #732)

-Other algorithms: AES (EME2 mode; non-compliant)

Multi-chip standalone

"The PGP Cryptographic Engine includes a wide range of field-tested and standards-based encryption, and encoding algorithms used by PGP Whole Disk Encryption."
1324 Comtech Mobile Datacom Corporation
20430 Century Boulevard
Germantown, MD 20874
USA

-Sebastian Morana
TEL: 240-686-3353
FAX: 240-686-3301

-John Fossaceca
TEL: 240-686-2146

CST Lab: NVLAP 200427-0

Transceiver Cryptographic Module (TCM)
(Hardware Version: C80101 Rev. 2; Firmware Version: 0.1.L)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 07/12/2010 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #1201); HMAC (Cert. #698); SHS (Cert. #1106); Triple-DES (Cert. #869)

-Other algorithms: DES; Towitko MAC

Multi-chip embedded

"The Transceiver Cryptographic Module is a compact hardware module with a firmware component for implementation of cryptographic algorithms. The Crypto Module, in connetion with Comtech's ASDR Transceiver, enables secure over-the-air communications. The module provides a serial interface for communication over a pair of SPI ports."
1323

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/20/2010;
09/07/2010;
10/26/2010
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip embedded

1322 Thales e-Security
Meadow View House, Crendon Industrial Estate
Long Crendon, AYLESBURY HP18 9EQ
United Kingdom

-James Torjussen
TEL: +44 0 1844-204167
FAX: +44 0 1844-208550

CST Lab: NVLAP 100432-0

TSPP
(Hardware Versions: P/Ns TSPP-A and TSPP-B Version 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4 or 1.0.5; Firmware Version: 1.10.2)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/22/2010;
03/28/2011;
04/12/2011;
11/08/2011;
01/11/2012;
07/09/2012;
03/28/2013
Overall Level: 3 

-FIPS Approved algorithms: DSA (Cert. #375); SHS (Cert. #1071)

-Other algorithms: N/A

Multi-chip embedded

"Thales' TSPP is the multi-chip embedded cryptographic module in its payShield 9000 family of hardware security modules used in the Banking and Finance sector for securing card-based payment transactions. The product family is also used to provide dedicated functionality for key management and message security using algorithms such as Triple-DES, RSA, SHA, HMAC, and AES. TSPP contains a secure bootstrap that authenticates application loading using DSA 2048, so that only application software written by and "signed" by Thales can be loaded and run on TSPP-based products."
1321 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows Server 2008 R2 Boot Manager (bootmgr)
(Software Version: 6.1.7600.16385 or 6.1.7601.17514)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/22/2010;
06/01/2011;
06/21/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version); Microsoft Windows Server 2008 R2 (IA64 version); Microsoft Windows Server 2008 R2 SP1 (x64 version); Microsoft Windows Server 2008 R2 SP1 (IA64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #568); SHS (Cert. #1081)

-Other algorithms: MD5

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
1320 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 5 OpenSSL Cryptographic Module
(Software Version: 1.1)

(When operated in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/09/2010;
06/14/2012;
09/06/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.4 and Red Hat Enterprise Linux 5.8 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #839, #840 and #841); AES (Certs. #1160, #1161 and #1162); DSA (Certs. #378, #379 and #380); SHS (Certs. #1073, #1074 and #1075); RNG (Certs. #642, #643 and #644); RSA (Certs. #549, #550 and #551); HMAC (Certs #661, #662 and #663)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library version 0.9.8 delivered with RHEL 5.4 or RHEL 5.8."
1319 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Windows 7 Boot Manager (bootmgr)
(Software Version: 6.1.7600.16385 or 6.1.7601.17514)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/09/2010;
06/01/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition (x86 Version); Microsoft Windows 7 Ultimate Edition (x64 version); Microsoft Windows 7 Ultimate Edition SP1 (x86 version); Microsoft Windows 7 Ultimate Edition SP1 (x64 version) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)

-Other algorithms: MD5

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
1318 Redline Communications
302 Town Centre Blvd.
Markham, Ontario L3R 0E8
Canada

-Leigh Chang
TEL: 905-479-8344 x2507
FAX: 905-479-5331

CST Lab: NVLAP 200017-0

AN-80i Broadband Wireless Infrastructure Radio
(Hardware Version: AN-80i; Firmware Versions: 4.00.075 and 13.00.135)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/01/2010;
06/14/2010
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #777); AES (Certs. #997 and #944); SHS (Cert. #962); HMAC (Cert. #562); DRBG (Cert. #9); RSA (Cert. #480); DSA (Cert. #343)

-Other algorithms: Redline 64 bit Proprietary Encryption; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The AN-80i system is a broadband wireless infrastructure product designed to provide long range Ethernet connectivity between points of presence spread across a metro or regional area network. It operates in Point-to-Point (PTP) and Point to Multipoint (PMP) configuration in the same hardware platform. Operating in both licensed and unlicensed frequency bands, the AN-80i is a rugged all outdoor system that enables organizations such as government and public safety agencies, schools, large mission critical enterprises including banks, hospitals, utilities, as well as service providers to sol"
1317 Harris Corporation (RF Communications Division)
1680 University Avenue
Rochester, NY 14610
USA

-Elias Theodorou
TEL: 585-720-8790
FAX: 585-241-8459

CST Lab: NVLAP 200017-0

RF-7800W Broadband Ethernet Radio
(Hardware Version: RF-7800W; Firmware Versions: 4.00.72, 4.10.039, 13.00.127 and 13.01.129)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 06/01/2010;
06/14/2010;
03/14/2012
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #776); AES (Certs. #996 and #930); SHS (Cert. #961); HMAC (Cert. #561); DRBG (Cert. #8); RSA (Cert. #479); DSA (Cert. #342)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The RF-7800W-OU440 Broadband Ethernet Radio (BER) is designed for High Capacity Line of Sight (HCLOS) networks with broadband Ethernet requirements. The radio can be mounted on a mast for quick deployment or on a tower system designed for long haul back bone systems. The BER operates in the 4.4 to 5.0 GHz frequency band. The BER is an ideal wireless networking solution for public safety, first responders, training, and simulation networks, and long haul/short haul battlefield communications. The RF-7800W operates in Point-to-Point (PTP) and Point to Multipoint (PMP) in the same platform."
1316 Kingston Technology, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

-John Terpening
TEL: 714-427-3743
FAX: 714-435-2628

CST Lab: NVLAP 100432-0

DataTraveler 5000
(Hardware Version: P/N 880074001F, Version 02.00.01; Firmware Version: 03.00.04)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/19/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1016 and #1104); SHS (Certs. #973, #974 and #1027); ECDSA (Cert. #129); DRBG (Cert. #14); RNG (Cert. #582)

-Other algorithms: EC Diffie-Hellman[1] (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength); EC Diffie-Hellman[2] (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength)

Multi-chip standalone

"Kingston's ultra-secure DataTraveler 5000 USB Flash drive protects sensitive data with FIPS 140-2 Level 2 certification and 256-bit AES hardware-based encryption. Secured by SPYRUS, DT5000 uses elliptic curve cryptography encryption algorithms (ECC) that meet the Suite B standards approved by the U.S. government. The drive features complex password protection and locks down after 10 intrusion attempts. DT5000 is waterproof (up to 4 feet) and features a rugged, titanium-coated steel casing."
1315 Cimcor, Inc.
8252 Virginia Street
Suite C
Merrillville, IN 46410
USA

-Robert Johnson
TEL: 219-736-4400
FAX: 219-736-4401

CST Lab: NVLAP 100432-0

Cimcor Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 06/10/2010 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2003 SP2 running on a Dell Optiplex GX620; Solaris 10TM Release 11/06 running on a Dell Precision 650 Workstation; Apple Computer Mac OS X Version 10.3.6 running on a Power Mac G4 Dual Processor; Red Hat Enterprise Linux Version 5.1 running on a SGI Altix XE240; Hewlett-Packard HP-UX 11i Version 3 running on a HP 9000 RP3440; Microsoft Corporation Windows 2000 (Server) SP3 and Q326886 Hotfix running on a Dell Optiplex GX400

-FIPS Approved algorithms: Triple-DES (Cert. #818); AES (Cert. #1121); DSA (Cert. #364); SHS (Cert. #1044); RNG (Cert. #624); RSA (Cert. #530); HMAC (Cert. #632)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; DES; Idea; RC2; RC4; RC5; MD2; MD4; MD5; Mdc2; Ripemd

Multi-chip standalone

"The Cimcor Cryptographic Module is a multi-platform library that provides secure FIPS 140-2 validated hashing, encryption, and decryption methods and a variety of other cryptographic functions."
1314 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E7500
(Hardware Version: P/N 101-500226-54, Rev. A; Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/19/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1218); Triple-DES (Cert. #878); SHS (Cert. #1121); DSA (Cert. #404); RNG (Cert. #676); RSA (Cert. #588); HMAC (Cert. #711)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Managment (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
1313 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E6500
(Hardware Version: P/N 101-500163-50, Rev. A; Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/19/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1217); Triple-DES (Cert. #877); SHS (Cert. #1120); DSA (Cert. #403); RNG (Cert. #675); RSA (Cert. #587); HMAC (Cert. #710)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Managment (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
1312 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 4500, NSA 5000 and NSA E5500
(Hardware Versions: P/N 101-500166-50, Rev. B (NSA 4500); P/N 101-500088-50, Rev. B (NSA 5000); P/N 101-500165-50, Rev. A (NSA E5500); Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/19/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1216); Triple-DES (Cert. #876); SHS (Cert. #1119); DSA (Cert. #402); RNG (Cert. #674); RSA (Cert. #586); HMAC (Cert. #709)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"NSA Series: The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
1311 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 3500
(Hardware Version: P/N 101-500073-50, Rev. B; Firmware Version: SonicOS v5.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 05/19/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1215); Triple-DES (Cert. #875); SHS (Cert. #1118); DSA (Cert. #401); RNG (Cert. #673); RSA (Cert. #585); HMAC (Cert. #708)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"NSA Series: The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
1310 Cellcrypt Limited
Liberty House
222 Regent Street
London, W1B 5TR
United Kingdom

-Paul Galwas
TEL: +442070995999

CST Lab: NVLAP 200002-0

CCORE Module
(Software Version: 0.6.0-rc3)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/19/2010;
07/08/2010
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Ubuntu Server

-FIPS Approved algorithms: AES (Cert. #1089); RSA (Cert. #514); SHS (Cert. #1022); HMAC (Cert. #612); RNG (Cert. #611)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; EC Diffie-Hellman (non-compliant); ECDSA (non-compliant)

Multi-chip standalone

"Crypto Core for secure communication platform"
1309 BigFix, Inc.
1480 64th Street
Suite 200
Emeryville, CA 94608
USA

-Noah Salzman, Product Manager
TEL: 510-740-0308
FAX: 510-652-6742

-Peter Loer, Director Software Engineering
TEL: 510-740-5128
FAX: 510-652-6742

CST Lab: NVLAP 200017-0

BigFix Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 05/10/2010 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with AIX 5.2 running on IBM P610; HP-UX 11.11 running on HP C3000; SUSE Linux Enterprise Server 9 running on IBM eServer 325; Mac OS X 10.3.6 running on iMac G4; Red Hat Enterprise Linux 4 Update 2 Advanced Server running on HP XW4100 Pentium 4; Red Hat Enterprise Linux 4 Update 2 Advanced Server 64-bit running on HP ProLiant DL145 G2; Solaris 9 SPARC running on Sun Blade 150; Solaris 10 SPARC running on Sun Blade 150; Solaris 10 x86 running on Dell Precision 650; Windows 2000 Pro with SP3 running on Dell Optiplex GX400; Windows 2003 Enterprise Edition with SP1 running on Dell Optiplex GX270; Windows XP Pro with SP2 running on Dell Optiplex GX270

-FIPS Approved algorithms: Triple-DES (Cert. #688); AES (Cert. #806); DSA (Cert. #298); SHS (Cert. #804); HMAC (Cert. #446); RSA (Cert. #388); RNG (Cert. #464)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The BigFix Cryptographic Module 1.0 is a software library that runs on a wide variety of computing platforms and performs encryption, hashing, and random number generation functions."
1308 CipherOptics, Inc.
1550 Coraopolis Heights Drive
Suite 360
Coraopolis, PA 15108
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200017-0

CEP10-R
(Hardware Version: [CEP10-R, A]; Firmware Version: 1.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/10/2010;
06/14/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #673 and #873); AES (Certs. #779 and #1210); SHS (Certs. #781 and #1114); HMAC (Certs. #426 and #705); RSA (Cert. #582); DSA (Cert. #400); RNG (Cert. #672)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 to 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CipherOptics CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the CipherOptics CEP10-R has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP's local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1307 CipherOptics, Inc.
1550 Coraopolis Heights Drive
Suite 360
Coraopolis, PA 15108
USA

-Ed Finn
TEL: 412-262-2571 x102
FAX: 412-262-2574

CST Lab: NVLAP 200017-0

CEP100, CEP100-XSA and CEP1000
(Hardware Versions: [CEP100, A], [CEP100-XSA, A] and [CEP1000, A]; Firmware Version: 1.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 05/10/2010;
06/14/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #482, #667 and #873); AES (Certs. #465, #762 and #1210); SHS (Certs. #768, #769 and #1114); HMAC (Certs. #416, #417 and #705); RSA (Cert. #582); DSA (Cert. #400); RNG (Cert. #672)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 to 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CipherOptics CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the CipherOptics CEP has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1306 Kingston Technology Company, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

-Joel Tang
TEL: 714-435-2604

CST Lab: NVLAP 200416-0

Kingston DataTraveler DT4000 Series USB Flash Drive
(Hardware Version: AE2251; Software Version: v3.0.0.1 [1] and v3.0.1 [2]; Firmware Version: v3.00.10 [1] and v03.01 [2])

(When operated in FIPS mode. The Software Clients v3.0.0.1 and v3.0.1 distributed with the module are excluded from the validation)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 06/01/2010;
07/27/2011
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #1081); SHS (Cert. #1016); RSA (Cert. #510); RNG (Cert. #607)

-Other algorithms: HWRNG

Multi-chip standalone

"As the worldÆs leading memory manufacturer, Kingston offers the marketplace a variety of secure USB devices designed to protect data at rest. By utilizing 256 bit AES encryption, the Kingston DataTraveler DT4000 Series USB Flash Drive drive offers a high level of security certified to FIPS 140-2 standards."
1305 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 5 Libgcrypt Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode and when obtained, installed and initialized as assumed by the Crypto Officer role and specified in Section 8.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/26/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1180, #1192 and #1193); Triple-DES (Certs. #851, #859 and #860); SHS (Certs. #1089, #1098 and #1099); RSA (Certs. #561, #570 and #571); DSA (Certs. #389, #393 and #394); HMAC (Certs. #680, #691 and #692); RNG (Certs. #651, #658 and #659)

-Other algorithms: MD5

Multi-chip standalone

"The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library version 1.4.4 delivered with RHEL 5.4."
1304 ST Electronics (Info-Security) Pte Ltd
100 Jurong East Street 21
ST Electronics Jurong East Building
Singapore, 609602
Singapore

-Yeo Boon Hui
TEL: 65-65687118
FAX: 65-65687226

CST Lab: NVLAP 100432-0

DigiSAFE TrustCrypt
(Hardware Version: P/N 9910-8000-0624; Firmware Versions: Version 1.0.0 (CPLD Glue Code); Version 1.0.0 (Crypto Libraries); Version 2.6.21 (ARM-Linux); Version 1.0.0 (Bootstrap Application))

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2010 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #932); RNG (Cert. #533); RSA (Cert. #451); SHS (Cert. #915)

-Other algorithms: AES (Cert. #932, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip embedded

"DigiSAFE TrustCrypt is a programmable cryptographic module designed to support high assurance applications and provide secure cryptographic resources, including secure key generation and storage. It is built upon a secure physical enclosure and contains a secure bootstrap which authenticates application loading."
1303 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

HP Enterprise Secure Key Manager
(Hardware Version: P/N AJ563A, Version 2.0; Firmware Version: 4.8.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2010;
09/19/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #1171); DSA (Cert. #383); HMAC (Cert. #671); RNG (Cert. #647); RSA (Cert. #554); SHS (Cert. #1083); Triple-DES (Cert. #849)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; RC4

Multi-chip standalone

"The HP Enterprise Secure Key Manager (ESKM) automates key generation and management. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the ESKM provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
1302 SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131-2203
USA

-Tom Dickens
TEL: 408-312-4324
FAX: 408-392-0319

-Reid Carlisle
TEL: 727-551-0046
FAX: 408-392-0319

CST Lab: NVLAP 200017-0

SPYCOS® Module
(Hardware Versions: 740100002F and 742100002F; Firmware Version: 2.4)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2010;
05/10/2010
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #699); AES (Cert. #842); RSA (Cert. #404); ECDSA (Cert. #95); SHS (Cert. #834); HMAC (Cert. #463); RNG (Cert. #481); Skipjack (Cert. #18)

-Other algorithms: H/W NDRNG; FWRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"The SPYCOS® Module is the latest addition to the SPYRUS family of cryptographic module IC's that enable both smart card and USB cryptographic tokens. The SPYCOS« Module enables security critical capabilities such as user authentication, message privacy and integrity, authentication, and secure storage in rugged, tamper-evident hardware. The SPYCOS« Module communicates with a host computer via the smart card or USB interface."
1301 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Mesh Point
(Hardware Versions: ES520: Deployable Mesh Point (V1 and V2) [1,2,3,4,5,6,7], ES300: Inline Network Encryptor [1,2], ES210: Tactical Mesh Point [3,4,5,6,7], ES440: Infrastructure Mesh Point [4] and ES820: Vehicle Mesh Point [4]; Firmware Versions: 5.1 [1], 5.1.1 [2], 5.2.1 [3], 5.3.0 [4], 5.2.1.1162 [5], 5.2.2 [6] or 5.2.2.1011[7])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/26/2010;
05/07/2010;
05/28/2010;
08/02/2010;
12/21/2010;
02/24/2011;
10/04/2011;
05/10/2012;
05/17/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; Hardware RNG

Multi-chip standalone

"The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1300 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo

CST Lab: NVLAP 200416-0

Datacryptor® 100M Ethernet
(Hardware Version: 1600x439; Firmware Versions: 4.2 and 4.5)

(When configured for firmware version 4.5 with the Point-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/26/2010;
05/07/2010;
01/13/2011;
04/27/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1033 and #1078); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Datacryptor® 100 Mbps Ethernet Layer 2 is a rack-mountable multi-chip standalone cryptographic module designed to secure data in transit across public Ethernet Layer 2 networks. The device uses 100BaseT ports to connect the host and public sides of the network. Datacryptor® employs an automatic key generation and exchange mechanism using X.509v.3 certificates and the Diffie-Hellman key agreement scheme. The algorithm used is AES-256. Configuration and management of the Datacryptor® 100 Mbps units is done through a secure remote management interface application also using the AES algorithm."
1299 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Seagate Secure® Enterprise Self-Encrypting Drives FIPS 140 Module
(Hardware Versions: 9XJ004 [1, 2], 9XH004 [1, 2], 9XG004 [1, 2], 9XJ066 [1, 2, 7, 16, 17, 18, 19, 20, 21], 9XH066 [1, 2, 7, 16, 17, 18, 19, 20, 21], 9XG066 [1, 2, 7, 16, 17, 18, 19, 20, 21], 9PX066 [3, 4, 6, 8, 9, 10, 12, 14], 9PW066 [3, 4, 10, 14], 9PV066 [3, 14], 9XE248 [1, 2], 9XE244 [1, 2], 9XE242 [1, 2], 9ST248 [4, 6, 11], 9ST244 [4, 11], 9XF246 [1], 9SU246 [4], 9XB066 [1], 9XA066 [1], 9LB066 [4], 9WZ066 [1], 9WY066 [1], 9LD066 [4, 6], 9XD066 [2, 5, 13, 15], 9XC066 [2, 5, 13, 15] and 9PP066 [4, 6, 13, 15]; Firmware Versions: 001 [1], 090 [2], 038 [3], 251 [4], 005 [5], 257 [6] 046 [7], EEF3 [8], EEF4 [9], ESF7 [10], KSF4 [11], EEF5 [12], FMF4 [13], NA02 [14], FMF5 [15], 5CE2 [16], 5CE3 [17], 5CE4 [18], 5CE5 [19], 5CE6 [20] and 5CE7 [21])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2010;
09/13/2010;
01/13/2011;
06/05/2012;
10/17/2012;
01/25/2013;
05/22/2013;
02/20/2014;
04/03/2014
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1053 and #1054); SHS (Certs. #812 and #1002); RNG (Cert. #600); RSA (Cert. #502)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure® Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in Seagate Cheetah, Constellation ES, Constellation, and Savvio SED model disk drives. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands, and authenticated FW download. The services are provided through an industry-standard TCG Enterprise SSC interface."
1298 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor N-450
(Hardware Version: P/N N-450, Version 1.50; Firmware Version: 5.1.15.2)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC MD5; Blowfish; DES; MD5; TACACS

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network SecurityManagement system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1297 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-60 and AP-61 Wireless Access Points
(Hardware Versions: AP-60-F1 Rev. 01 or AP-61-F1 Rev. 01; Firmware Versions: Aruba OS 3.3.2.18-FIPS, ArubaOS 3.3.2.20-FIPS, ArubaOS 3.3.2.21-FIPS, ArubaOS 3.4.2.3-FIPS, ArubaOS 3.4.4.0-FIPS or ArubaOS 3.4.5.1-FIPS)

(When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/26/2010;
05/05/2010;
10/25/2010;
01/31/2011;
03/14/2011;
07/19/2011;
02/06/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #895 and #900); HMAC (Certs. #500 and #503); RNG (Cert. #516); RSA (Certs. #433 and #436); SHS (Certs. #887, #888 and #892); Triple-DES (Certs. #731 and #734)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1296 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-James Reardon
TEL: 651-628-5346
FAX: 651-628-2701

CST Lab: NVLAP 100432-0

NSM Secure UI Crypto Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/26/2010 Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2003 Standard (SP 2) running on a Dell PowerEdge SC1420

-FIPS Approved algorithms: AES (Cert. #1238); HMAC (Certs. #721 and #722); RNG (Cert. #685); RSA (Cert. #594); SHS (Certs. #1135 and #1136); Triple-DES (Cert. #886)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4; MD5; HMAC-MD5

Multi-chip standalone

"McAfee Network Security Manager (NSM) is a simple, centralized management software for distributed McAfee Network Security Platform intrusion prevention system (IPS) sensors and network access control (NAC) appliances. The NSM console with its intuitive graphical interface gives administrators complete control and real-time data, so that they can manage, configure, administer, and monitor all IPS and NAC appliances across widely distributed, mission-critical deployments. The NSM Secure UI Crypto Module provides cryptographic services for serving the NSM console through a secure TLS session."
1295 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-James Reardon
TEL: 651-628-5346
FAX: 651-628-2701

CST Lab: NVLAP 100432-0

NSM Application Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/26/2010 Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2003 Standard (SP 2) running on a Dell PowerEdge SC1420

-FIPS Approved algorithms: AES (Cert. #1237); HMAC (Cert. #721); RNG (Cert. #684); RSA (Cert. #593); SHS (Cert. #1135)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; RC4; MD5; HMAC-MD5

Multi-chip standalone

"McAfee Network Security Manager (NSM) is a simple, centralized management software for distributed McAfee Network Security Platform intrusion prevention system (IPS) sensors and network access control (NAC) appliances. The NSM console with its intuitive graphical interface gives administrators complete control and real-time data, so that they can manage, configure, administer, and monitor all IPS and NAC appliances across widely distributed, mission-critical deployments. The NSM Application Crypto Module provides cryptographic services for the Network Security Manager application."
1294 Xceedium, Inc.
30 Montgomery Street, Suite 1020
Jersey City, NJ 07302
USA

-Dave Olander
TEL: 201-536-1000 x121
FAX: 201-536-1200

CST Lab: NVLAP 200556-0

Xceedium GateKeeper™
(Hardware Versions: 5 and 5a; Firmware Version: 5.0.0 SP3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 04/14/2010;
09/07/2010;
09/30/2010;
04/05/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1151 and #1152); Triple-DES (Certs. #833 and #834); SHS (Certs. #1065 and #1066); RSA (Cert. #544); HMAC (Certs. #654 and #655); RNG (Cert. #637)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (Cert. #373; non-compliant)

Multi-chip standalone

"Xceedium's GateKeeper is a hardened appliance that functions as a secure centralized management platform that enables IT operations to remotely manage data centers as one integrated system. A standardized security model can be developed to mitigate the risks of "untrusted" users; provide centralized access and policy, compartmentalize down to the port, define good and bad behavior, alert and restrict access to applications or commands. GateKeeper provides touch free support and includes all access methods and tools for in-band, out-of-band and power control."
1293 Red Hat®, Inc.
1801 Varsity Drive
Raleigh, NC 27606
USA

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

Network Security Services (NSS) Cryptographic Module (Freebl)
(Software Version: 3.12.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 04/14/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v5 (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #366); SHS (Cert. #1048)

-Other algorithms: MD2; MD5

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1292 Prism Payment Technologies (Pty) Ltd.
4th Floor, President Place, Corner Jan Smuts Avenue & Bolton Road
PO Box 2424, Parklands
Gauteng, 2121
South Africa

-Giovanni Gallus
TEL: +27-31-266-0025
FAX: +27-11-880-7080

-Mr. Shawn O'Neill
TEL: +27-31-267-5500
FAX: +27-31-266-0021

CST Lab: NVLAP 200802-0

Incognito TSM500
(Hardware Version: Part Number 5520-00127 Rev 2; Firmware Version: Part Number 0610-00571 Rev 1.2)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/12/2010 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: Triple-DES (Cert. #801); Triple-DES MAC (Triple-DES Cert. #801, vendor affirmed); AES (Cert. #1100); RSA (Cert. #515); SHS (Cert. #1023); RNG (Cert. #612)

-Other algorithms: Hardware RNG

Multi-chip embedded

"The Incognito TSM500 is a multi-chip embedded Tamper Responsive Security Module. Fitted on a PCI carrier card, the device offers high-performance, high-security services targeted at EFT switches and mCommerce applications."
1291 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE Crypto-J Software Module
(Software Version: 4.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 04/12/2010;
09/07/2010;
03/28/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 with Sun JRE 5.0; Microsoft Windows XP SP2 with Sun JRE 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1109); DRBG (Cert. #15); DSA (Cert. #357); ECDSA (Cert. #130); HMAC (Cert. #621); RNG (Cert. #616); RSA (Cert. #522); SHS (Cert. #1032); Triple-DES (Cert. #806)

-Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random

Multi-chip standalone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1290 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-1250, M-1450, M-2750, M-3050, M-4050, and M-6050
(Hardware Versions: P/Ns M-1250 Version 1.10, M-1450 Version 1.10, M-2750 Version 1.50, M-3050 Version 1.20, M-4050 Version 1.20 and M-6050 Version 1.40; Firmware Version: 5.1.15.12)

(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/12/2010 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network SecurityManagement system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1289 Pitney Bowes, Inc.
35 Waterview Drive
Shelton, CT 06484
USA

-Robert Sisson
TEL: 203-924-3061
FAX: 203-924-3518

CST Lab: NVLAP 100432-0

Cygnus X3 PSD Cryptographic Module
(Hardware Version: P/N 1R84000 Version A; Software Version: 03.00.0064 (PSD Application) and 01.00.0053 (SDU); Firmware Version: 01.00.06)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/12/2010;
05/05/2010
Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS Approved algorithms: DSA (Cert. #374); SHS (Cert. #650); AES (Cert. #1069); Triple-DES (Cert. #572); Triple-DES MAC (Triple-DES Cert. #572, vendor affirmed); DRBG (Cert. #20); KAS (Cert. #3); HMAC (Cert. #601); ECDSA (FIPS 186-3, vendor affirmed)

-Other algorithms: AES (AES Cert. #1069, key wrapping; key establishment methodology provides 128 bits of encryption strength)

Single-chip

"The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The Cygnus X3 PSD Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1288 Oracle Corporation
500 Eldorado Blvd.
Bldg 5
Broomfield, CO 80021
USA

-David Hostetter
TEL: 303-272-7126

CST Lab: NVLAP 100432-0

Sun StorageTek™ T9840D Tape Drive
(Hardware Version: P/N 315479501; Firmware Version: 1.44.710)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 04/12/2010;
05/05/2010
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-FIPS Approved algorithms: AES (Certs. #495, #1059, #1060, #1061, #1062 and #1063); DRBG (Cert. #11); HMAC (Certs. #597 and #598); RSA (Cert. #503); SHS (Certs. #1005 and #1006)

-Other algorithms: AES (Cert. #1060, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The Sun StorageTek T9840D drive provides 75 GB native capacity and 30 MB/sec throughput using the same media and with backward read compatibility to the non-encrypting T9840 A, B and C. Designed for maximum security and performance, the T9840D uses AES-256 encryption to protect and authenticate customer data and secure, authenticated transmission of key material. Designed for fast access to data, the drive allows the use of multiple keys per tape with a cache memory to minimize key transmission overhead. Works seamlessly with the Sum KMA 2.x for a secure end-to-end management solution."
1287 Vocera Communications, Inc.
525 Race Street
San Jose, CA 95126
USA

-Thirumalai T. Bhattar
TEL: 408-882-5841

-Arun Mirchandani
TEL: 408-880-5100

CST Lab: NVLAP 200017-0

Vocera Cryptographic Module
(Hardware Version: 88W8686; Software Version: 1.0; Firmware Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software-Hybrid 03/29/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Vocera Embedded Linux Version 1.0 running on a Texas Instruments OMAP5912 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #835 and #980); SHS (Cert. #950); HMAC (Cert. #551); RNG (Cert. #556)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"The Vocera® Communications System is a breakthrough wireless platform that provides hands-free voice communications throughout an 802.11b/g-networked building or campus."
1286 Bomgar Corporation
578 Highland Colony Parkway
Paragon Centre, Suite 300
Ridgeland, MS 39157
USA

TEL: 601-519-0123
FAX: 601-510-9080

CST Lab: NVLAP 200017-0

B200™ and B300™ Remote Support Appliances
(Hardware Versions: B200 and B300; Software Version: 10.2.8 FIPS; Firmware Version: Base version 3.0.5 FIPS)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/29/2010 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #791); AES (Cert. #1043); SHS (Cert. #993); RSA (Cert. #497); HMAC (Cert. #585); RNG (Cert. #594)

-Other algorithms: RC4; RC4-40; DES; DES-40; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Bomgar Remote Support Appliances give technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows access to various operating systems, including remote support for smartphones and managing network devices via command shell. In addition, it supports extensive auditing and recording of support sessions."
1285 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Regional Cryptographic Module
(Software Versions: 3.1.2.3 [1] and 3.2.2.5 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 04/15/2010;
09/13/2010
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows Server 2003 R2 with SP2 running on a Dell PowerEdge 1420 and Windows Server 2008 running on a Dell Optiplex 755

-FIPS Approved algorithms: AES (Certs. #1277 [1] and #1449 [2]); HMAC (Certs. #742 [1] and #850 [2]); RNG (Certs. #712 [1] and #793 [2]); SHS (Certs. #1175 [1] and #1313 [2])

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Regional component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication and encryption/decryption between the various components via Central, Regional, Data Collector, and Agent that complete the SecureVue software application suite."
1284 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Data Collector Cryptographic Module
(Software Versions: 3.1.2.3 [1] and 3.2.2.5 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 04/15/2010;
09/13/2010
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows XP Pro x64 with SP2 running on a HP XW9300 Workstation and Windows Server 2008 running on a Dell Optiplex 755

-FIPS Approved algorithms: AES (Certs. #1277 [1] and #1449 [2]); HMAC (Certs. #742 [1] and #850 [2]); RNG (Certs. #712 [1] and #793 [2]); SHS (Certs. #1175 [1] and #1313 [2])

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Data Collector component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication, encryption/decryption, and key generation between the various components via Central, Regional, Data Collector, and Agent that complete the SecureVue software application suite."
1283 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Agent Cryptographic Module
(Software Versions: 3.1.2.3 [1] and 3.2.2.5 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/29/2010;
05/05/2010;
09/13/2010
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows XP Pro with SP2 running on a Dell Optiplex Gx620 and Windows Server 2008 running on a Dell Optiplex 755

-FIPS Approved algorithms: AES (Certs. #695 [1] and #1449 [2]); HMAC (Certs. #373 [1] and #850 [2]); RNG (Certs. #407 [1] and #793 [2]); SHS (Certs. #723 [1] and #1313 [2])

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Agent component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication and encryption/decryption between the various components via Central, Regional, Data Collector, and Agent that complete the SecureVue software application suite."
1282 eIQnetworks, Inc.
31 Nagog Park
Action, MA 01720
USA

-Vijay Basani
TEL: 978-266-9933

CST Lab: NVLAP 200427-0

SecureVue Central Cryptographic Module
(Software Versions: 3.1.2.3 [1] and 3.2.2.5 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/29/2010;
05/05/2010;
09/13/2010
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows Server 2003 with SP2 running on a Dell PowerEdge 1800 and Windows Server 2008 running on a Dell Optiplex 755

-FIPS Approved algorithms: AES (Certs. #1277 [1] and #1449 [2]); HMAC (Certs. #742 [1] and #850 [2]); RNG (Certs. #712 [1] and #793 [2]); SHS (Certs. #1175 [1] and #1313 [2])

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"SecureVue Central component is a multi-chip standalone cryptographic module that is part of a software application suite. It has cryptographic implementation for secure communication, encryption/decryption, and key generation between the various components via Central, Regional, Data Collector, and Agent that complete the SecureVue software application suite."
1281 Cimcor, Inc.
8252 Virginia Street, Suite C
Merrillville, IN 46410
USA

-Robert Johnson
TEL: 219-736-4400
FAX: 219-736-4401

CST Lab: NVLAP 100432-0

Cimcor Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 05/24/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008; Windows Vista (single-use mode)

-FIPS Approved algorithms: Triple-DES (Cert. #818); AES (Cert. #1121); DSA (Cert. #364); SHS (Cert. #1044); RNG (Cert. #624); RSA (Cert. #530); HMAC (Cert. #632)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Camellia; DES; Idea; RC2; RC4; RC5; MD2; MD4; MD5; Mdc2; Ripemd

Multi-chip standalone

"The Cimcor Cryptographic Module is a multi-platform library that provides secure FIPS 140-2 validated hashing, encryption, and decryption methods and a variety of other cryptographic functions."
1280 Sun Microsystems, Inc., Red Hat®, Inc. and Mozilla Foundation, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Glen Beasley
TEL: 800-555-9SUN

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

Network Security Services (NSS) Cryptographic Module
(Software Version: 3.12.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/29/2010 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Red Hat Enterprise Linux v5 running on an IBM System x3550; Red Hat Enterprise Linux v5 running on an HP ProLiant DL145

-FIPS Approved algorithms: AES (Cert. #1126); DSA (Cert. #366); DRBG (Cert. #16); HMAC (Cert. #636); RSA (Cert. #533); SHS (Cert. #1048); Triple-DES (Cert. #821)

-Other algorithms: Camellia; DES; Diffie-Hellman; EC Diffie-Hellman; MD2; MD5; RC2; RC4; SEED

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1279 Sun Microsystems, Inc., Red Hat®, Inc. and Mozilla Foundation, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Glen Beasley
TEL: 800-555-9SUN

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

Network Security Services (NSS) Cryptographic Module (Extend ECC)
(Software Version: 3.12.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/29/2010 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Sun Solaris 10 5/08 running on a Sun SunBlade 2000 workstation; Sun Solaris 10 5/08 running on a Sun W2100z workstation

-FIPS Approved algorithms: AES (Cert. #1127); DSA (Cert. #367); DRBG (Cert. #17); ECDSA (Cert. #132); HMAC (Cert. #637); RSA (Cert. #534); SHS (Cert. #1049); Triple-DES (Cert. #822)

-Other algorithms: Camellia; DES; Diffie-Hellman; EC Diffie-Hellman; MD2; MD5; RC2; RC4; SEED

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1278 Sun Microsystems, Inc., Red Hat®, Inc. and Mozilla Foundation, Inc.
4150 Network Circle
Santa Clara, CA 95054
USA

-Glen Beasley
TEL: 800-555-9SUN

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

Network Security Services (NSS) Cryptographic Module (Basic ECC)
(Software Version: 3.12.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/29/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP with SP3; Apple Mac OS X 10.5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1128); DSA (Cert. #368); DRBG (Cert. #18); ECDSA (Cert. #133); HMAC (Cert. #638); RSA (Cert. #535); SHS (Cert. #1050); Triple-DES (Cert. #823)

-Other algorithms: Camellia; DES; Diffie-Hellman; EC Diffie-Hellman; MD2; MD5; RC2; RC4; SEED

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1277 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo

CST Lab: NVLAP 200416-0

Datacryptor® SONET/SDH OC-3/12/48/192C
(Hardware Versions: 1600x435 and 1600x427; Firmware Versions: 4.2 and 4.5)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/29/2010;
05/07/2010;
01/13/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1033, #1079 and #1080); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Datacryptor® SONET/SDH OC-3/12/48/192C are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public SONET or SDH backbone networks. The devices use standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via DSA enabled X.509 v.3 certificates, key management based on a Diffie-Hellman Key Agreement Scheme, and AES encryption of data passing over public networks. Management of the Datacryptor is performed via a remote management interface."
1276 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Version: 5.1f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/29/2010;
05/11/2010;
07/19/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Debian 4.0 with Linux 2.6; OpenSuse 10.3 with Linux 2.6; Solaris 10; Windows Mobile 6.1; Windows CE 5.0; Windows XP; Intel/WindRiver Linux v3; VxWorks 5.5; iPhone OS 3.1.3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1131, #1132, #1133 and #1134); Triple-DES (Cert. #826); SHS (Cert. #1055); HMAC (Cert. #644); RSA (Cert. #538); DSA (Cert. #369); ECDSA (Cert. #134); RNG (Cert. #629)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1275 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Juan Asenjo

CST Lab: NVLAP 200416-0

Datacryptor® Gig Ethernet and 10 Gig Ethernet
(Hardware Versions: 1600x433 and 1600x437; Firmware Versions: 4.2 and 4.5)

(When configured for firmware version 4.5 with the Point-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/29/2010;
05/07/2010;
01/13/2011;
04/27/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1033, #1079 and #1080); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Datacryptor® 1 Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public Ethernet Layer 2 networks. The 1 Gig and 10 Gig units use an standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via DSA enabled X.509 v.3 certificates, key management based on a Diffie-Hellman Key Agreement Scheme, and AES encryption of data passing over public networks. Management of the Datacryptor® is performed via a remote management interface."
1274 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

IPCryptR Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Versions: R01.01.02 and R01.01.03)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/29/2010;
05/07/2010
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #819 and #1013); SHS (Certs. #817 and #963); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); AES (AES Cert. #819, key wrapping; key establishment methodology provides 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); LFSR

Single-chip

"The IPCryptR MACE provides secure key management and data encryption for the IPCryptR in Motorola's Astro™, Dimetra™, and Broadband Systems."
1273 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Loadable Kernel Module
(Software Version: 5.1f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/29/2010;
05/11/2010;
07/19/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Debian 4.0 with Linux 2.6; OpenSuse 10.3 with Linux 2.6; Intel/WindRiver Linux v3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1131, #1132, #1133 and #1134); Triple-DES (Cert. #826); SHS (Cert. #1055); HMAC (Cert. #644); RNG (Cert. #629)

-Other algorithms: DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Loadable Kernel Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1272

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/09/2010;
07/02/2010
Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1271 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Seyed Safakish
TEL: 408-745-8158

CST Lab: NVLAP 100432-0

Juniper Networks NSM (Network and Security Manager) Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 03/29/2010 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Red Hat Enterprise Linux Version 5 running on a HP ProLiant DL365 G5 Server

-FIPS Approved algorithms: AES (Certs. #981 and #982); HMAC (Certs. #552 and #553); RNG (Certs. #557 and #558); RSA (Certs. #472 and #473); SHS (Certs. #951 and #952)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Juniper Networks Network and Security Manager (NSM) is a unified device management solution for Juniper's network infrastructure of routing, switching, and security devices. It provides centralized, end-to-end device lifecycle management, granular policy configuration, and comprehensive monitoring, reporting, and investigative tools to enable you to improve IT management and cost efficiencies and to maximize the security of your network. Enterprise customers can leverage NSM globally to scale from branch to data center, and Service Providers can use it for carrier-class deployments."
1270 Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0

Kanguru Defender Elite/Elite+
(Hardware Versions: KDFE-1Ga-y, KDFE-xG, KDFE-xG-y, KDFE-xG-L, KDFE-xG-y-L, KDFEP-xG and KDFEP-xG-y ; Firmware Versions: 1.0, 2.01.10 or 2.01.15)

(Files distributed with the module mounted within the CD Drive, Public Drive, and/or Private Drive are excluded from the validation.)
(Note: Refer to the cryptographic module's Security Policy Appendix 1 for the details on the letter x and y designations)


Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/29/2010;
08/09/2010;
08/12/2010;
08/20/2010;
12/21/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1066); SHS (Cert. #1009); RSA (Cert. #506); RNG (Cert. #603)

-Other algorithms: NDRNG; RSA-512 (non-compliant)

Multi-chip standalone

"The Kanguru Defender Elite/Elite+ is a FIPS 140-2 Level 2 multi-chip standalone cryptographic module that utilizes AES hardware encryption to secure data at rest. The module is a ruggedized, opaque, tamper-evident USB token/storage device."
1269 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 200556-0

Bluefly Processor
(Hardware Versions: 3.0, Part #950 000 003 R [1] and 4.0, Part #950 000 004 R [2]; Firmware Versions: 2.0 [1], 2.1 [1,2], 2.2 [1,2], 2.3 [1,2], 2.4 [1,2] or 1.15 [1,2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/30/2010;
05/05/2010;
09/07/2010;
01/20/2011;
03/15/2011;
05/31/2011;
07/05/2011;
04/24/2012;
03/28/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1119, #1292, #1333, #1334, #1452, #1574 and #1661); Triple-DES (Certs. #908, #932, #983, #1031 and #1081); DSA (Certs. #417, #438, #462, #485 and #519); SHS (Certs. #1186, #1220, #1315, #1394 and #1456); RSA (Certs. #618, #646, #710, #767 and #818); HMAC (Certs. #752, #782, #852, #921 and #976); KAS (Certs. #6, #7, #9, #11 and #12); RNG (Certs. #720, #735, #795, #848 and #884)

-Other algorithms: MD5; HMAC-MD5

Single-chip

"The Bluefly processor is a cryptographic and authentication engine for Personal Portable Security Devices (PPSDs). It provides secure storage, digital identity functions, and multifactor user authentication for USB-based peripherals."
1268 Senetas Security Pty Ltd.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 (3) 9868 4515
FAX: +61 (3) 9821 4899

CST Lab: NVLAP 200017-0

CypherNET™ 3000 Series Multi-Protocol Encryptor
(Hardware Versions: A5213B, A5214B, A5203B and A5204B; Firmware Version: 1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/29/2010 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #647 and #702); AES (Certs. #710, #717, #725 and #964); SHS (Cert. #743); RNG (Cert. #422); DSA (Cert. #273); RSA (Cert. #340); HMAC (Cert. #391)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CypherNET™ 3000 Series product is a high-speed, standards based, multi-protocol encryptor specifically designed to secure voice, data and video information transmitted over Synchronous Optical/Synchronous Digital Hierarchy (SONET/SDH) and Ethernet Networks at data rates up to 10 Gigabits per sec. Data privacy is provided by FIPS approved AES and Triple-DES algorithms."
1267 Senetas Security Pty Ltd.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 (3) 9868 4515
FAX: +61 (3) 9821 4899

CST Lab: NVLAP 200017-0

CypherNET™ 1000 Series Multi-Protocol Encryptor
(Hardware Versions: A5101B, A5103B, A5105B, A5107B, A5109B, A5111B, A5113B, A5115B, A5117B, A5119B, A5121B, A5123B, A5125B, A5127B, A5131B, A5133B, A5135B, A5137B, A5139B, A5141B, A5151B, A5153B, A5161B, A5163B and A5165B; Firmware Version: 1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 03/29/2010 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #639, #640, #647 and #702); AES (Certs. #711, #712, #713, #714, #717, #725 and #863); SHS (Cert. #743); RNG (Cert. #422); DSA (Cert. #273); RSA (Cert. #340); HMAC (Cert. #391)

-Other algorithms: MD5; RSA (Key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (Key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CypherNET™ 1000 Series product is a high-speed, standards based, multi-protocol encryptor specifically designed to secure voice, data and video information transmitted over Synchronous Optical/Synchronous Digital Hierarchy (SONET/SDH), Asynchronous Transfer Mode (ATM), and Ethernet Networks as well as protocol independent point-to-point networks at data rates up to 1 Gigabit per sec. Data privacy is provided by FIPS approved AES and Triple-DES algorithms."
1266 Broadcom Corporation
3151 Zanker Road
San Jose, CA 95134
USA

-Charles Qi
TEL: 408-501-8439

CST Lab: NVLAP 100432-0

BCM5880 Cryptographic Module
(Hardware Version: P/N BCM5880KFBG, Version C0; Software Version: R0; Firmware Version: C0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 03/29/2010 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1070); DSA (Cert. #354); ECDSA (Cert. #128); HMAC (Cert. #602); RNG (Cert. #605); RSA (Cert. #507); SHS (Cert. #1011)

-Other algorithms: EC Diffie-Hellman (key agreement)

Single-chip

"The BCM5880 Cryptographic Module is a single-chip encased in hard opaque tamper evident IC packaging. The BCM5880 Cryptographic Module supports a variety of FIPS-validated cryptographic algorithms via a set of service API over a well-defined security boundary. It is developed as a reference design for OEMs to build FIPS140-2 compliant security systems."
1265

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Certificate

Software 03/03/2010;
04/15/2010;
10/26/2010
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1264 DeltaCrypt Technologies, Inc.
261A, Chemin des Épinettes
Piedmont, Québec J0R 1K0
Canada

-Ann Marie Colizza
TEL: 450-744-0137
FAX: 450-227-9043

-Olivier Fournier
TEL: 450-227-6622
FAX: 450-227-9043

CST Lab: NVLAP 200017-0

DeltaCrypt FIPS Module
(Software Version: 1.0.0.0)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 03/29/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Microsoft Windows 2000; Microsoft Windows Vista; Microsoft Windows XP (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1065); SHS (Cert. #1008); HMAC (Cert. #600); RSA (Cert. #505); DRBG (Cert. #12)

-Other algorithms: N/A

Multi-chip standalone

"DeltaCrypt FIPS Module v1.0.0.0 is a software module providing cryptographic functionality implemented in DeltaCrypt Encryption Applications that complies with FIPS 140-2 level 1 requirements. DeltaCrypt FIPS Module provides data encryption for DeltaCrypt applications protecting files and folders on computer hard disks, mobile data, CD-ROMs and DVDs. It also ensures data protection of removable drives used in combination with DeltaCrypt Mobile Device Control which controls removable drives used on a network, offers audit and tracking capabilities as well as threat detection and policy"
1263 Stonesoft Corporation
Itälahdenkatu 22 A
Helsinki, FIN-00210
Finland

-Jorma Levomaki
TEL: +358 ( 9 ) 4767 11
FAX: +358 ( 9 ) 4767 1234

CST Lab: NVLAP 200626-0

StoneGate Firewall / VPN Core
(Firmware Version: 4.2.2.5708.cc3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 02/16/2010 Overall Level: 1 

-Tested: StoneGate FW-1020 hardware with Debian GNU/Linux 4.0 (Linux kernel 2.6.17.13)

-FIPS Approved algorithms: DSA (Cert. #340); RSA (Cert. #474); AES (Cert. #984); Triple-DES (Cert. #772); SHS (Cert. #953); HMAC (Cert. #554); RNG (Cert. #559)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Twofish; Cast-128; DES; MD5; HMAC-MD5; AES-XCBC-MAC (non compliant); Triple DES-ECB (non compliant)

Multi-chip standalone

"StoneGate Firewall/VPN Core 4.2.2.5798.cc3.1 provides IPsec compliant VPN connectivity between two firewall clusters (site to site connectivity) and remote IPsec compliant VPN connectivity between VPN clients the firewall cluster."
1262 Silex Technology
157 West 7065 South
Salt Lake City, UT 84047
USA

-Keith Sugawara
TEL: 801-748-1199
FAX: 714-258-0730

CST Lab: NVLAP 200802-0

SX-500 Cryptographic Module
(Hardware Version: STA part number 132-00188-120 rev. B, rev. C, or rev. D; Firmware Version: Version 2.02 main firmware and Version 3.1 boot loader)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/15/2010;
12/13/2011
Overall Level: 1 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1138, #1139 and #1140); RSA (Cert. #540); HMAC (Certs. #647 and #648); SHS (Certs. #1058 and #1059); DRBG (Cert. #19)

-Other algorithms: MD5; RC4; HMAC-MD5; MD4; DES; non-deterministic hardware RNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FIPS 140-2 Level 1 compliant Silex SX-500 is an excellent solution for applications requiring an easy to implement, secure wireless LAN connection for serial or Ethernet attached peripheral devices."
1261 bTrade, LLC
3500 W. Olive Avenue
Suite 300
Burbank, CA 91505
USA

-Clifton Gonsalves
TEL: 818-334-4036

CST Lab: NVLAP 200002-0

bTrade Security Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 02/15/2010;
04/12/2011;
04/27/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with IBM AIX version 6.1; HP-UX version 11.3; SUN Solaris version 10; Microsoft Windows Vista; IBM Z/OS v1.10 and IBM i 6.1(single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #796); AES (Cert. #1064); DSA (Cert. #352); SHS (Cert. #1007); HMAC (Cert. #599); RSA (Cert. #504); RNG (Cert. #601)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"The bTrade Security Module is a software library supporting FIPS Approved cryptographic algorithms."
1260 Gemalto
ZI Athelia IV, avenue du Jujubier
La Ciotat, Cedex 13705
France

-Jean-baptiste Jazat
TEL: 33-4-4236-5887
FAX: 33-4-4236-5545

CST Lab: NVLAP 100432-0

Smart Guardian FIPS
(Hardware Versions: P/Ns [HWP117762, HWP117763, HWP118770 and HWP118771] Version A; Firmware Version: 1411)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/15/2010 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #877 and #990); HMAC (Cert. #491); RNG (Cert. #503); RSA (Cert. #424); SHS (Certs. #869 and #957); Triple-DES (Cert. #719)

-Other algorithms: AES (Cert. #877, key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Gemalto introduces Smart Guardian FIPS, a FIPS 140-2 Level 3 Approved secure USB flash drive. The advanced flash drive combines an onboard cryptographic controller that encrypts all data stored on the secure partition by Approved hardware-based AES 256bit, a smartcard chip that provides key management through proven technology, and a ruggedized tamper resistant housing to create a complete portable secure storage solution for all users looking to protect their data."
1259 Renesas Technology America, Inc.
450 Holger Way
San Jose, CA 95134
USA

-Murthy Vedula
TEL: 408-382-7615
FAX: 408-382-7700

CST Lab: NVLAP 100432-0

AE57C1
(Hardware Version: P/N WD65257C1F41TDB0, Version 01; Firmware Version: P/N BOS_AE57C1_v_2_1012)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/15/2010 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Certs. #786 and #789); DSA (Cert. #347); SHS (Cert. #982); HMAC (Cert. #577); RNG (Cert. #585); KAS (Cert. #4)

-Other algorithms: N/A

Single-chip

"AE57C1 is a single-chip module that contains a CPU, ROM, EEPROM and RAM. The module contains firmware (Board ID OS or "BOS") that resides in ROM, with key storage and future applet storage functionality in the EEPROM. The module user will be able to load or update an applet to the EEPROM. Board ID OS (or "BOS") is a mask ROM used for prototyping and mass production of embedded smart chip systems based on AE57C1 device. BOS provides authentication and secure program download mechanism. Users can develop embedded applications using the BOS cryptographic, communication, and OS application interf"
1258 DESlock Ltd
3 Heron Gate
Hankeridge Way
Taunton, Somerset TA1 2LR
United Kingdom

-Julian Baycock
TEL: +44(0)1823 444447
FAX: +44(0)1823 443440

CST Lab: NVLAP 200017-0

DESlock+ Kernel Mode Crypto Core
(Software Version: 1.0.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Software 02/15/2010;
03/31/2014
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP with SP2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #790); AES (Cert. #1042); SHS (Cert. #992); RNG (Cert. #593); HMAC (Cert. #584)

-Other algorithms: Blowfish, MD5

Multi-chip standalone

"The DESlock+ Kernel Mode Crypto Core from Data Encryption Systems Ltd. is a cryptographic module which encapsulates several different cryptographic algorithms. Available as part of the DESlock+ desktop encryption product, the Module is accessible by other kernel mode drivers and user mode applications provided by Data Encryption Systems Ltd."
1257 Comtech Mobile Datacom Corporation
20430 Century Boulevard
Germantown, MD 20874
USA

-Lajuana Johnson
TEL: 240-686-3300

CST Lab: NVLAP 200427-0

Comtech Mobile Datacom Corporation Cryptographic Library (libcmscrypto)
(Software Version: 1.0 [1] and 1.2 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/28/2010;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v5.0[1]; Red Hat Enterprise Linux v6.2 [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1124 [1] and #2288 [2]); HMAC (Certs. #635 [1] and #1404 [2]); SHS (Certs. #1047 [1] and #1969 [2])

-Other algorithms: DES; Triple-DES (non-compliant)

Multi-chip standalone

"libcmscrypto is a library implemented in the Comtech Mobile Datacom Corp. products and provides the basic cryptographic functionality that includes Advanced Encryption Standard (AES) algorithm, SHA1 message digest, HMAC SHA-1 Keyed-Hash message authentication code."
1256 Aastra USA, Inc.
11279 Perry Highway
Suite 500
Wexford, PA 15090
USA

-Lloyd Hucke
TEL: 724-934-1200 x3820
FAX: 724-934-1205

-Keith Huthmacher
TEL: 724-934-1200 x3810
FAX: 724-934-1205

CST Lab: NVLAP 200697-0

ViPr Cryptographic Module
(Hardware Version: BCM5812, rev. A0; Firmware Version: 3.0.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware-Hybrid 01/15/2010;
05/28/2010
Overall Level: 1 

-Operational Environment: Tested: 4402-A ViPr Desktop Terminal running Redhat Linux 2.4.31 OS

-FIPS Approved algorithms: AES (Cert. #1075); RNG (Cert. #563)

-Other algorithms: MD5

Multi-chip standalone

"ViPr Cryptographic Module ver.1.0 is part of ViPr Video Conferencing system comprised of a ViPr Media Center Terminal running ViPr application software version 3.0.5"
1255 SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131-2203
USA

-Tom Dickens
TEL: 408-392-9131
FAX: 408-392-0319

CST Lab: NVLAP 100432-0

Hydra PC FIPS Sector-based Encryption Module
(Hardware Version: P/N 880074001F, Version 02.00.01; Firmware Version: 03.00.04)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 02/15/2010;
05/05/2010
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1016 and #1104); SHS (Certs. #973, #974 and #1027); ECDSA (Cert. #129); DRBG (Cert. #14); RNG (Cert. #582);

-Other algorithms: EC Diffie-Hellman [1] (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength); EC Diffie-Hellman [2] (key agreement; key establishment methodology provides 128, 192 or 256 bits of encryption strength)

Multi-chip standalone

"The Hydra PC FIPS Sector-based Encryption Module provides hardware-based, sector by sector full disk encryption providing the protective military strength of the U. S. Government's Suite B algorithm standards, including AES, ECDSA, SHA-2, and EC-DH. The USB encryption device comes with an easy to use, user-friendly interface that operates on the Microsoft Windows operating systems without installing any drivers."
1254 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.00.00 or R01.01.03] and [R01.00.00 (AES Cert. #819)])

(When operated in FIPS mode with firmware [R01.00.00 (AES Cert. #819)] installed)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/15/2010;
03/05/2010
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1253 3e Technologies International, Inc.
9715 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-523-F2 and 3e-523-3 Secure Multi-function Wireless Data Points
(Hardware Versions: 1.0, 1.1, 1.2 (3e-523-F2) and 2.0 (3e-523-3); Firmware Version: 4.3.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/28/2010 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1021 and #1022); Triple-DES (Certs. #782 and #783); SHS (Certs. #975 and #976); HMAC (Certs. #570 and #571); RNG (Cert. #583); RSA (Cert. #490)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; RC4; DES; AES CFB (non-compliant)

Multi-chip standalone

"The 3e-523-F2 and 3e-523-3 operate as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i."
1252 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 x72921
FAX: 519-886-4839

CST Lab: NVLAP 200017-0

BlackBerry Cryptographic Kernel
(Firmware Version: 3.8.5.85)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Firmware 01/06/2010 Overall Level: 1 

-Design Assurance: Level 3
-Tested: BlackBerry 9550 with BlackBerry OS Version 5.0

-FIPS Approved algorithms: Triple-DES (Cert. #838); AES (Certs. #1157 and #1158); SHS (Cert. #1070); HMAC (Cert. #659); RSA (Cert. #547); RNG (Cert. #640); ECDSA (Cert. #137)

-Other algorithms: EC Diffie-Hellman (key agreement); ECMQV (key agreement)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1251 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886-3140
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200416-0

Fortress Controller -X (FC-X)
(Hardware Versions: FC-250, FC-250SB, FC500, FC500SB, FC-1500 and FC1500SB; Firmware Versions: 5.1.2, 5.1.2.5100CAJ and 5.1.2.5100CAP)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Vendor Product Link
Hardware 01/06/2010;
01/28/2010;
03/26/2010;
08/02/2010;
05/17/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #852, #853 and #389); HMAC (Certs. #469, #569 and #371); SHS (Certs. #845, #846, #721, #722 and #715); RNG (Certs. #487, #488 and #189); RSA (Cert. #488); Triple-DES (Cert. #703)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; Hardware RNG

Multi-chip standalone

"The Fortress Controller -X (FC-X) secures wireless devices, users and network infrastructure. It implements Fortress's Mobile Security Protocol (MSP) to provide network authentication, key exchange, and data encryption and integrity checking at layer 2 of the OSI networking model."
1245 Tropos Networks
555 Del Rey Ave.
Sunnyvale, CA 94085
USA

-Michael Ren
TEL: 408-331-6809
FAX: 408-331-6801

-Sreedhar Kamishetti
TEL: 408-331-6881
FAX: 408-331-6801

CST Lab: NVLAP 200427-0

Tropos Wireless IP Mesh Router
(Hardware Versions: 5320-2531, 5320-2631, 5320-3030, 5320-3130, 5320-6000, 5320-6060, 6310-3030, 6320-2531, 6320-3030, 7320-2531, 7320-2631, 7320-3030, 7320-3130, 7320-6000 and 7320-6060; Firmware Version: 7.3)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/15/2010 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #993, #1082, #1083 and #1085); Triple-DES (Cert. #774); SHS (Certs. #959 and #1017); HMAC (Certs. #559 and #607); RNG (Cert. #562); RSA (Cert. #477)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Blowcrypt; MD5; RC4

Multi-chip standalone

"Tropos's single/multi-radio, wireless 802.11 a/b/g/n Wireless IP Mesh routers provide a secure, high-performance, easy to deploy, and cost-effective networking solution for outdoor environments. Tropos routers support IEEE 802.1X and 802.11i with AES encryption and secure EAP types while operating in FIPS 140-2 mode."
1244 Tropos Networks
555 Del Rey Ave.
Sunnyvale, CA 94085
USA

-Michael Ren
TEL: 408-331-6809
FAX: 408-331-6801

-Sreedhar Kamishetti
TEL: 408-331-6881
FAX: 408-331-6801

CST Lab: NVLAP 200427-0

Tropos Wireless IP Mobile Router
(Hardware Version: 4210-2100; Firmware Version: 7.3)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/15/2010 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #993 and #1082); Triple-DES (Cert. #774); SHS (Cert. #959); HMAC (Cert. #559); RNG (Cert. #562); RSA (Cert. #477)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Blowcrypt; MD5; RC4

Multi-chip standalone

"Tropos's single/multi-radio, wireless 802.11 b/g Wireless IP Mobile routers provide a secure, high-performance, easy to deploy, and cost-effective networking solution for outdoor environments. Tropos routers support IEEE 802.1X and 802.11i with AES encryption and secure EAP types while operating in FIPS 140-2 mode."
1240 Asigra, Inc.
1120 Finch Avenue West
Suite 400
Toronto, Ontario M3J 3H7
Canada

-David Farajun
TEL: 416-736-8111 ext 100
FAX: 416-736-7120

CST Lab: NVLAP 200427-0

AsigraEncModule Encryption Library
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Certificate

Software 01/12/2010 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (32-bit) Enterprise Edition, 5.2.3790, Service Pack 2; Microsoft Windows Server 2003 (64-bit), Standard Edition, 5.2.3790, Service Pack 1; RedHat Enterprise Linux 5 (32-bit), Update 6; RedHat Enterprise Linux 5 (64-bit), Update 6; Mac OS X, 10.5 (single user mode)

-FIPS Approved algorithms: AES (Cert. #968); SHS (Cert. #938); HMAC (Cert. #541); RNG (Cert. #546)

-Other algorithms: N/A

Multi-chip standalone

"The AsigraEncModule ("Cryptographic Module" or "Module") is a cryptographic library for C++ language users providing hash algorithms, AES symmetric encryption algorithms and random number generation."
1238 Nexus Wireless
Artists Cour
15 Manette Street
London, W1D 4AP
United Kingdom

-Paul Richards
TEL: +44-207-734-0200
FAX: +44-207-734-0210

CST Lab: NVLAP 200416-0

Nexus FIPS 140-2 Crypto Module
(Hardware Version: 1.0; Firmware Versions: ES0408_RL01_R1_00_000 version 1.00.000 and ES0408_RL02_R1_00_000 version 1.00.000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Certificate

Hardware 01/05/2010 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #914); DSA (Cert. #337); SHS (Certs. #901 and #928); HMAC (Cert. #533); RNG (Cert. #524)

-Other algorithms: DES; AES MAC (AES Cert. #914, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Nexus FIPS140-2 Crypto Module is a single-board security module designed to conform to FIPS140-2 standards and primarily intended for use in P25 radio equipment. The module supports both KFD and KMF management implementations, including a dedicated 3-wire KFD interface. It includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSKEK keys in non-volatile memory within the FIPS module, with protection from unauthorized disclosure or modification. The FIPS Module executes encryption and decryption of P25 Phase 1 voice and data."


Need Assistance?