CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
All

Last Updated: 4/19/2017

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Validation
Date
Sunset
Date
Level / Description
1472Enova Technology Corporation
1st Floor, #11, R & D 2nd Road
Science Park
Hsin Chu City, Taiwan 30076
Republic of China

Butz Huang
TEL: +866 3 577 2773
FAX: +886 3 577 2770

CST Lab: NVLAP 100432-0
X-Wall MX-256C
(Hardware Version: X-Wall MX-256C; Firmware Version: 1.1.0)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware12/28/2010
12/05/2016
12/4/2021Overall Level: 1

-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #250)

-Other algorithms: N/A

Single-chip

"The patented X-Wall MX-256C (MX-256C) ASIC is the 7th gen of Enova X-Wall real-time Full Disk Encryption technology. Engineered specifically to encrypt entire drive (MBR, FAT, and OS) at SATA wire speed (sustained AES 256-bit throughput of 120MB/sec). MX-256C, a SATA to SATA chip engineered to include the full SATA protocol stacks, is transparent to host/drive. Authentication is separated from the core design of the MX-256C and can be versatile which may include Smartcard, Pre-boot PIN, TPM or Fingerprint. The MX-256C contains no NVM. Therefore at each power on reset authentication is needed."
1471Enova Technology Corporation
1st Floor, #11, R & D 2nd Road
Science Park
Hsin Chu, Taiwan 30076
Republic of China

Butz Huang
TEL: +866 3 577 2773
FAX: +886 3 577 2770

CST Lab: NVLAP 100432-0
X-Wall MX-256
(Hardware Version: X-Wall MX-256; Firmware Version: 1.1.0)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware12/28/2010
12/05/2016
12/4/2021Overall Level: 1

-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #60)

-Other algorithms: N/A

Single-chip

"The patented X-Wall MX-256 (MX-256) ASIC is the 7th gen of Enova X-Wall real-time Full Disk Encryption technology. Engineered specifically to encrypt entire drive (MBR, FAT, and OS) at SATA wire speed (sustained AES 256-bit throughput of 120MB/sec).MX-256, a SATA to SATA chip engineered to include the full SATA protocol stacks, is transparent to host/drive. Authentication is separated from the core design of the MX-256 and can be versatile which may include Smartcard, Pre-boot PIN, TPM or Fingerprint. The MX-256 contains no NVM. Therefore at each power on reset authentication is needed."
1413Icom Inc.
1-1-32, Kamiminami
Hirano-Ku, Osaka 547-0003
Japan

Masaaki Takahashi
TEL: 425-450-6043



CST Lab: NVLAP 200427-0
UT-125 FIPS #11 and UT-125 FIPS #21 Cryptographic Module
(Hardware Versions: 1.1, 2.1; Firmware Version: 1.1)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware09/28/2010
03/11/2016
04/19/2017
3/10/2021Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3842); DRBG (Cert. #1087); HMAC (Cert. #2492); SHS (Cert. #3165)

-Other algorithms: AES MAC (AES Cert. #3842, vendor affirmed; P25 AES OTAR); DES; DES-MAC; RNG

Multi-Chip Embedded

"The UT-125 FIPS #11 and UT-125 FIPS #21 are optional units available for Icom radios that provide secure voice and data capabilities as well as APCO OTAR and advanced key management."
1369Cavium Networks
805 E. Middlefield Road
Mountain View, CA 94043
USA

TA Ramanujam
TEL: 650-623-7039
FAX: 650-625-9751

CST Lab: NVLAP 100432-0
NITROX XL 1600-NFBE HSM Family
(Hardware Versions: CN1620-NFBE1NIC-2.0-G [1], CN1620-NFBE2NIC-2.0-G [1], CN1620-NFBE3NIC-2.0-G [1], CN1610-NFBE1NIC-2.0-G [1], CN1620-NFBE1NIC-2.0-FW1.2-G [2], CN1620-NFBE2NIC-2.0-FW1.2-G [2], CN1620-NFBE3NIC-2.0-FW1.2-G [2], CN1610-NFBE1NIC-2.0-FW1.2-G [2], CN1620-NFBE1-2.0-G [1], CN1620-NFBE2-2.0-G [1], CN1620-NFBE3-2.0-G [1], CN1610-NFBE1-2.0-G [1], CN1620-NFBE1-2.0-FW1.2-G [2], CN1620-NFBE2-2.0-FW1.2-G [2], CN1620-NFBE3-2.0-FW1.2-G [2], CN1610-NFBE1-2.0-FW1.2-G [2], CN1620-NFBE1-3.0-FW1.1-G [1], CN1620-NFBE2-3.0-FW1.1-G [1], CN1620-NFBE3-3.0-FW1.1-G [1], CN1620-NFBE1-3.0-FW1.2-G [2], CN1620-NFBE2-3.0-FW1.2-G [2] and CN1620-NFBE3-3.0-FW1.2-G [2]; Firmware Versions: CN16XX-NFBE-FW-1.1-160628 [1] and CN16XX-NFBE-FW-1.2-160627 [2])
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware07/21/2010
12/06/2010
12/27/2012
07/24/2014
01/11/2017
1/10/2022Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1265 and #1266); DRBG (Cert. #32); ECDSA (Cert. #150); HMAC (Cert. #736); KAS (Cert. #5); RSA (Cert. #607); SHS (Certs. #1165 and #1166); Triple-DES (Cert. #898)

-Other algorithms: AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); MD5; PBE; RC4

Multi-chip embedded

"The NITROX XL 1600-NFBE HSM adapter family delivers the worldÆs fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets"
1363Ipswitch, Inc.
83 Hartwell Ave
Lexington, MA 02421
USA

Mark Riordan
TEL: 608-824-3632

CST Lab: NVLAP 200427-0
MOVEit Crypto
(Software Version: 1.2.0.0)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Software07/12/2010
04/26/2016
04/27/2016
4/26/2021Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Red Hat Enterprise Linux 5 (x86)
Red Hat Enterprise Linux 5 (x64)
Windows Server 2008 (x86)
Windows Server 2008 (x64) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1226); HMAC (Cert. #716); SHS (Cert. #1126)

-Other algorithms: HMAC-MD5; MD5; RNG

Multi-chip standalone

"MOVEit Crypto is a compact and fast dynamically-linked library for Windows and Linux. It provides AES encryption, SHA-1 and SHA-2 hashing, and pseudo-random number generation. Both 32-bit and 64-bit versions are available for each operating system. MOVEit Crypto is a member of the MOVEit security and file transfer product family."
1324Comtech Mobile Datacom Corporation
20430 Century Boulevard
Germantown, MD 20874
USA

Saad Anis
TEL: 240-686-3363
FAX: 240-686-3301

Stratis Marneris
TEL: 240-686-3371

CST Lab: NVLAP 200427-0
Transceiver Cryptographic Module (TCM)
(Hardware Version: C80101 Rev. 2; Firmware Version: 0.1.L)
(When operated in FIPS mode)

Validated to FIPS 140-2

Certificate

Security Policy
Hardware07/12/2010
04/18/2016
4/17/2021Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #1201); HMAC (Cert. #698); SHS (Cert. #1106); Triple-DES (Cert. #869)

-Other algorithms: DES; Towitko MAC

Multi-chip embedded

"The Transceiver Cryptographic Module is a compact hardware module with a firmware component for implementation of cryptographic algorithms. The Crypto Module, in connetion with Comtech's ASDR Transceiver, enables secure over-the-air communications. The module provides a serial interface for communication over a pair of SPI ports."
1322Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Sales
TEL: 888-744-4976

CST Lab: NVLAP 100432-0
TSPP
(Hardware Versions: P/Ns TSPP-A and TSPP-B Version 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4 or 1.0.5; Firmware Version: 1.10.2)

Validated to FIPS 140-2

Certificate

Security Policy

Vendor Product Link
Hardware06/22/2010
03/28/2011
04/12/2011
11/08/2011
01/11/2012
07/09/2012
03/28/2013
01/30/2017
1/29/2022Overall Level: 3

-FIPS Approved algorithms: DSA (Cert. #375); SHS (Cert. #1071)

-Other algorithms: N/A

Multi-chip embedded

"Thales' TSPP is the multi-chip embedded cryptographic module in its payShield 9000 family of hardware security modules used in the Banking and Finance sector for securing card-based payment transactions. The product family is also used to provide dedicated functionality for key management and message security using algorithms such as Triple-DES, RSA, SHA, HMAC, and AES. TSPP contains a secure bootstrap that authenticates application loading using DSA 2048, so that only application software written by and "signed" by Thales can be loaded and run on TSPP-based products."
1240Asigra, Inc.
1120 Finch Avenue West
Suite 400
Toronto, Ontario M3J 3H7
Canada

David Farajun
TEL: 416-736-8111 ext 1800
FAX: 416-736-7120

CST Lab: NVLAP 200427-0
AsigraEncModule Encryption Library
(Software Version: 1.0)

Validated to FIPS 140-2

Certificate

Security Policy
Software01/12/2010
06/03/2016
6/2/2021Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with Microsoft Windows Server 2003 (32-bit) Enterprise Edition, 5.2.3790, Service Pack 2
Microsoft Windows Server 2003 (64-bit), Standard Edition, 5.2.3790, Service Pack 1
RedHat Enterprise Linux 5 (32-bit), Update 6
RedHat Enterprise Linux 5 (64-bit), Update 6
Mac OS X, 10.5 (single user mode)

-FIPS Approved algorithms: AES (Cert. #968); SHS (Cert. #938); HMAC (Cert. #541)

-Other algorithms: PRNG

Multi-chip standalone

"The AsigraEncModule ("Cryptographic Module" or "Module") is a cryptographic library for C++ language users providing hash algorithms, AES symmetric encryption algorithms and random number generation."