CMVP Main Page

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

*** NOTE: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the module vendor.

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#	Vendor / CST Lab	Cryptographic Module	Module Type	Val. Date	Level / Description
1662	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 4150F (Hardware Version: NSA-4150-FWEX-FRR and Seal Kit: SAC-4150F-FIPS-KT; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/29/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1661	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 2150F (Hardware Version: NSA-2150-FWEX-F and Seal Kit: SAC-2150F-FIPS-KT; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/29/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications"
1660	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 1100F (Hardware Version: NSA-1100-FWEX-F and Seal Kit: SAC-1100F-FIPS-KT; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/29/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1659	A10 Networks, Inc. 2309 Bering Drive San Jose, CA 95131 USA -John Chiong TEL: 408-325-8668 FAX: 408-325-8666 CST Lab: NVLAP 200648-0	AX Series Advanced Traffic Manager AX2500, AX2600-GCF, AX3000-GCF, AX3000-11-GCF, AX5100, AX5200 and AX5200-11 (Hardware Versions: AX2500, AX2600-GCF, AX3000-GCF, AX5100 and AX5200; Firmware Version: R261-GR1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/29/2011; 06/14/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #1092, #1124, #1128 and #1129); AES (Certs. #1693, #1739 and #1740); SHS (Certs. #1480, #1519, #1524 and #1525); HMAC (Certs. #985, #1011, #1016 and #1017); RSA (Certs. #829, #858, #862 and #863); RNG (Certs. #900 and #933) -Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The AX Series Advanced Traffic Manager is designed to meet the growing demands of Web sites, carriers and enterprises. The AX offers intelligent Layer 4-7 application processing capabilities with industry-leading performance and scalability to meet critical business requirements at competitive prices. AX Series’ standard redundant components and high availability design ensure organizations non-stop service availability for all types of applications."
1658	Samsung Electronics San #16 Banwol-Dong Hwasung-City, Gyeonggi-Do 445-701 Republic of Korea -Jisoo Kim TEL: +82-31-208-3870 FAX: +82-10-3204-4201 CST Lab: NVLAP 200648-0	Samsung SSD PM810 SED FIPS 140 Module (Hardware Versions: MZ5PA128HMCD-010D9 and MZ5PA256HMDR-010D9; Firmware Version: AXM96D1Q) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/29/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1637); SHS (Cert. #1442); HMAC (Cert. #963); RNG (Cert. #878) -Other algorithms: N/A Multi-chip standalone "SAMSUNG SSD PM810 SED FIPS 140 Module provides high-performance AES-256 cryptographic encryption and decryption of the data stored in NAND Flash via SATA interface. The PM810 encryption/decryption creates no degradation in performance compared to non-encrypted SSD. The PM810 supports both the ATA Security Feature Set and TCG Opal SSC. Security Functionalities include user authentication for access control via ISV TCG Opal support, user data encryption for data protection, and instantaneous sanitization of user drive data via cryptographic erase for repurposing or disposal."
1657	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Catalyst 3560-X and 3750-X Switches (Hardware Versions: (WS-C3560X-24P, WS-C3560X-24T, WS-C3560X-48P, WS-C3560X-48PF, WS-C3560X-48T, WS-C3750X-12S, WS-C3750X-24P, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P, WS-C3750X-48PF, WS-C3750X-48T, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK, C3KX-NM-10GT) with FIPS Kit (C3KX-FIPS-KIT); Firmware Version: 15.0(1)SE2) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/22/2011; 02/23/2012; 05/29/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1024, #1275 and #1749); HMAC (Cert. #1026); RNG (Cert. #932); RSA (Cert. #869); SHS (Cert. #1536); Triple-DES (Cert. #1133) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); AES (Cert. #1749, key wrapping; key establishment methodology provides 128 bits or 256 bits of encryption strength) Multi-chip standalone "Cisco Catalyst 3750-X and 3650-X Series Switches are enterprise-class stackable switches that provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as Cisco StackPower, Power over Ethernet Plus (PoE+), optional network modules, redundant power supplies, and MAC security. The Catalyst 3750-X and 3650-X Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev"
1656	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	Luna® PCI Cryptographic Module for Luna® IS and RSS (Hardware Version: VBD-03-0100; Firmware Versions: 5.2.7 and 5.2.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/22/2011; 01/11/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510, #1737 and #1738); DSA (Certs. #542 and #543); ECDSA (Certs. #228 and #229); HMAC (Certs. #1014 and #1015); RNG (Certs. #925 and #926); RSA (Certs. #860 and #861); SHS (Certs. #1522 and #1523); Triple-DES (Certs. #520, #1126 and #1127); Triple-DES MAC (Triple DES Cert. #520; vendor affirmed) -Other algorithms: AES MAC (Certs. #510, #910 and #913; non-compliant); CAST5; CAST5-MAC; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HAS-160; HAS-160 MAC; KCDSA; MD2; MD5; RC2; RC4; RC5; SEED; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip embedded "The Luna® PCI for Luna® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
1655	Concepteers, LLC 121 Newark Ave Suite 204 Jersey City, NJ 07302 USA -David Van TEL: 201-221-3052 FAX: 201-844-6262 CST Lab: NVLAP 200556-0	Concepteers Teleconsole TCS6U4W (Hardware Version: A2; Firmware Version: 2.0) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	12/15/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (1) (Cert. #1544); Triple-DES (Cert. #1014); SHS (Cert. #1369); DSA (Cert. #476); RSA (Cert. #747); HMAC (Cert. #895); RNG (Cert. #832) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); AES (2) (non-compliant); RC4; Multi-chip standalone "The Teleconsole S6U4W is a small form factor network appliance providing Secure Remote Diagnostic Access (SRDA) to virtually any technology equipment (IT, Medical, Utilities (SCADA), Manufacturing, Retail (POS) and more). The unified, cross-platform solution is vendor independent and provides Authentication, Authorization, Access and Audit on a single platform to streamline access provisioning, security enforcement and user activity tracking for compliance."
1654	Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA -Michael Hong TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200648-0	Brocade Mobility 7131N Dual-Radio 802.11n FIPS Access Point BR-AP7131N66040FGR and BR-AP7131N66040FWW (Hardware Versions: BR-AP7131N66040FGR and BR-AP7131N66040FWW; Firmware Version: AP7131N v4.0.1.0-003GRN) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/15/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #831 and #832); AES (Certs. #1147, #1148, #1149 and #1150); SHS (Certs. #1063 and #1064); HMAC (Certs. #652 and #653); RSA (Cert. #543); RNG (Certs. #635 and #636) -Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); AES (non-compliant); SHS (non-compliant) Multi-chip standalone "Brocade Mobility 7131N Dual-radio 802.11n FIPS Access Point delivers the throughput, coverage and resiliency required to build an all-wireless enterprise. The design provides simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and non-data applications such as Wireless IPS"
1653	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Sakthikumar Subramanian TEL: 408-346-3249 FAX: 408-346-5335 CST Lab: NVLAP 100432-0	Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050 and M-6050 (Hardware Versions: P/Ns M-1250 Version 1.10 [1], M-1450 Version 1.10 [1], M-2750 Version 1.50 [1], M-2850 Version 1.00 [1], M-2950 Version 1.00 [1], M-3050 Version 1.20 [1], M-4050 Version 1.20 [2] and M-6050 Version 1.40 [2]; FIPS Kit P/Ns IAC-FIPS-KT2 [1] and IAC-FIPS-KT7 [2]; Firmware Version: 6.1.15.35) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/15/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC MD5; MD5 Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1652	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	SSG 5 and SSG 20 (Hardware Versions: (SSG-5-SB, SSG-5-SB-BT, SSG-5-SB-M, SSG-5-SH, SSG-5-SH-BT, SSG-5-SH-M , SSG-20-SB and SSG-20-SH) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	12/15/2011; 07/24/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1061); AES (Cert. #1620); DSA (Cert. #507); SHS (Cert. #1429); RNG (Cert. #868); RSA (Cert. #798); HMAC (Cert. #951); ECDSA (Cert. #205) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of security); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1650	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Unified IP Phone 6921, 6941, 6945 and 6961 (Hardware Versions: 6921: 5, 6941: 5, 6945: 4 and 6961: 4; Firmware Version: 9.2(1)SR1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/14/2011; 02/23/2012	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1746, #1748 and #1751); HMAC (Certs. #1023, #1025 and #1028); RNG (Cert. #930); RSA (Cert. #867); SHS (Certs. #1533, #1535 and #1538); Triple-DES (Cert. #1131) -Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The Cisco Unified IP Phones 6921, 6941, 6945, and 6961 deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1649	AirTight Networks, Inc. 339 N. Bernardo Avenue Suite 200 Mountain View, CA 94043 USA -Hemant Chaskar TEL: 650-961-1111 FAX: 650-961-1169 CST Lab: NVLAP 200002-0	SpectraGuard® Enterprise Server (Firmware Version: 6.5.35) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	12/14/2011; 01/31/2012	Overall Level: 1  -Tested: AirTight SA-350 Spectraguard Enterprise Appliance with CentOS 5.2 -FIPS-approved algorithms: AES (Cert. #1545); Triple-DES (Cert. #1015 ); RSA (Cert. #748); DSA (Cert. #477); SHS (Cert. #1370); HMAC (Cert. #896); RNG (Cert. #833) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 178 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 270 bits of encryption strength); RSA (non-compliant); DSA (non-compliant); AES-CTR (non-compliant); ARC4; Blowfish-CBC; CAST128; ARC4-256; ARC4-128; RC2; RC4; DES; IDEA; HMAC-SHA1-96 (non-compliant); HMAC-MD5; HMAC-MD5-96; UMAC-64; RIPEMD-160 Multi-chip standalone "The implementation performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks"
1648	Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea -Ross Choi TEL: 972-761-7628 -Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200658-0	Samsung Kernel Crypto API Cryptographic Module (Software Versions: LK2.6.35.7_AGB_v1.2 and LK2.6.36.3_AHC_v1.2) (When operated in FIPS mode and only on the specific platforms specified on the reverse) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	12/14/2011	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Android Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2 U1); Android Honeycomb w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1732 and #1733); SHS (Certs. #1516 and #1517); RNG (Certs. #921 and #922); Triple-DES (Certs. #1120 and #1121); HMAC (Certs. #1008 and #1009) -Other algorithms: DES; AES-CTS (non-compliant); Triple-DES (CTR; non-compliant); Twofish; AEAD; MD5; ansi_cprng; ARC4; GHASH (GCM hash) Multi-chip standalone "Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
1647	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Unified IP Phone 6901 and 6911 (Hardware Versions: 6901 and 6911: 1.0; Firmware Version: 9.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/22/2011; 02/23/2012	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1746 and #1748); HMAC (Certs. #1023 and #1025); RNG (Cert. #930); RSA (Cert. #867); SHS (Certs. #1533 and #1535); Triple-DES (Cert. #1131) -Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The Cisco Unified IP Phones 6901 and 6911deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1646	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -Sakthikumar Subramanian TEL: 408-346-3249 FAX: 408-346-5335 CST Lab: NVLAP 100432-0	Network Security Platform Sensor M-8000 P (Hardware Version: P/N M-8000 P, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 6.1.15.35) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/06/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1645	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Web Gateway WG5000 and WG5500 Appliances (Hardware Versions: 5000 [1] and 5500 [2]; EWG-5000-FIPS-KIT [1] and EWG-5500-FIPS-KIT [2]; Firmware Version: 7.1.0) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1 of the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/15/2011; 01/17/2012; 08/24/2012; 08/24/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1625 and #1633); Triple-DES (Certs. #1065 and #1069); DSA (Certs. #511 and #514); RSA (Certs. #803 and #807); SHS (Certs. #1434 and #1438); HMAC (Certs. #956 and #960); RNG (Certs. #872 and #875) -Other algorithms: MD4; MD5; RC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today’s most demanding enterprises. McAfee Web Gateway WG5000 and WG5500 Appliances deliver scalable deployment flexibility and performance. McAfee Web Gateway WG5000 and WG5500 Appliances deliver comprehensive security for all aspects of Web 2.0 traffic."
1644	VMware, Inc. 3401 Hillview Avenue Palo Alto, CA 94304 USA -Pam Takahama TEL: 650-427-2063 CST Lab: NVLAP 200556-0	PCoIP Cryptographic Module for VMware View (Software Version: 3.5.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	12/06/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP running on a Dell Poweredge 2850; Microsoft Windows XP running on a Dell Optiplex GX260; Red Hat Enterprise Linux (RHEL) 5.1 running on a Dell Poweredge 2850 -FIPS-approved algorithms: AES (Certs. #1639, #1640 and #1642); SHS (Cert. #1443); RNG (Cert. #879); HMAC (Cert. #964) -Other algorithms: Salsa12; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The PCoIP Cryptographic module for VMware View is a multi-chip standalone cryptographic module evaluated for use on a standard General Purpose Computer (GPC) platform. The overal security level is Level 2. The module consists of a single shared library which is used by both the PCoIP server and the PCoIP client applications."
1643	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Common Cryptographic Module (C3M) (Software Version: 0.9.8r.1.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/29/2011; 02/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with FreeBSD 8.2 (32-bit and 64-bit); Red Hat Enterprise Linux v5 (32-bit and 64-bit); Linux Kernel 2.6.27.7; Yellow Dog Linux 6.2; Windows 7 SP1 (32-bit and 64-bit); Mac OS X 10.6 (32-bit and 64-bit); Openwall Linux 3.0 (32-bit); Android 2.3.3 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1759); DSA (Cert. #550); ECDSA (Cert. #234); HMAC (Cert. #1031); RNG (Cert. #937); RSA (Cert. #876); SHS (Cert. #1544); Triple-DES (Cert. #1139) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength) Multi-chip standalone "The Cisco Common Cryptographic Module (C3M) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols."
1642	U.S. Department of State 301 4th Street SW SA-44 Washington, DC 20547 USA -Paul Newton TEL: 202-203-5153 FAX: 202-203-7669 CST Lab: NVLAP 100432-0	PKI BLADE Cosmo (Hardware Version: P/N B0; Firmware Version: FC10 (with op-code 071964) with ID-One PIV Applet Suite V2.3.2-a and PKI BLADE Applet V1.2) (PIV Card Application: Cert. #25) (When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.6) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/21/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); AES (Cert. #840); RNG (Cert. #480); RSA (Cert. #403); ECDSA (Cert. #94); SHS (Cert. #833); CVL (Cert. #3) -Other algorithms: Triple-DES (Cert. #698, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #840, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #840; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Single-chip "The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using fingerprint biometrics."
1641	Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA -James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0	Mocana Cryptographic Suite B Module (Software Version: 5.4fm) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/17/2011; 05/29/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Android 2.3; Android 4.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1757); Triple-DES (Cert. #1138); SHS (Cert. #1543); HMAC (Cert. #1030); RSA (Cert. #875); DSA (Cert. #549); RNG (Cert. #936) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant) Multi-chip standalone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1640	Watchdata Technologies Pte Ltd No.2 Yandong Business Park Wanhong West Street Capital Airport Road Beijing, Chaoyang District 100015 People's Republic of China -Bai Jing CST Lab: NVLAP 200658-0	WatchKey USB Token (Hardware Version: K6 with Z32L256D32U and K003010A; Firmware Version: 360C6702) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	11/17/2011	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #1616); Triple-DES (Cert. #1057); RSA (Cert. #794); DRBG (Cert. #85); SHS (Cert. #1425) -Other algorithms: SHA-1 (non-compliant) Multi-chip standalone "The WatchKey USB token provides digital signature generation and verification for online authentication of online transactions and data encryption/decryption to online service users."
1639	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 5940 Embedded Services Routers (Hardware Versions: Cisco 5940 ESR air-cooled card and Cisco 5940 ESR conduction-cooled card; Firmware Version: 15.2(3)GC) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/16/2011; 02/23/2012; 07/18/2012; 02/08/2013	Overall Level: 1  -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #962, #1535 and #1643); DRBG (Cert. #89); HMAC (Certs. #537 and #965); RSA (Cert. #811); SHS (Certs. #933 and #1444); Triple-DES (Certs. #757 and #1073) -Other algorithms: DES; DES MAC; HMAC-MD5; MD4; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength) Multi-chip embedded "The Cisco 5940 is a high-performance, ruggedized router. With onboard hardware encryption, the Cisco 5940 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The Cisco 5940 Embedded Services Routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The Cisco 5940 Router Card uses industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology."
1638	Chunghwa Telecom Co., Ltd. Telecommunication Laboratories 12, Lane 551, Min-Tsu Road SEC.5, Yang-Mei, Taoyuan, Taiwan 326 Republic of China -Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 -Char-Shin Miou TEL: +886-3-424-4381 FAX: +886-3-424-4129 CST Lab: NVLAP 200928-0	HiKey - Flash and HiKey PKI Token (Hardware Versions: 2.0 and 2.1; Software Version: Card OS version 3.2 with PKI Applet: 2.1; Firmware Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/16/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1710); Triple-DES (Cert. #1100); Triple-DES MAC (Triple-DES Cert. #1100, vendor affirmed); SHS (Cert. #1493); HMAC (Cert. #988); DRBG (Cert. #106); RSA (Cert. #839) -Other algorithms: MD5; HMAC-MD5; RIPEMD 160; HMAC-RIPEMD 160; RSA (encrypt/decrypt); AES MAC (AES Cert. #1710; non-compliant) Multi-chip standalone "The HiKey Flash and HiKey PKI Token modules are multi-chip standalone implementations of a cryptographic module. The Hikey - Flash and HiKey PKI Token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HiKey - Flash and HiKey PKI Token cryptographic modules contain an implementation of the Global Platform (GP) Version 2.1.1 specification defining a secure infrastructure for post-issuance programmable smart cards."
1637	Certicom Corp. 5520 Explorer Drive Fourth Floor Mississauga, Ontario L4W 5L1 Canada -Mike Harvey TEL: 905-507-4220 FAX: 905-507-4230 -Worldwide Sales & Marketing Headquarters TEL: 703-234-2357 FAX: 703-234-2356 CST Lab: NVLAP 200556-0	Security Builder® FIPS Java Module (Software Versions: 2.8 and 2.8.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/16/2011; 08/24/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10, 32-bit; Solaris 10, 64-bit; Red Hat Linux AS 5.5, 32-bit; Red Hat Linux AS 5.5, 64-bit; Windows Vista, 32-bit; Windows Vista, 64-bit; Windows 2008 Server, 64-bit (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #964); AES (Cert. #1411); SHS (Cert. #1281); HMAC (Cert. #832); RNG (Cert. #773); DSA (Cert. #455); ECDSA (Cert. #179); RSA (Cert. #687); DRBG (Cert. #52); KAS (Cert. #8) -Other algorithms: ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
1636	Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA -David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0	Seagate Secure Constellation® ES [16-25] and Constellation®.2 [1-15] Self-Encrypting Drives FIPS 140 Module (Hardware Versions: 9XU268 [1, 6], 9XU268-251 [2, 7, 9, 11], 9XU268-257 [3, 8, 10, 12, 13], 9XU268-047 [4], 9XU268-090 [5], 9XU264 [1, 6], 9XU264-251 [2, 7, 9, 11], 9XU264-257 [3, 8, 10, 12, 13], 9XU264-047 [4], 9XU264-090 [5], 9XU168 [14, 15], 9XU164 [14, 15], 9XU162 [14, 15], 1AV268 [16, 18], 1AV264 [16, 18], 1AV264-257 [17, 20, 22], 1AV264-251 [19, 21, 23], 1AV262 [16, 18], 1AV168 [24, 25], 1AV164 [24, 25] and 1AV162 [24, 25]; Firmware Versions: A002 [1], ASF2 [2], ANF1 [3], NS01 [4], QF70 [5], 0003 [6, 14], ASF5 [7], AEF3 [8], ASF8 [9], AEF5 [10], ASF9 [11], AEF6 [12], AEF7 [13], 0002 [14, 18, 25], A001 [16, 24], PNF0 [17], PSF1 [19], and PEF3 [20], PSF4 [21], PEF4 [22] and PSF5 [23]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/10/2011; 03/14/2012: 06/21/2012; 10/17/2012; 12/12/2012; 01/25/2013	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1416, #1417 and #1343); DRBG (Cert. #62); SHS (Cert. #1225); RSA (Cert. #650) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in Seagate Constellation®.2 and Constellation® ES SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1635	Seagate Technology LLC 1280 Disc Drive Shakopee, MN 55379 USA -David R Kaiser, PMP TEL: 952-402-2356 FAX: 952-402-1273 CST Lab: NVLAP 200427-0	Seagate Secure Constellation® ES.2 [30-49], Savvio® 10K.5 [1-19] and Savvio® 15K.3 [20-29] Self-Encrypting Drives FIPS 140 Module (Hardware Versions: 9XS066 [1, 7], 9XS066-251 [2, 8, 13, 16], 9XS066-257 [3, 9, 14, 17, 18], 9XS066-047 [4], 9XS066-090 [5, 11], 9XS066-031 [10, 19], 9XS066-037 [10, 19], 9XS066-046 [12], 9XR066 [1, 7], 9XR066-251 [2, 8, 13, 16], 9XR066-257 [3, 9, 14, 17, 18], 9XR066-047 [4], 9XR066-090 [5, 11], 9XR066-038 [6, 15], 9XR066-046 [12], 9XP066 [1, 7], 9XP066-047 [4], 9XP066-090 [5, 11], 9XP066-046 [12], 9XN066 [1, 7], 9XN066-251 [2, 8, 13, 16], 9XN066-257 [3, 9, 14, 17, 18], 9XN066-047 [4], 9XN066-090 [5, 11], 9XN066-046 [12], 9XM066 [20, 23], 9XM066-251 [21, 24, 26, 28], 9XM066-257 [22, 25, 27, 29], 9XL066 [20, 23], 9XL066-251 [21, 24, 26, 28], 9XL066-257 [22, 25, 27, 29], 9XT260 [30, 36], 9XT260-251 [31, 37, 41, 44], 9XT260-257 [32, 38, 42, 45, 46], 9XT260-038 [33, 43], 9XT260-047 [34], 9XT260-090 [35], 9XT260-031 [39, 47], 9XT260-037 [39, 47], 9XT260-046 [40], 9XT267 [36] and 9XT160 [48, 49]; Firmware Versions: A002 [1, 20], CSF2 [2], CNF1 [3], NS03 [4], HF72 [5], NA00 [6, 43], 0003 [7, 23], CSF4 [8], CEF3 [9], CE01 [10], HF75 [11], 6E01 [12], CSF7 [13], CEF4 [14], F740 [15], CSF8 [16], CEF5 [17], CEF6 [18], CE06 [19], YSF3 [21], YNF2 [22], YSF5 [24], YEF4 [25], YSF8 [26], YEF5 [27], YSF9 [28], YEF6 [29], 0002 [30], RSF3 [31], RNF3 [32], NQE1 [33], NS01 [34], NF72 [35], 0005 [36], RSF5 [37], REF5 [38], YE01 [39], 6EA1 [40], RSF8 [41], REF6 [42], RSFA [44], REF7 [45], REF8 [46], YE04 [47], F000 [48] and F003 [49]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/10/2011; 11/17/2011; 03/14/2012; 06/21/2012; 10/17/2012; 12/12/2012; 01/25/2013	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1416, #1417 and #1343); DRBG (Cert. #62); SHS (Cert. #1225); RSA (Cert. #650) -Other algorithms: N/A Multi-chip embedded "The Seagate Secure Enterprise Self-Encrypting Drives FIPS 140 Module 2 is embodied in Seagate Constellation® ES.2, Savvio® 15K.3, and Savvio® 10K.5 SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1634	Pierson Capital Technology LLC 129 North La Salle Street Suite 3800 Chicago, IL 60602 USA -Frank Psaila TEL: +86 13501108625 FAX: +86 1085183930 -Likely Lee TEL: +86 13810220119 FAX: +86 1085183930 CST Lab: NVLAP 200658-0	MIIKOO (Hardware Version: D4; Firmware Versions: Device Bootstrap v3.1, Device Application 006262 and Cryptographic Algorithm v2.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/10/2011	Overall Level: 3  -FIPS-approved algorithms: RSA (Cert. #737); Triple-DES (Cert. #1004); SHS (Cert. #1351); HMAC (Cert. #884); DRBG (Cert. #63) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "MIIKOO combines fingerprint recognition and additional cryptography capabilities to generate Dynamic PINs. It is compatible with any type of bank cards by seamlessly providing the added biometrical triggering of dynamic PIN security over the existing financial transaction network."
1633	Doremi Cinema LLC 1020 Chestnut St. Burbank, CA 91506 USA -Jean-Philippe Viollet TEL: 818-562-1101 FAX: 818-562-1109 -Camille Rizko TEL: 818-562-1101 FAX: 818-562-1109 CST Lab: NVLAP 200802-0	Dolphin DCI 1.2 (Hardware Versions: DOLPHIN-DCI-1.2-A0, DOLPHIN-DCI-1.2-A1, DOLPHIN-DCI-1.2-C0 and DOLPHIN-DCI-1.2-C1; Firmware Versions: 2.0.8p, 21.03m-1 and 99.03f) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/10/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #521, #532 and #1252); HMAC (Certs. #271 and #731); SHS (Certs. #593 and #1148); RNG (Certs. #326, #693, #696 and #700); RSA (Certs. #600, #601 and #777) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNGs; MD5; HMAC-MD5 Multi-chip embedded "The Dolphin DCI 1.2 is a PCI-card that provides a standard definition/high definition serial digital interface. This is a Doremi decoder hardware card that contains a JPEG-2000 decoder hardware and BNC serial digital interface connectors used in Doremi Digital Cinema Servers like the DCP-2000. The Dolphin DCI 1.2 utilizes a dual-link encoded serial digital interface for output of DCI compliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e. trailers, advertisement, etc.)."
1632	Samsung Electronics Co., Ltd. 416, Maetan 3-Dong Youngton Gu Suwon, Gyeonggi 152-848 South Korea -Ross Choi TEL: 972-761-7628 -Bumhan Kim TEL: +82-10-4800-6711 CST Lab: NVLAP 200658-0	Samsung Key Management Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	11/10/2011	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Android Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2); Android Honeycomb w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1741 and #1742); SHS (Certs. #1528 and #1529); RNG (Certs. #928 and #929); HMAC (Certs. #1018 and #1019); PBKDF (SP 800-132, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "Provides general purpose key management services to user-space applications on the mobile platform."
1630	Advantor Systems, LLC 12612 Challenge Parkway Suite 300 Orlando, FL 32826 USA -Chuck Perkinson TEL: 407-926-6960 FAX: 407-857-1635 CST Lab: NVLAP 200427-0	Infraguard Processor Module (Hardware Version: 5.1; Firmware Version: 1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/10/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1736); HMAC (Cert. #1013); RNG (Cert. #924); SHS (Cert. #1521) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip embedded "The Infraguard Processor Module (IPM) is a multi-chip, embedded, plug-in encryption module coated with an opaque, tamper evident material. The IPM is used to provide secure LAN and telephone modem communications for Advantor Systems' physical security systems. The IPM is embedded in multiple products, including an alarm panel and an alarm panel receiving product."
1629	Protected Mobility LLC 6259 Executive Blvd Rockville, MD 20852 USA -Paul Benware TEL: 585-582-5601 FAX: 585-582-3297 -Donald Paris TEL: 301-770-4556 FAX: 240-238-6637 CST Lab: NVLAP 200697-0	PMCryptolib (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/16/2011	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with iOS 4.2; iOS 4.3; Android 2.2; Android 2.3; Android 3.0; (single-user mode) -FIPS-approved algorithms: AES (Cert. #1716); SHS (Cert. #1499); DRBG (Cert. #108); HMAC (Cert. #991); ECDSA (Cert. #222) -Other algorithms: Multi-chip standalone "PMCryptolib is a dynamic linked library software module. The module provides cryptographic services through a Application Programming Interface (API)."
1628	NAL Research Corporation 9300 West Courthouse Rd. Suite 102 Manassas, VA 20110 USA -Peter Kormendi TEL: 703-392-1136 CST Lab: NVLAP 200697-0	XM Crypto Module (Firmware Version: 1.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Firmware	11/07/2011	Overall Level: 1  -Tested: A3LA-XM with A3LA-XM OS ver. 1.1.0 -FIPS-approved algorithms: AES (Cert. #1698) -Other algorithms: N/A Multi-chip standalone "A3LA-XM is a modem comprised of the XM Crypto Module encryption board and a communication board. It is designed to transmit AES 256-bit encrypted data via a communication network. The A3LA-XM has an internal micro-controller programmed to monitor the modems connectivity status to prevent hardware lock-up. Similar to a standard landline modem, the A3LA-XM can be controlled by any DTE (data terminal equipment) capable of sending standard AT commands via an RS232 serial or a USB 2.0 port."
1627	Communication Devices Inc. 85 Fulton St., Unit #2 Boonton, NJ 07005-1912 USA -Donald Snook TEL: 973-334-1980 CST Lab: NVLAP 200002-0	Port Authority Series (Hardware Versions: PA111-SA CDI 01-03-0912B, PA111-RM CDI 01-03-0912B, PA155-RM CDI 01-03-0912B and PA199-RM CDI 01-03-0912B; Firmware Version: 10.00.78) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/01/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #1375); SHS (Cert. #1257); HMAC (Cert. #808); RNG (Cert. #758) -Other algorithms: AES (Cert. #1375, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-chip standalone "Secure Out of Band Management appliance with network port, internal modem, and up to 9 serial ports. Allows Secure Out of Band Access to Firewalls, Routers, Network appliances etc.. Supports up to 256 bit AES CFB encryption."
1626	ViaSat UK Ltd. Sanford Lane Wareham, Dorset BH20 4DY United Kingdom -Tim D. Stone TEL: +44 1929 55 44 00 FAX: +44 1929 55 25 25 CST Lab: NVLAP 200556-0	FlagStone Core (Hardware Versions: V2.0.1.1, V2.0.1.2, V2.0.1.3, V2.0.2.1, V2.0.2.2, V2.0.2.3, V2.0.3.3, V2.0.3.4, V2.0.4.5, V2.0.5.3, V2.0.5.4 and V2.0.5.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/31/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #922 and #923); RNG (Cert. #531) -Other algorithms: N/A Multi-chip embedded "The FlagStone Core is a multi-chip embedded cryptographic module used within the Eclypt ranges of drives. The FlagStone Core, and subsequently the Eclypt ranges of drives utilising the FlagStone Core, provide access control and data encryption services to protect access to data stored on a connected HDD/SSD (Hard Disk Drive/Solid Data Drive). All accessible sectors on a drive connected to a FlagStone Core are encrypted. The Eclypt range of drives includes Eclypt, Eclypt Freedom and Eclypt Nano."
1625	Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA -James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0	Mocana Cryptographic Suite B Module (Software Version: 5.3.1v) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/30/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with ThreadX v5.3 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1717); Triple-DES (Cert. #1104); SHS (Cert. #1500); HMAC (Cert. #992); RSA (Cert. #843); DSA (Cert. #529); ECDSA (Cert. #223); RNG (Cert. #910) -Other algorithms: AES (Cert. #1717, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; MD5; HMAC-MD5; RC2; RC4; AES XCBC (non-compliant) Multi-chip standalone "The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1624	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/24/2011; 12/21/2011	Overall Level: 4  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
1623	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/24/2011; 12/21/2011	Overall Level: 4  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
1622	Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA -Kevin Nigh TEL: 412-262-2571 FAX: 919-865-0679 CST Lab: NVLAP 200928-0	CEP10-R, CEP10 VSE and CEP10-C (Hardware Versions: [CEP10-R, PN 410-032-402, A], [CEP10 VSE, PN 410-032-402, A], [CEP10-C, PN 410-032-602, A] and [CEP10 VSE, PN 410-032-602, A]; Firmware Version: 1.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	10/24/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #673, #1089 and #1090); AES (Certs. #779, #1680 and #1681); SHS (Certs. #781, #1466 and #1467); HMAC (Certs. #426, #983 and #984); RSA (Certs. #825 and #826); DSA (Certs. #523 and #524); RNG (Certs. #891 and #892) -Other algorithms: MD5; HMAC-MD5; ARC2; ARC4; AES-XCBC-MAC-96 (non-compliant); DES; Blowfish; AEAD; EC Diffie-Hellman; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 to 150 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the Certes Networks CEP10-R and CEP10 VSE has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP's local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1621	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B (Hardware Versions: 7606-S and 7609-S with SUP720-3B; Firmware Version: 15.1(3)S3) (When operated in FIPS mode with the tamper evident labels and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/28/2011; 02/09/2012; 02/23/2012; 07/09/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #1634); DRBG (Cert. #88); HMAC (Cert. #961); RSA (Cert. #808); SHS (Cert. #1439); Triple-DES (Cert. #1070) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength); DES; DES MAC; HMAC MD5; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Cisco 7606-S and 7609-S routers are designed for deployment at the network edge, where robust performance and IP/Multiprotocol Label Switching services are necessary to meet the requirements of both enterprises and service providers. It enables Carrier Ethernet service providers to deploy an advanced network infrastructure that supports a range of IP video and triple-play (voice, video, and data) system applications in both the residential and business services markets. They also deliver WAN and metropolitan-area network networking solutions at the enterprise edge."
1620	Klas Ltd 1101 30th Street NW Suite 500 Washington, DC 20007 USA -Frank Murray TEL: (866)-263-5467 FAX: (866)-532-3091 CST Lab: NVLAP 100432-0	KlasRouter (Hardware Version: KlasRouter, Versions 3.02 and 3.03; Firmware Version: KlasOS3, Version 3.1.0 rc0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/19/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #1599); Triple-DES (Cert. #1045); HMAC (Cert. #936); SHS (Cert. #1411); ECDSA (Cert. #197); RNG (Cert. #856) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); NDRNG; MD5; HMAC-MD5; DSA (non-compliant) Multi-chip standalone "KlasRouter is a low-power router that provides Virtual Private Networking (including Suite-B algorithms), WAN Acceleration, VLAN and a host of other networking features in a compact package. KlasRouter is standards-based and hence is interoperable with any infastructure and the perfect solution for establishing a remote office in a secure environment."
1619	Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089-1206 USA -Seyed Safakish TEL: 408-745-2000 FAX: 408-745-2100 -Bishakha Banerjee TEL: 408-745-2000 FAX: 408-745-2100 CST Lab: NVLAP 100432-0	FIPS Multi Service PIC (Hardware Versions: PE-MS-100-1, PB-MS-100-1, PB-MS-400-2 and PC-MS-500-3; Firmware Version: 10.4 R1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/19/2011	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #465); Triple-DES (Certs. #482 and #1046); SHS (Certs. #768 and #1414); HMAC (Certs. #416 and #937); RSA (Cert. #783); RNG (Cert. #858) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; DES Multi-chip embedded "The FIPS Multiple Service PIC supports compressed real time protocol (CRTP), high-speed Network Address Translation (NAT), stateful firewall, tunnel services, IPSec encryption and J-Flow accounting today while having built-in headroom to support additional services in the future."
1618	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/18/2011	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1617	Dell, Inc. One Dell Way Round Rock, TX 78682 USA CST Lab: NVLAP 200697-0	Dell PowerConnect J-Series J-SRX100, J-SRX210 and J-SRX240 Services Gateways (Hardware Versions: (J-SRX100B, J-SRX100H, J-SRX210B, J-SRX210BE, J-SRX210H, J-SRX210HE, J-SRX210H-POE, J-SRX210HE-POE, J-SRX240B, J-SRX240H and J-SRX240H-POE) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R3) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	10/06/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #1064); AES (Cert. #1624); DSA (Cert. #510); SHS (Cert. #1433); RNG (Cert. #871); RSA (Cert. #802); HMAC (Cert. #955) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "Dell Inc. J-SRX100, J-SRX210, and J-SRX240 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. Supports Firewall, Ipsec VPN and IPS."
1616	Concepteers, LLC 121 Newark Ave Suite 204 Jersey City, NJ 07302 USA -David Van TEL: 201-221-3052 FAX: 201-844-6262 CST Lab: NVLAP 200556-0	Concepteers Teleconsole E (Hardware Version: rev A1; Firmware Version: 2.0) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	10/05/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1547); Triple-DES (Cert. #1017); SHS (Cert. #1374); DSA (Cert. #479); RSA (Cert. #752); HMAC (Cert. #903); RNG (Cert. #836) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Teleconsole E is an enterprise network appliance providing Secure Remote Diagnostic Access (SRDA) to virtually any technology equipment (IT, Medical, Utilities (SCADA), Manufacturing, Retail (POS) and more). The unified, cross-platform solution is vendor independent and provides Authentication, Authorization, Access and Audit on a single platform to streamline access provisioning, security enforcement and user activity tracking for compliance."
1615	Symantec Corporation 20330 Stevens Creek Blvd. Cupertino, CA 95014 USA -John Bordwine TEL: 703-885-3854 CST Lab: NVLAP 200556-0	Symantec Java Cryptographic Module (Software Version: 1.0) (This module contains the embedded module RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/30/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode) -FIPS-approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389 and vendor affirmed: SP 800-90); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614) -Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE; RIPEMD 160; RNG (X9.31 non-compliant; MD5; SHA-1 non-compliant); RC2; RC4; RC5; RSA OAEP (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5 Multi-chip standalone "The Symantec Java Cryptographic Module provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite."
1614	Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA -James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0	Mocana Cryptographic Suite B Module (Software Version: 5.4f) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/30/2011; 10/26/2011; 11/08/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Vx Works 6.7; Android 2.2; VxWorks 5.5; VxWorks 6.2; VxWorks 6.4; WindRiver 4.0 using Linux 2.6.34 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1505, #1506, #1507, #1509 and #1510); Triple-DES (Cert. #1006); SHS (Cert. #1353); HMAC (Cert. #885); RSA (Cert. #738); DSA (Cert. #472); ECDSA (Cert. #187); RNG (Cert. #819); DRBG (Cert. #64) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt) Multi-chip standalone "The Mocana Cryptographic Suite B Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1613	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks SRX100, SRX210, SRX220, SRX240 and SRX650 Services Gateways (Hardware Versions: (SRX100B, SRX100H, SRX210B, SRX210BE, SRX210H, SRX210HE, SRX210H-POE, SRX210HE-POE, SRX220H, SRX220H-POE, SRX240B, SRX240H, SRX240H-POE, SRX650-BASE-SRE6-645AP and SRX650-BASE-SRE6-645DP) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	10/06/2011; 11/08/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #1064); AES (Cert. #1624); DSA (Cert. #510); SHS (Cert. #1433); RNG (Cert. #871); RSA (Cert. #802); HMAC (Cert. #955) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "SRX100, SRX210, SRX220, SRX240 and SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus and data center applications, are powered by Juniper Networks JUNOS the proven"
1612	Mocana Corporation 350 Sansome Street Suite 1010 San Francisco, CA 94104 USA -James Blaisdell TEL: 415-617-0055 FAX: 415-617-0056 CST Lab: NVLAP 100432-0	Mocana Cryptographic Loadable Kernel Module (Software Version: 5.4f) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/29/2011; 10/26/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Android 2.2; WindRiver 4.0 using Linux 2.6.34 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1505, #1506, #1507, #1509 and #1510); Triple-DES (Cert. #1006); SHS (Cert. #1353); HMAC (Cert. #885); RNG (Cert. #819) -Other algorithms: DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant) Multi-chip standalone "The Mocana Cryptographic Loadable Kernel Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1611	Juniper Networks, Inc. 1194 North Mathilda Ave. Sunnyvale, CA. 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks SRX3400 and SRX3600 Services Gateways (Hardware Versions: (SRX3400BASE-AC, SRX3400BASE-DC, SRX3600BASE-AC and SRX3600BASE-DC) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	10/06/2011; 11/08/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #1032 and #1033); AES (Certs. #1575 and #1577); DSA (Cert. #486); SHS (Certs. #1395 and #1396); RNG (Cert. #849); RSA (Cert. #768); HMAC (Certs. #922 and #923) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "Juniper Networks SRX3000 Series line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX3000 Series line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions."
1610	EMC Corporation 176 South Street Hopkinton, MA 01748 USA -Dan Reddy TEL: 508-249-2733 -Kerry Mahoney TEL: 508-249-4940 FAX: 508-249-3172 CST Lab: NVLAP 200427-0	4 Gb/s FC I/O Module with Encryption (Hardware Version: 303-176-100B B04) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	09/26/2011	Overall Level: 1  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1638) -Other algorithms: AES (Cert. #1638, key wrapping) Multi-chip embedded "Data at Rest Encryption provides hardware-based, back-end encryption for EMC storage systems. Back-end encryption protects information from unauthorized access when drives are physically removed from the system. It also offers a convenient means of decommissioning all drives in the system at once. EMC 4Gb/s Fibre Channel I/O modules implement AES-XTS 256-bit encryption on all drives in the system. These modules encrypt/decrypt data as it is written to and read from a drive. The drives need not be self-encrypting because the I/O module encrypts. All back end drive types are thus supported."
1609	AirTight Networks, Inc. 339 N. Bernardo Avenue Suite 200 Mountain View, CA 94043 USA -Hemant Chaskar TEL: 650-961-1111 FAX: 650-961-1169 CST Lab: NVLAP 200002-0	SpectraGuard® Enterprise Sensor (Hardware Version: SS-300-AT-C-10 with SS-FIPS-TPL; Firmware Version: 6.2.39p1) (When operated in FIPS mode and with tamper evident seals installed over the ventilation openings as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/26/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1310); SHS (Cert. #1199); RNG (Cert. #732); RSA (Cert. #628); HMAC (Cert. #763) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The module performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks."
1608	Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304 USA -Gloria English TEL: 408-447-3979 -Mihai Damian TEL: 408-447-3977 CST Lab: NVLAP 200002-0	NonStop Volume Level Encryption (NSVLE) (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/26/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Debian Linux HPTE Ver. 3.0.0; Debian Linux HPTE Ver. 4.0.0 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1364 and #1365); Triple-DES (Cert. #941); SHS (Cert #1246); RNG (Cert. #751); HMAC (Cert. #800); RSA (Cert. #666) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); MD5 Multi-chip standalone
1607	Verdasys, Inc. 404 Wyman St. Suite 320 Waltham, MA 02451 USA -Harvey Morrison TEL: 781-788-8180 CST Lab: NVLAP 200002-0	Verdasys Secure Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	09/26/2011; 08/24/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit; Windows XP 64-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1384); SHS (Cert. #1261); DRBG (Cert. #50); HMAC (Cert. #814); RSA (Cert. #677) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RNG (non-compliant) Multi-chip standalone "The Verdasys FIPS Kernel Mode Cryptographic Module, VSEC.SYS, is a software module that provides cryptographic services for Digital Guardian's server and endpoint products. The Verdasys FIPS Kernel Mode Cryptographic Module is leveraged in a variety of functions including securing communication, protecting agent components, and file encryption."
1606	Fortress(TM) Technologies 4023 Tampa Road Suite 2200 Oldsmar, FL 34677 USA -Tony Margalis TEL: 813-288-7388 FAX: 813-288-7389 CST Lab: NVLAP 200427-0	Fortress Mesh Points (Hardware Versions: ES210, ES300, ES440, ES520v1, ES520v2 and ES820; Firmware Version: 5.3.1) (When operated in FIPS mode and with the tamper evident seals and glue installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	09/26/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #688, #694 and #1519); DRBG (Cert. #66); HMAC (Certs. #367, #371 and #889); KAS (Cert. #10); RNG (Certs. #402 and #406); RSA (Cert. #439); SHS (Certs. #717, #721 and #1357) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits security strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits security strength); MD5 Multi-chip standalone "The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1605	Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA -Kevin Nigh TEL: 412-262-2571 FAX: 919-865-0679 CST Lab: NVLAP 200928-0	CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE (Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 1.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/26/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #482, #667, #1089 and #1090); AES (Certs. #465, #762, #1680 and #1681); SHS (Certs. #768, #769, #1466 and #1467); HMAC (Certs. #416, #417, #983 and #984); RSA (Certs. #825 and #826); DSA (Certs. #523 and #524); RNG (Certs. #891 and #892) -Other algorithms: MD5; HMAC-MD5; ARC2; ARC4; AES-XCBC-MAC-96 (non-compliant); DES; Blowfish; AEAD; EC Diffie-Hellman; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the Certes Networks CEP has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1604	Centrify Corporation 785 N. Mary Avenue Suite 200 Sunnyvale, CA 94085 USA -Kitty Shih TEL: 408-542-7500 FAX: 408-542-7575 CST Lab: NVLAP 200648-0	Centrify Cryptographic Module (Software Version: 1.0) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/20/2011; 12/01/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Mac OS X 10.6.5; Mac OS X 10.7; RedHat Enterprise Linux ES v5 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #1018 and #1208); AES (Certs. #1554 and #1861); SHS (Certs. #1375 and #1637); HMAC (Certs. #904 and #1108); RSA (Certs. #755 and #941); DSA (Certs. #480 and #580); DRBG (Certs. #69 and #149) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 219 bits of encryption strength) Multi-chip standalone "Centrify Cryptographic Module is a general purpose cryptographic library. The Centrify Cryptographic Module provides the cryptographic services for all Centrify products."
1603	Ciena® Corporation 1201 Winterson Road Linthicum, MD 21090 USA -Mark Kettle TEL: 613-763-2422 FAX: 613-763-7191 -Bao-Chau Nguyen TEL: 613-763-1671 FAX: 613-763-7191 CST Lab: NVLAP 200556-0	Optical Metro 5130 (Hardware Version: Chassis: NTB200BAE5 Rev: 03, S-DNM: NTB211AAE5 Rev: 02, Filler: NTB207BAE5 Rev: 02, and Seal Kit: NTB209LAE6; Firmware Version: 4.00.008.927) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/20/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (1) (Cert. #1462); Triple-DES (Cert. #986); SHS (Cert. #1324); HMAC (Cert. #859); RNG (Cert. #799) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); AES (2) (non-compliant); DES; Blowfish; MD5; OM5130 Key-based scrambler Multi-chip standalone "The OM 5130 cost effectively simplifies and secures data file mobility between data centers. The OM 5130 increases WAN efficiency, natively consolidates data and storage networks onto a common encrypted WAN link and delivers definable time-of-day bandwidth management that allocates bandwidth to the required application at the required time of day."
1602	Juniper Networks, Inc. 1194 North Mathilda Ave. Sunnyvale, CA. 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks SRX5600 and SRX5800 Services Gateways (Hardware Versions: (SRX5600BASE-AC, SRX5600BASE-DC, SRX5800BASE-AC and SRX5800BASE-DC) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/20/2011; 11/08/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #1030 and #1034); AES (Certs. #1573 and #1578); DSA (Cert. #484); SHS (Certs. #1393 and #1397); RNG (Cert. #847); RSA (Cert. #766); HMAC (Certs. #920 and #924) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "Juniper Networks SRX5000 line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX5000 line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions."
1601	McAfee, Inc. 27201 Puerta Real, Suite 400 Mission Viejo, CA 92691 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	McAfee Endpoint Encryption for PCs (Software Version: 5.2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/08/2011; 10/04/2011	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit; Windows Vista 64-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHS (Cert. #1247); RNG (Cert. #752) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG Multi-chip standalone "McAfee Endpoint Encryption for PCs is a Software Only Module which resides on general purpose computer systems. The module is used for whole disk encryption that enables users to secure sensitive data stored on hard disk drives in the event of a lost or stolen workstation or laptop computer. McAfee Endpoint Encryption for PCs is an enterprise class software product that is centrally managed and can be deployed to large heterogeneous enterprise environments."
1600	IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA -William F Penny TEL: 845-435-3010 CST Lab: NVLAP 200658-0	IBM® z/OS® Version 1 Release 12 System SSL Cryptographic Module (Hardware Versions: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Software Version: System SSL level HCPT3C0/JCPT3C1 w/ APAR OA34156, RACF level HRF7770 and ICSF level HCR7770 w/ APAR OA34205; Firmware Version: 4765-001 (e1ced7a0)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software-Hybrid	09/08/2011	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R12] (single-user mode) -FIPS-approved algorithms: AES (Certs. #1702, #1703 and #1713); Triple-DES (Certs. #1093, #1094 and #1103); DSA (Certs. #526 and #527); RSA (Certs. #831, #832, #844, #845 and #846); SHS (Certs. #1485, #1486 and #1497); HMAC (Certs. #986 and #987); RNG (Certs. #901 and #902) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2; ECDSA (non-compliant) Multi-chip standalone "System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1599	STMicroelectronics, Inc. 750 Canton Drive Suite 300 Coppell, TX 75019 USA -Gianfranco Scherini TEL: 408-919-8426 FAX: 408-919-0250 CST Lab: NVLAP 200802-0	HardCache™-SL3/PC v2.1 (Hardware Version: STM7007) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	09/20/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1068); SHS (Cert. #1219); HMAC (Cert. #781); Triple-DES (Cert. #798); ECDSA (Cert. #155); RSA (Cert. #623); RNG (Cert. #725) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Single-chip "The STMicroelectronics HardCache™-SL3/PC v2.1 Cryptographic Module (HW rev STM7007) is a single chip cryptographic module designed as a hardware accelerated encryption engine for computer and peripheral applications. The cryptographic module is targeted for PC applications including desktop client, laptop, and server systems. Benefits compared to competing hardware and software solutions include better overall system performance, low power, and tamper resistant hardware security."
1598	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Bordwine TEL: 703-885-3854 FAX: 301-514-3726 CST Lab: NVLAP 200556-0	Symantec Cross-Platform Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/02/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2003 Server (32-bit); RHEL 5 (32-bit); Solaris 10 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1614); Triple-DES (Cert. #1055); RSA (Cert. #792); DSA (Cert. #502); SHS (Cert. #1423); HMAC (Cert. #946); DRBG (Cert. #83) -Other algorithms: DES; Camellia; SEED; RC2; RC4; MD2; MD5; RSA (Cert. #792, key wrapping; key establishment methodology provides between 80 and 192 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Symantec Cross-Platform Cryptographic Module (SymCPM) is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCPM is implemented in the C programming language and consists of three components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
1597	Bomgar Corporation 578 Highland Colony Parkway Paragon Centre, Suite 300 Ridgeland, MS 39157 USA -Main Office TEL: 601-519-0123 FAX: 601-510-9080 -Victor Wolff TEL: 703-483-5515 FAX: 601-510-9080 CST Lab: NVLAP 200426-0	B200™ and B300™ Remote Support Appliances (Hardware Version: B200, B300 or B300r1; Software Version: 10.6.2 FIPS; Firmware Version: 3.2.2 FIPS) (When operated in FIPS mode and with the tamper evident seals applied as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/31/2011; 10/26/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1563); Triple-DES (Cert. #1027); RSA (Cert. #762); SHS (Cert. #1388); HMAC (Cert. #915); RNG (Cert. #844) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5 Multi-chip standalone "Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1596	Bomgar Corporation 578 Highland Colony Parkway Paragon Centre, Suite 300 Ridgeland, MS 39157 USA -Main Office TEL: 601-519-0123 FAX: 601-510-9080 -Victor Wolff TEL: 703-483-5515 FAX: 601-510-9080 CST Lab: NVLAP 200426-0	B400™ Remote Support Appliance (Hardware Version: B400 or B400r1; Software Version: 10.6.2 FIPS; Firmware Version: 3.2.2 FIPS) (When operated in FIPS mode and with the tamper evident seals applied as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/31/2011; 10/26/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1563); Triple-DES (Cert. #1027); RSA (Cert. #762); SHS (Cert. #1388); HMAC (Cert. #915); RNG (Cert. #844) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5 Multi-chip standalone "Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1595	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Gorczyca CST Lab: NVLAP 200556-0	Symantec Enterprise Vault Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode or Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/31/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Microsoft Windows Server 2008 R2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #818 and #1168); Triple-DES (Certs. #691 and #846); RSA (Certs. #395, #559 and #568); SHS (Certs. #816 and #1081); HMAC (Certs. #452 and #687); RNG (Cert. #470); DRBG (Cert. #23) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); ANSI X9.31 RSA key-pair generation (non-compliant); ANSI X9.31 RSA signature verification (non-compliant); RC2; RC4; MD5; MD2; MD4; DES Multi-chip standalone "Symantec Enterprise Vault Cryptographic Module is a multi-chip standalone physical embodiment. The module consists of a DLL which interfaces with the Microsoft Cryptographic API to provide the required cryptographic functionality. The Enterprise Vault Cryptographic Module may be used for encryption/decryption of Enterprise Vault passwords, hashing of indexes, and random number generation."
1594	SafeNet, Inc. 1655 N Fort Myer Drive Suite 1150 Arlington, VA 22209 USA -SafeNet Government Sales TEL: 703-647-8408 FAX: 410-290-6506 CST Lab: NVLAP 200002-0	SafeNet Ethernet Encryptor, Branch Office (Hardware Versions: 943-5020v-004 [1] [2] and 943-50211-001 [2]; Firmware Versions: 1.0.6.4 [1] and 2.0.2 [2]) (When operated in FIPS mode. Refer to the cryptographic module's security policy for the details on the letter v designations.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	09/27/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1243); HMAC (Cert. #740); RNG (Cert. #690); RSA (Cert. #596); SHS (Cert. #1142); Triple-DES (Cert. #890) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Camellia; SEED Multi-chip standalone "The SafeNet Ethernet Encryptor Branch Office provides data privacy and access control for connections between vulnerable public and private networks. It employs a FIPS-approved AES algorithm and can be deployed in 10 Megabit Ethernet networks. The encryptor can be centrally controlled or managed across multiple remote stations using SafeNet's Security Management Center (SMC), a SNMPv3-based security management system."
1593	Mxtran Inc. 9F, No.16, Li-Hsin Road, Science Park Hsin-chu, 300 Republic of China -C.W. Pang TEL: +886-3-6661778#29300 FAX: +886-3-6662568 CST Lab: NVLAP 200824-0	Mxtran Payeeton Solution (Hardware Version: MX11E25644E; Firmware Version: Simker v2.30) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	08/22/2011	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #1007); AES (Cert. #1511); RSA (Cert. #739); SHS (Cert. #1354); HMAC (Cert. #886); RNG (Cert. #820) -Other algorithms: N/A Single-chip "Mxtran Payeeton Solution (MPS, hereafter referred to as the module) of Mxtran Inc. acts as a flexible platform for diversified mobile commerce services, allowing Mxtran clients to support both proximity payment and mobile payment via SMS for prepaid, online paid and post-paid services including e-ticketing, e-coupons, access control, membership management and more. Mxtran leverages extensive integrated circuit expertise to deliver highly customizable, portable applications and payment services in a single handset."
1592	Harris Corporation 221 Jefferson Ridge Parkway Lynchburg, VA 24501 USA -Brian Justice TEL: 434-455-9586 -Joyce O'Quinn TEL: 434-455-6458 CST Lab: NVLAP 200427-0	Harris Unified Audio Card (Hardware Version: EA-103168-002; Firmware Versions: MPC 860: SK-007765-007 v R03A08, DSP: SK-007765-013 v R03A05, Boot Loader / Factory Test: R03A02, Low Level Boot: R01D01 and DSP Factory Test: R01D02) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/22/2011	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1652 and #1653), HMAC (Cert. #970), RNG (Cert. #883), SHS (Cert. #1450) -Other algorithms: AES MAC (AES Cert. #1652, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The Harris UAC is a multi-channel analog audio gateway used to interface analog radio communication equipment such as conventional base stations to radio systems and other devices on a Voice Interoperability Data Access (VIDA) network."
1591	Symantec Corporation 20330 Stevens Creek Blvd Cupertino, CA 95014 USA -John Bordwine TEL: 703-885-3854 FAX: 301-514-3726 CST Lab: NVLAP 200556-0	Symantec Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/12/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (32-bit); Red Hat Enterprise Linux 4.8 (32-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1607); Triple-DES (Cert. #1052); DSA (Cert. #498); SHS (Cert. #1420); RNG (Cert. #861); RSA (Cert. #789); HMAC (Cert. #943) -Other algorithms: DES; Blowfish; CAST; IDEA; RC2; RC4; RC5; MD2; MD4; MD5; RipeMD; MDC-2; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (Cert. #789, key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Symantec Cryptographic Module is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCrypt is implemented in the C programming language and consists of a shared library that is linked with SSIM application components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
1590	BAE Systems 2525 Network Place Herndon, VA 22171 USA -John Ata TEL: 703-736-4384 FAX: 703-736-4348 CST Lab: NVLAP 200427-0	STOP OS 7 Kernel Cryptographic Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/10/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with STOP 7.3 Beta 1 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1603); DRBG (Cert. #78); HMAC (Cert. #939); SHS (Cert. #1416); Triple-DES (Cert. #1048) -Other algorithms: DES Multi-chip standalone "The STOP 7 Kernel Cryptographic Module is a library that is distributed as part of the monolithic kernel. The module provides the general purpose cryptographic functionality used by the kernel and kernel modules."
1589	ZTE Corporation NO. 55, Hi-tech Road South Shen Zhen, Guangdong Province 518057 People's Republic of China -Mr. Royce Wang TEL: +86-755-2677 0345 FAX: +86-755-2677 0347 CST Lab: NVLAP 200658-0	UEP Cryptographic Module (Software Version: 4.11.10) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/10/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with NewStart CGS Linux V3.02 with Sun JDK/JRE 1.6.0_11 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #1039 and #1040); AES (Certs. #1583 and #1584); DSA (Certs. #489 and #490); SHS (Certs. #1402 and #1403); RSA (Certs. #773 and #774); HMAC (Certs. #929 and #930); DRBG (Certs. #73 and #74) -Other algorithms: N/A Multi-chip standalone "UEP cryptographic mpdule provides general purpose cryptographic services intended to protect data in transit and at rest."
1588	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	Agent Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with module RSA BSAFE Crypto-C Micro Edition validated to FIPS 140-2 under Cert. #828 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	08/05/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (x86 32-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #490); Triple-DES (Cert. #501); RSA (Cert. #203); SHS (Cert. #560); RNG (Cert. #270); DSA (Cert. #199); -Other algorithms: NDRNG Multi-chip standalone "McAfee Agent Cryptographic Module provides cryptographic operations for McAfee Agent, a software agent used in conjunction with McAfee ePolicy Orchestrator (ePO) to manage and monitor numerous end-point security products."
1587	McAfee Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	ePO Cryptographic Module (Software Version: 1.0, 1.1, 1.2, 1.3, or 1.4) (When operated in FIPS mode with module RSA BSAFE® Crypto-J validated to FIPS 140-2 under Cert. #1047 operating in FIPS mode and with module RSA BSAFE® Crypto-C Micro Edition validated to FIPS 140-2 under Cert. #1092 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	08/05/2011; 11/17/2011; 04/02/2012; 08/16/2012; 01/04/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP (x86 32 bit) (single-user mode) -FIPS-approved algorithms: AES (Certs. #670 and #860); RSA (Certs. #312 and #412); SHS (Certs. #703 and #855); RNG (Certs. #390 and #492); DSA (Cert. #311); Triple-DES (Cert. #707); -Other algorithms: NDRNG Multi-chip standalone "McAfee ePO Cryptographic Module provides cryptographic operations for McAfee ePolicy Orchestrator (ePO), a security management software that allows enterprises to unify the management of numerous end-point, network, and data security products."
1586	ZTE Corporation NO. 55, Hi-tech Road South Shen Zhen, Guangdong Province 518057 People's Republic of China -Mr. Royce Wang TEL: +86-755-2677 0345 FAX: +86-755-2677 0347 CST Lab: NVLAP 200658-0	Unified Platform Cryptographic Library (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/09/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with EMBSYS (TM) Carrier Grade Embedded Linux V3 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1585 and #1586); Triple-DES (Certs. #1041 and #1042); SHS (Certs. #1404 and #1405); RSA (Certs. #775 and #776); DSA (Certs. #491 and #492); HMAC (Certs. #931 and #932); DRBG (Certs. #75 and #76) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); IDEA; DES; RC2; RC4; MD2; MD4; MD5; RIPEMD; CAST; Blowfish Multi-chip standalone "Unified Platform Cryptographic Library provides general purpose cryptographic services intended to protect data in transit and at rest."
1585	Fortinet, Inc. 13221 Woodland Park Road Suite 110 Herndon, VA 20171 USA -Phil Fuster, Vice President, Federal Operations TEL: 703-709-5011 x2807 FAX: 703-709-2180 CST Lab: NVLAP 200426-0	FortiGate-80C [1], FortiGate-110C [2] and FortiGate-111C [3] (Hardware Versions: C4BC61 [1], C4HA15 [2] and C4BQ31 [3]; Firmware Version: FortiOS 4.0, build6359, 100712) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2011	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1404, #1408 and #1409); Triple-DES (Certs. #957, #961 and #962); RNG (Cert. #770); SHS (Certs. #1274, #1278 and #1279); HMAC (Certs. #825, #829 and #830); RSA (Certs. #685 and #686) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1584	Fortinet, Inc. 13221 Woodland Park Road Suite 110 Herndon, VA 20171 USA -Phil Fuster, Vice President, Federal Operations TEL: 703-709-5011 x2807 FAX: 703-709-2180 CST Lab: NVLAP 200426-0	FortiGate-1240B [1], FortiGate-3016B [2], FortiGate-3600A [3] and FortiGate-3810A-E4 [4] (Hardware Versions: C4CN43 [1], C4XA14 [2], V3BU94 [3] and C3GV75 [4]; Firmware Version: FortiOS 4.0, build6341, 100617) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2011	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1404, #1408 and #1409); Triple-DES (Certs. #957, #961 and #962); RNG (Cert. #770); SHS (Certs. #1274, #1278 and #1279); HMAC (Certs. #825, #829 and #830); RSA (Certs. #685 and #686) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1583	Fortinet, Inc. 13221 Woodland Park Road Suite 110 Herndon, VA 20171 USA -Phil Fuster, Vice President, Federal Operations TEL: 703-709-5011 x2807 FAX: 703-709-2180 CST Lab: NVLAP 200426-0	FortiGate-200B [1], FortiGate-300A [2], FortiGate-300A-HD [3], FortiGate-310B [4], FortiGate-311B [5], FortiGate-620B [6] and FortiGate-800 [7] (Hardware Versions: C4CD24 [1], C4FK88 [2], C4FK88 [3], C4ZF35 [4], C4CI39 [5], C4AK26 [6] and C4UT39 [7]; Firmware Version: FortiOS 4.0, build6359, 100712) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2011	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1404, #1405, #1408, #1409 and #1463); Triple-DES (Certs. #957, #958, #961, #962 and #987); RNG (Cert. #770); SHS (Certs. #1274, #1275, #1278, #1279 and #1327); HMAC (Certs. #825, #826, #829, #830 and #862); RSA (Certs. #685 and #686) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1582	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	IPCryptR2 (Hardware Version: P/N BLN1306A; Firmware Version: R03.01.51) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2011	Overall Level: 2  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: Level 3 -Operational Environment: Level 3 -FIPS-approved algorithms: AES (Certs. #1424 and #1425); SHS (Cert. #1292); RNG (Cert. #778); ECDSA (FIPS 186-3, vendor affirmed) -Other algorithms: AES MAC (AES Cert. #1424, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1424, key wrapping; key establishment methodology provides 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); LFSR; NDRNG Multi-chip standalone "The IPCryptR2 provides secure key management and data encryption in Astro, Dimetra and Broadband Systems."
1581	Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972-37534561 CST Lab: NVLAP 200002-0	Check Point IP Appliance (Hardware Versions: IP290 (CPAP-IP295-D-GFIP [Nokia NBB0292000] and N431174001, CPAP-IP295-D-AC-DS [Nokia NBB0295000] and N431174001) and IP690 (CPAP-IP695-D-GFIP [Nokia NBB0692000], CPIP-A-4-1C and N431174001); Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA-30) (When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/11/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #497, #709, #769 and #342); Triple-DES (Certs. #507, #637, #510, #638, #729, #669 and #406); HMAC (Certs. #248, #384, #251, #385, #499, #421 and #146); SHS (Certs. #564, #734, #567, #735, #883, #775 and #417); DSA (Certs. #202 and #271); RSA (Certs. #211, #332, #213 and #333); RNG (Certs. #275, #417, #277 and #418) -Other algorithms: CAST; DES; HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); Triple-DES (K3 mode; non-compliant) Multi-chip standalone "The Check Point IP Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1580	Hewlett-Packard TippingPoint 7501 N. Capital of Texas Highway Austin, TX 78737 USA -Dinesh Vakharia TEL: 512-681-8271 -Freddie Jimenez Jr. TEL: 512-681-8305 CST Lab: NVLAP 200427-0	HP TippingPoint Security Management System (Firmware Version: 3.2.0.8312.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	08/10/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -Tested: Fedora Core 10 Operating System running on a HP ProLiant DL320 G6 Server -FIPS-approved algorithms: AES (Certs. #1631 and #1632); DRBG (Cert. #87); DSA (Cert. #513); HMAC (Certs. #958 and #959); RNG (Cert. #874); RSA (Certs. #805 and #806); SHS (Certs. #1436 and #1437); Triple-DES (Certs. #1067 and #1068) -Other algorithms: Blowfish; CAMELLIA; CAST; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and112 bits of encryption strength); IDEA; MD2; MD5; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); SEED Multi-chip standalone "The HP Security Management System Appliance Series delivers enterprise-class security management capabilities that are simple to use and extremely powerful. The Security Management System Appliance is a hardened appliance that provides both global vision and security policy control for large-scale deployments of all HP products, including HP Intrusion Prevention Systems (IPS), Core Controllers, and SSL Appliances. The appliance is responsible for discovering, monitoring, configuring, diagnosing, remediating, and reporting for global IPS deployments."
1579	Certicom Corp. 4701 Tahoe Blvd., Building A Mississauga, Ontario L4W 0B5 Canada -Randy Tsang TEL: 289-261-4189 -Certicom Eastern US Sales Office TEL: 703-234-2357 FAX: 703-234-2356 CST Lab: NVLAP 200426-0	Security Builder FIPS Module (Software Version: 5.6, 5.6.1 or 5.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	07/21/20111; 06/05/2012; 08/16/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with QNX Neutrino Version 6.6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1054); AES (Cert. #1609); SHS (Cert. #1422); HMAC (Cert. #945); RNG (Cert. #863); DRBG (Cert. #82); DSA (Cert. #500); ECDSA (Cert. #200); RSA (Cert. #791); KAS (Cert. #14; key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) -Other algorithms: DES; DESX; AES CCM* (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECIES; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Security Builder FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1578	Research in Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Security Certifications Team TEL: (519) 888-7465 x 72921 FAX: (519) 888-9852 CST Lab: NVLAP 200426-0	BlackBerry OS Cryptographic Library (Software Version: 5.6, 5.6.1 or 5.6.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	07/21/2011; 06/05/2012; 08/16/2012;01/24/2013; 02/22/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with BlackBerry® Tablet OS Version 2.0 (Binary compatible to BlackBerry® Tablet OS Version 1.0) (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1053); AES (Cert. #1608); SHS (Cert. #1421); HMAC (Cert. #944); RNG (Cert. #862); DRBG (Cert. #81); DSA (Cert. #499); ECDSA (Cert. #199); RSA (Cert. #790); KAS (Cert. #13; key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) -Other algorithms: DES; DESX; AES CCM* (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECIES; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The BlackBerry OS Cryptographic Library is a software module that provides the cryptographic functionality required for secure operation of the BlackBerry® PlayBook™ and devices running the BlackBerry® 10 OS ."
1577	Futurex 864 Old Boerne Rd. Bulverde, TX 78163 USA -Paul Enman TEL: 830-980-9782 FAX: 830-438-8782 CST Lab: NVLAP 100432-0	EXP9000 Hardware Security Module (Hardware Version: P/N 9750-2075, Revision B; Firmware Version: 4.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/05/2011	Overall Level: 3  -FIPS-approved algorithms: RSA (Cert. #810); AES (Cert. #1636); Triple-DES (Cert. #1072); SHS (Cert. #1441); HMAC (Cert. #962); RNG (Cert. #877) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; DES; TR-31 Multi-chip embedded "The EXP9000 cryptographic module provides secure encryption, storage, and transmission of sensitive data used in a wide variety of applications including Futurex Hardware Security Modules (HSM) and Key Management Servers (KMS)."
1576	Teledyne Webb Research 82 Technology Park Drive East Falmouth, MA 02536 USA -David Pingal TEL: 508-548-2077 x 146 CST Lab: NVLAP 200002-0	MiniCrypt (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	07/21/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Persistor CF1 HW system with Motorola MC68CK338CPV14 processor running PicoDOS version 2.26 -FIPS-approved algorithms: AES (Cert. #1268); SHS (Cert. #1168); HMAC (Cert. #738) -Other algorithms: N/A Multi-chip standalone "MiniCrypt is a small, low resource utilization, software library for use in embedded systems, providing encryption, decrypting, hashing and message authentication functions."
1575	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839 CST Lab: NVLAP 200556-0	BlackBerry Smartcard Reader (Hardware Version: 2.0; Firmware Version: 3.8.5.51) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/15/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1172); HMAC (Cert. #672); SHS (Cert. #1084); RNG (Cert. #648); RSA (Cert. #555); ECDSA (Cert. #140) -Other algorithms: EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "The BlackBerry Smart Card Reader for BlackBerry devices is an accessory that, when used in proximity to certain Bluetooth(R) enabled BlackBerry devices and computers, integrates smart card use with the BlackBerry Enterprise Solution, letting users authenticate with their smart cards to log in to Bluetooth enabled BlackBerry devices and computers."
1574	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	Endpoint Encryption Manager (Software Version: 5.2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	07/15/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 2 with Windows Server 2003 Standard Edition SP2 on Dell Optiplex GX620 with 3.0 GHz Intel Pentium D Processor 830 (1 CPU) (32 bit); Windows Server 2008 64 bit Enterprise Edition on Dell PowerEdge 2970 with 1.7 GHz quad core AMD Opteron 2344 Processor (2 CPUs) (64-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHS (Cert. #1247); RNG (Cert. #752) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG Multi-chip standalone "McAfee Endpoint Encryption Manager (EEMgr) is the central management console for McAfee Endpoint Encryption for PC clients and users. The EEMgr allows authorized administrators to manage system users and computers, configure and apply security policies, recover user credentials, and create custom login tokens to be used with smart cards and PKI systems."
1573	U.S. Department of State 301 4th Street SW SA-44 Washington, DC 20547 USA -Paul Newton TEL: 202-203-5153 FAX: 202-203-7669 CST Lab: NVLAP 100432-0	PKI BLADE Applet and Protiva PIV DL Card (Hardware Version: P/N P5CD144 Version A1047808; Firmware Version: EI08-M1004069, Softmask V01, PIV Applet V1.55 and PKI BLADE Applet V1.2) (PIV Card Application: Cert. #22) (When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 12) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/15/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed); SHS (Cert. #786); RSA (Cert. #372); RNG (Cert. #450) -Other algorithms: Triple-DES (Cert. #678, key wrapping; key establishment methodology provides 100 bits of encryption strength) Single-chip "The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using passwords and fingerprints biometrics."
1572	Harris Corporation 1680 University Avenue Rochester, NY, NY 14610 USA -Hang Liu TEL: 434-455-9610 -Dennis Boyer TEL: 919-609-0608 CST Lab: NVLAP 200426-0	Harris AES Software Load Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	07/13/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Texas Instruments DSP/BIOS Software Kernel Version 5.33.03 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1482) -Other algorithms: N/A Multi-chip standalone "The Harris AES Software Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals."
1571	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001 CST Lab: NVLAP 200002-0	nShield Connect 6000 [1], nShield Connect 1500 [2] and nShield Connect 500 [3] (Hardware Versions: NH2047 [1], NH2040 [2] and NH2033 [3], Build Standard N; Firmware Version: V11.30) (When operated in FIPS mode with nShield PCIe validated to FIPS 140-2 under Cert. #1063) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/13/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #397, #754 and #1227); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435, #666 and #883); Triple-DES MAC (Cert. #666, vendor affirmed); DSA (Certs. #280 and #407); ECDSA (Certs. #81 and #145); SHS (Certs. #764 and #1127); HMAC (Certs. #410 and #717); RSA (Cert. #356); RNG (Certs. #436 and #681) -Other algorithms: Aria; Arc Four; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Thales nShield Connect is a network-attached hardware security module for business continuity of always-on, mission-critical systems in shared infrastructures, providing high availability, scalability and remote management for cryptographic infrastructures. Part of the nCipher product line, nShield Connect is the world's first HSM with redundant, hot-swappable power supplies, and enables organizations to build reliable, large-scale cryptographic services for their infrastructures."
1570	SanDisk Corporation Atir Yeda 7 Kfar-Saba, Israel -Boris Dolgunov TEL: +972-9-7645000 FAX: +972-3-5488666 CST Lab: NVLAP 100432-0	Cruzer Enterprise FIPS Edition (Hardware Versions: P/Ns 54-89-15381-004G, 54-89-15381-008G, 54-89-15381-016G and 54-89-153-032G, Version Revision 1; Firmware Version: 9.5.21.01.F3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/12/2011	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1432 and #1433); RSA (Cert. #702); SHS (Cert. #1295); RNG (Cert. #779) -Other algorithms: RSA (encrypt/decrypt) Multi-chip embedded "The SanDisk Cruzer Enterprise FIPS Edition secure USB flash drive offers on-the-fly hardware encryption for enterprises and government agencies that helps IT professionals within those organizations to effectively protect information on company-issued USB flash drives. It is specially designed to meet the unique USB security, compliance, and manageability needs of large organizations. With FIPS 140-2 level 2 certification inside, the Cruzer Enterprise FIPS Edition caters to the ultra-sensitive security requirements of government agencies and enterprises."
1569	Doremi Cinema LLC 1020 Chestnut St. Burbank, CA 91506 USA -Jean-Philippe Viollet TEL: 818-562-1101 FAX: 818-562-1109 -Camille Rizko TEL: 818-562-1101 FAX: 818-562-1109 CST Lab: NVLAP 200802-0	IMB (Hardware Versions: IMB-A0, IMB-A1, IMB-A2, IMB-E0, IMB-E1 and IMB-E2; Firmware Versions: (5.0.10f, 30.04m-1 and 99.03f) or (5.0.21, 30.05g1 and 99.03f)) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/11/2011; 08/16/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #532, #1252 and #1383); HMAC (Cert. #731); SHS (Cert. #1148); RNG (Certs. #693 and #696); RSA (Certs. #600, #601 and #777) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG; MD5; HMAC-MD5; EC Diffie-Hellman; TI S-box Multi-chip embedded "The IMB (Integrated Media Block) is a card that utilizes Doremi’s patented 4K media block technology. The IMB can be installed in a DLP Series-II 4K-ready projector along with Doremi’s external ShowVault™, allowing to perform 4K content playback. The customer can still choose to project in 2K using the IMB."
1568	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	Endpoint Encryption Manager (Software Version: 5.2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	06/30/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (32-bit); Windows Server 2008 (64 bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHA-1 (Cert. #1247); RNG (Cert. #752) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG Multi-chip standalone "McAfee Endpoint Encryption Manager (EEMgr) is the central management console for McAfee Endpoint Encryption for PC clients and users. The EEMgr allows authorized administrators to manage system users and computers, configure and apply security policies, recover user credentials, and create custom login tokens to be used with smart cards and PKI systems."
1567	Lumension Security, Inc. 15880 Greenway-Hayden Loop Suite 100 Scottsdale, AZ 85260 USA -Chris Chevalier TEL: 480-970-1025 FAX: 480-970-6323 -Ron Smith TEL: 480-663-8763 FAX: 480-970-6323 CST Lab: NVLAP 200002-0	Lumension Cryptographic Kernel (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	06/27/2011	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX620 running MS Windows Server 2003 Standard, Version 5.2 SP 2 (32-bit version); Dell PowerEdge 2850 running MS Windows Server 2003 Standard x64, Version 5.2 SP 2 (64-bit version); Dell Optiplex GX620 running MS Windows XP Professional, Version 5.1 SP 2 (32-bit version); Dell PowerEdge 2850 running Windows XP Professional x64, Version 5.2 SP 2 (64-bit version) -FIPS-approved algorithms: AES (Cert. #1045); SHS (Cert. #995); RNG (Cert. #596); HMAC (Cert. #587); RSA (Cert. #499); ECDSA (Cert. #126) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5; HMAC-MD5; ECIES Multi-chip standalone "The Lumension Cryptographic Kernel (LCK) v1.0 provides the cryptographic functions for certain Lumension products, including Application and Device Control. These products secure endpoints from malware and unauthorized software execution, and from malicious or accidental data loss through the use of removable devices and media."
1566	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® CNG Cryptographic Primitives Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	06/27/2011; 01/24/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 (x86 32-bit); Microsoft Windows 7 (x86_64 64-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1598); DRBG (Cert. #77); DSA (Cert. #493); ECDSA (Cert. #196); HMAC (Cert. #935); RNG (Cert. #855); RSA (Cert. #780 and FIPS 186-3, vendor affirmed); SHS (Cert. #1410); Triple-DES (Cert. #1044) -Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; HMAC-MD2; HMAC-MD4; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "RSA BSAFE® CNG Cryptographic Primitives Library is a drop-in replacement for the Microsoft user-mode CNG (Cryptograpy, Next Generation) provider. It supports a wide range of industry standard encryption algorithms. Software applications written against the Microsoft CNG framework, that do not explicitly request a specific provider, will automatically use the BSAFE CNG cryptographic implementations without modification once the BSAFE CNG Primitive Provider is installed."
1565	Xceedium, Inc. 30 Montgomery Street Suite 1020 Jersey City, NJ 07302 USA -Dave Olander TEL: 201-536-1000 x121 FAX: 201-536-1200 CST Lab: NVLAP 200556-0	Xceedium Xsuite (Hardware Versions: 5 and 5a; Firmware Version: 1.0.0) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/23/2011; 12/03/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1151 and #1572); Triple-DES (Certs. #833 and #1029); SHS (Certs. #1065 and #1392); RSA (Cert. #765); HMAC (Certs. #654 and #919); RNG (Cert. #846) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DSA (Cert. #483; non compliant) Multi-chip standalone "Xceedium's GateKeeper is a hardened appliance that functions as a secure centralized management platform that enables IT operations to remotely manage data centers as one integrated system. A standardized security model can be developed to mitigate the risks of "untrusted" users; provide centralized access and policy, compartmentalize down to the port, define good and bad behavior, alert and restrict access to applications or commands. GateKeeper provides touch free support and includes all access methods and tools for in-band, out-of-band and power control."
1564	Schweitzer Engineering Laboratories, Inc. 2350 NE Hopkins Court Pullman, WA 99163 USA -Joe Casebolt TEL: 509-332-1890 FAX: 509-332-7990 CST Lab: NVLAP 100432-0	SEL-3044 (Hardware Version: 1.0; Firmware Version: R101 or R103) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/23/2011; 02/15/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1272); SHS (Cert. #1170); HMAC (Cert. #739); RNG (Cert. #710); DSA (Cert. #412) -Other algorithms: AES (Cert. #1272, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength) Multi-chip standalone "The SEL-3044 SEL Encryption Card provides strong cryptographic security to a variety of communications networks. It protects point-to-point, multi-drop, and many-to-many networks. The SEL-3044 secures all byte oriented serial protocols including popular SCADA or PCS protocols like DNP and MODBUS common to PLC, IED, and RTU products. It quickly integrates into serial communication networks including modem and data radio."
1563	3e Technologies International, Inc. Suite 500, 9715 Key West Avenue Rockville, MD 20850 USA -Chris Guo TEL: 301-944-1294 FAX: 301-670-6989 CST Lab: NVLAP 200002-0	3e-030-2 Security Server Cryptographic Core (Software Version: 4.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	06/20/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Red Hat Linux Enterprise 5.5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1546); Triple-DES (Cert. #1016); SHS (Cert. #1371); HMAC (Cert. #897); RSA (Cert. #749); DSA (Cert. #478); ECDSA (Cert. #191); RNG (Cert. #834) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); MD5 Multi-chip standalone "The 3e-030-2 Security Server Cryptographic Core (Version 4.0) provides FIPS 140-2 validated cryptographic functionality for the 3eTI Security Server product, a RADIUS based Authentication Server, capable of EAP-TLS authentication of wireless client, support of JITC DoD-signed certificates for PKI usage, and full 802.11i support. The 3e-030-2 provides the following FIPS-approved cryptographic algorithms: AES, SHA-1, SHA-2, HMAC, RSA DSA ECDSA sign/verify, FIPS 186-2 PRNG. The 3e-030-2 also supports the following non-FIPS cryptographic algorithms: Diffie Hellman, ECDH and MD5"
1562	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Joe Warren CST Lab: NVLAP 200416-0	Datacryptor® Gig Ethernet [1] and 10 Gig Ethernet [2] (Hardware Versions: 1600x433 [1] and 1600x437 [2]; Firmware Version: 4.5) (When configured with the Multi-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/20/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1033, #1488, #1489, #1548 and #1550); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); NDRNG Multi-chip standalone "The Datacryptor® Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules designed to secure data transmissions across public Ethernet Layer 2 networks. The Gig Ethernet uses an SFP transceiver and the 10 Gig Ethernet uses a higher-speed XFP transceiver. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM."
1561	Oracle Corporation 500 Eldorado Blvd., Bldg 5 Broomfield, CO 80021 USA -David Hostetter TEL: 303-272-7126 FAX: 303-272-6555 CST Lab: NVLAP 100432-0	StorageTek™ T10000C Tape Drive (Hardware Version: P/N 316052503; Firmware Version: 1.51.318) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/17/2011	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1564, #1565, #1566, #1567, #1568, #1569 and #1570); DRBG (Cert. #71); HMAC (Certs. #916 and #917); SHS (Certs. #1389 and #1390); RSA (Cert. #763) -Other algorithms: AES (Cert. #1567, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5 Multi-chip standalone "The StorageTek™ T10000C Tape Drive provides 5 TB native capacity and 240 MB/sec throughput using BaFe media and with backward read compatibility to the T10000A/B. Designed for maximum security and performance, the T10000C provides AES-256 encryption to protect and authenticate customer data and to provide secure, authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle OKM to provide a secure end-to-end management solution."
1560	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 3925E and Cisco 3945E Integrated Services Routers (ISRs) (Hardware Versions: 3925E (with PCB rev -A0 and -B0), 3945E (with PCB rev -A0 and -B0), [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0], ISR: FIPS-SHIELD-3900=; Firmware Version: 15.1(2)T3) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/14/2011; 02/23/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #803 and #1580); HMAC (Certs. #443 and #926); RNG (Cert. #850); RSA (Cert. #771); SHS (Certs. #801 and #1399); Triple-DES (Certs. #1036 and #1037) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Cisco 3925E and 3945E Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1559	Hewlett-Packard Company 19091 Pruneridge Ave. MS 4441 Cupertino, CA 95014 USA -Theresa Conejero TEL: 408-447-2964 FAX: 408-447-5525 CST Lab: NVLAP 100432-0	Atalla Cryptographic Subsystem (ACS) (Hardware Version: P/N 610113-002 Rev. C; Firmware Version: Loader Version 0.65, PSMCU Version 0.98) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/14/2011; 09/19/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1305 and #1311); RNG (Cert. #728); RSA (Cert. #625); SHS (Cert. #1194) -Other algorithms: N/A Multi-chip embedded "The Atalla Cryptographic Subsystem (ACS) is a multi-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1558	Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan -Hirotaka Kondo TEL: +81 46 202 8074 FAX: +81 46 202 6304 CST Lab: NVLAP 200802-0	Gemini (Hardware Version: 1.0.0; Firmware Version: 1.0.0 or 1.0.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/14/2011; 07/19/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1539, #1540 and #1541); RNG (Certs. #828, #829 and #830); RSA (Certs. #750 and #751); HMAC (Certs. #901 and #902); SHS (Certs. #1364, #1365, #1366 and #1367) -Other algorithms: HMAC-MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip embedded "The primary purpose of the Gemini is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1557	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 2150E (Hardware Version: 2150E; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/09/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1556	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 1100E (Hardware Version: 1100E; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/09/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1555	BlockMaster AB Kyrkogatan 17 Lund, S-222 22 Sweden -Johan Söderström TEL: +46 (0) 46-2765100 -Anders Pettersson TEL: +46 (0) 46-2765100 CST Lab: NVLAP 200002-0	BM-C1000 (Hardware Versions: BM-C1000-01, BM-C1000-02, BM-C1000-04, BM-C1000-08, BM-C1000-16, BM-C1000-32 and BM-C1000-64; Firmware Version: 4.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/07/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Mitigation of Other Attacks: Level 3 -FIPS-approved algorithms: AES (Cert. #1236); SHS (Cert. #1134); RNG (Cert. #683), RSA (Cert. #617) -Other algorithms: NDRNG; RSA-512 (non-compliant) Multi-chip embedded "The BlockMaster microcontroller BM9931 powers FIPS secure USB flash drives. All data stored is encrypted transparently on the fly within the hardware in accordance with the specification of the Federal Information Processing Standard (FIPS 140-2)."
1554	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 4150E (Hardware Version: 4150E; Firmware Version: 7.0.1.01.E12) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/07/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1553	Comtech EF Data Corporation 2114 West 7th Street Tempe, AZ 85281 USA -Wallace Davis TEL: 480-333-2189 FAX: 480-333-2147 CST Lab: NVLAP 200427-0	SLM-5650A TRANSEC Module (Hardware Version: 1.2; Firmware Version: 1.2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/07/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1537 and #1538); ECDSA (Cert. #189); HMAC (Cert. #893); RNG (Cert. #827); RSA (Cert. #746); SHS (Cert. #1363); Triple-DES (Cert. #1012) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The SLM-5650 satellite modem includes a single FIPS card called the SLM-5650A TRANSEC Module that will perform bulk encryption of all packets for transmission over the satellite regardless of the protocol, the format of data, or existing encryption on the incoming data. The SLM-5650A TRANSEC Module uses 256-bit AES in CBC mode for bulk encryption of all data requiring encryption. The module is managed using a proprietary graphical user interface (GUI) over TLS, referred to as the Management & Control Console, and a command line management interface over SSH."
1552	Check Point Software Technologies Ltd. Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972-37534561 CST Lab: NVLAP 200002-0	Check Point IP Appliance (Hardware Versions: IP1280 (CPAP-IP1285-D-GFIP [Nokia NBB1270000], CPIP-A-4-1C, CPIP-A-D80G-CA, CPIP-A-CA-12-24 and N431174001), IP2450 (CPAP-IP2455-D-GFIP [Nokia NBB3450000], CPIP-A-4-1C, CPIP-A-D80G-CA, CPIP-A-CA-12-24 and N431174001) and IP2455 (CPAP-IP2455-D- GFIP, CPIP-A-4-1C, CPIP-A-D80G-CA, CPIP-A-CA-12-24 and N431174001) ; Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA 30) (When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/07/2011; 10/04/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #709 and #91); Triple-DES (Certs. #637, #638, #729 and #204); HMAC (Certs. #384, #385, #499 and #203); SHS (Certs. #734, #735, #883 and #500); DSA (Cert. #271); RSA (Certs. #332 and #333); RNG (Certs. #417 and #418) -Other algorithms: CAST; DES; HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); Triple-DES (K3 mode; non-compliant) Multi-chip standalone "The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1551	Check Point Software Technologies Ltd. Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972-37534561 CST Lab: NVLAP 200002-0	Check Point IP Appliance (Hardware Versions: IP390 (CPAP-IP395-D-GFIP [Nokia NBB0302000] and N431174001) and IP560 (CPAP-IP565-D-AC [Nokia NBB0562000] and CPIP-A-4-1C, CPIP-A-PCMCIA-CA, N431174001); Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA-30) (When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/21/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #397, #342, #442 and #497); Triple-DES (Certs. #507, #510, #465, #466, #435, #406 and #729); HMAC (Certs. #248, #251, #207, #208, #176, #146 and #499); SHS (Certs. #564, #567, #508, #509, #469, #417 and #883); DSA (Certs. #202 and #204); RSA (Certs. #211, #213, #215 and #167); RNG (Certs. #275, #277, #229 and #230) -Other algorithms: CAST; DES (Cert. #314); HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Triple-DES (K3 mode; non-compliant) Multi-chip standalone "The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1550	SafeNet, Inc. 20 Colonnade Drive Suite 200 Ottowa, Ontario K2E 7M6 Canada -Iain Holness TEL: 613-221-5049 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	ProtectServer Internal Express (PSI-e) (Hardware Version: VBD-04-0302; Firmware Version: 3.00.03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/07/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1582); DSA (Cert. #488); ECDSA (Cert. #193); HMAC (Cert. #928); RNG (Cert. #851); RSA (Cert. #772); SHS (Cert. #1401); Triple-DES (Cert. #1038); Triple-DES MAC (Triple-DES Cert. #1038, vendor affirmed) -Other algorithms: AES MAC (AES Cert. #1582; non-compliant); ARIA; CAST-128; CAST-128 MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); ECIES; EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (Key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); SEED; SEED MAC; Multi-chip embedded "The SafeNet PSI-e is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-e also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC."
1549	Sophos Ltd. The Pentagon Abingdon Science Park Oxford, Oxfordshire OX14 3YP United Kingdom -Curt W. Lindenberger TEL: 781-494-5800 FAX: 781-494-5801 -Joachim Schneider TEL: +49 (0) 6171-88-1968 FAX: +49 (0) 89-30703123 CST Lab: NVLAP 200002-0	SafeGuard Cryptographic Engine (Software Version: 5.60) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	05/27/2011	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition 32-bit; Microsoft Windows 7 Ultimate Edition 64-bit; FreeBSD 6.1 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1447 and #1448); Triple-DES (Cert. #982); HMAC (Cert. #849); SHS (Certs. #1311, #1312 and #1317); RNG (Cert. #792) -Other algorithms: N/A Multi-chip standalone "SafeGuard Cryptographic Engine is the core cryptographic component of Sophos' encryption products SafeGuard Enterprise, SafeGuard PrivateDisk, SafeGuard LAN Crypt and SafeGuard PrivateCrypto. It provides a solid implementation of standard algorithms used for disk and file encryption, key generation, key management, and integrity protection."
1548	Motorola Solutions, Inc. 1150 Kifer Rd Sunnyvale, CA 94086 USA -Tresa Johnson TEL: 408-991-7589 FAX: 408-991-7420 CST Lab: NVLAP 100432-0	Motorola Network Router (MNR) S2500 (Hardware Version: Base Unit P/N CLN1713F, Version Rev D with Encryption Module P/N CLN8262C, Version Rev F; Firmware Version: XS-16.0.1.44) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/23/2011	Overall Level: 1  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #581 and #588); AES (Certs. #611 and #625); DSA (Cert. #237); SHS (Certs. #659 and #693); HMAC (Certs. #322 and #342); RNG (Cert. #349); RSA (Cert. #283) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "MNR S2500 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S2500 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S2500 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1547	Motorola Solutions, Inc. 1150 Kifer Rd Sunnyvale, CA 94086 USA -Tresa Johnson TEL: 408-991-7589 FAX: 408-991-7420 CST Lab: NVLAP 100432-0	Motorola Network Router (MNR) S6000 (Hardware Version: Base Unit HW P/N CLN1780H, Version Rev A with Encryption Module HW P/N CLN8261D, Version Rev L; Firmware Versions: PS-16.0.1.44 and GS-16.0.1.44) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/23/2011	Overall Level: 1  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #275 and #580); AES (Certs. #173 and #609); DSA (Cert. #236); SHS (Certs. #258 and #658); HMAC (Certs. #39 and #323); RNG (Cert. #348); RSA (Cert. #282) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1546	Motorola Solutions, Inc. 1150 Kifer Rd Sunnyvale, CA 94086 USA -Tresa Johnson TEL: 408-991-7589 FAX: 408-991-7420 CST Lab: NVLAP 100432-0	Motorola GGM 8000 Gateway (Hardware Version: Base Unit P/N: CLN1841A, Version Rev B with Encryption Module P/N: CLN8492D, Version Rev B; FIPS Kit: P/N CLN1854A, Rev. B; Power Supply: P/N CLN1850A, Rev. C (AC) or P/N CLN1849A, Rev. C (DC); Firmware Version: XS-16.0.1.44) (When operated in FIPS mode with tamper labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/09/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #685 and #989); AES (Certs. #803 and #1469); DSA (Cert. #465); SHS (Certs. #801 and #1329); RNG (Cert. #803); RSA (Cert. #718); HMAC (Certs. #443 and #864) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1545	Hewlett-Packard TippingPoint 7501N. Capital of Texas Highway Austin, TX 78731 USA -Dinesh Vakharia TEL: 512-681-8271 -Freddie Jimenez Jr. TEL: 512-681-8305 CST Lab: NVLAP 200427-0	HP TippingPoint Intrusion Prevention System (Hardware Versions: S10 [1], S110 [1], S330 [1], S660N [2], S1400N [2], S2500N [2] and S5100N [2]; Firmware Versions: 3.1.4.1427 [1] and 3.2.0.1530 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/27/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #1557, #1558 and #1559); HMAC (Certs. #909, #910 and #911); RNG (Certs. #838, #839 and #840); RSA (Certs. #756, #757 and #758); SHS (Certs. #1381, #1382 and #1383); Triple-DES (Certs. #1021, #1022 and #1023) -Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; Non-Approved RNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength). Multi-chip standalone "Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
1544	LaserCard Corporation 1875 N. Shoreline Blvd. Mountain View, CA 94043 USA -Alex Giakoumis TEL: 650-335-4348 FAX: 650-969-6121 CST Lab: NVLAP 100432-0	LaserCard LCCIDProtect (Hardware Version: P/N AT90SC28872RCU Revision G; Firmware Version: 010B.9288.0303) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/10/2011; 07/27/2011	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #965); Triple-DES MAC (Triple-DES Cert. #965, vendor affirmed); RNG (Cert. #774) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "FIPS Approved algorithms (relies on loaded applications): AES (Cert. #1412); RSA (Cert. #688); SHS (Cert. #1282) LaserCard LCCIDProtect is a cryptographic module based on the Athena OS755 Java Card smart card operating system with 72Kbyte of EEPROM. LCCIDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications. LCCIDProtect exposes PKI and biometric APIs and is designed for high performance government and enterprise smart card applications."
1543	CareFusion 10020 Pacific Mesa Blvd. San Diego, CA 92121 USA -Robert Canfield TEL: 858-617-4753 FAX: 858-617-5981 CST Lab: NVLAP 100432-0	Alaris® PC Unit Model 8015 (Hardware Version: Model 8015 with FIPS Kit 11935165; Firmware Versions: 9.7.0, 9.9.0 or 9.12.0) (When operated in FIPS mode with tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/27/2011; 01/11/2012; 09/27/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (1) (Cert. #1436); SHS (Cert. #1301) -Other algorithms: AES (2) (non-compliant); RC4; MD5; SHS (non-compliant); RIPEMD; DES; Triple-DES (non-compliant); RC2-CBC, RC2-ECB, RC2-CFB64, RC2-OFB64; Blowfish; CAST; RSA (non-compliant); DSA (non-compliant); Diffie-Hellman; RNG (non-compliant) Multi-chip standalone "The CareFusion Alaris® PC Unit Model 8015 is a point-of-care unit, which is the main component of the Alaris® System. The Alaris System is a modular system intended for adult, pediatric, and neonatal care in a professional healthcare environment. The Alaris System brings a higher level of medication error prevention to the point of patient care."
1542	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/05/2011	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1541	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Harinder Sood TEL: 301-944-1325 FAX: 301-670-6989 CST Lab: NVLAP 200427-0	3e-523-F2 and 3e-523-3 Secure Multi-function Wireless Data Points (Hardware Versions: (1.0, 1.1 or 1.2) (3e-523-F2) and 2.0 (3e-523-3); Firmware Version: 4.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/29/2011	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1021, #1022 and #1023); HMAC (Certs. #570, #571 and #572); RNG (Cert. #583); RSA (Cert. #490); SHS (Certs. #975, #976 and #977); Triple-DES (Cert. #783) -Other algorithms: AES (Cert. #1021, key wrapping); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The 3e-523-F2 and 3e-523-3 operate as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i."
1540	XYPRO Technology Corporation 3325 Cochran Street Suite 200 Simi Valley, CA 93063 USA -Sheila Johnson TEL: 805-583-2874 FAX: 805-583-0124 -Scott Uroff TEL: 805-583-2874 FAX: 805-583-0124 CST Lab: NVLAP 200427-0	XYGATE /ESDK (Software Version: 3.3.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	04/28/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP with Service Pack 3; HP NonStop Server G06; HP NonStop Server H06; HP NonStop Server J06; HP-UX 10.2; HP-UX 11.11; Solaris 10; IBM AIX 5.2; SuSE Linux Enterprise Server 10; Red Hat Enterprise Linux v5.1; IBM z/OS 1.11 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1571); DSA (Cert. #482); HMAC (Cert. #918); RNG (Cert. #845); RSA (Cert. #764); SHS (Cert. #1391); Triple-DES (Cert. #1028) -Other algorithms: Blowfish; CAST-128; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ElGamal; HMAC MD5; HMAC RIPE-MD; IDEA; MD2; MD4; MD5; RC2; RC4; RC5; RIPE-MD; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Skipjack (non-compliant) Multi-chip standalone "The XYGATE Encryption Software Development Kit [XESDK] is a dynamically linked software library that supplies: symmetric key encryption including the approved AES and TripleDES; hashing algorithms including the approved SHA-1 and SHA-256; public key encryption including RSA; signature algorithms including the approved RSA and DSA; secure session protocols such as SSH, SSL and TLS and e-mail protocols such as PGP and S/MIME. Based on cryptlib by Peter Gutmann, the XESDK, written in C, provides encryption services for applications, communications and databases across multiple computer platforms."
1539	Xirrus, Inc. 2101 Corporate Center Dr Thousand Oaks, CA 91320 USA -Steve Smith TEL: 805-262-1600 FAX: 805-262-1601 CST Lab: NVLAP 100432-0	Xirrus Wi-Fi Array XN4, XN8, XN12 and XN16 (Hardware Versions: P/Ns 190-0109-001 Version D [XN4], 190-0110-002 Version B [XN8], 190-0128-001 Version D [XN12] and 190-0111-001 Version D [XN16]; Firmware Version: 4.1 or 5.0) (When operated in FIPS mode and with tamper evident seals and security straps installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/05/2011	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1009); SHS (Cert. #1325); HMAC (Cert. #860); AES (Certs. #1508 and #1515); RSA (Cert. #715); RNG (Cert. #800) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4 Multi-chip standalone "The Xirrus Wi-Fi Array consists of 4, 8, 12, or 16 802.11abgn access points coupled to a directional antenna system, and integrated together with a multi-gigabit switch, controller, firewall, threat sensor, and spectrum analyzer into a single, easy-to-install device."
1538	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Joe Warren CST Lab: NVLAP 200416-0	Datacryptor® 100M Ethernet (Hardware Version: 1600x439; Firmware Version: 4.5) (When configured with the Multi-Point license as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	04/28/2011; 05/12/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1033, #1490 and #1549); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); NDRNG Multi-chip standalone "The Datacryptor® 100 Mbps Ethernet Layer 2 is a rack-mountable multi-chip standalone cryptographic module designed to secure data in transmissions across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM."
1537	Brocade Communications Systems, Inc. 1745 Technology Drive San Jose, CA, CA 95110 USA -Michael Hong TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200648-0	Brocade Mobility RFS7000 Controller (Hardware Version: RFS7000; Firmware Version: 4.1.0.0-040GR) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/28/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424) -Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "Brocade Mobility RFS7000 Controller provides robust, highly scalable support for seamless mobility for government agencies. The innovative architecture simplifies network deployment and management, provides superior performance, security and scalability. The Brocade Mobility RFS7000 enables campus-wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service and increased voice capacity. Integrated security features include intrusion detection and protection, secure guest access and protection against denial of service attacks."
1536	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen  TEL: 847-576-2352 CST Lab: NVLAP 100432-0	Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.02.00, R01.02.01 or R01.02.02] and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/28/2011; 07/27/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1535	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen  TEL: 847-576-2352  CST Lab: NVLAP 100432-0	Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.02.00, R01.02.01 or R01.02.02] and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/28/2011; 07/27/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1534	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Nexus 7000 18 Slot (Hardware Version: N7K-C7018= N7K-C7018-V01; Software Version: NX-OS System Software for Nexus 7000 Release 5.1(1a) or 5.2.5; NX-OS EPLD Updates for Nexus 7000 Release 5.1(1); NX-OS Kick Start for Nexus 7000 Release 5.1(1a) or 5.2.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/28/2011; 02/23/2012; 07/18/2012	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #1602, #1024, #1197, #1275, #1276, #1426 and #1427); DSA (Cert. #495); HMAC (Certs. #938 and #847); RNG (Cert. #859); RSA (Cert. #784); SHS (Certs. #1415 and #1307); Triple-DES (Cert. #1047) -Other algorithms: DES; HMAC-MD5; MD5; Non-Approved RNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength) Multi-chip standalone "The Cisco Nexus 7000 Series is capable of more than 15 terabits per second (Tbps) of switching capacity and offers market-leading Gigabit Ethernet and 10 Gigabit Ethernet density. Built on a zero-service-loss hardware and software architecture, the Cisco Nexus 7000 Series offers the kind of high availability needed in a next-generation data center, in which virtualization increases the scope of downtime and Unified Fabric demands Fibre Channel-like availability to properly support storage services. The Cisco Nexus 7000 Series was built with manageability in mind and incorporate."
1533	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Nexus 7000 10 Slot (Hardware Version: N7K-C7010= N7K-C7010-V02, FIPS Kit (CISCO-FIPS-KIT=); Software Version: NX-OS System Software for Nexus 7000 Release 5.1(1a) or 5.2.5; NX-OS EPLD Updates for Nexus 7000 Release 5.1(1); NX-OS Kick Start for Nexus 7000 Release 5.1(1a) or 5.2.5) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/15/2011; 02/23/2012; 07/18/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1602, #1024, #1197, #1275, #1276, #1426 and #1427); DSA (Cert. #495); HMAC (Certs. #938 and #847); RNG (Cert. #859); RSA (Cert. #784); SHS (Certs. #1415 and #1307); Triple-DES (Cert. #1047) -Other algorithms: DES; HMAC-MD5; MD5; Non-Approved RNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength) Multi-chip standalone "The Cisco Nexus 7000 Series is capable of more than 15 terabits per second (Tbps) of switching capacity and offers market-leading Gigabit Ethernet and 10 Gigabit Ethernet density. Built on a zero-service-loss hardware and software architecture, the Cisco Nexus 7000 Series offers the kind of high availability needed in a next-generation data center, in which virtualization increases the scope of downtime and Unified Fabric demands Fibre Channel-like availability to properly support storage services. The Cisco Nexus 7000 Series was built with manageability in mind and incorporate."
1532	NetLib® A Subsidiary of Communication Horizons, LLC 65 High Ridge Road, Suite 428 Stamford, CT 06905 USA -Niel Weicher TEL: 203-246-6507 CST Lab: NVLAP 200416-0	NetLib® Encryptionizer® DE/FIPS (Software Versions: 2010.201.10.0 and 2010.501.10.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	04/12/2011	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows 7 (x86); Windows Server 2003 (x86); Windows Server 2008 (x86); Windows 7 (x64); Windows Server 2003 (x64); Windows Server 2008 (x64) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1502 and #1528); SHS (Certs. #1376 and #1377); HMAC (Certs. #905 and #906) -Other algorithms: N/A Multi-chip standalone "The NetLib® Encryptionizer® DE/FIPS versions 2010.201.10.0 and 2010.501.10.0 provide encryption of data stored in server-based and desktop-based databases and files, including MS SQL Server databases and backups . It can be deployed without programming and without adding any administrative overhead. The purpose of whole database encryption is to make a database or file unusable if it is stolen, copied, downloaded, lost, or otherwise improperly accessed. It supports both 32-bit and 64-bit applications."
1531	Motorola, Inc. 6480 Via Del Oro San Jose, CA, CA 95119 USA -Sameer Kanagala TEL: 408-528-2886 FAX: 408-528-2500 -Colin R. Cooper TEL: 408-528-2871 FAX: 408-528-2903 CST Lab: NVLAP 200648-0	RFS7000 RF Switch (Hardware Version: RFS7000; Firmware Version: 4.1.0.0-040GR) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/12/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424) -Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "RFS7000-GR Wireless Switch from Motorola provides robust, highly scalable support for seamless mobility for government agencies. Motorola's architecture simplifies network deployment and management, provides superior performance, security and scalability, and supports emerging RF technologies. The RFS7000-GR enables campus-wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service and increased voice capacity. Integrated security features include intrusion detection and protection, secure guest access and protection against denial of service attacks."
1530	CST Lab: NVLAP 200802-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/04/2011; 10/10/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1529	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 881, Cisco 881G and Cisco 891 Integrated Services Routers (ISRs) (Hardware Versions: 881, 881G, 891 and [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: 15.1(2)T2A and 15.1(2)T3) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/01/2011; 07/27/2011; 02/23/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1527, #962 and #1535); HMAC (Certs. #891 and #537); RNG (Cert. #823); RSA (Cert. #743); SHS (Certs. #1359 and #933); Triple-DES (Certs. #1010 and #757) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "Cisco 880, and Cisco 890 series ISRs provide Internet, VPN, voice, data, and backup capability to corporate teleworkers and remote and small offices of fewer than 20 users. These routers are capable of bridging and multiprotocol routing between LAN and WAN ports, and provide advanced features such as antivirus protection."
1528	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/30/2011	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1527	Systematic Development Group, LLC 350 Jim Moran Blvd. Suite 122 Deerfield Beach, FL 33442 USA -George Wolf TEL: 954-889-3535 x315 CST Lab: NVLAP 100432-0	LOK-IT™ 10 KEY (Series SDG003FM) and LOK-IT™ 5 KEY (Series SDG004FP) (Hardware Versions: HW003-16 Rev:01, HW003-16 Rev:02, HW003-08 Rev:01, HW003-04 Rev:01 (10 Key) and HW004-08 Rev:01 (5 Key);  Firmware Version: USB Controller Firmware Revision V01.12A09-F01 (10 Key and 5 Key) or V01.12A12-F01 (10 Key) ; Security Controller Firmware Revisions SDG003FM-008 (10 Key) and SDG004FP-008 (5 Key)) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/28/2011; 10/04/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1514) -Other algorithms: N/A Multi-chip standalone "LOK-IT™ is a USB Flash drive with a multi-chip embedded cryptographic module architecture as defined by FIPS 140-2. It consists of an Initio 1861 USB controller, NAND Flash memory and a Microchip PIC16F688 security controller. The product supports 256 bit AES encryption of data stored in NAND Flash memory. The drive provides self-contained user authentication without the need for host computer applications. Two derivations of the product exist differing in the number of numeric buttons; the SDG003FM has 10 numeric buttons and the SDG004FP has 5 numeric buttons."
1526	Lexmark International Inc. 740 West New Circle Rd. Lexington, KY 40550 USA -Graydon Dodson TEL: 859-232-6483 CST Lab: NVLAP 200416-0	Lexmark PrintCryption™ (Firmware Version: 1.3.2f) (Requires Option P/N 57X9000 to enable the PrintCryption firmware) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	03/24/2011	Overall Level: 1  -Tested: Lexmark X548 Printer with IBM 750CL processor on Lexmark Linux 2.6.28; Lexmark X792 Printer with Freescale 7448 processor on Lexmark Linux 2.6.28; -FIPS-approved algorithms: AES (Certs. #1209 and #1487); SHS (Certs. #1112 and #1343); RNG (Certs. #670 and #811); RSA (Certs. #579, #730 and FIPS 186-3, vendor affirmed); HMAC (Certs. #704 and #876) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); NDRNG Multi-chip standalone "The Lexmark PrintCryption™ is an option for the Lexmark printers that enables the transfer and printing of encrypted print jobs. With the Lexmark PrintCryption™ module installed, the printer is capable of decrypting print jobs encrypted with the AES (FIPS 197) algorithm. The Lexmark PrintCryption™ analyzes the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the document to be printed."
1525	Xirrus, Inc. 2101 Corporate Center Dr Thousand Oaks, CA 91320 USA -Steve Smith TEL: 805-262-1600 FAX: 805-262-1601 CST Lab: NVLAP 100432-0	Xirrus Wi-Fi Array XS4 and XS8 (Hardware Versions: P/Ns: 190-0092-002 Rev D1 [XS4] and 190-0091-005 Rev A1 [XS8]; Firmware Version: 3.5) (When operated in FIPS mode and with tamper evident seals and security straps installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/01/2011	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #1005); SHS (Cert. #1326); HMAC (Cert. #861); AES (Certs. #470 and #1503); RSA (Cert. #716); RNG (Cert. #801) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4 Multi-chip standalone "The Xirrus Wi-Fi Array consists of 4, 8, 12, or 16 802.11abgn access points coupled to a directional antenna system, and integrated together with a multi-gigabit switch, controller, firewall, threat sensor, and spectrum analyzer into a single, easy-to-install device."
1524	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E7M6 Canada -Iain Holness TEL: 613-221-5049 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	SafeNet Luna EFT (Hardware Version: GRK-09-0100 or GRK-15-0100 [2]; Firmware Version: MAL00000E [1] or MAL000001E [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/23/2011; 10/04/2011	Overall Level: 3  -FIPS-approved algorithms: RNG (Cert. #806); RSA (Certs. #723 and #899); SHS (Certs. #1335 and #1560); Triple-DES (Cert. #994) -Other algorithms: MD5 Multi-chip standalone "SafeNet Luna EFT is designed for Electronic Funds Transfer (EFT) and payment system processing environments, providing powerful end-to-end security for online banking transactions and applications for credit, debit, and chip cards."
1523	Athena Smartcard, Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA -Ian Simmons TEL: 408-786-1028 FAX: 408-608 1818 CST Lab: NVLAP 100432-0	Athena IDProtect (Hardware Version: P/N AT90SC28872RCU Revision G; Firmware Version: 010B.9288.0303) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/05/2011; 04/27/2011; 06/09/2011; 04/12/2013	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #965); Triple-DES MAC (Triple-DES Cert. #965, vendor affirmed); RNG (Cert. #774); -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "FIPS Approved algorithms (relies on loaded applications): AES (Cert. #1412); RSA (Cert. #688); SHS (Cert. #1282) IDProtect is a cryptographic module based on the Athena OS755 Java Card smart card operating system with 72Kbyte of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications. IDProtect exposes PKI and biometric APIs and is designed for high performance government and enterprise smart card applications."
1522	IBM® Corporation 9032 S Rita Road Tucson, AZ 85744 USA -David L. Swanson TEL: 520-799-5515 CST Lab: NVLAP 200427-0	IBM LTO Generation 5 Encrypting Tape Drive (Hardware Versions: 45E8192 EC Level M11221 (Fibre Channel) and 45E8193 EC Level M11221 (SAS); Firmware Versions: pf100923e.A9Q5.FC.fips.ro (Fibre Channel) and pf100923e.A9Q5.SAS.fips.ro (SAS)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/23/2011	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1530, #1531 and #1532); RNG (Cert. #825); RSA (Cert. #744); SHS (Cert. #1361) -Other algorithms: AES (Cert. #1530, key wrapping; key establishment methodology provides 256-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IBM LTO Generation 5 Encrypting Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Two different host interface types of the LTO Generation 5 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
1521	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 2951, Cisco 3925 and Cisco 3945 Integrated Services Routers (ISRs) (Hardware Versions: 2951 [1][2], 3925 [1][3], 3945 [1][3], FIPS Kit (CISCO-FIPS-KIT=), Revision -B0 [1], ISR: FIPS-SHIELD-2951= [2] and FIPS-SHIELD-3900= [3]; Firmware Version: 15.1(2)T2A and 15.1(2)T3) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/18/2011; 04/04/2011; 07/27/2011; 02/23/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1527, #963 and #1536); HMAC (Certs. #891 and #538); RNG (Cert. #823); RSA (Cert. #743); SHS (Certs. #1359 and #934); Triple-DES (Certs. #1010 and #758) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Cisco 2951, 3925 and 3945 Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1520	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco 1905, Cisco 1921, Cisco 1941, Cisco 2901, Cisco 2911 and Cisco 2921 Integrated Services Routers (ISRs) (Hardware Version: 1905 [1][2], 1921 [1][2], 1941 [1][2], 2901 [1][3], 2911 [1][4], 2921 [1][5], FIPS Kit (CISCO-FIPS-KIT=), Revision -B0 [1], ISR: FIPS-SHIELD-1900= [2], FIPS-SHIELD-2901= [3], FIPS-SHIELD-2911= [4] and FIPS-SHIELD-2921= [5]; Firmware Version: 15.1(2)T2A and 15.1(2)T3) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/11/2011; 04/04/2011; 07/27/2011; 02/23/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1527 and #1115); HMAC (Certs. #891 and #627); RNG (Cert. #823); RSA (Cert. #743); SHS (Certs. #1359 and #1038); Triple-DES (Certs. #1010 and #812) -Other algorithms: DES, HMAC-MD5, MD5, RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The Cisco 1905, 1921, 1941, 2901, 2911 and 2921 Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1519	Code Corporation 14870 S. Pony Express Rd. Suite 200 Bluffdale, UT 84065 USA -Tim Jackson TEL: 801-984-7865 FAX: 801-495-0280 CST Lab: NVLAP 100432-0	Code Reader 2500 FIPS and Code Reader 3500 FIPS (Hardware Versions: P/Ns 2512FIPS_01 and 3512FIPS_01; Firmware Version: 4641) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/11/2011; 04/04/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1457); DRBG (Cert. #55) -Other algorithms: NDRNG Multi-chip standalone "Code Corporation’s Code Reader 2500 FIPS or Code Reader 3500 FIPS bar code readers, when used in conjunction with a CodeXML® FIPS Bluetooth® Modem, provide an encrypted wireless bar code reading solution with a working range of up to 300 feet. Code Corporation’s FIPS bar code readers employ a FIPS approved AES-256 algorithm to generate per session keys to encrypt data and a separate key to encrypt overhead communications ensure that the connection between modem and bar code reader is highly secure. The FIPS code has been optimized to provide line speed communications over the wireless link."
1518	GDC Technology (USA), LLC 3500 W. Olive Ave. Suite 940 Burbank, CA 91505 USA -Tim Folk TEL: (877) 743--2872 FAX: 877-643-2872 CST Lab: NVLAP 100432-0	IMB (Hardware Version: GDC-IMB-v1; Firmware Version: 1.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/11/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1278 and #1286); SHS (Certs. #1176, #1178, #1179 and #1180); RNG (Certs. #713 and #716); RSA (Certs. #610 and #613); HMAC (Certs. #743 and #747) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5 Multi-chip embedded "A digital cinema media block designed to be compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management, ASM communications and logging."
1517	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010 CST Lab: NVLAP 200427-0	Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS Firmware (Hardware Versions: 3200: 3200-8-AOS-STD-FIPS-US; 3400: 3400-32-AOS-STD-FIPS-US; 3600: 3600-64-AOS-STD-FIPS-US; 6000: (6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS) with [(minimum one: LC-2G-1, LC-2G24F-1 or LC-2G24FP-1) and (one or two: M3mk1-G10X-10G2X)] (no more than four total); 3200 Revision C4: 3200-8-AOS-STD-FIPS-US Revision C4; 3400 Revision C4: 3400-32-AOS-STD-FIPS-US Revision C4; 3600 Revision C4: 3600-64-AOS-STD-FIPS-US Revision C4; 6000 Revision C4: (6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS) with [(minimum one: LC-2G-1, LC-2G24F-1 or LC-2G24FP-1) and (one or two: M3mk1-G10X-10G2X Revision C4)] (no more than four total); Firmware Versions: 3200, 3400 and 3600: A3000_3.3.2.0-FIPS, A3000_3.3.2.11-FIPS, A3000_3.3.2.14-FIPS, A3000_3.3.2.18-FIPS, A3000_3.3.2.19-FIPS, A3000_3.3.2.20-FIPS, A3000_3.3.2.21-FIPS, A3000_3.4.2.3-FIPS, A3000_3.4.4.0-FIPS; 6000 or A3000_3.4.5.1-FIPS: ArubaOS_MMC_3.3.2.0-FIPS, ArubaOS_MMC_3.3.2.11-FIPS, ArubaOS_MMC_3.3.2.14-FIPS, ArubaOS_MMC_3.3.2.18-FIPS, ArubaOS_MMC_3.3.2.19-FIPS, ArubaOS_MMC_3.3.2.20-FIPS, ArubaOS_MMC_3.3.2.21-FIPS, ArubaOS_MMC_3.4.2.3-FIPS, ArubaOS_MMC_3.4.4.0-FIPS or ArubaOS_MMC_3.4.5.1-FIPS) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/11/2011; 07/19/2011; 02/06/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #465, #762 and #823); HMAC (Certs. #416, #417 and #458); RNG (Cert. #475); RSA (Cert. #399); SHS (Certs. #768, #769 and #823); Triple-DES (Certs. #482, #667 and #694) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength). Multi-chip standalone "Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security stan"
1516	Hewlett-Packard Company 19091 Pruneridge Ave., MS 4441 Cupertino, CA 95014 USA -Theresa Conejero TEL: 408-447-2964 FAX: 408-447-5525 CST Lab: NVLAP 100432-0	HP Enterprise Secure Key Manager (Hardware Version: P/N AJ575A, Version 2.1; Firmware Version: 4.8.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/11/2011; 09/19/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #1480); DSA (Cert. #467); HMAC (Cert. #871); RNG (Cert. #807); RSA (Cert. #726); SHS (Cert. #1338); Triple-DES (Cert. #997) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5; RC4 Multi-chip standalone "The HP Enterprise Secure Key Manager (ESKM) automates key generation and management. It is a hardened security appliance delivering identity-based access, administration, and logging. Additionally, the ESKM provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
1515	Motorola Solutions, Inc. 1303 E. Algonquin Road Schaumburg, IL 60196  USA -Richard Carter TEL: 44-0-1364-655500 FAX: 44-0-1364-654625 CST Lab: NVLAP 100432-0	Motorola PTP 600 Series (Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; P/N WB3593 (HW Security Upgrade Kit); Firmware Version: PTP600 08-50) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/09/2011; 03/28/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: SHS (Cert. #1101); DSA (Cert. #399); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #700); Triple-DES (Cert. #863) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "PTP 600 Series Ethernet bridges offer high performance connectivity and backhaul in challenging non-line-of-sight environments. With carrier-grade reliability, PTP 600 links have class-leading sensitivity and power output which enable links to go farther, while sustaining high throughput regardless of conditions. With data rates up to 300 Mbps and reaching distances up to 124 miles, this Series of high-performance and secure wireless bridges make cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers and public safety organizations."
1514	Apple Inc. 11921 Freedom Drive Reston, VA 20190 USA -Shawn Geddis TEL: 703-264-5103 CST Lab: NVLAP 200002-0	Apple FIPS Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/09/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Apple Mac OS X 10.6 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1400); DSA (Cert. #453); ECDSA (Cert. #176); HMAC (Cert. #823); RNG (Cert. #767); RSA (Cert. #681); SHS (Cert. #1271); TDES (Cert. #955) -Other algorithms: ASC; Blowfish; CAST; DES; RC2; RC4; RC5; FEE; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA (non-compliant key generation) Multi-chip standalone "Mac OS X's security services are built using the open source Common Data Security Architecture. CDSA is a set of layered security services in which the AppleCSP provides the cryptography for services such as FileVault, Encrypted Disk Images, Keychains, Safari, Mail, etc."
1513	SafeNet, Inc. 1655 N Fort Myer Drive Suite 1150 Arlington, VA 22209 USA -SafeNet Government Sales TEL: 703-647-8408 FAX: 410-290-6506 CST Lab: NVLAP 200002-0	SafeNet Encryptor, Model 600 (Hardware Versions: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10014-00x, 904-10112-00x, 904-10113-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-25005-00x, 904-30013-00x, 904-511i0-00p, 904-511i1-00p, 943-511i0-00p and 943-511i1-00p; Firmware Versions: 4.0.2 and 4.0.3) (When operated in FIPS mode. Refer to the cryptographic module's security policy for the details on the letter i, p and x designations.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/04/2011; 06/21/2011	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #647); AES (Certs. #713, #725 and #1232); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks."
1512	SafeNet, Inc. 1655 N Fort Myer Drive Suite 1150 Arlington, VA 22209 USA -SafeNet Government Sales TEL: 703-647-8408 FAX: 410-290-6506 CST Lab: NVLAP 200002-0	SafeNet Encryptor, Model 650 (Hardware Versions: 904-53260-007, 904-53261-007, 904-53361-20p, 943-53270-007, 943-53271-007 and 943-53371-20p; Firmware Versions: 4.0.2 and 4.0.3) (When operated in FIPS mode. Refer to the cryptographic module’s security policy for the details on the letter p designations.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/04/2011; 06/21/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #710, #725 and #1233); Triple-DES (Cert. #647); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
1511	Cavium Networks 805 E. Middlefield Road Mountain View, CA 94043 USA -TA Ramanujam TEL: 650-623-7039 FAX: 650-625-9751 CST Lab: NVLAP 100432-0	NITROX XL 1600-NFBE HSM Family (Hardware Versions: P/Ns CN1620-NFBE1NIC-2.0-G, CN1620-NFBE2NIC-2.0-G, CN1620-NFBE3NIC-2.0-G, CN1610-NFBE1NIC-2.0-G, CN1620-NFBE1-2.0-G, CN1620-NFBE2-2.0-G, CN1620-NFBE3-2.0-G and CN1610-NFBE1-2.0-G, Version: 2.0; Firmware Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/04/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1265 and #1266); DRBG (Cert. #32); ECDSA (Certs. #150 and #188); HMAC (Cert. #736); KAS (Cert. #5); RNG (Cert. #707); RSA (Certs. #607 and #742); SHS (Certs. #1165 and #1166); Triple-DES (Cert. #898); DSA (Cert. #474) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE Multi-chip embedded "The NITROX XL 1600-NFBE HSM adapter family delivers the world’s fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets"
1510	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548 CST Lab: NVLAP 200427-0	F-Secure Kernel Mode Cryptographic Driver for Linux (Software Version: 2.3.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/02/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1556); HMAC (Cert. #908); RNG (Cert. #837); SHS (Cert. #1380); Triple-DES (Cert. #1020) -Other algorithms: Blowfish; DES; HMAC-MD5; HMAC-RIPEMD-160; MD5; RC2; RIPEMD-160 Multi-chip standalone "The F-Secure Cryptographic Library is a software module for Red Hat Enterprise Linux v5 . The module provides an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The modules are designed and implemented to meet the Level 1 requirements of FIPS publication 140-2 when running on a GPC under Red Hat Enterprise Linux v5 ."
1509	Code Corporation 14870 S. Pony Express Rd. Suite 200 Bluffdale, UT 84065 USA -Tim Jackson TEL: 801-984-7865 FAX: 801-495-0280 CST Lab: NVLAP 100432-0	CodeXML® FIPS Bluetooth® Modem (Hardware Version: P/N BTHDFIPS-M2_01; Firmware Version: 0187) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/02/2011; 04/04/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1456) -Other algorithms: N/A Multi-chip standalone "Code Corporation’s CodeXML® FIPS Bluetooth® Modem, when used in conjunction with the Code Reader 2500 FIPS or Code Reader 3500 FIPS bar code readers, provides an encrypted wireless bar code reading solution with a working range of up to 300 feet. The CodeXML® FIPS Bluetooth® Modem employs a FIPS approved AES-256 algorithm with per session keys to ensure that the connection between modem and bar code reader is highly secure. The FIPS code has been optimized to provide line speed communications over the wireless link."
1508	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	ASTRO CDEM Motorola Advanced Crypto Engine (MACE) (Hardware Version: P/N 5185912Y01; Firmware Version: R01.01.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/02/2011	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #819, #1295 and #1297); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); AES (AES Cert. #819, key wrapping; key establishment methodology provides 256 bits of encryption strength); LFSR; DES Single-chip "The ASTRO CDEM MACE provides secure key management and data encryption for the Astro System."
1507	F-Secure Corporation Tammasaarenkatu 7 PL 24 Helsinki, 00180 Finland -Alexey Kirichenko TEL: +358 9 2520 5548 CST Lab: NVLAP 200427-0	F-Secure Kernel Mode Cryptographic Driver (Software Version: 2.3.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/02/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 with Service Pack 2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1543); HMAC (Cert. #894); RNG (Cert. #831); SHS (Cert. #1368); Triple-DES (Cert. #1013) -Other algorithms: Blowfish; DES; HMAC-MD5; HMAC-RIPEMD-160; MD5; PBKDF2; RIPEMD-160 Multi-chip standalone "The F-Secure Kernel Mode Cryptographic Driver is a FIPS 140-2 Level 1 validated software module, implemented as a 32-bit Windows Server 2008, 2008 R2, and Windows 7 compatible export driver. When loaded into computing system memory, it resides at the kernel mode level of the Windows OS and provides an assortment of cryptographic services that are accessible by other kernel mode drivers through a C-language Application Program Interface."
1506	CST Lab: NVLAP 200658-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/28/2011	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1505	IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA -Carl Buscaglia TEL: 845-435-6902 CST Lab: NVLAP 100432-0	IBM 4765 Cryptographic Coprocessor Security Module (Hardware Version: P/Ns 45D6048 Version 1.0 or 41D8612 Version 1.0; Firmware Version: e1ced7a0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/24/2011; 12/21/2012	Overall Level: 4  -FIPS-approved algorithms: AES (Cert. #1294); RNG (Cert. #722); RSA (Cert. #621); SHS (Cert. #1188) -Other algorithms: DES MAC Multi-chip embedded "The IBM 4765 Cryptographic Coprocessor Security Module, is a tamper responding, programmable, cryptographic PCIe card, containing CPU, encryption hardware, RAM, persistant memory, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is designed as a feature in the IBM System z server."
1504	Data Locker Inc. 7500 College Suite 600 Overland Park, KS 66210 USA -Jay Kim TEL: 913-310-9088 FAX: 800-858-4709 CST Lab: NVLAP 200658-0	Data Locker Enterprise, V2.0 (Hardware Versions: P/Ns DL500E2 and DL1000E2; Firmware Version: 2.30) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/24/2011; 03/01/2011	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #250) -Other algorithms: N/A Multi-chip standalone "The Data Locker Enterprise is a fully platform independent, portable encrypted hard drive. Compatible with MAC, Windows and Linux systems, the Data Locker operates without any host based software or drivers. It utilizes an embedded LCD touch screen interface for all authentication and administrative functions. The device is fully 256bit AES CBC Mode encrypted via a dedicated crypto engine."
1503	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 5.0 or 5.0.1) (When operated in FIPS140_MODE or FIPS140_SSL_MODE and initialized with Level 2 Authentication) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/24/2011; 03/28/2011; 09/19/2011; 01/23/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 with Sun JRE 5.0; Microsoft Windows XP SP3 with Sun JRE 6.0 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1465 and #1766); DRBG (Certs. #57 and #117); DSA (Certs. #464 and #552); ECDSA (Certs. #182 and #236); HMAC (Certs. #863 and #1036); RNG (Certs. #802 and #940); RSA (Certs. #717, #881 and FIPS 186-3, vendor affirmed); SHS (Certs. #1328 and #1549); Triple-DES (Certs. #988 and #1143) -Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using encryption techniques to provide a persistent level of protection. RSA BSAFE® Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1502	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 5.0 or 5.0.1) (When operated in FIPS140_MODE or FIPS140_SSL_MODE) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/24/2011; 03/28/2011; 09/19/2011; 01/24/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 with Sun JRE 5.0; Microsoft Windows XP SP3 with Sun JRE 6.0 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1465 and #1766); DRBG (Certs. #57 and #117); DSA (Certs. #464 and #552); ECDSA (Certs. #182 and #236); HMAC (Certs. #863 and #1036); RNG (Certs. #802 and #940); RSA (Certs. #717, #881 and FIPS 186-3, vendor affirmed); SHS (Certs. #1328 and #1549); Triple-DES (Certs. #988 and #1143) -Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using encryption techniques to provide a persistent level of protection. RSA BSAFE® Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1501	ActivIdentity, Inc. 6623 Dumbarton Circle Fremont, CA 94555 USA -Jean-Luc Azou TEL: 510-574-1738 FAX: 510-574-0101 CST Lab: NVLAP 200427-0	Cryptographic Module for F5 and C5 (Software Version: 1.7.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/24/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Technologic Systems® TS-Linux 2.4.26-ts11 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1494); ECDSA (Cert. #186); HMAC (Cert. #879); RNG (Cert. #813); RSA (Cert. #733); SHS (Cert. #1347); Triple-DES (Cert. #1001) -Other algorithms: N/A Multi-chip standalone "ActivIdentity F5 and C5 software development kits are designed to enable vendors to incorporate cryptographic-based technologies into their physical access control applications. The F5 SDK enables physical access strong authentication using FIPS 201 PIV smart cards, in compliance with the authentication modes described in NIST Special Publication 800-116. The C5 SDK enables strong authentication in the case of standalone electronic locks and physical access control systems, by writing digitally signed privileges to and from smart cards."
1500	Pragma Systems, Inc. 13809 Research Boulevard, Suite 675 Austin, TX 78750 USA -Andrew Tull, Vice President, Sales & Marketing TEL: 512-219-7270 FAX: 512-219-7110 -David S. Kulwin TEL: 512-219-7270 FAX: 512-219-7110 CST Lab: NVLAP 200426-0	Pragma Systems Cryptographic Module (Software Version: 1.0.0.12) (When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Certs. #1012, #1010 and #1002 operating in FIPS mode and Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) validated to FIPS 140-2 under Certs. #1009, #1003 and #875 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	02/10/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2003 Server; Microsoft Windows 2008 Server; Microsoft Windows Vista (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #818); Triple-DES (Certs. #656 and #691); HMAC (Certs. #407, #408 and #452); SHS (Certs. #753 and #816); RSA (Certs. #354, #355 and #395); DSA (Certs. #221, #281 and #282); RNG (Certs. #314, #435 and #470); DRNG (SP 800-90, vendor affirmed) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA KeyGen (non-compliant); MD5 Multi-chip standalone "The Pragma Systems Cryptographic Module is a dynamically linked library that provides the cryptographic abstraction used in the Pragma Fortress Secure Shell (SSH) products."
1499	Palo Alto Networks 232 E. Java Drive Sunnyvale, CA 94089 USA -Nicholas Campagna TEL: 408-738-7700 FAX: 408-738-7701 CST Lab: NVLAP 100432-0	PA-500, PA-2000 Series and PA-4000 Series Firewalls (Hardware Versions: HW P/N 910-000006-00D Rev. D with FIPS Kit P/N 920-000005-001 Rev. 1 (PA-500), HW P/N 910-000004-00K Rev. K with FIPS Kit P/N 920-000004-001 Rev. 1 (PA-2020), HW P/N 910-000003-00K Rev. K with FIPS Kit P/N 920-000004-001 Rev. 1 (PA-2050), HW P/N 910-000002-00Q Rev. Q with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4020), HW P/N 910-000001-00P Rev. P with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4050) and HW P/N 910-000005-00G Rev. G with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4060); Firmware Version: 3.1.2 or 3.1.7-h1) (When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/10/2011; 06/21/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1378); Triple-DES (Cert. #950); RSA (Cert. #675); DSA (Cert. #451); HMAC (Cert. #810); SHS (Cert. #1259); RNG (Cert. #760) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; Camellia; RC2; SEED; DES Multi-chip standalone "Palo Alto Network's next-generation firewalls provide network security by enabling enterprises to see and control applications, users, and content - not just ports, IP addresses, and packets - using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls."
1498	SafeNet, Inc. 4690 Millenium Drive Belcamp, MD 21017 USA -Iain Holness TEL: 613-221-5049 FAX: 613-723-5079 CST Lab: NVLAP 100432-0	DataSecure Appliance i150 and i450 (Hardware Versions: P/Ns 947-00150-001 and 947-000031-001; Firmware Version: 4.9.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/01/2011; 02/23/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #916); AES (Cert. #1315); DSA (Cert. #421); RNG (Cert. #733); RSA (Cert. #629); SHS (Cert. #1185); HMAC (Cert. #751) -Other algorithms: RSA (key wrapping, key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; DES; SEED; RC4 Multi-chip standalone "The SafeNet DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
1497	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Secure Access Control Server (ACS) FIPS module (NSS) (Software Versions: 3.12.5 and 3.12.5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/10/2011; 02/23/2012; 04/05/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Cisco CARS 1.2.0.182 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1475); DRBG (Cert. #59); DSA (Cert. #466); HMAC (Cert. #868); RSA (Cert. #722); SHS (Cert. #1334); Triple-DES (Cert. #993) -Other algorithms: Camellia; DES; Diffie-Hellman; EC Diffie-Hellman; MD2; MD5; RC2; RC4; SEED Multi-chip standalone "The Cisco Secure Access Control Server (ACS) FIPS module (NSS) Version 3.12.5 is a software cryptographic library that provides cryptographic services to the Cisco Access Control Server (ACS) application. The Cisco ACS FIPS module (NSS) is a general-purpose cryptographic library, with an API based on the industry standard PKCS #11 version 2.20."
1496	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Secure Access Control Server (ACS) FIPS module (cryptolib) (Software Versions: 1.1, 1.2 and 1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/10/2011; 04/27/2011; 02/23/2012: 06/21/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Cisco CARS 1.2.0.182 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1474); HMAC (Cert. #867); RNG (Cert. #805); RSA (Cert. #721); SHS (Cert. #1333) -Other algorithms: AES (Cert. #1474, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The Cisco Secure ACS FIPS Module Version 1.1 is a software cryptographic library that provides cryptographic services to the Cisco Access Control Server (ACS) application. The Secure ACS FIPS module provides FIPS compliant cryptography supporting AAA for IEEE 802.11i security (WPA2) with EAP protocols like EAP-TLS, EAP-FAST, PEAP with RADIUS Key Wrap functionalities, Cisco TrustSec (CTS), and 802.1x-rev."
1495	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/28/2011; 06/08/2012; 10/15/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1494	Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan -Hirotaka Kondo TEL: +81-46-202-8074 FAX: +81-46-202-6304 CST Lab: NVLAP 100432-0	Sony Security Module (Hardware Version: 1.0.1; Firmware Version: 1.0.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/21/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #901, #902 and #1470); RNG (Certs. #517 and #804); RSA (Cert. #724); SHS (Certs. #882 and #1330); HMAC (Certs. #865 and #866) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; NDRNG Multi-chip embedded "The Sony Security Module (SSM) is cryptographic module to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1493	Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan -Hirotaka Kondo TEL: +81-46-202-8074 FAX: +81-46-202-6304 CST Lab: NVLAP 100432-0	Sony Security Module (Hardware Version: 1.1.0; Firmware Version: 1.1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/21/2011	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #901, #902 and #1470); RNG (Certs. #517 and #804); RSA (Cert. #724); SHS (Certs. #882 and #1330); HMAC (Certs. #865 and #866) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; NDRNG Multi-chip embedded "The Sony Security Module (SSM) is cryptographic module to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1492	IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA -William F Penny TEL: 845-435-3010 CST Lab: NVLAP 200658-0	IBM® z/OS® Version 1 Release 11 System SSL Cryptographic Module (Hardware Versions: FC3863 w/System Driver Level 77 and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Software Versions: System SSL level HCPT3B0/JCPT3B1 with APAR OA31595, RACF level HRF7760 with APAR OA30951 and ICSF level HCR7770 with APAR OA32012; Firmware Version: 4765-001 (e1ced7a0)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software-Hybrid	02/04/2011; 04/12/2011	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with IBM System z10(TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM System z10(TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 77 and z/OS® V1R11] (single-user mode) -FIPS-approved algorithms: AES (Certs. #976, #1418 and #1419); Triple-DES (Certs. #769, #968 and #969); DSA (Certs. #458 and #459); RSA (Certs. #691, #692, #693, #694 and #695); SHS (Certs. #946, #1286 and #1287); HMAC (Certs. #836 and #837); RNG (Certs. #775 and #776) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2 Multi-chip standalone "System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1491	Hughes Network Systems, LLC 11717 Exploration Lane Germantown, MD 20876 USA -Shayla Fahey TEL: 301-548-1239 -Shanti Vedula TEL: 301-212-1016 CST Lab: NVLAP 200556-0	HX280 Broadband Satellite Router (Hardware Version: Rev C.; Firmware Versions: 6.6.0.3 or 6.7.0.10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	01/28/2011; 08/09/2011	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1451 and #1453); SHS (Cert. #1316); HMAC (Cert. #853); DSA (Cert. #463); RNG (Cert. #796) -Other algorithms: Diffie-Hellman (key agreement providing 80 bits of encryption strength); MD5; NDRNG Multi-chip standalone "The Hughes HX280 Mesh/Star Broadband Router is a high-performance satellite router that enables carrier-grade broadband Internet Protocol services with enhanced security protecting all data, management, and signaling traffic over the satellite network, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization, and access control capabilities."
1490	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	Key Variable Loader (KVL) 4000 PIKE2 (Hardware Version: P/N 51009397004; Firmware Version: R01.01.00, R01.01.01, R01.01.04 or R02.03.00) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/28/2011; 06/01/2011; 03/14/2012; 12/07/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); RNG (Cert. #812) -Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP Single-chip "The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1489	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	Key Variable Loader (KVL) 4000 PIKE2 (Hardware Version: P/N 51009397004; Firmware Version: R01.01.00, R01.01.01, R01.01.04 or R02.03.00) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/28/2011; 06/01/2011; 03/14/2012; 12/07/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); RNG (Cert. #812) -Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP Single-chip "The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1488	Schweitzer Engineering Laboratories, Inc. 2350 NE Hopkins Court Pullman, WA 99163 USA -Joe Casebolt TEL: 509-332-1890 FAX: 509-332-7990 CST Lab: NVLAP 100432-0	SEL-3045 (Hardware Version: 1.0; Firmware Version: R100 or R101) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/28/2011; 02/06/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1272); SHS (Cert. #1170); HMAC (Cert. #739); RNG (Cert. #710); DSA (Cert. #412) -Other algorithms: AES (Cert. #1272, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SEL-3045 Secure SCADA Card provides strong cryptographic security to a variety of communications networks. It protects point-to-point, multi-drop, and many-to-many networks. The SEL-3045 secures all byte oriented serial protocols including popular SCADA or PCS protocols like DNP and MODBUS common to PLC, IED and RTU products. It quickly integrates into serial communication networks including modem and data radio."
1487	Athena Smartcard Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA -Ian Simmons TEL: 408-786-1028 FAX: 408-608 1818 CST Lab: NVLAP 100432-0	Athena IDProtect Duo PIV (Hardware Version: P/N AT90SC12872RCFT Revision M; Software Version: P/N Athena PIV Applet Version 2.0; Firmware Version: P/N Athena IDProtect Duo Version 0107.9334.0306) (PIV Card Application: Cert. #20) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/28/2011; 04/12/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); RNG (Cert. #368); RSA (Cert. #296); SHS (Cert. #680) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); Triple-DES (Cert. #598, key wrapping; key establishment methodology provides 80 bits of encryption strength) Single-chip "The Athena IDProtect Duo PIV cryptographic module is compliant with FIPS 201 as an end point compliant card. The PIV application is hosted by the Athena IDProtect dual interface smart card operating system compliant with the Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
1486	Hewlett-Packard Company Longdown Avenue Stoke Grifford, Bristol BS34 8QZ United Kingdom -Laura Loredo TEL: 44 117 312 9341 CST Lab: NVLAP 100432-0	HP LTO-5 Tape Drive (Hardware Version: AQ273C #912 [1], AQ273D #704 [2], AQ273F #900 [3] and AQ283B #103 [4]; Firmware Version: I3BW [1], I3AS [2], I3AZ [3] and Z39W [4]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/28/2011	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1441, #1442, #1443 and #1444); HMAC (Cert. #848); RNG (Certs. #790 and #791); RSA (Certs. #708 and #709); SHS (Certs. #1308 and #1309) -Other algorithms: MD5; AES (AES Cert. #1441, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "HP LTO-5 Tape Drive sets new standards for capacity, performance, and manageability. The HP LTO-5 represents HP's fifth-generation of LTO tape drive technology capable of storing up to 3TB per cartridge while providing enterprise tape drive monitoring and management capabilities with HP TapeAssure and AES 256-bit hardware data encryption, easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges. Capable of data transfer rates up to 280MB/sec, HP's exclusive Data Rate Matching feature further optimizes performance by matching speed of host to"
1485	Hughes Network Systems, LLC 11717 Exploration Lane Germantown, MD 20876 USA -Shayla Fahey TEL: 301-548-1239 -Shanti Vedula TEL: 301-212-1016 CST Lab: NVLAP 200556-0	Hughes Crypto Kernel - Firmware (Firmware Version: 3.1.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Firmware	01/11/2011	Overall Level: 1  -Tested: Hughes HX280 with the VxWorks 5.4 operating system -FIPS-approved algorithms: AES (Cert. #1453); SHS (Cert. #1316); HMAC (Cert. #853); DSA (Cert. #463); RNG (Cert. #796) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 256 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-256."
1484	Hughes Network Systems, LLC 11717 Exploration Lane Germantown, MD 20876 USA -Shayla Fahey TEL: 301-548-1239 -Shanti Vedula TEL: 301-212-1016 CST Lab: NVLAP 200556-0	Hughes Crypto Kernel (Software Version: 3.1.0.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	01/11/2011	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft® Windows Server® 2008 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1450); SHS (Cert. #1314); HMAC (Cert. #851); DSA (Cert. #461); RNG (Cert. #794) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 256 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-256."
1483	Riverbed Technology, Inc. 199 Fremont Street San Francisco, CA 94105 USA -Amol Kabe TEL: 415-344-4447 -Gordon Chaffee TEL: 415-247-7353 CST Lab: NVLAP 200017-0	Steelhead 3020, Steelhead 3520, Steelhead 5520 and Steelhead 6020 Appliances (Hardware Versions: 3020, 3520, 5520 and 6020; Firmware Version: 4.1.10) (When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/11/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DSA(FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant) Multi-chip standalone "The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1482	Riverbed Technology, Inc. 199 Fremont Street San Francisco, CA 94105 USA -Amol Kabe TEL: 415-344-4447 -Gordon Chaffee TEL: 415-247-7353 CST Lab: NVLAP 200017-0	Steelhead 5050 and Steelhead 6050 Appliances (Hardware Versions: 5050 and 6050; Firmware Version: 4.1.10) (When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/11/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DSA(FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant) Multi-chip standalone "The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1481	Riverbed Technology, Inc. 199 Fremont Street San Francisco, CA 94105 USA -Amol Kabe TEL: 415-344-4447 -Gordon Chaffee TEL: 415-247-7353 CST Lab: NVLAP 200017-0	Steelhead 520, Steelhead 1020, Steelhead 1520 and Steelhead 2020 Appliances (Hardware Versions: 520, 1020, 1520 and 2020; Firmware Version: 4.1.10) (When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/11/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DSA(FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant) Multi-chip standalone "The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1480	Riverbed Technology, Inc. 199 Fremont Street San Francisco, CA 94105 USA -Amol Kabe TEL: 415-344-4447 -Gordon Chaffee TEL: 415-247-7353 CST Lab: NVLAP 200017-0	Steelhead 1050 and Steelhead 2050 Appliances (Hardware Versions: 1050 and 2050; Firmware Version: 4.1.10) (When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/11/2011	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DSA(FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant) Multi-chip standalone "The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1479	Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid TEL: 408-737-4308 CST Lab: NVLAP 100432-0	Imation S200/D200 (Hardware Versions: D2-S200-S01 (Rev 1), D2-S200-S02 (Rev 1), D2-S200-S04 (Rev 1), D2-S200-S08 (Rev 1), D2-S200-S16 (Rev 1), D2-D200-S01 (Rev 1), D2-D200-S02 (Rev 1), D2-D200-S04 (Rev 1), D2-D200-S08 (Rev 1), D2-D200-S16 (Rev 1) or D2-D200-S32 (Rev 1); Firmware Version: 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.1.0, 2.1.1 or 2.1.2) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/07/2011; 08/09/2011; 09/19/2011; 10/04/2011; 10/26/2011; 04/24/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1034); RNG (Certs. #587 and #702); RSA (Cert. #605); SHS (Certs. #987 and #1154); HMAC (Cert. #579) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IronKey Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1478	Juniper Networks, Inc. 1194 Norht Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks SRX100, SRX210, SRX240 and SRX650 Services Gateways (Hardware Version: SRX100B, SRX100H, SRX210B, SRX210H, SRX240B, SRX240H and SRX650-BASE-SRE6-645AP with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.0R4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	01/05/2011; 01/20/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #937 and #948); AES (Certs. #1362 and #1373); DSA (Cert. #440); SHS (Certs. #1242 and #1255); RNG (Cert. #748); RSA (Cert. #662); HMAC (Certs. #798 and #806) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5 Multi-chip standalone "Juniper Networks SRX100, SRX210, SRX240 and SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. Supports Firewall, IPsec VPN and IPS."
1477	Juniper Networks, Inc. 1194 Norht Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks LN1000 Mobile Secure Router (Hardware Version: LN1000-V with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.0R4) (The tamper evident seals and security device installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/05/2011	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #936 and #947); AES (Certs. #1351 and #1372); DSA (Cert. #439); SHS (Certs. #1234 and #1254); RNG (Cert. #743); RSA (Cert. #657); HMAC (Certs. #790 and #805) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5 Multi-chip standalone "Juniper Networks LN1000 Mobile Secure Router is an edge access router that delivers a high-performance routing firewall and intrusion detection service (IDS). The LN1000 addresses the growing demand for a network access presence in military, first responder and transportation vehicles, mining and exploration equipment, unmanned aircraft, and power grids."
1476	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Harinder Sood TEL: 301-944-1325 CST Lab: NVLAP 200427-0	3e-525A-3, 3e-525A-3EP, 3e-525A-3MP, 3e-525V-3 and 3e-525Ve-4 AirGuard™ Wireless Access Points (Hardware Version: 2.0(A) (3e-525A-3, 3e-525A-3MP, 3e-525V-3, 3e-525Ve-4), 2.1 (3e-525A-3, 3e-525A-3EP, 3e-525A-3MP, 3e-525V-3, 3e-525Ve-4) and 90000522-001; Firmware Version: 4.4) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/05/2011	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1021, 1022 and 1023); HMAC (Certs. #571 and #572); RNG (Cert. #583); RSA (Cert. #490); SHS (Certs. #976 and #977); Triple-DES (Cert. #783) -Other algorithms: AES CFB (non-compliant); MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The AirGuard™ model 525A-3 and model 525V-3/4 Wireless Access Points are packaged in rugged IP 66 weatherproof enclosure and conforms to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking for wireless applications. In access point or gateway mode, the 525A-3 can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps up to 108 Mbps. The 525V-3/4 incorporates an extra video module to provide capability for remote video surveillance and camera control."