CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 7/11/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
1662 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 4150F
(Hardware Version: NSA-4150-FWEX-FRR and Seal Kit: SAC-4150F-FIPS-KT; Firmware Version: 7.0.1.01.E12)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/29/2011 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1661 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 2150F
(Hardware Version: NSA-2150-FWEX-F and Seal Kit: SAC-2150F-FIPS-KT; Firmware Version: 7.0.1.01.E12)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/29/2011 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications"
1660 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100F
(Hardware Version: NSA-1100-FWEX-F and Seal Kit: SAC-1100F-FIPS-KT; Firmware Version: 7.0.1.01.E12)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/29/2011 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1659 A10 Networks, Inc.
2309 Bering Drive
San Jose, CA 95131
USA

-John Chiong
TEL: 408-325-8668
FAX: 408-325-8666

CST Lab: NVLAP 200648-0

AX Series Advanced Traffic Manager AX2500, AX2600-GCF, AX3000-GCF, AX3000-11-GCF, AX5100, AX5200 and AX5200-11
(Hardware Versions: AX2500, AX2600-GCF, AX3000-GCF, AX5100 and AX5200; Firmware Version: R261-GR1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/29/2011;
06/14/2012
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #1092, #1124, #1128 and #1129); AES (Certs. #1693, #1739 and #1740); SHS (Certs. #1480, #1519, #1524 and #1525); HMAC (Certs. #985, #1011, #1016 and #1017); RSA (Certs. #829, #858, #862 and #863); RNG (Certs. #900 and #933)

-Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The AX Series Advanced Traffic Manager is designed to meet the growing demands of Web sites, carriers and enterprises. The AX offers intelligent Layer 4-7 application processing capabilities with industry-leading performance and scalability to meet critical business requirements at competitive prices. AX Series’ standard redundant components and high availability design ensure organizations non-stop service availability for all types of applications."
1658 Samsung Electronics
San #16 Banwol-Dong
Hwasung-City, Gyeonggi-Do 445-701
Republic of Korea

-Jisoo Kim
TEL: +82-31-208-3870
FAX: +82-10-3204-4201

CST Lab: NVLAP 200648-0

Samsung SSD PM810 SED FIPS 140 Module
(Hardware Versions: MZ5PA128HMCD-010D9 and MZ5PA256HMDR-010D9; Firmware Version: AXM96D1Q)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/29/2011 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1637); SHS (Cert. #1442); HMAC (Cert. #963); RNG (Cert. #878)

-Other algorithms: N/A

Multi-chip standalone

"SAMSUNG SSD PM810 SED FIPS 140 Module provides high-performance AES-256 cryptographic encryption and decryption of the data stored in NAND Flash via SATA interface. The PM810 encryption/decryption creates no degradation in performance compared to non-encrypted SSD. The PM810 supports both the ATA Security Feature Set and TCG Opal SSC. Security Functionalities include user authentication for access control via ISV TCG Opal support, user data encryption for data protection, and instantaneous sanitization of user drive data via cryptographic erase for repurposing or disposal."
1657 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Catalyst 3560-X and 3750-X Switches
(Hardware Versions: (WS-C3560X-24P, WS-C3560X-24T, WS-C3560X-48P, WS-C3560X-48PF, WS-C3560X-48T, WS-C3750X-12S, WS-C3750X-24P, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P, WS-C3750X-48PF, WS-C3750X-48T, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK, C3KX-NM-10GT) with FIPS Kit (C3KX-FIPS-KIT); Firmware Version: 15.0(1)SE2)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/22/2011;
02/23/2012;
05/29/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1024, #1275 and #1749); HMAC (Cert. #1026); RNG (Cert. #932); RSA (Cert. #869); SHS (Cert. #1536); Triple-DES (Cert. #1133)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1749, key wrapping; key establishment methodology provides 128 bits or 256 bits of encryption strength)

Multi-chip standalone

"Cisco Catalyst 3750-X and 3650-X Series Switches are enterprise-class stackable switches that provide high availability, scalability, security, energy efficiency, and ease of operation with innovative features such as Cisco StackPower, Power over Ethernet Plus (PoE+), optional network modules, redundant power supplies, and MAC security. The Catalyst 3750-X and 3650-X Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev"
1656 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI Cryptographic Module for Luna® IS and RSS
(Hardware Version: VBD-03-0100; Firmware Versions: 5.2.7 and 5.2.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/22/2011;
01/11/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #510, #1737 and #1738); DSA (Certs. #542 and #543); ECDSA (Certs. #228 and #229); HMAC (Certs. #1014 and #1015); RNG (Certs. #925 and #926); RSA (Certs. #860 and #861); SHS (Certs. #1522 and #1523); Triple-DES (Certs. #520, #1126 and #1127); Triple-DES MAC (Triple DES Cert. #520; vendor affirmed)

-Other algorithms: AES MAC (Certs. #510, #910 and #913; non-compliant); CAST5; CAST5-MAC; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HAS-160; HAS-160 MAC; KCDSA; MD2; MD5; RC2; RC4; RC5; SEED; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Luna® PCI for Luna® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
1655 Concepteers, LLC
121 Newark Ave
Suite 204
Jersey City, NJ 07302
USA

-David Van
TEL: 201-221-3052
FAX: 201-844-6262

CST Lab: NVLAP 200556-0

Concepteers Teleconsole TCS6U4W
(Hardware Version: A2; Firmware Version: 2.0)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/15/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (1) (Cert. #1544); Triple-DES (Cert. #1014); SHS (Cert. #1369); DSA (Cert. #476); RSA (Cert. #747); HMAC (Cert. #895); RNG (Cert. #832)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (2) (non-compliant); RC4;

Multi-chip standalone

"The Teleconsole S6U4W is a small form factor network appliance providing Secure Remote Diagnostic Access (SRDA) to virtually any technology equipment (IT, Medical, Utilities (SCADA), Manufacturing, Retail (POS) and more). The unified, cross-platform solution is vendor independent and provides Authentication, Authorization, Access and Audit on a single platform to streamline access provisioning, security enforcement and user activity tracking for compliance."
1654 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Michael Hong
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200648-0

Brocade Mobility 7131N Dual-Radio 802.11n FIPS Access Point BR-AP7131N66040FGR and BR-AP7131N66040FWW
(Hardware Versions: BR-AP7131N66040FGR and BR-AP7131N66040FWW; Firmware Version: AP7131N v4.0.1.0-003GRN)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/15/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #831 and #832); AES (Certs. #1147, #1148, #1149 and #1150); SHS (Certs. #1063 and #1064); HMAC (Certs. #652 and #653); RSA (Cert. #543); RNG (Certs. #635 and #636)

-Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); AES (non-compliant); SHS (non-compliant)

Multi-chip standalone

"Brocade Mobility 7131N Dual-radio 802.11n FIPS Access Point delivers the throughput, coverage and resiliency required to build an all-wireless enterprise. The design provides simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and non-data applications such as Wireless IPS"
1653 McAfee, Inc.
3965 Freedom Circle
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050 and M-6050
(Hardware Versions: P/Ns M-1250 Version 1.10 [1], M-1450 Version 1.10 [1], M-2750 Version 1.50 [1], M-2850 Version 1.00 [1], M-2950 Version 1.00 [1], M-3050 Version 1.20 [1], M-4050 Version 1.20 [2] and M-6050 Version 1.40 [2]; FIPS Kit P/Ns IAC-FIPS-KT2 [1] and IAC-FIPS-KT7 [2]; Firmware Version: 6.1.15.35)

(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/15/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC MD5; MD5

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1652 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

SSG 5 and SSG 20
(Hardware Versions: (SSG-5-SB, SSG-5-SB-BT, SSG-5-SB-M, SSG-5-SH, SSG-5-SH-BT, SSG-5-SH-M , SSG-20-SB and SSG-20-SH) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/15/2011;
07/24/2012;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #1061); AES (Cert. #1620); DSA (Cert. #507); SHS (Cert. #1429); RNG (Cert. #868); RSA (Cert. #798); HMAC (Cert. #951); ECDSA (Cert. #205)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of security); NDRNG; DES; MD5

Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1650 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Unified IP Phone 6921, 6941, 6945 and 6961
(Hardware Versions: 6921: 5, 6941: 5, 6945: 4 and 6961: 4; Firmware Version: 9.2(1)SR1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/14/2011;
02/23/2012
Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #1746, #1748 and #1751); HMAC (Certs. #1023, #1025 and #1028); RNG (Cert. #930); RSA (Cert. #867); SHS (Certs. #1533, #1535 and #1538); Triple-DES (Cert. #1131)

-Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Unified IP Phones 6921, 6941, 6945, and 6961 deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1649 AirTight Networks, Inc.
339 N. Bernardo Avenue
Suite 200
Mountain View, CA 94043
USA

-Hemant Chaskar
TEL: 650-961-1111
FAX: 650-961-1169

CST Lab: NVLAP 200002-0

SpectraGuard® Enterprise Server
(Firmware Version: 6.5.35)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 12/14/2011;
01/31/2012
Overall Level: 1 

-Tested: AirTight SA-350 Spectraguard Enterprise Appliance with CentOS 5.2

-FIPS Approved algorithms: AES (Cert. #1545); Triple-DES (Cert. #1015 ); RSA (Cert. #748); DSA (Cert. #477); SHS (Cert. #1370); HMAC (Cert. #896); RNG (Cert. #833)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 178 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); DSA (non-compliant); AES-CTR (non-compliant); ARC4; Blowfish-CBC; CAST128; ARC4-256; ARC4-128; RC2; RC4; DES; IDEA; HMAC-SHA1-96 (non-compliant); HMAC-MD5; HMAC-MD5-96; UMAC-64; RIPEMD-160

Multi-chip standalone

"The implementation performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks"
1648 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Ross Choi
TEL: 972-761-7628

-Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0

Samsung Kernel Crypto API Cryptographic Module
(Software Versions: LK2.6.35.7_AGB_v1.2 and LK2.6.36.3_AHC_v1.2)

(When operated in FIPS mode and only on the specific platforms specified on the reverse)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 12/14/2011 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2 U1); Android Honeycomb w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1732 and #1733); SHS (Certs. #1516 and #1517); RNG (Certs. #921 and #922); Triple-DES (Certs. #1120 and #1121); HMAC (Certs. #1008 and #1009)

-Other algorithms: DES; AES-CTS (non-compliant); Triple-DES (CTR; non-compliant); Twofish; AEAD; MD5; ansi_cprng; ARC4; GHASH (GCM hash)

Multi-chip standalone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
1647 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Unified IP Phone 6901 and 6911
(Hardware Versions: 6901 and 6911: 1.0; Firmware Version: 9.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/22/2011;
02/23/2012
Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #1746 and #1748); HMAC (Certs. #1023 and #1025); RNG (Cert. #930); RSA (Cert. #867); SHS (Certs. #1533 and #1535); Triple-DES (Cert. #1131)

-Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Unified IP Phones 6901 and 6911deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1646 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-8000 P
(Hardware Version: P/N M-8000 P, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 6.1.15.35)

(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/06/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1645 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Web Gateway WG5000 and WG5500 Appliances
(Hardware Versions: 5000 [1] and 5500 [2]; EWG-5000-FIPS-KIT [1] and EWG-5500-FIPS-KIT [2]; Firmware Version: 7.1.0)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/15/2011;
01/17/2012;
08/24/2012;
08/24/2012
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1625 and #1633); Triple-DES (Certs. #1065 and #1069); DSA (Certs. #511 and #514); RSA (Certs. #803 and #807); SHS (Certs. #1434 and #1438); HMAC (Certs. #956 and #960); RNG (Certs. #872 and #875)

-Other algorithms: MD4; MD5; RC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today’s most demanding enterprises. McAfee Web Gateway WG5000 and WG5500 Appliances deliver scalable deployment flexibility and performance. McAfee Web Gateway WG5000 and WG5500 Appliances deliver comprehensive security for all aspects of Web 2.0 traffic."
1644 VMware, Inc.
3401 Hillview Avenue
Palo Alto, CA 94304
USA

-Pam Takahama
TEL: 650-427-2063

CST Lab: NVLAP 200556-0

PCoIP Cryptographic Module for VMware View
(Software Version: 3.5.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 12/06/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP running on a Dell Poweredge 2850; Microsoft Windows XP running on a Dell Optiplex GX260; Red Hat Enterprise Linux (RHEL) 5.1 running on a Dell Poweredge 2850

-FIPS Approved algorithms: AES (Certs. #1639, #1640 and #1642); SHS (Cert. #1443); RNG (Cert. #879); HMAC (Cert. #964)

-Other algorithms: Salsa12; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The PCoIP Cryptographic module for VMware View is a multi-chip standalone cryptographic module evaluated for use on a standard General Purpose Computer (GPC) platform. The overal security level is Level 2. The module consists of a single shared library which is used by both the PCoIP server and the PCoIP client applications."
1643 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Common Cryptographic Module (C3M)
(Software Version: 0.9.8r.1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/29/2011;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with FreeBSD 8.2 (32-bit and 64-bit); Red Hat Enterprise Linux v5 (32-bit and 64-bit); Linux Kernel 2.6.27.7; Yellow Dog Linux 6.2; Windows 7 SP1 (32-bit and 64-bit); Mac OS X 10.6 (32-bit and 64-bit); Openwall Linux 3.0 (32-bit); Android 2.3.3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1759); DSA (Cert. #550); ECDSA (Cert. #234); HMAC (Cert. #1031); RNG (Cert. #937); RSA (Cert. #876); SHS (Cert. #1544); Triple-DES (Cert. #1139)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Common Cryptographic Module (C3M) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols."
1642 U.S. Department of State
301 4th Street SW SA-44
Washington, DC 20547
USA

-Paul Newton
TEL: 202-203-5153
FAX: 202-203-7669

CST Lab: NVLAP 100432-0

PKI BLADE Cosmo
(Hardware Version: P/N B0; Firmware Version: FC10 (with op-code 071964) with ID-One PIV Applet Suite V2.3.2-a and PKI BLADE Applet V1.2)

(PIV Card Application: Cert. #25)

(When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 8.6)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/21/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); AES (Cert. #840); RNG (Cert. #480); RSA (Cert. #403); ECDSA (Cert. #94); SHS (Cert. #833); CVL (Cert. #3)

-Other algorithms: Triple-DES (Cert. #698, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #840, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. #840; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using fingerprint biometrics."
1641 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Version: 5.4fm)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/17/2011;
05/29/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 2.3; Android 4.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1757); Triple-DES (Cert. #1138); SHS (Cert. #1543); HMAC (Cert. #1030); RSA (Cert. #875); DSA (Cert. #549); RNG (Cert. #936)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1640 Watchdata Technologies Pte Ltd
No.2 Yandong Business Park
Wanhong West Street
Capital Airport Road
Beijing, Chaoyang District 100015
People's Republic of China

-Bai Jing

CST Lab: NVLAP 200658-0

WatchKey USB Token
(Hardware Version: K6 with Z32L256D32U and K003010A; Firmware Version: 360C6702)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/17/2011 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #1616); Triple-DES (Cert. #1057); RSA (Cert. #794); DRBG (Cert. #85); SHS (Cert. #1425)

-Other algorithms: SHA-1 (non-compliant)

Multi-chip standalone

"The WatchKey USB token provides digital signature generation and verification for online authentication of online transactions and data encryption/decryption to online service users."
1639 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 5940 Embedded Services Routers
(Hardware Versions: Cisco 5940 ESR air-cooled card and Cisco 5940 ESR conduction-cooled card; Firmware Version: 15.2(3)GC)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/16/2011;
02/23/2012;
07/18/2012;
02/08/2013
Overall Level: 1 

-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #1643); DRBG (Cert. #89); HMAC (Certs. #537 and #965); RSA (Cert. #811); SHS (Certs. #933 and #1444); Triple-DES (Certs. #757 and #1073)

-Other algorithms: DES; DES MAC; HMAC-MD5; MD4; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)

Multi-chip embedded

"The Cisco 5940 is a high-performance, ruggedized router. With onboard hardware encryption, the Cisco 5940 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The Cisco 5940 Embedded Services Routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The Cisco 5940 Router Card uses industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology."
1638 Chunghwa Telecom Co., Ltd. Telecommunication Laboratories
12, Lane 551, Min-Tsu Road SEC.5,
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886-3-424-4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0

HiKey - Flash and HiKey PKI Token
(Hardware Versions: 2.0 and 2.1; Software Version: Card OS version 3.2 with PKI Applet: 2.1; Firmware Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/16/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1710); Triple-DES (Cert. #1100); Triple-DES MAC (Triple-DES Cert. #1100, vendor affirmed); SHS (Cert. #1493); HMAC (Cert. #988); DRBG (Cert. #106); RSA (Cert. #839)

-Other algorithms: MD5; HMAC-MD5; RIPEMD 160; HMAC-RIPEMD 160; RSA (encrypt/decrypt); AES MAC (AES Cert. #1710; non-compliant)

Multi-chip standalone

"The HiKey Flash and HiKey PKI Token modules are multi-chip standalone implementations of a cryptographic module. The Hikey - Flash and HiKey PKI Token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HiKey - Flash and HiKey PKI Token cryptographic modules contain an implementation of the Global Platform (GP) Version 2.1.1 specification defining a secure infrastructure for post-issuance programmable smart cards."
1637 Certicom Corp.
5520 Explorer Drive
Fourth Floor
Mississauga, Ontario L4W 5L1
Canada

-Mike Harvey
TEL: 905-507-4220
FAX: 905-507-4230

-Worldwide Sales & Marketing Headquarters
TEL: 703-234-2357
FAX: 703-234-2356

CST Lab: NVLAP 200556-0

Security Builder® FIPS Java Module
(Software Versions: 2.8 and 2.8.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/16/2011;
08/24/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10, 32-bit; Solaris 10, 64-bit; Red Hat Linux AS 5.5, 32-bit; Red Hat Linux AS 5.5, 64-bit; Windows Vista, 32-bit; Windows Vista, 64-bit; Windows 2008 Server, 64-bit (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #964); AES (Cert. #1411); SHS (Cert. #1281); HMAC (Cert. #832); RNG (Cert. #773); DSA (Cert. #455); ECDSA (Cert. #179); RSA (Cert. #687); DRBG (Cert. #52); KAS (Cert. #8)

-Other algorithms: ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
1636 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Seagate Secure Constellation® ES [18-27] and Constellation®.2 [1-17] Self-Encrypting Drives FIPS 140 Module
(Hardware Versions: 9XU268 [1, 6], 9XU268-251 [2, 7, 9, 11, 14], 9XU268-257 [3, 8, 10, 12, 13, 15], 9XU268-047 [4], 9XU268-090 [5], 9XU264 [1, 6], 9XU264-251 [2, 7, 9, 11, 14], 9XU264-257 [3, 8, 10, 12, 13, 15], 9XU264-047 [4], 9XU264-090 [5], 9XU168 [16, 17], 9XU164 [16, 17], 9XU162 [16, 17], 1AV268 [18, 20], 1AV264 [18, 20], 1AV264-257 [19, 22, 24], 1AV264-251 [21, 23, 25], 1AV262 [18, 20], 1AV168 [26, 27], 1AV164 [26, 27] and 1AV162 [26, 27]; Firmware Versions: A002 [1], ASF2 [2], ANF1 [3], NS01 [4], QF70 [5], 0003 [6, 14], ASF5 [7], AEF3 [8], ASF8 [9], AEF5 [10], ASF9 [11], AEF6 [12], AEF7 [13], ASFC [14], AEFB [15], 0002 [16, 20, 27], A001 [18, 26], PNF0 [19], PSF1 [21], PEF3 [22], PSF4 [23], PEF4 [24] and PSF5 [25])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/10/2011;
03/14/2012:
06/21/2012;
10/17/2012;
12/12/2012;
01/25/2013;
02/20/2014
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1416, #1417 and #1343); DRBG (Cert. #62); SHS (Cert. #1225); RSA (Cert. #650)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in Seagate Constellation®.2 and Constellation® ES SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1635 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Seagate Secure Constellation® ES.2 [33-56], Savvio® 10K.5 [1-20] and Savvio® 15K.3 [21-32] Self-Encrypting Drives FIPS 140 Module
(Hardware Versions: 9XS066 [1, 7], 9XS066-251 [2, 8, 13, 16, 20], 9XS066-257 [3, 9, 14, 17, 18], 9XS066-047 [4], 9XS066-090 [5, 11], 9XS066-031 [10, 19], 9XS066-037 [10, 19], 9XS066-046 [12], 9XR066 [1, 7], 9XR066-251 [2, 8, 13, 16, 20], 9XR066-257 [3, 9, 14, 17, 18], 9XR066-047 [4], 9XR066-090 [5, 11], 9XR066-038 [6, 15], 9XR066-046 [12], 9XP066 [1, 7], 9XP066-047 [4], 9XP066-090 [5, 11], 9XP066-046 [12], 9XN066 [1, 7], 9XN066-251 [2, 8, 13, 16, 20], 9XN066-257 [3, 9, 14, 17, 18], 9XN066-047 [4], 9XN066-090 [5, 11], 9XN066-046 [12], 9XM066 [21, 24], 9XM066-251 [22, 25, 26, 29, 31], 9XM066-257 [23, 26, 28, 30, 32], 9XL066 [21, 24], 9XL066-251 [22, 25, 26, 29, 31], 9XL066-257 [23, 26, 28, 30, 32], 9XT260 [33, 39, 51], 9XT260-251 [34, 40, 44, 47, 52, 53, 54], 9XT260-257 [35, 41, 45, 48, 49], 9XT260-038 [36, 46], 9XT260-047 [37], 9XT260-090 [38], 9XT260-031 [42, 50], 9XT260-037 [42, 50], 9XT260-046 [43], 9XT267 [39, 51] and 9XT160 [55, 56]; Firmware Versions: A002 [1, 21], CSF2 [2], CNF1 [3], NS03 [4], HF72 [5], NA00 [6, 46], 0003 [7, 24], CSF4 [8], CEF3 [9], CE01 [10], HF75 [11], 6E01 [12], CSF7 [13], CEF4 [14], F740 [15], CSF8 [16], CEF5 [17], CEF6 [18], CE06 [19], CSFA[20], YSF3 [22], YNF2 [23], YSF5 [25], YEF4 [26], YSF8 [27], YEF5 [28], YSF9 [29], YEF6 [30], YSFB [31], YEF9 [32], 0002 [33], RSF3 [34], RNF3 [35], NQE1 [36], NS01 [37], NF72 [38], 0005 [39], RSF5 [40], REF5 [41], YE01 [42], 6EA1 [43], RSF8 [44], REF6 [45], RSFA [47], REF7 [48], REF8 [49], YE04 [50], 0006 [51], RSFC [52], RSFD [53], RSFE [54], F000 [55] and F003 [56])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/10/2011;
11/17/2011;
03/14/2012;
06/21/2012;
10/17/2012;
12/12/2012;
01/25/2013;
10/18/2013;
02/20/2014;
06/05/2014
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1416, #1417 and #1343); DRBG (Cert. #62); SHS (Cert. #1225); RSA (Cert. #650)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure Enterprise Self-Encrypting Drives FIPS 140 Module 2 is embodied in Seagate Constellation® ES.2, Savvio® 15K.3, and Savvio® 10K.5 SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1634 Pierson Capital Technology LLC
129 North La Salle Street
Suite 3800
Chicago, IL 60602
USA

-Frank Psaila
TEL: +86 13501108625
FAX: +86 1085183930

-Likely Lee
TEL: +86 13810220119
FAX: +86 1085183930

CST Lab: NVLAP 200658-0

MIIKOO
(Hardware Version: D4; Firmware Versions: Device Bootstrap v3.1, Device Application 006262 and Cryptographic Algorithm v2.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/10/2011 Overall Level: 3 

-FIPS Approved algorithms: RSA (Cert. #737); Triple-DES (Cert. #1004); SHS (Cert. #1351); HMAC (Cert. #884); DRBG (Cert. #63)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"MIIKOO combines fingerprint recognition and additional cryptography capabilities to generate Dynamic PINs. It is compatible with any type of bank cards by seamlessly providing the added biometrical triggering of dynamic PIN security over the existing financial transaction network."
1633 Doremi Labs
1020 Chestnut St.
Burbank, CA 91506
USA

-Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

-Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 200802-0

Dolphin DCI 1.2
(Hardware Versions: DOLPHIN-DCI-1.2-A0, DOLPHIN-DCI-1.2-A1, DOLPHIN-DCI-1.2-C0 and DOLPHIN-DCI-1.2-C1; Firmware Versions: 2.0.8p, 21.03m-1 and 99.03f)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/10/2011;
06/07/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #521, #532 and #1252); HMAC (Certs. #271 and #731); SHS (Certs. #593 and #1148); RNG (Certs. #326, #693, #696 and #700); RSA (Certs. #600, #601 and #777)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNGs; MD5; HMAC-MD5

Multi-chip embedded

"The Dolphin DCI 1.2 is a PCI-card that provides a standard definition/high definition serial digital interface. This is a Doremi decoder hardware card that contains a JPEG-2000 decoder hardware and BNC serial digital interface connectors used in Doremi Digital Cinema Servers like the DCP-2000. The Dolphin DCI 1.2 utilizes a dual-link encoded serial digital interface for output of DCI compliant resolutions up to 2040x1080p24 (2K-film). It can also operate single link for lower resolution material (i.e. trailers, advertisement, etc.)."
1632 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Ross Choi
TEL: 972-761-7628

-Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0

Samsung Key Management Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/10/2011 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Gingerbread w/ Linux kernel v.2.6.35.7 (Galaxy S2); Android Honeycomb w/ Linux kernel v.2.6.36.3 (P4 LTE, P4 WiFi) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1741 and #1742); SHS (Certs. #1528 and #1529); RNG (Certs. #928 and #929); HMAC (Certs. #1018 and #1019); PBKDF (SP 800-132, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Provides general purpose key management services to user-space applications on the mobile platform."
1630 Advantor Systems, LLC
12612 Challenge Parkway
Suite 300
Orlando, FL 32826
USA

-Chuck Perkinson
TEL: 407-926-6960
FAX: 407-857-1635

CST Lab: NVLAP 200427-0

Infraguard Processor Module
(Hardware Version: 5.1; Firmware Version: 1.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/10/2011 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1736); HMAC (Cert. #1013); RNG (Cert. #924); SHS (Cert. #1521)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Infraguard Processor Module (IPM) is a multi-chip, embedded, plug-in encryption module coated with an opaque, tamper evident material. The IPM is used to provide secure LAN and telephone modem communications for Advantor Systems' physical security systems. The IPM is embedded in multiple products, including an alarm panel and an alarm panel receiving product."
1629 Protected Mobility LLC
6259 Executive Blvd
Rockville, MD 20852
USA

-Paul Benware
TEL: 585-582-5601
FAX: 585-582-3297

-Donald Paris
TEL: 301-770-4556
FAX: 240-238-6637

CST Lab: NVLAP 200697-0

PMCryptolib
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/16/2011 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with iOS 4.2; iOS 4.3; Android 2.2; Android 2.3; Android 3.0; (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1716); SHS (Cert. #1499); DRBG (Cert. #108); HMAC (Cert. #991); ECDSA (Cert. #222)

-Other algorithms:

Multi-chip standalone

"PMCryptolib is a dynamic linked library software module. The module provides cryptographic services through a Application Programming Interface (API)."
1628 NAL Research Corporation
9300 West Courthouse Rd.
Suite 102
Manassas, VA 20110
USA

-Peter Kormendi
TEL: 703-392-1136

CST Lab: NVLAP 200697-0

XM Crypto Module
(Firmware Version: 1.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 11/07/2011 Overall Level: 1 

-Tested: A3LA-XM with A3LA-XM OS ver. 1.1.0

-FIPS Approved algorithms: AES (Cert. #1698)

-Other algorithms: N/A

Multi-chip standalone

"A3LA-XM is a modem comprised of the XM Crypto Module encryption board and a communication board. It is designed to transmit AES 256-bit encrypted data via a communication network. The A3LA-XM has an internal micro-controller programmed to monitor the modems connectivity status to prevent hardware lock-up. Similar to a standard landline modem, the A3LA-XM can be controlled by any DTE (data terminal equipment) capable of sending standard AT commands via an RS232 serial or a USB 2.0 port."
1627 Communication Devices Inc.
85 Fulton St., Unit #2
Boonton, NJ 07005-1912
USA

-Donald Snook
TEL: 973-334-1980

CST Lab: NVLAP 200002-0

Port Authority Series
(Hardware Versions: PA111-SA CDI 01-03-0912B, PA111-RM CDI 01-03-0912B, PA155-RM CDI 01-03-0912B and PA199-RM CDI 01-03-0912B; Firmware Version: 10.00.78)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/01/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #1375); SHS (Cert. #1257); HMAC (Cert. #808); RNG (Cert. #758)

-Other algorithms: AES (Cert. #1375, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Multi-chip standalone

"Secure Out of Band Management appliance with network port, internal modem, and up to 9 serial ports. Allows Secure Out of Band Access to Firewalls, Routers, Network appliances etc.. Supports up to 256 bit AES CFB encryption."
1626 ViaSat UK Ltd.
Sanford Lane
Wareham, Dorset BH20 4DY
United Kingdom

-Tim D. Stone
TEL: +44 1929 55 44 00
FAX: +44 1929 55 25 25

CST Lab: NVLAP 200556-0

FlagStone Core
(Hardware Versions: V2.0.1.1, V2.0.1.2, V2.0.1.3, V2.0.2.1, V2.0.2.2, V2.0.2.3, V2.0.3.3, V2.0.3.4, V2.0.4.5, V2.0.5.3, V2.0.5.4 and V2.0.5.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/31/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #922 and #923); RNG (Cert. #531)

-Other algorithms: N/A

Multi-chip embedded

"The FlagStone Core is a multi-chip embedded cryptographic module used within the Eclypt ranges of drives. The FlagStone Core, and subsequently the Eclypt ranges of drives utilising the FlagStone Core, provide access control and data encryption services to protect access to data stored on a connected HDD/SSD (Hard Disk Drive/Solid Data Drive). All accessible sectors on a drive connected to a FlagStone Core are encrypted. The Eclypt range of drives includes Eclypt, Eclypt Freedom and Eclypt Nano."
1625 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Version: 5.3.1v)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/30/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with ThreadX v5.3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1717); Triple-DES (Cert. #1104); SHS (Cert. #1500); HMAC (Cert. #992); RSA (Cert. #843); DSA (Cert. #529); ECDSA (Cert. #223); RNG (Cert. #910)

-Other algorithms: AES (Cert. #1717, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2; RC4; AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1624

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/24/2011;
12/21/2011
Overall Level: 4 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip embedded

1623

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/24/2011;
12/21/2011
Overall Level: 4 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip embedded

1622 Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

-Kevin Nigh
TEL: 412-262-2571
FAX: 919-865-0679

CST Lab: NVLAP 200928-0

CEP10-R, CEP10 VSE and CEP10-C
(Hardware Versions: [CEP10-R, PN 410-032-402, A], [CEP10 VSE, PN 410-032-402, A], [CEP10-C, PN 410-032-602, A] and [CEP10 VSE, PN 410-032-602, A]; Firmware Version: 1.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 10/24/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #673, #1089 and #1090); AES (Certs. #779, #1680 and #1681); SHS (Certs. #781, #1466 and #1467); HMAC (Certs. #426, #983 and #984); RSA (Certs. #825 and #826); DSA (Certs. #523 and #524); RNG (Certs. #891 and #892)

-Other algorithms: MD5; HMAC-MD5; ARC2; ARC4; AES-XCBC-MAC-96 (non-compliant); DES; Blowfish; AEAD; EC Diffie-Hellman; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 to 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Certes Networks CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the Certes Networks CEP10-R and CEP10 VSE has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP's local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1621 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 7606-S and 7609-S Routers with Supervisor SUP720-3B
(Hardware Versions: 7606-S and 7609-S with SUP720-3B; Firmware Version: 15.1(3)S5)

(When operated in FIPS mode with the tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/28/2011;
02/09/2012;
02/23/2012;
07/09/2012;
08/16/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #1634); DRBG (Cert. #88); HMAC (Cert. #961); RSA (Cert. #808); SHS (Cert. #1439); Triple-DES (Cert. #1070)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; DES MAC; HMAC MD5; MD4; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 7606-S and 7609-S routers are designed for deployment at the network edge, where robust performance and IP/Multiprotocol Label Switching services are necessary to meet the requirements of both enterprises and service providers. It enables Carrier Ethernet service providers to deploy an advanced network infrastructure that supports a range of IP video and triple-play (voice, video, and data) system applications in both the residential and business services markets. They also deliver WAN and metropolitan-area network networking solutions at the enterprise edge."
1620 Klas Ltd
1101 30th Street NW
Suite 500
Washington, DC 20007
USA

-Frank Murray
TEL: 866-263-5467
FAX: (866)-532-3091

CST Lab: NVLAP 100432-0

KlasRouter
(Hardware Version: KlasRouter, Versions 3.02 and 3.03; Firmware Version: KlasOS3, Version 3.1.0 rc0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/19/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #1599); Triple-DES (Cert. #1045); HMAC (Cert. #936); SHS (Cert. #1411); ECDSA (Cert. #197); RNG (Cert. #856)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); NDRNG; MD5; HMAC-MD5; DSA (non-compliant)

Multi-chip standalone

"KlasRouter is a low-power router that provides Virtual Private Networking (including Suite-B algorithms), WAN Acceleration, VLAN and a host of other networking features in a compact package. KlasRouter is standards-based and hence is interoperable with any infastructure and the perfect solution for establishing a remote office in a secure environment."
1619 Juniper Networks, Inc.
1194 North Mathilda Avenue
Sunnyvale, CA 94089-1206
USA

-Seyed Safakish
TEL: 408-745-2000
FAX: 408-745-2100

-Bishakha Banerjee
TEL: 408-745-2000
FAX: 408-745-2100

CST Lab: NVLAP 100432-0

FIPS Multi Service PIC
(Hardware Versions: PE-MS-100-1, PB-MS-100-1, PB-MS-400-2 and PC-MS-500-3; Firmware Version: 10.4 R1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/19/2011 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #465); Triple-DES (Certs. #482 and #1046); SHS (Certs. #768 and #1414); HMAC (Certs. #416 and #937); RSA (Cert. #783); RNG (Cert. #858)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; DES

Multi-chip embedded

"The FIPS Multiple Service PIC supports compressed real time protocol (CRTP), high-speed Network Address Translation (NAT), stateful firewall, tunnel services, IPSec encryption and J-Flow accounting today while having built-in headroom to support additional services in the future."
1618

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/18/2011 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1617 Dell, Inc.
One Dell Way
Round Rock, TX 78682
USA

CST Lab: NVLAP 200697-0

Dell PowerConnect J-Series J-SRX100, J-SRX210 and J-SRX240 Services Gateways
(Hardware Versions: (J-SRX100B, J-SRX100H, J-SRX210B, J-SRX210BE, J-SRX210H, J-SRX210HE, J-SRX210H-POE, J-SRX210HE-POE, J-SRX240B, J-SRX240H and J-SRX240H-POE) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R3)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 10/06/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1064); AES (Cert. #1624); DSA (Cert. #510); SHS (Cert. #1433); RNG (Cert. #871); RSA (Cert. #802); HMAC (Cert. #955)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"Dell Inc. J-SRX100, J-SRX210, and J-SRX240 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. Supports Firewall, Ipsec VPN and IPS."
1616 Concepteers, LLC
121 Newark Ave
Suite 204
Jersey City, NJ 07302
USA

-David Van
TEL: 201-221-3052
FAX: 201-844-6262

CST Lab: NVLAP 200556-0

Concepteers Teleconsole E
(Hardware Version: rev A1; Firmware Version: 2.0)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 10/05/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1547); Triple-DES (Cert. #1017); SHS (Cert. #1374); DSA (Cert. #479); RSA (Cert. #752); HMAC (Cert. #903); RNG (Cert. #836)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Teleconsole E is an enterprise network appliance providing Secure Remote Diagnostic Access (SRDA) to virtually any technology equipment (IT, Medical, Utilities (SCADA), Manufacturing, Retail (POS) and more). The unified, cross-platform solution is vendor independent and provides Authentication, Authorization, Access and Audit on a single platform to streamline access provisioning, security enforcement and user activity tracking for compliance."
1615 Symantec Corporation
20330 Stevens Creek Blvd.
Cupertino, CA 95014
USA

-John Bordwine
TEL: 703-885-3854

CST Lab: NVLAP 200556-0

Symantec Java Cryptographic Module
(Software Version: 1.0)

(This module contains the embedded module RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/30/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389 and vendor affirmed: SP 800-90); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614)

-Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE; RIPEMD 160; RNG (X9.31 non-compliant; MD5; SHA-1 non-compliant); RC2; RC4; RC5; RSA OAEP (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"The Symantec Java Cryptographic Module provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite."
1614 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Version: 5.4f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/30/2011;
10/26/2011;
11/08/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Vx Works 6.7; Android 2.2; VxWorks 5.5; VxWorks 6.2; VxWorks 6.4; WindRiver 4.0 using Linux 2.6.34 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1505, #1506, #1507, #1509 and #1510); Triple-DES (Cert. #1006); SHS (Cert. #1353); HMAC (Cert. #885); RSA (Cert. #738); DSA (Cert. #472); ECDSA (Cert. #187); RNG (Cert. #819); DRBG (Cert. #64)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt)

Multi-chip standalone

"The Mocana Cryptographic Suite B Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1613 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks SRX100, SRX210, SRX220, SRX240 and SRX650 Services Gateways
(Hardware Versions: (SRX100B, SRX100H, SRX210B, SRX210BE, SRX210H, SRX210HE, SRX210H-POE, SRX210HE-POE, SRX220H, SRX220H-POE, SRX240B, SRX240H, SRX240H-POE, SRX650-BASE-SRE6-645AP and SRX650-BASE-SRE6-645DP) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 10/06/2011;
11/08/2011;
12/11/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1064); AES (Cert. #1624); DSA (Cert. #510); SHS (Cert. #1433); RNG (Cert. #871); RSA (Cert. #802); HMAC (Cert. #955)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"SRX100, SRX210, SRX220, SRX240 and SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus and data center applications, are powered by Juniper Networks JUNOS the proven"
1612 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Loadable Kernel Module
(Software Version: 5.4f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/29/2011;
10/26/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 2.2; WindRiver 4.0 using Linux 2.6.34 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1505, #1506, #1507, #1509 and #1510); Triple-DES (Cert. #1006); SHS (Cert. #1353); HMAC (Cert. #885); RNG (Cert. #819)

-Other algorithms: DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Loadable Kernel Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1611 Juniper Networks, Inc.
1194 North Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks SRX3400 and SRX3600 Services Gateways
(Hardware Versions: (SRX3400BASE-AC, SRX3400BASE-DC, SRX3600BASE-AC and SRX3600BASE-DC) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 10/06/2011;
11/08/2011;
12/11/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1032 and #1033); AES (Certs. #1575 and #1577); DSA (Cert. #486); SHS (Certs. #1395 and #1396); RNG (Cert. #849); RSA (Cert. #768); HMAC (Certs. #922 and #923)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"Juniper Networks SRX3000 Series line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX3000 Series line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions."
1610 EMC Corporation
176 South Street
Hopkinton, MA 01748
USA

-Dan Reddy
TEL: 508-249-2733

-Kerry Mahoney
TEL: 508-249-4940
FAX: 508-249-3172

CST Lab: NVLAP 200427-0

4 Gb/s FC I/O Module with Encryption
(Hardware Version: 303-176-100B B04)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/26/2011 Overall Level: 1 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1638)

-Other algorithms: AES (Cert. #1638, key wrapping)

Multi-chip embedded

"Data at Rest Encryption provides hardware-based, back-end encryption for EMC storage systems. Back-end encryption protects information from unauthorized access when drives are physically removed from the system. It also offers a convenient means of decommissioning all drives in the system at once. EMC 4Gb/s Fibre Channel I/O modules implement AES-XTS 256-bit encryption on all drives in the system. These modules encrypt/decrypt data as it is written to and read from a drive. The drives need not be self-encrypting because the I/O module encrypts. All back end drive types are thus supported."
1609 AirTight Networks, Inc.
339 N. Bernardo Avenue
Suite 200
Mountain View, CA 94043
USA

-Hemant Chaskar
TEL: 650-961-1111
FAX: 650-961-1169

CST Lab: NVLAP 200002-0

SpectraGuard® Enterprise Sensor
(Hardware Version: SS-300-AT-C-10 [1] and SS-300-AT-C-60 [2] with SS-FIPS-TPL; Firmware Version: 6.2.39p1 [1] and 6.7.U4.48FIPS [2])

(When operated in FIPS mode and with tamper evident seals installed over the ventilation openings as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/26/2011;
09/16/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1310 and #2609); SHS (Certs. #1199 and #2193); RNG (Certs. #732 and #1235); RSA (Certs. #628 and #1335); HMAC (Certs. #763 and #1617)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"The module performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks."
1608 Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA 94304
USA

-Gloria English
TEL: 408-447-3979

-Mihai Damian
TEL: 408-447-3977

CST Lab: NVLAP 200002-0

NonStop Volume Level Encryption (NSVLE)
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/26/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Debian Linux HPTE Ver. 3.0.0; Debian Linux HPTE Ver. 4.0.0 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1364 and #1365); Triple-DES (Cert. #941); SHS (Cert #1246); RNG (Cert. #751); HMAC (Cert. #800); RSA (Cert. #666)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

1607 Verdasys, Inc.
404 Wyman St.
Suite 320
Waltham, MA 02451
USA

-Harvey Morrison
TEL: 781-788-8180

CST Lab: NVLAP 200002-0

Verdasys Secure Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 09/26/2011;
08/24/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit; Windows XP 64-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1384); SHS (Cert. #1261); DRBG (Cert. #50); HMAC (Cert. #814); RSA (Cert. #677)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG (non-compliant)

Multi-chip standalone

"The Verdasys FIPS Kernel Mode Cryptographic Module, VSEC.SYS, is a software module that provides cryptographic services for Digital Guardian's server and endpoint products. The Verdasys FIPS Kernel Mode Cryptographic Module is leveraged in a variety of functions including securing communication, protecting agent components, and file encryption."
1606 Fortress™ Technologies, Inc.
2 Technology Park Dr
Suite 2200
Oldsmar, FL 34677
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200427-0

Fortress Mesh Points
(Hardware Versions: ES210, ES300, ES440, ES520v1, ES520v2 and ES820; Firmware Version: 5.3.1)

(When operated in FIPS mode and with the tamper evident seals and glue installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/26/2011;
05/17/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #688, #694 and #1519); DRBG (Cert. #66); HMAC (Certs. #367, #371 and #889); KAS (Cert. #10); RNG (Certs. #402 and #406); RSA (Cert. #439); SHS (Certs. #717, #721 and #1357)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits security strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits security strength); MD5

Multi-chip standalone

"The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1605 Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

-Kevin Nigh
TEL: 412-262-2571
FAX: 919-865-0679

CST Lab: NVLAP 200928-0

CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE
(Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 1.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/26/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #482, #667, #1089 and #1090); AES (Certs. #465, #762, #1680 and #1681); SHS (Certs. #768, #769, #1466 and #1467); HMAC (Certs. #416, #417, #983 and #984); RSA (Certs. #825 and #826); DSA (Certs. #523 and #524); RNG (Certs. #891 and #892)

-Other algorithms: MD5; HMAC-MD5; ARC2; ARC4; AES-XCBC-MAC-96 (non-compliant); DES; Blowfish; AEAD; EC Diffie-Hellman; Diffie-Hellman (key agreement; key establishment methodology provides 97 bits of encryption strength; non-complaint); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Certes Networks CEP encryptors are high performance, integrated encryption appliances that offers full line rate Ethernet Frame encryption for 10Mbps Ethernet transports. Housed in a tamper evident chassis, the Certes Networks CEP has two functional 10BaseT Ethernet ports used for traffic. Traffic on the CEP local port is received from and transmitted to the trusted network in the clear, while traffic on the CEP's remote port has security processing applied to it. Security processing can be data confidentiality, data integrity and data authentication."
1604 Centrify Corporation
785 N. Mary Avenue
Suite 200
Sunnyvale, CA 94085
USA

-Kitty Shih
TEL: 408-542-7500
FAX: 408-542-7575

CST Lab: NVLAP 200648-0

Centrify Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/20/2011;
12/01/2011
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.6.5; Mac OS X 10.7; RedHat Enterprise Linux ES v5 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1018 and #1208); AES (Certs. #1554 and #1861); SHS (Certs. #1375 and #1637); HMAC (Certs. #904 and #1108); RSA (Certs. #755 and #941); DSA (Certs. #480 and #580); DRBG (Certs. #69 and #149)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Centrify Cryptographic Module is a general purpose cryptographic library. The Centrify Cryptographic Module provides the cryptographic services for all Centrify products."
1603 Ciena® Corporation
1201 Winterson Road
Linthicum, MD 21090
USA

-Mark Kettle
TEL: 613-763-2422
FAX: 613-763-7191

-Bao-Chau Nguyen
TEL: 613-763-1671
FAX: 613-763-7191

CST Lab: NVLAP 200556-0

Optical Metro 5130
(Hardware Version: Chassis: NTB200BAE5 Rev: 03, S-DNM: NTB211AAE5 Rev: 02, Filler: NTB207BAE5 Rev: 02, and Seal Kit: NTB209LAE6; Firmware Version: 4.00.008.927)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/20/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (1) (Cert. #1462); Triple-DES (Cert. #986); SHS (Cert. #1324); HMAC (Cert. #859); RNG (Cert. #799)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); AES (2) (non-compliant); DES; Blowfish; MD5; OM5130 Key-based scrambler

Multi-chip standalone

"The OM 5130 cost effectively simplifies and secures data file mobility between data centers. The OM 5130 increases WAN efficiency, natively consolidates data and storage networks onto a common encrypted WAN link and delivers definable time-of-day bandwidth management that allocates bandwidth to the required application at the required time of day."
1602 Juniper Networks, Inc.
1194 North Mathilda Ave.
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks SRX5600 and SRX5800 Services Gateways
(Hardware Versions: (SRX5600BASE-AC, SRX5600BASE-DC, SRX5800BASE-AC and SRX5800BASE-DC) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.4R4)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/20/2011;
11/08/2011;
12/11/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1030 and #1034); AES (Certs. #1573 and #1578); DSA (Cert. #484); SHS (Certs. #1393 and #1397); RNG (Cert. #847); RSA (Cert. #766); HMAC (Certs. #920 and #924)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"Juniper Networks SRX5000 line of services gateways is the next generation solution for securing the ever increasing network infrastructure and applications requirements for both enterprise and service provider environments. Designed from the ground up to provide flexible processing scalability, I/O scalability, and services integration, the SRX5000 line can meet the network and security requirements of data center hyper-consolidation, rapid managed services deployments, and aggregation of security solutions."
1601 McAfee, Inc.
27201 Puerta Real, Suite 400
Mission Viejo, CA 92691
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

McAfee Endpoint Encryption for PCs
(Software Version: 5.2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/08/2011;
10/04/2011
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit; Windows Vista 64-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHS (Cert. #1247); RNG (Cert. #752)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"McAfee Endpoint Encryption for PCs is a Software Only Module which resides on general purpose computer systems. The module is used for whole disk encryption that enables users to secure sensitive data stored on hard disk drives in the event of a lost or stolen workstation or laptop computer. McAfee Endpoint Encryption for PCs is an enterprise class software product that is centrally managed and can be deployed to large heterogeneous enterprise environments."
1600 IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0

IBM® z/OS® Version 1 Release 12 System SSL Cryptographic Module
(Hardware Versions: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Software Version: System SSL level HCPT3C0/JCPT3C1 w/ APAR OA34156, RACF level HRF7770 and ICSF level HCR7770 w/ APAR OA34205; Firmware Version: 4765-001 (e1ced7a0))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 09/08/2011 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R12] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1702, #1703 and #1713); Triple-DES (Certs. #1093, #1094 and #1103); DSA (Certs. #526 and #527); RSA (Certs. #831, #832, #844, #845 and #846); SHS (Certs. #1485, #1486 and #1497); HMAC (Certs. #986 and #987); RNG (Certs. #901 and #902)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2; ECDSA (non-compliant)

Multi-chip standalone

"System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1599 STMicroelectronics, Inc.
750 Canton Drive
Suite 300
Coppell, TX 75019
USA

-Gianfranco Scherini
TEL: 408-919-8426
FAX: 408-919-0250

CST Lab: NVLAP 200802-0

HardCache™-SL3/PC v2.1
(Hardware Version: STM7007)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/20/2011 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1068); SHS (Cert. #1219); HMAC (Cert. #781); Triple-DES (Cert. #798); ECDSA (Cert. #155); RSA (Cert. #623); RNG (Cert. #725)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Single-chip

"The STMicroelectronics HardCache™-SL3/PC v2.1 Cryptographic Module (HW rev STM7007) is a single chip cryptographic module designed as a hardware accelerated encryption engine for computer and peripheral applications. The cryptographic module is targeted for PC applications including desktop client, laptop, and server systems. Benefits compared to competing hardware and software solutions include better overall system performance, low power, and tamper resistant hardware security."
1598 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Bordwine
TEL: 703-885-3854
FAX: 301-514-3726

CST Lab: NVLAP 200556-0

Symantec Cross-Platform Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/02/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 2003 Server (32-bit); RHEL 5 (32-bit); Solaris 10 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1614); Triple-DES (Cert. #1055); RSA (Cert. #792); DSA (Cert. #502); SHS (Cert. #1423); HMAC (Cert. #946); DRBG (Cert. #83)

-Other algorithms: DES; Camellia; SEED; RC2; RC4; MD2; MD5; RSA (Cert. #792, key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Symantec Cross-Platform Cryptographic Module (SymCPM) is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCPM is implemented in the C programming language and consists of three components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
1597 Bomgar Corporation
578 Highland Colony Parkway
Paragon Centre, Suite 300
Ridgeland, MS 39157
USA

-Main Office
TEL: 601-519-0123
FAX: 601-510-9080

-Victor Wolff
TEL: 703-483-5515
FAX: 601-510-9080

CST Lab: NVLAP 200426-0

B200™ and B300™ Remote Support Appliances
(Hardware Version: B200, B300 or B300r1; Software Version: 10.6.2 FIPS; Firmware Version: 3.2.2 FIPS)

(When operated in FIPS mode and with the tamper evident seals applied as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/31/2011;
10/26/2011
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1563); Triple-DES (Cert. #1027); RSA (Cert. #762); SHS (Cert. #1388); HMAC (Cert. #915); RNG (Cert. #844)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5

Multi-chip standalone

"Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1596 Bomgar Corporation
578 Highland Colony Parkway
Paragon Centre, Suite 300
Ridgeland, MS 39157
USA

-Main Office
TEL: 601-519-0123
FAX: 601-510-9080

-Victor Wolff
TEL: 703-483-5515
FAX: 601-510-9080

CST Lab: NVLAP 200426-0

B400™ Remote Support Appliance
(Hardware Version: B400 or B400r1; Software Version: 10.6.2 FIPS; Firmware Version: 3.2.2 FIPS)

(When operated in FIPS mode and with the tamper evident seals applied as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/31/2011;
10/26/2011
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1563); Triple-DES (Cert. #1027); RSA (Cert. #762); SHS (Cert. #1388); HMAC (Cert. #915); RNG (Cert. #844)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5

Multi-chip standalone

"Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1595 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Gorczyca

CST Lab: NVLAP 200556-0

Symantec Enterprise Vault Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode with module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode or Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/31/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Microsoft Windows Server 2008 R2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #818 and #1168); Triple-DES (Certs. #691 and #846); RSA (Certs. #395, #559 and #568); SHS (Certs. #816 and #1081); HMAC (Certs. #452 and #687); RNG (Cert. #470); DRBG (Cert. #23)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ANSI X9.31 RSA (KeyGen, non-compliant); ANSI X9.31 RSA (SigVer, non-compliant); RC2; RC4; MD5; MD2; MD4; DES

Multi-chip standalone

"Symantec Enterprise Vault Cryptographic Module is a multi-chip standalone physical embodiment. The module consists of a DLL which interfaces with the Microsoft Cryptographic API to provide the required cryptographic functionality. The Enterprise Vault Cryptographic Module may be used for encryption/decryption of Enterprise Vault passwords, hashing of indexes, and random number generation."
1594 SafeNet, Inc.
1655 N Fort Myer Drive
Suite 1150
Arlington, VA 22209
USA

-SafeNet Government Sales
TEL: 703-647-8408
FAX: 410-290-6506

CST Lab: NVLAP 200002-0

SafeNet Ethernet Encryptor, Branch Office
(Hardware Versions: 943-5020v-004 [1] [2] and 943-50211-001 [2]; Firmware Versions: 1.0.6.4 [1] and 2.0.2 [2])

(When operated in FIPS mode. Refer to the cryptographic module's security policy for the details on the letter v designations.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/27/2011 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1243); HMAC (Cert. #740); RNG (Cert. #690); RSA (Cert. #596); SHS (Cert. #1142); Triple-DES (Cert. #890)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Camellia; SEED

Multi-chip standalone

"The SafeNet Ethernet Encryptor Branch Office provides data privacy and access control for connections between vulnerable public and private networks. It employs a FIPS-approved AES algorithm and can be deployed in 10 Megabit Ethernet networks. The encryptor can be centrally controlled or managed across multiple remote stations using SafeNet's Security Management Center (SMC), a SNMPv3-based security management system."
1593 Mxtran Inc.
9F, No.16, Li-Hsin Road, Science Park
Hsin-chu, Taiwan 300
Republic of China

-C.W. Pang
TEL: +886-3-6661778#29300
FAX: +886-3-6662568

CST Lab: NVLAP 200824-0

Mxtran Payeeton Solution
(Hardware Version: MX11E25644E; Firmware Version: Simker v2.30)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/22/2011 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #1007); AES (Cert. #1511); RSA (Cert. #739); SHS (Cert. #1354); HMAC (Cert. #886); RNG (Cert. #820)

-Other algorithms: N/A

Single-chip

"Mxtran Payeeton Solution (MPS, hereafter referred to as the module) of Mxtran Inc. acts as a flexible platform for diversified mobile commerce services, allowing Mxtran clients to support both proximity payment and mobile payment via SMS for prepaid, online paid and post-paid services including e-ticketing, e-coupons, access control, membership management and more. Mxtran leverages extensive integrated circuit expertise to deliver highly customizable, portable applications and payment services in a single handset."
1592 Harris Corporation
221 Jefferson Ridge Parkway
Lynchburg, VA 24501
USA

-Brian Justice
TEL: 434-455-9586

-Joyce O'Quinn
TEL: 434-455-6458

CST Lab: NVLAP 200427-0

Harris Unified Audio Card
(Hardware Version: EA-103168-002; Firmware Versions: MPC 860: SK-007765-007 v R03A08, DSP: SK-007765-013 v R03A05, Boot Loader / Factory Test: R03A02, Low Level Boot: R01D01 and DSP Factory Test: R01D02)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/22/2011 Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #1652 and #1653), HMAC (Cert. #970), RNG (Cert. #883), SHS (Cert. #1450)

-Other algorithms: AES MAC (AES Cert. #1652, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Harris UAC is a multi-channel analog audio gateway used to interface analog radio communication equipment such as conventional base stations to radio systems and other devices on a Voice Interoperability Data Access (VIDA) network."
1591 Symantec Corporation
20330 Stevens Creek Blvd
Cupertino, CA 95014
USA

-John Bordwine
TEL: 703-885-3854
FAX: 301-514-3726

CST Lab: NVLAP 200556-0

Symantec Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/12/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (32-bit); Red Hat Enterprise Linux 4.8 (32-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1607); Triple-DES (Cert. #1052); DSA (Cert. #498); SHS (Cert. #1420); RNG (Cert. #861); RSA (Cert. #789); HMAC (Cert. #943)

-Other algorithms: DES; Blowfish; CAST; IDEA; RC2; RC4; RC5; MD2; MD4; MD5; RipeMD; MDC-2; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (Cert. #789, key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Symantec Cryptographic Module is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCrypt is implemented in the C programming language and consists of a shared library that is linked with SSIM application components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
1590 BAE Systems
2525 Network Place
Herndon, VA 22171
USA

-John Ata
TEL: 703-736-4384
FAX: 703-736-4348

CST Lab: NVLAP 200427-0

STOP OS 7 Kernel Cryptographic Module
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/10/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with STOP 7.3 Beta 1 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1603); DRBG (Cert. #78); HMAC (Cert. #939); SHS (Cert. #1416); Triple-DES (Cert. #1048)

-Other algorithms: DES

Multi-chip standalone

"The STOP 7 Kernel Cryptographic Module is a library that is distributed as part of the monolithic kernel. The module provides the general purpose cryptographic functionality used by the kernel and kernel modules."
1589 ZTE Corporation
NO. 55, Hi-tech Road South
Shen Zhen, Guangdong Province 518057
People's Republic of China

-Mr. Royce Wang
TEL: +86-755-2677 0345
FAX: +86-755-2677 0347

CST Lab: NVLAP 200658-0

UEP Cryptographic Module
(Software Version: 4.11.10)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/10/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with NewStart CGS Linux V3.02 with Sun JDK/JRE 1.6.0_11 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1039 and #1040); AES (Certs. #1583 and #1584); DSA (Certs. #489 and #490); SHS (Certs. #1402 and #1403); RSA (Certs. #773 and #774); HMAC (Certs. #929 and #930); DRBG (Certs. #73 and #74)

-Other algorithms: N/A

Multi-chip standalone

"UEP cryptographic mpdule provides general purpose cryptographic services intended to protect data in transit and at rest."
1588 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

Agent Cryptographic Module
(Software Version: 1.0 or 1.1)

(When operated in FIPS mode with module RSA BSAFE Crypto-C Micro Edition validated to FIPS 140-2 under Cert. #828 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 08/05/2011;
04/26/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (x86 32-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #490); Triple-DES (Cert. #501); RSA (Cert. #203); SHS (Cert. #560); RNG (Cert. #270); DSA (Cert. #199);

-Other algorithms: NDRNG

Multi-chip standalone

"McAfee Agent Cryptographic Module provides cryptographic operations for McAfee Agent, a software agent used in conjunction with McAfee ePolicy Orchestrator (ePO) to manage and monitor numerous end-point security products."
1587 McAfee Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

ePO Cryptographic Module
(Software Version: 1.0, 1.1, 1.2, 1.3, or 1.4)

(When operated in FIPS mode with module RSA BSAFE® Crypto-J validated to FIPS 140-2 under Cert. #1047 operating in FIPS mode and with module RSA BSAFE® Crypto-C Micro Edition validated to FIPS 140-2 under Cert. #1092 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 08/05/2011;
11/17/2011;
04/02/2012;
08/16/2012;
01/04/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP (x86 32 bit) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #670 and #860); RSA (Certs. #312 and #412); SHS (Certs. #703 and #855); RNG (Certs. #390 and #492); DSA (Cert. #311); Triple-DES (Cert. #707);

-Other algorithms: NDRNG

Multi-chip standalone

"McAfee ePO Cryptographic Module provides cryptographic operations for McAfee ePolicy Orchestrator (ePO), a security management software that allows enterprises to unify the management of numerous end-point, network, and data security products."
1586 ZTE Corporation
NO. 55, Hi-tech Road South
Shen Zhen, Guangdong Province 518057
People's Republic of China

-Mr. Royce Wang
TEL: +86-755-2677 0345
FAX: +86-755-2677 0347

CST Lab: NVLAP 200658-0

Unified Platform Cryptographic Library
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/09/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with EMBSYS (TM) Carrier Grade Embedded Linux V3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1585 and #1586); Triple-DES (Certs. #1041 and #1042); SHS (Certs. #1404 and #1405); RSA (Certs. #775 and #776); DSA (Certs. #491 and #492); HMAC (Certs. #931 and #932); DRBG (Certs. #75 and #76)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); IDEA; DES; RC2; RC4; MD2; MD4; MD5; RIPEMD; CAST; Blowfish

Multi-chip standalone

"Unified Platform Cryptographic Library provides general purpose cryptographic services intended to protect data in transit and at rest."
1585 Fortinet, Inc.
13221 Woodland Park Road
Suite 110
Herndon, VA 20171
USA

-Phil Fuster, Vice President, Federal Operations
TEL: 703-709-5011 x2807
FAX: 703-709-2180

CST Lab: NVLAP 200426-0

FortiGate-80C [1], FortiGate-110C [2] and FortiGate-111C [3]
(Hardware Versions: C4BC61 [1], C4HA15 [2] and C4BQ31 [3]; Firmware Version: FortiOS 4.0, build6359, 100712)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2011 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1404, #1408 and #1409); Triple-DES (Certs. #957, #961 and #962); RNG (Cert. #770); SHS (Certs. #1274, #1278 and #1279); HMAC (Certs. #825, #829 and #830); RSA (Certs. #685 and #686)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1584 Fortinet, Inc.
13221 Woodland Park Road
Suite 110
Herndon, VA 20171
USA

-Phil Fuster, Vice President, Federal Operations
TEL: 703-709-5011 x2807
FAX: 703-709-2180

CST Lab: NVLAP 200426-0

FortiGate-1240B [1], FortiGate-3016B [2], FortiGate-3600A [3] and FortiGate-3810A-E4 [4]
(Hardware Versions: C4CN43 [1], C4XA14 [2], V3BU94 [3] and C3GV75 [4]; Firmware Version: FortiOS 4.0, build6341, 100617)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2011 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1404, #1408 and #1409); Triple-DES (Certs. #957, #961 and #962); RNG (Cert. #770); SHS (Certs. #1274, #1278 and #1279); HMAC (Certs. #825, #829 and #830); RSA (Certs. #685 and #686)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1583 Fortinet, Inc.
13221 Woodland Park Road
Suite 110
Herndon, VA 20171
USA

-Phil Fuster, Vice President, Federal Operations
TEL: 703-709-5011 x2807
FAX: 703-709-2180

CST Lab: NVLAP 200426-0

FortiGate-200B [1], FortiGate-300A [2], FortiGate-300A-HD [3], FortiGate-310B [4], FortiGate-311B [5], FortiGate-620B [6] and FortiGate-800 [7]
(Hardware Versions: C4CD24 [1], C4FK88 [2], C4FK88 [3], C4ZF35 [4], C4CI39 [5], C4AK26 [6] and C4UT39 [7]; Firmware Version: FortiOS 4.0, build6359, 100712)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2011 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1404, #1405, #1408, #1409 and #1463); Triple-DES (Certs. #957, #958, #961, #962 and #987); RNG (Cert. #770); SHS (Certs. #1274, #1275, #1278, #1279 and #1327); HMAC (Certs. #825, #826, #829, #830 and #862); RSA (Certs. #685 and #686)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1582 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

IPCryptR2
(Hardware Version: P/N BLN1306A; Firmware Version: R03.01.51)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2011 Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: Level 3
-Operational Environment: Level 3

-FIPS Approved algorithms: AES (Certs. #1424 and #1425); SHS (Cert. #1292); RNG (Cert. #778); ECDSA (FIPS 186-3, vendor affirmed)

-Other algorithms: AES MAC (AES Cert. #1424, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1424, key wrapping; key establishment methodology provides 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); LFSR; NDRNG

Multi-chip standalone

"The IPCryptR2 provides secure key management and data encryption in Astro, Dimetra and Broadband Systems."
1581 Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Check Point IP Appliance
(Hardware Versions: IP290 (CPAP-IP295-D-GFIP [Nokia NBB0292000] and N431174001, CPAP-IP295-D-AC-DS [Nokia NBB0295000] and N431174001) and IP690 (CPAP-IP695-D-GFIP [Nokia NBB0692000], CPIP-A-4-1C and N431174001); Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA-30)

(When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #497, #709, #769 and #342); Triple-DES (Certs. #507, #637, #510, #638, #729, #669 and #406); HMAC (Certs. #248, #384, #251, #385, #499, #421 and #146); SHS (Certs. #564, #734, #567, #735, #883, #775 and #417); DSA (Certs. #202 and #271); RSA (Certs. #211, #332, #213 and #333); RNG (Certs. #275, #417, #277 and #418)

-Other algorithms: CAST; DES; HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement, key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (K3 mode; non-compliant)

Multi-chip standalone

"The Check Point IP Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1580 Hewlett-Packard TippingPoint
7501 N. Capital of Texas Highway
Austin, TX 78737
USA

-Dinesh Vakharia
TEL: 512-681-8271

-Freddie Jimenez Jr.
TEL: 512-681-8305

CST Lab: NVLAP 200427-0

HP TippingPoint Security Management System
(Firmware Version: 3.2.0.8312.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 08/10/2011 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-Tested: Fedora Core 10 Operating System running on a HP ProLiant DL320 G6 Server

-FIPS Approved algorithms: AES (Certs. #1631 and #1632); DRBG (Cert. #87); DSA (Cert. #513); HMAC (Certs. #958 and #959); RNG (Cert. #874); RSA (Certs. #805 and #806); SHS (Certs. #1436 and #1437); Triple-DES (Certs. #1067 and #1068)

-Other algorithms: Blowfish; CAMELLIA; CAST; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); IDEA; MD2; MD5; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED

Multi-chip standalone

"The HP Security Management System Appliance Series delivers enterprise-class security management capabilities that are simple to use and extremely powerful. The Security Management System Appliance is a hardened appliance that provides both global vision and security policy control for large-scale deployments of all HP products, including HP Intrusion Prevention Systems (IPS), Core Controllers, and SSL Appliances. The appliance is responsible for discovering, monitoring, configuring, diagnosing, remediating, and reporting for global IPS deployments."
1579 Certicom Corp.
4701 Tahoe Blvd.,
Building A
Mississauga, Ontario L4W 0B5
Canada

-Randy Tsang
TEL: 289-261-4189

-Certicom Eastern US Sales Office
TEL: 703-234-2357
FAX: 703-234-2356

CST Lab: NVLAP 200426-0

Security Builder FIPS Module
(Software Version: 5.6, 5.6.1 or 5.6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/21/20111;
06/05/2012;
08/16/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with QNX Neutrino Version 6.6 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1054); AES (Cert. #1609); SHS (Cert. #1422); HMAC (Cert. #945); RNG (Cert. #863); DRBG (Cert. #82); DSA (Cert. #500); ECDSA (Cert. #200); RSA (Cert. #791); KAS (Cert. #14; key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

-Other algorithms: DES; DESX; AES CCM* (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECIES; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Security Builder FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1578 BlackBerry
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Security Certifications Team
TEL: 519-888-7465 x 72921
FAX: (519) 888-9852

CST Lab: NVLAP 200426-0

BlackBerry OS Cryptographic Library
(Software Version: 5.6, 5.6.1 or 5.6.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 07/21/2011;
06/05/2012;
08/16/2012;01/24/2013;
02/22/2013;
04/11/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with BlackBerry® Tablet OS Version 2.0 (Binary compatible to BlackBerry® Tablet OS Version 1.0) (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1053); AES (Cert. #1608); SHS (Cert. #1421); HMAC (Cert. #944); RNG (Cert. #862); DRBG (Cert. #81); DSA (Cert. #499); ECDSA (Cert. #199); RSA (Cert. #790); KAS (Cert. #13; key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength)

-Other algorithms: DES; DESX; AES CCM* (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECIES; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The BlackBerry OS Cryptographic Library is a software module that provides the cryptographic functionality required for secure operation of the BlackBerry® PlayBook™ and devices running the BlackBerry® 10 OS ."
1577 Futurex
864 Old Boerne Rd.
Bulverde, TX 78163
USA

-Paul Enman
TEL: 830-980-9782
FAX: 830-438-8782

CST Lab: NVLAP 100432-0

EXP9000 Hardware Security Module
(Hardware Version: P/N 9750-2075, Revision B; Firmware Version: 4.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/05/2011 Overall Level: 3 

-FIPS Approved algorithms: RSA (Cert. #810); AES (Cert. #1636); Triple-DES (Cert. #1072); SHS (Cert. #1441); HMAC (Cert. #962); RNG (Cert. #877)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; DES; TR-31

Multi-chip embedded

"The EXP9000 cryptographic module provides secure encryption, storage, and transmission of sensitive data used in a wide variety of applications including Futurex Hardware Security Modules (HSM) and Key Management Servers (KMS)."
1576 Teledyne Webb Research
82 Technology Park Drive
East Falmouth, MA 02536
USA

-David Pingal
TEL: 508-548-2077 x 146

CST Lab: NVLAP 200002-0

MiniCrypt
(Software Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 07/21/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Persistor CF1 HW system with Motorola MC68CK338CPV14 processor running PicoDOS version 2.26

-FIPS Approved algorithms: AES (Cert. #1268); SHS (Cert. #1168); HMAC (Cert. #738)

-Other algorithms: N/A

Multi-chip standalone

"MiniCrypt is a small, low resource utilization, software library for use in embedded systems, providing encryption, decrypting, hashing and message authentication functions."
1575 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 519-886-4839

CST Lab: NVLAP 200556-0

BlackBerry Smartcard Reader
(Hardware Version: 2.0; Firmware Version: 3.8.5.51)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/15/2011 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1172); HMAC (Cert. #672); SHS (Cert. #1084); RNG (Cert. #648); RSA (Cert. #555); ECDSA (Cert. #140)

-Other algorithms: EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"The BlackBerry Smart Card Reader for BlackBerry devices is an accessory that, when used in proximity to certain Bluetooth(R) enabled BlackBerry devices and computers, integrates smart card use with the BlackBerry Enterprise Solution, letting users authenticate with their smart cards to log in to Bluetooth enabled BlackBerry devices and computers."
1574 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

Endpoint Encryption Manager
(Software Version: 5.2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/15/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Windows Server 2003 Standard Edition SP2 on Dell Optiplex GX620 with 3.0 GHz Intel Pentium D Processor 830 (1 CPU) (32 bit); Windows Server 2008 64 bit Enterprise Edition on Dell PowerEdge 2970 with 1.7 GHz quad core AMD Opteron 2344 Processor (2 CPUs) (64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHS (Cert. #1247); RNG (Cert. #752)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"McAfee Endpoint Encryption Manager (EEMgr) is the central management console for McAfee Endpoint Encryption for PC clients and users. The EEMgr allows authorized administrators to manage system users and computers, configure and apply security policies, recover user credentials, and create custom login tokens to be used with smart cards and PKI systems."
1573 U.S. Department of State
301 4th Street SW SA-44
Washington, DC 20547
USA

-Paul Newton
TEL: 202-203-5153
FAX: 202-203-7669

CST Lab: NVLAP 100432-0

PKI BLADE Applet and Protiva PIV DL Card
(Hardware Version: P/N P5CD144 Version A1047808; Firmware Version: EI08-M1004069, Softmask V01, PIV Applet V1.55 and PKI BLADE Applet V1.2)

(PIV Card Application: Cert. #22)

(When operated in FIPS mode with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 12)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/15/2011;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed); SHS (Cert. #786); RSA (Cert. #372); RNG (Cert. #450); CVL (Cert. #214)

-Other algorithms: Triple-DES (Cert. #678, key wrapping; key establishment methodology provides 100 bits of encryption strength)

Single-chip

"The PKI/BLADE applet is based on ISO 7816 and GSC-IS commands interface. The applet is designed to be loaded on any Java card compliant with JavaCard v2.2.1 and Global Platform v2.1.1 specifications including PIV certified Java cards. It is designed to provide services for PKI based logical access applications and to provide strong two factor authentication using passwords and fingerprints biometrics."
1572 Harris Corporation
1680 University Avenue
Rochester, NY, NY 14610
USA

-Hang Liu
TEL: 434-455-9610

-Dennis Boyer
TEL: 919-609-0608

CST Lab: NVLAP 200426-0

Harris AES Software Load Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/13/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Texas Instruments DSP/BIOS Software Kernel Version 5.33.03 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1482)

-Other algorithms: N/A

Multi-chip standalone

"The Harris AES Software Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals."
1571 Thales - nCipher
92 Montvale Ave
Suite 4500
Stoneham, MA 02180
USA

-sales@ncipher.com
TEL: 800-NCIPHER
FAX: 781-994-4001

CST Lab: NVLAP 200002-0

nShield Connect 6000 [1], nShield Connect 1500 [2] and nShield Connect 500 [3]
(Hardware Versions: NH2047 [1], NH2040 [2] and NH2033 [3], Build Standard N; Firmware Version: V11.30)

(When operated in FIPS mode with nShield PCIe validated to FIPS 140-2 under Cert. #1063)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/13/2011 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #397, #754 and #1227); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435, #666 and #883); Triple-DES MAC (Cert. #666, vendor affirmed); DSA (Certs. #280 and #407); ECDSA (Certs. #81 and #145); SHS (Certs. #764 and #1127); HMAC (Certs. #410 and #717); RSA (Cert. #356); RNG (Certs. #436 and #681)

-Other algorithms: Aria; Arc Four; Camellia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Thales nShield Connect is a network-attached hardware security module for business continuity of always-on, mission-critical systems in shared infrastructures, providing high availability, scalability and remote management for cryptographic infrastructures. Part of the nCipher product line, nShield Connect is the world's first HSM with redundant, hot-swappable power supplies, and enables organizations to build reliable, large-scale cryptographic services for their infrastructures."
1570 SanDisk Corporation
Atir Yeda 7
Kfar-Saba, Israel

-Boris Dolgunov
TEL: +972-9-7645000
FAX: +972-3-5488666

CST Lab: NVLAP 100432-0

Cruzer Enterprise FIPS Edition
(Hardware Versions: P/Ns 54-89-15381-004G, 54-89-15381-008G, 54-89-15381-016G and 54-89-153-032G, Version Revision 1; Firmware Version: 9.5.21.01.F3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/12/2011 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1432 and #1433); RSA (Cert. #702); SHS (Cert. #1295); RNG (Cert. #779)

-Other algorithms: RSA (encrypt/decrypt)

Multi-chip embedded

"The SanDisk Cruzer Enterprise FIPS Edition secure USB flash drive offers on-the-fly hardware encryption for enterprises and government agencies that helps IT professionals within those organizations to effectively protect information on company-issued USB flash drives. It is specially designed to meet the unique USB security, compliance, and manageability needs of large organizations. With FIPS 140-2 level 2 certification inside, the Cruzer Enterprise FIPS Edition caters to the ultra-sensitive security requirements of government agencies and enterprises."
1569 Doremi Labs
1020 Chestnut St.
Burbank, CA 91506
USA

-Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

-Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 200802-0

IMB
(Hardware Versions: IMB-A0, IMB-A1, IMB-A2, IMB-E0, IMB-E1 and IMB-E2; Firmware Versions: (5.0.10f, 30.04m-1 and 99.03f) or (5.0.21, 30.05g1 and 99.03f))

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/11/2011;
08/16/2012;
06/07/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #532, #1252 and #1383); HMAC (Cert. #731); SHS (Cert. #1148); RNG (Certs. #693 and #696); RSA (Certs. #600, #601 and #777)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG; MD5; HMAC-MD5; EC Diffie-Hellman; TI S-box

Multi-chip embedded

"The IMB (Integrated Media Block) is a card that utilizes Doremi’s patented 4K media block technology. The IMB can be installed in a DLP Series-II 4K-ready projector along with Doremi’s external ShowVault™, allowing to perform 4K content playback. The customer can still choose to project in 2K using the IMB."
1568 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

Endpoint Encryption Manager
(Software Version: 5.2.6)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/30/2011 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2003 (32-bit); Windows Server 2008 (64 bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1366); DSA (Cert. #446); SHA-1 (Cert. #1247); RNG (Cert. #752)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"McAfee Endpoint Encryption Manager (EEMgr) is the central management console for McAfee Endpoint Encryption for PC clients and users. The EEMgr allows authorized administrators to manage system users and computers, configure and apply security policies, recover user credentials, and create custom login tokens to be used with smart cards and PKI systems."
1567 Lumension Security, Inc.
15880 Greenway-Hayden Loop
Suite 100
Scottsdale, AZ 85260
USA

-Chris Chevalier
TEL: 480-970-1025
FAX: 480-970-6323

-Ron Smith
TEL: 480-663-8763
FAX: 480-970-6323

CST Lab: NVLAP 200002-0

Lumension Cryptographic Kernel
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/27/2011 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX620 running MS Windows Server 2003 Standard, Version 5.2 SP 2 (32-bit version); Dell PowerEdge 2850 running MS Windows Server 2003 Standard x64, Version 5.2 SP 2 (64-bit version); Dell Optiplex GX620 running MS Windows XP Professional, Version 5.1 SP 2 (32-bit version); Dell PowerEdge 2850 running Windows XP Professional x64, Version 5.2 SP 2 (64-bit version)

-FIPS Approved algorithms: AES (Cert. #1045); SHS (Cert. #995); RNG (Cert. #596); HMAC (Cert. #587); RSA (Cert. #499); ECDSA (Cert. #126)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; ECIES

Multi-chip standalone

"The Lumension Cryptographic Kernel (LCK) v1.0 provides the cryptographic functions for certain Lumension products, including Application and Device Control. These products secure endpoints from malware and unauthorized software execution, and from malicious or accidental data loss through the use of removable devices and media."
1566 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® CNG Cryptographic Primitives Library
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/27/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 (x86 32-bit); Microsoft Windows 7 (x86_64 64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1598); DRBG (Cert. #77); DSA (Cert. #493); ECDSA (Cert. #196); HMAC (Cert. #935); RNG (Cert. #855); RSA (Cert. #780 and FIPS 186-3, vendor affirmed); SHS (Cert. #1410); Triple-DES (Cert. #1044)

-Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; HMAC-MD2; HMAC-MD4; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"RSA BSAFE® CNG Cryptographic Primitives Library is a drop-in replacement for the Microsoft user-mode CNG (Cryptograpy, Next Generation) provider. It supports a wide range of industry standard encryption algorithms. Software applications written against the Microsoft CNG framework, that do not explicitly request a specific provider, will automatically use the BSAFE CNG cryptographic implementations without modification once the BSAFE CNG Primitive Provider is installed."
1565 Xceedium, Inc.
30 Montgomery Street
Suite 1020
Jersey City, NJ 07302
USA

-Dave Olander
TEL: 201-536-1000 x121
FAX: 201-536-1200

CST Lab: NVLAP 200556-0

Xceedium Xsuite
(Hardware Versions: 5 and 5a; Firmware Version: 1.0.0)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/23/2011;
12/03/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1151 and #1572); Triple-DES (Certs. #833 and #1029); SHS (Certs. #1065 and #1392); RSA (Cert. #765); HMAC (Certs. #654 and #919); RNG (Cert. #846)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (Cert. #483; non compliant)

Multi-chip standalone

"Xceedium's GateKeeper is a hardened appliance that functions as a secure centralized management platform that enables IT operations to remotely manage data centers as one integrated system. A standardized security model can be developed to mitigate the risks of "untrusted" users; provide centralized access and policy, compartmentalize down to the port, define good and bad behavior, alert and restrict access to applications or commands. GateKeeper provides touch free support and includes all access methods and tools for in-band, out-of-band and power control."
1564 Schweitzer Engineering Laboratories, Inc.
2350 NE Hopkins Court
Pullman, WA 99163
USA

-Joe Casebolt
TEL: 509-332-1890
FAX: 509-332-7990

CST Lab: NVLAP 100432-0

SEL-3044
(Hardware Version: 1.0; Firmware Version: R101 or R103)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/23/2011;
02/15/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1272); SHS (Cert. #1170); HMAC (Cert. #739); RNG (Cert. #710); DSA (Cert. #412)

-Other algorithms: AES (Cert. #1272, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength)

Multi-chip standalone

"The SEL-3044 SEL Encryption Card provides strong cryptographic security to a variety of communications networks. It protects point-to-point, multi-drop, and many-to-many networks. The SEL-3044 secures all byte oriented serial protocols including popular SCADA or PCS protocols like DNP and MODBUS common to PLC, IED, and RTU products. It quickly integrates into serial communication networks including modem and data radio."
1563 3e Technologies International, Inc.
Suite 500, 9715 Key West Avenue
Rockville, MD 20850
USA

-Chris Guo
TEL: 301-944-1294
FAX: 301-670-6989

CST Lab: NVLAP 200002-0

3e-030-2 Security Server Cryptographic Core
(Software Version: 4.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 06/20/2011 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Red Hat Linux Enterprise 5.5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1546); Triple-DES (Cert. #1016); SHS (Cert. #1371); HMAC (Cert. #897); RSA (Cert. #749); DSA (Cert. #478); ECDSA (Cert. #191); RNG (Cert. #834)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); MD5

Multi-chip standalone

"The 3e-030-2 Security Server Cryptographic Core (Version 4.0) provides FIPS 140-2 validated cryptographic functionality for the 3eTI Security Server product, a RADIUS based Authentication Server, capable of EAP-TLS authentication of wireless client, support of JITC DoD-signed certificates for PKI usage, and full 802.11i support. The 3e-030-2 provides the following FIPS-approved cryptographic algorithms: AES, SHA-1, SHA-2, HMAC, RSA DSA ECDSA sign/verify, FIPS 186-2 PRNG. The 3e-030-2 also supports the following non-FIPS cryptographic algorithms: Diffie Hellman, ECDH and MD5"
1562 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren

CST Lab: NVLAP 200416-0

Datacryptor® Gig Ethernet [1] and 10 Gig Ethernet [2]
(Hardware Versions: 1600x433 [1] and 1600x437 [2]; Firmware Version: 4.5)

(When configured with the Multi-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/20/2011 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1033, #1488, #1489, #1548 and #1550); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); NDRNG

Multi-chip standalone

"The Datacryptor® Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules designed to secure data transmissions across public Ethernet Layer 2 networks. The Gig Ethernet uses an SFP transceiver and the 10 Gig Ethernet uses a higher-speed XFP transceiver. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM."
1561 Oracle Corporation
500 Eldorado Blvd., Bldg 5
Broomfield, CO 80021
USA

-David Hostetter
TEL: 303-272-7126
FAX: 303-272-6555

CST Lab: NVLAP 100432-0

StorageTek™ T10000C Tape Drive
(Hardware Version: P/N 316052503; Firmware Version: 1.51.318)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/17/2011 Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #1564, #1565, #1566, #1567, #1568, #1569 and #1570); DRBG (Cert. #71); HMAC (Certs. #916 and #917); SHS (Certs. #1389 and #1390); RSA (Cert. #763)

-Other algorithms: AES (Cert. #1567, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip standalone

"The StorageTek™ T10000C Tape Drive provides 5 TB native capacity and 240 MB/sec throughput using BaFe media and with backward read compatibility to the T10000A/B. Designed for maximum security and performance, the T10000C provides AES-256 encryption to protect and authenticate customer data and to provide secure, authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle OKM to provide a secure end-to-end management solution."
1560 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 3925E and Cisco 3945E Integrated Services Routers (ISRs)
(Hardware Versions: 3925E (with PCB rev -A0 and -B0), 3945E (with PCB rev -A0 and -B0), [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0], ISR: FIPS-SHIELD-3900=; Firmware Version: 15.1(2)T3)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/14/2011;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #803 and #1580); HMAC (Certs. #443 and #926); RNG (Cert. #850); RSA (Cert. #771); SHS (Certs. #801 and #1399); Triple-DES (Certs. #1036 and #1037)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 3925E and 3945E Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1559 Hewlett-Packard Company
19091 Pruneridge Ave.
MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

Atalla Cryptographic Subsystem (ACS)
(Hardware Version: P/N 610113-002 Rev. C; Firmware Version: Loader Version 0.65, PSMCU Version 0.98)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/14/2011;
09/19/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1305 and #1311); RNG (Cert. #728); RSA (Cert. #625); SHS (Cert. #1194)

-Other algorithms: N/A

Multi-chip embedded

"The Atalla Cryptographic Subsystem (ACS) is a multi-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1558 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81 46 202 8074
FAX: +81 46 202 6304

CST Lab: NVLAP 200802-0

Gemini
(Hardware Version: 1.0.0; Firmware Version: 1.0.0 or 1.0.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/14/2011;
07/19/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); RNG (Certs. #828, #829 and #830); RSA (Certs. #750 and #751); HMAC (Certs. #901 and #902); SHS (Certs. #1364, #1365, #1366 and #1367)

-Other algorithms: HMAC-MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip embedded

"The primary purpose of the Gemini is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1557 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 2150E
(Hardware Version: 2150E; Firmware Version: 7.0.1.01.E12)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/09/2011 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1556 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100E
(Hardware Version: 1100E; Firmware Version: 7.0.1.01.E12)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/09/2011 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1555 BlockMaster AB
Kyrkogatan 17
Lund, S-222 22
Sweden

-Johan Söderström
TEL: +46 (0) 46-2765100

-Anders Pettersson
TEL: +46 (0) 46-2765100

CST Lab: NVLAP 200002-0

BM-C1000
(Hardware Versions: BM-C1000-01, BM-C1000-02, BM-C1000-04, BM-C1000-08, BM-C1000-16, BM-C1000-32 and BM-C1000-64; Firmware Version: 4.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/07/2011 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: Level 3

-FIPS Approved algorithms: AES (Cert. #1236); SHS (Cert. #1134); RNG (Cert. #683), RSA (Cert. #617)

-Other algorithms: NDRNG; RSA-512 (non-compliant)

Multi-chip embedded

"The BlockMaster microcontroller BM9931 powers FIPS secure USB flash drives. All data stored is encrypted transparently on the fly within the hardware in accordance with the specification of the Federal Information Processing Standard (FIPS 140-2)."
1554 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 4150E
(Hardware Version: 4150E; Firmware Version: 7.0.1.01.E12)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/07/2011 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1553 Comtech EF Data Corporation
2114 West 7th Street
Tempe, AZ 85281
USA

-Wallace Davis
TEL: 480-333-2189
FAX: 480-333-2147

CST Lab: NVLAP 200427-0

SLM-5650A TRANSEC Module
(Hardware Version: 1.2; Firmware Version: 1.2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/07/2011 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1537 and #1538); ECDSA (Cert. #189); HMAC (Cert. #893); RNG (Cert. #827); RSA (Cert. #746); SHS (Cert. #1363); Triple-DES (Cert. #1012)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The SLM-5650 satellite modem includes a single FIPS card called the SLM-5650A TRANSEC Module that will perform bulk encryption of all packets for transmission over the satellite regardless of the protocol, the format of data, or existing encryption on the incoming data. The SLM-5650A TRANSEC Module uses 256-bit AES in CBC mode for bulk encryption of all data requiring encryption. The module is managed using a proprietary graphical user interface (GUI) over TLS, referred to as the Management & Control Console, and a command line management interface over SSH."
1552 Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Check Point IP Appliance
(Hardware Versions: IP1280 (CPAP-IP1285-D-GFIP [Nokia NBB1270000], CPIP-A-4-1C, CPIP-A-D80G-CA, CPIP-A-CA-12-24 and N431174001), IP2450 (CPAP-IP2455-D-GFIP [Nokia NBB3450000], CPIP-A-4-1C, CPIP-A-D80G-CA, CPIP-A-CA-12-24 and N431174001) and IP2455 (CPAP-IP2455-D- GFIP, CPIP-A-4-1C, CPIP-A-D80G-CA, CPIP-A-CA-12-24 and N431174001) ; Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA 30)

(When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/07/2011;
10/04/2011
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #709 and #91); Triple-DES (Certs. #637, #638, #729 and #204); HMAC (Certs. #384, #385, #499 and #203); SHS (Certs. #734, #735, #883 and #500); DSA (Cert. #271); RSA (Certs. #332 and #333); RNG (Certs. #417 and #418)

-Other algorithms: CAST; DES; HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement, key establishment methodology provides between 112 bits and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (K3 mode; non-compliant)

Multi-chip standalone

"The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1551 Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

-David Ambrose
TEL: 703-628-2935

-Malcolm Levy
TEL: +972-37534561

CST Lab: NVLAP 200002-0

Check Point IP Appliance
(Hardware Versions: IP390 (CPAP-IP395-D-GFIP [Nokia NBB0302000] and N431174001) and IP560 (CPAP-IP565-D-AC [Nokia NBB0562000] and CPIP-A-4-1C, CPIP-A-PCMCIA-CA, N431174001); Firmware Version: IPSO v4.2 with Check Point VPN-1 NGX R65 with hot fix HFA-30)

(When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/21/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #397, #342, #442 and #497); Triple-DES (Certs. #507, #510, #465, #466, #435, #406 and #729); HMAC (Certs. #248, #251, #207, #208, #176, #146 and #499); SHS (Certs. #564, #567, #508, #509, #469, #417 and #883); DSA (Certs. #202 and #204); RSA (Certs. #211, #213, #215 and #167); RNG (Certs. #275, #277, #229 and #230)

-Other algorithms: CAST; DES (Cert. #314); HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 128 bits of encryption strength; non-compliant less than112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (K3 mode; non-compliant)

Multi-chip standalone

"The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1550 SafeNet, Inc.
20 Colonnade Drive
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Iain Holness
TEL: 613-221-5049
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

ProtectServer Internal Express (PSI-e)
(Hardware Version: VBD-04-0302; Firmware Version: 3.00.03)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/07/2011 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1582); DSA (Cert. #488); ECDSA (Cert. #193); HMAC (Cert. #928); RNG (Cert. #851); RSA (Cert. #772); SHS (Cert. #1401); Triple-DES (Cert. #1038); Triple-DES MAC (Triple-DES Cert. #1038, vendor affirmed)

-Other algorithms: AES MAC (AES Cert. #1582; non-compliant); ARIA; CAST-128; CAST-128 MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECIES; EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (Key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; SEED MAC;

Multi-chip embedded

"The SafeNet PSI-e is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-e also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC."
1549 Sophos Ltd.
The Pentagon
Abingdon Science Park
Oxford, Oxfordshire OX14 3YP
United Kingdom

-Curt W. Lindenberger
TEL: 781-494-5800
FAX: 781-494-5801

-Joachim Schneider
TEL: +49 (0) 6171-88-1968
FAX: +49 (0) 89-30703123

CST Lab: NVLAP 200002-0

SafeGuard Cryptographic Engine
(Software Version: 5.60)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/27/2011 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 Ultimate Edition 32-bit; Microsoft Windows 7 Ultimate Edition 64-bit; FreeBSD 6.1 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1447 and #1448); Triple-DES (Cert. #982); HMAC (Cert. #849); SHS (Certs. #1311, #1312 and #1317); RNG (Cert. #792)

-Other algorithms: N/A

Multi-chip standalone

"SafeGuard Cryptographic Engine is the core cryptographic component of Sophos' encryption products SafeGuard Enterprise, SafeGuard PrivateDisk, SafeGuard LAN Crypt and SafeGuard PrivateCrypto. It provides a solid implementation of standard algorithms used for disk and file encryption, key generation, key management, and integrity protection."
1548 Motorola Solutions, Inc.
1150 Kifer Rd
Sunnyvale, CA 94086
USA

-Tresa Johnson
TEL: 408-991-7589
FAX: 408-991-7420

CST Lab: NVLAP 100432-0

Motorola Network Router (MNR) S2500
(Hardware Version: Base Unit P/N CLN1713F, Version Rev D with Encryption Module P/N CLN8262C, Version Rev F; Firmware Version: XS-16.0.1.44)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/23/2011 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #581 and #588); AES (Certs. #611 and #625); DSA (Cert. #237); SHS (Certs. #659 and #693); HMAC (Certs. #322 and #342); RNG (Cert. #349); RSA (Cert. #283)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; HMAC-MD5

Multi-chip standalone

"MNR S2500 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S2500 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S2500 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1547 Motorola Solutions, Inc.
1150 Kifer Rd
Sunnyvale, CA 94086
USA

-Tresa Johnson
TEL: 408-991-7589
FAX: 408-991-7420

CST Lab: NVLAP 100432-0

Motorola Network Router (MNR) S6000
(Hardware Version: Base Unit HW P/N CLN1780H, Version Rev A with Encryption Module HW P/N CLN8261D, Version Rev L; Firmware Versions: PS-16.0.1.44 and GS-16.0.1.44)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/23/2011 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #275 and #580); AES (Certs. #173 and #609); DSA (Cert. #236); SHS (Certs. #258 and #658); HMAC (Certs. #39 and #323); RNG (Cert. #348); RSA (Cert. #282)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; HMAC-MD5

Multi-chip standalone

"MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1546 Motorola Solutions, Inc.
1150 Kifer Rd
Sunnyvale, CA 94086
USA

-Tresa Johnson
TEL: 408-991-7589
FAX: 408-991-7420

CST Lab: NVLAP 100432-0

Motorola GGM 8000 Gateway
(Hardware Version: Base Unit P/N: CLN1841A, Version Rev B with Encryption Module P/N: CLN8492D, Version Rev B; FIPS Kit: P/N CLN1854A, Rev. B; Power Supply: P/N CLN1850A, Rev. C (AC) or P/N CLN1849A, Rev. C (DC); Firmware Version: XS-16.0.1.44)

(When operated in FIPS mode with tamper labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/09/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #685 and #989); AES (Certs. #803 and #1469); DSA (Cert. #465); SHS (Certs. #801 and #1329); RNG (Cert. #803); RSA (Cert. #718); HMAC (Certs. #443 and #864)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; HMAC-MD5

Multi-chip standalone

"GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1545 Hewlett-Packard TippingPoint
7501N. Capital of Texas Highway
Austin, TX 78731
USA

-Dinesh Vakharia
TEL: 512-681-8271

-Freddie Jimenez Jr.
TEL: 512-681-8305

CST Lab: NVLAP 200427-0

HP TippingPoint Intrusion Prevention System
(Hardware Versions: S10 [1], S110 [1], S330 [1], S660N [2], S1400N [2], S2500N [2] and S5100N [2]; Firmware Versions: 3.1.4.1427 [1] and 3.2.0.1530 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/27/2011 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Certs. #1557, #1558 and #1559); HMAC (Certs. #909, #910 and #911); RNG (Certs. #838, #839 and #840); RSA (Certs. #756, #757 and #758); SHS (Certs. #1381, #1382 and #1383); Triple-DES (Certs. #1021, #1022 and #1023)

-Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; Non-Approved RNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength).

Multi-chip standalone

"Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
1544 LaserCard Corporation
1875 N. Shoreline Blvd.
Mountain View, CA 94043
USA

-Alex Giakoumis
TEL: 650-335-4348
FAX: 650-969-6121

CST Lab: NVLAP 100432-0

LaserCard LCCIDProtect
(Hardware Version: P/N AT90SC28872RCU Revision G; Firmware Version: 010B.9288.0303)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/10/2011;
07/27/2011
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #965); Triple-DES MAC (Triple-DES Cert. #965, vendor affirmed); RNG (Cert. #774)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"FIPS Approved algorithms (relies on loaded applications): AES (Cert. #1412); RSA (Cert. #688); SHS (Cert. #1282) LaserCard LCCIDProtect is a cryptographic module based on the Athena OS755 Java Card smart card operating system with 72Kbyte of EEPROM. LCCIDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications. LCCIDProtect exposes PKI and biometric APIs and is designed for high performance government and enterprise smart card applications."
1543 CareFusion
10020 Pacific Mesa Blvd.
San Diego, CA 92121
USA

-Robert Canfield
TEL: 858-617-4753
FAX: 858-617-5981

CST Lab: NVLAP 100432-0

Alaris® PC Unit Model 8015
(Hardware Version: Model 8015 with FIPS Kit 11935165; Firmware Versions: 9.7.40, 9.12.40 or 9.17)

(When operated in FIPS mode with tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/27/2011;
01/11/2012;
09/27/2012;
06/05/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (1) (Cert. #1436); SHS (Cert. #1301)

-Other algorithms: AES (2) (non-compliant); RC4; MD5; SHS (non-compliant); RIPEMD; DES; Triple-DES (non-compliant); RC2-CBC, RC2-ECB, RC2-CFB64, RC2-OFB64; Blowfish; CAST; RSA (non-compliant); DSA (non-compliant); Diffie-Hellman; RNG (non-compliant)

Multi-chip standalone

"The CareFusion Alaris® PC Unit Model 8015 is a point-of-care unit, which is the main component of the Alaris® System. The Alaris System is a modular system intended for adult, pediatric, and neonatal care in a professional healthcare environment. The Alaris System brings a higher level of medication error prevention to the point of patient care."
1542

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/05/2011 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1541 3e Technologies International, Inc.
9715 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-523-F2 and 3e-523-3 Secure Multi-function Wireless Data Points
(Hardware Versions: (1.0, 1.1 or 1.2) (3e-523-F2) and 2.0 (3e-523-3); Firmware Version: 4.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/29/2011 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1021, #1022 and #1023); HMAC (Certs. #570, #571 and #572); RNG (Cert. #583); RSA (Cert. #490); SHS (Certs. #975, #976 and #977); Triple-DES (Cert. #783)

-Other algorithms: AES (Cert. #1021, key wrapping); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"The 3e-523-F2 and 3e-523-3 operate as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i."
1540 XYPRO Technology Corporation
3325 Cochran Street
Suite 200
Simi Valley, CA 93063
USA

-Sheila Johnson
TEL: 805-583-2874
FAX: 805-583-0124

-Scott Uroff
TEL: 805-583-2874
FAX: 805-583-0124

CST Lab: NVLAP 200427-0

XYGATE /ESDK
(Software Version: 3.3.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/28/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP with Service Pack 3; HP NonStop Server G06; HP NonStop Server H06; HP NonStop Server J06; HP-UX 10.2; HP-UX 11.11; Solaris 10; IBM AIX 5.2; SuSE Linux Enterprise Server 10; Red Hat Enterprise Linux v5.1; IBM z/OS 1.11 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1571); DSA (Cert. #482); HMAC (Cert. #918); RNG (Cert. #845); RSA (Cert. #764); SHS (Cert. #1391); Triple-DES (Cert. #1028)

-Other algorithms: Blowfish; CAST-128; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ElGamal; HMAC MD5; HMAC RIPE-MD; IDEA; MD2; MD4; MD5; RC2; RC4; RC5; RIPE-MD; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Skipjack (non-compliant)

Multi-chip standalone

"The XYGATE Encryption Software Development Kit [XESDK] is a dynamically linked software library that supplies: symmetric key encryption including the approved AES and TripleDES; hashing algorithms including the approved SHA-1 and SHA-256; public key encryption including RSA; signature algorithms including the approved RSA and DSA; secure session protocols such as SSH, SSL and TLS and e-mail protocols such as PGP and S/MIME. Based on cryptlib by Peter Gutmann, the XESDK, written in C, provides encryption services for applications, communications and databases across multiple computer platforms."
1539 Xirrus, Inc.
2101 Corporate Center Dr
Thousand Oaks, CA 91320
USA

-Steve Smith
TEL: 805-262-1600
FAX: 805-262-1601

CST Lab: NVLAP 100432-0

Xirrus Wi-Fi Array XN4, XN8, XN12 and XN16
(Hardware Versions: P/Ns 190-0109-001 Version D [XN4], 190-0110-002 Version B [XN8], 190-0128-001 Version D [XN12] and 190-0111-001 Version D [XN16]; Firmware Version: 4.1 or 5.0)

(When operated in FIPS mode and with tamper evident seals and security straps installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/05/2011 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #1009); SHS (Cert. #1325); HMAC (Cert. #860); AES (Certs. #1508 and #1515); RSA (Cert. #715); RNG (Cert. #800)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; RC4

Multi-chip standalone

"The Xirrus Wi-Fi Array consists of 4, 8, 12, or 16 802.11abgn access points coupled to a directional antenna system, and integrated together with a multi-gigabit switch, controller, firewall, threat sensor, and spectrum analyzer into a single, easy-to-install device."
1538 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren

CST Lab: NVLAP 200416-0

Datacryptor® 100M Ethernet
(Hardware Version: 1600x439; Firmware Version: 4.5)

(When configured with the Multi-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/28/2011;
05/12/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1033, #1490 and #1549); DSA (Cert. #349); SHS (Cert. #985); RNG (Cert. #588)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); NDRNG

Multi-chip standalone

"The Datacryptor® 100 Mbps Ethernet Layer 2 is a rack-mountable multi-chip standalone cryptographic module designed to secure data in transmissions across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM."
1537 Brocade Communications Systems, Inc.
1745 Technology Drive
San Jose, CA, CA 95110
USA

-Michael Hong
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200648-0

Brocade Mobility RFS7000 Controller
(Hardware Version: RFS7000; Firmware Version: 4.1.0.0-040GR)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/28/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424)

-Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Brocade Mobility RFS7000 Controller provides robust, highly scalable support for seamless mobility for government agencies. The innovative architecture simplifies network deployment and management, provides superior performance, security and scalability. The Brocade Mobility RFS7000 enables campus-wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service and increased voice capacity. Integrated security features include intrusion detection and protection, secure guest access and protection against denial of service attacks."
1536 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen 
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.02.00, R01.02.01 or R01.02.02] and [R01.00.00 or (R01.00.00 and R02.00.00)])

(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/28/2011;
07/27/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1535 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen 
TEL: 847-576-2352 

CST Lab: NVLAP 100432-0

Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Versions: [R01.02.00, R01.02.01 or R01.02.02] and [R01.00.00 or (R01.00.00 and R02.00.00)])

(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/28/2011;
07/27/2011
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1534 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Nexus 7000 18 Slot
(Hardware Version: N7K-C7018= N7K-C7018-V01; Software Version: NX-OS System Software for Nexus 7000 Release 5.1(1a) or 5.2.5; NX-OS EPLD Updates for Nexus 7000 Release 5.1(1); NX-OS Kick Start for Nexus 7000 Release 5.1(1a) or 5.2.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/28/2011;
02/23/2012;
07/18/2012
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Certs. #1602, #1024, #1197, #1275, #1276, #1426 and #1427); DSA (Cert. #495); HMAC (Certs. #938 and #847); RNG (Cert. #859); RSA (Cert. #784); SHS (Certs. #1415 and #1307); Triple-DES (Cert. #1047)

-Other algorithms: DES; HMAC-MD5; MD5; Non-Approved RNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Nexus 7000 Series is capable of more than 15 terabits per second (Tbps) of switching capacity and offers market-leading Gigabit Ethernet and 10 Gigabit Ethernet density. Built on a zero-service-loss hardware and software architecture, the Cisco Nexus 7000 Series offers the kind of high availability needed in a next-generation data center, in which virtualization increases the scope of downtime and Unified Fabric demands Fibre Channel-like availability to properly support storage services. The Cisco Nexus 7000 Series was built with manageability in mind and incorporate."
1533 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Nexus 7000 10 Slot
(Hardware Version: N7K-C7010= N7K-C7010-V02, FIPS Kit (CISCO-FIPS-KIT=); Software Version: NX-OS System Software for Nexus 7000 Release 5.1(1a) or 5.2.5; NX-OS EPLD Updates for Nexus 7000 Release 5.1(1); NX-OS Kick Start for Nexus 7000 Release 5.1(1a) or 5.2.5)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/15/2011;
02/23/2012;
07/18/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1602, #1024, #1197, #1275, #1276, #1426 and #1427); DSA (Cert. #495); HMAC (Certs. #938 and #847); RNG (Cert. #859); RSA (Cert. #784); SHS (Certs. #1415 and #1307); Triple-DES (Cert. #1047)

-Other algorithms: DES; HMAC-MD5; MD5; Non-Approved RNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Nexus 7000 Series is capable of more than 15 terabits per second (Tbps) of switching capacity and offers market-leading Gigabit Ethernet and 10 Gigabit Ethernet density. Built on a zero-service-loss hardware and software architecture, the Cisco Nexus 7000 Series offers the kind of high availability needed in a next-generation data center, in which virtualization increases the scope of downtime and Unified Fabric demands Fibre Channel-like availability to properly support storage services. The Cisco Nexus 7000 Series was built with manageability in mind and incorporate."
1532 NetLib®
A Subsidiary of Communication Horizons, LLC
65 High Ridge Road, Suite 428
Stamford, CT 06905
USA

-Niel Weicher
TEL: 203-246-6507

CST Lab: NVLAP 200416-0

NetLib® Encryptionizer® DE/FIPS
(Software Versions: 2010.201.10.0 and 2010.501.10.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 04/12/2011 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Windows 7 (x86); Windows Server 2003 (x86); Windows Server 2008 (x86); Windows 7 (x64); Windows Server 2003 (x64); Windows Server 2008 (x64) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1502 and #1528); SHS (Certs. #1376 and #1377); HMAC (Certs. #905 and #906)

-Other algorithms: N/A

Multi-chip standalone

"The NetLib® Encryptionizer® DE/FIPS versions 2010.201.10.0 and 2010.501.10.0 provide encryption of data stored in server-based and desktop-based databases and files, including MS SQL Server databases and backups . It can be deployed without programming and without adding any administrative overhead. The purpose of whole database encryption is to make a database or file unusable if it is stolen, copied, downloaded, lost, or otherwise improperly accessed. It supports both 32-bit and 64-bit applications."
1531 Motorola, Inc.
6480 Via Del Oro
San Jose, CA, CA 95119
USA

-Sameer Kanagala
TEL: 408-528-2886
FAX: 408-528-2500

-Colin R. Cooper
TEL: 408-528-2871
FAX: 408-528-2903

CST Lab: NVLAP 200648-0

RFS7000 RF Switch
(Hardware Version: RFS7000; Firmware Version: 4.1.0.0-040GR)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/12/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424)

-Other algorithms: MD5; HMAC-MD5; DES; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"RFS7000-GR Wireless Switch from Motorola provides robust, highly scalable support for seamless mobility for government agencies. Motorola's architecture simplifies network deployment and management, provides superior performance, security and scalability, and supports emerging RF technologies. The RFS7000-GR enables campus-wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service and increased voice capacity. Integrated security features include intrusion detection and protection, secure guest access and protection against denial of service attacks."
1530

CST Lab: NVLAP 200802-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/04/2011;
10/10/2012;
05/13/2013;
12/13/2013;
07/11/2014
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1529 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 881, Cisco 881G and Cisco 891 Integrated Services Routers (ISRs)
(Hardware Versions: 881, 881G, 891 and [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: 15.1(2)T2A and 15.1(2)T3)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/01/2011;
07/27/2011;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1527, #962 and #1535); HMAC (Certs. #891 and #537); RNG (Cert. #823); RSA (Cert. #743); SHS (Certs. #1359 and #933); Triple-DES (Certs. #1010 and #757)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Cisco 880, and Cisco 890 series ISRs provide Internet, VPN, voice, data, and backup capability to corporate teleworkers and remote and small offices of fewer than 20 users. These routers are capable of bridging and multiprotocol routing between LAN and WAN ports, and provide advanced features such as antivirus protection."
1528

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/30/2011 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1527 Systematic Development Group, LLC
350 Jim Moran Blvd.
Suite 122
Deerfield Beach, FL 33442
USA

-George Wolf
TEL: 954-889-3535 x315

CST Lab: NVLAP 100432-0

LOK-IT™ 10 KEY (Series SDG003FM) and LOK-IT™ 5 KEY (Series SDG004FP)
(Hardware Versions: HW003-16 Rev:01, HW003-16 Rev:02, HW003-08 Rev:01, HW003-04 Rev:01 (10 Key) and HW004-08 Rev:01 (5 Key);  Firmware Version: USB Controller Firmware Revision V01.12A09-F01 (10 Key and 5 Key) or V01.12A12-F01 (10 Key) ; Security Controller Firmware Revisions SDG003FM-008 (10 Key) and SDG004FP-008 (5 Key))

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/28/2011;
10/04/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1514)

-Other algorithms: N/A

Multi-chip standalone

"LOK-IT™ is a USB Flash drive with a multi-chip embedded cryptographic module architecture as defined by FIPS 140-2. It consists of an Initio 1861 USB controller, NAND Flash memory and a Microchip PIC16F688 security controller. The product supports 256 bit AES encryption of data stored in NAND Flash memory. The drive provides self-contained user authentication without the need for host computer applications. Two derivations of the product exist differing in the number of numeric buttons; the SDG003FM has 10 numeric buttons and the SDG004FP has 5 numeric buttons."
1526 Lexmark International Inc.
740 West New Circle Rd.
Lexington, KY 40550
USA

-Graydon Dodson
TEL: 859-232-6483

CST Lab: NVLAP 200416-0

Lexmark PrintCryption™
(Firmware Version: 1.3.2f)

(Requires Option P/N 57X9000 to enable the PrintCryption firmware)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 03/24/2011 Overall Level: 1 

-Tested: Lexmark X548 Printer with IBM 750CL processor on Lexmark Linux 2.6.28; Lexmark X792 Printer with Freescale 7448 processor on Lexmark Linux 2.6.28;

-FIPS Approved algorithms: AES (Certs. #1209 and #1487); SHS (Certs. #1112 and #1343); RNG (Certs. #670 and #811); RSA (Certs. #579, #730 and FIPS 186-3, vendor affirmed); HMAC (Certs. #704 and #876)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); NDRNG

Multi-chip standalone

"The Lexmark PrintCryption™ is an option for the Lexmark printers that enables the transfer and printing of encrypted print jobs. With the Lexmark PrintCryption™ module installed, the printer is capable of decrypting print jobs encrypted with the AES (FIPS 197) algorithm. The Lexmark PrintCryption™ analyzes the encrypted data stream, determines if the correct key was used to encrypt the data, decrypts the data and allows the document to be printed."
1525 Xirrus, Inc.
2101 Corporate Center Dr
Thousand Oaks, CA 91320
USA

-Steve Smith
TEL: 805-262-1600
FAX: 805-262-1601

CST Lab: NVLAP 100432-0

Xirrus Wi-Fi Array XS4 and XS8
(Hardware Versions: P/Ns: 190-0092-002 Rev D1 [XS4] and 190-0091-005 Rev A1 [XS8]; Firmware Version: 3.5)

(When operated in FIPS mode and with tamper evident seals and security straps installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/01/2011 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1005); SHS (Cert. #1326); HMAC (Cert. #861); AES (Certs. #470 and #1503); RSA (Cert. #716); RNG (Cert. #801)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; RC4

Multi-chip standalone

"The Xirrus Wi-Fi Array consists of 4, 8, 12, or 16 802.11abgn access points coupled to a directional antenna system, and integrated together with a multi-gigabit switch, controller, firewall, threat sensor, and spectrum analyzer into a single, easy-to-install device."
1524 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E7M6
Canada

-Iain Holness
TEL: 613-221-5049
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

SafeNet Luna EFT
(Hardware Version: GRK-09-0100 or GRK-15-0100 [2]; Firmware Version: MAL00000E [1] or MAL000001E [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/23/2011;
10/04/2011
Overall Level: 3 

-FIPS Approved algorithms: RNG (Cert. #806); RSA (Certs. #723 and #899); SHS (Certs. #1335 and #1560); Triple-DES (Cert. #994)

-Other algorithms: MD5

Multi-chip standalone

"SafeNet Luna EFT is designed for Electronic Funds Transfer (EFT) and payment system processing environments, providing powerful end-to-end security for online banking transactions and applications for credit, debit, and chip cards."
1523 Athena Smartcard, Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

-Ste´phanie Motre´
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0

Athena IDProtect
(Hardware Version: P/N AT90SC28872RCU Revision G; Firmware Version: 010B.9288.0303)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/05/2011;
04/27/2011;
06/09/2011;
04/12/2013;
05/28/2014
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #965); Triple-DES MAC (Triple-DES Cert. #965, vendor affirmed); RNG (Cert. #774);

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"FIPS Approved algorithms (relies on loaded applications): AES (Cert. #1412); RSA (Cert. #688); SHS (Cert. #1282)

IDProtect is a cryptographic module based on the Athena OS755 Java Card smart card operating system with 72Kbyte of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications. IDProtect exposes PKI and biometric APIs and is designed for high performance government and enterprise smart card applications."

1522 IBM® Corporation
9032 S Rita Road
Tucson, AZ 85744
USA

-David L. Swanson
TEL: 520-799-5515

CST Lab: NVLAP 200427-0

IBM LTO Generation 5 Encrypting Tape Drive
(Hardware Versions: 45E8192 EC Level M11221 (Fibre Channel) and 45E8193 EC Level M11221 (SAS); Firmware Versions: pf100923e.A9Q5.FC.fips.ro (Fibre Channel) and pf100923e.A9Q5.SAS.fips.ro (SAS))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/23/2011 Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #1530, #1531 and #1532); RNG (Cert. #825); RSA (Cert. #744); SHS (Cert. #1361)

-Other algorithms: AES (Cert. #1530, key wrapping; key establishment methodology provides 256-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IBM LTO Generation 5 Encrypting Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Two different host interface types of the LTO Generation 5 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
1521 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 2951, Cisco 3925 and Cisco 3945 Integrated Services Routers (ISRs)
(Hardware Versions: 2951 [1][2], 3925 [1][3], 3945 [1][3], FIPS Kit (CISCO-FIPS-KIT=), Revision -B0 [1], ISR: FIPS-SHIELD-2951= [2] and FIPS-SHIELD-3900= [3]; Firmware Version: 15.1(2)T2A and 15.1(2)T3)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/18/2011;
04/04/2011;
07/27/2011;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1527, #963 and #1536); HMAC (Certs. #891 and #538); RNG (Cert. #823); RSA (Cert. #743); SHS (Certs. #1359 and #934); Triple-DES (Certs. #1010 and #758)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 2951, 3925 and 3945 Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1520 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco 1905, Cisco 1921, Cisco 1941, Cisco 2901, Cisco 2911 and Cisco 2921 Integrated Services Routers (ISRs)
(Hardware Version: 1905 [1][2], 1921 [1][2], 1941 [1][2], 2901 [1][3], 2911 [1][4], 2921 [1][5], FIPS Kit (CISCO-FIPS-KIT=), Revision -B0 [1], ISR: FIPS-SHIELD-1900= [2], FIPS-SHIELD-2901= [3], FIPS-SHIELD-2911= [4] and FIPS-SHIELD-2921= [5]; Firmware Version: 15.1(2)T2A and 15.1(2)T3)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/11/2011;
04/04/2011;
07/27/2011;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1527 and #1115); HMAC (Certs. #891 and #627); RNG (Cert. #823); RSA (Cert. #743); SHS (Certs. #1359 and #1038); Triple-DES (Certs. #1010 and #812)

-Other algorithms: DES, HMAC-MD5, MD5, RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 1905, 1921, 1941, 2901, 2911 and 2921 Integrated Services Routers are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The new platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
1519 Code Corporation
14870 S. Pony Express Rd.
Suite 200
Bluffdale, UT 84065
USA

-Tim Jackson
TEL: 801-984-7865
FAX: 801-495-0280

CST Lab: NVLAP 100432-0

Code Reader 2500 FIPS and Code Reader 3500 FIPS
(Hardware Versions: P/Ns 2512FIPS_01 and 3512FIPS_01; Firmware Version: 4641)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/11/2011;
04/04/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1457); DRBG (Cert. #55)

-Other algorithms: NDRNG

Multi-chip standalone

"Code Corporation’s Code Reader 2500 FIPS or Code Reader 3500 FIPS bar code readers, when used in conjunction with a CodeXML® FIPS Bluetooth® Modem, provide an encrypted wireless bar code reading solution with a working range of up to 300 feet. Code Corporation’s FIPS bar code readers employ a FIPS approved AES-256 algorithm to generate per session keys to encrypt data and a separate key to encrypt overhead communications ensure that the connection between modem and bar code reader is highly secure. The FIPS code has been optimized to provide line speed communications over the wireless link."
1518 GDC Technology (USA), LLC
3500 W. Olive Ave.
Suite 940
Burbank, CA 91505
USA

-Tim Folk
TEL: 877-743--2872
FAX: 877-643-2872

CST Lab: NVLAP 100432-0

IMB
(Hardware Version: GDC-IMB-v1; Firmware Version: 1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/11/2011 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1278 and #1286); SHS (Certs. #1176, #1178, #1179 and #1180); RNG (Certs. #713 and #716); RSA (Certs. #610 and #613); HMAC (Certs. #743 and #747)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5

Multi-chip embedded

"A digital cinema media block designed to be compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management, ASM communications and logging."
1517 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Harsha Nagaraja
TEL: 408-754-3010

CST Lab: NVLAP 200427-0

Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS Firmware
(Hardware Versions: 3200: 3200-8-AOS-STD-FIPS-US; 3400: 3400-32-AOS-STD-FIPS-US; 3600: 3600-64-AOS-STD-FIPS-US; 6000: (6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS) with [(minimum one: LC-2G-1, LC-2G24F-1 or LC-2G24FP-1) and (one or two: M3mk1-G10X-10G2X)] (no more than four total); 3200 Revision C4: 3200-8-AOS-STD-FIPS-US Revision C4; 3400 Revision C4: 3400-32-AOS-STD-FIPS-US Revision C4; 3600 Revision C4: 3600-64-AOS-STD-FIPS-US Revision C4; 6000 Revision C4: (6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS) with [(minimum one: LC-2G-1, LC-2G24F-1 or LC-2G24FP-1) and (one or two: M3mk1-G10X-10G2X Revision C4)] (no more than four total); Firmware Versions: 3200, 3400 and 3600: A3000_3.3.2.0-FIPS, A3000_3.3.2.11-FIPS, A3000_3.3.2.14-FIPS, A3000_3.3.2.18-FIPS, A3000_3.3.2.19-FIPS, A3000_3.3.2.20-FIPS, A3000_3.3.2.21-FIPS, A3000_3.4.2.3-FIPS, A3000_3.4.4.0-FIPS; 6000 or A3000_3.4.5.1-FIPS: ArubaOS_MMC_3.3.2.0-FIPS, ArubaOS_MMC_3.3.2.11-FIPS, ArubaOS_MMC_3.3.2.14-FIPS, ArubaOS_MMC_3.3.2.18-FIPS, ArubaOS_MMC_3.3.2.19-FIPS, ArubaOS_MMC_3.3.2.20-FIPS, ArubaOS_MMC_3.3.2.21-FIPS, ArubaOS_MMC_3.4.2.3-FIPS, ArubaOS_MMC_3.4.4.0-FIPS or ArubaOS_MMC_3.4.5.1-FIPS)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/11/2011;
07/19/2011;
02/06/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #465, #762 and #823); HMAC (Certs. #416, #417 and #458); RNG (Cert. #475); RSA (Cert. #399); SHS (Certs. #768, #769 and #823); Triple-DES (Certs. #482, #667 and #694)

-Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security stan"
1516 Hewlett-Packard Company
19091 Pruneridge Ave., MS 4441
Cupertino, CA 95014
USA

-Theresa Conejero
TEL: 408-447-2964
FAX: 408-447-5525

CST Lab: NVLAP 100432-0

HP Enterprise Secure Key Manager
(Hardware Version: P/N AJ575A, Version 2.1; Firmware Version: 4.8.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/11/2011;
09/19/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #1480); DSA (Cert. #467); HMAC (Cert. #871); RNG (Cert. #807); RSA (Cert. #726); SHS (Cert. #1338); Triple-DES (Cert. #997)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; RC4

Multi-chip standalone

"The HP Enterprise Secure Key Manager (ESKM) automates key generation and management. It is a hardened security appliance delivering identity-based access, administration, and logging. Additionally, the ESKM provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
1515 Motorola Solutions, Inc.
1303 E. Algonquin Road
Schaumburg, IL 60196 
USA

-Richard Carter
TEL: 44-0-1364-655500
FAX: 44-0-1364-654625

CST Lab: NVLAP 100432-0

Motorola PTP 600 Series
(Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; P/N WB3593 (HW Security Upgrade Kit); Firmware Version: PTP600 08-50)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/09/2011;
03/28/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1101); DSA (Cert. #399); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #700); Triple-DES (Cert. #863)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"PTP 600 Series Ethernet bridges offer high performance connectivity and backhaul in challenging non-line-of-sight environments. With carrier-grade reliability, PTP 600 links have class-leading sensitivity and power output which enable links to go farther, while sustaining high throughput regardless of conditions. With data rates up to 300 Mbps and reaching distances up to 124 miles, this Series of high-performance and secure wireless bridges make cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers and public safety organizations."
1514 Apple Inc.
11921 Freedom Drive
Reston, VA 20190
USA

-Shawn Geddis
TEL: 703-264-5103

CST Lab: NVLAP 200002-0

Apple FIPS Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/09/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Apple Mac OS X 10.6 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1400); DSA (Cert. #453); ECDSA (Cert. #176); HMAC (Cert. #823); RNG (Cert. #767); RSA (Cert. #681); SHS (Cert. #1271); TDES (Cert. #955)

-Other algorithms: ASC; Blowfish; CAST; DES; RC2; RC4; RC5; FEE; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (KeyGen; non-compliant)

Multi-chip standalone

"Mac OS X's security services are built using the open source Common Data Security Architecture. CDSA is a set of layered security services in which the AppleCSP provides the cryptography for services such as FileVault, Encrypted Disk Images, Keychains, Safari, Mail, etc."
1513 SafeNet, Inc.
1655 N Fort Myer Drive
Suite 1150
Arlington, VA 22209
USA

-SafeNet Government Sales
TEL: 703-647-8408
FAX: 410-290-6506

CST Lab: NVLAP 200002-0

SafeNet Encryptor, Model 600
(Hardware Versions: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10014-00x, 904-10112-00x, 904-10113-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-25005-00x, 904-30013-00x, 904-511i0-00p, 904-511i1-00p, 943-511i0-00p and 943-511i1-00p; Firmware Versions: 4.0.2 and 4.0.3)

(When operated in FIPS mode. Refer to the cryptographic module's security policy for the details on the letter i, p and x designations.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/04/2011;
06/21/2011
Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #647); AES (Certs. #713, #725 and #1232); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks."
1512 SafeNet, Inc.
1655 N Fort Myer Drive
Suite 1150
Arlington, VA 22209
USA

-SafeNet Government Sales
TEL: 703-647-8408
FAX: 410-290-6506

CST Lab: NVLAP 200002-0

SafeNet Encryptor, Model 650
(Hardware Versions: 904-53260-007, 904-53261-007, 904-53361-20p, 943-53270-007, 943-53271-007 and 943-53371-20p; Firmware Versions: 4.0.2 and 4.0.3)

(When operated in FIPS mode. Refer to the cryptographic module’s security policy for the details on the letter p designations.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/04/2011;
06/21/2011
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #710, #725 and #1233); Triple-DES (Cert. #647); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
1511 Cavium Networks
805 E. Middlefield Road
Mountain View, CA 94043
USA

-TA Ramanujam
TEL: 650-623-7039
FAX: 650-625-9751

CST Lab: NVLAP 100432-0

NITROX XL 1600-NFBE HSM Family
(Hardware Versions: P/Ns CN1620-NFBE1NIC-2.0-G, CN1620-NFBE2NIC-2.0-G, CN1620-NFBE3NIC-2.0-G, CN1610-NFBE1NIC-2.0-G, CN1620-NFBE1-2.0-G, CN1620-NFBE2-2.0-G, CN1620-NFBE3-2.0-G and CN1610-NFBE1-2.0-G, Version: 2.0; Firmware Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/04/2011 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1265 and #1266); DRBG (Cert. #32); ECDSA (Certs. #150 and #188); HMAC (Cert. #736); KAS (Cert. #5); RNG (Cert. #707); RSA (Certs. #607 and #742); SHS (Certs. #1165 and #1166); Triple-DES (Cert. #898); DSA (Cert. #474)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE

Multi-chip embedded

"The NITROX XL 1600-NFBE HSM adapter family delivers the world’s fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets"
1510 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure Kernel Mode Cryptographic Driver for Linux
(Software Version: 2.3.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/02/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1556); HMAC (Cert. #908); RNG (Cert. #837); SHS (Cert. #1380); Triple-DES (Cert. #1020)

-Other algorithms: Blowfish; DES; HMAC-MD5; HMAC-RIPEMD-160; MD5; RC2; RIPEMD-160

Multi-chip standalone

"The F-Secure Cryptographic Library is a software module for Red Hat Enterprise Linux v5 . The module provides an assortment of cryptographic services accessible for clients through a C/C++ Application Programming Interface. The modules are designed and implemented to meet the Level 1 requirements of FIPS publication 140-2 when running on a GPC under Red Hat Enterprise Linux v5 ."
1509 Code Corporation
14870 S. Pony Express Rd.
Suite 200
Bluffdale, UT 84065
USA

-Tim Jackson
TEL: 801-984-7865
FAX: 801-495-0280

CST Lab: NVLAP 100432-0

CodeXML® FIPS Bluetooth® Modem
(Hardware Version: P/N BTHDFIPS-M2_01; Firmware Version: 0187)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/02/2011;
04/04/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1456)

-Other algorithms: N/A

Multi-chip standalone

"Code Corporation’s CodeXML® FIPS Bluetooth® Modem, when used in conjunction with the Code Reader 2500 FIPS or Code Reader 3500 FIPS bar code readers, provides an encrypted wireless bar code reading solution with a working range of up to 300 feet. The CodeXML® FIPS Bluetooth® Modem employs a FIPS approved AES-256 algorithm with per session keys to ensure that the connection between modem and bar code reader is highly secure. The FIPS code has been optimized to provide line speed communications over the wireless link."
1508 Motorola, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

ASTRO CDEM Motorola Advanced Crypto Engine (MACE)
(Hardware Version: P/N 5185912Y01; Firmware Version: R01.01.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/02/2011 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #819, #1295 and #1297); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); AES (AES Cert. #819, key wrapping; key establishment methodology provides 256 bits of encryption strength); LFSR; DES

Single-chip

"The ASTRO CDEM MACE provides secure key management and data encryption for the Astro System."
1507 F-Secure Corporation
Tammasaarenkatu 7
PL 24
Helsinki, 00180
Finland

-Alexey Kirichenko
TEL: +358 9 2520 5548

CST Lab: NVLAP 200427-0

F-Secure Kernel Mode Cryptographic Driver
(Software Version: 2.3.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/02/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 with Service Pack 2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1543); HMAC (Cert. #894); RNG (Cert. #831); SHS (Cert. #1368); Triple-DES (Cert. #1013)

-Other algorithms: Blowfish; DES; HMAC-MD5; HMAC-RIPEMD-160; MD5; PBKDF2; RIPEMD-160

Multi-chip standalone

"The F-Secure Kernel Mode Cryptographic Driver is a FIPS 140-2 Level 1 validated software module, implemented as a 32-bit Windows Server 2008, 2008 R2, and Windows 7 compatible export driver. When loaded into computing system memory, it resides at the kernel mode level of the Windows OS and provides an assortment of cryptographic services that are accessible by other kernel mode drivers through a C-language Application Program Interface."
1506

CST Lab: NVLAP 200658-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/28/2011 Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1505 IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-Carl Buscaglia
TEL: 845-435-6902

CST Lab: NVLAP 100432-0

IBM 4765 Cryptographic Coprocessor Security Module
(Hardware Version: P/Ns 45D6048 Version 1.0 or 41D8612 Version 1.0; Firmware Version: e1ced7a0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/24/2011;
12/21/2012
Overall Level: 4 

-FIPS Approved algorithms: AES (Cert. #1294); RNG (Cert. #722); RSA (Cert. #621); SHS (Cert. #1188)

-Other algorithms: DES MAC

Multi-chip embedded

"The IBM 4765 Cryptographic Coprocessor Security Module, is a tamper responding, programmable, cryptographic PCIe card, containing CPU, encryption hardware, RAM, persistant memory, hardware random number generator, time of day clock, firmware, and software. The Coprocessor is designed as a feature in the IBM System z server."
1504 Data Locker Inc.
7500 College Suite 600
Overland Park, KS 66210
USA

-Jay Kim
TEL: 913-310-9088
FAX: 800-858-4709

CST Lab: NVLAP 200658-0

Data Locker Enterprise, V2.0
(Hardware Versions: P/Ns DL500E2 and DL1000E2; Firmware Version: 2.30)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/24/2011;
03/01/2011
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #250)

-Other algorithms: N/A

Multi-chip standalone

"The Data Locker Enterprise is a fully platform independent, portable encrypted hard drive. Compatible with MAC, Windows and Linux systems, the Data Locker operates without any host based software or drivers. It utilizes an embedded LCD touch screen interface for all authentication and administrative functions. The device is fully 256bit AES CBC Mode encrypted via a dedicated crypto engine."
1503 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 5.0 or 5.0.1)

(When operated in FIPS140_MODE or FIPS140_SSL_MODE and initialized with Level 2 Authentication)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/24/2011;
03/28/2011;
09/19/2011;
01/23/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 with Sun JRE 5.0; Microsoft Windows XP SP3 with Sun JRE 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1465 and #1766); DRBG (Certs. #57 and #117); DSA (Certs. #464 and #552); ECDSA (Certs. #182 and #236); HMAC (Certs. #863 and #1036); RNG (Certs. #802 and #940); RSA (Certs. #717, #881 and FIPS 186-3, vendor affirmed); SHS (Certs. #1328 and #1549); Triple-DES (Certs. #988 and #1143)

-Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using encryption techniques to provide a persistent level of protection. RSA BSAFE® Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1502 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 5.0 or 5.0.1)

(When operated in FIPS140_MODE or FIPS140_SSL_MODE)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/24/2011;
03/28/2011;
09/19/2011;
01/24/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 with Sun JRE 5.0; Microsoft Windows XP SP3 with Sun JRE 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1465 and #1766); DRBG (Certs. #57 and #117); DSA (Certs. #464 and #552); ECDSA (Certs. #182 and #236); HMAC (Certs. #863 and #1036); RNG (Certs. #802 and #940); RSA (Certs. #717, #881 and FIPS 186-3, vendor affirmed); SHS (Certs. #1328 and #1549); Triple-DES (Certs. #988 and #1143)

-Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using encryption techniques to provide a persistent level of protection. RSA BSAFE® Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1501 ActivIdentity, Inc.
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Jean-Luc Azou
TEL: 510-574-1738
FAX: 510-574-0101

CST Lab: NVLAP 200427-0

Cryptographic Module for F5 and C5
(Software Version: 1.7.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/24/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Technologic Systems® TS-Linux 2.4.26-ts11 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1494); ECDSA (Cert. #186); HMAC (Cert. #879); RNG (Cert. #813); RSA (Cert. #733); SHS (Cert. #1347); Triple-DES (Cert. #1001)

-Other algorithms: N/A

Multi-chip standalone

"ActivIdentity F5 and C5 software development kits are designed to enable vendors to incorporate cryptographic-based technologies into their physical access control applications. The F5 SDK enables physical access strong authentication using FIPS 201 PIV smart cards, in compliance with the authentication modes described in NIST Special Publication 800-116. The C5 SDK enables strong authentication in the case of standalone electronic locks and physical access control systems, by writing digitally signed privileges to and from smart cards."
1500 Pragma Systems, Inc.
13809 Research Boulevard, Suite 675
Austin, TX 78750
USA

-Andrew Tull, Vice President, Sales & Marketing
TEL: 512-219-7270
FAX: 512-219-7110

-David S. Kulwin
TEL: 512-219-7270
FAX: 512-219-7110

CST Lab: NVLAP 200426-0

Pragma Systems Cryptographic Module
(Software Version: 1.0.0.12)

(When operated in FIPS mode with Microsoft Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Certs. #1012, #1010 and #1002 operating in FIPS mode and Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) validated to FIPS 140-2 under Certs. #1009, #1003 and #875 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/10/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2003 Server; Microsoft Windows 2008 Server; Microsoft Windows Vista (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739 and #818); Triple-DES (Certs. #656 and #691); HMAC (Certs. #407, #408 and #452); SHS (Certs. #753 and #816); RSA (Certs. #354, #355 and #395); DSA (Certs. #221, #281 and #282); RNG (Certs. #314, #435 and #470); DRNG (SP 800-90, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA KeyGen (non-compliant); MD5

Multi-chip standalone

"The Pragma Systems Cryptographic Module is a dynamically linked library that provides the cryptographic abstraction used in the Pragma Fortress Secure Shell (SSH) products."
1499 Palo Alto Networks
232 E. Java Drive
Sunnyvale, CA 94089
USA

-Nicholas Campagna
TEL: 408-738-7700
FAX: 408-738-7701

CST Lab: NVLAP 100432-0

PA-500, PA-2000 Series and PA-4000 Series Firewalls
(Hardware Versions: HW P/N 910-000006-00D Rev. D with FIPS Kit P/N 920-000005-001 Rev. 1 (PA-500), HW P/N 910-000004-00K Rev. K with FIPS Kit P/N 920-000004-001 Rev. 1 (PA-2020), HW P/N 910-000003-00K Rev. K with FIPS Kit P/N 920-000004-001 Rev. 1 (PA-2050), HW P/N 910-000002-00Q Rev. Q with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4020), HW P/N 910-000001-00P Rev. P with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4050) and HW P/N 910-000005-00G Rev. G with FIPS Kit P/N 920-000003-001 Rev. 1 (PA-4060); Firmware Version: 3.1.2 or 3.1.7-h1)

(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/10/2011;
06/21/2011
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1378); Triple-DES (Cert. #950); RSA (Cert. #675); DSA (Cert. #451); HMAC (Cert. #810); SHS (Cert. #1259); RNG (Cert. #760)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; Camellia; RC2; SEED; DES

Multi-chip standalone

"Palo Alto Network's next-generation firewalls provide network security by enabling enterprises to see and control applications, users, and content - not just ports, IP addresses, and packets - using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls."
1498 SafeNet, Inc.
4690 Millenium Drive
Belcamp, MD 21017
USA

-Iain Holness
TEL: 613-221-5049
FAX: 613-723-5079

CST Lab: NVLAP 100432-0

DataSecure Appliance i150 and i450
(Hardware Versions: P/Ns 947-00150-001 and 947-000031-001; Firmware Version: 4.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/01/2011;
02/23/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #916); AES (Cert. #1315); DSA (Cert. #421); RNG (Cert. #733); RSA (Cert. #629); SHS (Cert. #1185); HMAC (Cert. #751)

-Other algorithms: RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; DES; SEED; RC4

Multi-chip standalone

"The SafeNet DataSecure Appliance is a dedicated hardware product designed specifically for security and cryptographic processing, allowing organizations to protect structured and unstructured data, from within the data center out to remote locations, and ensure compliance with legislative and policy mandates for security. With its capabilities for granular encryption, seamless integration, and centralized key and policy management, DataSecure enables organizations to guard against a range of security threats, with unparalleled ease and cost effectiveness."
1497 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Secure Access Control Server (ACS) FIPS module (NSS)
(Software Versions: 3.12.5 and 3.12.5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/10/2011;
02/23/2012;
04/05/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Cisco CARS 1.2.0.182 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1475); DRBG (Cert. #59); DSA (Cert. #466); HMAC (Cert. #868); RSA (Cert. #722); SHS (Cert. #1334); Triple-DES (Cert. #993)

-Other algorithms: Camellia; DES; Diffie-Hellman; EC Diffie-Hellman; MD2; MD5; RC2; RC4; SEED

Multi-chip standalone

"The Cisco Secure Access Control Server (ACS) FIPS module (NSS) Version 3.12.5 is a software cryptographic library that provides cryptographic services to the Cisco Access Control Server (ACS) application. The Cisco ACS FIPS module (NSS) is a general-purpose cryptographic library, with an API based on the industry standard PKCS #11 version 2.20."
1496 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Secure Access Control Server (ACS) FIPS module (cryptolib)
(Software Versions: 1.1, 1.2 and 1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/10/2011;
04/27/2011;
02/23/2012:
06/21/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Cisco CARS 1.2.0.182 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1474); HMAC (Cert. #867); RNG (Cert. #805); RSA (Cert. #721); SHS (Cert. #1333)

-Other algorithms: AES (Cert. #1474, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC MD5; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Secure ACS FIPS Module Version 1.1 is a software cryptographic library that provides cryptographic services to the Cisco Access Control Server (ACS) application. The Secure ACS FIPS module provides FIPS compliant cryptography supporting AAA for IEEE 802.11i security (WPA2) with EAP protocols like EAP-TLS, EAP-FAST, PEAP with RADIUS Key Wrap functionalities, Cisco TrustSec (CTS), and 802.1x-rev."
1495

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/28/2011;
06/08/2012;
10/15/2012
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1494 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81-46-202-8074
FAX: +81-46-202-6304

CST Lab: NVLAP 100432-0

Sony Security Module
(Hardware Version: 1.0.1; Firmware Version: 1.0.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/21/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #901, #902 and #1470); RNG (Certs. #517 and #804); RSA (Cert. #724); SHS (Certs. #882 and #1330); HMAC (Certs. #865 and #866)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; NDRNG

Multi-chip embedded

"The Sony Security Module (SSM) is cryptographic module to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1493 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81-46-202-8074
FAX: +81-46-202-6304

CST Lab: NVLAP 100432-0

Sony Security Module
(Hardware Version: 1.1.0; Firmware Version: 1.1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/21/2011 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #901, #902 and #1470); RNG (Certs. #517 and #804); RSA (Cert. #724); SHS (Certs. #882 and #1330); HMAC (Certs. #865 and #866)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; NDRNG

Multi-chip embedded

"The Sony Security Module (SSM) is cryptographic module to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1492 IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0

IBM® z/OS® Version 1 Release 11 System SSL Cryptographic Module
(Hardware Versions: FC3863 w/System Driver Level 77 and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Software Versions: System SSL level HCPT3B0/JCPT3B1 with APAR OA31595, RACF level HRF7760 with APAR OA30951 and ICSF level HCR7770 with APAR OA32012; Firmware Version: 4765-001 (e1ced7a0))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 02/04/2011;
04/12/2011
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with IBM System z10(TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM System z10(TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 77 and z/OS® V1R11] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #976, #1418 and #1419); Triple-DES (Certs. #769, #968 and #969); DSA (Certs. #458 and #459); RSA (Certs. #691, #692, #693, #694 and #695); SHS (Certs. #946, #1286 and #1287); HMAC (Certs. #836 and #837); RNG (Certs. #775 and #776)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2

Multi-chip standalone

"System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1491 Hughes Network Systems, LLC
11717 Exploration Lane
Germantown, MD 20876
USA

-Shayla Fahey
TEL: 301-548-1239

-Shanti Vedula
TEL: 301-212-1016

CST Lab: NVLAP 200556-0

HX280 Broadband Satellite Router
(Hardware Version: Rev C.; Firmware Versions: 6.6.0.3 or 6.7.0.10)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 01/28/2011;
08/09/2011
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1451 and #1453); SHS (Cert. #1316); HMAC (Cert. #853); DSA (Cert. #463); RNG (Cert. #796)

-Other algorithms: Diffie-Hellman (key agreement providing 80 bits of encryption strength; non-compliant); MD5; NDRNG

Multi-chip standalone

"The Hughes HX280 Mesh/Star Broadband Router is a high-performance satellite router that enables carrier-grade broadband Internet Protocol services with enhanced security protecting all data, management, and signaling traffic over the satellite network, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization, and access control capabilities."
1490 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 4000 PIKE2
(Hardware Version: P/N 51009397004; Firmware Version: R01.01.00, R01.01.01, R01.01.04 or R02.03.00)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/28/2011;
06/01/2011;
03/14/2012;
12/07/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); RNG (Cert. #812)

-Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP

Single-chip

"The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1489 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 4000 PIKE2
(Hardware Version: P/N 51009397004; Firmware Version: R01.01.00, R01.01.01, R01.01.04 or R02.03.00)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/28/2011;
06/01/2011;
03/14/2012;
12/07/2012
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); RNG (Cert. #812)

-Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP

Single-chip

"The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
1488 Schweitzer Engineering Laboratories, Inc.
2350 NE Hopkins Court
Pullman, WA 99163
USA

-Joe Casebolt
TEL: 509-332-1890
FAX: 509-332-7990

CST Lab: NVLAP 100432-0

SEL-3045
(Hardware Version: 1.0; Firmware Version: R100 or R101)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/28/2011;
02/06/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1272); SHS (Cert. #1170); HMAC (Cert. #739); RNG (Cert. #710); DSA (Cert. #412)

-Other algorithms: AES (Cert. #1272, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The SEL-3045 Secure SCADA Card provides strong cryptographic security to a variety of communications networks. It protects point-to-point, multi-drop, and many-to-many networks. The SEL-3045 secures all byte oriented serial protocols including popular SCADA or PCS protocols like DNP and MODBUS common to PLC, IED and RTU products. It quickly integrates into serial communication networks including modem and data radio."
1487 Athena Smartcard Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

-Ste´phanie Motre´
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0

Athena IDProtect Duo PIV
(Hardware Version: P/N AT90SC12872RCFT Revision M; Software Version: P/N Athena PIV Applet Version 2.0; Firmware Version: P/N Athena IDProtect Duo Version 0107.9334.0306)

(PIV Card Application: Cert. #20)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/28/2011;
04/12/2013;
02/06/2014;
05/28/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); RNG (Cert. #368); RSA (Cert. #296); SHS (Cert. #680); CVL (Cert. #210)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #598, key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Single-chip

"The Athena IDProtect Duo PIV cryptographic module is compliant with FIPS 201 as an end point compliant card. The PIV application is hosted by the Athena IDProtect dual interface smart card operating system compliant with the Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
1486 Hewlett-Packard Company
Longdown Avenue
Stoke Grifford, Bristol BS34 8QZ
United Kingdom

-Laura Loredo
TEL: 44 117 312 9341

CST Lab: NVLAP 100432-0

HP LTO-5 Tape Drive
(Hardware Version: AQ273C #912 [1], AQ273D #704 [2], AQ273F #900 [3] and AQ283B #103 [4]; Firmware Version: I3BW [1], I3AS [2], I3AZ [3] and Z39W [4])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/28/2011 Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #1441, #1442, #1443 and #1444); HMAC (Cert. #848); RNG (Certs. #790 and #791); RSA (Certs. #708 and #709); SHS (Certs. #1308 and #1309)

-Other algorithms: MD5; AES (AES Cert. #1441, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"HP LTO-5 Tape Drive sets new standards for capacity, performance, and manageability. The HP LTO-5 represents HP's fifth-generation of LTO tape drive technology capable of storing up to 3TB per cartridge while providing enterprise tape drive monitoring and management capabilities with HP TapeAssure and AES 256-bit hardware data encryption, easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges. Capable of data transfer rates up to 280MB/sec, HP's exclusive Data Rate Matching feature further optimizes performance by matching speed of host to"
1485 Hughes Network Systems, LLC
11717 Exploration Lane
Germantown, MD 20876
USA

-Shayla Fahey
TEL: 301-548-1239

-Shanti Vedula
TEL: 301-212-1016

CST Lab: NVLAP 200556-0

Hughes Crypto Kernel - Firmware
(Firmware Version: 3.1.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 01/11/2011 Overall Level: 1 

-Tested: Hughes HX280 with the VxWorks 5.4 operating system

-FIPS Approved algorithms: AES (Cert. #1453); SHS (Cert. #1316); HMAC (Cert. #853); DSA (Cert. #463); RNG (Cert. #796)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 256 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-256."
1484 Hughes Network Systems, LLC
11717 Exploration Lane
Germantown, MD 20876
USA

-Shayla Fahey
TEL: 301-548-1239

-Shanti Vedula
TEL: 301-212-1016

CST Lab: NVLAP 200556-0

Hughes Crypto Kernel
(Software Version: 3.1.0.4)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 01/11/2011 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft® Windows Server® 2008 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1450); SHS (Cert. #1314); HMAC (Cert. #851); DSA (Cert. #461); RNG (Cert. #794)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"The Hughes Crypto Kernel (HCK) is a FIPS 140-2 Level 1 cryptographic module available for the Hughes HN and HX systems. The HCK enables the use of end-to-end bidirectional encryption between a remote site and the enterprise data center, while still enabling the use of all Hughes satellite acceleration features, as well as Hughes' advanced routing, prioritization and access control capabilities. The HCK uses AES 256 bit encryption to encrypt user traffic, uses IKE to dynamically generate session keys used for encryption, and ensures message authentication and integrity using HMAC-SHA-256."
1483 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Amol Kabe
TEL: 415-344-4447

-Gordon Chaffee
TEL: 415-247-7353

CST Lab: NVLAP 200017-0

Steelhead 3020, Steelhead 3520, Steelhead 5520 and Steelhead 6020 Appliances
(Hardware Versions: 3020, 3520, 5520 and 6020; Firmware Version: 4.1.10)

(When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/11/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant)

Multi-chip standalone

"The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1482 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Amol Kabe
TEL: 415-344-4447

-Gordon Chaffee
TEL: 415-247-7353

CST Lab: NVLAP 200017-0

Steelhead 5050 and Steelhead 6050 Appliances
(Hardware Versions: 5050 and 6050; Firmware Version: 4.1.10)

(When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/11/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant)

Multi-chip standalone

"The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1481 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Amol Kabe
TEL: 415-344-4447

-Gordon Chaffee
TEL: 415-247-7353

CST Lab: NVLAP 200017-0

Steelhead 520, Steelhead 1020, Steelhead 1520 and Steelhead 2020 Appliances
(Hardware Versions: 520, 1020, 1520 and 2020; Firmware Version: 4.1.10)

(When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/11/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant)

Multi-chip standalone

"The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1480 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Amol Kabe
TEL: 415-344-4447

-Gordon Chaffee
TEL: 415-247-7353

CST Lab: NVLAP 200017-0

Steelhead 1050 and Steelhead 2050 Appliances
(Hardware Versions: 1050 and 2050; Firmware Version: 4.1.10)

(When operated in FIPS mode and with the tamper evident seals and security panels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/11/2011 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1044); HMAC (Cert. #586); RNG (Cert. #595); RSA (Cert. #498); SHS (Cert. #994); Triple-DES (Cert. #792)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (FIPS 186-3; non-compliant) ; MD5; DES; RC2; RC4; IDEA; CAST; Blowfish; HMAC-Tiger; EC Diffie-Hellman (SP 800-56A; non-compliant)

Multi-chip standalone

"The Steelhead family of appliances provides application acceleration and accelerated data transfer over a wide area network (WAN), overcoming bandwidth and geographical limitations to improve productivity and enable global collaboration."
1479 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation S200/D200
(Hardware Versions: D2-S200-S01 (Rev 1), D2-S200-S02 (Rev 1), D2-S200-S04 (Rev 1), D2-S200-S08 (Rev 1), D2-S200-S16 (Rev 1), D2-D200-S01 (Rev 1), D2-D200-S02 (Rev 1), D2-D200-S04 (Rev 1), D2-D200-S08 (Rev 1), D2-D200-S16 (Rev 1) or D2-D200-S32 (Rev 1); Firmware Version: 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.1.0, 2.1.1 or 2.1.2)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/07/2011;
08/09/2011;
09/19/2011;
10/04/2011;
10/26/2011;
04/24/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1034); RNG (Certs. #587 and #702); RSA (Cert. #605); SHS (Certs. #987 and #1154); HMAC (Cert. #579)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IronKey Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1478 Juniper Networks, Inc.
1194 Norht Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks SRX100, SRX210, SRX240 and SRX650 Services Gateways
(Hardware Version: SRX100B, SRX100H, SRX210B, SRX210H, SRX240B, SRX240H and SRX650-BASE-SRE6-645AP with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.0R4)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 01/05/2011;
01/20/2011;
12/11/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #937 and #948); AES (Certs. #1362 and #1373); DSA (Cert. #440); SHS (Certs. #1242 and #1255); RNG (Cert. #748); RSA (Cert. #662); HMAC (Certs. #798 and #806)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"Juniper Networks SRX100, SRX210, SRX240 and SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. Supports Firewall, IPsec VPN and IPS."
1477 Juniper Networks, Inc.
1194 Norht Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks LN1000 Mobile Secure Router
(Hardware Version: LN1000-V with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 10.0R4)

(The tamper evident seals and security device installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/05/2011;
12/11/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #936 and #947); AES (Certs. #1351 and #1372); DSA (Cert. #439); SHS (Certs. #1234 and #1254); RNG (Cert. #743); RSA (Cert. #657); HMAC (Certs. #790 and #805)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"Juniper Networks LN1000 Mobile Secure Router is an edge access router that delivers a high-performance routing firewall and intrusion detection service (IDS). The LN1000 addresses the growing demand for a network access presence in military, first responder and transportation vehicles, mining and exploration equipment, unmanned aircraft, and power grids."
1476 3e Technologies International, Inc.
9715 Key West Avenue
Suite 500
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325

CST Lab: NVLAP 200427-0

3e-525A-3, 3e-525A-3EP, 3e-525A-3MP, 3e-525V-3 and 3e-525Ve-4 AirGuard™ Wireless Access Points
(Hardware Version: 2.0(A) (3e-525A-3, 3e-525A-3MP, 3e-525V-3, 3e-525Ve-4), 2.1 (3e-525A-3, 3e-525A-3EP, 3e-525A-3MP, 3e-525V-3, 3e-525Ve-4) and 90000522-001; Firmware Version: 4.4)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/05/2011 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1021, 1022 and 1023); HMAC (Certs. #571 and #572); RNG (Cert. #583); RSA (Cert. #490); SHS (Certs. #976 and #977); Triple-DES (Cert. #783)

-Other algorithms: AES CFB (non-compliant); MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The AirGuard™ model 525A-3 and model 525V-3/4 Wireless Access Points are packaged in rugged IP 66 weatherproof enclosure and conforms to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking for wireless applications. In access point or gateway mode, the 525A-3 can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps up to 108 Mbps. The 525V-3/4 incorporates an extra video module to provide capability for remote video surveillance and camera control."


Need Assistance?