CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016
All

Last Updated: 7/06/2016

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Val.
Date
Level / Description
1867Pitney Bowes, Inc.
37 Executive Drive
Danbury, CT 06810
USA

David Riley
TEL: 203-796-3208
FAX: 203-796-3129

CST Lab: NVLAP 100432-0
Cygnus X3 Hardware Security Module (XHSM)
(Hardware Version: P/N 1R84000 Version A; Firmware Versions: 01.00.06 and 01.03.0074 (Device Abstraction Layer))

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/19/2012Overall Level: 3

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: AES (Cert. #1979); DRBG (Cert. #181); DSA (Cert. #632); ECDSA (Cert. #286); HMAC (Cert. #1192); KAS (Cert. #33); CVL (Cert. #20); RSA (Cert. #1063); SHS (Cert. #1733); Triple-DES (Cert. #1319); Triple-DES MAC (Triple-DES Cert. #1319, vendor affirmed)

-Other algorithms: AES (Cert. #1979, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 in order to support international digital indicia standards globally. The Cygnus X3 HSM Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1863Kaseya US Sales, LLC
901 N. Glebe Road
Suite 1010
Arlington, VA 22203
USA

Bill Durant
TEL: 415-694-5700

CST Lab: NVLAP 200996-0
Virtual System Administrator Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/13/2012Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with MAC OS X v10.6.8
Windows 7 (32-bit)
Windows 7 (64-bit)
Windows Server 2008
Red Hat Enterprise Linux 5.5 (32-bit)
Red Hat Enterprise Linux 5.5(64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1988 and #1989); HMAC (Cert. #1202); SHS (Cert. #1744); DRBG (Cert. #185)

-Other algorithms: AES (Cert. #1989, key wrapping); AES-CBC (non-compliant)

Multi-chip standalone

"The Kaseya Virtual System Administrator provides an IT automation framework allowing IT managers to proactively monitor, manage, maintain, and protect distributed IT resources using a single, integrated web-based interface. The services offered by Kaseya Virtual System Administrator are ever-broadening; as IT management services needs increase, so do the tools and services provided by the framework."
1859Red Hat®, Inc.
314 Littleton Road
Raleigh, NC 27606
USA

Ann-Marie Rubin
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux 6.2 Openswan Cryptographic Module
(Software Version: 2.0)
(When operated in FIPS mode and when obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9 of the provided Security Policy. This module contains the embedded Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode and the Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837 operating in FIPS mode. Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs are verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/03/2012Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1289 and #1290); AES (Certs. #1985 and 1986); SHS (Certs. #1741 and #1742); RSA (Cert. #979, vendor affirmed); DRBG (Certs. #183 and #184); DSA (Certs. #634 and #635); HMAC (Certs. #1129, #1130, #1134, #1135, #1199 and #1200)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC2; RC4; DES; Seed; CAMELLIA; MD2; MD5

Multi-chip standalone

"The Red Hat Enterprise Linux 6.2 OpenSwan Cryptographic Module is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec."
1858Vidyo, Inc.
433 Hackensack Ave, 6th Floor
Hackensack, NJ 07601
USA

CST Lab: NVLAP 200556-0
Cryptographic Security Kernel
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/29/2012Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E50xx without PAA
Mac OS X 10.6.8 32-bit running on Intel Core Duo without PAA
Mac OS X 10.6.8 64-bit running on Intel Core 2 Duo without PAA
Mac OS X 10.7.3 32-bit or Mac OS 10.7.3 64-bit running on Intel Core 2 Duo without PAA
Windows 7 32-bit running on Intel Core Duo without PAA
Windows 7 64-bit running on Intel Core 2 Duo without PAA
Windows XP 32-bit running on Intel Core Duo without PAA
Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E3 with PAA
Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on Intel Core i5 with PAA
Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on Intel Core i5 with PAA
Windows 7 32-bit or Windows 7 64-bit running on Intel Core i5 with PAA
Windows XP 32-bit running on Intel Core i5 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2027 and #2028), DRBG (Certs. #194 and #195), HMAC (Certs. #1229 and #1230), SHS (Certs. #1776 and #1777)

-Other algorithms: N/A

Multi-chip standalone

"The Vidyo Cryptographic Security Kernel is a subset of the VidyoTechnology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications."
1854

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/28/2012Overall Level: 2

Multi-chip standalone
1843Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat 13705
France

Frederic Garnier
TEL: +33 4 42 36 43 68
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 200427-0
Protiva+ PIV v2.0 using TOP DL v2 and TOP IL v2
(Hardware Versions: A1025258 and A1023393; Firmware Versions: Build#11 - M1005011 + Softmask V04, Applet Version: PIV Applet v2.00 + OATH Applet v2.10)
(When operated in FIPS mode with module TOP DL v2 or TOP IL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode)

This module is in process for the RNG transition.
Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/29/2012
02/06/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1973); CVL (Cert. #18); ECDSA (Cert. #284); RNG (Cert. #1038); RSA (Cert. #1019); SHS (Cert. #1727); Triple-DES (Cert. #1280); Triple-DES MAC (Triple-DES Cert. #1280, vendor affirmed); CVL (Certs. #217 and #224)

-Other algorithms: N/A

Single-chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1839Entrust, Inc.
One Lincoln Centre
5400 LBJ Freeway
Suite 1340
Dallas, TX 75240
USA

Entrust Sales

CST Lab: NVLAP 100432-0
Entrust Authority™ Security Toolkit for the Java® Platform
(Software Version: 8.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/29/2012
05/28/2014
01/08/2016
Overall Level: 2



-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2008 R2 with Dell Optiplex 755

-FIPS Approved algorithms: AES (Certs. #1935 and #1954); Triple-DES (Cert. #1261); Triple-DES MAC (Cert. #1261, vendor affirmed); DSA (Cert. #617); DRBG (Cert. #170); ECDSA (Cert. #277); SHS (Cert. #1700); HMAC (Cert. #1168); RSA (Cert. #1001); CVL (Cert. #16); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); AES (Cert. #1935, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); CAST3; CAST128; DES; IDEA; RC2; RC4; Rijndael-256; MD2; MD5; RIPEMD-160; SSL3-SHA-MD5; HMAC-MD5; CAST128 MAC; DES MAC; IDEA MAC; ElGamal; SPEKE; RNG (non-compliant)

Multi-chip standalone

"Entrust Authority™ Security Toolkit for the Java® Platform enables custom applications to be built using a rich set of APIs that provide encryption, digital signature, and certificate authentication capabilities, as well as the ability to manage the full lifecycles of digital certificate-based identities through integration with the Entrust Authority PKI."
1837Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0
NSS Cryptographic Module
(Software Version: 3.12.9.1)
(When operated in FIPS mode and when obtained, installed, and initialized as specified in Section 5 of the provided Security Policy. Section 5 also specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/08/2012Overall Level: 1

-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system
Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system
Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1908); DRBG (Cert. #165); DSA (Cert. #602); HMAC (Cert. #1145); RSA (Cert. #979); SHS (Cert. #1675); Triple-DES (Cert. #1240)

-Other algorithms: AES (Cert. #1908, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HKDF; J-PAKE; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Cert. #1240, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/ ."
1835Cavium Networks
2315 N First Street
San Jose, CA 95131
USA

TA Ramanujam
TEL: 408-931-2952
FAX: 408-577-1992

CST Lab: NVLAP 100432-0
NITROX XL 1600-NFBE HSM Family
(Hardware Versions: P/Ns CN1620-NFBE1NIC-2.0, CN1620-NFBE3NIC-2.0, CN1610-NFBE1NIC-2.0, CN1610-NFBE1-3.0, CN1620-NFBE1-3.0, CN1620-NFBE3-3.0, CN1610-NFBE1-2.0, CN1620-NFBE1-2.0 and CN1620-NFBE3-2.0; Firmware Version: CN16XX-NFBE-FW-2.1-110015 or CN16XX‐NFBE‐FW‐2.1‐110016)
(When operated in FIPS mode)

This module is in process for the RNG transition.
Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/08/2012
10/18/2013
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1265 and #1266); Triple-Des (Cert. #898); RSA (Certs. #607 and #742); ECDSA (Certs. #150 and #188); SHS (Certs. #1165 and #1166); HMAC (Cert. #736); KAS (Cert. #5); RNG (Cert. #707); DRBG (Cert. #32); DSA (Cert. #474)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE

Multi-chip embedded

"The NITROX XL 1600-NFBE HSM adapter family delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets."
1831Motorola Solutions, Inc.
1303 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0
KMF CryptR
(Hardware Version: P/N CLN8566A; Firmware Versions: R01.02.10, R01.05.00 or R01.05.01)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/05/2012
12/07/2012
09/12/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1901); DRBG (Cert. #159); ECDSA (Cert. #268); SHS (Cert. #1670)

-Other algorithms: AES (Cert. #1901, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #1901, vendor affirmed; P25 AES OTAR); NDRNG; LFSR; KAS (non-compliant); DES-XL; DES-OFB; DES-ECB; DES-CBC; DVI-XL; DVP-XL

Multi-chip standalone

"The KMF CryptR provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola's Key Management Facility (KMF). The KMF and KMF CryptR combine to provide these cryptographic services for Motorola's APCO-25 compliant Astro radio systems."
1826Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

Monty Forehand
TEL: 720-684-2835
FAX: 720-684-2733

CST Lab: NVLAP 100432-0
Seagate Secure® TCG Opal SSC Self-Encrypting Drive
(Hardware Versions: 9WU142 [1, 2, 3, 4, 5], 9WU14C [1, 2, 3, 4, 5], 9WU141 [1, 2, 3, 4, 5], 1DJ142 [1, 5, 6, 7], 1DJ14C [1, 5, 6, 7], 1DJ141 [1, 5, 6, 7], 1RS152 [8, 9, 10], 1RS15C [8, 9, 10] and 1RS15D [8, 9, 10]; Firmware Versions: 0001SDM7 [1], 0001SED7 [2], 0002SDM7 [3], 0002SED7 [4], 0001LIM7 [5], 1002SED7 [6], 1003SED7 [7], 0001SDM7 [8], 0001YXM7 [9]or 0002LIM7 [10])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/05/2012
06/14/2013
05/20/2014
09/25/2014
Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225)

-Other algorithms: NDRNG

Multi-chip embedded

"The Seagate Secure® TCG Opal SSC Self-Encrypting Drive is embedded in Seagate Momentus® Thin Self-Encrypting Drives (SEDs). The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
1824Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Telepresence C20 Codec
(Hardware Version: C20 v1; Firmware Version: TC5.0.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/14/2012
11/21/2012
12/03/2012
Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255)

-Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1823Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Telepresence C40, C60, and C90 Codecs
(Hardware Versions: C40 v1, C60 v1 and C90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/05/2012
11/21/2012
12/03/2012
Overall Level: 2

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #1928); DRBG(Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255)

-Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1818Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco EX60 and EX90 TelePresence Systems
(Hardware Versions: EX60 v1 and EX90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/11/2012
11/21/2012
12/03/2012
Overall Level: 2

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255)

-Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1817LogRhythm
4780 Pearl East Circle
Boulder, CO 80301
USA

Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0
LogRhythm 6.0.4 or 6.3.4 Event Manager
(Software Version: 6.0.4 or 6.3.4)
(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/11/2012
05/18/2015
05/12/2016
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: HMAC-MD5; MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Event Manager cryptographic module provides cryptographic services to an Event Manager. In particular, these services support secure communication with supporting SQL Server databases."
1811IMS Health Inc.
16720 Route Transcanadienne
Suite 1700
Kirkland, Québec H9H 5M3
Canada

Charles Blair
TEL: 905-816-5131

Hussam Mahgoub
TEL: 905-816-5134

CST Lab: NVLAP 200928-0
Diversinet Java Crypto Module
(Software Version: 2.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/11/2012
02/20/2014
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 with JDK v1.6 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1276); AES (Cert. #1965); SHS (Cert. #1723); HMAC (Cert. #1185); DRBG (Cert. #175); RSA (Cert. #1017)

-Other algorithms: N/A

Multi-chip standalone

"Diversinet Java SE Crypto Module is a JCA (Java Cryptography Architecture) Provider shipped with Diversinet MobiSecure Products. The Crypto Module implements several JCE (Java Cryptography Extension) algorithms including Triple DES, AES, SHA, HMAC and RSA. The Crypto Module is packaged in a signed Java Archive (JAR) file."
1809Systematic Development Group, LLC
350 Jim Moran Blvd. Suite 122
Deerfield Beach, FL 33442
USA

George Wolf
TEL: 954-889-3535 x315

CST Lab: NVLAP 100432-0
LOK‐IT® 10 KEY (Series SDG003FM/SDG005M)
(Hardware Versions: HW003‐32 Rev:01 [2], HW003‐16 Rev:03 [1], HW003‐16 Rev:04 [2], HW003‐08 Rev:02 [1], HW003‐08 Rev:03 [2] , HW003‐04 Rev:02 [1] and HW003‐04 Rev:03 [2]; Firmware Version: USB Controller Firmware Revision V01.12A12-F01 [1] or V01.12A14‐F05 [2]; Security Controller Firmware Revision SDG003FM-010)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/02/2012
01/22/2013
07/26/2013
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1682); DRBG (Cert. #164)

-Other algorithms: NDRNG

Multi-chip standalone

"This module is a multi-chip standalone cryptographic module, as defined by FIPS 140-2 and consists of an Initio 1861 USB controller, NAND Flash memory and a Microchip PIC16LF1825 security controller. All components are encased in hard, opaque, production grade integrated circuit packaging. The cryptographic boundary is defined as the boundary of the module's PCB and hard epoxy coating. The module uses a NDRNG as input to a Hash_DRBG algorithm specified in NIST special publication SP800-90 to generate a random 256 bit encryption key. The AES key has 256 bits of entropy."
1808LogRhythm
4780 Pearl East Circle
Boulder, CO 80301
USA

Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0
LogRhythm 6.0.4 or 6.3.4 Log Manager
(Software Version: 6.0.4 or 6.3.4)
(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/02/2012
05/18/2015
05/12/2016
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: HMAC-MD5; MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Log Manager cryptographic module provides cryptographic services to a Log Manager. In particular, these services support secure communication with other LogRhythm components (System Monitor Agents and AI Engine Servers) and SQL Server databases."
1807LogRhythm
4780 Pearl East Circle
Boulder, CO 80301
USA

Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0
LogRhythm 6.0.4 or 6.3.4 Console
(Software Version: 6.0.4 or 6.3.4)
(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/02/2012
05/18/2015
05/12/2016
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: HMAC-MD5; MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Console cryptographic module provides cryptographic services to a Console. In particular, these services support secure communication with SQL Server databases in a LogRhythm deployment."
1806LogRhythm
4780 Pearl East Circle
Boulder, CO 80301
USA

Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0
LogRhythm 6.0.4 or 6.3.4 Windows System Monitor Agent
(Software Version: 6.0.4 or 6.3.4)
(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/02/2012
05/18/2015
05/12/2016
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: HMAC-MD5; MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Windows System Monitor Agent cryptographic module provides cryptographic services to a Windows System Monitor Agent. In particular, these services support secure communication with a LogRhythm Log Manager component."
1805LogRhythm
4780 Pearl East Circle
Boulder, CO 80301
USA

Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0
LogRhythm 6.0.4 or 6.3.4 AI Engine Server
(Software Version: 6.0.4 or 6.3.4)
(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/02/2012
05/18/2015
05/12/2016
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: HMAC-MD5; MD5

Multi-chip standalone

"The LogRhythm 6.0.4 AI Engine Server cryptographic module provides cryptographic services to an AI Engine Server. In particular, these services support secure communication with LogRhythm Log Managers and Event Manager SQL Server databases."
1804IMS Health Inc.
16720 Route Transcanadienne
Kirkland, Québec H9H 5M3
Canada

Charles Blair
TEL: 905-816-5131

Hussam Mahgoub
TEL: 905-816-5134

CST Lab: NVLAP 200928-0
Diversinet Java Crypto Module for Mobile
(Software Version: 2.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/03/2012
02/20/2014
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Android OS v2.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1277); AES (Cert. #1966); SHS (Cert. #1724); HMAC (Cert. #1186); DRBG (Cert. #176); RSA (Cert. #1018)

-Other algorithms: N/A

Multi-chip standalone

"Diversinet Java ME Crypto Module is shipped with Diversinet MobiSecure Client SDK for Java based run-time environments on Smartphones and tablets including, Android OS-, BlackBerry OS- and Java ME MIDP-based. The Crypto Module implements several cryptography algorithms including Triple DES, AES, SHA, HMAC and RSA."
1801Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0
µMACE
(Hardware Version: P/N AT58Z04; Firmware Version: R01.00.04)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/07/2012Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1876); DRBG (Cert. #154); ECDSA (Cert. #263); KAS (Cert. #28); SHS (Cert. #1619)

-Other algorithms: AES (Cert. #1876, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG

Single-chip

"The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products."
1800SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Andrew Young
TEL: 703-647-8408
FAX: 410-290-6506

CST Lab: NVLAP 100432-0
eToken 4300
(Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: SafeNet eToken 4300 010E.1245.0002 with PIV Applet 3.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/06/2012
02/06/2014
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2); CVL (Certs. #218 and #222)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"eToken 4300 is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. eToken 4300 is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. eToken 4300 supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. eToken 4300 exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1795Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

Thomas Palsherm
TEL: +49 89 4119-2384
FAX: +49 89 4119-9093

CST Lab: NVLAP 200427-0
Sm@rtCafé Expert 6.0 FIPS
(Hardware Versions: P5CC081, P5CD081 and P5CD145; Firmware Version: Sm@rtCafé Expert 6.0)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/31/2012Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed)

-Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides between 128 and 175 bits of encryption strength)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafé Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
1794Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Datacryptor-Certifications
TEL: +44 (0)1844 201800

CST Lab: NVLAP 200002-0
Secure Generic Sub-System (SGSS), Version 3.5 [1] and 3.6 [2]
(Hardware Versions: 1213H130 Issue 6E [1], 1213R130 Issue 1 [1], 1213P130 Issue 2 [1], 1213P130 Issue 2A [1]. 1213P130 Issue 2B [2], 1213R130 Issue 2 [2] and 1213S130 Issue 2 [2]; Software Version: 3.0.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/28/2012
09/27/2012
12/10/2015
Overall Level: 3

-FIPS Approved algorithms: ECDSA (Cert. #283); SHS (Cert. #1717)

-Other algorithms: N/A

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000, Datacryptor® Advanced Performance and Small Form Factor family (Link, Frame Relay, E1/T1, E3/T3, and IP models). The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (ECDSA) and SHA-384 hashing. This is a revalidation of the SGSS certified under FIPS Certificate #836, and does not affect the previous FIPS validation."
1786RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 6.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/24/2012
01/24/2013
02/12/2016
05/03/2016
Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Windows 7 (64-bit) with Sun JRE 6.0
Android 2.2 ARM (32-bit) JRE 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1911); DRBG (Cert. #160); DSA (Cert. #604); ECDSA (Cert. #271); HMAC (Cert. #1148); PBKDF (vendor affirmed); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243)

-Other algorithms: DES; DESX; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RNG; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1785RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 6.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/24/2012
01/24/2013
02/12/2016
05/03/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Windows 7 (64-bit) with Sun JRE 6.0
Android 2.2 ARM (32-bit) JRE 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1911); DRBG (Cert. #160); DSA (Cert. #604); ECDSA (Cert. #271); HMAC (Cert. #1148); PBKDF (vendor affirmed); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243)

-Other algorithms: DES; DESX; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RNG; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1783

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/08/2012
03/19/2013
Overall Level: 2

*
1781Valid S/A
Av. Paulista, 1000, terreo
Sao Paulo 01310-100
Brazil

Carlos Okada
TEL: +55 11 2575-6800
FAX: +55 11 2575-6500

CST Lab: NVLAP 100432-0
IDflex V
(Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Valid IDflex V 010B.0352.0005 with LASER PKI Applet 3.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/07/2012Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. # 824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDflex V is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDflex V is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDflex V supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDflex V exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1780

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/07/2012
09/26/2012
07/10/2013
03/21/2014
06/18/2014
07/05/2016
Overall Level: 2

Multi-chip standalone
1779

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/07/2012
09/26/2012
07/10/2013
03/21/2014
06/18/2014
07/05/2016
Overall Level: 2

Multi-chip standalone
1778

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/07/2012
04/15/2013
Overall Level: 2

Multi-chip standalone
1773Ciena® Corporation
1201 Winterson Road
Linthicum, MD 21090
USA

Patrick Scully
TEL: 613-670-3207

CST Lab: NVLAP 200928-0
565 Advanced Services Platform [1], 5100 Advanced Services Platform [2] and 5200 Advanced Services Platform [3]
(Hardware Versions: [NT0H50DAE5 REV 004 [1], NTPM50AAE5 Rev 11 [2], NT0H50AA Rev 014 [3], SP Card NT0H5066E5 Rev 04 [1] and NT0H41ABE5 Rev 8 [2,3], QOTR/E Card NT0H25BAE5 Rev 2 [1,2,3], OCM Card NT0H40BCE5 Rev 18 [3], Filler Card NT0H52ABE6 Rev 02 [1,2,3]] with FIPS security kit NT0H25BZ Rev 3; Firmware Versions: 11.2 and 11.21)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/01/2012
02/06/2013
Overall Level: 2

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1161); AES (Certs. #1682, #1794 and #1796); SHS (Certs. #1576 and #1578); HMAC (Certs. #1058 and #1060); RSA (Certs. #897 and #899); DRBG (Certs. #130 and #131)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; DES; Blowfish

Multi-chip standalone

"The 565/5100/5200 Advanced Services Platform offers an integrated transport encryption solution providing an ultra-low latency and protocol-agnostic wirespeed encryption service for use in small to large enterprises or datacenters and also offered through service providers as a differentiated managed service."
1770Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200928-0
ProxySG 510-5 [1], 510-10 [2], 510-20 [3], 510-25 [4], 810-5 [5], 810-10 [6], 810-20 [7], 810-25 [8]
(Hardware Versions: 090-02760 Rev U.0 [1]; 090-02761 Rev X.0 [2]; 090-02762 Rev W.0 [2]; 090-02761 Rev C.0 [2]; 090-02762 Rev C.0 [2]; 090-02763 Rev W.0 [3]; 090-02764 Rev W.0 [3]; 090-02763 Rev C.0 [3]; 090-02764 Rev C.0 [3]; 090-02781 Rev X.0 [4]; 090-02782 Rev X.0 [4]; 090-02781 Rev C.0 [4]; 090-02782 Rev C.0 [4]; 090-02765 Rev W.0 [5]; 090-02766 Rev Y.0 [6]; 090-02767 Rev Y.0 [6]; 090-02766 Rev H.0 [6]; 090-02767 Rev H.0 [6];090-02768 Rev X.0 [7]; 090-02769 Rev X.0 [7]; 090-02768 Rev H.0 [7]; 090-02769 Rev H.0 [7]; 090-02783 Rev Z.0 [8]; 090-02784 Rev Z.0 [8]; 090-02783 Rev H.0 [8] and 090-02784 Rev H.0 [8] with FIPS kit 085-02597; Firmware Version: 6.1 or 6.1.5.5)
(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/31/2012
08/07/2012
01/04/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #105, #397 and #1875); Triple-DES (Certs. #217, #435 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 510 and 810 are some of several appliance lines offered by Blue Coat"
1767Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200928-0
ProxySG 900-10 [1], 900-10B [2], 900-20 [3], 900-30 [4], 900-45 [5] and 900-55 [6]
(Hardware Versions: 090-02900 [1], 090-02901 [1], 090-02988 [2], 090-02989 [2], 090-02902 [3], 090-02903 [3], 090-02904 [4], 090-02905 [4], 09002908 [5], 090-02909 [5], 090-02979 [6] and 090-02980 [6] with FIPS kit 085-02742; Firmware Version: 6.1 or 6.1.5.5)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/27/2012
08/07/2012
08/16/2012
01/04/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1265 and #1875); Triple-DES (Certs. #898 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 900 is one of several appliance lines offered by Blue Coat"
1766Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200928-0
ProxySG 9000-10 [1], 9000-20 [2], 9000-20B [3], 9000-30 [4] and 9000-40 [5]
(Hardware Versions: 090-02844 [1], 090-02843 [1], 090-02840 [2], 090-02839 [2], 090-02984 [3], 090-02985 [3], 090-02841 [4], 090-02842 [4], 090-02845 [5] and 090-02846 [5] with FIPS kit 085-02718; Firmware Version: 6.1 or 6.1.5.5)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/27/2012
08/07/2012
08/16/2012
09/27/2012
01/04/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1265 and #1875); Triple-DES (Certs. #898 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 9000 is one of several appliance lines offered by Blue Coat"
1764Athena Smartcard Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

Stéphanie Motré
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0
IDProtect Duo with PIV
(Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: Athena IDProtect 010E.1245.0002 with PIV Applet 3.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/23/2012
04/12/2013
02/06/2014
05/28/2014
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2); CVL (Certs. #218 and #222)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high performance government and enterprise smart card applications."
1763Motorola Solutions, Inc.
Unit A1, Linhay Business Park
Ashburton, Devon TQ13 7UP
United Kingdom

Richard Carter
TEL: +44 1364 655504
FAX: +44 1364 654625

CST Lab: NVLAP 100432-0
Motorola PTP 800 Series CMU Cryptographic Module
(Hardware Versions: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800 04-10)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/27/2012Overall Level: 1

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG

Multi-chip standalone

"Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Motorola Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution."
1762INSIDE Secure
41 Parc Club du Golf
Aix-en-Provence 13856
France

Jerome Ducros
TEL: +333 (0) 413758653

CST Lab: NVLAP 100432-0
VaultIC420™, VaultIC440™ and VaultIC460™
(Hardware Versions: P/N: ATVaultIC420, ATVaultIC440 and ATVaultIC460, Platform: AT90SO128 - Silicon Rev F; Firmware Version: 1.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/27/2012
09/06/2012
Overall Level: 3

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Cert. #1822); DRBG (Cert. #142); DSA (Cert. #572); ECDSA (Cert. #251); HMAC (Cert. #1077); RSA (Cert. #927); SHS (Cert. #1601); Triple-DES (Cert. #1175)

-Other algorithms: DES; DES MAC; Triple-DES MAC (non-compliant); HOTP; TOTP; RSA (encrypt/decrypt); AES (Cert. #1822, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"The VaultIC™ 420, VaultIC™ 440 and VaultIC™ 460 is an Application Specific Standard Product (ASSP) designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection."
1761Motorola Solutions, Inc.
1303 E. Algonquin Rd
Schaumburg, IL 60196
USA

Richard Carter
TEL: 44-0-1364-655500
FAX: 44-0-1364-654625

CST Lab: NVLAP 100432-0
Motorola PTP 600 Series Point to Point Wireless Ethernet Bridges
(Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Version: PTP600 10-00)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/27/2012Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); RADIUS

Multi-chip standalone

"PTP 600 Series Ethernet bridges offer high performance connectivity and backhaul in challenging non-line-of-sight environments. With carrier-grade reliability, PTP 600 links have class-leading sensitivity and power output which enable links to go farther, while sustaining high throughput regardless of conditions. With data rates up to 300 Mbps and reaching distances up to 124 miles, this Series of high-performance and secure wireless bridges make cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers and public safety organizations."
1753Utimaco® Safeware AG
Hohemarkstrasse 22
Oberursel, Hessen D-61440
Germany

Dr. Gesa Ott
TEL: +49 241-1696-200
FAX: +49 241-1696-199

CST Lab: NVLAP 100432-0
SafeGuard® CryptoServer Se
(Hardware Versions: P/N CryptoServer Se, Version 3.00.3.1; Firmware Version: 1.0.1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/24/2012Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1711); DRBG (Cert. #141); ECDSA (Cert. #221); HMAC (Cert. #990); RSA (Certs. #841 and #842); SHS (Certs. #1498, #1597 and #1598); Triple-DES (Cert. #1101); Triple-DES MAC (Triple-DES Cert. #1101, vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1711, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1101, key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; MD5; DSA (non-compliant); MDC-2; RIPEMD-160; Retail-TDES MAC (non-compliant); AES MAC (AES Cert. #1711; non-compliant)

Multi-chip embedded

"SafeGuard® CryptoServer Se is an encapsulated, protected hardware security module which provides secure cryptographic services like encryption or decryption (for various cryptographic algorithms like Triple-DES, RSA and AES), hashing, signing, and verification of data (RSA, ECDSA), random number generation, on-board secure key generation, key storage and further key management functions in a tamper-protected environment. The module is optionally available with or without RSA Crypto Accelerator."
1750Athena Smartcard Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

Stéphanie Motré
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0
IDProtect Key with LASER PKI
(Hardware Versions: Inside Secure AT90SC25672RCT-USB Rev. D packaged in TIDPTMINI72 and TIDPUSBV2J; Firmware Version: Athena IDProtect 0106.0130.0401 with LASER PKI Applet 3.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/17/2012
04/12/2013
05/28/2014
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1749Athena Smartcard Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

Stéphanie Motré
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0
IDProtect Duo with LASER PKI
(Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: Athena IDProtect 010E.1245.0002 with LASER PKI Applet 3.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/17/2012
04/12/2013
05/28/2014
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1747OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD 21710
USA

Steve Marquess
TEL: 877-673-6775

CST Lab: NVLAP 100432-0
OpenSSL FIPS Object Module
(Software Versions: 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9 or 2.0.10)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/27/2012
07/09/2012
07/18/2012
10/24/2012
01/22/2013
02/06/2013
02/22/2013
02/28/2013
03/28/2013
05/16/2013
06/14/2013
08/16/2013
08/23/2013
11/08/2013
12/20/2013
06/27/2014
07/03/2014
09/02/2014
09/12/2014
10/16/2014
12/31/2014
06/15/2015
09/04/2015
01/25/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Android 2.2 running on Qualcomm QSD8250 (ARMv7) without NEON (gcc Compiler Version 4.4.0)
Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0)
Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)
uCLinux 0.9.29 running on ARM 922T (ARMv4) (gcc Compiler Version 4.2.1)
Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1)
HP-UX 11i (32 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)
HP-UX 11i (64 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)
Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)
Ubuntu 10.04 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)
Ubuntu 10.04 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)
Android 3.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.0)
Linux 2.6.27 running on PowerPC e300c3 (gcc Compiler Version 4.2.4)
Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00)
Ubuntu 10.04 running on Intel Core i5 with PAA (32 bit) (gcc Compiler Version 4.1.3)
Linux 2.6.33 running on PowerPC32 e300 (gcc Compiler Version 4.1.0)
Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0)
VxWorks 6.8 running on TI TNETV1050 (MIPS) (gcc Compiler Version 4.1.2)
Linux 2.6 running on Broadcom BCM11107 (ARMv6) (gcc Compiler Version 4.3.2)
Linux 2.6 running on TI TMS320DM6446 (ARMv4) (gcc Compiler Version 4.3.2)
Linux 2.6.32 running on TI AM3703CBP (ARMv7) (gcc Compiler Version 4.3.2)
Oracle Solaris 10 (32 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version3.4.3)
Oracle Solaris 10 (64 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version 3.4.3)
Oracle Solaris 11 (32 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)
Oracle Solaris 11 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)
Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (32 bit) (gcc Compiler Version 4.5.2)
Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (64 bit) (gcc Compiler Version 4.5.2)
Oracle Linux 5 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.1.2)
CascadeOS 6.1 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)
CascadeOS 6.1 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)
Oracle Linux 5 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.1.2)
Oracle Linux 6 running on Intel Xeon 5675 without PAA (gcc Compiler Version 4.4.6)
Oracle Linux 6 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.4.6)
Oracle Solaris 11 (32 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)
Oracle Solaris 11 (64 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)
Android 4.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.3)
Apple iOS 5.1 running on ARMv7 (gcc Compiler Version 4.2.1)
Microsoft Windows CE 6.0 running on ARMv5TEJ (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM)
Microsoft Windows CE 5.0 running on ARMv7 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM)
Linux 2.6 running on Freescale PowerPCe500 (gcc Compiler Version 4.1.0)
DSP Media Framework 1.4 running on TI C64x+ (TMS320C6x C/C++ Compiler v6.0.13)
Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3)
NetBSD 5.1 running on PowerPCe500 (gcc Compiler Version 4.1.3)
NetBSD 5.1 running on Intel Xeon 5500 (gcc Compiler Version 4.1.3)
Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64)
Android 4.1 running on TI DM3730 (ARMv7) without NEON (gcc Compiler Version 4.6)
Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6)
Android 4.2 running on Nvidia Tegra 3 (ARMv7) without NEON (gcc Compiler Version 4.6)
Android 4.2 running on Nvidia Tegra 3 (ARMv7) with NEON (gcc Compiler Version 4.6)
Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)
Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)
Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3)
Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2)
Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1)
OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3)
QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)
Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1)
eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2)
Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1)
Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)1
Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without NEON (gcc Compiler Version 4.7.3)
Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3)
Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3)
Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)
Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)
Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)
Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)
Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)
Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)2
iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without NEON (gcc Compiler Version 4.2.1)
iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with NEON (gcc Compiler Version 4.2.1)
PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L without PAA (gcc Compiler Version 4.6.3)
PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L with PAA (gcc Compiler Version 4.6.3)3
Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1)
AcanOS 1.0 running on Intel Core i7-3612QE (x86) without PAA (gcc Compiler Version 4.6.2)
AcanOS 1.0 running on Intel Core i7-3612QE (x86) with PAA (gcc Compiler Version 4.6.2)
AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3)
FreeBSD 8.4 running on Intel Xeon E5440 (x86) without AESNI (gcc Compiler Version 4.2.1)
FreeBSD 9.1 running on Xeon E5-2430L (x86) without AESNI (gcc Compiler Version 4.2.1)
FreeBSD 9.1 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1)
ArbOS 5.3 running on Xeon E5645 (x86) without PAA (gcc Compiler Version 4.1.2)
Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5)
Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5)
ArbOS 5.3 running on Xeon E5645 (x86) with PAA (gcc Compiler Version 4.1.2)
FreeBSD 9.2 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1)
FreeBSD 9.2 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1)
FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3)
FreeBSD 10.0 running on Xeon E5- 2430L (x86) with PAA (clang Compiler Version 3.3)
FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1)
Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1)
Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)
QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)
Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 5.1)
Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 5.1)
TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)4
iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compilerv Version 600.0.56)
iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)
VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3)
iOS 8.1 32-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56)
iOS 8.1 32-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56)
Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9)
Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9)
Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9)
Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9) (singleusermode)

-FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929, #3090 and #3264); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540, #607 and #723); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870, #896 and #933); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856, #1937 and #2063); RSA (Certs.#960, #1086, #1145, #1205, #1237, #1273, #1477, #1535, #1581 and #1664); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465, #2553 and #2702); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742, #1780 and #1853); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528, #558 and #620); CVL (Certs. #10, #12, #24, #36, #49, #53, #71, #85, #260, #331, #372 and #472)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG

Multi-chip standalone

"The OpenSSL FIPS Object Module 2.0 is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications."
1746Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0
nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5]
(Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-500 [4] and nC4033P-500N [5], Build Standard N; Firmware Versions: 2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2012
03/08/2013
08/16/2013
11/16/2015
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3 +EFP
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500, and nShield F3 500 for netHSM family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1744Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0
MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3]
(Hardware Versions: nC4031Z-10 [1], nC3021U-10 [2] and TSMC200 [3], Build Standard N; Firmware Versions: 2.50.17-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2012
08/16/2013
10/25/2013
10/31/2015
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1770); Triple-DES (Cert. #1146); HMAC (Cert. #1039); Triple-DES MAC (Triple-DES Cert. #1146, vendor affirmed); SHS (Cert. #1554); DSA (Cert. #553); ECDSA (Cert. #238); RSA (Cert. #886); DRBG (Cert. #120); CVL (Cert. #6)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
1743Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0
nShield F2 6000e [1], nShield F2 1500e [2], nShield F2 500e [3] and nShield F2 10e [4]
(Hardware Versions: nC3023E-6K0 [1], nC3023E-1K5 [2], nC3023E-500 [3] and nC3023E-010 [4], Build Standard N; Firmware Versions: 2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2012
03/08/2013
08/16/2013
11/16/2015
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1742Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0
nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7]
(Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Versions: 2.50.16-3, 2.51.10-3, 2.50.35-3 and 2.55.1-3)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2012
03/08/2013
08/16/2013
11/16/2015
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1741Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0
nShield F3 500 [1], nShield F3 500 for NetHSM [2] and nShield F3 10 PCI [3]
(Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3], Build Standard N; Firmware Versions: 2.50.16-3, 2.51.10-3, 2.50.35-3 and 2.55.1-3)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2012
03/08/2013
08/16/2013
11/16/2015
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield F3 10 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1740Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0
nShield F2 500 [1] and nShield F2 10 PCI [2]
(Hardware Versions: nC3023P-500 [1] and nC3023P-10 [2], Build Standard N; Firmware Versions: 2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2012
03/08/2013
08/16/2013
11/16/2015
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1739Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0
MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3]
(Hardware Versions: nC4031Z-10 [1], nC4031U-10 [2] and TSMC200 [3], Build Standard N; Firmware Versions: 2.50.17-3, 2.51.10-3, 2.50.35-3 and 2.55.1-3)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2012
08/16/2013
10/25/2013
10/28/2015
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1770); Triple-DES (Cert. #1146); HMAC (Cert. #1039); Triple-DES MAC (Triple-DES Cert. #1146, vendor affirmed); SHS (Cert. #1554); DSA (Cert. #553); ECDSA (Cert. #238); RSA (Cert. #886); DRBG (Cert. #120); CVL (Cert. #6)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
1738Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@ncipher.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0
nToken
(Hardware Versions: nC2023P-000, Build Standard N; Firmware Versions: 2.50.16-2 and 2.50.35-2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2012
11/24/2015
Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #1579); HMAC (Cert. #925); SHS (Cert. #1398); DSA (Cert. #487); DRBG (Cert. #72)

-Other algorithms: N/A

Multi-chip embedded

"The nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
1737Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0
nShield F2 4000 [1], nShield F2 2000 [2] and nShield F2 500 [3]
(Hardware Versions: nC3023P-4K0 [1], nC3023P-2K0 [2] and nC3023P-500 [3], Build Standard N; Firmware Versions: 2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2012
03/08/2013
08/16/2013
11/16/2015
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1736Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200928-0
ProxySG 600-10 [1], 600-20 [2] and 600-35 [3]
(Hardware Versions: 090-02911 [1], 090-02912 [1], 090-02913 [2], 090-02914 [2], 090-02915 [3] and 090-02916 [3] with FIPS kit 085-02762; Firmware Version: 6.1 or 6.1.5.5)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/21/2012
07/24/2012
08/07/2012
01/04/2013
Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #105 and #1875); Triple-DES (Certs. #217 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 600 is one of several appliance lines offered by Blue Coat"
1733Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0
nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7]
(Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Versions: 2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/20/2012
03/08/2013
08/16/2013
11/16/2015
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1729Certicom Corp.
4701 Tahoe Blvd.
Building A
Mississauga, Ontario L4W 0B5
Canada

Certicom Support
TEL: 905-507-4220

Certicom Sales
TEL: 905-507-4220
FAX: 905-507-4230

CST Lab: NVLAP 200928-0
Security Builder® FIPS Module
(Software Versions: 6.0, 6.0.2 and 6.0.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/08/2012
10/31/2014
12/31/2014
05/08/2015
12/03/2015
03/15/2016
05/25/2016
Overall Level: 1



-Operational Environment: QNX Neutrino 6.6
QNX Neutrino 6.5
Red Hat Linux AS 5.6
Windows 7 Enterprise 64 bit
Windows Phone 8.0
Android 4.4.2
Android 4.0.4
iOS version 6.1.4
Android 5.0.1
iOS 8.0
Windows 7 Enterprise 32 bit
CentOS Linux Release 7.1 64-bit
Mac OS X Yosemite 10.10.4
Mac OS X El Capitan 10.11.4 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1159, #1773 and #2164); AES (Certs. #1789, #3029 and 3946); SHS (Certs. #1571, #2530 and #3256); HMAC (Certs. #1054, #1914 and #2571); DRBG (Certs. #127, #579 and #1151); DSA (Certs. #563, #891 and #1076); ECDSA (Certs. #242, #553 and #866); RSA (Certs. #894, #1574 and #2017); KAS (Certs. #25, #50 and #79); CVL (Certs. #7, #367 and #789)

-Other algorithms: DES; DESX; AES CCM* (non-compliant); AES-XCBC-MAC (non-compliant); AES EAX (non-compliant); AES MMO (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECPVS; ECIES; ECSPEKE; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112-bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides less than 80 bits of encryption strength; non-compliant); RNG; Dual EC DRBG

Multi-chip standalone

"The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1725Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder D-16547
Germany

Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

Hasbi Kabacaoglu
TEL: +49-3303-525-656
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0
Postal mRevenector DE 2011
(Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001; FRANKIT-Application: 90.0036.0204.00/2012095001)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/29/2012
01/22/2013
03/13/2015
Overall Level: 3

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"The Francotyp-Postalia Postal mRevenector DE 2011 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector DE 2011 has been designed in compliance with the Deutsche Post (DPAG), FRANKIT Specification."
1724Hughes Network Systems, LLC
11717 Exploration Lane
Germantown, MD 20876
USA

Tim Young
TEL: 301-428-1632

CST Lab: NVLAP 200427-0
Hughes SPACEWAY Crypto Kernel
(Firmware Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware05/23/2012Overall Level: 1


-Tested: ST HN9500 with VxWorks 5.4
AGW2 with VxWorks 5.4
AGW5 with VxWorks 5.4

-FIPS Approved algorithms: AES (Cert. #1788); DRBG (Cert. #126); HMAC (Cert. #1053); SHS (Cert. #1570)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"The HSCK v1.0 is a firmware library that provides cryptographic functionality for securing communications over the Hughes SPACEWAY Satellite communication systems. SPACEWAY enables a full-mesh digital network that interconnects with a wide range of end-user equipment and systems."
1722Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder D-16547
Germany

Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0
Postal mRevenector US 2011
(Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001; IBIP Application: 90.0036.0203.00/2011485001)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/23/2012
01/22/2013
Overall Level: 3

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); ECDSA (Cert. #184); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG

Multi-chip embedded

"The Francotyp-Postalia Postal mRevenector US 2011 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector US 2011 has been designed in compliance with the United States Postal Services (USPS), Information-Based Indicia Program (IBIP)."
1721Vormetric, Inc.
2545 N. 1st Street
San Jose, CA 95131-1003
USA

Mike Yoder
TEL: 408-433-6059
FAX: 408-844-8638

Richard Gorman
TEL: 408-433-6000
FAX: 408-844-8638

CST Lab: NVLAP 200002-0
Vormetric Encryption Expert Cryptographic Module
(Software Version: 4.4.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/23/2012
06/05/2012
Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Windows 2003 32-bit
Windows 2008 64-bit
Solaris 10 64-bit
Redhat Linux 5.7 64-bit
HPUX 11i v3 64-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1820); Triple-DES (Cert. #1173); SHS (Cert. #1596); HMAC (Cert. #1075)

-Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services."
1720Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder D-16547
Germany

Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0
mRevenector 2011
(Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/23/2012Overall Level: 3

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); HMAC (Cert. #878); RSA (Cert. #732); SHS (Cert. #1346)

-Other algorithms: NDRNG

Multi-chip embedded

"mRevenector2011 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the mRevenector2011 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
1717Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Catalyst 6506-E [1], Catalyst 6509-E [2] and Catalyst 6513-E [3] Switches with Supervisor Cards (VS-S2T-10G or VS-S2T-10G-XL) and Line Cards (WS-X6908-10G or WS-X6908-10G-2TXL)
(Hardware Versions: 6506-E -M0 [1], 6509-E -N0 [2], 6513-E -S0 [3], Supervisor Card VS-S2T-10G -B0, Supervisor Card VS-S2T-10G-XL -C0, Line Card WS-X6908-10G -A0, Line Card WS-X6908-10G-2TXL version -B0 and FIPS kit packaging (CVPN6500FIPS/KIT=); Firmware Version: 15.0(1)SY2)
(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/03/2012
12/21/2012
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1426, #1427 and #1816); DRBG (Cert. #140); HMAC (Cert. #1072); RSA (Cert. #911); SHS (Cert. #1593); Triple-DES (Cert. #1171)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1816, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"The Catalyst 6500 series switches offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco switches easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1716

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/02/2012Overall Level: 2

Multi-chip standalone
1712Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0
Kanguru Defender 2000
(Hardware Versions: P/Ns KDF2000-2G, KDF2000-4G and KDF2000-8G, Version 1.0; Firmware Version: 2.03.10)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/03/2012
12/21/2012
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Kanguru Defender 2000 is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device."
1711Athena Smartcard Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

Stéphanie Motré
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0
IDProtect with LASER PKI
(Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Athena IDProtect 010B.0352.0005 with LASER PKI Applet 3.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/30/2012
04/12/2013
05/28/2014
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. # 824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1710Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0
NSS Freebl Cryptographic Module
(Software Version: 3.12.9.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/30/2012Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system
Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #602); SHS (Cert. #1675)

-Other algorithms: MD2; MD5

Multi-chip standalone

"The NSS Freebl cryptographic module is an open-source, general-purpose cryptographic hash library. It is available for free under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. The NSS Freebl cryptographic module is jointly developed by Red Hat and Oracle engineers and is used in the GNU glibc library. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1708Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0
nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5]
(Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-500 [4] and nC4033P-500N [5], Build Standard N; Firmware Versions: 2.50.16-3, 2.51.10-3, 2.50.35-3 and 2.55.1-3)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/27/2012
03/08/2013
08/16/2013
11/16/2015
Overall Level: 3

-Physical Security: Level 3 + EFP

-FIPS Approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1705Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0
nShield F3 500 PCI [1], nShield F3 500 for NetHSM [2] and nShield F3 10 PCI [3]
(Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3], Build Standard N; Firmware Versions: 2.50.16-2, 2.51.10-2, 2.50.35-2 and 2.55.1-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/12/2012
03/08/2013
08/09/2013
11/16/2015
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Certs. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield F3 10 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1702Entrust, Inc.
One Lincoln Centre
5400 LBJ Freeway
Suite 1340
Dallas, TX 75240
USA

Entrust Sales

CST Lab: NVLAP 100432-0
Entrust Authority™ Security Kernel
(Software Versions: 8.1sp1 and 8.1sp1R2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/12/2012
10/18/2013
05/28/2014
01/08/2016
Overall Level: 2



-Operational Environment: Tested as meeting Level 2 with Windows Server 2008 R2 Enterprise Edition running on Dell Optiplex 755

-FIPS Approved algorithms: AES (Certs. #1923 and #2631); HMAC (Certs. #1158 and #1628); SHS (Certs. #1689 and #2206); DRBG (Certs. #167 and #405); RSA (Certs. #992 and #1345); Triple-DES (Certs. #1253 and #1580); Triple-DES MAC (Triple-DES Cert. #1253, vendor affirmed); CVL (Certs. #15 and #111 and SP 800-135, vendor affirmed, key agreement); ECDSA (Certs. #275 and #454); DSA (Certs. #610 and #794)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); MD2; MD5; RMD-160; CAST; CAST3; CAST5; DES; IDEA; RC2; RC4; PAKE; AES-DAC; CAST-DAC; CAST3-DAC; CAST5-DAC; DES-DAC; IDEA-DAC; RC2-DAC; RNG (non-compliant)

Multi-chip standalone

"By managing the full lifecycles of digital certificate-based identities, Entrust Authority PKI enables encryption, digital signature and certificate authentication capabilities to be consistently and transparently applied across a broad range of applications and platforms."
1699McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

David Gerendas
TEL: 949-860-3369

CST Lab: NVLAP 200556-0
McAfee EMM Cryptographic Module
(Software Version: 1.0)
(When operated with module Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/28/2012Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1168); HMAC (Cert. #687); SHS (Cert. #1081)

-Other algorithms: N/A

Multi-chip standalone

"The McAfee EMM Cryptographic Module provides cryptographic operations for McAfee Enterprise Mobility Manager, an enterprise class security solution which provides centralized mobile device management, provisioning, security, support, and auditing."
1698Hitachi Solutions, Ltd.
4-12-7, Higashishinagawa
Shinagawa-ku, Tokyo 140-0002
Japan

Applied Security Development Department
TEL: +81-3-5780-2111

CST Lab: NVLAP 200835-0
HIBUN Cryptographic Module for Pre-boot
(Software Version: 1.0 Rev. 2)

Validated to FIPS 140-2
Consolidated Validation Certificate
JCMVP Cert. #J0017

Security Policy
Software03/28/2012Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Pre-boot 16-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1779); SHS (Cert. #1561); HMAC (Cert. #1044)

-Other algorithms: N/A

Multi-chip standalone

"HIBUN Cryptographic Module for Pre-boot is the cryptographic library module which operates on the Pre-boot environment."
1697Hitachi Solutions, Ltd.
4-12-7, Higashishinagawa
Shinagawa-ku, Tokyo 140-0002
Japan

Applied Security Development Department
TEL: +81-3-5780-2111

CST Lab: NVLAP 200835-0
HIBUN Cryptographic Module for Kernel-Mode
(Software Version: 1.0 Rev. 2)

Validated to FIPS 140-2
Consolidated Validation Certificate
JCMVP Cert. #J0016

Security Policy
Software03/28/2012Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Windows XP Professional
Windows Vista Ultimate
Windows 7 Ultimate
Windows 7 Ultimate 64bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1787); SHS (Cert. #1569); HMAC (Cert. #1052)

-Other algorithms: N/A

Multi-chip standalone

"HIBUN Cryptographic Module for Kernel-Mode is the cryptographic library module which operates on the Windows Kernel-Mode.Full listing of testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit (single-user mode)"
1696Hitachi Solutions, Ltd.
4-12-7, Higashishinagawa
Shinagawa-ku, Tokyo 140-0002
Japan

Applied Security Development Department
TEL: +81-3-5780-2111

CST Lab: NVLAP 200835-0
HIBUN Cryptographic Module for User-Mode
(Software Version: 1.0 Rev. 2)

Validated to FIPS 140-2
Consolidated Validation Certificate
JCMVP Cert. #J0015

Security Policy
Software03/28/2012Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Windows XP Professional
Windows Vista Ultimate
Windows 7 Ultimate
Windows 7 Ultimate 64bit
Linux Kernel 2.6 (Fedora 12) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1780); SHS (Cert. #1562); HMAC (Cert. #1045); DRBG (Cert. #125)

-Other algorithms: N/A

Multi-chip standalone

"HIBUN Cryptographic Module for User-Mode is the cryptographic library module which operates on the Windows User-Mode and Linux User-Mode.Full testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit; Linux Kernel 2.6 (Fedora 12) (single-user mode)"
1695NEC Corporation
1753
Shimonumabe
Nakahara-ku
Kawasaki, Kanagawa 211-8666
Japan

NEC Corporation
TEL: +81-44-455-8326

CST Lab: NVLAP 200835-0
iPASOLINK MODEM AES Card
(Hardware Version: 5.00; Firmware Version: NWA-055300-004)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/18/2012Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #1834)

-Other algorithms: N/A

Multi-chip embedded

"iPASOLINK is NEC's most advanced and comprehensive optical and radio converged transport product family, in which iPASOLINK MODEM AES Card is implemented as a cryptographic module. The module provides encryption/decryption services by AES-CTR."
1694SafeNet, Inc.
20 Colonnade Dr, Suite 200
Ottawa, Ontario K2E 7M6
Canada

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

CST Lab: NVLAP 200427-0
Luna® PCI-e Cryptographic Module
(Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Version: 6.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/30/2012
09/27/2012
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KKDF (SP 800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Certs. #1130, #1134 and #1137, vendor-affirmed)

-Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
1693SafeNet, Inc.
20 Colonnade Drive, Suite 200
Ottawa, Ontario K2E 7M6
Canada

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

Mark Yakabuski
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200427-0
Luna® PCI-e Cryptographic Module
(Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Version: 6.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/28/2012
09/27/2012
Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KKDF (SP800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Certs. #1130, #1134 and #1137, vendor-affirmed)

-Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
1691

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/09/2012Overall Level: 3

Multi-chip standalone
1690Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat 13705
France

Frederic Garnier
TEL: +33 4 42 36 43 68
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 200427-0
Protiva PIV v1.55 on TOP DL v2
(Hardware Version: A1023378; Firmware Versions: Build#11 - M1005011+ Softmask V03, Applet Version: Protiva PIV v1.55)
(When operated in FIPS mode with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode)

This module is in process for the RNG transition.
Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/09/2012
02/06/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed); CVL (Certs. #217 and #224)

-Other algorithms: N/A

Single-chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1687Mitsubishi Space Software Co., Ltd.
Tsukuba Mitsui Bldg.,
1-6-1, Takezono
Tsukuba-shi, Ibaraki-ken 305-0032
Japan

Shinichi Shimazaki
TEL: +81-29-856-0154
FAX: +81-29-859-0320

Ikuo Shionoya
TEL: +81-29-856-0154
FAX: +81-29-859-0320

CST Lab: NVLAP 200928-0
Command Encryption Module
(Firmware Version: 2.0)
(When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware03/30/2012Overall Level: 2

-EMI/EMC: Level 3

-Tested: HP Compaq 6000 Pro Small Form Factor PC running Microsoft Windows XP Professional SP2 and Zone Labs Zone Alarm Pro Firewall version 10.0.250.000

-FIPS Approved algorithms: Triple-DES (Cert. #1119)

Multi-chip standalone

"Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
1686McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0
McAfee Endpoint Encryption Client Windows Cryptographic Module 1.0 [1] and McAfee Endpoint Encryption Client Preboot Cryptographic Module 1.0 [2]
(Software Version: 6.1.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/09/2012Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with (Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without PAA
Windows 7 32-bit or Windows Vista 32-bit running on Intel Core i5 with PAA
Windows 7 64-bit or Windows Vista 64-bit running on Intel Core i7 with PAA) [1]
(McAfee Endpoint Encryption Preboot OS running on Intel Core i3 without PAA
McAfee Endpoint Encryption Preboot OS running on Intel Core i5 or i7 with PAA) [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1881, #1882 and #1883); DRBG (Cert. #156); HMAC (Cert. #1124 and #1125); SHS (Certs. #1653 and #1654);

-Other algorithms: RC5; PKCS#5; AES (non-compliant); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1881, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone
1684Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

Vinnie Moscaritolo
TEL: 650-527-9000

CST Lab: NVLAP 200802-0
PGP Cryptographic Engine
(Software Version: 4.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/24/2012Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7
IOS 5 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1151); AES (Cert. #1778); SHS (Cert. #1559); HMAC (Certs. #1043)

-Other algorithms: AES (EME2 mode; non-compliant)

Multi-chip standalone

"The PGP Cryptographic Engine includes a wide range of field-tested and standards-based encryption, and encoding algorithms used by PGP Whole Disk Encryption."
1681Symantec Corporation
350 Ellis St.
Mountain View, CA 94043
USA

Vinnie Moscaritolo
TEL: 650-527-8000

CST Lab: NVLAP 200802-0
PGP Software Developer's Kit (SDK) Cryptographic Module
(Software Version: 4.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/28/2012Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP3
Mac OS X 10.7
Linux, 32-bit: CentOS 5.5
iOS 5 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1150); AES (Cert. #1777); RSA (Cert. #888); DSA (Cert. #558); SHS (Cert. #1558); HMAC (Cert. #1042); DRBG (Cert. #124)

-Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD-160; ElGamal; EC Diffie-Hellman; ECDSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP Software Developer's Kit (SDK) Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1678Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

Thomas Palsherm
TEL: +49 89 4119-2384
FAX: +49 89 4119-9093

CST Lab: NVLAP 200427-0
StarSign Crypto USB Token powered by Sm@rtCafé Expert 6.0
(Hardware Version: P5CC081; Firmware Version: Sm@rtCafT Expert 6.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/09/2012Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed)

-Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides 128 to 256 bits of encryption strength)

Multi-chip standalone

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafT Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafT Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
1677McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0
McAfee Endpoint Encryption Disk Driver Cryptographic Module 1.0
(Software Version: 6.1.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/09/2012Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without PAA
Windows Vista 32-bit or Windows 7 32-bit running on Intel Core i5 with PAA
Windows Vista 64-bit or Windows 7 64-bit running on Intel Core i7 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1882); HMAC (Cert. #1125); SHS (Cert. #1654)

-Other algorithms: RC5; AES (non-compliant)

Multi-chip standalone
1674Avaya, Inc.
211 Mt. Airy Road
Basking Ridge, NJ 07920
USA

Dragan Grebovich
TEL: 978-671-3476

CST Lab: NVLAP 200556-0
Secure Router 4134
(Hardware Versions: Chassis: 4134, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); 1-port HSSI Medium Card (Part Number: 333-70290-01 Rev 9); 1-port Channelized / Clear Channel T3 Medium Card (Part Number: 333-70280-01 Rev 8); 8-port T1/E1 Medium Card (Part Number: 333-70275-01 Rev 01.0012); 10-port Gigabit Ethernet (GbE) Medium Card (Part Number: 333-70330-01 Rev 01.0023); 24-port Fast Ethernet (FE) Medium Card (Part Number: 333-70325-01 Rev 15); 24-port Fast Ethernet/Power over Ethernet (FE/PoE) Medium Card (Part Number: 333-70325-02 Rev 01.0017); Firmware Version: 10.3.0.100)
(When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy and with all interface card slots filled or covered)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/06/2012
01/01/2014
Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #275 and #1050); AES (Certs. #173 and #1605); SHS (Cert. #1418); HMAC (Cert. #941); RSA (SigVer, Cert. #787); DSA (Cert. #496); DRBG (Cert. #79)

-Other algorithms: DSA (Cert. #501; non-compliant); MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #787; non-compliant)

Multi-chip standalone

"The Secure Router 4134 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs."
1673Avaya, Inc.
211 Mt. Airy Road
Basking Ridge, NJ 07920
USA

Dragan Grebovich
TEL: 978-671-3476

CST Lab: NVLAP 200556-0
Secure Router 2330
(Hardware Versions: Chassis: 2330, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); Firmware Version: 10.3.0.100)
(When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy, with all interface card slots filled or covered)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/06/2012Overall Level: 2

-FIPS Approved algorithms: Triple-DES (Certs. #210 and #1051); AES (Certs. #96 and #1606); SHS (Certs. #187 and #1419); HMAC (Cert.#942); RSA (SigVer, Cert. #788); DSA (Cert. #497); DRBG (Cert. #80)

-Other algorithms: MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #788; non-compliant)

Multi-chip standalone

"The Secure Router 2330 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs."
1672IBM® Corporation
12 - 14 Marine Parade
Seabank Centre
Southport, QLD 4215
Australia

William F Penny
TEL: 845-435-3010
FAX: 845-433-7510

James Sweeny
TEL: 845-435-7453
FAX: 845-435-8530

CST Lab: NVLAP 200658-0
IBM® z/OS® Version 1 Release 13 ICSF PKCS#11 Cryptographic Module
(Hardware Versions: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048); Firmware Versions: CPACF (FC3863 w/ System Driver Level 86E) and optional 4765-001 (e1ced7a0); Software Versions: ICSF level HCR7780 w/ APAR OA36882 and RACF level HRF7780)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid02/06/2012Overall Level: 1

-Cryptographic Module Specification: Level 3


-Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Accelerator (CEX3A) is a separately configured version of 4765-001 (P/N 45D6048))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1713 and #1866); Triple-DES (Certs. #1103 and #1212); DSA (Cert. #584); ECDSA (Cert. #261); RSA (Certs. #946, #949 and #971); SHS (Certs. #1497 and #1641); HMAC (Cert. #1112); DRBG (Cert. #151); CVL (Cert. #9)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Triple-DES (non-compliant); DSA (non-compliant); HMAC (non-compliant); RC4; BLOWFISH; MD5; MD2; RIPE-MD; EC Brainpool

Multi-chip standalone

"The ICSF PKCS #11 module consists of software-based cryptographic algorithms, as well as symmetric and hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF) and RSA Hardware clear key modular math cryptography provided through the Crypto Express3 card (CEX3A). The RSA hardware support is accessed through auxiliary module CSFINPVT which acts as a pipe between ICSF PKCS #11 and the cryptographic cards."
1669Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 519-886-4839

CST Lab: NVLAP 200928-0
BlackBerry Cryptographic Kernel
(Firmware Versions: 3.8.7.0 [1], 3.8.7.1 [1,2], 3.8.7.4 [2],3.8.7.5 [2] and 3.8.7.6 [2])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware01/19/2012
10/10/2012
Overall Level: 1

-Design Assurance: Level 3

-Tested: BlackBerry 9900 with BlackBerry OS Versions 7.0 [1] and 7.1 [2]

-FIPS Approved algorithms: Triple-DES (Certs. #1163 and #1164); AES (Certs. #1798, #1799, #1800 and #1801); SHS (Certs. #1581 and #1582); HMAC (Certs. #1063 and #1064); RSA (Certs. #902 and #903); DRBG (Certs. #132 and #133); ECDSA (Certs. #244 and #245)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1663

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/05/2012Overall Level: 2

Multi-chip standalone
1631

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/24/2012
05/03/2012
Overall Level: 2

Multi-chip standalone