CMVP Main Page

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

*** NOTE: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the module vendor.

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#	Vendor / CST Lab	Cryptographic Module	Module Type	Val. Date	Level / Description
1869	WatchGuard Technologies, Inc. 505 Fifth Avenue South, Suite 500 Seattle, WA 98104 USA -Peter Eng TEL: 206 613 6600 CST Lab: NVLAP 200556-0	XTM 21 [1], XTM 21-W [2], XTM 22 [3], XTM 22-W [4], XTM 23 [5], XTM 23-W [6], XTM 25 [7], XTM 25-W [8], XTM 26 [9], XTM 26-W [10], XTM 33 [11], XTM 33-W [12], XTM 330 [13], XTM 505 [14], XTM 510 [15], XTM 520 [16], XTM 530 [17], XTM 810 [18], XTM 820 [19], XTM 830 [20], XTM 830-F [21], XTM 1050 [22] and XTM 2050 [23] (Hardware Versions: XP3E6 [1, 3, 5], XP3E6W [2, 4, 6], FS1E5 [7, 9], FS1E5W [8, 10], FS2E5 [11], FS2E5W [12], NC5AE7 [13], NC2AE8 [14, 15, 16, 17], NS2BE10 [18, 19, 20], NS2BE6F4 [21], NX3CE12 [22] and NC4E16F2 [23] with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.5.1) (When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/21/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #1078, #1079, #1080, #1082, #1180, #1181 and #1182 ); AES (Certs. #1658, #1659, #1660, #1662, #1827, #1828 and #1829); SHS (Certs. #1452, #1453, #1454, #1457, #1606, #1607 and #1608 ); HMAC (Certs. #973, #974, #975, #977, #1081, #1082 and #1083 ); RSA (Cert. #819 ); ECDSA (Cert. #211); RNG (Cert. #885); DSA (Cert. #631) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5 Multi-chip standalone "WatchGuard Fireware XTM extensible threat management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need."
1867	Pitney Bowes Inc. 37 Executive Drive Danbury, CT 06810 USA -David Riley TEL: 203-796-3208 FAX: 203-796-3129 CST Lab: NVLAP 100432-0	Cygnus X3 Hardware Security Module (XHSM) (Hardware Version: P/N 1R84000 Version A; Firmware Versions: 01.00.06 and 01.03.0074 (Device Abstraction Layer)) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/19/2012	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: AES (Cert. #1979); DRBG (Cert. #181); DSA (Cert. #632); ECDSA (Cert. #286); HMAC (Cert. #1192); KAS (Cert. #33); CVL (Cert. #20); RSA (Cert. #1063); SHS (Cert. #1733); Triple-DES (Cert. #1319); Triple-DES MAC (Triple-DES Cert. #1319, vendor affirmed) -Other algorithms: AES (Cert. #1979, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 in order to support international digital indicia standards globally. The Cygnus X3 HSM Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1866	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200556-0	FortiGate-3950B/3951B (Hardware Versions: FortiGate-3950B (C4DE23) and FortiGate-3951B [(C4EL37) and FSM-064 (PE4F79)] with Blank Face Plate (P06698-02) and Tamper Evident Seal: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	12/19/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1856, #1857 and #1858); Triple-DES (Certs. #1203, #1204 and #1205); HMAC (Certs. #1103, #1104 and #1105); SHS (Certs. #1633, #1634 and #1635); RSA (Cert. #939); RNG (Cert. #974) -Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); DES Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1865	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba 3000 [A], 6000/M3 Revision C4 [B] and Dell W-3000 [C], W-6000M3 [D] Controllers with ArubaOS FIPS Firmware (Hardware Versions: [3200-F1 Revision C4, 3400-F1 Revision C4, 3600-F1 Revision C4, 3200-USF1 Revision C4, 3400-USF1 Revision C4 and 3600-USF1 Revision C4] [1] [A], [(6000-400-F1 or 6000-400-USF1) with M3mk1-S-F1 Revision C4, HW-FT, HW-PSU-200 or HW-PSU-400, LC-2G-1, LC-2G24F-1 or LC-2G24FP-1] [1] [B], [W-3200-F1, W-3400-F1, W-3600-F1, W-3200-USF1, W-3400-USF1 and W-3600-USF1] [2] [C], and [(W-6000-400-F1 or W-6000-400-USF1) with W-6000M3, HW-FT and HW-PSU-400] [2] [D] with FIPS kit 4010061-01; Firmware Version: ArubaOS_MMC_6.1.2.3-FIPS [1] and Dell_PCW_MMC_6.1.2.3-FIPS [2] or ArubaOS_MMC_6.1.4.1-FIPS [1] and Dell_PCW_MMC_6.1.4.1-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400") Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/18/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #762, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #417, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #769, #1627, #1629 and #1631); Triple-DES (Certs. #667, #1198 and #1201) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services"
1863	Kaseya US Sales, LLC 901 N. Glebe Road Suite 1010 Arlington, VA 22203 USA -Bill Durant TEL: 415-694-5700 CST Lab: NVLAP 200996-0	Virtual System Administrator Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	12/13/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with MAC OS X v10.6.8; Windows 7 (32-bit); Windows 7 (64-bit); Windows Server 2008; Red Hat Enterprise Linux 5.5 (32-bit); Red Hat Enterprise Linux 5.5 (64-bit) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1988 and #1989); HMAC (Cert. #1202); SHS (Cert. #1744); DRBG (Cert. #185) -Other algorithms: AES (Cert. #1989, key wrapping); AES-CBC (non-compliant) Multi-chip standalone "The Kaseya Virtual System Administrator provides an IT automation framework allowing IT managers to proactively monitor, manage, maintain, and protect distributed IT resources using a single, integrated web-based interface. The services offered by Kaseya Virtual System Administrator are ever-broadening; as IT management services needs increase, so do the tools and services provided by the framework."
1861	RSA Security, Inc. 174 Middlesex Turnpike Bedford, MA 01730 USA -Youngjin Son TEL: +82-10-6700-6735 CST Lab: NVLAP 200900-0	RSA BSAFE® Crypto-C Micro Edition for Samsung MFP SW Platform (VxWorks) (Software Version: 3.0.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	12/10/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with VxWorks (single user mode) -FIPS-approved algorithms: AES (Cert. #1826); Triple-DES (Cert. #1179); DSA (Cert. #573); ECDSA (Cert. #252); RNG (Cert. #962); DRBG (Cert. #143); RSA (Cert. #918); SHS (Cert. #1605); HMAC (Cert. #1080) -Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman Multi-chip standalone "A software cryptographic library within the Vxworks real-time operating system specifically for embedded systems based on the ARM9 CPU architecture."
1859	Red Hat®, Inc. 314 Littleton Road Raleigh, NC 27606 USA -Ann-Marie Rubin TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0	Red Hat Enterprise Linux 6.2 Openswan Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode and when obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9 of the provided Security Policy. This module contains the embedded Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode and the Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837 operating in FIPS mode. Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs are verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	12/03/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #1289 and #1290); AES (Certs. #1985 and 1986); SHS (Certs. #1741 and #1742); RSA (Cert. #979, vendor affirmed); DRBG (Certs. #183 and #184); DSA (Certs. #634 and #635); HMAC (Certs. #1129, #1130, #1134, #1135, #1199 and #1200) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 bits and 150 bits of encryption strength); RC2; RC4; DES; Seed; CAMELLIA; MD2; MD5 Multi-chip standalone "The Red Hat Enterprise Linux 6.2 OpenSwan Cryptographic Module is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec."
1858	Vidyo, Inc. 433 Hackensack Ave, 6th Floor Hackensack, NJ 07601 USA CST Lab: NVLAP 200556-0	Cryptographic Security Kernel (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/29/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E50xx without AES-NI; Mac OS X 10.6.8 32-bit running on Intel Core Duo without AES-NI; Mac OS X 10.6.8 64-bit running on Intel Core 2 Duo without AES-NI; Mac OS X 10.7.3 32-bit or Mac OS 10.7.3 64-bit running on Intel Core 2 Duo without AES-NI; Windows 7 32-bit running on Intel Core Duo without AES-NI; Windows 7 64-bit running on Intel Core 2 Duo without AES-NI; Windows XP 32-bit running on Intel Core Duo without AES-NI; Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E3 with AES-NI; Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on Intel Core i5 with AES-NI; Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on Intel Core i5 with AES-NI; Windows 7 32-bit or Windows 7 64-bit running on Intel Core i5 with AES-NI; Windows XP 32-bit running on Intel Core i5 with AES-NI (single-user mode) -FIPS-approved algorithms: AES (Certs. #2027 and #2028), DRBG (Certs. #194 and #195), HMAC (Certs. #1229 and #1230), SHS (Certs. #1776 and #1777) -Other algorithms: N/A Multi-chip standalone "The Vidyo Cryptographic Security Kernel is a subset of the VidyoTechnology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications."
1857	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0	Luna® PCI 7000 Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.8.7) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant) Multi-chip embedded "Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1856	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0	Luna® PCI 7000 Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.8.7) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	11/29/2012; 12/03/2012	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant) Multi-chip embedded "Luna PCI® offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI® HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1854		Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/28/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1853	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0	Cisco 4402 and 4404 Wireless LAN Controllers (Hardware Versions: 4402, Revision Number R0 and 4404, Revision Number R0; FIPS Kit AIRWLC4400FIPSKIT=, Version A0; Opacity Baffle Version 1.0; Firmware Version: 7.0.230.0) (When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 4400 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, intrusion protection and intelligent radio resource management."
1852	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200996-0	FortiWiFi-60C (Hardware Version: C4DM95 with Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); AES CCM (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1851	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise Control Center (Hardware Versions: [FWE-C1015 and FIPS Kit: FWE-CC-FIPS-KIT1], [FWE-C2050 and FIPS Kit: FWE-CC-FIPS-KIT2] and [FWE-C3000 and FIPS Kit: FWE-CC-FIPS-KIT2]; Firmware Version: 5.2.0) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012; 12/12/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1831 and #1897); Triple-DES (Certs. #1184 and #1233); SHS (Certs. #1611 and #1666); HMAC (Certs. #1085 and #1137); DRBG (Cert. #163); RNG (Certs. #963 and #1009); RSA (Certs. #920 and #972); DSA (Certs. #575 and #599) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5 Multi-chip standalone "McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
1850	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® Crypto-C Micro Edition (Software Version: 3.0.0.16) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/29/2012; 01/24/2013	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with Wind River VxWorks General Purpose Platform 6.0 (PPC 604 32-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #2018); DRBG (Cert. #192); DSA (Cert. #643); ECDSA (Certs. #293 and #294); HMAC (Cert. #1222); RNG (Cert. #1058); RSA (Cert. #1047); SHS (Cert. #1768); Triple-DES (Cert. #1303) -Other algorithms: AES-GCM (non-compliant); DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1849	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba AP-60 and AP-61 Wireless Access Points (Hardware Versions: AP-60-F1 Rev. 01 and AP-61-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/06/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1848	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 4150E (Hardware Version: NSA-4150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/19/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1847	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 2150E (Hardware Version: NSA-2150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/19/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1846	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise 1100E (Hardware Version: NSA-1100-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/19/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1845	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba AP-65, AP-70 and AP-85 Wireless Access Points (Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 and AP-85TX-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS) (When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1843	Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat, 13705 France -Frederic Garnier TEL: +33 4 42 36 43 68 FAX: +33 4 42 36 55 45 CST Lab: NVLAP 200427-0	Protiva+ PIV v2.0 using TOP DL v2 and TOP IL v2 (Hardware Versions: A1025258 and A1023393; Firmware Version: Build#11 - M1005011 + Softmask V04, Applet Version: PIV Applet v2.00 + OATH Applet v2.10) (PIV Card Application: Cert. #30) (When operated in FIPS mode with module TOP DL v2 or TOP IL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1973); CVL (Cert. #18); ECDSA (Cert. #284); RNG (Cert. #1038); RSA (Cert. #1019); SHS (Cert. #1727); Triple-DES (Cert. #1280); Triple-DES MAC (Triple-DES Cert. #1280, vendor affirmed) -Other algorithms: N/A Single-chip "This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1842	SonicWALL, Inc. 2001 Logic Drive San Jose, CA 95124-3452 USA -Usha Sanagala TEL: 408-962-6248 FAX: N/A CST Lab: NVLAP 100432-0	SRA EX6000 and SRA EX7000 (Hardware Versions: P/Ns 101-500210-62 Rev. A (SRA EX6000) and 101-500188-62 Rev. A (SRA EX7000); Firmware Version: SRA 10.6.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1868, #1869 and #1870); HMAC (Certs. #1113, #1114 and #1115); RNG (Cert. #980); RSA (Certs. #950 and #951); SHS (Certs. #1642, #1643 and #1644); Triple-DES (Certs. #1213, #1214 and #1215) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); NDRNG; MD5; RC4 Multi-chip standalone "Built on Aventail's powerful, proven SSL VPN platform, the SonicWALL Aventail SRA EX6000 and SRA EX7000 appliances provide granular access control for any type of remote access by first detecting the identity and the security of the end point, protecting applications with granular policy based on who the user is and the trust established for the end point used for access, and then connecting authorized employees and business partners effortlessly from a broad range of cross-platform devices only to authorized resources."
1841	InZero Systems 13755 Sunrise Valley Drive Suite 750 Herndon, VA 20171 U.S.A. -FIPS Product Team TEL: 703-636-2048 FAX: 703-793-1805 CST Lab: NVLAP 200002-0	InZero Gateway (Hardware Version: XB2CUSB3.1; Firmware Version: 2.80.0.38) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/29/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1841); DSA (Cert. #576); HMAC (Cert. #1095); RNG (Cert. #967); RSA (Cert. #929); SHS (Cert. #1622); Triple-DES (Cert. #1194) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The InZero Gateway is a pocket-sized appliance that provides FIPS-validated VPNs and endpoint security for a Windows PC. The module's hardware sandbox ensures safe browsing (e.g., opening downloaded files) and safe internet banking. A conversion engine strips malware from e-mail attachments. The firewall helps enforce NAC policy. The module may be managed locally by the Crypto Officer or by a network administrator using a Management Console. The HTTPS management connection and VPNs use FIPS validated encryption, while sandbox HTTPS connections are non-FIPS for compatibility."
1839	Entrust, Inc. One Lincoln Centre 5400 LBJ Freeway Suite 1340 Dallas, TX 75240 USA -James Kendry TEL: 972-726-0419 FAX: 972-713-5805 CST Lab: NVLAP 100432-0	Entrust Authority™ Security Toolkit for the Java®Platform (Software Version: 8.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/29/2012	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2008 R2 with Dell Optiplex 755 -FIPS-approved algorithms: AES (Certs. #1935 and #1954); Triple-DES (Cert. #1261); Triple-DES MAC (Cert. #1261, vendor affirmed); DSA (Cert. #617); DRBG (Cert. #170); ECDSA (Cert. #277); SHS (Cert. #1700); HMAC (Cert. #1168); RNG (Cert. #1019); RSA (Cert. #1001); CVL (Cert. #16); CVL (SP 800-135rev1, vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); AES (Cert. #1935, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); CAST3; CAST128; DES; IDEA; RC2; RC4; Rijndael-256; MD2; MD5; RIPEMD-160; SSL3-SHA-MD5; HMAC-MD5; CAST128 MAC; DES MAC; IDEA MAC; ElGamal; SPEKE Multi-chip standalone "Entrust Authority™ Security Toolkit for the Java® Platform enables custom applications to be built using a rich set of APIs that provide encryption, digital signature, and certificate authentication capabilities, as well as the ability to manage the full lifecycles of digital certificate-based identities through integration with the Entrust Authority PKI."
1838	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba AP-92, AP-93, AP-104, AP-105, AP-175, Dell W-AP92, W-AP93, W-AP104, W-AP105 and W-AP175 Wireless Access Points (Hardware Versions: AP-92-F1[1], AP-93-F1[1], AP-104-F1[1], AP-105-F1[1], AP-175P-F1[1], AP-175AC-F1[1], AP-175DC-F1[1], W-AP92-F1[2], W-AP93-F1[2], W-AP104-F1[2], W-AP105-F1[2], W-AP175P-F1[2], W-AP175AC-F1[2], W-AP175DC-F1[2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS[1] and Dell_PCW_6.1.2.3-FIPS[2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/08/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1837	Red Hat, Inc. 1801 Varsity Drive Raleigh, NC 27606 USA -Robert Relyea TEL: 650-254-4236 CST Lab: NVLAP 200427-0	NSS Cryptographic Module (Software Version: 3.12.9.1) (When operated in FIPS Mode and when obtained, installed, and initialized as specified in Section 5 of the provided Security Policy. Section 5 also specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/08/2012	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system with AES-NI (single-user mode) -FIPS-approved algorithms: AES (Cert. #1908); DRBG (Cert. #165); DSA (Cert. #602); HMAC (Cert. #1145); RSA (Cert. #979); SHS (Cert. #1675); Triple-DES (Cert. #1240) -Other algorithms: AES (Cert. #1908, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); HKDF; J-PAKE; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); SEED; Triple-DES (Cert. #1240, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/ ."
1836	RSA Security, Inc. 174 Middlesex Turnpike Bedford, MA 01730 USA -Youngjin Son TEL: +82-10-6700-6735 CST Lab: NVLAP 200900-0	RSA BSAFE® Crypto-C Micro Edition for MFP SW Platform (pSOS) (Software Versions: 3.0.0.1 and 3.0.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	11/08/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with pSOS (single user mode) -FIPS-approved algorithms: AES (Cert. #1808); Triple-DES (Cert. #1166); DSA (Cert. #566); ECDSA (Cert. #249); RNG (Cert. #953); DRBG (Cert. #137); RSA (Cert. #905); SHS (Cert. #1587); HMAC (Cert. #1066) -Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman Multi-chip standalone "A software cryptographic library within the pSOS real-time operating system specifically for embedded systems based on the ARM9 CPU architecture."
1835	Cavium Networks 2315 N First Street San Jose, CA 95131 USA -TA Ramanujam TEL: 408-931-2952 FAX: 408-577-1992 CST Lab: NVLAP 100432-0	NITROX XL 1600-NFBE HSM Family (Hardware Versions: P/Ns CN1620-NFBE1NIC-2.0, CN1620-NFBE3NIC-2.0, CN1610-NFBE1NIC-2.0, CN1610-NFBE1-3.0, CN1620-NFBE1-3.0, CN1620-NFBE3-3.0, CN1610-NFBE1-2.0, CN1620-NFBE1-2.0 and CN1620-NFBE3-2.0; Firmware Version: CN16XX-NFBE-FW-2.1-110015) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/08/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1265 and #1266); Triple-Des (Cert. #898); RSA (Certs. #607 and #742); ECDSA (Certs. #150 and #188); SHS (Certs. #1165 and #1166); HMAC (Cert. #736); KAS (Cert. #5); RNG (Cert. #707); DRBG (Cert. #32); DSA (Cert. #474) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE Multi-chip embedded "The NITROX XL 1600-NFBE HSM adapter family delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets."
1834	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200996-0	FortiGate-200B [1], FortiGate-310B [2] and FortiGate-620B [3] (Hardware Versions: C4CD24 [1], C4ZF35 [2] and C4AK26 [3] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE; Firmware Version: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/08/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1832	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200996-0	FortiGate-60C [1], FortiGate-110C [2] and FortiGate-111C [3] (Hardware Versions: C4DM93 [1], C4HA15 [2] and C4BQ31 [3] with Tamper Evident Seal Kit: FIPS-SEAL-RED [1] or FIPS-SEAL-BLUE [2,3]; Firmware Version: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/07/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1408, #1899, and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1831	Motorola Solutions, Inc. 1303 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	KMF CryptR (Hardware Version: P/N CLN8566A; Firmware Version: R01.02.10 or R01.05.00) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012; 12/07/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1901); DRBG (Cert. #159); ECDSA (Cert. #268); SHS (Cert. #1670) -Other algorithms: AES (Cert. #1901, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #1901, vendor affirmed; P25 AES OTAR); NDRNG; LFSR; KAS (non-compliant); DES-XL; DES-OFB; DES-ECB; DES-CBC; DVI-XL; DVP-XL Multi-chip standalone "The KMF CryptR provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola's Key Management Facility (KMF). The KMF and KMF CryptR combine to provide these cryptographic services for Motorola's APCO-25 compliant Astro radio systems."
1830	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200996-0	FortiGate-5140 Chassis with FortiGate 5000 Series Blades (Hardware Version: Chassis: C4GL51; Blades: P4CF76, P4CJ36-02, P4CJ36-04 and P4EV74; AMC Components: P4FC12 and AMC4F9; Shelf Manager: PN 21594 346; Alarm Panel: PN 21594 159; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1405, #1408, #1858, #1899 and #1900); Triple-DES (Certs. #958, #961, #1205, #1234 and #1235); SHS (Certs. #1275, #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #826, #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1829	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Palani Karuppan TEL: 408-525-2747 CST Lab: NVLAP 100432-0	Cisco 5508 Wireless LAN Controller (Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Version: 7.0.230.0 or 7.2.103.0) (When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1828	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba AP-134, AP-135 and Dell W-AP134, W-AP135 Wireless Access Points (Hardware Versions: AP-134-F1 [1], AP-135-F1 [1], W-AP134-F1 [2] and W-AP135-F1 [2] with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2]) (When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1827	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Roberts TEL: 415-738-2810 CST Lab: NVLAP 200556-0	Symantec Scanner Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	11/05/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with CentOS 5.5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1809); Triple-DES (Cert. #1167); DSA (Cert. #567); SHS (Cert. #1588); RNG (Cert. #954); RSA (Cert. #906); HMAC (Cert. #1067) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Symantec Scanner Cryptographic Module Version 1.0 provides cryptographic services to the Scanner component of the Symantec Messaging Gateway solution, a secure email gateway offering. The Scanner provides filtering services on inbound and outbound message flows and is responsible for taking actions on emails based on filtering verdicts."
1826	Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA -Monty Forehand TEL: 720-684-2835 FAX: 720-684-2733 CST Lab: NVLAP 100432-0	Seagate Secure® TCG Opal SSC Self-Encrypting Drive (Hardware Versions: 9WU142, 9WU14C and 9WU141; Firmware Version: 0001SDM7 or 0001SED7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225) -Other algorithms: NDRNG Multi-chip embedded "The Seagate Secure® TCG Opal SSC Self-Encrypting Drive is embedded in Seagate Momentus® Thin Self-Encrypting Drives (SEDs). The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
1824	Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco Telepresence C20 Codec (Hardware Version: C20 v1; Firmware Version: TC5.0.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/14/2012; 11/21/2012; 12/03/2012	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255) -Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1823	Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco Telepresence C40, C60, and C90 Codecs (Hardware Versions: C40 v1, C60 v1 and C90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012; 11/21/2012; 12/03/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #1928); DRBG(Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255) -Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1822	Data-Pac Mailing Systems Corp. 1217 Bay Road Webster, NY 14580 USA -Ken Yankloski TEL: 585-787-7074 FAX: 585-671-1409 -John Keirsbilck TEL: 585-787-7077 FAX: 585-671-1409 CST Lab: NVLAP 200427-0	iButton Postal Security Device (Hardware Version: MAXQ1959B-F50#; Firmware Version: 1.3) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/01/2012	Overall Level: 3  -Physical Security: Level 3 +EFT -FIPS-approved algorithms: DSA (Cert. #544); RNG (Cert. #927); SHS (Cert. #1526) -Other algorithms: N/A Multi-chip standalone "The Data-Pac MAXQ1959B-F50# Postal Security Device (PSD) is an embedded cryptographic module used for postage evidencing. The PSD complies with FIPS 140-2 standards and postal requirements to support the USPS IBI program, including strong cryptographic and physical security for the protection of postal funds."
1821	Integral Memory PLC. Unit 6 Iron Bridge Close Iron Bridge Business Park Off Great Central Way London, Middelsex NW10 0UF United Kingdom -Patrick Warley TEL: +44 (0)20 8451 8700 FAX: +44 (0)20 8459 6301 - Samik Halai TEL: +44 (0)20 8451 8704 FAX: +44 (0)20 8459 6301 CST Lab: NVLAP 200996-0	Crypto Dual (Underlying Steel Chassis) [1] and Crypto Dual Plus (Underlying Steel Chassis) [2] (Hardware Versions: INFD2GCRYPTODL140-2(R) [1], INFD4GCRYPTODL140-2(R) [1], INFD8GCRYPTODL140-2(R) [1], INFD16GCRYPTODL140-2(R) [1], INFD32GCRYTPODL140-2(R) [1], INFD64GCRYPTODL140-2(R) [1], INFD2GCRYDLP140-2(R) [2], INFD4GCRYDLP140-2(R) [2], INFD8GCRYDLP140-2(R) [2], INFD16GCRYDLP140-2(R) [2], INFD32GCRYDLP140-2(R) [2], INFD64GCRYDLP140-2(R) [2], INFD128GCRYDLP140-2(R) [2], INFD256GCRYDLP140-2(R) [2], INFD512GCRYDLP140-2(R) [2] and INFD1TCRYDLP140-2(R) [2]; Firmware Version: PS2251-65) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	11/01/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1205); SHS (Cert. #1108); RNG (Cert. #666) -Other algorithms: NDRNG Multi-chip standalone "The Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) features Dual Password (User and Master) and works in both Windows & Mac operating Systems. Featuring Premium 256 bit AES security, it is one of the most secure and durable of all Integral USB Flash Drives. It has brute-force password attack protection, a 26 language interface and operates with a zero footprint."
1820	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba AP-120 Series and Dell W-AP120 Series Wireless Access Points (Hardware Versions: AP-124-F1 [1], AP-125-F1 [1], W-AP124-F1 [2] and W-AP125-F1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/05/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1819	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Roberts TEL: 415-738-2810 CST Lab: NVLAP 200556-0	Symantec Control Center Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode with RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/12/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode) -FIPS-approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389); DRBG (vendor affirmed); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614) -Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RNG (X9.31, non-compliant); MD5; SHA-1 (non-compliant); RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5 Multi-chip standalone
1818	Cisco Systems, Inc. 170 W. Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco EX60 and EX90 TelePresence Systems (Hardware Versions: EX60 v1 and EX90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/11/2012; 11/21/2012; 12/03/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255) -Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1817	LogRhythm 3195 Sterling Circle, Suite 100 Boulder, CO 80301 USA -Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0	LogRhythm 6.0.4 Event Manager (Software Version: 6.0.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/11/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: MD5; HMAC-MD5 Multi-chip standalone "The LogRhythm 6.0.4 Event Manager cryptographic module provides cryptographic services to an Event Manager. In particular, these services support secure communication with supporting SQL Server databases."
1816	Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid TEL: 408-737-4308 CST Lab: NVLAP 100432-0	Imation S250/D250 (Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Versions: 4.0.1 or 4.0.2) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/11/2012; 01/04/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1815	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Robbie Gill TEL: 408-754-8406 CST Lab: NVLAP 200427-0	Aruba RAP-5WN and Dell W-RAP-5WN Remote Access Points (Hardware Versions: RAP-5WN-F1 [1] and W-RAP-5WN-F1 [2]; Firmware Version: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/11/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's RAP-5WN access point aggregates wired and wireless user traffic and forwards it to an Aruba Mobility Controller through a secure IPsec tunnel, using the public Internet or an optional 3G/4G WWAN service for backhaul. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 standard along with optional Suite B cryptography for high-assurance applications. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1814	Websense Inc. 10240 Sorrento Valley Road San Diego, CA 92121 USA -Joshua Rosenthol TEL: 858-320-3684 CST Lab: NVLAP 200928-0	Crypto Module C (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/11/2012; 01/22/2013	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2; 32-bit Red Hat Enterprise Linux 6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1257); AES (Cert. #1931); SHS (Cert. #1696); HMAC (Cert. #1165); RNG (Cert. #1016); DSA (Cert. #614); RSA (Cert. #997) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); AES-CFB1 (non-compliant); ECDSA (non-compliant); ECDH (non-compliant) Multi-chip standalone "Websense produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Websense Crypto Module C provides support for cryptographic and secure communications services for these solutions."
1813	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Guillaume Gavillet FAX: 408-936-1801 -Seyed Safakish TEL: 408-745-8158 FAX: 408-936-1801 CST Lab: NVLAP 200002-0	Junos-FIPS 10.4 L2 OS Cryptographic Module (Firmware Version: 10.4R5) (When operated only on the specific platforms specified on the reverse. The routing engine and chassis configured with tamper evident seals installed as indicated in the Security Policy.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	10/11/2012	Overall Level: 2  -Design Assurance: Level 3 -Tested: M120 [1], M320 [2], MX240 [3], MX480 [4], MX960 [5] and T1600 [6]; Routing Engines: (RE-A-2000-4096 [1,2] and RE-S-2000-4096 [3,4,5,6]); Routing Engine Control Boards: (750-011402 [1] and 750-021524 [3,4,5]); Blanking Plate (540-015089 Rev02 [5]); Control Boards: (750-009188 [2] and 750-024570 [6]); with Tamper Evident Seal Kit: (JNPR-FIPS-TAMPER-LBLS [1,2,3,4,5,6]) -FIPS-approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Juniper Networks M, T and MX series routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software, which provides both management and control functions as well as all IP routing."
1812	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise Control Center Virtual Appliance (Software Versions: 5.2.0 and 5.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/11/2012; 10/31/2012	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Operational Environment: Tested as meeting Level 1 with CGLinux (single-user mode) -FIPS-approved algorithms: AES (Certs. #1862 and #1917); Triple-DES (Certs. #1209 and #1247); SHS (Certs. #1638 and #1683); HMAC (Certs. #1109 and #1152); DRBG (Cert. #162); RNG (Certs. #976 and #1008); RSA (Certs. #943 and #985); DSA (Certs. #581 and #608) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5 Multi-chip standalone "McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
1811	Diversinet Corp. 2235 Sheppard Avenue East Suite 1700 Toronto, Ontario M2J 5B5 Canada -Charles Blair TEL: 416-756-2324 ext 234 -Diversinet Sales TEL: 416-756-2324 CST Lab: NVLAP 200928-0	Diversinet Java Crypto Module (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/11/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 with JDK v1.6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1276); AES (Cert. #1965); SHS (Cert. #1723); HMAC (Cert. #1185); DRBG (Cert. #175); RSA (Cert. #1017) -Other algorithms: Multi-chip standalone "Diversinet Java SE Crypto Module is a JCA (Java Cryptography Architecture) Provider shipped with Diversinet MobiSecure Products. The Crypto Module implements several JCE (Java Cryptography Extension) algorithms including Triple DES, AES, SHA, HMAC and RSA. The Crypto Module is packaged in a signed Java Archive (JAR) file."
1810	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200426-0	FortiGate-1240B [1] and FortiGate-3140B [2] (Hardware Versions: C4CN43 [1] and C4XC55 [2] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE [1] or FIPS-SEAL-RED [2]; Firmware Version: FortiOS 4.0, build8892, 111128) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/11/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1408, #1858, #1899 and #1900); Triple-DES (Certs. #961, #1205, #1234 and #1235); SHS (Certs. #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973) -Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1809	Systematic Development Group, LLC 350 Jim Moran Blvd. Suite 122 Deerfield Beach, FL 33442 USA -George Wolf TEL: 954-889-3535 x315 CST Lab: NVLAP 100432-0	LOK-IT® 10 KEY (Series SDG003FM) (Hardware Versions: HW003-32 Rev:01 [2], HW003-16 Rev:03 [1], HW003-16 Rev:04 [2], HW003-08 Rev:02 [1], HW003-08 Rev:03 [2] , HW003-04 Rev:02 [1] and HW003-04 Rev:03 [2]; Firmware Version: USB Controller Firmware Revision V01.12A12-F01 [1] or V01.12A14-F05 [2]; Security Controller Firmware Revision SDG003FM-010) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	10/02/2012; 01/22/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1514); SHS (Cert. #1682); DRBG (Cert. #164) -Other algorithms: NDRNG Multi-chip standalone "This module is a multi-chip standalone cryptographic module, as defined by FIPS 140-2 and consists of an Initio 1861 USB controller, NAND Flash memory and a Microchip PIC16LF1825 security controller. All components are encased in hard, opaque, production grade integrated circuit packaging. The cryptographic boundary is defined as the boundary of the module's PCB and hard epoxy coating. The module uses a NDRNG as input to a Hash_DRBG algorithm specified in NIST special publication SP800-90 to generate a random 256 bit encryption key. The AES key has 256 bits of entropy."
1808	LogRhythm 3195 Sterling Circle, Suite 100 Boulder, CO 80301 USA -Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0	LogRhythm 6.0.4 Log Manager (Software Version: 6.0.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/02/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: MD5; HMAC-MD5 Multi-chip standalone "The LogRhythm 6.0.4 Log Manager cryptographic module provides cryptographic services to a Log Manager. In particular, these services support secure communication with other LogRhythm components (System Monitor Agents and AI Engine Servers) and SQL Server databases."
1807	LogRhythm 3195 Sterling Circle, Suite 100 Boulder, CO 80301 USA -Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0	LogRhythm 6.0.4 Console (Software Version: 6.0.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/02/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: MD5; HMAC-MD5 Multi-chip standalone "The LogRhythm 6.0.4 Console cryptographic module provides cryptographic services to a Console. In particular, these services support secure communication with SQL Server databases in a LogRhythm deployment."
1806	LogRhythm 3195 Sterling Circle, Suite 100 Boulder, CO 80301 USA -Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0	LogRhythm 6.0.4 Windows System Monitor Agent (Software Version: 6.0.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/02/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: MD5; HMAC-MD5 Multi-chip standalone "The LogRhythm 6.0.4 Windows System Monitor Agent cryptographic module provides cryptographic services to a Windows System Monitor Agent. In particular, these services support secure communication with a LogRhythm Log Manager component."
1805	LogRhythm 3195 Sterling Circle, Suite 100 Boulder, CO 80301 USA -Emily Dobson TEL: 720-881-5348 CST Lab: NVLAP 200427-0	LogRhythm 6.0.4 AI Engine Server (Software Version: 6.0.4) (When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/02/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5 -FIPS-approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081) -Other algorithms: MD5; HMAC-MD5 Multi-chip standalone "The LogRhythm 6.0.4 AI Engine Server cryptographic module provides cryptographic services to an AI Engine Server. In particular, these services support secure communication with LogRhythm Log Managers and Event Manager SQL Server databases."
1804	Diversinet Corp. 2235 Sheppard Avenue East Suite 1700 Toronto, Ontario M2J5B5 Canada -Charles Blair TEL: 416-756-2324 ext 234 -Diversinet Sales TEL: 416-756-2324 CST Lab: NVLAP 200928-0	Diversinet Java Crypto Module for Mobile (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	10/03/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Android OS v2.2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1277); AES (Cert. #1966); SHS (Cert. #1724); HMAC (Cert. #1186); DRBG (Cert. #176); RSA (Cert. #1018) -Other algorithms: N/A Multi-chip standalone "Diversinet Java ME Crypto Module is shipped with Diversinet MobiSecure Client SDK for Java based run-time environments on Smartphones and tablets including, Android OS-, BlackBerry OS- and Java ME MIDP-based. The Crypto Module implements several cryptography algorithms including Triple DES, AES, SHA, HMAC and RSA."
1803	Websense Inc. 10240 Sorrento Valley Road San Diego, CA 92121 USA -Joshua Rosenthol TEL: 1-858-320-3684 CST Lab: NVLAP 200928-0	Crypto Module Java (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	09/25/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2 with JRE v1.6.0 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1262); AES (Cert. #1936); SHS (Cert. #1701); HMAC (Cert. #1169); RNG (Cert. #1020); DSA (Cert. #618); RSA (Cert. #1002) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); ECDSA (non-compliant); ECDH (non-compliant); MD2; MD4; MD5 Multi-chip standalone "The Websense Crypto Module Java provides cryptographic and secure communication services for the Websense-developed family of web security, email security, and data loss prevention solutions, deployed on high-performance, pre-configured hardware or as fully-customizable "ready-to-install" software."
1802	Brocade Communications Systems, Inc. 130 Holger Way San Jose, CA 95134 USA -Greg Farris TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200802-0	VDX 6710, VDX 6720 and VDX 6730 with Network OS (NOS) v2.1.0 Firmware (Hardware Versions: VDX6710-54-F (P/N 80-1004843-02), VDX6710-54-R (P/N 80-1004702-02), VDX6720-16-F (P/N 80-1004566-05), VDX6720-16-R (P/N 80-1004567-05), VDX6720-24-F (P/N 80-1004564-05), VDX6720-24-R (P/N 80-1004565-05), VDX6720-40-F (P/N 80-1004570-05), VDX6720-40-R (P/N 80-1004571-05), VDX6720-60-F (P/N 80-1004568-05), VDX6720-60-R (P/N 80-1004569-05), VDX6730-16-F (P/N 80-1005649-01), VDX6730-16-R (P/N 80-1005651-01), VDX6730-24-F (P/N 80-1005648-01), VDX6730-24-R (P/N 80-1005650-01), VDX6730-40-F (P/N 80-1005680-01), VDX6730-40-R (P/N 80-1005681-01), VDX6730-60-F (P/N 80-1005679-011) and VDX6730-60-R (P/N 80-1005678-01) with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: Network OS (NOS) v2.1.0 (P/N 63-1000931-01)) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/07/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #652); AES (Certs. #731 and #1595); SHS (Certs. #749 and #1407); HMAC (Certs. #397 and #933); RNG (Cert. #426); RSA (Certs. #342 and #778) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96 Multi-chip standalone "The VDX 6710, VDX 6720 and VDX 6730 are multiple-chip standalone cryptographic modules. The module is a Gigabit Ethernet routing switch that provides secure network services and network management."
1801	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 CST Lab: NVLAP 100432-0	µMACE (Hardware Version: P/N AT58Z04; Firmware Version: R01.00.04) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	09/07/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1876); DRBG (Cert. #154); ECDSA (Cert. #263); KAS (Cert. #28); SHS (Cert. #1619) -Other algorithms: AES (Cert. #1876, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG Single-chip "The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products."
1800	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Andrew Young TEL: 703-647-8408 FAX: 410-290-6506 CST Lab: NVLAP 100432-0	eToken 4300 (Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: SafeNet eToken 4300 010E.1245.0002 with PIV Applet 3.0) (PIV Card Application: Cert. #32) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	12/06/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "eToken 4300 is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. eToken 4300 is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. eToken 4300 supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. eToken 4300 exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1799	Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA -Gary Brunner TEL: 412-262-2571, ext. 101 FAX: 412-262-2574 CST Lab: NVLAP 200928-0	CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE (Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/04/2012; 03/08/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #482, #667 and #1258); AES (Certs. #465, #762 and #1932); SHS (Cert. #1697); HMAC (Certs. #416, #417 and #1166); RSA (Certs. #998); DSA (Certs. #615); RNG (Certs. #1017) -Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP100 VSE and CEP1000 VSE provide data confidentiality, data integrity and data authentication for network traffic at bit rates from 75 Mbps to 1 Gbps."
1798	Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA -Gary Brunner TEL: 412-262-2571, ext. 101 FAX: 412-262-2574 CST Lab: NVLAP 200928-0	CEP10-R, CEP10 VSE and CEP10-C (Hardware Versions: [CEP10-R, PN 410-032-402, A], [CEP10 VSE, PN 410-032-402, A], [CEP10-C, PN 410-032-602, A] and [CEP10 VSE, PN 410-032-602, A]; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/06/2012; 03/08/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #673 and #1258); AES (Certs. #779 and #1932); SHS (Cert. #1697); HMAC (Certs. #426 and #1166); RSA (Cert. #998); DSA (Cert. #615); RNG (Cert. #1017) -Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer full line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP10 VSE provides data confidentiality, data integrity and data authentication for network traffic at bit rates from 3 Mbps to 50 Mbps."
1797	Certes Networks, Inc. 300 Corporate Center Drive Suite 140 Pittsburgh, PA 15108 USA -Gary Brunner TEL: 412-262-2571, ext. 101 FAX: 412-262-2574 CST Lab: NVLAP 200928-0	CEP10G VSE (Hardware Version: [CEP10G VSE, A]; Firmware Version: 2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	09/04/2012; 03/08/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #1195 and #1258); AES (Certs. #1842 and #1932); SHS (Cert. #1697); HMAC (Certs. #1141 and #1166); RSA (Cert. #998); DSA (Cert. #615); RNG (Cert. #1017) -Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer full line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP10G VSE provides data confidentiality, data integrity and data authentication for network traffic at bit rates from 500 Mbps to 10 Gbps."
1796	Brocade Communications Systems, Inc. 130 Holger W San Jose, CA 95134 USA -Greg Farris TEL: 408-333-8000 FAX: 408-333-8101 CST Lab: NVLAP 200802-0	Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones; 6510 FC Switch; and 7800 Extension Switch (Hardware Version: [6510 FC Switch (P/Ns 80-1005232-02, 80-1005267-02, 80-1005268-02, 80-1005269-02, 80-1005271-02 and 80-1005272-02) [A,B], 7800 Extension Switch (P/Ns 80-1002607-06, 80-1002608-06 and 80-1002609-06) [A,B], [DCX Backbone (P/Ns 80-1001064-08, 80-1001064-09, 80-1004920-02 and 80-1004920-03), DCX-4S Backbone (P/Ns 80-1002071-08, 80-1002071-09, 80-1002066-08 and 80-1002066-09), DCX 8510-4 Backbone (P/Ns 80-1004697-02, 80-1004697-03, 80-1005158-02 and 80-1005158-03) and DCX 8510-8 Backbone (P/Ns 80-1004917-02 and 80-1004917-03] with Blades (P/Ns 80-1001070-06 [A,B], 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1001071-02, 80-1000696-01, 80-1005166-01, 80-1005187-01, 80-1001066-01, 80-1001067-01, 80-1001453-01, 80-1003887-01, 80-1002762-04, 80-1000233-10, 80-1002839-02, 49-1000016-04, 49-1000064-02 and 49-1000294-05)] with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.0.0b (P/N 63-1000968-01) [A] or Fabric OS v7.0.0b1 (P/N 63-1001098-01) [B]) (When operated in FIPS mode and when tamper evident labels are installed on the initially built configurations as indicated in the Security Policy.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	08/31/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #652 and #1043); AES (Certs. #731, #1595 and #1596); SHS (Certs. #749, #1407 and #1408); HMAC (Certs. #397, #933 and #934); RNG (Certs. #426 and #854); RSA (Certs. #778, #779, #1048 and #1049) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96 Multi-chip standalone "The Brocade« DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
1795	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129 -Thomas Palsherm TEL: +49 89 4119-2384 FAX: +49 89 4119-9093 CST Lab: NVLAP 200427-0	Sm@rtCafé Expert 6.0 FIPS (Hardware Versions: P5CC081, P5CD081 and P5CD145; Firmware Version: Sm@rtCafé Expert 6.0) (The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/31/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed) -Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides between 128 and 175 bits of encryption strength) Single-chip "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafé Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
1794	Thales e-Security Meadow View House Crendon Industrial Estate, Long Crendon, Aylesbury, Buckinghamshire HP18 9EQ United Kingdom -Datacryptor-Certifications TEL: +44 (0)1844 201800 CST Lab: NVLAP 200002-0	Secure Generic Sub-System (SGSS), Version 3.5 (Hardware Versions: 1213H130 Issue 6E, 1213R130 Issue 1, 1213P130 Issue 2 and 1213P130 Issue 2A; Software Version: 3.0.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	08/28/2012; 09/27/2012	Overall Level: 3  -FIPS-approved algorithms: ECDSA (Cert. #283); SHS (Cert. #1717) -Other algorithms: N/A Multi-chip embedded "The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000, Datacryptor® Advanced Performance and Small Form Factor family (Link, Frame Relay, E1/T1, E3/T3, and IP models). The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (ECDSA) and SHA-384 hashing. This is a revalidation of the SGSS certified under FIPS Certificate #836, and does not affect the previous FIPS validation."
1793	HID Global 15370 Barranca Pkwy Irvine, CA 92618 USA -Stephane Ardiley TEL: 510-745-6288 FAX: 510-574-0101 CST Lab: NVLAP 100432-0	HID Global Digital Identity Applet v2 on NXP JCOP 2.4.2 (Hardware Version: P/N P5CD145; Firmware Version: JCOP 2.4.2 R0 MaskID 53 and patchID 98, Digital Identity Applet Suite 2.7.1) (PIV Card Application: Cert. #29) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/28/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RNG (Cert. #942); Triple-DES (Cert. #1144); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); RSA (Cert. #885) -Other algorithms: Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of encryption strength) Single-chip "This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured for use with HID Global JavaCard Applet Suite v2.7.1 for support of GSC-IS v2.1, NIST SP800-73-3 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
1792	Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA -Irina Boverman TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0	Red Hat Enterprise Linux 6.2 OpenSSH Server Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode. When obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/24/2012; 10/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); RNG (Certs. #989, #990, #994 and #995); HMAC (Certs. #1129, #1130, #1134 and #1135); SHS (Certs. #1658, #1659, #1663 and #1664); RSA (Certs. #964, #965, #969 and #970) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 160 bits of encryption strength) Multi-chip standalone "The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.2. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1791	Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA -Irina Boverman TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0	Red Hat Enterprise Linux 6.2 OpenSSH Client Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/24/2012; 10/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); RNG (Certs. #989, #990, #994 and #995); HMAC (Certs. #1129, #1130, #1134 and #1135); SHS (Certs. #1658, #1659, #1663 and #1664); RSA (Certs. #964, #965, #969 and #970) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 160 bits of encryption strength) Multi-chip standalone "The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.2. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1790	ARX (Algorithmic Research) 10 Nevatim Street Petah-Tikva, 49561 Israel -Ezer Farhi TEL: +972-39279529 FAX: +972-39230864 CST Lab: NVLAP 200002-0	PrivateServer (Hardware Version: 4.7; Firmware Version: 4.8.1) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	11/05/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1983); Triple-DES (Cert. #1286); RSA (Cert. #1029); SHS (Cert. #1738); Triple-DES MAC (Triple-DES Cert. #1286, vendor affirmed); RNG (Cert. #1042); ECDSA (Cert. #288); HMAC (Cert. #1196) -Other algorithms: DES Stream; MD5; RSA cipher only with ISO9796 padding; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES; DES MAC Multi-chip standalone "The PrivateServer is a high-performance cryptographic service provider. PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES MAC, CCM, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capability."
1789	McAfee, Inc. 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701 CST Lab: NVLAP 200556-0	McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032 (Hardware Versions: FWE-S1104, FWE-S2008, FWE-S3008, FWE-S4016, FWE-S5032 and FWE-S6032; Firmware Version: 7.0.1.03 and 8.2.0) (When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/22/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1788	Q1 Labs 890 Winter Street Suite 230 Waltham, MA 02451 USA -Ellen Knickle TEL: 506-444-6870 FAX: 506-459-7016 -Peter Clark TEL: 506-635-4900 FAX: 506-459-7016 CST Lab: NVLAP 200427-0	Cryptographic Security Kernel (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/22/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux (RHEL) 5.7; CentOS 5.7 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1907); HMAC (Cert. #1144); RNG (Cert. #1001); RSA (Cert. #978); SHS (Cert. #1674); Triple-DES (Cert. #1239) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5, RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Q1 Labs Cryptographic Security Kernel is multi-algorithm library providing general-purpose cryptographic services. The purpose of the module is to provide a single API for cryptographic functionality that can provide centralized control over FIPS-Approved mode status, provide availability of only FIPS-Approved algorithms or vendor-affirmed implementations of non FIPS-Approved algorithms, and provide for centralized logging and reporting of the cryptographic engine."
1787	GDC Technology (USA), LLC 1016 West Magnolia Boulevard Burbank, CA 91506 USA -Pranay Kumar TEL: (877) 743-2872 FAX: (877) 643-2872 CST Lab: NVLAP 100432-0	IMB (Hardware Version: GDC-IMB-v1; Firmware Version: 1.1 with Security Manager Firmware Version 1.2.11) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/22/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1278 and #1286); SHS (Certs. #1176, #1178, #1179 and #1180); RNG (Certs. #713 and #716); RSA (Certs. #610 and #613); HMAC (Certs. #743 and #747) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; S-Box Multi-chip embedded "A digital cinema media block designed to be compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management and logging."
1786	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/24/2012; 01/24/2013	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 7 (64-bit) with Sun JRE 6.0; Android 2.2 ARM (32-bit) JRE 6.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1911); DRBG (Cert. #160); DSA (Cert. #604); ECDSA (Cert. #271); HMAC (Cert. #1148); PBKDF (vendor affirmed); RNG (Cert. #1004); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243) -Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1785	RSA, The Security Division of EMC 174 Middlesex Turnpike Bedford, MA 01730 USA -Sandy Carielli TEL: 781-515-7510 CST Lab: NVLAP 200427-0	RSA BSAFE® Crypto-J JSAFE and JCE Software Module (Software Version: 6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	08/24/2012; 01/24/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 7 (64-bit) with Sun JRE 6.0; Android 2.2 ARM (32-bit) JRE 6.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1911); DRBG (Cert. #160); DSA (Cert. #604); ECDSA (Cert. #271); HMAC (Cert. #1148); PBKDF (vendor affirmed); RNG (Cert. #1004); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243) -Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime Multi-chip standalone "RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1784	Hewlett-Packard Company 8000 Foothills Blvd Rosevillle, CA 95747 USA -Sunil Amanna TEL: 916-785-1183 FAX: 916-785-1103 -Harjit Dhillon TEL: 916-785-0341 FAX: 916-785-1103 CST Lab: NVLAP 200002-0	HP Networking 5400 zl [1,2] and 8200 zl [3,4] Switch Series (Hardware Versions: 5406 zl [1] 5412 zl [2], 8206 zl [3], 8212 zl [4] [A] [B]; Switches: (J8697A [1], J8698A [2], J9447A [3] and J9091A [4] [A] [B]); Management Modules: (J8726A [1,2] and two J9092A [3,4] [A] [B]); Power Supply: (J9306A: one [1,3] or two [2,4]); Support Module: (J9095A [3,4] [A] [B]); Fabric Module: (two J9093A [3,4] [A] [B]); Blank Plate: (5069-8563: five [1,3] or eleven [2,4]); PSU Blank Plate (5003-0753: one [1,3] or two [2,4]); Opacity Shield Kits: (J9710A [1], J9711A [2], J9712A [3] and J9713A [4]); High Performance Fan Trays: (J9721A [1], J9722A [2], J9723A [3] and J9724A [4]); with ([HP Gig-T/SFP+ V2 zl Mod: J9536A] and [Tamper Evident Seal Kit: J9709A]) [1,2,3,4]; Firmware Versions: K.15.07.003 [A] and K.15.07.0012 [B]) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/15/2012; 12/13/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1718); Triple-DES (Cert. #1105); SHS (Certs. #1501 and #1600); HMAC (Cert. #993); RSA (Certs. #866 and #915); DSA (Cert. #530); RNG (Cert. #911) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); MD5 Multi-chip standalone "The HP 5400 Switch series consists of Layer 2/3/4 switches which support integrated advanced capabilities in chassis (6-slot and 12-slot) form factor and offer maximum flexibility, life time warranty and lowered TCO. The HP 8200 zl Switch Series offers high performance, scalability, and a wide range of features in a high-availability platform that dramatically reduces complexity and provides reduced cost of ownership."
1783	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/08/2012; 03/19/2013	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms:
1782	SafeNet, Inc. 20 Colonnade Drive Suite 200 Ottowa, ON K2E 7M6 Canada -Mark Yakabuski TEL: 613-221-5032 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	ProtectServer Internal Express (PSI-e) (Hardware Versions: VBD-04-0302 and VBD-04-0303; Firmware Versions: 3.20.00 and 3.20.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/07/2012; 11/05/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1859 and #1860); DSA (Cert. #579); ECDSA (Cert. #259); HMAC (Cert. #1106); RNG (Cert. #975); RSA (Cert. #940); SHS (Cert. #1636); Triple-DES (Certs. #1206 and #1207); Triple-DES MAC (Triple-DES Cert. #1206, vendor affirmed) -Other algorithms: AES MAC (AES Cert. #1859; non-compliant); ARIA; CAST-128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); ECIES; EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); SEED; SEED MAC; Triple-DES (Certs. #1206 and #1207, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); AES (Certs. #1859 and #1860, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Multi-chip embedded "The SafeNet PSI-e is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-e also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC."
1781	Valid S/A Av. Paulista, 1000, terreo Sao Paulo, 01310-100 Brazil -Carlos Okada TEL: +55 11 2575-6800 FAX: +55 11 2575-6500 CST Lab: NVLAP 100432-0	IDflex V (Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Valid IDflex V 010B.0352.0005 with LASER PKI Applet 3.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/07/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1654); RSA (Cert. # 824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDflex V is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDflex V is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDflex V supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDflex V exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1780	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/07/2012; 09/26/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1779	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/07/2012; 09/26/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1778	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/07/2012; 04/15/2013	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1777	Thales e-Security, Inc. 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -Nathan Turajski TEL: 954-888-6201 CST Lab: NVLAP 200427-0	Thales e-Security keyAuthority® (Hardware Version: 1.0; Firmware Version: 3.0.3) (This module contains the embedded module IBM Java JCE FIPS 140-2 Cryptographic Module validated to FIPS 140-2 under Cert. #1081 operating in FIPS mode using IBM JVM 1.6) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	08/07/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #805 and #1795); DRBG (Cert. #128); HMAC (Certs. #445 and #1059); RNG (Cert. #463); RSA (Certs. #387 and #898); SHS (Certs. #803, #1573 and #1577) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "Thales keyAuthority® is a standards-based, FIPS-validated key management appliance that enables organizations to confidently manage encryption for multiple types of encrypting endpoints. The appliance manages encryption keys throughout their lifecycle to meet security policy and regulatory compliance requirements. A vendor-neutral approach ensures broad support for encryption devices."
1776	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0	Luna® CA4 (Hardware Version: LTK-02-0501; Firmware Version: 4.8.7) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	08/01/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1785; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
1775	SafeNet, Inc. 20 Colonnade Road Suite 200 Nepean, ON K2E 7M6 Canada -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0	Luna® PCM Key Export (KE) Cryptographic Module (Hardware Version: LTK-02-0501; Firmware Version: 4.8.7) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/01/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed) -Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1785; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1774	SafeNet Inc. 20 Colonnade Road Suite 200 Ottawa, ON K2E 7M6 Canada -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200556-0	Luna® PCM (Hardware Version: LTK-02-0501; Firmware Version: 4.8.7) (When operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	08/01/2012	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed) -Other algorithms: DES; AES MAC (AES Cert. #1785, non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1773	Ciena® Corporation 1201 Winterson Road Linthicum, MD 21090 USA -Patrick Scully TEL: 613-670-3207 CST Lab: NVLAP 200928-0	565 Advanced Services Platform [1], 5100 Advanced Services Platform [2] and 5200 Advanced Services Platform [3] (Hardware Versions: [NT0H50DAE5 REV 004 [1], NTPM50AAE5 Rev 11 [2], NT0H50AA Rev 014 [3], SP Card NT0H5066E5 Rev 04 [1] and NT0H41ABE5 Rev 8 [2,3], QOTR/E Card NT0H25BAE5 Rev 2 [1,2,3], OCM Card NT0H40BCE5 Rev 18 [3], Filler Card NT0H52ABE6 Rev 02 [1,2,3]] with FIPS security kit NT0H25BZ Rev 3; Firmware Versions: 11.2 and 11.21) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/01/2012; 02/06/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #1161); AES (Certs. #1682, #1794 and #1796); SHS (Certs. #1576 and #1578); HMAC (Certs. #1058 and #1060); RSA (Certs. #897 and #899); DRBG (Certs. #130 and #131) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; DES; Blowfish Multi-chip standalone "The 565/5100/5200 Advanced Services Platform offers an integrated transport encryption solution providing an ultra-low latency and protocol-agnostic wirespeed encryption service for use in small to large enterprises or datacenters and also offered through service providers as a differentiated managed service."
1772	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Guillaume Gavillet FAX: 408-936-1801 -Seyed Safakish TEL: 408-745-8158 FAX: 408-936-1801 CST Lab: NVLAP 200002-0	Junos-FIPS 10.4 L1 OS Cryptographic Module (Firmware Version: 10.4R5) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	07/31/2012	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Tested: RE-850-1536 [M7i] and RE-850-1536 [M10i] -FIPS-approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Juniper Networks M7i and M10i routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software which provides both management and control functions as well as all IP routing."
1771	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA -Wendi Ittah TEL: 703- 399-0535 CST Lab: NVLAP 200928-0	ProxySG 510-5 [1], 510-10 [2], 510-20 [3], 510-25 [4], 810-5 [5], 810-10 [6], 810-20 [7] and 810-25 [8] (Hardware Versions: 090-02760 Rev U.0 [1]; 090-02761 Rev X.0 [2]; 090-02762 Rev W.0 [2]; 090-02761 Rev C.0 [2]; 090-02762 Rev C.0 [2]; 090-02763 Rev W.0 [3]; 090-02764 Rev W.0 [3]; 090-02763 Rev C.0 [3]; 090-02764 Rev C.0 [3]; 090-02781 Rev X.0 [4]; 090-02782 Rev X.0 [4]; 090-02781 Rev C.0 [4]; 090-02782 Rev C.0 [4]; 090-02765 Rev W.0 [5]; 090-02766 Rev Y.0 [6]; 090-02767 Rev Y.0 [6]; 090-02766 Rev H.0 [6]; 090-02767 Rev H.0 [6]; 090-02768 Rev X.0 [7]; 090-02769 Rev X.0 [7]; 090-02768 Rev H.0 [7]; 090-02769 Rev H.0 [7]; 090-02783 Rev Z.0 [8]; 090-02784 Rev Z.0 [8]; 090-02783 Rev H.0 [8] and 090-02784 Rev H.0 [8] with FIPS kit 085-02597; Firmware Versions: 5.5 or 5.5.7.2) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/31/2012; 08/07/2012; 01/04/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #397 and #1885); Triple-DES (Certs. #217, #435 and #1224); RSA (Cert. #962); SHS (Cert. #1656); HMAC (Cert. #1127); RNG (Cert. #987). -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5 Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 510 and 810 are some of several appliance lines offered by Blue Coat"
1770	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA -Wendi Ittah TEL: 703- 399-0535 CST Lab: NVLAP 200928-0	ProxySG 510-5 [1], 510-10 [2], 510-20 [3], 510-25 [4], 810-5 [5], 810-10 [6], 810-20 [7], 810-25 [8] (Hardware Versions: 090-02760 Rev U.0 [1]; 090-02761 Rev X.0 [2]; 090-02762 Rev W.0 [2]; 090-02761 Rev C.0 [2]; 090-02762 Rev C.0 [2]; 090-02763 Rev W.0 [3]; 090-02764 Rev W.0 [3]; 090-02763 Rev C.0 [3]; 090-02764 Rev C.0 [3]; 090-02781 Rev X.0 [4]; 090-02782 Rev X.0 [4]; 090-02781 Rev C.0 [4]; 090-02782 Rev C.0 [4]; 090-02765 Rev W.0 [5]; 090-02766 Rev Y.0 [6]; 090-02767 Rev Y.0 [6]; 090-02766 Rev H.0 [6]; 090-02767 Rev H.0 [6];090-02768 Rev X.0 [7]; 090-02769 Rev X.0 [7]; 090-02768 Rev H.0 [7]; 090-02769 Rev H.0 [7]; 090-02783 Rev Z.0 [8]; 090-02784 Rev Z.0 [8]; 090-02783 Rev H.0 [8] and 090-02784 Rev H.0 [8] with FIPS kit 085-02597; Firmware Versions: 6.1 or 6.1.5.5) (When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/31/2012; 08/07/2012; 01/04/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #397 and #1875); Triple-DES (Certs. #217, #435 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 510 and 810 are some of several appliance lines offered by Blue Coat"
1769	Hewlett-Packard Development Company, L.P. 2344 Boulevard Alfred-Nobel St-Laurent, QC H4S 0A4 Canada -Gilbert Moineau TEL: +1-514-920-4250 CST Lab: NVLAP 200002-0	HP 5406 zl [1], HP 5412 zl [2], HP 8206 zl [3] and HP 8212 zl [4] Switches with the HP MSM765zl Mobility Controller (Hardware Version: (J8697A [1], J8698A [2], J9447A [3] and J9091A [4] [B]); Management Modules: (J8726A [1,2] and J9092A [3,4] [B]); Power Supply: (J9306A: one [1,3] or two [2,4]); Support Module: (J9095A [3,4] [B]); Fabric Module: (J9093A: two [3,4] [B]); Blank Plate: (5069-8563: four [1], ten [2], five [3] or eleven [4]); Opacity Shield Kits: (J9710A [1], J9711A [2], J9712A [3] and J9713A [4]); High Performance Fan Trays: (J9721A [1], J9722A [2], J9723A [3] and J9724A [4]); with (HP Gig-T/SFP+ V2 zl Mod: J9536A; HP Mobility Controller: J9370A [A] and Tamper Evident Seal Kit: J9709A) [1,2,3,4]; Firmware Version: 5.6.0 [A] and K.15.07.0003 [B]) (When operated in FIPS mode with the tamper evident seals and opacity shields installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/27/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1824 and #1825); Triple-DES (Certs. #1177 and #1178); SHS (Certs. #1603 and #1604); HMAC (Certs. #1079 and #1107); RNG (Cert. #961); RSA (Certs. #917 and #921) -Other algorithms: RC4; MD5; HMAC-MD5; SHA-[224, 256, 384 and 512] (Cert. #1604; non-compliant); HMAC-SHA-[224, 256, 384 and 512] (Cert. #1079; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The HP 5400/8200 zl Switch Series with the HP MSM765zl Mobility Controller provide centralized management and control of intelligent HP MSM APs for a wide range of deployments, from small Internet cafes and businesses, to large corporations and institutions."
1768	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA -Wendi Ittah TEL: 703- 399-0535 CST Lab: NVLAP 200928-0	ProxySG 9000-10 [1], 9000-20 [2] and 9000-20B [3] (Hardware Version: 090-02844 [1], 090-02843 [1], 090-02840 [2], 090-02839 [2], 090-02984 [3] and 090-02985 [3] with FIPS kit 085-02718;; Firmware Versions: 5.5 or 5.5.7.2) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/27/2012; 08/07/2012; 01/04/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1265 and #1885); Triple-DES (Certs. #898 and #1224); RSA (Cert. #962); SHS (Cert. #1656); HMAC (Cert. #1127); RNG (Cert. #987). -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5 Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 9000 is one of several appliance lines offered by Blue Coat"
1767	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA -Wendi Ittah TEL: 703- 399-0535 CST Lab: NVLAP 200928-0	ProxySG 900-10 [1], 900-10B [2], 900-20 [3], 900-30 [4], 900-45 [5] and 900-55 [6] (Hardware Version: 090-02900 [1], 090-02901 [1], 090-02988 [2], 090-02989 [2], 090-02902 [3], 090-02903 [3], 090-02904 [4], 090-02905 [4], 09002908 [5], 090-02909 [5], 090-02979 [6] and 090-02980 [6] with FIPS kit 085-02742; Firmware Versions: 6.1 or 6.1.5.5) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/27/2012; 08/07/2012; 08/16/2012; 01/04/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1265 and #1875); Triple-DES (Certs. #898 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 900 is one of several appliance lines offered by Blue Coat"
1766	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA -Wendi Ittah TEL: 703- 399-0535 CST Lab: NVLAP 200928-0	ProxySG 9000-10 [1], 9000-20 [2], 9000-20B [3], 9000-30 [4] and 9000-40 [5] (Hardware Version: 090-02844 [1], 090-02843 [1], 090-02840 [2], 090-02839 [2], 090-02984 [3], 090-02985 [3], 090-02841 [4], 090-02842 [4], 090-02845 [5] and 090-02846 [5] with FIPS kit 085-02718; Firmware Versions: 6.1 or 6.1.5.5) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/27/2012; 08/07/2012; 08/16/2012; 09/27/2012; 01/04/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1265 and #1875); Triple-DES (Certs. #898 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 9000 is one of several appliance lines offered by Blue Coat"
1765	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 905-507-4230 CST Lab: NVLAP 200556-0	BlackBerry Cryptographic Java Module (Software Versions: 2.8 and 2.8.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	07/31/2012; 10/10/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on [Solaris 10, 32-bit; Solaris 10, 64-bit; Red Hat Linux AS 5.5, 32-bit; Red Hat Linux AS 5.5, 64-bit; Windows Vista, 32-bit; Windows Vista, 64-bit; Windows 2008 Server, 64-bit] (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #964); AES (Cert. #1411); SHS (Cert. #1281); HMAC (Cert. #832); RNG (Cert. #773); DSA (Cert. #455); ECDSA (Cert. #179); RSA (Cert. #687); DRBG (Cert. #52); KAS (Cert. #8) -Other algorithms: ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Java Module is a software module that provides cryptographic services to BlackBerry® products such as the BlackBerry® PlayBook Administration Service, and other BlackBerry® products."
1764	Athena Smartcard, Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA -Ian Simmons TEL: 408-786-1028 FAX: 408-608 1818 CST Lab: NVLAP 100432-0	IDProtect Duo with PIV (Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: Athena IDProtect 010E.1245.0002 with PIV Applet 3.0) (PIV Card Application: Cert. #31) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	08/23/2012; 04/12/2013	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high performance government and enterprise smart card applications."
1763	Motorola Solutions, Inc. Unit A1, Linhay Business Park Ashburton, Devon TQ13 7UP United Kingdom -Richard Carter TEL: +44 1364 655504 FAX: +44 1364 654625 CST Lab: NVLAP 100432-0	Motorola PTP 800 Series CMU Cryptographic Module (Hardware Version: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800 04-10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2012	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG Multi-chip standalone "Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Motorola Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution."
1762	INSIDE Secure 41 Parc Club du Golf Aix-en-Provence, 13856 France -Jerome Ducros TEL: +333 (0)413758653 CST Lab: NVLAP 100432-0	VaultIC420™, VaultIC440™ and VaultIC460™ (Hardware Versions: P/N: ATVaultIC420, ATVaultIC440 and ATVaultIC460, Platform: AT90SO128 - Silicon Rev F; Firmware Version: 1.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2012; 09/06/2012	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: AES (Cert. #1822); DRBG (Cert. #142); DSA (Cert. #572); ECDSA (Cert. #251); HMAC (Cert. #1077); RSA (Cert. #927); SHS (Cert. #1601); Triple-DES (Cert. #1175) -Other algorithms: DES; DES MAC; Triple-DES MAC (non-compliant); HOTP; TOTP; RSA (encrypt/decrypt); AES (Cert. #1822, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "The VaultIC™ 420, VaultIC™ 440 and VaultIC™ 460 is an Application Specific Standard Product (ASSP) designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection."
1761	Motorola Solutions, Inc. 1303 E. Algonquin Rd Schaumburg, IL 60196 USA -Richard Carter TEL: 44-0-1364-655500 FAX: 44-0-1364-654625 CST Lab: NVLAP 100432-0	Motorola PTP 600 Series Point to Point Wireless Ethernet Bridges (Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Version: PTP600 10-00) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/27/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); RADIUS Multi-chip standalone "PTP 600 Series Ethernet bridges offer high performance connectivity and backhaul in challenging non-line-of-sight environments. With carrier-grade reliability, PTP 600 links have class-leading sensitivity and power output which enable links to go farther, while sustaining high throughput regardless of conditions. With data rates up to 300 Mbps and reaching distances up to 124 miles, this Series of high-performance and secure wireless bridges make cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers and public safety organizations."
1760	Catbird Networks, Inc. 1800 Green Hills Road Suite 113 Scotts Valley, CA 95066 USA -Michael Berman TEL: 1-800-673-6775 CST Lab: NVLAP 100432-0	Catbird vSecurity Crypto Module v1.0 (Software Version: v1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	07/27/2012	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with CentOS 6.0 running on Intel Core i5 with AES-NI (single-user mode) -FIPS-approved algorithms: AES (Cert. #1922); DRBG (Cert. #166); DSA (Cert. #609); HMAC (Cert. #1157); RNG (Cert. #1010); RSA (Cert. #991); SHS (Cert. #1688); Triple-DES (Cert. #1252); ECDSA (Cert. #274); CVL (Cert. #14) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt) Multi-chip standalone "Catbird is the industry pioneer in security and compliance for virtualized environments, a four-time Best of Show Finalist at VMworld and a Gartner Group Cool Vendor 2011. Catbird's comprehensive protection includes monitoring and enforcement of PCI, NIST, HIPAA, FISMA, DIACAP and other requirements in virtual environments. Maintaining regulatory and corporate compliance in the new data center and eliminating uncertainty over secure virtualization, Catbird's protection keeps Tier-1 application deployment plans on track."
1759	Cummings Engineering Consultants, Inc. 145 S. 79th St. Suite 26 Chandler, AZ 85226 USA -Darren Cummings TEL: 480-809-6024 CST Lab: NVLAP 100432-0	Cummings Engineering's Secure Mobility Suite B Crypto Module (Software Version: v1.0 or v1.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	07/27/2012; 04/19/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Operational Environment: Tested as meeting Level 1 with Android 2.2 running on Qualcomm QSD 8250 (ARMv7) with NEON; Linux 3.0.4 running on TI OMAP 3 (ARMv7) with NEON; Ubuntu 10.04 running on Intel Pentium; Fedora 14 running on Intel Core i5 with AES-NI; Windows 7 running on Intel Core i5 with AES-NI; Windows 7 running on Intel Celeron; Android 2.2 running on Intel Pentium; Android 2.2 running on Intel Core i5 with AES-NI: Apple OS X 10.7 running on Intel Core i7-3615QM; Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (single-user mode) -FIPS-approved algorithms: AES (Certs. #1916 and #2373); DRBG (Certs. #161 and #309); DSA (Certs. #607 and #744); HMAC (Certs. #1151 and #1475); RNG (Certs. #1007 and #1178); RSA (Certs. #984 and #1228); SHS (Certs. #1681 and #2045); Triple-DES (Certs. #1246 and #1484); ECDSA (Certs. #272 and #391); CVL (Certs. #13 and #64) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt) Multi-chip standalone "Cummings Engineering is a leading provider of mobility innovation providing state-of-the art advanced cryptography and enterprise solutions in both commercial and government markets. Cummings Engineering has multiple patents/patents-pending in the secure communications domain and has made breakthroughs around MDM, Secure Smartphones, and more. Cummings Engineering is committed to providing best-in-class products and services to protect the privacy and data of US Citizens."
1758	Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA -Irina Boverman TEL: 978-392-1000 FAX: 978-392-1001 CST Lab: NVLAP 200658-0	Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module (Software Version: 2.1) (When operated in FIPS Mode and when obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	07/27/2012; 10/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); SHS (Certs. #1658, #1659, #1663 and #1664); RNG (Certs. #989, #990, #994 and #995); RSA (Certs. #964, #965, #969 and #970); HMAC (Certs #1129, #1130, #1134 and #1135) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 160 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 160 bits of encryption strength); MD5 Multi-chip standalone "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library version 1.0.0-20.el6 delivered with RHEL 6.2."
1757	Red Hat®, Inc. 314 Littleton Road Westford, MA 01886 USA -Irina Boverman TEL: 978-392-1000 FAX: 978-392-1001 TEL: 919-754-3700 FAX: 919-754-3701 CST Lab: NVLAP 200658-0	Red Hat Enterprise Linux 6.2 Libgcrypt Cryptographic Module (Software Version: 2.1) (When operated in FIPS mode and when obtained, installed and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	07/27/2012; 10/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1886, #1890, #1891 and #1892); Triple-DES (Certs. #1225, #1228, #1229 and #1230); SHS (Certs. #1657, #1660, #1661 and #1662); RSA (Certs. #963, #966, #967 and #968); DSA (Certs. #591, #594, #595 and #596); HMAC (Certs. #1128, #1131, #1132 and #1133); RNG (Certs. #988, #991, #992 and #993) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); MD5 Multi-chip standalone "The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library version 1.4.5-9.e16 delivered with RHEL 6.2."
1756	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	NetScreen-ISG 1000 [1] and NetScreen-ISG 2000 [2] (Hardware Versions: [NS-ISG-1000, NS-ISG-1000-DC, NS-ISG-1000B and NS-ISG-1000B-DC] [1] and [(NS-ISG-2000, NS-ISG-2000-DC, NS-ISG-2000B and NS-ISG-2000B-DC) with 1, 2, 3 or 4 FE8 Interface Cards][2] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/27/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1058); AES (Cert. #1617); DSA (Cert. #504); SHS (Cert. #1426); RNG (Cert. #865); RSA (Cert. #795); HMAC (Cert. #948); ECDSA (Cert. #202) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1755	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	NetScreen-5200 [1] and Netscreen-5400 [2] (Hardware Versions: [(NS-5200 [1] with one NS-5000-8G2) and (NS-5400 [2] with one to three NS-500-8G2)] with (NS-5000-MGT2 or NS-5000-MGT3) and JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	07/27/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1059); AES (Cert. #1618); DSA (Cert. #505); SHS (Cert. #1427); RNG (Cert. #866); RSA (Cert. #796); HMAC (Cert. #949); ECDSA (Cert. #203) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1754	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200556-0	FortiOS™ (Firmware Version: 4.0 MR3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Firmware	07/17/2012	Overall Level: 1  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested: FortiGate 3950B -FIPS-approved algorithms: AES (Certs. #1856 and #1857); Triple-DES (Certs. #1203 and #1204); HMAC (Certs. #1103 and #1104); SHS (Certs. #1633 and #1634); RSA (Cert. #939); RNG (Cert. #974) -Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
1753	Utimaco Safeware AG Germanusstr. 4 Aachen, 52080 Germany -Dr. Gesa Ott TEL: +49 241-1696-200 FAX: +49 241-1696-199 CST Lab: NVLAP 100432-0	SafeGuard® CryptoServer Se (Hardware Version: P/N CryptoServer Se, Version 3.00.3.1; Firmware Version: 1.0.1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/24/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1711); DRBG (Cert. #141); ECDSA (Cert. #221); HMAC (Cert. #990); RSA (Certs. #841 and #842); SHS (Certs. #1498, #1597 and #1598); Triple-DES (Cert. #1101); Triple-DES MAC (Triple-DES Cert. #1101, vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); AES (Cert. #1711, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1101, key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES; MD5; DSA (non-compliant); MDC-2; RIPEMD-160; Retail-TDES MAC (non-compliant); AES MAC (AES Cert. #1711; non-compliant) Multi-chip embedded "SafeGuard® CryptoServer Se is an encapsulated, protected hardware security module which provides secure cryptographic services like encryption or decryption (for various cryptographic algorithms like Triple-DES, RSA and AES), hashing, signing, and verification of data (RSA, ECDSA), random number generation, on-board secure key generation, key storage and further key management functions in a tamper-protected environment. The module is optionally available with or without RSA Crypto Accelerator."
1752	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Versions: P/Ns 5185912Y01 or 5185912Y03; Firmware Versions: [D01.03.08, D01.03.10, R07.11.08, R07.11.10, R07.11.11 or R01.03.13] and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/27/2012; 07/18/2012 12/12/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1751	Motorola Solutions, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Tom Nguyen TEL: 847-576-2352 CST Lab: NVLAP 100432-0	Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Versions: P/Ns 5185912Y01 or 5185912Y03; Firmware Versions: [D01.03.08, D01.03.10, R07.11.08, R07.11.10, R07.11.11 or R01.03.13] and [R01.00.00 or (R01.00.00 and R02.00.00)]) (When operated in FIPS mode and configured to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/27/2012; 07/18/2012; 12/12/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1750	Athena Smartcard, Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA -Ian Simmons TEL: 408-786-1028 FAX: 408-608 1818 CST Lab: NVLAP 100432-0	IDProtect Key with LASER PKI (Hardware Version: Inside Secure AT90SC25672RCT-USB Rev. D packaged in TIDPTMINI72 and TIDPUSBV2J; Firmware Version: Athena IDProtect 0106.0130.0401 with LASER PKI Applet 3.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/17/2012; 04/12/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1749	Athena Smartcard, Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA -Ian Simmons TEL: 408-786-1028 FAX: 408-608 1818 CST Lab: NVLAP 100432-0	IDProtect Duo with LASER PKI (Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: Athena IDProtect 010E.1245.0002 with LASER PKI Applet 3.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/17/2012; 04/12/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1748	Vocality International Ltd Lydling Barn, Puttenham Lane Shackleford, Surrey GU8 6AP United Kingdom -Martin Saunders TEL: +44 1483 813130 FAX: +44 1483 813121 CST Lab: NVLAP 100432-0	BASICS IP PC104 (Hardware Versions: 68551-01-1/68551C6; Firmware Version: 08_42.05) (When configured in FIPS mode as specified in Section 8 of the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/27/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1734); DSA (Cert. #540); ECDSA (Cert. #226); RSA (Cert. #857); RNG (Cert. #923); HMAC (Cert. #1010); SHS (Cert. #1518); Triple-DES (Cert. #1123) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG Multi-chip embedded "The BASICS IP PC104 unit is a high-performance 10/100base-T Router which incorporates a cryptographic module. It provides 3 independently routable subnets; one for the uplink port, one for the downlink port and one for the four Ethernet switch ports which are also IEEE802.1q VLAN and Power-over-Ethernet (PoE) capable. It can also bridge network traffic to the uplink port from any IP device connected to its Downlink port. It may be used as a simple switch or a sophisticated secure multiprotocol IP router and can also power a group of SIP VoIP phones."
1747	OpenSSL Software Foundation 1829 Mount Ephraim Road Adamstown, MD 21710 USA -Steve Marquess TEL: 877-673-6775 CST Lab: NVLAP 100432-0	OpenSSL FIPS Object Module (Software Version: 2.0, 2.0.1, 2.0.2 or 2.0.3) (When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	06/27/2012; 07/09/2012; 07/18/2012; 10/24/2012; 01/22/2013; 02/06/2013; 02/22/2013 02/28/2013; 03/28/2013	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Android 2.2 (gcc Compiler Version 4.4.0); Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0); Microsoft Windows 7 (32 bit) (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00); uCLinux 0.9.29 (gcc Compiler Version 4.2.1); Fedora 14 running on Intel Core i5 with AES-NI (gcc Compiler Version 4.5.1); HP-UX 11i (32 bit) (HP C/aC++ B3910B); HP-UX 11i (64 bit) (HP C/aC++ B3910B); Ubuntu 10.04 (32 bit) (gcc Compiler Version 4.1.3); Ubuntu 10.04 (64 bit) (gcc Compiler Version 4.1.3); Android 3.0 (gcc Compiler Version 4.4.0); Linux 2.6.27 (gcc Compiler Version 4.2.4); Microsoft Windows 7 (64 bit) (Microsoft C/C++ Optimizing Compiler Version 16.00); Ubuntu 10.04 running on Intel Core i5 with AES-NI (32 bit) (gcc Compiler Version 4.1.3); Linux 2.6.33 (gcc Compiler Version 4.1.0); Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0); VxWorks 6.8 (gcc Compiler Version 4.1.2); Linux 2.6 (gcc Compiler Version 4.3.2); Linux 2.6.32 (gcc Compiler Version 4.3.2); Oracle Solaris 10 (32 bit) (gcc Compiler Version 3.4.3); Oracle Solaris 10 (64 bit) (gcc Compiler Version 3.4.3); Oracle Solaris 11(32 bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 (64 bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (32 bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (64 bit) (gcc Compiler Version 4.5.2); Oracle Linux 5 (64 bit) (gcc Compiler Version 4.1.2); CascadeOS 6.1 (32 bit) (gcc Compiler Version 4.4.5); CascadeOS 6.1 (64 bit) (gcc Compiler Version 4.4.5); Oracle Linux 5 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.1.2); Oracle Linux 6 (gcc Compiler Version 4.4.6); Oracle Linux 6 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.4.6); Oracle Solaris 11 (32 bit) (Sun C Version 5.12); Oracle Solaris 11 (64 bit) (Sun C Version 5.12); Android 4.0 (gcc Compiler Version 4.4.3); Apple iOS 5.1 (gcc Compiler Version 4.2.1); Microsoft Windows CE 6.0 (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM); Microsoft Windows CE 5.0 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM); Linux 2.6 (gcc Compiler Version 4.1.0); DSP Media Framework 1.4 (TMS320C6x C/C++ Compiler v6.0.13); Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3); NetBSD 5.1 (gcc Compiler Version 4.1.3); Microsoft Windows 2008 running on Intel Xeon E3-1220v2 (32-bit under vSphere) (Microsoft 32-bit C/C++ Optimizing Compiler Version 16.00 for 80x86); Microsoft Windows 2008 running on Intel Xeon E3-1220v2 (64-bit under vSphere) (Microsoft C/C++ Optimizing Compiler Version 16.00 for x64); RHEL 6 running on Intel Xeon E3-1220v2 (32-bit under vSphere) (gcc Compiler Version 4.4.6); RHEL 6 running on Intel Xeon E3-1220v2 (64-bit under vSphere) (gcc Complier Version 4.4.6); Microsoft Windows 7 running on Intel Core i5-2430M (64-bit) with AES-NI (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64); Android 4.1 running on TI DM3730 (ARMv7) (gcc Compiler Version 4.6); Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6); Android 4.2 running on Nvidia Tegra 3 (ARMv7) (gcc Compiler Version 4.6); Android 4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version 4.6); Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720); Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720); Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3); Vmware Horizon Mobile 1.3 under Vmware running on Qualcomm MSM8X60 (ARMv7) with NEON (gcc Compiler Version 4.4.6); Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2); Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1884, #2116, #2234 and #2342); DRBG (Certs. #157, #229, #264 and #292); DSA (Certs. #589, #661, #693 and #734); HMAC (Certs. #1126, #1288, #1363 and #1451); RNG (Certs. #985, #1087, #1119 and #1166); RSA (Certs. #960, #1086, #1145 and #1205); SHS (Certs. #1655, #1840, #1923 and #2019); Triple-DES (Certs. #1223, #1346, #1398 and #1465); ECDSA (Certs. #264, #270, #315, #347, #378 and #383); CVL (Certs. #10, #12, #24, #36, #49 and #53) -Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt) Multi-chip standalone "The OpenSSL FIPS Object Module 2.0 is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications."
1746	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5] (Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-500 [4] and nC4033P-500N [5], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012; 03/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 +EFP -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500, and nShield F3 500 for netHSM family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1745	Vormetric Inc. 2545 N. 1st Street San Jose, CA 95131-1003 USA -Mike Yoder TEL: 408-433-6059 FAX: 408-844-8638 -Richard Gorman TEL: 408-433-6000 FAX: 408-844-8638 CST Lab: NVLAP 200002-0	Vormetric Data Security Server Module (Hardware Version: 1.0; Firmware Version: 4.4.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1838); Triple-DES (Cert. #1192); SHS (Cert. #1620); HMAC (Cert. #1093); RSA (Cert. #928); RNG (Cert. #965) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Vormetric Data Security Server is a multi-chip standalone cryptographic module. The Vormetric Data Security Server is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Encryption Expert Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module."
1744	Thales-eSecurity Inc. 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3] (Hardware Versions: nC4031Z-10 [1], nC3021U-10 [2] and TSMC200 [3], Build Standard N; Firmware Version: 2.50.17-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/25/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1770); Triple-DES (Cert. #1146); HMAC (Cert. #1039); Triple-DES MAC (Triple-DES Cert. #1146, vendor affirmed); SHS (Cert. #1554); DSA (Cert. #553); ECDSA (Cert. #238); RSA (Cert. #886); DRBG (Cert. #120); CVL (Cert. #6) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1770, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1146, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #6, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #6, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
1743	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F2 6000e [1], nShield F2 1500e [2], nShield F2 500e [3] and nShield F2 10e [4] (Hardware Versions: nC3023E-6K0 [1], nC3023E-1K5 [2], nC3023E-500 [3] and nC3023E-010 [4], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012; 03/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1742	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7] (Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Versions: 2.50.16-3 and 2.51.10-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012; 03/08/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1741	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F3 500 [1], nShield F3 500 for NetHSM [2] and nShield F3 10 PCI [3] (Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3], Build Standard N; Firmware Versions: 2.50.16-3 and 2.51.10-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012; 03/08/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield F3 10 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1740	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F2 500 [1] and nShield F2 10 PCI [2] (Hardware Versions: nC3023P-500 [1] and nC3023P-10 [2], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012; 03/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1739	Thales-eSecurity Inc. 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3] (Hardware Versions: nC4031Z-10 [1], nC4031U-10 [2] and TSMC200 [3], Build Standard N; Firmware Version: 2.50.17-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/25/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1770); Triple-DES (Cert. #1146); HMAC (Cert. #1039); Triple-DES MAC (Triple-DES Cert. #1146, vendor affirmed); SHS (Cert. #1554); DSA (Cert. #553); ECDSA (Cert. #238); RSA (Cert. #886); DRBG (Cert. #120); CVL (Cert. #6) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1770, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1146, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #6, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #6, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
1738	Thales-eSecurity Inc. 2200 North Commerce Parkway Suite 200 Weston, FL 33326 USA -sales@ncipher.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nToken (Hardware Version: nC2023P-000, Build Standard N; Firmware Version: 2.50.16-2) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/25/2012	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #1579); HMAC (Cert. #925); SHS (Cert. #1398); DSA (Cert. #487); DRBG (Cert. #72) -Other algorithms: N/A Multi-chip embedded "The nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
1737	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F2 4000 [1], nShield F2 2000 [2] and nShield F2 500 [3] (Hardware Versions: nC3023P-4K0 [1], nC3023P-2K0 [2] and nC3023P-500 [3], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/25/2012;03/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1736	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085 USA -Wendi Ittah TEL: 703- 399-0535 CST Lab: NVLAP 200928-0	ProxySG 600-10 [1], 600-20 [2] and 600-35 [3] (Hardware Versions: 090-02911 [1], 090-02912 [1], 090-02913 [2], 090-02914 [2], 090-02915 [3] and 090-02916 [3] with FIPS kit 085-02762; Firmware Versions: 6.1 or 6.1.5.5) (When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/21/2012; 07/24/2012; 08/07/2012; 01/04/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105 and #1875); Triple-DES (Certs. #217 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 600 is one of several appliance lines offered by Blue Coat"
1735	IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA -William F Penny TEL: 845-435-3010 CST Lab: NVLAP 200658-0	IBM® z/VM® Version 6 Release 1 System SSL Cryptographic Module (Hardware Version: z10 CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863; Software Version: 573FAL00: z/VM 6.1 with APAR PM43382) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software-Hybrid	06/25/2012	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with IBM System z10 (TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (single-user mode) -FIPS-approved algorithms: AES (Certs. #976 and #1873); Triple-DES (Certs. #769 and #1217); DSA (Cert. #586); RSA (Cert. #953); SHS (Certs. #946 and #1646); HMAC (Cert. #1117); RNG (Cert. #982) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2 Multi-chip standalone "z/VM System SSL provides cryptographic functions which allows z/VM to protect data using the SSL/TLS protocols. z/VM System SSL also enables administrators to create and manage X.509 V3 certificates and keys within key database files."
1734	Imation Corp. Discovery Bldg. 1A-041 Oakdale, MN 55128 USA -Larry Hamid TEL: 408-737-4308 CST Lab: NVLAP 100432-0	Imation S250/D250 (Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Version: 4.0.0) (Files distributed with the module mounted within the internal CD Drive are excluded from validation) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/21/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1733	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7] (Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/20/2012; 03/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1732	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Gorczyca CST Lab: NVLAP 200556-0	Symantec Enterprise Vault Cryptographic Module (Software Version: 1.0.0.2) (When operated in FIPS mode with module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode or Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	06/20/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Microsoft Windows Server 2008 R2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #818 and #1168); Triple-DES (Certs. #691 and #846); RSA (Certs. #395, #559 and #568); SHS (Certs. #816 and #1081); HMAC (Certs. #452 and #687); RNG (Cert. #470); DRBG (Cert. #23) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); ANSI X9.31 RSA key-pair generation (non-compliant); ANSI X9.31 RSA signature verification (non-compliant); RC2; RC4; MD5; MD2; MD4; DES Multi-chip standalone "Symantec Enterprise Vault Cryptographic Module is a multi-chip standalone physical embodiment. The module consists of a DLL which interfaces with the Microsoft Cryptographic API to provide the required cryptographic functionality. The Enterprise Vault Cryptographic Module may be used for encryption/decryption of Enterprise Vault passwords, hashing of indexes, and random number generation."
1731	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	SSG 320M and SSG 350M (Hardware Versions: [SSG-320M-SB, SSG-320M-SH, SSG-320M-SB-TAA, SSG-320M-SH-TAA, SSG-320M-SB-DC-N-TAA, SSG-320M-SH-DC-N-TAA, SSG-350M-SB, SSG-350M-SH, SSG-350M-SB-TAA, SSG-350M-SH-TAA, SSG-350M-SB-DC-N-TAA and SSG-350M-SH-DC-N-TAA] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/12/2012; 07/24/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1062); AES (Cert. #1621); DSA (Cert. #508); SHS (Cert. #1430); RNG (Cert. #869); RSA (Cert. #799); HMAC (Cert. #952); ECDSA (Cert. #206) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1730	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks SSG 520M and SSG 550M (Hardware Versions: [SSG-520M-SH, SSG-520M-SH-N, SSG-520M-SH-DC-N, SSG-520M-N-TAA, SSG-520M-SH-DC-N-TAA, SSG-550M-SH, SSG-550M-SH-N, SSG-550M-SH-DC-N, SSG-550M-N-TAA and SSG-550M-SH-DC-N-TAA] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	06/12/2012; 07/24/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1063); AES (Cert. #1622); DSA (Cert. #509); SHS (Cert. #1431); RNG (Cert. #870); RSA (Cert. #800); HMAC (Cert. #953); ECDSA (Cert. #207) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1729	Certicom Corp. 4701 Tahoe Blvd. Building A Mississauga, Ontario L4W 0B5 Canada -Kris Orr TEL: 905-507-4220 -Certicom Eastern US Sales Office TEL: 703-234-2357 FAX: 703-234-2356 CST Lab: NVLAP 200928-0	Security Builder® FIPS Module (Software Version: 6.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	06/08/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with QNX Neutrino 6.6; QNX Neutrino 6.5; Red Hat Linux AS 5.6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1159); AES (Cert. #1789); SHS (Cert. #1571); HMAC (Cert. #1054); RNG (Cert. #949); DRBG (Cert. #127); DSA (Cert. #563); ECDSA (Cert. #242); RSA (Cert. #894); KAS (Cert. #25); CVL (Cert. #7) -Other algorithms: DES; DESX; AES CCM* (non-compliant); AES-XCBC-MAC (non-compliant); AES EAX (non-compliant); AES MMO (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECPVS; ECIES; ECSPEKE; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength); Diffie-Hellman (non-compliant key agreement; key establishment methodology provides less than 80 bits of encryption strength) Multi-chip standalone "The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1728	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Jennifer Gilbert TEL: 703-484-0168 CST Lab: NVLAP 100432-0	Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2) (Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL , WS-SUP720-3B, VS-S 720 10G-3C, or VS-S 720 10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K9=, WS-SVC-WISM2-5-K9=, WS-SVC-WISM2-3-K9=, WS-SVC-WISM2-1-K9=, WS-SVC-WISM2-5-K9, WS-SVC-WISM2-3-K9 or WS-SVC-WISM2-1-K9]; Firmware Versions: [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2.33.SXJ; WiSM2: 7.0.116.0) (When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	06/01/2012; 06/21/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1727	Aruba Networks 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Jon Green TEL: 408-227-4500 CST Lab: NVLAP 200427-0	Aruba 620, 650 and Dell W-620, W-650 Controllers with ArubaOS FIPS Firmware (Hardware Versions: 620-F1 [1], 620-USF1 [1], 650-F1 [1], 650-USF1 [1], W-620-F1 [2], W-620-USF1 [2], W-650-F1 [2], W-650-USF1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6xx_6.1.2.3-FIPS [1] and Dell_PCW_6xx_6.1.2.3-FIPS [2] or ArubaOS_6xx_6.1.4.1-FIPS [1] and Dell_PCW_6xx_6.1.4.1-FIPS [2]) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	07/24/2012; 01/24/2013	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #779, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #426, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #781, #1627, #1629 and #1631); Triple-DES (Certs. #673, #1198 and #1201) -Other algorithms: DES; HMAC-MD5; MD5; NDRNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform."
1726	Voltage Security, Inc. 20400 Stevens Creek Blvd. Cupertino, CA 95014 USA -Luther Martin TEL: 650-543-1280 FAX: 650-543-1279 CST Lab: NVLAP 200802-0	Voltage IBE Cryptographic Module for z/OS (Hardware Version: Crypto Express2 card (CEX2C) [a separately configured version of 4764-001 (P/N 12R6536)]; Software Version: 4.0; Firmware Version: 4764-001(2096a16d)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software-Hybrid	05/31/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with IBM System z10 with z/OS PUT1106 / RSU1108 -FIPS-approved algorithms: AES (Cert. #1812); Triple-DES (Cert. #1168); DSA (Cert. #568); SHS (Cert. #1590); RNG (Cert. #955); RSA (Cert. #908); HMAC (Cert. #1069); DRBG (Cert. #139) -Other algorithms: NDRNG; IBE; FFX; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES Multi-chip standalone "The Voltage IBE Cryptographic Module for z/OS Version 4.0 is a FIPS 140-2 Level 1 compliant software-hybrid module that provides encrypt/decrypt and cryptographic signature services for Internet Protocol (IP) traffic."
1725	Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder, D-16547 Germany -Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 -Hasbi Kabacaoglu TEL: +49-3303-525-656 FAX: +49-3303-525-609 CST Lab: NVLAP 100432-0	Postal mRevenector DE 2011 (Hardware Version: 580036020300/01; Firmware Versions: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001; FRANKIT-Application: 90.0036.0204.00/2011515001) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/29/2012; 01/22/2013	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "The Francotyp-Postalia Postal mRevenector DE 2011 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector DE 2011 has been designed in compliance with the Deutsche Post (DPAG), FRANKIT Specification."
1724	Hughes Network Systems, LLC. 11717 Exploration Lane Germantown, MD 20876 USA -Tim Young TEL: 301-428-1632 CST Lab: NVLAP 200427-0	Hughes SPACEWAY Crypto Kernel (Firmware Version: 1.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	05/23/2012	Overall Level: 1  -Tested: ST HN9500 with VxWorks 5.4; AGW2 with VxWorks 5.4; AGW5 with VxWorks 5.4 -FIPS-approved algorithms: AES (Cert. #1788); DRBG (Cert. #126); HMAC (Cert. #1053); SHS (Cert. #1570) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); MD5 Multi-chip standalone "The HSCK v1.0 is a firmware library that provides cryptographic functionality for securing communications over the Hughes SPACEWAY Satellite communication systems. SPACEWAY enables a full-mesh digital network that interconnects with a wide range of end-user equipment and systems."
1723	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	SSG 140 (Hardware Versions: (SSG-140-SB and SSG-140-SH) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6) (When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	05/23/2012; 07/24/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #1060); AES (Cert. #1619); DSA (Cert. #506); SHS (Cert. #1428); RNG (Cert. #867); RSA (Cert. #797); HMAC (Cert. #950); ECDSA (Cert. #204) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5 Multi-chip standalone "Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1722	Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder, D-16547 Germany -Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 CST Lab: NVLAP 100432-0	Postal mRevenector US 2011 (Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001; IBIP Application: 90.0036.0203.00/2011485001) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/23/2012; 01/22/2013	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); ECDSA (Cert. #184); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122) -Other algorithms: NDRNG Multi-chip embedded "The Francotyp-Postalia Postal mRevenector US 2011 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector US 2011 has been designed in compliance with the United States Postal Services (USPS), Information-Based Indicia Program (IBIP)."
1721	Vormetric Inc. 2545 N. 1st Street San Jose, CA 95131-1003 USA -Mike Yoder TEL: 408-433-6059 FAX: 408-844-8638 -Richard Gorman TEL: 408-433-6000 FAX: 408-844-8638 CST Lab: NVLAP 200002-0	Vormetric Encryption Expert Cryptographic Module (Software Version: 4.4.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	05/23/2012; 06/05/2012	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows 2003 32-bit; Windows 2008 64-bit; Solaris 10 64-bit; Redhat Linux 5.7 64-bit; HPUX 11i v3 64-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1820); Triple-DES (Cert. #1173); SHS (Cert. #1596); HMAC (Cert. #1075) -Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services."
1720	Francotyp-Postalia GmbH Triftweg 21-26 Birkenwerder, D-16547 Germany -Dirk Rosenau TEL: +49-3303-525-616 FAX: +49-3303-525-609 CST Lab: NVLAP 100432-0	mRevenector 2011 (Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/23/2012	Overall Level: 3  -Physical Security: Level 3 +EFP/EFT -FIPS-approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); HMAC (Cert. #878); RSA (Cert. #732); SHS (Cert. #1346) -Other algorithms: NDRNG Multi-chip embedded "mRevenector2011 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the mRevenector2011 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
1719	Green Hills Software 30 W Sola Street Santa Barbara, CA 93101 USA -David Sequino TEL: 206-310-6795 FAX: 978-383-0560 -Douglas Kovach TEL: 727-781-4909 FAX: 727-781-3915 CST Lab: NVLAP 200427-0	INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit (Software Version: 1.0.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	05/22/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with RHEL 5; Green Hills Software INTEGRITY OS v5.0.11 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1762); ECDSA (Cert. #235); HMAC (Cert. #1033); RNG (Cert. #939); RSA (Cert. #878); SHS (Cert. #1546) -Other algorithms: ARCFour; DES; Diffie-Hellman; EC Diffie-Hellman; ECMQV; DSA (non-compliant); MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Triple-DES (non-compliant) Multi-chip standalone "Green Hills Software, Integrity Security Services (ISS) High Assurance Embedded Cryptographic Toolkit (HA-ECT) is a standards-based, flexible cryptographic toolkit providing developers with a software framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. The ISS HA-ECT FIPS Module is designed to support multiple cryptographic software and hardware providers with a single common API, easily targeted to a variety operating systems."
1718	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks LN1000 Mobile Secure Router (Hardware Version: LN1000-V with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 11.2S4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	05/07/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #1269 and #1270); AES (Certs. #1956 and #1957); DSA (Cert. #624); SHS (Certs. #1715 and #1716); RNG (Cert. #1028); RSA (Cert. #1013); HMAC (Certs. #1178 and #1179) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "Juniper Networks LN1000 Mobile Secure Router is an edge access router that delivers a high-performance routing firewall and intrusion detection service (IDS). The LN1000 addresses the growing demand for a network access presence in military, first responder and transportation vehicles, mining and exploration equipment, unmanned aircraft, and power grids."
1717	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco Catalyst 6506-E [1], Catalyst 6509-E [2] and Catalyst 6513-E [3] Switches with Supervisor Cards (VS-S2T-10G or VS-S2T-10G-XL) and Line Cards (WS-X6908-10G or WS-X6908-10G-2TXL) (Hardware Version: 6506-E -M0 [1], 6509-E -N0 [2], 6513-E -S0 [3], Supervisor Card VS-S2T-10G -B0, Supervisor Card VS-S2T-10G-XL -C0, Line Card WS-X6908-10G -A0, Line Card WS-X6908-10G-2TXL version -B0 and FIPS kit packaging (CVPN6500FIPS/KIT=); Firmware Version: 15.0(1)SY2) (When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/03/2012; 12/21/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1426, #1427 and #1816); DRBG (Cert. #140); HMAC (Cert. #1072); RSA (Cert. #911); SHS (Cert. #1593); Triple-DES (Cert. #1171) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); AES (Cert. #1816, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "The Catalyst 6500 series switches offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco switches easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1716	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/02/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1715	Hewlett-Packard Development Company, L.P. 2344 Boulevard Alfred-Nobel St-Laurent, QC H4S 0A4 Canada -Gilbert Moineau TEL: +1-514-920-4250 CST Lab: NVLAP 200002-0	HP MSM430 Dual Radio 802.11N TAA AP [1], HP MSM430 Dual Radio 802.11N AP (WW) [2], HP MSM430 Dual Radio 802.11N AP (JP) [3], HP MSM460 Dual Radio 802.11N TAA AP [4], HP MSM460 Dual Radio 802.11N AP (WW) [5], HP MSM460 Dual Radio 802.11N AP (JP) [6], HP MSM466 Dual Radio 802.11N TAA AP [7], HP MSM466 Dual Radio 802.11N AP (WW) [8] and HP MSM466 Dual Radio 802.11N AP (JP) [9] (Hardware Versions: J9654A [1], J9651A [2], J9652A [3], J9655A [4], J9591A [5], J9589A [6], J9656A [7], J9622A [8] and J9620A [9] with FIPS kit J9740A; Firmware Version: 5.6.0) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	05/03/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1823 and #1840); Triple-DES (Cert. #1176); SHS (Cert. #1602); HMAC (Cert. #1078); RNG (Cert. #960); RSA (Cert. #916) -Other algorithms: Blowfish; MD5; HMAC-MD5; SHA-[224, 256, 384 and 512] (Cert. #1602; non-compliant); HMAC-SHA-[224, 256, 384 and 512] (Cert. #1078; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); AES (Cert. #1840, key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "The MSM430, MSM460 and MSM466 Access Points allow wireless devices to connect to a wired network using Wi-Fi 802.11abgn."
1714	Honeywell Scanning and Mobility (HSM) - USA 700 Visions Dr, PO Box 208 Building A Skaneateles Falls, NY 13153-0208 USA -Mike Robinson TEL: 315-554-6387 FAX: 856-232-2932 -Tom Amundsen TEL: 856-374-5589 FAX: 856-232-2932 CST Lab: NVLAP 200928-0	Scanning and Mobility FIPS Module (Firmware Versions: 4.0 B and 4.0 S) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	07/11/2012; 07/12/2012	Overall Level: 1  -Tested: ARM 920T processor running Hand Held Products BASE firmware 31205423-052 or Hand Held Products Scanner firmware 31205480-025; ARM 926EJ-S processor running Honeywell Xenon 1902 Cordless Base Firmware or Honeywell Xenon 1902 Cordless Scanner firmware -FIPS-approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Honeywell Scanning and Mobility FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Honeywell Scanning and Mobility FIPS Module is part of the Honeywell Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1713	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839 CST Lab: NVLAP 200928-0	BlackBerry Cryptographic Library (Software Versions: 2.0.0.10 and 2.0.0.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	05/03/2012; 01/24/2013	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional 2002 with SP3, 32-bit edition (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1193); AES (Cert. #1839); SHS (Cert. #1621); HMAC (Cert. #1094); RNG (Cert. #966); ECDSA (Cert. #254) -Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Library is a software module that provides cryptographic services to many BlackBerry® desktop products such as the BlackBerry® Enterprise Server, BlackBerry® Desktop Software, and many other BlackBerry® products."
1712	Kanguru Solutions 1360 Main Street Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462 CST Lab: NVLAP 200802-0	Kanguru Defender 2000 (Hardware Versions: P/Ns KDF2000-2G, KDF2000-4G and KDF2000-8G, Version 1.0; Firmware Version: 2.03.10) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	05/03/2012; 12/21/2012	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed) -Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The Kanguru Defender 2000 is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device."
1711	Athena Smartcard, Inc. 16615 Lark Avenue Suite 202 Los Gatos, CA 95032 USA -Ian Simmons TEL: 408-786-1028 FAX: 408-608 1818 CST Lab: NVLAP 100432-0	IDProtect with LASER PKI (Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Athena IDProtect 010B.0352.0005 with LASER PKI Applet 3.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/30/2012; 04/12/2013	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1654); RSA (Cert. # 824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2) -Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength) Single-chip "IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1710	Red Hat, Inc. 1801 Varsity Drive Raleigh, NC 27606 USA -Robert Relyea TEL: 650-254-4236 CST Lab: NVLAP 200427-0	NSS Freebl Cryptographic Module (Software Version: 3.12.9.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	04/30/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system (single-user mode) -FIPS-approved algorithms: DSA (Cert. #602); SHS (Cert. #1675) -Other algorithms: MD2; MD5 Multi-chip standalone "The NSS Freebl cryptographic module is an open-source, general-purpose cryptographic hash library. It is available for free under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. The NSS Freebl cryptographic module is jointly developed by Red Hat and Oracle engineers and is used in the GNU glibc library. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1709	Hewlett-Packard TippingPoint 14231 Tandem Blvd Austin, TX 78728 USA -Dinesh Vakharia TEL: 512-432-2628 -Freddie Jimenez Jr. TEL: 512-432-2907 CST Lab: NVLAP 200427-0	HP TippingPoint Intrusion Prevention System (Hardware Version: S6100N; Firmware Version: 3.2.1.1639) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/27/2012	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Cert. #1855); HMAC (Cert. #1102); RNG (Cert. #973); RSA (Cert. #938); SHS (Cert. #1632); Triple-DES (Cert. #1202) -Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength). Multi-chip standalone "Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
1708	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5] (Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-500 [4] and nC4033P-500N [5], Build Standard N; Firmware Versions: 2.50.16-3 and 2.51.10-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	04/27/2012; 03/08/2013	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1707	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200426-0	FortiMail-3000C (Hardware Version: C4GY52; Firmware Version: FortiMail 4.0, build0369, 110615) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/12/2012	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1604); Triple-DES (Cert. #1049); RNG (Cert. #860); SHS (Cert. #1417); HMAC (Cert. #940); RSA (Cert. #786) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "The FortiMail family of messaging security appliances provide an effective barrier against the ever-rising volume of spam, maximum protection against sophisticated message based attacks, and features designed to facilitate regulatory compliance. FortiMail appliances offer both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities."
1706	Fortinet, Inc. 326 Moodie Drive Ottawa, ON K2H 8G3 Canada -Alan Kaye TEL: 613-225-9381 CST Lab: NVLAP 200426-0	FortiMail™ OS (Firmware Version: FortiMail 4.0, build0369, 110615) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	04/12/2012	Overall Level: 1  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested: FortiMail-3000C -FIPS-approved algorithms: AES (Cert. #1604); Triple-DES (Cert. #1049); RNG (Cert. #860); SHS (Cert. #1417); HMAC (Cert. #940); RSA (Cert. #786) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 96 and 196 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant) Multi-chip standalone "FortiMail OS is a firmware based operating system that runs exclusively on Fortinet’s FortiMail product family (PC-based, purpose built appliances). FortiMail offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities."
1705	Thales-eSecurity Inc. 900 South Pine Island Road Suite 710 Plantation, FL 33324 USA -sales@thalesesec.com TEL: 888-744-4976 CST Lab: NVLAP 200426-0	nShield F3 500 PCI [1], nShield F3 500 for NetHSM [2] and nShield F3 10 PCI [3] (Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	04/12/2012; 03/08/2013	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770); DRBG (Cert. #72); CVL (Cert. #1) -Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield F3 10 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1704	Juniper Networks, Inc. 1194 North Mathilda Ave Sunnyvale, CA 94089 USA -Robert Smith TEL: 978-589-8822 CST Lab: NVLAP 200697-0	Juniper Networks SRX650 Services Gateways (Hardware Versions: (SRX650-BASE-SRE6-645AP and SRX650-BASE-SRE6-645DP) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 11.2S4) (The tamper evident seals and security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	04/05/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #1271 and #1272); AES (Certs. #1959 and #1960); DSA (Cert. #625); SHS (Certs. #1718 and #1719); RNG (Cert. #1029); RSA (Cert. #1014); HMAC (Certs. #1180 and #1181) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength) Multi-chip standalone "SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus and data center applications, are powered by Juniper Networks JUNOS the proven"
1703	S&C Electric Company 6601 Northridge Boulevard Chicago, IL 60626-3997 USA -Prakash Ramadass TEL: 510-749-5648 FAX: 510-864-6860 CST Lab: NVLAP 100432-0	IntelliCom WAN 1720 (Hardware Version: IntelliCom WAN 1720; Firmware Version: 1.1.0.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	04/03/2012	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #1114 and #1235); HMAC (Cert. #720); RNG (Cert. #618); RSA (Cert. #592); SHS (Cert. #1133) -Other algorithms: AES (non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "IntelliCom™ WAN Mesh Node, a wireless high-speed wide-area networking router that combines ultra-high throughput - up to 400 Mbps - with extremely low latencies of less than one millisecond. IntelliCom WAN Mesh Node features 802.11n mesh radio latencies of less than one millisecond. IntelliCom WAN Mesh Node features 802.11n mesh radio unlicensed bands as well as the 4.9-GHz municipal licensed band. This network architecture is selfforming and self-healing; communication is not inhibited by the loss of any single node."
1702	Entrust, Inc. One Lincoln Centre 5400 LBJ Freeway Suite 1340 Dallas, TX 75240 USA -James Kendry TEL: 972-726-0419 FAX: 972-713-5805 CST Lab: NVLAP 100432-0	Entrust Authority™ Security Kernel (Software Version: 8.1sp1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	04/12/2012	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Windows Server 2008 R2 Enterprise Edition running on Dell Optiplex 755 -FIPS-approved algorithms: AES (Cert. #1923); HMAC (Cert. #1158); SHS (Cert. #1689); DRBG (Cert. #167); RSA (Cert. #992); Triple-DES (Cert. #1253); Triple-DES MAC (Triple-DES Cert. #1253, vendor affirmed); CVL (Cert. #15 and SP 800-135, vendor affirmed, key agreement); RNG (Cert. #1011); ECDSA (Cert. #275); DSA (Cert. #610) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); MD2; MD5; RMD-160; CAST; CAST3; CAST5; DES; IDEA; RC2; RC4; PAKE; AES-DAC; CAST-DAC; CAST3-DAC; CAST5-DAC; DES-DAC; IDEA-DAC; RC2-DAC Multi-chip standalone "By managing the full lifecycles of digital certificate-based identities, Entrust Authority PKI enables encryption, digital signature and certificate authentication capabilities to be consistently and transparently applied across a broad range of applications and platforms."
1701	Apple Inc. 11921 Freedom Drive Reston, VA 20190 USA -Shawn Geddis TEL: 703-264-5103 CST Lab: NVLAP 200002-0	Apple FIPS Cryptographic Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/30/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1872); DSA (Cert. #585); ECDSA (Cert. #262); HMAC (Cert. #1116); RNG (Cert. #981); RSA (Cert. #952); SHS (Cert. #1645); Triple-DES (Cert. #1216) -Other algorithms: ASC; Blowfish; CAST; DES; RC2; RC4; RC5; FEE; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (non-compliant key generation) Multi-chip standalone "Apple's OS X Lion (v10.7) security services are now built on a newer 'Next Generation Cryptography' platform and does not use the CDSA/CSP module previously validated. Apple is re-validating the same CDSA/CSP module under OS X Lion to provide validation solely for third-party applications."
1700	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco 881W and Cisco 881GW Integrated Services Routers (ISRs) (Hardware Versions: 881W and 881GW with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: Router Firmware Version: IOS 15.1(3)T2 and AP Firmware Version: 12.4(25d)JA1) (When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/28/2012; 04/02/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #962, #1535, #1791, #1792 and #1793); DRBG (Cert. #129); HMAC (Certs. #537, #1056 and #1057); RNG (Cert. #950); RSA (Cert. #896); SHS (Certs. #933, #1574 and #1575); Triple-DES (Certs. #757 and #1160) -Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); AES (Cert. #1791, key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "The Cisco 881W and Cisco 881GW Integrated Services Routers (ISR) provide connectivity and security services in a single, secure device. These routers offer broadband speeds and simplified management to small businesses, and enterprise small branch and teleworkers. The module is also a wireless access point that provide secure wireless access to clients."
1699	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 CST Lab: NVLAP 200556-0	McAfee EMM Cryptographic Module (Software Version: 1.0) (When operated with module Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/28/2012	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1168); HMAC (Cert. #687); SHS (Cert. #1081) -Other algorithms: N/A Multi-chip standalone "The McAfee EMM Cryptographic Module provides cryptographic operations for McAfee Enterprise Mobility Manager, an enterprise class security solution which provides centralized mobile device management, provisioning, security, support, and auditing."
1698	Hitachi Solutions, Ltd. 4-12-7, Higashishinagawa Shinagawa-ku, Tokyo 140-0002 Japan -Applied Security Development Department TEL: +81-3-5780-2111 CST Lab: NVLAP 200835-0	HIBUN Cryptographic Module for Pre-boot (Software Version: 1.0 Rev. 2) Validated to FIPS 140-2 JCMVP Cert. #J0017 Security Policy Consolidated Validation Certificate	Software	03/28/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Pre-boot 16-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1779); SHS (Cert. #1561); HMAC (Cert. #1044) -Other algorithms: N/A Multi-chip standalone "HIBUN Cryptographic Module for Pre-boot is the cryptographic library module which operates on the Pre-boot environment."
1697	Hitachi Solutions, Ltd. 4-12-7, Higashishinagawa Shinagawa-ku, Tokyo 140-0002 Japan -Applied Security Development Department TEL: +81-3-5780-2111 CST Lab: NVLAP 200835-0	HIBUN Cryptographic Module for Kernel-Mode (Software Version: 1.0 Rev. 2) Validated to FIPS 140-2 JCMVP Cert. #J0016 Security Policy Consolidated Validation Certificate	Software	03/28/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1787); SHS (Cert. #1569); HMAC (Cert. #1052) -Other algorithms: N/A Multi-chip standalone "HIBUN Cryptographic Module for Kernel-Mode is the cryptographic library module which operates on the Windows Kernel-Mode. Full listing of testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit (single-user mode)"
1696	Hitachi Solutions, Ltd. 4-12-7, Higashishinagawa Shinagawa-ku, Tokyo 140-0002 Japan -Applied Security Development Department TEL: +81-3-5780-2111 CST Lab: NVLAP 200835-0	HIBUN Cryptographic Module for User-Mode (Software Version: 1.0 Rev. 2) Validated to FIPS 140-2 JCMVP Cert. #J0015 Security Policy Consolidated Validation Certificate	Software	03/28/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit; Linux Kernel 2.6 (Fedora 12) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1780); SHS (Cert. #1562); HMAC (Cert. #1045); DRBG (Cert. #125) -Other algorithms: N/A Multi-chip standalone "HIBUN Cryptographic Module for User-Mode is the cryptographic library module which operates on the Windows User-Mode and Linux User-Mode. Full testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit; Linux Kernel 2.6 (Fedora 12) (single-user mode)"
1695	NEC Corporation 1753 Shimonumabe Nakahara-ku Kawasaki, Kanagawa 211-8666 Japan -NEC Corporation TEL: +81-44-455-8326 CST Lab: NVLAP 200835-0	iPASOLINK MODEM AES Card (Hardware Version: 5.00; Firmware Version: NWA-055300-004) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	05/18/2012	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #1834) -Other algorithms: N/A Multi-chip embedded "iPASOLINK is NEC's most advanced and comprehensive optical and radio converged transport product family, in which iPASOLINK MODEM AES Card is implemented as a cryptographic module. The module provides encryption/decryption services by AES-CTR."
1694	SafeNet, Inc. 20 Colonnade Dr, Suite 200 Ottawa, ON K2E 7M6 Canada -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 -Mark Yakabuski TEL: 613-614-3407 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	Luna® PCI-e Cryptographic Module (Hardware Version: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Version: 6.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/30/2012; 09/27/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KKDF (SP 800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Certs. #1130, #1134 and #1137, vendor-affirmed) -Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
1693	SafeNet, Inc. 20 Colonnade Drive, Suite 200 Ottawa, ON K2E 7M6 Canada -Chris Brych TEL: 613-221-5081 FAX: 613-723-5079 -Mark Yakabuski TEL: 613-221-5081 FAX: 613-723-5079 CST Lab: NVLAP 200427-0	Luna® PCI-e Cryptographic Module (Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Version: 6.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/28/2012; 09/27/2012	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KKDF (SP800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Certs. #1130, #1134 and #1137, vendor-affirmed) -Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip embedded "The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
1692	IBM® Corporation 2455 South Road Poughkeepsie, NY 12601 USA -William F Penny TEL: 845-435-3010 CST Lab: NVLAP 200658-0	IBM® z/OS® Version 1 Release 13 System SSL Cryptographic Module (Hardware Version: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Software Version: System SSL level HCPT3D0/JCPT3D1 w/ APAR OA36775, RACF level HRF7780 and ICSF level HCR7780 w/ APAR OA36882; Firmware Version: 4765-001 (e1ced7a0)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software-Hybrid	03/12/2012	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode) -FIPS-approved algorithms: AES (Certs. #1713, #1864 and #1865); Triple-DES (Certs. #1103, #1210 and #1211); DSA (Certs. #582 and #583); RSA (Certs. #944, #945, #946, #947 and #948); SHS (Certs. #1497, #1639 and #1640); HMAC (Certs. #1110 and #1111); RNG (Certs. #977 and #978) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2; HMAC-MD5; ECDSA (non-compliant) Multi-chip standalone "System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1691	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/09/2012	Overall Level: 3  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1690	Gemalto Avenue du Jujubier Z.I Athelia IV La Ciotat, 13705 France -Frederic Garnier TEL: +33 4 42 36 43 68 FAX: +33 4 42 36 55 45 CST Lab: NVLAP 200427-0	Protiva PIV v1.55 on TOP DL v2 (Hardware Version: A1023378; Firmware Version: Build#11 - M1005011+ Softmask V03, Applet Version: Protiva PIV v1.55) (PIV Card Application: Cert. #27) (When operated in FIPS mode with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/09/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed) -Other algorithms: N/A Single-chip "This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1689	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team CST Lab: NVLAP 200427-0	Cisco Unified IP Phone 7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE and 7975G (Hardware Versions: (CP-7906G: V01-V09), (CP-7911G: V01-V09), (CP-7931G: V01-V05), (CP-7941G: V01-V02), (CP-7942G: V01-V10), (CP-7945G: V01-V11), (CP-7961G: V01-V02), (CP-7961GE: V01), (CP-7962G: V01-V11), (CP-7965G: V01-V11), (CP-7970G: V01-V02), (CP-7971G/7971GE: V01-V03) and (CP-7975G: V01-V12); Firmware Version: 9.2(1)SR2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/09/2012	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #1745 and #1747); HMAC (Certs. #1022 and #1024); RNG (Cert. #931); RSA (Cert. #868); SHS (Certs. #1532 and #1534); Triple-DES (Cert. #1132) -Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The Cisco Unified IP Phones 7900 Series deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1688	Seagate Technology LLC 389 Disc Drive Longmont, CO 80503 USA -Monty Forehand TEL: 720-684-2835 FAX: 720-684-2733 CST Lab: NVLAP 200427-0	Momentus® FDE Attached Storage Drives FIPS 140 Module (Hardware Version: ST9500326AS; Firmware Version: 566) (When operated in FIPS mode. Files distributed with the module mounted within the CD Drive are excluded from the validation.) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/09/2012	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #797 and #1341); HMAC (Cert. #883); SHS (Cert. #1223); RNG (Cert. #737); RSA (SigVer, Cert. #648); Triple-DES (Cert. #697) -Other algorithms: DES Multi-chip embedded "The Momentus® Attached Storage FDE Drives, FIPS 140 Modules are FIPS 140-2 Level 2 modules which provide full disk encryption with user authentication These products are designed to prevent data breaches due to loss or theft on the road, in the office. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms in DriveTrust Security Mode. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, and authenticated FW download."
1687	Mitsubishi Space Software Co., Ltd. Tsukuba Mitsui Bldg., 1-6-1, Takezono Tsukuba-shi, Ibaraki-ken 305-0032 Japan -Shinichi Shimazaki TEL: +81-29-856-0154 FAX: +81-29-859-0320 -Ikuo Shionoya TEL: +81-29-856-0154 FAX: +81-29-859-0320 CST Lab: NVLAP 200928-0	Command Encryption Module (Firmware Version: 2.0) (When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	03/30/2012	Overall Level: 2  -EMI/EMC: Level 3 -Tested: HP Compaq 6000 Pro Small Form Factor PC running Microsoft Windows XP Professional SP2 and Zone Labs Zone Alarm Pro Firewall version 10.0.250.000 -FIPS-approved algorithms: Triple-DES (Cert. #1119) -Other algorithms: Multi-chip standalone "Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
1686	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	McAfee Endpoint Encryption Client Windows Cryptographic Module 1.0 [1] and McAfee Endpoint Encryption Client Preboot Cryptographic Module 1.0 [2] (Software Version: 6.1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/09/2012	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with (Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without AES-NI; Windows 7 32-bit or Windows Vista 32-bit running on Intel Core i5 with AES-NI; Windows 7 64-bit or Windows Vista 64-bit running on Intel Core i7 with AES-NI) [1]; (McAfee Endpoint Encryption Preboot OS running on Intel Core i3 without AES-NI; McAfee Endpoint Encryption Preboot OS running on Intel Core i5 or i7 with AES-NI) [2] (single-user mode) -FIPS-approved algorithms: AES (Certs. #1881, #1882 and #1883); DRBG (Cert. #156); HMAC (Cert. #1124 and #1125); SHS (Certs. #1653 and #1654); -Other algorithms: RC5; PKCS#5; AES (non-compliant); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1881, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone
1685	ZyFLEX Technologies Incorporation 4F, No.5-2, Industry E. 9th Rd. Science Park Hsinchu Hsin-Chu, 30075 Taiwan, R.O.C. -Nick Tseng TEL: +886-3-5679168 FAX: +886-3-5679188 CST Lab: NVLAP 200824-0	ZyFLEX Crypto Module ZCM-100 (Hardware Version: AAM; Firmware Version: 1.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	03/09/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #1670 and #1671); DSA (Cert. #521); HMAC (Cert. #980); RNG (Certs. #888 and #889); RSA (Cert. #827); SHS (Cert. #1462) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG Multi-chip embedded "ZyFLEX Crypto Module ZCM-100 is a hardware multichip embedded module that targets high speed data link layer (OSI layer 2) secure data transmission applications in an IP-based network. ZCM-100 implements AES-256 encryption/decryption algorithms and other Approved security functions by using both hardware FPGA circuitry and a 32-bit microcontroller. Its miniaturized size and low power consumption features make ZCM-100 suitably fit in a portable wireless communication device such as a handheld radio."
1684	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -Vinnie Moscaritolo TEL: 650-527-9000 CST Lab: NVLAP 200802-0	PGP Cryptographic Engine (Software Version: 4.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/24/2012	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7; IOS 5 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1151); AES (Cert. #1778); SHS (Cert. #1559); HMAC (Certs. #1043) -Other algorithms: AES (EME2 mode; non-compliant) Multi-chip standalone "The PGP Cryptographic Engine includes a wide range of field-tested and standards-based encryption, and encoding algorithms used by PGP Whole Disk Encryption."
1683	Lenel Systems International, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA -Robert Pethick TEL: 585-248-9447 FAX: 585-248-9185 CST Lab: NVLAP 100432-0	Communication Server (Software Versions: 5.12.110, 6.0.148, 6.1.22, 6.3.249 or 6.4.500) (When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode) or (Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)]) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/15/2012	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7; Microsoft Windows Server 2008 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1650); RNG (Cert. #882) -Other algorithms: RC2 Multi-chip standalone "The Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel's advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1682	Voltage Security, Inc. 20400 Stevens Creek Blvd. Cupertino, CA 95014 USA -Luther Martin TEL: 650-543-1280 FAX: 650-543-1279 CST Lab: NVLAP 200802-0	Voltage IBE Cryptographic Module (Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	02/14/2012; 02/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 7 Professional SP1, 32-bit; Red Hat Enterprise Linux Server 5.3, 32-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1752); Triple-DES (Cert. #1135); DSA (Cert. #547); SHS (Cert. #1539); RNG (Cert. #934); RSA (Cert. #871); HMAC (Cert. #1029); DRBG (Cert. #115) -Other algorithms: IBE; BBX; FFX; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits encryption strength); MD5; Diffie-Hellman; DES Multi-chip standalone "Voltage IBE Cryptographic Module implements the following algorithms: DSA; TDES; AES (ECB, CBC, CFB, OFB, FPE); DRNG; DRBG; SHS; HMAC; CMAC; RSA; DH; BF IBE; BB1 IBE; MD; DES"
1681	Symantec Corporation 350 Ellis St. Mountain View, CA 94043 USA -Vinnie Moscaritolo TEL: 650-527-8000 CST Lab: NVLAP 200802-0	PGP Software Developer's Kit (SDK) Cryptographic Module (Software Version: 4.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/28/2012	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP3; Mac OS X 10.7; Linux, 32-bit: CentOS 5.5; iOS 5 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #1150); AES (Cert. #1777); RSA (Cert. #888); DSA (Cert. #558); SHS (Cert. #1558); HMAC (Cert. #1042); DRBG (Cert. #124) -Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD-160; ElGamal; EC Diffie-Hellman; ECDSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP Software Developer's Kit (SDK) Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1680	Absolute Software Corporation Suite 1600, Four Bentall Centre 1055 Dunsmuir Street PO Box 49211 Vancouver, BC V7X 1K8 Canada -Tim Parker TEL: 604-730-9851 ext. 194 FAX: 604-730-2621 CST Lab: NVLAP 200556-0	Absolute Encryption Engine (Software Version: 1.2.0.46) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/14/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 64-bit; Windows 7 32-bit; Windows XP 32-bit; Windows Vista 32-bit; Windows Vista 64-bit; Red Hat Enterprise Linux (RHEL) 6 32-bit; Mac OS X v10.6.7 32-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #1610); RNG (Cert. #864) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "Absolute Software Corporation provides security products for the central management of all IT assets. The Absolute Encryption Engine is a dynamic-linked library (DLL) defined as the encryption module on the client and server callable by applications via an Application Programming Interface (API). The module is currently used by the Absolute Computrace product."
1679	Senetas Corporation Ltd. Level 1, 11 Queens Road Melbourne, Victoria 3004 Australia -John Weston TEL: +61 (3) 9868 4515 FAX: +61 (3) 9821 4899 -Horst Marcinsky TEL: +61 (3) 9868 45555 FAX: +61 (3) 9821 4899 CST Lab: NVLAP 200426-0	CN1000 Fibre Channel Encryptor (Hardware Version: A5175B; Firmware Version: 1.9.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Hardware	02/14/2012	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #1158); AES (Certs. #1775 and #1786); SHS (Cert. #1568); RNG (Cert. #948); DSA (Cert. #562); RSA (Cert. #893); HMAC (Cert. #1051) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The CN1000 Fibre Channel Encryptor is a high-speed, standards based, encryptor specifically designed to secure data transmitted over Fibre Channel point-to-point networks at line rates up to 4.25Gb/s. Data privacy is provided by FIPS approved AES algorithms."
1678	Giesecke & Devrient 45925 Horseshoe Drive Dulles, VA 20166 USA -Jatin Deshpande TEL: 650-312-8047 FAX: 650-312-8129 -Thomas Palsherm TEL: +49 89 4119-2384 FAX: +49 89 4119-9093 CST Lab: NVLAP 200427-0	StarSign Crypto USB Token powered by Sm@rtCafé Expert 6.0 (Hardware Version: P5CC081; Firmware Version: Sm@rtCafT Expert 6.0) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/09/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed) -Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides 128 to 256 bits of encryption strength) Multi-chip standalone "Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafT Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafT Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
1677	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -David Gerendas TEL: 949-860-3369 FAX: 949-297-5575 CST Lab: NVLAP 200416-0	McAfee Endpoint Encryption Disk Driver Cryptographic Module 1.0 (Software Version: 6.1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	02/09/2012	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without AES-NI; Windows Vista 32-bit or Windows 7 32-bit running on Intel Core i5 with AES-NI; Windows Vista 64-bit or Windows 7 64-bit running on Intel Core i7 with AES-NI (single-user mode) -FIPS-approved algorithms: AES (Cert. #1882); HMAC (Cert. #1125); SHS (Cert. #1654) -Other algorithms: RC5; AES (non-compliant) Multi-chip standalone
1676	Symantec Corporation 350 Ellis Street Mountain View, CA 94043 USA -John Bordwine TEL: 703-885-3854 CST Lab: NVLAP 200556-0	Symantec Java Cryptographic Module Version 1.1 (Software Version: 1.1) (When operated in FIPS mode with module RSA BSAFE® Crypto-J Software Module validated to FIPS 140-2 under Cert. #1291 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	03/09/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 with Sun JRE 5.0; Microsoft Windows XP SP2 with Sun JRE 6.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1109); DSA (Cert. #357); ECDSA (Cert. #130); DRBG (Cert. #15); HMAC (Cert. #621); RNG (Cert. #616); RSA (Cert. #522); SHS (Cert. #1032); Triple-DES (Cert. #806) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5; ANSI X9.31 RNG (non-compliant); MD5Random; SHA1Random (non-compliant) Multi-chip standalone "The Symantec Java Cryptographic Module Version 1.1 provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite."
1675	Uplogix, Inc. 7600B N. Capital of Texas Highway Austin, TX 78731 USA -Martta Howard TEL: 512-857-7043 CST Lab: NVLAP 200427-0	Uplogix 430 [1] and 3200 [2] (Hardware Versions: (43-1002-50 and 43-1102-50) [1] and (37-0326-03 and 37-0326-04) [2]; Firmware Version: 4.3.5.19979) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/06/2012	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Certs. #1644 and #1647); DRBG (Cert. #90); DSA (Certs. #515 and #517); HMAC (Certs. #966 and #968); RNG (Cert. #881); RSA (Certs. #812 and #815); SHS (Certs. #1445 and #1448); Triple-DES (Certs. #1074 and #1076) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 192 bits of encryption strength); HMAC-MD5-96; HMAC-SHA-96 (non-compliant); MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength) Multi-chip standalone "Uplogix is a network independent management platform that locates with - and directly connects to - managed devices. Standing alone or augmenting existing centralized management tools, Uplogix provides configuration, performance and security management actions that are best performed locally. Local Management reduces operational costs, speeds problem resolution, and improves security and compliance versus centralized-only management. Our local focus on network device automation enables the transition to more network sensitive cloud and virtual infrastructure technologies."
1674	Avaya, Inc. 211 Mt. Airy Road Basking Ridge, NJ 07920 USA -Dragan Grebovich TEL: 978-671-3476 CST Lab: NVLAP 200556-0	Secure Router 4134 (Hardware Version: Chassis: 4134, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); 1-port HSSI Medium Card (Part Number: 333-70290-01 Rev 9); 1-port Channelized / Clear Channel T3 Medium Card (Part Number: 333-70280-01 Rev 8); 8-port T1/E1 Medium Card (Part Number: 333-70275-01 Rev 01.0012); 10-port Gigabit Ethernet (GbE) Medium Card (Part Number: 333-70330-01 Rev 01.0023); 24-port Fast Ethernet (FE) Medium Card (Part Number: 333-70325-01 Rev 15); 24-port Fast Ethernet/Power over Ethernet (FE/PoE) Medium Card (Part Number: 333-70325-02 Rev 01.0017); Firmware Version: 10.3.0.100) (When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy and with all interface card slots filled or covered) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/06/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #1050); AES (Certs. #173 and #1605); SHS (Cert. #1418); HMAC (Cert. #941); RSA (SigVer, Cert. #787); DSA (Certs. #496 and #501); DRBG (Cert. #79) -Other algorithms: MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #787; non-compliant) Multi-chip standalone "The Secure Router 4134 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs."
1673	Avaya, Inc. 211 Mt. Airy Road Basking Ridge, NJ 07920 USA -Dragan Grebovich TEL: 978-671-3476 CST Lab: NVLAP 200556-0	Secure Router 2330 (Hardware Version: Chassis: 2330, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); Firmware Version: 10.3.0.100) (When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy, with all interface card slots filled or covered) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/06/2012	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #210 and #1051); AES (Certs. #96 and #1606); SHS (Certs. #187 and #1419); HMAC (Cert.#942); RSA (SigVer, Cert. #788); DSA (Cert. #497); DRBG (Cert. #80) -Other algorithms: MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 128 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #788; non-compliant) Multi-chip standalone "The Secure Router 2330 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs."
1672	IBM Corporation 2455 South Road Poughkeepsie, NY 12601 USA -William F Penny TEL: 845-435-3010 FAX: 845-433-7510 -James Sweeny TEL: 845-435-7453 FAX: 845-435-8530 CST Lab: NVLAP 200658-0	IBM® z/OS® Version 1 Release 13 ICSF PKCS#11 Cryptographic Module (Hardware Version: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048); Software Version: ICSF level HCR7780 w/ APAR OA36882 and RACF level HRF7780; Firmware Version: CPACF (FC3863 w/ System Driver Level 86E) and optional 4765-001 (e1ced7a0)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software-Hybrid	02/06/2012	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Accelerator (CEX3A) is a separately configured version of 4765-001 (P/N 45D6048))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode) -FIPS-approved algorithms: AES (Certs. #1713 and #1866); Triple-DES (Certs. #1103 and #1212); DSA (Cert. #584); ECDSA (Cert. #261); RSA (Certs. #946, #949 and #971); SHS (Certs. #1497 and #1641); HMAC (Cert. #1112); DRBG (Cert. #151); CVL (Cert. #9) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; Triple-DES (non-compliant); DSA (non-compliant); HMAC (non-compliant); RC4; BLOWFISH; MD5; MD2; RIPE-MD; EC Brainpool Multi-chip standalone "The ICSF PKCS #11 module consists of software-based cryptographic algorithms, as well as symmetric and hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF) and RSA Hardware clear key modular math cryptography provided through the Crypto Express3 card (CEX3A). The RSA hardware support is accessed through auxiliary module CSFINPVT which acts as a pipe between ICSF PKCS #11 and the cryptographic cards."
1671	Sensage, Inc. 1400 Bridge Parkway Suite 202 Redwood City, CA 94065 USA -Brad Kekst TEL: 415-215-3567 FAX: 650-631-2810 -Rao Yendluri TEL: 650-830-0484 FAX: 650-631-2810 CST Lab: NVLAP 200002-0	CryptoCore Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate Vendor Product Link	Software	02/06/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Redhat Enterprise Linux Version 5.1; Redhat Enterprise Linux Version 5.5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1761); Triple-DES (Cert. #1140); RSA (Cert. #877); DSA (Cert. #551); SHS (Cert. #1545); HMAC (Cert. #1032); RNG (Cert. #938) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 219 bits of encryption strength); HMAC-MD5; MD5; DES; CAST5; Blowfish; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "Sensage’s purpose-built event data warehouse products enable users to easily collect and store large volumes of log and event data, while also providing an ability to query and perform analyses on the event data that are available. Their Private Encryption File System solution gives product administrators the ability to employ FIPS-validated encryption and decryption on stored data, providing protection of data-at-rest (log files, configuration files, and other stored data) within the product."
1670	Dolby Laboratories, Inc. 100 Potrero Avenue San Francisco, CA 94103 USA -Dean Bullock TEL: 415-645-5336 FAX: 415-645-4000 CST Lab: NVLAP 100432-0	CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC (Hardware Versions: P/N CAT862Z, Revisions FIPS_1.0, FIPS_1.1, FIPS_1.2 and FIPS_1.3; Firmware Version: 4.4.0.37) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	02/02/2012; 02/09/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #519, #520 and #1067); SHS (Certs. #592 and #1086); RSA (Cert. #233); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The CAT862 Dolby JPEG2000/MPEG2 Media Block IDC performs all the cryptography, license management, and video decoding functions for the DSS200 Dolby Screen Server, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality and outstanding reliability. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets DCI specifications for security, data rate, storage capacity, and redundancy."
1669	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839 CST Lab: NVLAP 200928-0	BlackBerry Cryptographic Kernel (Firmware Versions: 3.8.7.0 [1], 3.8.7.1 [1,2], 3.8.7.4 [2], 3.8.7.5 [2] and 3.8.7.6 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	01/19/2012; 10/10/2012	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 9900 with BlackBerry OS Versions 7.0 [1] and 7.1 [2] -FIPS-approved algorithms: Triple-DES (Certs. #1163 and #1164); AES (Certs. #1798, #1799, #1800 and #1801); SHS (Certs. #1581 and #1582); HMAC (Certs. #1063 and #1064); RSA (Certs. #902 and #903); DRBG (Certs. #132 and #133); ECDSA (Certs. #244 and #245) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1668	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Global Certification Team TEL: CST Lab: NVLAP 200427-0	Cisco Common Cryptographic Module (C3M) (Hardware Versions: Intel [Core i5, Core i7 and Xeon] with AES-NI; Software Version: 0.9.8r.1.1) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software-Hybrid	01/19/2012; 02/23/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with FreeBSD 8.2 or Windows 7 SP1 running on Intel Core i5 with AES-NI; Red Hat Enterprise Linux v5 running on Intel Xeon with AES-NI or Intel Core i7 with AES-NI (single-user mode) -FIPS-approved algorithms: AES (Cert. #1758); DSA (Cert. #550); ECDSA (Cert. #234); HMAC (Cert. #1031); RNG (Cert. #937); RSA (Cert. #876); SHS (Cert. #1544); Triple-DES (Cert. #1139) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength) Multi-chip standalone "The Cisco Common Cryptographic Module (C3M) is a software-hybrid that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols."
1667	Qube Cinema, Inc. 601 S. Glenoaks Blvd. Ste. 102 Burbank, CA 91502 USA -Rajesh Ramachandran TEL: 818-392-8155 FAX: 818-301-0401 CST Lab: NVLAP 100432-0	Secure Media Block (Hardware Versions: Z-OEM-DCI-Q-R0, Z-OEM-DCI-Q-R2 and Z-OEM-DCI-Q-R3; Firmware Version: 105; Security Manager Version: 1.0.3.4) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/11/2012; 06/21/2012	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #812 and #1455); HMAC (Certs. #450 and #854); RNG (Certs. #467 and #797); RSA (Certs. #392 and #711); SHS (Certs. #809, #810, #811 and #1318) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5 Multi-chip embedded "The Qube Secure Media Block is used in Digital Cinema applications, providing core functionality required to playback Digital Cinema Packages. The module performs essence decryption when processing encrypted content, it ensures link encryption downstream to a projector device, and it provides other features as to enable a fully capable Digital Cinema Server. Content owners and other stake holders rely upon the security features provided by the Qube Secure Media Block to protect their valuable content, and to perform secure logging of operations within a theatre auditorium."
1666	Motorola Mobility, Inc. 600 North US Highway 45 Libertyville, IL 60048 USA -Ed Simon TEL: 800-617-2403 CST Lab: NVLAP 100432-0	Motorola Mobility Cryptographic Suite B Module (Software Version: 5.4fm) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Software	01/25/2012; 03/07/2012; 03/14/2012; 05/29/2012	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Android 2.3; Android 4.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1930); Triple-DES (Cert. #1256); SHS (Cert. #1695); HMAC (Cert. #1164); RSA (Cert. #996); DSA (Cert. #613); RNG (Cert. #1015) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant) Multi-chip standalone "The Motorola Mobility Cryptographic Suite B Module is used in Motorola Business Ready Android devices to encrypt sensitive application data. For details on Motorola Business Ready, see www.motorola.com/Business-Ready/US-EN/Home."
1665	McAfee, Inc. 2821 Mission College Blvd. Santa Clara, CA 95054 USA -Sakthikumar Subramanian TEL: 408-346-3249 FAX: 408-346-5335 CST Lab: NVLAP 100432-0	Network Security Platform Sensor M-8000 S (Hardware Version: P/N M-8000 S, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 6.1.15.35) (When operated with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/10/2012	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1664	Certicom Corp. 4701 Tahoe Blvd. Building A Mississauga, ON L4W 0B5 Canada -Certicom Sales TEL: 905-507-4220 FAX: 905-507-4230 -Kris Orr TEL: 289-261-4104 FAX: 905-507-4230 CST Lab: NVLAP 200928-0	Security Builder® FIPS Module (Firmware Versions: 4.0 B and 4.0 S) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Firmware	01/10/2012; 03/30/2012	Overall Level: 1  -Tested: ARM 920T processor running Hand Held Products BASE firmware 31205423-052 or Hand Held Products Scanner firmware 31205480-025; ARM 926EJ-S processor running Honeywell Xenon 1902 Cordless Base Firmware or Honeywell Xenon 1902 Cordless Scanner firmware -FIPS-approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1663	CST Lab: NVLAP 200427-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/05/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1651	Nexgrid, LLC 4444 Germanna Hwy Locust Grove, VA 22508 USA -Thomas McLure TEL: 888-556-0911 ext 1010 FAX: 703-562-8385 -Haim Shaul TEL: 888-556-0911 ext 1003 FAX: 703-562-8385 CST Lab: NVLAP 200427-0	ecoNet smart grid gateways: ecoNet SL and ecoNet MSA (Hardware Versions: ENSL2, ENSL5 and ENMSA2; Firmware Version: 3.1.2-FIPS) Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/05/2012	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #1665); DSA (Cert. #520); HMAC (Cert. #979); RNG (Cert. #887); RSA (Cert. #820); SHS (Cert. #1459); Triple-DES (Cert. #1083) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 224 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "ecoNet smart grid gateways provide the central link between intelligent endpoint devices and the Utility's backhaul or WAN enabling real time network control and monitoring."
1631	CST Lab: NVLAP 100432-0	Validated to FIPS 140-2 Security Policy Consolidated Validation Certificate	Hardware	01/24/2012; 05/03/2012	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone