CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 10/31/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
1869 WatchGuard Technologies, Inc.
505 Fifth Avenue South, Suite 500
Seattle, WA 98104
USA

-Peter Eng
TEL: 206-613-6600

CST Lab: NVLAP 200556-0

XTM 21 [1], XTM 21-W [2], XTM 22 [3], XTM 22-W [4], XTM 23 [5], XTM 23-W [6], XTM 25 [7], XTM 25-W [8], XTM 26 [9], XTM 26-W [10], XTM 33 [11], XTM 33-W [12], XTM 330 [13], XTM 505 [14], XTM 510 [15], XTM 520 [16], XTM 530 [17], XTM 810 [18], XTM 820 [19], XTM 830 [20], XTM 830-F [21], XTM 1050 [22] and XTM 2050 [23]
(Hardware Versions: XP3E6 [1, 3, 5], XP3E6W [2, 4, 6], FS1E5 [7, 9], FS1E5W [8, 10], FS2E5 [11], FS2E5W [12], NC5AE7 [13], NC2AE8 [14, 15, 16, 17], NS2BE10 [18, 19, 20], NS2BE6F4 [21], NX3CE12 [22] and NC4E16F2 [23] with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.5.1)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/21/2012 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #1078, #1079, #1080, #1082, #1180, #1181 and #1182 ); AES (Certs. #1658, #1659, #1660, #1662, #1827, #1828 and #1829); SHS (Certs. #1452, #1453, #1454, #1457, #1606, #1607 and #1608 ); HMAC (Certs. #973, #974, #975, #977, #1081, #1082 and #1083 ); RSA (Cert. #819 ); ECDSA (Cert. #211); RNG (Cert. #885); DSA (Cert. #631)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5

Multi-chip standalone

"WatchGuard Fireware XTM extensible threat management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need."
1867 Pitney Bowes Inc.
37 Executive Drive
Danbury, CT 06810
USA

-David Riley
TEL: 203-796-3208
FAX: 203-796-3129

CST Lab: NVLAP 100432-0

Cygnus X3 Hardware Security Module (XHSM)
(Hardware Version: P/N 1R84000 Version A; Firmware Versions: 01.00.06 and 01.03.0074 (Device Abstraction Layer))

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/19/2012 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: AES (Cert. #1979); DRBG (Cert. #181); DSA (Cert. #632); ECDSA (Cert. #286); HMAC (Cert. #1192); KAS (Cert. #33); CVL (Cert. #20); RSA (Cert. #1063); SHS (Cert. #1733); Triple-DES (Cert. #1319); Triple-DES MAC (Triple-DES Cert. #1319, vendor affirmed)

-Other algorithms: AES (Cert. #1979, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 in order to support international digital indicia standards globally. The Cygnus X3 HSM Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1866 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200556-0

FortiGate-3950B/3951B
(Hardware Versions: FortiGate-3950B (C4DE23) and FortiGate-3951B [(C4EL37) and FSM-064 (PE4F79)] with Blank Face Plate (P06698-02) and Tamper Evident Seal: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/19/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1856, #1857 and #1858); Triple-DES (Certs. #1203, #1204 and #1205); HMAC (Certs. #1103, #1104 and #1105); SHS (Certs. #1633, #1634 and #1635); RSA (Cert. #939); RNG (Cert. #974)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); DES

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1865 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba 3000 [A], 6000/M3 Revision C4 [B] and Dell W-3000 [C], W-6000M3 [D] Controllers with ArubaOS FIPS Firmware
(Hardware Versions: [3200-F1 Revision C4, 3400-F1 Revision C4, 3600-F1 Revision C4, 3200-USF1 Revision C4, 3400-USF1 Revision C4 and 3600-USF1 Revision C4] [1] [A], [(6000-400-F1 or 6000-400-USF1) with M3mk1-S-F1 Revision C4, HW-FT, HW-PSU-200 or HW-PSU-400, LC-2G-1, LC-2G24F-1 or LC-2G24FP-1] [1] [B], [W-3200-F1, W-3400-F1, W-3600-F1, W-3200-USF1, W-3400-USF1 and W-3600-USF1] [2] [C], and [(W-6000-400-F1 or W-6000-400-USF1) with W-6000M3, HW-FT and HW-PSU-400] [2] [D] with FIPS kit 4010061-01; Firmware Version: ArubaOS_MMC_6.1.2.3-FIPS [1] and Dell_PCW_MMC_6.1.2.3-FIPS [2] or ArubaOS_MMC_6.1.4.1-FIPS [1] and Dell_PCW_MMC_6.1.4.1-FIPS [2] or ArubaOS_MMC_6.1.4.5-FIPS [1] and Dell_PCW_MMC_6.1.4.5-FIPS [2] or ArubaOS_MMC_6.1.4.7-FIPS [1] and Dell_PCW_MMC_6.1.4.7-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400")

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/18/2012;
01/24/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #762, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #417, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #769, #1627, #1629 and #1631); Triple-DES (Certs. #667, #1198 and #1201)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services"
1863 Kaseya US Sales, LLC
901 N. Glebe Road
Suite 1010
Arlington, VA 22203
USA

-Bill Durant
TEL: 415-694-5700

CST Lab: NVLAP 200996-0

Virtual System Administrator Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/13/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with MAC OS X v10.6.8; Windows 7 (32-bit); Windows 7 (64-bit); Windows Server 2008; Red Hat Enterprise Linux 5.5 (32-bit); Red Hat Enterprise Linux 5.5 (64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1988 and #1989); HMAC (Cert. #1202); SHS (Cert. #1744); DRBG (Cert. #185)

-Other algorithms: AES (Cert. #1989, key wrapping); AES-CBC (non-compliant)

Multi-chip standalone

"The Kaseya Virtual System Administrator provides an IT automation framework allowing IT managers to proactively monitor, manage, maintain, and protect distributed IT resources using a single, integrated web-based interface. The services offered by Kaseya Virtual System Administrator are ever-broadening; as IT management services needs increase, so do the tools and services provided by the framework."
1861 RSA Security, Inc.
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Youngjin Son
TEL: +82-10-6700-6735

CST Lab: NVLAP 200900-0

RSA BSAFE® Crypto-C Micro Edition for Samsung MFP SW Platform (VxWorks)
(Software Version: 3.0.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 12/10/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with VxWorks (single user mode)

-FIPS Approved algorithms: AES (Cert. #1826); Triple-DES (Cert. #1179); DSA (Cert. #573); ECDSA (Cert. #252); RNG (Cert. #962); DRBG (Cert. #143); RSA (Cert. #918); SHS (Cert. #1605); HMAC (Cert. #1080)

-Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman

Multi-chip standalone

"A software cryptographic library within the Vxworks real-time operating system specifically for embedded systems based on the ARM9 CPU architecture."
1859 Red Hat®, Inc.
314 Littleton Road
Raleigh, NC 27606
USA

-Ann-Marie Rubin
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 Openswan Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode and when obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9 of the provided Security Policy. This module contains the embedded Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode and the Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837 operating in FIPS mode. Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs are verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/03/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1289 and #1290); AES (Certs. #1985 and 1986); SHS (Certs. #1741 and #1742); RSA (Cert. #979, vendor affirmed); DRBG (Certs. #183 and #184); DSA (Certs. #634 and #635); HMAC (Certs. #1129, #1130, #1134, #1135, #1199 and #1200)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC2; RC4; DES; Seed; CAMELLIA; MD2; MD5

Multi-chip standalone

"The Red Hat Enterprise Linux 6.2 OpenSwan Cryptographic Module is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec."
1858 Vidyo, Inc.
433 Hackensack Ave, 6th Floor
Hackensack, NJ 07601
USA

CST Lab: NVLAP 200556-0

Cryptographic Security Kernel
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/29/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E50xx without AES-NI; Mac OS X 10.6.8 32-bit running on Intel Core Duo without AES-NI; Mac OS X 10.6.8 64-bit running on Intel Core 2 Duo without AES-NI; Mac OS X 10.7.3 32-bit or Mac OS 10.7.3 64-bit running on Intel Core 2 Duo without AES-NI; Windows 7 32-bit running on Intel Core Duo without AES-NI; Windows 7 64-bit running on Intel Core 2 Duo without AES-NI; Windows XP 32-bit running on Intel Core Duo without AES-NI; Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E3 with AES-NI; Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on Intel Core i5 with AES-NI; Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on Intel Core i5 with AES-NI; Windows 7 32-bit or Windows 7 64-bit running on Intel Core i5 with AES-NI; Windows XP 32-bit running on Intel Core i5 with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2027 and #2028), DRBG (Certs. #194 and #195), HMAC (Certs. #1229 and #1230), SHS (Certs. #1776 and #1777)

-Other algorithms: N/A

Multi-chip standalone

"The Vidyo Cryptographic Security Kernel is a subset of the VidyoTechnology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications."
1857 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCI 7000 Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.8.7)

(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant)

Multi-chip embedded

"Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1856 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCI 7000 Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.8.7)

(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/29/2012;
12/03/2012
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant)

Multi-chip embedded

"Luna PCI® offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI® HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1854

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/28/2012 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1853 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco 4402 and 4404 Wireless LAN Controllers
(Hardware Versions: 4402, Revision Number R0 and 4404, Revision Number R0; FIPS Kit AIRWLC4400FIPSKIT=, Version A0; Opacity Baffle Version 1.0; Firmware Versions: 7.0.230.0, 7.0.240.0 or 7.0.250.0)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 4400 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, intrusion protection and intelligent radio resource management."
1852 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0

FortiWiFi-60C
(Hardware Version: C4DM95 with Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); AES CCM (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1851 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Control Center
(Hardware Versions: [FWE-C1015 and FIPS Kit: FWE-CC-FIPS-KIT1], [FWE-C2050 and FIPS Kit: FWE-CC-FIPS-KIT2] and [FWE-C3000 and FIPS Kit: FWE-CC-FIPS-KIT2]; Firmware Version: 5.2.0)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012;
12/12/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1831 and #1897); Triple-DES (Certs. #1184 and #1233); SHS (Certs. #1611 and #1666); HMAC (Certs. #1085 and #1137); DRBG (Cert. #163); RNG (Certs. #963 and #1009); RSA (Certs. #920 and #972); DSA (Certs. #575 and #599)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
1850 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Version: 3.0.0.16 [1] and 3.0.0.20 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/29/2012;
01/24/2013;
06/24/2013
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with Wind River VxWorks General Purpose Platform 6.0 (PPC 604 32-bit) [1]; Wind River VxWorks General Purpose Platform 6.8 running on a Fuji Xerox 960K 61580 [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2018 [1] and #2485 [2]); DRBG (Certs. #192 [1] and #343 [2]); DSA (Certs. #643 [1] and #765 [2]); ECDSA (Certs. #293 [1], #294 [1], #414 [2] and #416 [2]); HMAC (Certs. #1222 [1] and #1527 [2]); RNG (Certs. #1058 [1] and #1203 [2]); RSA (Certs. #1047 [1] and #1274 [2]); SHS (Certs. #1768 [1] and #2103 [2]); Triple-DES (Certs. #1303 [1] and #1523 [2])

-Other algorithms: AES-GCM (non-compliant); DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1849 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-60 and AP-61 Wireless Access Points
(Hardware Versions: AP-60-F1 Rev. 01 and AP-61-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS or ArubaOS_6.1.4.5-FIPS or ArubaOS_6.1.4.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/06/2012;
01/24/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1848 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 4150E
(Hardware Version: NSA-4150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/19/2012 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1847 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 2150E
(Hardware Version: NSA-2150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/19/2012 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1846 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100E
(Hardware Version: NSA-1100-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/19/2012 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1845 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-65, AP-70 and AP-85 Wireless Access Points
(Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 and AP-85TX-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS or ArubaOS_6.1.4.5-FIPS or ArubaOS_6.1.4.7-FIPS)

(When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012;
01/24/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1843 Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat, 13705
France

-Frederic Garnier
TEL: +33 4 42 36 43 68
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 200427-0

Protiva+ PIV v2.0 using TOP DL v2 and TOP IL v2
(Hardware Versions: A1025258 and A1023393; Firmware Version: Build#11 - M1005011 + Softmask V04, Applet Version: PIV Applet v2.00 + OATH Applet v2.10)

(PIV Card Application: Cert. #30)

(When operated in FIPS mode with module TOP DL v2 or TOP IL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1973); CVL (Cert. #18); ECDSA (Cert. #284); RNG (Cert. #1038); RSA (Cert. #1019); SHS (Cert. #1727); Triple-DES (Cert. #1280); Triple-DES MAC (Triple-DES Cert. #1280, vendor affirmed); CVL (Certs. #217 and #224)

-Other algorithms: N/A

Single-chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1842 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124-3452
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: N/A

CST Lab: NVLAP 100432-0

SRA EX6000 and SRA EX7000
(Hardware Versions: P/Ns 101-500210-62 Rev. A (SRA EX6000) and 101-500188-62 Rev. A (SRA EX7000); Firmware Version: SRA 10.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1868, #1869 and #1870); HMAC (Certs. #1113, #1114 and #1115); RNG (Cert. #980); RSA (Certs. #950 and #951); SHS (Certs. #1642, #1643 and #1644); Triple-DES (Certs. #1213, #1214 and #1215)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4

Multi-chip standalone

"Built on Aventail's powerful, proven SSL VPN platform, the SonicWALL Aventail SRA EX6000 and SRA EX7000 appliances provide granular access control for any type of remote access by first detecting the identity and the security of the end point, protecting applications with granular policy based on who the user is and the trust established for the end point used for access, and then connecting authorized employees and business partners effortlessly from a broad range of cross-platform devices only to authorized resources."
1841 InZero Systems
13755 Sunrise Valley Drive
Suite 750
Herndon, VA 20171
USA

-FIPS Product Team
TEL: 703-636-2048
FAX: 703-793-1805

CST Lab: NVLAP 200002-0

InZero Gateway
(Hardware Version: XB2CUSB3.1; Firmware Version: 2.80.0.38)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1841); DSA (Cert. #576); HMAC (Cert. #1095); RNG (Cert. #967); RSA (Cert. #929); SHS (Cert. #1622); Triple-DES (Cert. #1194)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The InZero Gateway is a pocket-sized appliance that provides FIPS-validated VPNs and endpoint security for a Windows PC. The module's hardware sandbox ensures safe browsing (e.g., opening downloaded files) and safe internet banking. A conversion engine strips malware from e-mail attachments. The firewall helps enforce NAC policy. The module may be managed locally by the Crypto Officer or by a network administrator using a Management Console. The HTTPS management connection and VPNs use FIPS validated encryption, while sandbox HTTPS connections are non-FIPS for compatibility."
1839 Entrust, Inc.
One Lincoln Centre
5400 LBJ Freeway
Suite 1340
Dallas, TX 75240
USA

-Entrust Sales

CST Lab: NVLAP 100432-0

Entrust Authority™ Security Toolkit for the Java®Platform
(Software Version: 8.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/29/2012;
05/28/2014
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2008 R2 with Dell Optiplex 755

-FIPS Approved algorithms: AES (Certs. #1935 and #1954); Triple-DES (Cert. #1261); Triple-DES MAC (Cert. #1261, vendor affirmed); DSA (Cert. #617); DRBG (Cert. #170); ECDSA (Cert. #277); SHS (Cert. #1700); HMAC (Cert. #1168); RNG (Cert. #1019); RSA (Cert. #1001); CVL (Cert. #16); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1935, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); CAST3; CAST128; DES; IDEA; RC2; RC4; Rijndael-256; MD2; MD5; RIPEMD-160; SSL3-SHA-MD5; HMAC-MD5; CAST128 MAC; DES MAC; IDEA MAC; ElGamal; SPEKE

Multi-chip standalone

"Entrust Authority™ Security Toolkit for the Java® Platform enables custom applications to be built using a rich set of APIs that provide encryption, digital signature, and certificate authentication capabilities, as well as the ability to manage the full lifecycles of digital certificate-based identities through integration with the Entrust Authority PKI."
1838 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-92, AP-93, AP-104, AP-105, AP-175, Dell W-AP92, W-AP93, W-AP104, W-AP105 and W-AP175 Wireless Access Points
(Hardware Versions: AP-92-F1[1], AP-93-F1[1], AP-104-F1[1], AP-105-F1[1], AP-175P-F1[1], AP-175AC-F1[1], AP-175DC-F1[1], W-AP92-F1[2], W-AP93-F1[2], W-AP104-F1[2], W-AP105-F1[2], W-AP175P-F1[2], W-AP175AC-F1[2], W-AP175DC-F1[2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS[1] and Dell_PCW_6.1.2.3-FIPS[2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/08/2012;
01/24/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1837 Red Hat, Inc.
1801 Varsity Drive
Raleigh, NC 27606
USA

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

NSS Cryptographic Module
(Software Version: 3.12.9.1)

(When operated in FIPS mode and when obtained, installed, and initialized as specified in Section 5 of the provided Security Policy. Section 5 also specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/08/2012 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1908); DRBG (Cert. #165); DSA (Cert. #602); HMAC (Cert. #1145); RSA (Cert. #979); SHS (Cert. #1675); Triple-DES (Cert. #1240)

-Other algorithms: AES (Cert. #1908, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HKDF; J-PAKE; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Cert. #1240, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/ ."
1836 RSA Security, Inc.
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Youngjin Son
TEL: +82-10-6700-6735

CST Lab: NVLAP 200900-0

RSA BSAFE® Crypto-C Micro Edition for MFP SW Platform (pSOS)
(Software Versions: 3.0.0.1 and 3.0.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/08/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with pSOS (single user mode)

-FIPS Approved algorithms: AES (Cert. #1808); Triple-DES (Cert. #1166); DSA (Cert. #566); ECDSA (Cert. #249); RNG (Cert. #953); DRBG (Cert. #137); RSA (Cert. #905); SHS (Cert. #1587); HMAC (Cert. #1066)

-Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman

Multi-chip standalone

"A software cryptographic library within the pSOS real-time operating system specifically for embedded systems based on the ARM9 CPU architecture."
1835 Cavium Networks
2315 N First Street
San Jose, CA 95131
USA

-TA Ramanujam
TEL: 408-931-2952
FAX: 408-577-1992

CST Lab: NVLAP 100432-0

NITROX XL 1600-NFBE HSM Family
(Hardware Versions: P/Ns CN1620-NFBE1NIC-2.0, CN1620-NFBE3NIC-2.0, CN1610-NFBE1NIC-2.0, CN1610-NFBE1-3.0, CN1620-NFBE1-3.0, CN1620-NFBE3-3.0, CN1610-NFBE1-2.0, CN1620-NFBE1-2.0 and CN1620-NFBE3-2.0; Firmware Versions: CN16XX-NFBE-FW-2.1-110015 or CN16XX-NFBE-FW-2.1-110016)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/08/2012;
10/18/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1265 and #1266); Triple-Des (Cert. #898); RSA (Certs. #607 and #742); ECDSA (Certs. #150 and #188); SHS (Certs. #1165 and #1166); HMAC (Cert. #736); KAS (Cert. #5); RNG (Cert. #707); DRBG (Cert. #32); DSA (Cert. #474)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE

Multi-chip embedded

"The NITROX XL 1600-NFBE HSM adapter family delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets."
1834 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0

FortiGate-200B [1], FortiGate-310B [2] and FortiGate-620B [3]
(Hardware Versions: C4CD24 [1], C4ZF35 [2] and C4AK26 [3] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/08/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1832 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0

FortiGate-60C [1], FortiGate-110C [2] and FortiGate-111C [3]
(Hardware Versions: C4DM93 [1], C4HA15 [2] and C4BQ31 [3] with Tamper Evident Seal Kit: FIPS-SEAL-RED [1] or FIPS-SEAL-BLUE [2,3]; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/07/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1408, #1899, and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1831 Motorola Solutions, Inc.
1303 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

KMF CryptR
(Hardware Version: P/N CLN8566A; Firmware Version: R01.02.10, R01.05.00 or R01.05.01)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
12/07/2012;
09/12/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1901); DRBG (Cert. #159); ECDSA (Cert. #268); SHS (Cert. #1670)

-Other algorithms: AES (Cert. #1901, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #1901, vendor affirmed; P25 AES OTAR); NDRNG; LFSR; KAS (non-compliant); DES-XL; DES-OFB; DES-ECB; DES-CBC; DVI-XL; DVP-XL

Multi-chip standalone

"The KMF CryptR provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola's Key Management Facility (KMF). The KMF and KMF CryptR combine to provide these cryptographic services for Motorola's APCO-25 compliant Astro radio systems."
1830 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0

FortiGate-5140 Chassis with FortiGate 5000 Series Blades
(Hardware Version: Chassis: C4GL51; Blades: P4CF76, P4CJ36-02, P4CJ36-04 and P4EV74; AMC Components: P4FC12 and AMC4F9; Shelf Manager: PN 21594 346; Alarm Panel: PN 21594 159; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1405, #1408, #1858, #1899 and #1900); Triple-DES (Certs. #958, #961, #1205, #1234 and #1235); SHS (Certs. #1275, #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #826, #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1829 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco 5508 Wireless LAN Controller
(Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Version: 7.0.230.0, 7.2.103.0, 7.2.115.1 or 7.2.115.2)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
05/16/2013;
07/12/2013
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1828 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-134, AP-135 and Dell W-AP134, W-AP135 Wireless Access Points
(Hardware Versions: AP-134-F1 [1], AP-135-F1 [1], W-AP134-F1 [2] and W-AP135-F1 [2] with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2])

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
01/24/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1827 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 200556-0

Symantec Scanner Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/05/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with CentOS 5.5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1809); Triple-DES (Cert. #1167); DSA (Cert. #567); SHS (Cert. #1588); RNG (Cert. #954); RSA (Cert. #906); HMAC (Cert. #1067)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Symantec Scanner Cryptographic Module Version 1.0 provides cryptographic services to the Scanner component of the Symantec Messaging Gateway solution, a secure email gateway offering. The Scanner provides filtering services on inbound and outbound message flows and is responsible for taking actions on emails based on filtering verdicts."
1826 Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

-Monty Forehand
TEL: 720-684-2835
FAX: 720-684-2733

CST Lab: NVLAP 100432-0

Seagate Secure® TCG Opal SSC Self-Encrypting Drive
(Hardware Versions: 9WU142 [1, 2, 3, 4, 5], 9WU14C [1, 2, 3, 4, 5], 9WU141 [1, 2, 3, 4, 5], 1DJ142 [1, 5, 6, 7], 1DJ14C [1, 5, 6, 7], 1DJ141 [1, 5, 6, 7], 1RS152 [8, 9, 10], 1RS15C [8, 9, 10] and 1RS15D [8, 9, 10]; Firmware Versions: 0001SDM7 [1], 0001SED7 [2], 0002SDM7 [3], 0002SED7 [4], 0001LIM7 [5], 1002SED7 [6], 1003SED7 [7], 0001SDM7 [8], 0001YXM7 [9] or 0002LIM7 [10])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
06/14/2013;
05/20/2014;
09/25/2014
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225)

-Other algorithms: NDRNG

Multi-chip embedded

"The Seagate Secure® TCG Opal SSC Self-Encrypting Drive is embedded in Seagate Momentus® Thin Self-Encrypting Drives (SEDs). The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
1824 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Telepresence C20 Codec
(Hardware Version: C20 v1; Firmware Version: TC5.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/14/2012;
11/21/2012;
12/03/2012
Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255)

-Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1823 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Telepresence C40, C60, and C90 Codecs
(Hardware Versions: C40 v1, C60 v1 and C90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
11/21/2012;
12/03/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #1928); DRBG(Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255)

-Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1822 Data-Pac Mailing Systems Corp.
1217 Bay Road
Webster, NY 14580
USA

-Ken Yankloski
TEL: 585-787-7074
FAX: 585-671-1409

-John Keirsbilck
TEL: 585-787-7077
FAX: 585-671-1409

CST Lab: NVLAP 200427-0

iButton Postal Security Device
(Hardware Version: MAXQ1959B-F50#; Firmware Version: 1.3)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/01/2012 Overall Level: 3 

-Physical Security: Level 3 +EFT

-FIPS Approved algorithms: DSA (Cert. #544); RNG (Cert. #927); SHS (Cert. #1526)

-Other algorithms: N/A

Multi-chip standalone

"The Data-Pac MAXQ1959B-F50# Postal Security Device (PSD) is an embedded cryptographic module used for postage evidencing. The PSD complies with FIPS 140-2 standards and postal requirements to support the USPS IBI program, including strong cryptographic and physical security for the protection of postal funds."
1821 Integral Memory PLC.
Unit 6 Iron Bridge Close
Iron Bridge Business Park
Off Great Central Way
London, Middelsex NW10 0UF
United Kingdom

-Patrick Warley
TEL: +44 (0)20 8451 8700
FAX: +44 (0)20 8459 6301

- Samik Halai
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

CST Lab: NVLAP 200996-0

Crypto Dual (Underlying Steel Chassis) [1] and Crypto Dual Plus (Underlying Steel Chassis) [2]
(Hardware Versions: INFD2GCRYPTODL140-2(R) [1], INFD4GCRYPTODL140-2(R) [1], INFD8GCRYPTODL140-2(R) [1], INFD16GCRYPTODL140-2(R) [1], INFD32GCRYTPODL140-2(R) [1], INFD64GCRYPTODL140-2(R) [1], INFD2GCRYDLP140-2(R) [2], INFD4GCRYDLP140-2(R) [2], INFD8GCRYDLP140-2(R) [2], INFD16GCRYDLP140-2(R) [2], INFD32GCRYDLP140-2(R) [2], INFD64GCRYDLP140-2(R) [2], INFD128GCRYDLP140-2(R) [2], INFD256GCRYDLP140-2(R) [2], INFD512GCRYDLP140-2(R) [2] and INFD1TCRYDLP140-2(R) [2]; Firmware Version: PS2251-65)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/01/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1205); SHS (Cert. #1108); RNG (Cert. #666)

-Other algorithms: NDRNG

Multi-chip standalone

"The Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) features Dual Password (User and Master) and works in both Windows & Mac operating Systems. Featuring Premium 256 bit AES security, it is one of the most secure and durable of all Integral USB Flash Drives. It has brute-force password attack protection, a 26 language interface and operates with a zero footprint."
1820 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-120 Series and Dell W-AP120 Series Wireless Access Points
(Hardware Versions: AP-124-F1 [1], AP-125-F1 [1], W-AP124-F1 [2] and W-AP125-F1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/05/2012;
01/24/2013;
11/14/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1819 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 200556-0

Symantec Control Center Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode with RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/12/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389); DRBG (vendor affirmed); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614)

-Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RNG (X9.31, non-compliant); MD5; SHA-1 (non-compliant); RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5

Multi-chip standalone

1818 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco EX60 and EX90 TelePresence Systems
(Hardware Versions: EX60 v1 and EX90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2012;
11/21/2012;
12/03/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255)

-Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1817 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 Event Manager
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/11/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Event Manager cryptographic module provides cryptographic services to an Event Manager. In particular, these services support secure communication with supporting SQL Server databases."
1816 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation S250/D250
(Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Versions: 4.0.1 or 4.0.2)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2012;
01/04/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1815 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba RAP-5WN and Dell W-RAP-5WN Remote Access Points
(Hardware Versions: RAP-5WN-F1 [1] and W-RAP-5WN-F1 [2]; Firmware Version: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2012;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's RAP-5WN access point aggregates wired and wireless user traffic and forwards it to an Aruba Mobility Controller through a secure IPsec tunnel, using the public Internet or an optional 3G/4G WWAN service for backhaul. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 standard along with optional Suite B cryptography for high-assurance applications. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1814 Websense Inc.
10240 Sorrento Valley Road
San Diego, CA 92121
USA

-Joshua Rosenthol
TEL: 858-320-3684

CST Lab: NVLAP 200928-0

Crypto Module C
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/11/2012;
01/22/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2; 32-bit Red Hat Enterprise Linux 6 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1257); AES (Cert. #1931); SHS (Cert. #1696); HMAC (Cert. #1165); RNG (Cert. #1016); DSA (Cert. #614); RSA (Cert. #997)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES-CFB1 (non-compliant); ECDSA (non-compliant); ECDH (non-compliant)

Multi-chip standalone

"Websense produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Websense Crypto Module C provides support for cryptographic and secure communications services for these solutions."
1813 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Guillaume Gavillet
FAX: 408-936-1801

-Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 200002-0

Junos-FIPS 10.4 L2 OS Cryptographic Module
(Firmware Version: 10.4R5)

(When operated only on the specific platforms specified on the reverse. The routing engine and chassis configured with tamper evident seals installed as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 10/11/2012 Overall Level: 2 

-Design Assurance: Level 3

-Tested: M120 [1], M320 [2], MX240 [3], MX480 [4], MX960 [5] and T1600 [6]; Routing Engines: (RE-A-2000-4096 [1,2] and RE-S-2000-4096 [3,4,5,6]); Routing Engine Control Boards: (750-011402 [1] and 750-021524 [3,4,5]); Blanking Plate (540-015089 Rev02 [5]); Control Boards: (750-009188 [2] and 750-024570 [6]); with Tamper Evident Seal Kit: (JNPR-FIPS-TAMPER-LBLS [1,2,3,4,5,6])

-FIPS Approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Juniper Networks M, T and MX series routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software, which provides both management and control functions as well as all IP routing."
1812 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Control Center Virtual Appliance
(Software Versions: 5.2.0 and 5.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/11/2012;
10/31/2012
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with CGLinux (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1862 and #1917); Triple-DES (Certs. #1209 and #1247); SHS (Certs. #1638 and #1683); HMAC (Certs. #1109 and #1152); DRBG (Cert. #162); RNG (Certs. #976 and #1008); RSA (Certs. #943 and #985); DSA (Certs. #581 and #608)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
1811 IMS Health Inc.
16720 Route Transcanadienne
Suite 1700
Kirkland, Québec H9H 5M3
Canada

-Charles Blair
TEL: 905-816-5131

-Hussam Mahgoub
TEL: 905-816-5134

CST Lab: NVLAP 200928-0

Diversinet Java Crypto Module
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/11/2012;
02/20/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 with JDK v1.6 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1276); AES (Cert. #1965); SHS (Cert. #1723); HMAC (Cert. #1185); DRBG (Cert. #175); RSA (Cert. #1017)

-Other algorithms: N/A

Multi-chip standalone

"Diversinet Java SE Crypto Module is a JCA (Java Cryptography Architecture) Provider shipped with Diversinet MobiSecure Products. The Crypto Module implements several JCE (Java Cryptography Extension) algorithms including Triple DES, AES, SHA, HMAC and RSA. The Crypto Module is packaged in a signed Java Archive (JAR) file."
1810 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200426-0

FortiGate-1240B [1] and FortiGate-3140B [2]
(Hardware Versions: C4CN43 [1] and C4XC55 [2] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE [1] or FIPS-SEAL-RED [2]; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1408, #1858, #1899 and #1900); Triple-DES (Certs. #961, #1205, #1234 and #1235); SHS (Certs. #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1809 Systematic Development Group, LLC
350 Jim Moran Blvd. Suite 122
Deerfield Beach, FL 33442
USA

-George Wolf
TEL: 954-889-3535 x315

CST Lab: NVLAP 100432-0

LOK-IT® 10 KEY (Series SDG003FM/SDG005M)
(Hardware Versions: HW003-32 Rev:01 [2], HW003-16 Rev:03 [1], HW003-16 Rev:04 [2], HW003-08 Rev:02 [1], HW003-08 Rev:03 [2] , HW003-04 Rev:02 [1] and HW003-04 Rev:03 [2]; Firmware Version: USB Controller Firmware Revision V01.12A12-F01 [1] or V01.12A14-F05 [2]; Security Controller Firmware Revision SDG003FM-010)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/02/2012;
01/22/2013;
07/26/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1682); DRBG (Cert. #164)

-Other algorithms: NDRNG

Multi-chip standalone

"This module is a multi-chip standalone cryptographic module, as defined by FIPS 140-2 and consists of an Initio 1861 USB controller, NAND Flash memory and a Microchip PIC16LF1825 security controller. All components are encased in hard, opaque, production grade integrated circuit packaging. The cryptographic boundary is defined as the boundary of the module's PCB and hard epoxy coating. The module uses a NDRNG as input to a Hash_DRBG algorithm specified in NIST special publication SP800-90 to generate a random 256 bit encryption key. The AES key has 256 bits of entropy."
1808 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 Log Manager
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/02/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Log Manager cryptographic module provides cryptographic services to a Log Manager. In particular, these services support secure communication with other LogRhythm components (System Monitor Agents and AI Engine Servers) and SQL Server databases."
1807 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 Console
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/02/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Console cryptographic module provides cryptographic services to a Console. In particular, these services support secure communication with SQL Server databases in a LogRhythm deployment."
1806 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 Windows System Monitor Agent
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/02/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Windows System Monitor Agent cryptographic module provides cryptographic services to a Windows System Monitor Agent. In particular, these services support secure communication with a LogRhythm Log Manager component."
1805 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 AI Engine Server
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/02/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 AI Engine Server cryptographic module provides cryptographic services to an AI Engine Server. In particular, these services support secure communication with LogRhythm Log Managers and Event Manager SQL Server databases."
1804 IMS Health Inc.
16720 Route Transcanadienne
Kirkland, Québec H9H 5M3
Canada

-Charles Blair
TEL: 905-816-5131

-Hussam Mahgoub
TEL: 905-816-5134

CST Lab: NVLAP 200928-0

Diversinet Java Crypto Module for Mobile
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/03/2012;
02/20/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android OS v2.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1277); AES (Cert. #1966); SHS (Cert. #1724); HMAC (Cert. #1186); DRBG (Cert. #176); RSA (Cert. #1018)

-Other algorithms: N/A

Multi-chip standalone

"Diversinet Java ME Crypto Module is shipped with Diversinet MobiSecure Client SDK for Java based run-time environments on Smartphones and tablets including, Android OS-, BlackBerry OS- and Java ME MIDP-based. The Crypto Module implements several cryptography algorithms including Triple DES, AES, SHA, HMAC and RSA."
1803 Websense Inc.
10240 Sorrento Valley Road
San Diego, CA 92121
USA

-Joshua Rosenthol
TEL: 858-320-3684

CST Lab: NVLAP 200928-0

Crypto Module Java
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/25/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2 with JRE v1.6.0 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1262); AES (Cert. #1936); SHS (Cert. #1701); HMAC (Cert. #1169); RNG (Cert. #1020); DSA (Cert. #618); RSA (Cert. #1002)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); ECDSA (non-compliant); ECDH (non-compliant); MD2; MD4; MD5

Multi-chip standalone

"The Websense Crypto Module Java provides cryptographic and secure communication services for the Websense-developed family of web security, email security, and data loss prevention solutions, deployed on high-performance, pre-configured hardware or as fully-customizable "ready-to-install" software."
1802 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Greg Farris
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

VDX 6710, VDX 6720 and VDX 6730 with Network OS (NOS) v2.1.0 Firmware
(Hardware Versions: VDX6710-54-F (P/N 80-1004843-02), VDX6710-54-R (P/N 80-1004702-02), VDX6720-16-F (P/N 80-1004566-05), VDX6720-16-R (P/N 80-1004567-05), VDX6720-24-F (P/N 80-1004564-05), VDX6720-24-R (P/N 80-1004565-05), VDX6720-40-F (P/N 80-1004570-05), VDX6720-40-R (P/N 80-1004571-05), VDX6720-60-F (P/N 80-1004568-05), VDX6720-60-R (P/N 80-1004569-05), VDX6730-16-F (P/N 80-1005649-01), VDX6730-16-R (P/N 80-1005651-01), VDX6730-24-F (P/N 80-1005648-01), VDX6730-24-R (P/N 80-1005650-01), VDX6730-40-F (P/N 80-1005680-01), VDX6730-40-R (P/N 80-1005681-01), VDX6730-60-F (P/N 80-1005679-011) and VDX6730-60-R (P/N 80-1005678-01) with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: Network OS (NOS) v2.1.0 (P/N 63-1000931-01))

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/07/2012 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #652); AES (Certs. #731 and #1595); SHS (Certs. #749 and #1407); HMAC (Certs. #397 and #933); RNG (Cert. #426); RSA (Certs. #342 and #778)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96

Multi-chip standalone

"The VDX 6710, VDX 6720 and VDX 6730 are multiple-chip standalone cryptographic modules. The module is a Gigabit Ethernet routing switch that provides secure network services and network management."
1801 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

µMACE
(Hardware Version: P/N AT58Z04; Firmware Version: R01.00.04)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/07/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1876); DRBG (Cert. #154); ECDSA (Cert. #263); KAS (Cert. #28); SHS (Cert. #1619)

-Other algorithms: AES (Cert. #1876, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG

Single-chip

"The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products."
1800 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Andrew Young
TEL: 703-647-8408
FAX: 410-290-6506

CST Lab: NVLAP 100432-0

eToken 4300
(Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: SafeNet eToken 4300 010E.1245.0002 with PIV Applet 3.0)

(PIV Card Application: Cert. #32)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/06/2012;
02/06/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2); CVL (Certs. #218 and #222)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"eToken 4300 is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. eToken 4300 is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. eToken 4300 supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. eToken 4300 exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1799 Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

-Gary Brunner
TEL: 412-262-2571, ext. 101
FAX: 412-262-2574

CST Lab: NVLAP 200928-0

CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE
(Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/04/2012;
03/08/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #482, #667 and #1258); AES (Certs. #465, #762 and #1932); SHS (Cert. #1697); HMAC (Certs. #416, #417 and #1166); RSA (Certs. #998); DSA (Certs. #615); RNG (Certs. #1017)

-Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP100 VSE and CEP1000 VSE provide data confidentiality, data integrity and data authentication for network traffic at bit rates from 75 Mbps to 1 Gbps."
1798 Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

-Gary Brunner
TEL: 412-262-2571, ext. 101
FAX: 412-262-2574

CST Lab: NVLAP 200928-0

CEP10-R, CEP10 VSE and CEP10-C
(Hardware Versions: [CEP10-R, PN 410-032-402, A], [CEP10 VSE, PN 410-032-402, A], [CEP10-C, PN 410-032-602, A] and [CEP10 VSE, PN 410-032-602, A]; Firmware Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/06/2012;
03/08/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #673 and #1258); AES (Certs. #779 and #1932); SHS (Cert. #1697); HMAC (Certs. #426 and #1166); RSA (Cert. #998); DSA (Cert. #615); RNG (Cert. #1017)

-Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer full line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP10 VSE provides data confidentiality, data integrity and data authentication for network traffic at bit rates from 3 Mbps to 50 Mbps."
1797 Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

-Gary Brunner
TEL: 412-262-2571, ext. 101
FAX: 412-262-2574

CST Lab: NVLAP 200928-0

CEP10G VSE
(Hardware Version: [CEP10G VSE, A]; Firmware Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/04/2012;
03/08/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1195 and #1258); AES (Certs. #1842 and #1932); SHS (Cert. #1697); HMAC (Certs. #1141 and #1166); RSA (Cert. #998); DSA (Cert. #615); RNG (Cert. #1017)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer full line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP10G VSE provides data confidentiality, data integrity and data authentication for network traffic at bit rates from 500 Mbps to 10 Gbps."
1796 Brocade Communications Systems, Inc.
130 Holger W
San Jose, CA 95134
USA

-Greg Farris
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones; 6510 FC Switch; and 7800 Extension Switch
(Hardware Version: [6510 FC Switch (P/Ns 80-1005232-02, 80-1005267-02, 80-1005268-02, 80-1005269-02, 80-1005271-02 and 80-1005272-02) [A,B], 7800 Extension Switch (P/Ns 80-1002607-06, 80-1002608-06 and 80-1002609-06) [A,B], [DCX Backbone (P/Ns 80-1001064-08, 80-1001064-09, 80-1004920-02 and 80-1004920-03), DCX-4S Backbone (P/Ns 80-1002071-08, 80-1002071-09, 80-1002066-08 and 80-1002066-09), DCX 8510-4 Backbone (P/Ns 80-1004697-02, 80-1004697-03, 80-1005158-02 and 80-1005158-03) and DCX 8510-8 Backbone (P/Ns 80-1004917-02 and 80-1004917-03] with Blades (P/Ns 80-1001070-06 [A,B], 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1001071-02, 80-1000696-01, 80-1005166-01, 80-1005187-01, 80-1001066-01, 80-1001067-01, 80-1001453-01, 80-1003887-01, 80-1002762-04, 80-1000233-10, 80-1002839-02, 49-1000016-04, 49-1000064-02 and 49-1000294-05)] with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.0.0b (P/N 63-1000968-01) [A] or Fabric OS v7.0.0b1 (P/N 63-1001098-01) [B])

(When operated in FIPS mode and when tamper evident labels are installed on the initially built configurations as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/31/2012 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #652 and #1043); AES (Certs. #731, #1595 and #1596); SHS (Certs. #749, #1407 and #1408); HMAC (Certs. #397, #933 and #934); RNG (Certs. #426 and #854); RSA (Certs. #778, #779, #1048 and #1049)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96

Multi-chip standalone

"The Brocade« DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
1795 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

-Thomas Palsherm
TEL: +49 89 4119-2384
FAX: +49 89 4119-9093

CST Lab: NVLAP 200427-0

Sm@rtCafé Expert 6.0 FIPS
(Hardware Versions: P5CC081, P5CD081 and P5CD145; Firmware Version: Sm@rtCafé Expert 6.0)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/31/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed)

-Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides between 128 and 175 bits of encryption strength)

Single-chip

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafé Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
1794 Thales e-Security
Meadow View House
Crendon Industrial Estate, Long Crendon,
Aylesbury, Buckinghamshire HP18 9EQ
United Kingdom

-Datacryptor-Certifications
TEL: +44 (0)1844 201800

CST Lab: NVLAP 200002-0

Secure Generic Sub-System (SGSS), Version 3.5
(Hardware Versions: 1213H130 Issue 6E, 1213R130 Issue 1, 1213P130 Issue 2 and 1213P130 Issue 2A; Software Version: 3.0.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/28/2012;
09/27/2012
Overall Level: 3 

-FIPS Approved algorithms: ECDSA (Cert. #283); SHS (Cert. #1717)

-Other algorithms: N/A

Multi-chip embedded

"The Secure Generic Sub-System (SGSS) is a multi-chip embedded module used to provide secure cryptographic resources to a number of products in the Thales e-Security portfolio. This includes the Datacryptor® 2000, Datacryptor® Advanced Performance and Small Form Factor family (Link, Frame Relay, E1/T1, E3/T3, and IP models). The SGSS contains a secure bootstrap and authenticates application loading using the Digital Signature Algorithm (ECDSA) and SHA-384 hashing. This is a revalidation of the SGSS certified under FIPS Certificate #836, and does not affect the previous FIPS validation."
1793 HID Global
15370 Barranca Pkwy
Irvine, CA 92618
USA

-Stephane Ardiley
TEL: 510-745-6288
FAX: 510-574-0101

CST Lab: NVLAP 100432-0

HID Global Digital Identity Applet v2 on NXP JCOP 2.4.2
(Hardware Version: P/N P5CD145; Firmware Version: JCOP 2.4.2 R0 MaskID 53 and patchID 98, Digital Identity Applet Suite 2.7.1)

(PIV Card Application: Cert. #29)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/28/2012;
02/06/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: RNG (Cert. #942); Triple-DES (Cert. #1144); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); RSA (Cert. #885); CVL (Cert. #219)

-Other algorithms: Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"This version of the product can be used over contact and contactless interface (with some restrictions) and can be configured for use with HID Global JavaCard Applet Suite v2.7.1 for support of GSC-IS v2.1, NIST SP800-73-3 Transitional and End-Point Card Edge (for HSPD-12/PIV). The product allows issuance and post-issuance support for PIV End Point Card Edge and Data Model."
1792 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 OpenSSH Server Cryptographic Module
(Software Version: 2.1)

(When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode. When obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/24/2012;
10/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); RNG (Certs. #989, #990, #994 and #995); HMAC (Certs. #1129, #1130, #1134 and #1135); SHS (Certs. #1658, #1659, #1663 and #1664); RSA (Certs. #964, #965, #969 and #970)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.2. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1791 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 OpenSSH Client Cryptographic Module
(Software Version: 2.1)

(When operated in FIPS mode. This module contains the embedded module Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode. When obtained, installed, and initialized as assumed by the Crypto Officer role and as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/24/2012;
10/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); RNG (Certs. #989, #990, #994 and #995); HMAC (Certs. #1129, #1130, #1134 and #1135); SHS (Certs. #1658, #1659, #1663 and #1664); RSA (Certs. #964, #965, #969 and #970)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.2. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
1790 ARX (Algorithmic Research)
10 Nevatim Street
Petah-Tikva, 49561
Israel

-Ezer Farhi
TEL: +972-39279529
FAX: +972-39230864

CST Lab: NVLAP 200002-0

PrivateServer
(Hardware Version: 4.7; Firmware Version: 4.8.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1983); Triple-DES (Cert. #1286); RSA (Cert. #1029); SHS (Cert. #1738); Triple-DES MAC (Triple-DES Cert. #1286, vendor affirmed); RNG (Cert. #1042); ECDSA (Cert. #288); HMAC (Cert. #1196)

-Other algorithms: DES Stream; MD5; RSA cipher only with ISO9796 padding; ARDFP; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; DES MAC

Multi-chip standalone

"The PrivateServer is a high-performance cryptographic service provider. PrivateServer performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES MAC, CCM, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capability."
1789 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032
(Hardware Versions: FWE-S1104, FWE-S2008, FWE-S3008, FWE-S4016, FWE-S5032 and FWE-S6032; Firmware Version: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/22/2012 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1788 Q1 Labs
890 Winter Street
Suite 230
Waltham, MA 02451
USA

-Ellen Knickle
TEL: 506-444-6870
FAX: 506-459-7016

-Peter Clark
TEL: 506-635-4900
FAX: 506-459-7016

CST Lab: NVLAP 200427-0

Cryptographic Security Kernel
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/22/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux (RHEL) 5.7; CentOS 5.7 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1907); HMAC (Cert. #1144); RNG (Cert. #1001); RSA (Cert. #978); SHS (Cert. #1674); Triple-DES (Cert. #1239)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5, RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Q1 Labs Cryptographic Security Kernel is multi-algorithm library providing general-purpose cryptographic services. The purpose of the module is to provide a single API for cryptographic functionality that can provide centralized control over FIPS-Approved mode status, provide availability of only FIPS-Approved algorithms or vendor-affirmed implementations of non FIPS-Approved algorithms, and provide for centralized logging and reporting of the cryptographic engine."
1787 GDC Technology (USA), LLC
1016 West Magnolia Boulevard
Burbank, CA 91506
USA

-Pranay Kumar
TEL: 877-743-2872
FAX: (877) 643-2872

CST Lab: NVLAP 100432-0

IMB
(Hardware Version: GDC-IMB-v1; Firmware Version: 1.1 with Security Manager Firmware Version 1.2.11)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/22/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1278 and #1286); SHS (Certs. #1176, #1178, #1179 and #1180); RNG (Certs. #713 and #716); RSA (Certs. #610 and #613); HMAC (Certs. #743 and #747)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; S-Box

Multi-chip embedded

"A digital cinema media block designed to be compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management and logging."
1786 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/24/2012;
01/24/2013
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 7 (64-bit) with Sun JRE 6.0; Android 2.2 ARM (32-bit) JRE 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1911); DRBG (Cert. #160); DSA (Cert. #604); ECDSA (Cert. #271); HMAC (Cert. #1148); PBKDF (vendor affirmed); RNG (Cert. #1004); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243)

-Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1785 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 6.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/24/2012;
01/24/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 7 (64-bit) with Sun JRE 6.0; Android 2.2 ARM (32-bit) JRE 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1911); DRBG (Cert. #160); DSA (Cert. #604); ECDSA (Cert. #271); HMAC (Cert. #1148); PBKDF (vendor affirmed); RNG (Cert. #1004); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243)

-Other algorithms: DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1784 Hewlett-Packard Company
8000 Foothills Blvd
Rosevillle, CA 95747
USA

-Sunil Amanna
TEL: 916-785-1183
FAX: 916-785-1103

-Harjit Dhillon
TEL: 916-785-0341
FAX: 916-785-1103

CST Lab: NVLAP 200002-0

HP Networking 5400 zl [1,2] and 8200 zl [3,4] Switch Series
(Hardware Versions: 5406 zl [1] 5412 zl [2], 8206 zl [3], 8212 zl [4] [A] [B] [C]; Switches: (J8697A [1], J8698A [2], J9447A [3] and J9091A [4] [A] [B] [C]); Management Modules: (J8726A [1,2] and two J9092A [3,4] [A] [B] [C]); Power Supply: (J9306A: one [1,3] or two [2,4]); Support Module: (J9095A [3,4] [A] [B] [C]); Fabric Module: (two J9093A [3,4] [A] [B] [C]); Blank Plate: (5069-8563: five [1,3] or eleven [2,4]); PSU Blank Plate (5003-0753: one [1,3] or two [2,4]); Opacity Shield Kits: (J9710A [1], J9711A [2], J9712A [3] and J9713A [4]); High Performance Fan Trays: (J9721A [1], J9722A [2], J9723A [3] and J9724A [4]); with ([HP Gig-T/SFP+ V2 zl Mod: J9536A] and [Tamper Evident Seal Kit: J9709A]) [1,2,3,4]; Firmware Versions: K.15.07.003 [A], K.15.07.0012 [B] and K.15.09.0004 [C])

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/15/2012;
12/13/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1718); Triple-DES (Cert. #1105); SHS (Certs. #1501 and #1600); HMAC (Cert. #993); RSA (Certs. #866 and #915); DSA (Cert. #530); RNG (Cert. #911)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"The HP 5400 Switch series consists of Layer 2/3/4 switches which support integrated advanced capabilities in chassis (6-slot and 12-slot) form factor and offer maximum flexibility, life time warranty and lowered TCO. The HP 8200 zl Switch Series offers high performance, scalability, and a wide range of features in a high-availability platform that dramatically reduces complexity and provides reduced cost of ownership."
1783

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/08/2012;
03/19/2013
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

1782 SafeNet, Inc.
20 Colonnade Drive
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Langley Rock
TEL: 613-221-5068
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

ProtectServer Internal Express (PSI-e)
(Hardware Versions: VBD-04-0302 and VBD-04-0303; Firmware Versions: 3.20.00, 3.20.01 and 3.20.05)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/07/2012;
11/05/2012;
10/16/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1859 and #1860); DSA (Cert. #579); ECDSA (Cert. #259); HMAC (Cert. #1106); RNG (Cert. #975); RSA (Cert. #940); SHS (Cert. #1636); Triple-DES (Certs. #1206 and #1207); Triple-DES MAC (Triple-DES Cert. #1206, vendor affirmed)

-Other algorithms: AES MAC (AES Cert. #1859; non-compliant); ARIA; CAST-128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECIES; EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; SEED MAC; Triple-DES (Certs. #1206 and #1207, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Certs. #1859 and #1860, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Multi-chip embedded

"The SafeNet PSI-e is a high-end intelligent PCI adapter card, used either standalone or in the SafeNet PSE appliance, that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-e also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC."
1781 Valid S/A
Av. Paulista, 1000, terreo
Sao Paulo, 01310-100
Brazil

-Carlos Okada
TEL: +55 11 2575-6800
FAX: +55 11 2575-6500

CST Lab: NVLAP 100432-0

IDflex V
(Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Valid IDflex V 010B.0352.0005 with LASER PKI Applet 3.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/07/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. # 824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDflex V is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDflex V is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDflex V supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDflex V exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1780

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/07/2012;
09/26/2012;
07/10/2013;
03/21/2014;
06/18/2014
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1779

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/07/2012;
09/26/2012;
07/10/2013;
03/21/2014;
06/18/2014
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1778

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/07/2012;
04/15/2013
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1777 Thales e-Security, Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Nathan Turajski
TEL: 954-888-6201

CST Lab: NVLAP 200427-0

Thales e-Security keyAuthority®
(Hardware Version: 1.0; Firmware Version: 3.0.3)

(This module contains the embedded module IBM Java JCE FIPS 140-2 Cryptographic Module validated to FIPS 140-2 under Cert. #1081 operating in FIPS mode using IBM JVM 1.6)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/07/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #805 and #1795); DRBG (Cert. #128); HMAC (Certs. #445 and #1059); RNG (Cert. #463); RSA (Certs. #387 and #898); SHS (Certs. #803, #1573 and #1577)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"Thales keyAuthority® is a standards-based, FIPS-validated key management appliance that enables organizations to confidently manage encryption for multiple types of encrypting endpoints. The appliance manages encryption keys throughout their lifecycle to meet security policy and regulatory compliance requirements. A vendor-neutral approach ensures broad support for encryption devices."
1776 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® CA4
(Hardware Version: LTK-02-0501; Firmware Version: 4.8.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/01/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1785; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
1775 SafeNet, Inc.
20 Colonnade Road
Suite 200
Nepean, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCM Key Export (KE) Cryptographic Module
(Hardware Version: LTK-02-0501; Firmware Version: 4.8.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/01/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1785; non-compliant); DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1774 SafeNet Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCM
(Hardware Version: LTK-02-0501; Firmware Version: 4.8.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/01/2012 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #1785); Triple-DES (Cert. #1157); SHS (Cert. #1567); DSA (Cert. #561); RSA (Cert. #892); ECDSA (Cert. #241); HMAC (Cert. #1050); Triple-DES MAC (Triple-DES Cert. #1157, vendor affirmed); RNG (Cert. #947); KAS (Cert. #24); KBKDF (vendor affirmed)

-Other algorithms: DES; AES MAC (AES Cert. #1785, non-compliant); RC2; RC4; RC5; CAST; CAST 3; CAST 5; MD2; MD5; HAS-160; HMAC-MD5; KCDSA, RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1785, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1157, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1773 Ciena® Corporation
1201 Winterson Road
Linthicum, MD 21090
USA

-Patrick Scully
TEL: 613-670-3207

CST Lab: NVLAP 200928-0

565 Advanced Services Platform [1], 5100 Advanced Services Platform [2] and 5200 Advanced Services Platform [3]
(Hardware Versions: [NT0H50DAE5 REV 004 [1], NTPM50AAE5 Rev 11 [2], NT0H50AA Rev 014 [3], SP Card NT0H5066E5 Rev 04 [1] and NT0H41ABE5 Rev 8 [2,3], QOTR/E Card NT0H25BAE5 Rev 2 [1,2,3], OCM Card NT0H40BCE5 Rev 18 [3], Filler Card NT0H52ABE6 Rev 02 [1,2,3]] with FIPS security kit NT0H25BZ Rev 3; Firmware Versions: 11.2 and 11.21)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/01/2012;
02/06/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1161); AES (Certs. #1682, #1794 and #1796); SHS (Certs. #1576 and #1578); HMAC (Certs. #1058 and #1060); RSA (Certs. #897 and #899); DRBG (Certs. #130 and #131)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; DES; Blowfish

Multi-chip standalone

"The 565/5100/5200 Advanced Services Platform offers an integrated transport encryption solution providing an ultra-low latency and protocol-agnostic wirespeed encryption service for use in small to large enterprises or datacenters and also offered through service providers as a differentiated managed service."
1772 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Guillaume Gavillet
FAX: 408-936-1801

-Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 200002-0

Junos-FIPS 10.4 L1 OS Cryptographic Module
(Firmware Version: 10.4R5)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 07/31/2012 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: RE-850-1536 [M7i] and RE-850-1536 [M10i]

-FIPS Approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Juniper Networks M7i and M10i routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software which provides both management and control functions as well as all IP routing."
1771 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200928-0

ProxySG 510-5 [1], 510-10 [2], 510-20 [3], 510-25 [4], 810-5 [5], 810-10 [6], 810-20 [7] and 810-25 [8]
(Hardware Versions: 090-02760 Rev U.0 [1]; 090-02761 Rev X.0 [2]; 090-02762 Rev W.0 [2]; 090-02761 Rev C.0 [2]; 090-02762 Rev C.0 [2]; 090-02763 Rev W.0 [3]; 090-02764 Rev W.0 [3]; 090-02763 Rev C.0 [3]; 090-02764 Rev C.0 [3]; 090-02781 Rev X.0 [4]; 090-02782 Rev X.0 [4]; 090-02781 Rev C.0 [4]; 090-02782 Rev C.0 [4]; 090-02765 Rev W.0 [5]; 090-02766 Rev Y.0 [6]; 090-02767 Rev Y.0 [6]; 090-02766 Rev H.0 [6]; 090-02767 Rev H.0 [6]; 090-02768 Rev X.0 [7]; 090-02769 Rev X.0 [7]; 090-02768 Rev H.0 [7]; 090-02769 Rev H.0 [7]; 090-02783 Rev Z.0 [8]; 090-02784 Rev Z.0 [8]; 090-02783 Rev H.0 [8] and 090-02784 Rev H.0 [8] with FIPS kit 085-02597; Firmware Versions: 5.5 or 5.5.7.2)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/31/2012;
08/07/2012;
01/04/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #105, #397 and #1885); Triple-DES (Certs. #217, #435 and #1224); RSA (Cert. #962); SHS (Cert. #1656); HMAC (Cert. #1127); RNG (Cert. #987).

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 510 and 810 are some of several appliance lines offered by Blue Coat"
1770 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200928-0

ProxySG 510-5 [1], 510-10 [2], 510-20 [3], 510-25 [4], 810-5 [5], 810-10 [6], 810-20 [7], 810-25 [8]
(Hardware Versions: 090-02760 Rev U.0 [1]; 090-02761 Rev X.0 [2]; 090-02762 Rev W.0 [2]; 090-02761 Rev C.0 [2]; 090-02762 Rev C.0 [2]; 090-02763 Rev W.0 [3]; 090-02764 Rev W.0 [3]; 090-02763 Rev C.0 [3]; 090-02764 Rev C.0 [3]; 090-02781 Rev X.0 [4]; 090-02782 Rev X.0 [4]; 090-02781 Rev C.0 [4]; 090-02782 Rev C.0 [4]; 090-02765 Rev W.0 [5]; 090-02766 Rev Y.0 [6]; 090-02767 Rev Y.0 [6]; 090-02766 Rev H.0 [6]; 090-02767 Rev H.0 [6];090-02768 Rev X.0 [7]; 090-02769 Rev X.0 [7]; 090-02768 Rev H.0 [7]; 090-02769 Rev H.0 [7]; 090-02783 Rev Z.0 [8]; 090-02784 Rev Z.0 [8]; 090-02783 Rev H.0 [8] and 090-02784 Rev H.0 [8] with FIPS kit 085-02597; Firmware Versions: 6.1 or 6.1.5.5)

(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/31/2012;
08/07/2012;
01/04/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #105, #397 and #1875); Triple-DES (Certs. #217, #435 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 510 and 810 are some of several appliance lines offered by Blue Coat"
1769 Hewlett-Packard Development Company, L.P.
2344 Boulevard Alfred-Nobel
St-Laurent, Québec H4S 0A4
Canada

-Gilbert Moineau
TEL: 514-920-4250

CST Lab: NVLAP 200002-0

HP 5406 zl [1], HP 5412 zl [2], HP 8206 zl [3] and HP 8212 zl [4] Switches with the HP MSM765zl Mobility Controller
(Hardware Version: (J8697A [1], J8698A [2], J9447A [3] and J9091A [4] [B]); Management Modules: (J8726A [1,2] and J9092A [3,4] [B]); Power Supply: (J9306A: one [1,3] or two [2,4]); Support Module: (J9095A [3,4] [B]); Fabric Module: (J9093A: two [3,4] [B]); Blank Plate: (5069-8563: four [1], ten [2], five [3] or eleven [4]); Opacity Shield Kits: (J9710A [1], J9711A [2], J9712A [3] and J9713A [4]); High Performance Fan Trays: (J9721A [1], J9722A [2], J9723A [3] and J9724A [4]); with (HP Gig-T/SFP+ V2 zl Mod: J9536A; HP Mobility Controller: J9370A [A] and Tamper Evident Seal Kit: J9709A) [1,2,3,4]; Firmware Version: 5.6.0 [A] and K.15.07.0003 [B])

(When operated in FIPS mode with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/27/2012 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1824 and #1825); Triple-DES (Certs. #1177 and #1178); SHS (Certs. #1603 and #1604); HMAC (Certs. #1079 and #1107); RNG (Cert. #961); RSA (Certs. #917 and #921)

-Other algorithms: RC4; MD5; HMAC-MD5; SHA-[224, 256, 384 and 512] (Cert. #1604; non-compliant); HMAC-SHA-[224, 256, 384 and 512] (Cert. #1079; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The HP 5400/8200 zl Switch Series with the HP MSM765zl Mobility Controller provide centralized management and control of intelligent HP MSM APs for a wide range of deployments, from small Internet cafes and businesses, to large corporations and institutions."
1768 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200928-0

ProxySG 9000-10 [1], 9000-20 [2] and 9000-20B [3]
(Hardware Version: 090-02844 [1], 090-02843 [1], 090-02840 [2], 090-02839 [2], 090-02984 [3] and 090-02985 [3] with FIPS kit 085-02718;; Firmware Versions: 5.5 or 5.5.7.2)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/27/2012;
08/07/2012;
01/04/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1265 and #1885); Triple-DES (Certs. #898 and #1224); RSA (Cert. #962); SHS (Cert. #1656); HMAC (Cert. #1127); RNG (Cert. #987).

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 9000 is one of several appliance lines offered by Blue Coat"
1767 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200928-0

ProxySG 900-10 [1], 900-10B [2], 900-20 [3], 900-30 [4], 900-45 [5] and 900-55 [6]
(Hardware Version: 090-02900 [1], 090-02901 [1], 090-02988 [2], 090-02989 [2], 090-02902 [3], 090-02903 [3], 090-02904 [4], 090-02905 [4], 09002908 [5], 090-02909 [5], 090-02979 [6] and 090-02980 [6] with FIPS kit 085-02742; Firmware Versions: 6.1 or 6.1.5.5)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/27/2012;
08/07/2012;
08/16/2012;
01/04/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1265 and #1875); Triple-DES (Certs. #898 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 900 is one of several appliance lines offered by Blue Coat"
1766 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200928-0

ProxySG 9000-10 [1], 9000-20 [2], 9000-20B [3], 9000-30 [4] and 9000-40 [5]
(Hardware Version: 090-02844 [1], 090-02843 [1], 090-02840 [2], 090-02839 [2], 090-02984 [3], 090-02985 [3], 090-02841 [4], 090-02842 [4], 090-02845 [5] and 090-02846 [5] with FIPS kit 085-02718; Firmware Versions: 6.1 or 6.1.5.5)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/27/2012;
08/07/2012;
08/16/2012;
09/27/2012;
01/04/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1265 and #1875); Triple-DES (Certs. #898 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 9000 is one of several appliance lines offered by Blue Coat"
1765 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 905-507-4230

CST Lab: NVLAP 200556-0

BlackBerry Cryptographic Java Module
(Software Versions: 2.8 and 2.8.7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 07/31/2012;
10/10/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on [Solaris 10, 32-bit; Solaris 10, 64-bit; Red Hat Linux AS 5.5, 32-bit; Red Hat Linux AS 5.5, 64-bit; Windows Vista, 32-bit; Windows Vista, 64-bit; Windows 2008 Server, 64-bit] (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #964); AES (Cert. #1411); SHS (Cert. #1281); HMAC (Cert. #832); RNG (Cert. #773); DSA (Cert. #455); ECDSA (Cert. #179); RSA (Cert. #687); DRBG (Cert. #52); KAS (Cert. #8)

-Other algorithms: ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Java Module is a software module that provides cryptographic services to BlackBerry® products such as the BlackBerry® PlayBook Administration Service, and other BlackBerry® products."
1764 Athena Smartcard, Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

-Ste´phanie Motre´
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0

IDProtect Duo with PIV
(Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: Athena IDProtect 010E.1245.0002 with PIV Applet 3.0)

(PIV Card Application: Cert. #31)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/23/2012;
04/12/2013;
02/06/2014;
05/28/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2); CVL (Certs. #218 and #222)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high performance government and enterprise smart card applications."
1763 Motorola Solutions, Inc.
Unit A1, Linhay Business Park
Ashburton, Devon TQ13 7UP
United Kingdom

-Richard Carter
TEL: +44 1364 655504
FAX: +44 1364 654625

CST Lab: NVLAP 100432-0

Motorola PTP 800 Series CMU Cryptographic Module
(Hardware Version: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800 04-10)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2012 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG

Multi-chip standalone

"Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Motorola Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution."
1762 INSIDE Secure
41 Parc Club du Golf
Aix-en-Provence, 13856
France

-Jerome Ducros
TEL: +333 (0) 413758653

CST Lab: NVLAP 100432-0

VaultIC420™, VaultIC440™ and VaultIC460™
(Hardware Versions: P/N: ATVaultIC420, ATVaultIC440 and ATVaultIC460, Platform: AT90SO128 - Silicon Rev F; Firmware Version: 1.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2012;
09/06/2012
Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Cert. #1822); DRBG (Cert. #142); DSA (Cert. #572); ECDSA (Cert. #251); HMAC (Cert. #1077); RSA (Cert. #927); SHS (Cert. #1601); Triple-DES (Cert. #1175)

-Other algorithms: DES; DES MAC; Triple-DES MAC (non-compliant); HOTP; TOTP; RSA (encrypt/decrypt); AES (Cert. #1822, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"The VaultIC™ 420, VaultIC™ 440 and VaultIC™ 460 is an Application Specific Standard Product (ASSP) designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection."
1761 Motorola Solutions, Inc.
1303 E. Algonquin Rd
Schaumburg, IL 60196
USA

-Richard Carter
TEL: 44-0-1364-655500
FAX: 44-0-1364-654625

CST Lab: NVLAP 100432-0

Motorola PTP 600 Series Point to Point Wireless Ethernet Bridges
(Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Version: PTP600 10-00)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/27/2012 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); RADIUS

Multi-chip standalone

"PTP 600 Series Ethernet bridges offer high performance connectivity and backhaul in challenging non-line-of-sight environments. With carrier-grade reliability, PTP 600 links have class-leading sensitivity and power output which enable links to go farther, while sustaining high throughput regardless of conditions. With data rates up to 300 Mbps and reaching distances up to 124 miles, this Series of high-performance and secure wireless bridges make cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers and public safety organizations."
1760 Catbird Networks, Inc.
1800 Green Hills Road
Suite 113
Scotts Valley, CA 95066
USA

-Michael Berman
TEL: 800-673-6775

CST Lab: NVLAP 100432-0

Catbird vSecurity Crypto Module v1.0
(Software Version: v1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/27/2012 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with CentOS 6.0 running on Intel Core i5 with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1922); DRBG (Cert. #166); DSA (Cert. #609); HMAC (Cert. #1157); RNG (Cert. #1010); RSA (Cert. #991); SHS (Cert. #1688); Triple-DES (Cert. #1252); ECDSA (Cert. #274); CVL (Cert. #14)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"Catbird is the industry pioneer in security and compliance for virtualized environments, a four-time Best of Show Finalist at VMworld and a Gartner Group Cool Vendor 2011. Catbird's comprehensive protection includes monitoring and enforcement of PCI, NIST, HIPAA, FISMA, DIACAP and other requirements in virtual environments. Maintaining regulatory and corporate compliance in the new data center and eliminating uncertainty over secure virtualization, Catbird's protection keeps Tier-1 application deployment plans on track."
1759 Cummings Engineering Consultants, Inc.
145 S. 79th St.
Suite 26
Chandler, AZ 85226
USA

-Darren Cummings
TEL: 480-809-6024

CST Lab: NVLAP 100432-0

Cummings Engineering's Secure Mobility Suite B Crypto Module
(Software Version: v1.0 or v1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/27/2012;
04/19/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with Android 2.2 running on Qualcomm QSD 8250 (ARMv7) with NEON; Linux 3.0.4 running on TI OMAP 3 (ARMv7) with NEON; Ubuntu 10.04 running on Intel Pentium; Fedora 14 running on Intel Core i5 with AES-NI; Windows 7 running on Intel Core i5 with AES-NI; Windows 7 running on Intel Celeron; Android 2.2 running on Intel Pentium; Android 2.2 running on Intel Core i5 with AES-NI: Apple OS X 10.7 running on Intel Core i7-3615QM; Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1916 and #2373); DRBG (Certs. #161 and #309); DSA (Certs. #607 and #744); HMAC (Certs. #1151 and #1475); RNG (Certs. #1007 and #1178); RSA (Certs. #984 and #1228); SHS (Certs. #1681 and #2045); Triple-DES (Certs. #1246 and #1484); ECDSA (Certs. #272 and #391); CVL (Certs. #13 and #64)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"Cummings Engineering is a leading provider of mobility innovation providing state-of-the art advanced cryptography and enterprise solutions in both commercial and government markets. Cummings Engineering has multiple patents/patents-pending in the secure communications domain and has made breakthroughs around MDM, Secure Smartphones, and more. Cummings Engineering is committed to providing best-in-class products and services to protect the privacy and data of US Citizens."
1758 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module
(Software Version: 2.1)

(When operated in FIPS mode and when obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/27/2012;
10/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1226, #1227, #1231 and #1232); AES (Certs. #1887, #1888, #1889, #1893, #1894 and #1895); DSA (Certs. #592, #593, #597 and #598); SHS (Certs. #1658, #1659, #1663 and #1664); RNG (Certs. #989, #990, #994 and #995); RSA (Certs. #964, #965, #969 and #970); HMAC (Certs #1129, #1130, #1134 and #1135)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library version 1.0.0-20.el6 delivered with RHEL 6.2."
1757 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Irina Boverman
TEL: 978-392-1000
FAX: 978-392-1001

TEL: 919-754-3700
FAX: 919-754-3701

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 Libgcrypt Cryptographic Module
(Software Version: 2.1)

(When operated in FIPS mode and when obtained, installed and initialized as assumed by the Crypto Officer role and specified in Section 9.1 of the provided Security Policy. The Security Policy specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the module if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/27/2012;
10/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1886, #1890, #1891 and #1892); Triple-DES (Certs. #1225, #1228, #1229 and #1230); SHS (Certs. #1657, #1660, #1661 and #1662); RSA (Certs. #963, #966, #967 and #968); DSA (Certs. #591, #594, #595 and #596); HMAC (Certs. #1128, #1131, #1132 and #1133); RNG (Certs. #988, #991, #992 and #993)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library version 1.4.5-9.e16 delivered with RHEL 6.2."
1756 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

NetScreen-ISG 1000 [1] and NetScreen-ISG 2000 [2]
(Hardware Versions: [NS-ISG-1000, NS-ISG-1000-DC, NS-ISG-1000B and NS-ISG-1000B-DC] [1] and [(NS-ISG-2000, NS-ISG-2000-DC, NS-ISG-2000B and NS-ISG-2000B-DC) with 1, 2, 3 or 4 FE8 Interface Cards][2] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/27/2012;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #1058); AES (Cert. #1617); DSA (Cert. #504); SHS (Cert. #1426); RNG (Cert. #865); RSA (Cert. #795); HMAC (Cert. #948); ECDSA (Cert. #202)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5

Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1755 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

NetScreen-5200 [1] and Netscreen-5400 [2]
(Hardware Versions: [(NS-5200 [1] with one NS-5000-8G2) and (NS-5400 [2] with one to three NS-500-8G2)] with (NS-5000-MGT2 or NS-5000-MGT3) and JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/27/2012;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #1059); AES (Cert. #1618); DSA (Cert. #505); SHS (Cert. #1427); RNG (Cert. #866); RSA (Cert. #796); HMAC (Cert. #949); ECDSA (Cert. #203)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5

Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1754 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200556-0

FortiOS™
(Firmware Version: 4.0 MR3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 07/17/2012 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: FortiGate 3950B

-FIPS Approved algorithms: AES (Certs. #1856 and #1857); Triple-DES (Certs. #1203 and #1204); HMAC (Certs. #1103 and #1104); SHS (Certs. #1633 and #1634); RSA (Cert. #939); RNG (Cert. #974)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)

Multi-chip standalone

"The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
1753 Utimaco Safeware AG
Germanusstr. 4
Aachen, 52080
Germany

-Dr. Gesa Ott
TEL: +49 241-1696-200
FAX: +49 241-1696-199

CST Lab: NVLAP 100432-0

SafeGuard® CryptoServer Se
(Hardware Version: P/N CryptoServer Se, Version 3.00.3.1; Firmware Version: 1.0.1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/24/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1711); DRBG (Cert. #141); ECDSA (Cert. #221); HMAC (Cert. #990); RSA (Certs. #841 and #842); SHS (Certs. #1498, #1597 and #1598); Triple-DES (Cert. #1101); Triple-DES MAC (Triple-DES Cert. #1101, vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1711, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1101, key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES; MD5; DSA (non-compliant); MDC-2; RIPEMD-160; Retail-TDES MAC (non-compliant); AES MAC (AES Cert. #1711; non-compliant)

Multi-chip embedded

"SafeGuard® CryptoServer Se is an encapsulated, protected hardware security module which provides secure cryptographic services like encryption or decryption (for various cryptographic algorithms like Triple-DES, RSA and AES), hashing, signing, and verification of data (RSA, ECDSA), random number generation, on-board secure key generation, key storage and further key management functions in a tamper-protected environment. The module is optionally available with or without RSA Crypto Accelerator."
1752 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Versions: P/Ns 5185912Y01, 5185912Y03 or 5185912Y05; Firmware Versions: [D01.03.08, D01.03.10, R07.11.08, R07.11.10, R07.11.11, R07.11.12, R01.03.13 or R01.04.07] and [R01.00.00 or (R01.00.00 and R02.00.00)])

(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2012;
07/18/2012
12/12/2012;
01/10/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1751 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Versions: P/Ns 5185912Y01, 5185912Y03 or 5185912Y05; Firmware Versions: [D01.03.08, D01.03.10, R07.11.08, R07.11.10, R07.11.11, R07.11.12, R01.03.13 or R01.04.07] and [R01.00.00 or (R01.00.00 and R02.00.00)])

(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2012;
07/18/2012;
12/12/2012;
01/10/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #819 and #1295); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1750 Athena Smartcard, Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

-Ste´phanie Motre´
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0

IDProtect Key with LASER PKI
(Hardware Version: Inside Secure AT90SC25672RCT-USB Rev. D packaged in TIDPTMINI72 and TIDPUSBV2J; Firmware Version: Athena IDProtect 0106.0130.0401 with LASER PKI Applet 3.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/17/2012;
04/12/2013;
05/28/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1749 Athena Smartcard, Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

-Ste´phanie Motre´
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0

IDProtect Duo with LASER PKI
(Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: Athena IDProtect 010E.1245.0002 with LASER PKI Applet 3.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/17/2012;
04/12/2013;
05/28/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1748 Vocality International Ltd
Lydling Barn, Puttenham Lane
Shackleford, Surrey GU8 6AP
United Kingdom

-Martin Saunders
TEL: +44 1483 813130
FAX: +44 1483 813121

CST Lab: NVLAP 100432-0

BASICS IP PC104
(Hardware Versions: 68551-01-1/68551C6; Firmware Version: 08_42.05)

(When configured in FIPS mode as specified in Section 8 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1734); DSA (Cert. #540); ECDSA (Cert. #226); RSA (Cert. #857); RNG (Cert. #923); HMAC (Cert. #1010); SHS (Cert. #1518); Triple-DES (Cert. #1123)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip embedded

"The BASICS IP PC104 unit is a high-performance 10/100base-T Router which incorporates a cryptographic module. It provides 3 independently routable subnets; one for the uplink port, one for the downlink port and one for the four Ethernet switch ports which are also IEEE802.1q VLAN and Power-over-Ethernet (PoE) capable. It can also bridge network traffic to the uplink port from any IP device connected to its Downlink port. It may be used as a simple switch or a sophisticated secure multiprotocol IP router and can also power a group of SIP VoIP phones."
1747 OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD 21710
USA

-Steve Marquess
TEL: 877-673-6775

CST Lab: NVLAP 100432-0

OpenSSL FIPS Object Module
(Software Version: 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7 or 2.0.8)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/27/2012;
07/09/2012;
07/18/2012;
10/24/2012;
01/22/2013;
02/06/2013;
02/22/2013
02/28/2013;
03/28/2013;
05/16/2013;
06/14/2013;
08/16/2013;
08/23/2013;
11/08/2013;
12/20/2013;
06/27/2014;
07/03/2014;
09/02/2014;
09/12/2014;
10/16/2014
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android 2.2 (gcc Compiler Version 4.4.0); Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0); Microsoft Windows 7 (32 bit) (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00); uCLinux 0.9.29 (gcc Compiler Version 4.2.1); Fedora 14 running on Intel Core i5 with AES-NI (gcc Compiler Version 4.5.1); HP-UX 11i (32 bit) (HP C/aC++ B3910B); HP-UX 11i (64 bit) (HP C/aC++ B3910B); Ubuntu 10.04 (32 bit) (gcc Compiler Version 4.1.3); Ubuntu 10.04 (64 bit) (gcc Compiler Version 4.1.3); Android 3.0 (gcc Compiler Version 4.4.0); Linux 2.6.27 (gcc Compiler Version 4.2.4); Microsoft Windows 7 (64 bit) (Microsoft C/C++ Optimizing Compiler Version 16.00); Ubuntu 10.04 running on Intel Core i5 with AES-NI (32 bit) (gcc Compiler Version 4.1.3); Linux 2.6.33 (gcc Compiler Version 4.1.0); Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0); VxWorks 6.8 (gcc Compiler Version 4.1.2); Linux 2.6 (gcc Compiler Version 4.3.2); Linux 2.6.32 (gcc Compiler Version 4.3.2); Oracle Solaris 10 (32 bit) (gcc Compiler Version 3.4.3); Oracle Solaris 10 (64 bit) (gcc Compiler Version 3.4.3); Oracle Solaris 11(32 bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 (64 bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (32 bit) (gcc Compiler Version 4.5.2); Oracle Solaris 11 running on Intel Xeon 5675 with AES-NI (64 bit) (gcc Compiler Version 4.5.2); Oracle Linux 5 (64 bit) (gcc Compiler Version 4.1.2); CascadeOS 6.1 (32 bit) (gcc Compiler Version 4.4.5); CascadeOS 6.1 (64 bit) (gcc Compiler Version 4.4.5); Oracle Linux 5 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.1.2); Oracle Linux 6 (gcc Compiler Version 4.4.6); Oracle Linux 6 running on Intel Xeon 5675 with AES-NI (gcc Compiler Version 4.4.6); Oracle Solaris 11 (32 bit) (Sun C Version 5.12); Oracle Solaris 11 (64 bit) (Sun C Version 5.12); Android 4.0 (gcc Compiler Version 4.4.3); Apple iOS 5.1 (gcc Compiler Version 4.2.1); Microsoft Windows CE 6.0 (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM); Microsoft Windows CE 5.0 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM); Linux 2.6 (gcc Compiler Version 4.1.0); DSP Media Framework 1.4 (TMS320C6x C/C++ Compiler v6.0.13); Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3); NetBSD 5.1 (gcc Compiler Version 4.1.3); Microsoft Windows 2008 running on Intel Xeon E3-1220v2 (32-bit under vSphere) (Microsoft 32-bit C/C++ Optimizing Compiler Version 16.00 for 80x86); Microsoft Windows 2008 running on Intel Xeon E3-1220v2 (64-bit under vSphere) (Microsoft C/C++ Optimizing Compiler Version 16.00 for x64); RHEL 6 running on Intel Xeon E3-1220v2 (32-bit under vSphere) (gcc Compiler Version 4.4.6); RHEL 6 running on Intel Xeon E3-1220v2 (64-bit under vSphere) (gcc Complier Version 4.4.6); Microsoft Windows 7 running on Intel Core i5-2430M (64-bit) with AES-NI (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64); Android 4.1 running on TI DM3730 (ARMv7) (gcc Compiler Version 4.6); Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6); Android 4.2 running on Nvidia Tegra 3 (ARMv7) (gcc Compiler Version 4.6); Android 4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version 4.6); Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720); Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720); Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3); VMware Horizon Mobile 1.3 under VMware running on Qualcomm MSM8X60 (ARMv7) with NEON (gcc Compiler Version 4.4.6); Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2); Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1); OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3); QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3); Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1); eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2); VMware Horizon Workspace 1.5 under vSphere running on Intel Xeon E3-1220 (gcc Compiler Version 4.5.1); VMware Horizon Workspace 1.5 under vSphere running on Intel Xeon E3-1220 with AES-NI (gcc Compiler Version 4.5.1); Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) (gcc Compiler Version 4.7.3); Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3); Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3); Linux 3.4 64-bit under Citrix XenServer running on Intel Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.8.0); Linux 3.4 64-bit under Citrix XenServer running on Intel Xeon E5-2430L (x86) with AES-NI(gcc Compiler Version 4.8.0); Linux 3.4 64-bit under VMware ESX running on Intel Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.8.0); Linux 3.4 64-bit under VMware ESX running on Intel Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.8.0); Linux 3.4 64-bit under Microsoft Hyper-V running on Intel Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.8.0); Linux 3.4 64-bit under Microsoft Hyper-V running on Intel Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.8.0); iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without NEON (gcc Compiler Version 4.2.1); iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with NEON (gcc Compiler Version 4.2.1); PexOS 1.0 under vSphere running on Intel Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.6.3); PexOS 1.0 under vSphere running on Intel Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.6.3); Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1); AcanOS 1.0 running on Intel Core i7-3612QE (x86) without AES-NI (gcc Compiler Version 4.6.2); AcanOS 1.0 running on Intel Core i7-3612QE (x86) with AES-NI (gcc Compiler Version 4.6.2); AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3); FreeBSD 8.4 running on Intel Xeon E5440 (x86) without AES-NI (gcc Compiler Version 4.2.1); FreeBSD 9.1 running on Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.2.1); FreeBSD 9.1 running on Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.2.1); ArbOS 5.3 running on Xeon E5645 (x86) without AES-NI (gcc Compiler Version 4.1.2); Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5); Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5); ArbOS 5.3 running on Xeon E5645 (x86) with AES-NI (gcc Compiler Version 4.1.2); FreeBSD 9.2 running on Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.2.1); FreeBSD 9.2 running on Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.2.1); FreeBSD 10.0 running on Xeon E5-2430L (x86) without AES-NI (clang Compiler Version 3.3); FreeBSD 10.0 running on Xeon E5-2430L (x86) with AES-NI (clang Compiler Version 3.3); FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824 and #2929); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485 and #540); DSA (Certs. #589, #661, #693, #734, #748, #764, #853 and #870); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768 and #1856); RNG (Certs. #985, #1087, #1119, #1166, #1186, #1202, #1278 and #1292); RSA (Certs. #960, #1086, #1145, #1205, #1237, #1273, #1477 and #1535); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368 and #2465); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695 and #1742); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496 and #528); CVL (Certs. #10, #12, #24, #36, #49, #53, #71, #85, #260 and #331)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"The OpenSSL FIPS Object Module 2.0 is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications."
1746 Thales-eSecurity Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5]
(Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-500 [4] and nC4033P-500N [5], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012;
03/08/2013;
08/16/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3 +EFP
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 4000, nShield F3 2000, nShield F3 2000 for netHSM, nShield F3 500, and nShield F3 500 for netHSM family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1745 Vormetric Inc.
2545 N. 1st Street
San Jose, CA 95131-1003
USA

-Mike Yoder
TEL: 408-433-6059
FAX: 408-844-8638

-Richard Gorman
TEL: 408-433-6000
FAX: 408-844-8638

CST Lab: NVLAP 200002-0

Vormetric Data Security Server Module
(Hardware Version: 1.0; Firmware Version: 4.4.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1838); Triple-DES (Cert. #1192); SHS (Cert. #1620); HMAC (Cert. #1093); RSA (Cert. #928); RNG (Cert. #965)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Vormetric Data Security Server is a multi-chip standalone cryptographic module. The Vormetric Data Security Server is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Encryption Expert Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module."
1744 Thales-eSecurity Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3]
(Hardware Versions: nC4031Z-10 [1], nC3021U-10 [2] and TSMC200 [3], Build Standard N; Firmware Versions: 2.50.17-2 and 2.51.10-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2012;
08/16/2013;
10/25/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1770); Triple-DES (Cert. #1146); HMAC (Cert. #1039); Triple-DES MAC (Triple-DES Cert. #1146, vendor affirmed); SHS (Cert. #1554); DSA (Cert. #553); ECDSA (Cert. #238); RSA (Cert. #886); DRBG (Cert. #120); CVL (Cert. #6)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
1743 Thales-eSecurity Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F2 6000e [1], nShield F2 1500e [2], nShield F2 500e [3] and nShield F2 10e [4]
(Hardware Versions: nC3023E-6K0 [1], nC3023E-1K5 [2], nC3023E-500 [3] and nC3023E-010 [4], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012;
03/08/2013;
08/16/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1742 Thales-eSecurity Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7]
(Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Versions: 2.50.16-3 and 2.51.10-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012;
03/08/2013;
08/16/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1741 Thales-eSecurity Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F3 500 [1], nShield F3 500 for NetHSM [2] and nShield F3 10 PCI [3]
(Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3], Build Standard N; Firmware Versions: 2.50.16-3 and 2.51.10-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012;
03/08/2013;
08/16/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield F3 10 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1740 Thales-eSecurity Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F2 500 [1] and nShield F2 10 PCI [2]
(Hardware Versions: nC3023P-500 [1] and nC3023P-10 [2], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012;
03/08/2013;
08/16/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1739 Thales-eSecurity Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

MiniHSM [1], MiniHSM for nShield Edge [2] and MiniHSM for Time Stamp Master Clock [3]
(Hardware Versions: nC4031Z-10 [1], nC4031U-10 [2] and TSMC200 [3], Build Standard N; Firmware Versions: 2.50.17-3 and 2.51.10-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2012;
08/16/2013;
10/25/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1770); Triple-DES (Cert. #1146); HMAC (Cert. #1039); Triple-DES MAC (Triple-DES Cert. #1146, vendor affirmed); SHS (Cert. #1554); DSA (Cert. #553); ECDSA (Cert. #238); RSA (Cert. #886); DRBG (Cert. #120); CVL (Cert. #6)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The MiniHSM, MiniHSM for nShield Edge and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
1738 Thales-eSecurity Inc.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-sales@ncipher.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nToken
(Hardware Version: nC2023P-000, Build Standard N; Firmware Version: 2.50.16-2)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2012 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Cert. #1579); HMAC (Cert. #925); SHS (Cert. #1398); DSA (Cert. #487); DRBG (Cert. #72)

-Other algorithms: N/A

Multi-chip embedded

"The nToken Hardware Security Module improves the security of cryptographic keys, security sensitive software applications and increases server throughput of secure transactions in Public Key Infrastructure and other high integrity applications such as: Certificate Authorities, Registration Authorities, Government and Financial Institutions."
1737 Thales-eSecurity Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F2 4000 [1], nShield F2 2000 [2] and nShield F2 500 [3]
(Hardware Versions: nC3023P-4K0 [1], nC3023P-2K0 [2] and nC3023P-500 [3], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/25/2012;03/08/2013;
08/16/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1736 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Wendi Ittah
TEL: 703-399-0535

CST Lab: NVLAP 200928-0

ProxySG 600-10 [1], 600-20 [2] and 600-35 [3]
(Hardware Versions: 090-02911 [1], 090-02912 [1], 090-02913 [2], 090-02914 [2], 090-02915 [3] and 090-02916 [3] with FIPS kit 085-02762; Firmware Versions: 6.1 or 6.1.5.5)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/21/2012;
07/24/2012;
08/07/2012;
01/04/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #105 and #1875); Triple-DES (Certs. #217 and #1218); RSA (Cert. #956); SHS (Cert. #1648); HMAC (Cert. #1120); DRBG (Cert. #153)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet) and to provide acceleration and compression of transmitted data. ProxySG 600 is one of several appliance lines offered by Blue Coat"
1735 IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0

IBM® z/VM® Version 6 Release 1 System SSL Cryptographic Module
(Hardware Version: z10 CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863; Software Version: 573FAL00: z/VM 6.1 with APAR PM43382)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 06/25/2012 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with IBM System z10 (TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #976 and #1873); Triple-DES (Certs. #769 and #1217); DSA (Cert. #586); RSA (Cert. #953); SHS (Certs. #946 and #1646); HMAC (Cert. #1117); RNG (Cert. #982)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2

Multi-chip standalone

"z/VM System SSL provides cryptographic functions which allows z/VM to protect data using the SSL/TLS protocols. z/VM System SSL also enables administrators to create and manage X.509 V3 certificates and keys within key database files."
1734 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation S250/D250
(Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Version: 4.0.0)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/21/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1733 Thales-eSecurity Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7]
(Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/20/2012;
03/08/2013;
08/16/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #397 and #1579); Triple-DES (Certs. #435 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strengh; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1732 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Gorczyca

CST Lab: NVLAP 200556-0

Symantec Enterprise Vault Cryptographic Module
(Software Version: 1.0.0.2)

(When operated in FIPS mode with module Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1012 operating in FIPS mode or Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/20/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003; Microsoft Windows Server 2008 R2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #818 and #1168); Triple-DES (Certs. #691 and #846); RSA (Certs. #395, #559 and #568); SHS (Certs. #816 and #1081); HMAC (Certs. #452 and #687); RNG (Cert. #470); DRBG (Cert. #23)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ANSI X9.31 RSA key-pair generation (non-compliant); ANSI X9.31 RSA signature verification (non-compliant); RC2; RC4; MD5; MD2; MD4; DES

Multi-chip standalone

"Symantec Enterprise Vault Cryptographic Module is a multi-chip standalone physical embodiment. The module consists of a DLL which interfaces with the Microsoft Cryptographic API to provide the required cryptographic functionality. The Enterprise Vault Cryptographic Module may be used for encryption/decryption of Enterprise Vault passwords, hashing of indexes, and random number generation."
1731 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

SSG 320M and SSG 350M
(Hardware Versions: [SSG-320M-SB, SSG-320M-SH, SSG-320M-SB-TAA, SSG-320M-SH-TAA, SSG-320M-SB-DC-N-TAA, SSG-320M-SH-DC-N-TAA, SSG-350M-SB, SSG-350M-SH, SSG-350M-SB-TAA, SSG-350M-SH-TAA, SSG-350M-SB-DC-N-TAA and SSG-350M-SH-DC-N-TAA] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/12/2012;
07/24/2012;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #1062); AES (Cert. #1621); DSA (Cert. #508); SHS (Cert. #1430); RNG (Cert. #869); RSA (Cert. #799); HMAC (Cert. #952); ECDSA (Cert. #206)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5

Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1730 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks SSG 520M and SSG 550M
(Hardware Versions: [SSG-520M-SH, SSG-520M-SH-N, SSG-520M-SH-DC-N, SSG-520M-N-TAA, SSG-520M-SH-DC-N-TAA, SSG-550M-SH, SSG-550M-SH-N, SSG-550M-SH-DC-N, SSG-550M-N-TAA and SSG-550M-SH-DC-N-TAA] with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/12/2012;
07/24/2012;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #1063); AES (Cert. #1622); DSA (Cert. #509); SHS (Cert. #1431); RNG (Cert. #870); RSA (Cert. #800); HMAC (Cert. #953); ECDSA (Cert. #207)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5

Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1729 Certicom Corp.
4701 Tahoe Blvd.
Building A
Mississauga, Ontario L4W 0B5
Canada

-Kris Orr
TEL: 905-507-4220

-Certicom Eastern US Sales Office
TEL: 703-234-2357
FAX: 703-234-2356

CST Lab: NVLAP 200928-0

Security Builder® FIPS Module
(Software Versions: 6.0 and 6.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/08/2012;
10/31/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with QNX Neutrino 6.6; QNX Neutrino 6.5; Red Hat Linux AS 5.6; Windows 7 Enterprise 64 bit; Windows Phone 8.0; Android 4.4.2; Android 4.0.4; iOS version 6.1.4 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1159 and #1773); AES (Certs. #1789 and #3029); SHS (Certs. #1571 and #2530); HMAC (Certs. #1054 and #1914); RNG (Certs. #949 and #1310); DRBG (Certs. #127 and #579); DSA (Certs. #563 and #891); ECDSA (Certs. #242 and #553); RSA (Certs. #894 and #1574); KAS (Certs. #25 and #50); CVL (Certs. #7 and #367)

-Other algorithms: DES; DESX; AES CCM* (non-compliant); AES-XCBC-MAC (non-compliant); AES EAX (non-compliant); AES MMO (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECPVS; ECIES; ECSPEKE; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides less than 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1728 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Jennifer Gilbert
TEL: 703-484-0168

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL , WS-SUP720-3B, VS-S 720 10G-3C, or VS-S 720 10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K9=, WS-SVC-WISM2-5-K9=, WS-SVC-WISM2-3-K9=, WS-SVC-WISM2-1-K9=, WS-SVC-WISM2-5-K9, WS-SVC-WISM2-3-K9 or WS-SVC-WISM2-1-K9]; Firmware Versions: [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2.33.SXJ; WiSM2: 7.0.116.0)

(When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/01/2012;
06/21/2012
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1727 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba 620, 650 and Dell W-620, W-650 Controllers with ArubaOS FIPS Firmware
(Hardware Versions: 620-F1 [1], 620-USF1 [1], 650-F1 [1], 650-USF1 [1], W-620-F1 [2], W-620-USF1 [2], W-650-F1 [2], W-650-USF1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6xx_6.1.2.3-FIPS [1] and Dell_PCW_6xx_6.1.2.3-FIPS [2] or ArubaOS_6xx_6.1.4.1-FIPS [1] and Dell_PCW_6xx_6.1.4.1-FIPS [2] or ArubaOS_6xx_6.1.4.5-FIPS [1] and Dell_PCW_6xx_6.1.4.5-FIPS [2] or ArubaOS_6xx_6.1.4.7-FIPS [1] and Dell_PCW_6xx_6.1.4.7-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/24/2012;
01/24/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #779, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #426, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #781, #1627, #1629 and #1631); Triple-DES (Certs. #673, #1198 and #1201)

-Other algorithms: DES; HMAC-MD5; MD5; NDRNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform."
1726 Voltage Security, Inc.
20400 Stevens Creek Blvd.
Cupertino, CA 95014
USA

-Luther Martin
TEL: 650-543-1280
FAX: 650-543-1279

CST Lab: NVLAP 200802-0

Voltage IBE Cryptographic Module for z/OS
(Hardware Version: Crypto Express2 card (CEX2C) [a separately configured version of 4764-001 (P/N 12R6536)]; Software Version: 4.0; Firmware Version: 4764-001(2096a16d))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 05/31/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with IBM System z10 with z/OS PUT1106 / RSU1108

-FIPS Approved algorithms: AES (Cert. #1812); Triple-DES (Cert. #1168); DSA (Cert. #568); SHS (Cert. #1590); RNG (Cert. #955); RSA (Cert. #908); HMAC (Cert. #1069); DRBG (Cert. #139)

-Other algorithms: NDRNG; IBE; FFX; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); DES

Multi-chip standalone

"The Voltage IBE Cryptographic Module for z/OS Version 4.0 is a FIPS 140-2 Level 1 compliant software-hybrid module that provides encrypt/decrypt and cryptographic signature services for Internet Protocol (IP) traffic."
1725 Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

-Hasbi Kabacaoglu
TEL: +49-3303-525-656
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0

Postal mRevenector DE 2011
(Hardware Version: 580036020300/01; Firmware Versions: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001; FRANKIT-Application: 90.0036.0204.00/2011515001)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/29/2012;
01/22/2013
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"The Francotyp-Postalia Postal mRevenector DE 2011 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector DE 2011 has been designed in compliance with the Deutsche Post (DPAG), FRANKIT Specification."
1724 Hughes Network Systems, LLC.
11717 Exploration Lane
Germantown, MD 20876
USA

-Tim Young
TEL: 301-428-1632

CST Lab: NVLAP 200427-0

Hughes SPACEWAY Crypto Kernel
(Firmware Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 05/23/2012 Overall Level: 1 

-Tested: ST HN9500 with VxWorks 5.4; AGW2 with VxWorks 5.4; AGW5 with VxWorks 5.4

-FIPS Approved algorithms: AES (Cert. #1788); DRBG (Cert. #126); HMAC (Cert. #1053); SHS (Cert. #1570)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"The HSCK v1.0 is a firmware library that provides cryptographic functionality for securing communications over the Hughes SPACEWAY Satellite communication systems. SPACEWAY enables a full-mesh digital network that interconnects with a wide range of end-user equipment and systems."
1723 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

SSG 140
(Hardware Versions: (SSG-140-SB and SSG-140-SH) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: ScreenOS 6.3r6)

(When operated in FIPS mode with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/23/2012;
07/24/2012;
12/11/2013
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #1060); AES (Cert. #1619); DSA (Cert. #506); SHS (Cert. #1428); RNG (Cert. #867); RSA (Cert. #797); HMAC (Cert. #950); ECDSA (Cert. #204)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; DES; MD5

Multi-chip standalone

"Juniper Networks integrated security devices are purpose-built to perform essential networking security functions designed on top of robust networking and security real-time operating systems, ScreenOS. These are high-performance platforms that deliver integrated security and LAN/WAN routing across high-density LAN/WAN interfaces, Juniper Networks integrated security devices address the needs of small to medium sized locations, large distributed enterprises, and service providers as well as large and co-located datacenters."
1722 Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0

Postal mRevenector US 2011
(Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001; IBIP Application: 90.0036.0203.00/2011485001)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/23/2012;
01/22/2013
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); ECDSA (Cert. #184); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG

Multi-chip embedded

"The Francotyp-Postalia Postal mRevenector US 2011 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector US 2011 has been designed in compliance with the United States Postal Services (USPS), Information-Based Indicia Program (IBIP)."
1721 Vormetric Inc.
2545 N. 1st Street
San Jose, CA 95131-1003
USA

-Mike Yoder
TEL: 408-433-6059
FAX: 408-844-8638

-Richard Gorman
TEL: 408-433-6000
FAX: 408-844-8638

CST Lab: NVLAP 200002-0

Vormetric Encryption Expert Cryptographic Module
(Software Version: 4.4.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 05/23/2012;
06/05/2012
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows 2003 32-bit; Windows 2008 64-bit; Solaris 10 64-bit; Redhat Linux 5.7 64-bit; HPUX 11i v3 64-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1820); Triple-DES (Cert. #1173); SHS (Cert. #1596); HMAC (Cert. #1075)

-Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services."
1720 Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0

mRevenector 2011
(Hardware Version: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Software-Loader: 90.0036.0206.00/2011485001)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/23/2012 Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); HMAC (Cert. #878); RSA (Cert. #732); SHS (Cert. #1346)

-Other algorithms: NDRNG

Multi-chip embedded

"mRevenector2011 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the mRevenector2011 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
1719 Green Hills Software
30 W Sola Street
Santa Barbara, CA 93101
USA

-David Sequino
TEL: 206-310-6795
FAX: 978-383-0560

-Douglas Kovach
TEL: 727-781-4909
FAX: 727-781-3915

CST Lab: NVLAP 200427-0

INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit
(Software Version: 1.0.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/22/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with RHEL 5; Green Hills Software INTEGRITY OS v5.0.11 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1762); ECDSA (Cert. #235); HMAC (Cert. #1033); RNG (Cert. #939); RSA (Cert. #878); SHS (Cert. #1546)

-Other algorithms: ARCFour; DES; Diffie-Hellman; EC Diffie-Hellman; ECMQV; DSA (non-compliant); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (non-compliant)

Multi-chip standalone

"Green Hills Software, Integrity Security Services (ISS) High Assurance Embedded Cryptographic Toolkit (HA-ECT) is a standards-based, flexible cryptographic toolkit providing developers with a software framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. The ISS HA-ECT FIPS Module is designed to support multiple cryptographic software and hardware providers with a single common API, easily targeted to a variety operating systems."
1718 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks LN1000 Mobile Secure Router
(Hardware Version: LN1000-V with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 11.2S4)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/07/2012;
12/11/2013
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1269 and #1270); AES (Certs. #1956 and #1957); DSA (Cert. #624); SHS (Certs. #1715 and #1716); RNG (Cert. #1028); RSA (Cert. #1013); HMAC (Certs. #1178 and #1179)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"Juniper Networks LN1000 Mobile Secure Router is an edge access router that delivers a high-performance routing firewall and intrusion detection service (IDS). The LN1000 addresses the growing demand for a network access presence in military, first responder and transportation vehicles, mining and exploration equipment, unmanned aircraft, and power grids."
1717 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst 6506-E [1], Catalyst 6509-E [2] and Catalyst 6513-E [3] Switches with Supervisor Cards (VS-S2T-10G or VS-S2T-10G-XL) and Line Cards (WS-X6908-10G or WS-X6908-10G-2TXL)
(Hardware Version: 6506-E -M0 [1], 6509-E -N0 [2], 6513-E -S0 [3], Supervisor Card VS-S2T-10G -B0, Supervisor Card VS-S2T-10G-XL -C0, Line Card WS-X6908-10G -A0, Line Card WS-X6908-10G-2TXL version -B0 and FIPS kit packaging (CVPN6500FIPS/KIT=); Firmware Version: 15.0(1)SY2)

(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/03/2012;
12/21/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1426, #1427 and #1816); DRBG (Cert. #140); HMAC (Cert. #1072); RSA (Cert. #911); SHS (Cert. #1593); Triple-DES (Cert. #1171)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1816, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"The Catalyst 6500 series switches offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco switches easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1716

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/02/2012 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1715 Hewlett-Packard Development Company, L.P.
2344 Boulevard Alfred-Nobel
St-Laurent, Québec H4S 0A4
Canada

-Gilbert Moineau
TEL: 514-920-4250

CST Lab: NVLAP 200002-0

HP MSM430 Dual Radio 802.11N TAA AP [1], HP MSM430 Dual Radio 802.11N AP (WW) [2], HP MSM430 Dual Radio 802.11N AP (JP) [3], HP MSM460 Dual Radio 802.11N TAA AP [4], HP MSM460 Dual Radio 802.11N AP (WW) [5], HP MSM460 Dual Radio 802.11N AP (JP) [6], HP MSM466 Dual Radio 802.11N TAA AP [7], HP MSM466 Dual Radio 802.11N AP (WW) [8] and HP MSM466 Dual Radio 802.11N AP (JP) [9]
(Hardware Versions: J9654A [1], J9651A [2], J9652A [3], J9655A [4], J9591A [5], J9589A [6], J9656A [7], J9622A [8] and J9620A [9] with FIPS kit J9740A; Firmware Version: 5.6.0)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/03/2012 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1823 and #1840); Triple-DES (Cert. #1176); SHS (Cert. #1602); HMAC (Cert. #1078); RNG (Cert. #960); RSA (Cert. #916)

-Other algorithms: Blowfish; MD5; HMAC-MD5; SHA-[224, 256, 384 and 512] (Cert. #1602; non-compliant); HMAC-SHA-[224, 256, 384 and 512] (Cert. #1078; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1840, key wrapping; key establishment methodology provides 128 bits of encryption strength)

Multi-chip standalone

"The MSM430, MSM460 and MSM466 Access Points allow wireless devices to connect to a wired network using Wi-Fi 802.11abgn."
1714 Honeywell Scanning and Mobility (HSM) - USA
700 Visions Dr, PO Box 208
Building A
Skaneateles Falls, NY 13153-0208
USA

-Mike Robinson
TEL: 315-554-6387
FAX: 856-232-2932

-Tom Amundsen
TEL: 856-374-5589
FAX: 856-232-2932

CST Lab: NVLAP 200928-0

Scanning and Mobility FIPS Module
(Firmware Versions: 4.0 B and 4.0 S)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 07/11/2012;
07/12/2012
Overall Level: 1 

-Tested: ARM 920T processor running Hand Held Products BASE firmware 31205423-052 or Hand Held Products Scanner firmware 31205480-025; ARM 926EJ-S processor running Honeywell Xenon 1902 Cordless Base Firmware or Honeywell Xenon 1902 Cordless Scanner firmware

-FIPS Approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Honeywell Scanning and Mobility FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Honeywell Scanning and Mobility FIPS Module is part of the Honeywell Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1713 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 519-886-4839

CST Lab: NVLAP 200928-0

BlackBerry Cryptographic Library
(Software Versions: 2.0.0.10 and 2.0.0.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/03/2012;
01/24/2013
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional 2002 with SP3, 32-bit edition (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1193); AES (Cert. #1839); SHS (Cert. #1621); HMAC (Cert. #1094); RNG (Cert. #966); ECDSA (Cert. #254)

-Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry® is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry® is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry® Cryptographic Library is a software module that provides cryptographic services to many BlackBerry® desktop products such as the BlackBerry® Enterprise Server, BlackBerry® Desktop Software, and many other BlackBerry® products."
1712 Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0

Kanguru Defender 2000
(Hardware Versions: P/Ns KDF2000-2G, KDF2000-4G and KDF2000-8G, Version 1.0; Firmware Version: 2.03.10)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/03/2012;
12/21/2012
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Kanguru Defender 2000 is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device."
1711 Athena Smartcard, Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

-Ste´phanie Motre´
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0

IDProtect with LASER PKI
(Hardware Version: Inside Secure AT90SC28872RCU Rev. G; Firmware Version: Athena IDProtect 010B.0352.0005 with LASER PKI Applet 3.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/30/2012;
04/12/2013;
05/28/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. # 824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. #214); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman; AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 72KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1710 Red Hat, Inc.
1801 Varsity Drive
Raleigh, NC 27606
USA

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

NSS Freebl Cryptographic Module
(Software Version: 3.12.9.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 04/30/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #602); SHS (Cert. #1675)

-Other algorithms: MD2; MD5

Multi-chip standalone

"The NSS Freebl cryptographic module is an open-source, general-purpose cryptographic hash library. It is available for free under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. The NSS Freebl cryptographic module is jointly developed by Red Hat and Oracle engineers and is used in the GNU glibc library. For more information, see http://www.mozilla.org/projects/security/pki/nss/"
1709 Hewlett-Packard TippingPoint
14231 Tandem Blvd
Austin, TX 78728
USA

-Dinesh Vakharia
TEL: 512-432-2628

-Freddie Jimenez Jr.
TEL: 512-432-2907

CST Lab: NVLAP 200427-0

HP TippingPoint Intrusion Prevention System
(Hardware Version: S6100N; Firmware Version: 3.2.1.1639)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/27/2012 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Cert. #1855); HMAC (Cert. #1102); RNG (Cert. #973); RSA (Cert. #938); SHS (Cert. #1632); Triple-DES (Cert. #1202)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength).

Multi-chip standalone

"Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
1708 Thales-eSecurity Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F3 4000 [1], nShield F3 2000 [2], nShield F3 2000 for NetHSM [3], nShield F3 500 [4] and nShield F3 500 for NetHSM [5]
(Hardware Versions: nC4033P-4K0 [1], nC4033P-2K0 [2], nC4033P-2K0N [3], nC4033P-500 [4] and nC4033P-500N [5], Build Standard N; Firmware Versions: 2.50.16-3 and 2.51.10-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/27/2012;
03/08/2013;
08/16/2013
Overall Level: 3 

-Physical Security: Level 3 + EFP

-FIPS Approved algorithms: AES (Cert. #1579); Triple-DES (Certs. #132 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Cert. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1707 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200426-0

FortiMail-3000C
(Hardware Version: C4GY52; Firmware Version: FortiMail 4.0, build0369, 110615)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/12/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1604); Triple-DES (Cert. #1049); RNG (Cert. #860); SHS (Cert. #1417); HMAC (Cert. #940); RSA (Cert. #786)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)

Multi-chip standalone

"The FortiMail family of messaging security appliances provide an effective barrier against the ever-rising volume of spam, maximum protection against sophisticated message based attacks, and features designed to facilitate regulatory compliance. FortiMail appliances offer both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities."
1706 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200426-0

FortiMail™ OS
(Firmware Version: FortiMail 4.0, build0369, 110615)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 04/12/2012 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: FortiMail-3000C

-FIPS Approved algorithms: AES (Cert. #1604); Triple-DES (Cert. #1049); RNG (Cert. #860); SHS (Cert. #1417); HMAC (Cert. #940); RSA (Cert. #786)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant)

Multi-chip standalone

"FortiMail OS is a firmware based operating system that runs exclusively on Fortinet’s FortiMail product family (PC-based, purpose built appliances). FortiMail offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, IP address black/white listing functionality, and extensive quarantine and archiving capabilities."
1705 Thales-eSecurity Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200426-0

nShield F3 500 PCI [1], nShield F3 500 for NetHSM [2] and nShield F3 10 PCI [3]
(Hardware Versions: nC4033P-500 [1], nC4033P-500N [2] and nC4033P-30 [3], Build Standard N; Firmware Versions: 2.50.16-2 and 2.51.10-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/12/2012;
03/08/2013;
08/09/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #962 and #1579); Triple-DES (Certs. #757 and #1035); HMAC (Cert. #925); Triple-DES MAC (Triple-DES Cert. #1035, vendor affirmed); SHS (Cert. #1398); DSA (Cert. #487); ECDSA (Cert. #192); RSA (Certs. #770 and #1092); DRBG (Cert. #72); CVL (Cert. #1)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #1579, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1035, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #1, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield F3 10 family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1704 Juniper Networks, Inc.
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Juniper Networks SRX650 Services Gateways
(Hardware Versions: (SRX650-BASE-SRE6-645AP and SRX650-BASE-SRE6-645DP) with JNPR-FIPS-TAMPER-LBLS; Firmware Version: 11.2S4)

(The tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/05/2012;
12/11/2013
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1271 and #1272); AES (Certs. #1959 and #1960); DSA (Cert. #625); SHS (Certs. #1718 and #1719); RNG (Cert. #1029); RSA (Cert. #1014); HMAC (Certs. #1180 and #1181)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"SRX650 Services Gateways are secure routers that provide essential capabilities that connect, secure, and manage work force locations sized from handfuls to hundreds of users. By consolidating fast, highly available switching, routing, security, and applications capabilities in a single device, enterprises can economically deliver new services, safe connectivity, and a satisfying end user experience. All SRX Series Services Gateways, including products scaled for the branch, campus and data center applications, are powered by Juniper Networks JUNOS the proven"
1703 S&C Electric Company
6601 Northridge Boulevard
Chicago, IL 60626-3997
USA

-Prakash Ramadass
TEL: 510-749-5648
FAX: 510-864-6860

CST Lab: NVLAP 100432-0

IntelliCom WAN 1720
(Hardware Version: IntelliCom WAN 1720; Firmware Version: 1.1.0.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/03/2012 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1114 and #1235); HMAC (Cert. #720); RNG (Cert. #618); RSA (Cert. #592); SHS (Cert. #1133)

-Other algorithms: AES (non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"IntelliCom™ WAN Mesh Node, a wireless high-speed wide-area networking router that combines ultra-high throughput - up to 400 Mbps - with extremely low latencies of less than one millisecond. IntelliCom WAN Mesh Node features 802.11n mesh radio latencies of less than one millisecond. IntelliCom WAN Mesh Node features 802.11n mesh radio unlicensed bands as well as the 4.9-GHz municipal licensed band. This network architecture is selfforming and self-healing; communication is not inhibited by the loss of any single node."
1702 Entrust, Inc.
One Lincoln Centre
5400 LBJ Freeway
Suite 1340
Dallas, TX 75240
USA

-Entrust Sales

CST Lab: NVLAP 100432-0

Entrust Authority™ Security Kernel
(Software Versions: 8.1sp1 and 8.1sp1 R2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/12/2012;
10/18/2013;
05/28/2014
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Windows Server 2008 R2 Enterprise Edition running on Dell Optiplex 755

-FIPS Approved algorithms: AES (Certs. #1923 and #2631); HMAC (Certs. #1158 and #1628); SHS (Certs. #1689 and #2206); DRBG (Certs. #167 and #405); RSA (Certs. #992 and #1345); Triple-DES (Certs. #1253 and #1580); Triple-DES MAC (Triple-DES Cert. #1253, vendor affirmed); CVL (Certs. #15 and #111 and SP 800-135, vendor affirmed, key agreement); RNG (Certs. #1011 and #1244); ECDSA (Certs. #275 and #454); DSA (Certs. #610 and #794)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD5; RMD-160; CAST; CAST3; CAST5; DES; IDEA; RC2; RC4; PAKE; AES-DAC; CAST-DAC; CAST3-DAC; CAST5-DAC; DES-DAC; IDEA-DAC; RC2-DAC

Multi-chip standalone

"By managing the full lifecycles of digital certificate-based identities, Entrust Authority PKI enables encryption, digital signature and certificate authentication capabilities to be consistently and transparently applied across a broad range of applications and platforms."
1701 Apple Inc.
11921 Freedom Drive
Reston, VA 20190
USA

-Shawn Geddis
TEL: 703-264-5103

CST Lab: NVLAP 200002-0

Apple FIPS Cryptographic Module
(Software Version: 1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/30/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1872); DSA (Cert. #585); ECDSA (Cert. #262); HMAC (Cert. #1116); RNG (Cert. #981); RSA (Cert. #952); SHS (Cert. #1645); Triple-DES (Cert. #1216)

-Other algorithms: ASC; Blowfish; CAST; DES; RC2; RC4; RC5; FEE; MD2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant key generation)

Multi-chip standalone

"Apple's OS X Lion (v10.7) security services are now built on a newer 'Next Generation Cryptography' platform and does not use the CDSA/CSP module previously validated. Apple is re-validating the same CDSA/CSP module under OS X Lion to provide validation solely for third-party applications."
1700 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 881W and Cisco 881GW Integrated Services Routers (ISRs)
(Hardware Versions: 881W and 881GW with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: Router Firmware Version: IOS 15.1(3)T2 and AP Firmware Version: 12.4(25d)JA1)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/28/2012;
04/02/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #962, #1535, #1791, #1792 and #1793); DRBG (Cert. #129); HMAC (Certs. #537, #1056 and #1057); RNG (Cert. #950); RSA (Cert. #896); SHS (Certs. #933, #1574 and #1575); Triple-DES (Certs. #757 and #1160)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); AES (Cert. #1791, key wrapping; key establishment methodology provides 128 bits of encryption strength)

Multi-chip standalone

"The Cisco 881W and Cisco 881GW Integrated Services Routers (ISR) provide connectivity and security services in a single, secure device. These routers offer broadband speeds and simplified management to small businesses, and enterprise small branch and teleworkers. The module is also a wireless access point that provide secure wireless access to clients."
1699 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369

CST Lab: NVLAP 200556-0

McAfee EMM Cryptographic Module
(Software Version: 1.0)

(When operated with module Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/28/2012 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 (x64 Version) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1168); HMAC (Cert. #687); SHS (Cert. #1081)

-Other algorithms: N/A

Multi-chip standalone

"The McAfee EMM Cryptographic Module provides cryptographic operations for McAfee Enterprise Mobility Manager, an enterprise class security solution which provides centralized mobile device management, provisioning, security, support, and auditing."
1698 Hitachi Solutions, Ltd.
4-12-7, Higashishinagawa
Shinagawa-ku, Tokyo 140-0002
Japan

-Applied Security Development Department
TEL: +81-3-5780-2111

CST Lab: NVLAP 200835-0

HIBUN Cryptographic Module for Pre-boot
(Software Version: 1.0 Rev. 2)

Validated to FIPS 140-2

JCMVP Cert. #J0017

Security Policy

Consolidated Validation Certificate

Software 03/28/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Pre-boot 16-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1779); SHS (Cert. #1561); HMAC (Cert. #1044)

-Other algorithms: N/A

Multi-chip standalone

"HIBUN Cryptographic Module for Pre-boot is the cryptographic library module which operates on the Pre-boot environment."
1697 Hitachi Solutions, Ltd.
4-12-7, Higashishinagawa
Shinagawa-ku, Tokyo 140-0002
Japan

-Applied Security Development Department
TEL: +81-3-5780-2111

CST Lab: NVLAP 200835-0

HIBUN Cryptographic Module for Kernel-Mode
(Software Version: 1.0 Rev. 2)

Validated to FIPS 140-2

JCMVP Cert. #J0016

Security Policy

Consolidated Validation Certificate

Software 03/28/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1787); SHS (Cert. #1569); HMAC (Cert. #1052)

-Other algorithms: N/A

Multi-chip standalone

"HIBUN Cryptographic Module for Kernel-Mode is the cryptographic library module which operates on the Windows Kernel-Mode. Full listing of testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit (single-user mode)"
1696 Hitachi Solutions, Ltd.
4-12-7, Higashishinagawa
Shinagawa-ku, Tokyo 140-0002
Japan

-Applied Security Development Department
TEL: +81-3-5780-2111

CST Lab: NVLAP 200835-0

HIBUN Cryptographic Module for User-Mode
(Software Version: 1.0 Rev. 2)

Validated to FIPS 140-2

JCMVP Cert. #J0015

Security Policy

Consolidated Validation Certificate

Software 03/28/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit; Linux Kernel 2.6 (Fedora 12) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1780); SHS (Cert. #1562); HMAC (Cert. #1045); DRBG (Cert. #125)

-Other algorithms: N/A

Multi-chip standalone

"HIBUN Cryptographic Module for User-Mode is the cryptographic library module which operates on the Windows User-Mode and Linux User-Mode. Full testing configuration: Windows XP Professional; Windows Vista Ultimate; Windows 7 Ultimate; Windows 7 Ultimate 64bit; Linux Kernel 2.6 (Fedora 12) (single-user mode)"
1695 NEC Corporation
1753
Shimonumabe
Nakahara-ku
Kawasaki, Kanagawa 211-8666
Japan

-NEC Corporation
TEL: +81-44-455-8326

CST Lab: NVLAP 200835-0

iPASOLINK MODEM AES Card
(Hardware Version: 5.00; Firmware Version: NWA-055300-004)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/18/2012 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #1834)

-Other algorithms: N/A

Multi-chip embedded

"iPASOLINK is NEC's most advanced and comprehensive optical and radio converged transport product family, in which iPASOLINK MODEM AES Card is implemented as a cryptographic module. The module provides encryption/decryption services by AES-CTR."
1694 SafeNet, Inc.
20 Colonnade Dr, Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI-e Cryptographic Module
(Hardware Version: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Version: 6.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/30/2012;
09/27/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KKDF (SP 800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Certs. #1130, #1134 and #1137, vendor-affirmed)

-Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
1693 SafeNet, Inc.
20 Colonnade Drive, Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

-Mark Yakabuski
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

Luna® PCI-e Cryptographic Module
(Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Version: 6.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/28/2012;
09/27/2012
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KKDF (SP800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Certs. #1130, #1134 and #1137, vendor-affirmed)

-Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
1692 IBM® Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010

CST Lab: NVLAP 200658-0

IBM® z/OS® Version 1 Release 13 System SSL Cryptographic Module
(Hardware Version: FC3863 w/System Driver Level 86E, and optional CEX3A and CEX3C [CEX3A and CEX3C are separately configured versions of 4765-001 (P/N 45D6048)]; Software Version: System SSL level HCPT3D0/JCPT3D1 w/ APAR OA36775, RACF level HRF7780 and ICSF level HCR7780 w/ APAR OA36882; Firmware Version: 4765-001 (e1ced7a0))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 03/12/2012 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Coprocessor (CEX3C)); Crypto Express3 Card (Accelerator (CEX3A)) and Crypto Express3 Cards (Coprocessor (CEX3C) and Accelerator (CEX3A))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1713, #1864 and #1865); Triple-DES (Certs. #1103, #1210 and #1211); DSA (Certs. #582 and #583); RSA (Certs. #944, #945, #946, #947 and #948); SHS (Certs. #1497, #1639 and #1640); HMAC (Certs. #1110 and #1111); RNG (Certs. #977 and #978)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC2; ArcFour; MD5; MD2; HMAC-MD5; ECDSA (non-compliant)

Multi-chip standalone

"System SSL is a set of generic services provided in z/OS to protect TCP/IP communications using the SSL/TLS protocol. System SSL is exploited by many SSL enabled servers and clients in z/OS to meet the transport security constraints required in an On Demand environment. The System SSL APIs are also externalized to customer applications. System SSL has evolved through the latest releases of z/OS to support the new TLS (Transaction Layer Security) standard, to reach an unmatched level of performance and to extend the APIs available to applications to new functions."
1691

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/09/2012 Overall Level: 3 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1690 Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat, 13705
France

-Frederic Garnier
TEL: +33 4 42 36 43 68
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 200427-0

Protiva PIV v1.55 on TOP DL v2
(Hardware Version: A1023378; Firmware Version: Build#11 - M1005011+ Softmask V03, Applet Version: Protiva PIV v1.55)

(PIV Card Application: Cert. #27)

(When operated in FIPS mode with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/09/2012;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed); CVL (Certs. #217 and #224)

-Other algorithms: N/A

Single-chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1689 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Unified IP Phone 7906G, 7911G, 7931G, 7941G, 7942G, 7945G, 7961G, 7961GE, 7962G, 7965G, 7970G, 7971G, 7971GE and 7975G
(Hardware Versions: (CP-7906G: V01-V09), (CP-7911G: V01-V09), (CP-7931G: V01-V05), (CP-7941G: V01-V02), (CP-7942G: V01-V10), (CP-7945G: V01-V11), (CP-7961G: V01-V02), (CP-7961GE: V01), (CP-7962G: V01-V11), (CP-7965G: V01-V11), (CP-7970G: V01-V02), (CP-7971G/7971GE: V01-V03) and (CP-7975G: V01-V12); Firmware Version: 9.2(1)SR2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/09/2012 Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #1745 and #1747); HMAC (Certs. #1022 and #1024); RNG (Cert. #931); RSA (Cert. #868); SHS (Certs. #1532 and #1534); Triple-DES (Cert. #1132)

-Other algorithms: HMAC MD5; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Unified IP Phones 7900 Series deliver cost-effective, full-featured voice communication services in a clutter-free and earth-friendly, ergonomic design."
1688 Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

-Monty Forehand
TEL: 720-684-2835
FAX: 720-684-2733

CST Lab: NVLAP 200427-0

Momentus® FDE Attached Storage Drives FIPS 140 Module
(Hardware Version: ST9500326AS; Firmware Version: 566)

(When operated in FIPS mode. Files distributed with the module mounted within the CD Drive are excluded from the validation.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/09/2012 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #797 and #1341); HMAC (Cert. #883); SHS (Cert. #1223); RNG (Cert. #737); RSA (SigVer, Cert. #648); Triple-DES (Cert. #697)

-Other algorithms: DES

Multi-chip embedded

"The Momentus® Attached Storage FDE Drives, FIPS 140 Modules are FIPS 140-2 Level 2 modules which provide full disk encryption with user authentication These products are designed to prevent data breaches due to loss or theft on the road, in the office. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms in DriveTrust Security Mode. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, and authenticated FW download."
1687 Mitsubishi Space Software Co., Ltd.
Tsukuba Mitsui Bldg.,
1-6-1, Takezono
Tsukuba-shi, Ibaraki-ken 305-0032
Japan

-Shinichi Shimazaki
TEL: +81-29-856-0154
FAX: +81-29-859-0320

-Ikuo Shionoya
TEL: +81-29-856-0154
FAX: +81-29-859-0320

CST Lab: NVLAP 200928-0

Command Encryption Module
(Firmware Version: 2.0)

(When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 03/30/2012 Overall Level: 2 

-EMI/EMC: Level 3

-Tested: HP Compaq 6000 Pro Small Form Factor PC running Microsoft Windows XP Professional SP2 and Zone Labs Zone Alarm Pro Firewall version 10.0.250.000

-FIPS Approved algorithms: Triple-DES (Cert. #1119)

-Other algorithms:

Multi-chip standalone

"Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
1686 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

McAfee Endpoint Encryption Client Windows Cryptographic Module 1.0 [1] and McAfee Endpoint Encryption Client Preboot Cryptographic Module 1.0 [2]
(Software Version: 6.1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/09/2012 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with (Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without AES-NI; Windows 7 32-bit or Windows Vista 32-bit running on Intel Core i5 with AES-NI; Windows 7 64-bit or Windows Vista 64-bit running on Intel Core i7 with AES-NI) [1]; (McAfee Endpoint Encryption Preboot OS running on Intel Core i3 without AES-NI; McAfee Endpoint Encryption Preboot OS running on Intel Core i5 or i7 with AES-NI) [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1881, #1882 and #1883); DRBG (Cert. #156); HMAC (Cert. #1124 and #1125); SHS (Certs. #1653 and #1654);

-Other algorithms: RC5; PKCS#5; AES (non-compliant); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1881, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

1685 ZyFLEX Technologies Incorporation
4F, No.5-2, Industry E. 9th Rd.
Science Park Hsinchu
Hsin-Chu, Taiwan 30075
Republic of China

-Nick Tseng
TEL: +886-3-5679168
FAX: +886-3-5679188

CST Lab: NVLAP 200824-0

ZyFLEX Crypto Module ZCM-100
(Hardware Version: AAM; Firmware Version: 1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/09/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1670 and #1671); DSA (Cert. #521); HMAC (Cert. #980); RNG (Certs. #888 and #889); RSA (Cert. #827); SHS (Cert. #1462)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip embedded

"ZyFLEX Crypto Module ZCM-100 is a hardware multichip embedded module that targets high speed data link layer (OSI layer 2) secure data transmission applications in an IP-based network. ZCM-100 implements AES-256 encryption/decryption algorithms and other Approved security functions by using both hardware FPGA circuitry and a 32-bit microcontroller. Its miniaturized size and low power consumption features make ZCM-100 suitably fit in a portable wireless communication device such as a handheld radio."
1684 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-Vinnie Moscaritolo
TEL: 650-527-9000

CST Lab: NVLAP 200802-0

PGP Cryptographic Engine
(Software Version: 4.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/24/2012 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7; IOS 5 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1151); AES (Cert. #1778); SHS (Cert. #1559); HMAC (Certs. #1043)

-Other algorithms: AES (EME2 mode; non-compliant)

Multi-chip standalone

"The PGP Cryptographic Engine includes a wide range of field-tested and standards-based encryption, and encoding algorithms used by PGP Whole Disk Encryption."
1683 Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, NY 14534
USA

-Robert Pethick
TEL: 585-248-9447
FAX: 585-248-9185

CST Lab: NVLAP 100432-0

Communication Server
(Software Versions: 5.12.110, 6.0.148, 6.1.22, 6.3.249 or 6.4.500)

(When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode) or (Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/15/2012 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7; Microsoft Windows Server 2008 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1650); RNG (Cert. #882)

-Other algorithms: RC2

Multi-chip standalone

"The Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel's advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1682 Voltage Security, Inc.
20400 Stevens Creek Blvd.
Cupertino, CA 95014
USA

-Luther Martin
TEL: 650-543-1280
FAX: 650-543-1279

CST Lab: NVLAP 200802-0

Voltage IBE Cryptographic Module
(Software Version: 4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/14/2012;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows 7 Professional SP1, 32-bit; Red Hat Enterprise Linux Server 5.3, 32-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1752); Triple-DES (Cert. #1135); DSA (Cert. #547); SHS (Cert. #1539); RNG (Cert. #934); RSA (Cert. #871); HMAC (Cert. #1029); DRBG (Cert. #115)

-Other algorithms: IBE; BBX; FFX; RSA (key wrapping; key establishment methodology provides 112 bits encryption strength; non-compliant less than 112 bits of encryption strength); MD5; Diffie-Hellman; DES

Multi-chip standalone

"Voltage IBE Cryptographic Module implements the following algorithms: DSA; TDES; AES (ECB, CBC, CFB, OFB, FPE); DRNG; DRBG; SHS; HMAC; CMAC; RSA; DH; BF IBE; BB1 IBE; MD; DES"
1681 Symantec Corporation
350 Ellis St.
Mountain View, CA 94043
USA

-Vinnie Moscaritolo
TEL: 650-527-8000

CST Lab: NVLAP 200802-0

PGP Software Developer's Kit (SDK) Cryptographic Module
(Software Version: 4.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/28/2012 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP3; Mac OS X 10.7; Linux, 32-bit: CentOS 5.5; iOS 5 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1150); AES (Cert. #1777); RSA (Cert. #888); DSA (Cert. #558); SHS (Cert. #1558); HMAC (Cert. #1042); DRBG (Cert. #124)

-Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD-160; ElGamal; EC Diffie-Hellman; ECDSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing

Multi-chip standalone

"The PGP Software Developer's Kit (SDK) Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1680 Absolute Software Corporation
Suite 1600, Four Bentall Centre
1055 Dunsmuir Street
PO Box 49211
Vancouver, BC V7X 1K8
Canada

-Tim Parker
TEL: 604-730-9851 ext. 194
FAX: 604-730-2621

CST Lab: NVLAP 200556-0

Absolute Encryption Engine
(Software Version: 1.2.0.46)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/14/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 64-bit; Windows 7 32-bit; Windows XP 32-bit; Windows Vista 32-bit; Windows Vista 64-bit; Red Hat Enterprise Linux (RHEL) 6 32-bit; Mac OS X v10.6.7 32-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1610); RNG (Cert. #864)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength)

Multi-chip standalone

"Absolute Software Corporation provides security products for the central management of all IT assets. The Absolute Encryption Engine is a dynamic-linked library (DLL) defined as the encryption module on the client and server callable by applications via an Application Programming Interface (API). The module is currently used by the Absolute Computrace product."
1679 Senetas Corporation Ltd.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 (3) 9868 4515
FAX: +61 (3) 9821 4899

-Horst Marcinsky
TEL: +61 (3) 9868 45555
FAX: +61 (3) 9821 4899

CST Lab: NVLAP 200426-0

CN1000 Fibre Channel Encryptor
(Hardware Version: A5175B; Firmware Version: 1.9.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/14/2012 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #1158); AES (Certs. #1775 and #1786); SHS (Cert. #1568); RNG (Cert. #948); DSA (Cert. #562); RSA (Cert. #893); HMAC (Cert. #1051)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN1000 Fibre Channel Encryptor is a high-speed, standards based, encryptor specifically designed to secure data transmitted over Fibre Channel point-to-point networks at line rates up to 4.25Gb/s. Data privacy is provided by FIPS approved AES algorithms."
1678 Giesecke & Devrient
45925 Horseshoe Drive
Dulles, VA 20166
USA

-Jatin Deshpande
TEL: 650-312-8047
FAX: 650-312-8129

-Thomas Palsherm
TEL: +49 89 4119-2384
FAX: +49 89 4119-9093

CST Lab: NVLAP 200427-0

StarSign Crypto USB Token powered by Sm@rtCafé Expert 6.0
(Hardware Version: P5CC081; Firmware Version: Sm@rtCafT Expert 6.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/09/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1755); DRBG (Cert. #116); RSA (Cert. #874); SHS (Cert. #1542); Triple-DES (Cert. #1136); Triple-DES MAC (Triple-DES Cert. #1136, vendor affirmed)

-Other algorithms: AES (Cert. #1755, key wrapping; key establishment methodology provides 128 to 256 bits of encryption strength)

Multi-chip standalone

"Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafT Expert 6.0 is a Java Card 3 and Global Platform v2.1.1 compliant smart card module supporting both contact and contactless interfaces. It also supports, at a minimum, RSA up to 2048 bits(RSA and RSA-CRT) with on-card key generation, Hash algorithms(including SHA256), AES(up to 256 bits), ECDSA, and Triple-DES. The Sm@rtCafT Expert 6.0 is suitable for government and corporate identification, payment and banking, health care, and Web applications."
1677 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-David Gerendas
TEL: 949-860-3369
FAX: 949-297-5575

CST Lab: NVLAP 200416-0

McAfee Endpoint Encryption Disk Driver Cryptographic Module 1.0
(Software Version: 6.1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/09/2012 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit or Windows 7 64-bit running on Intel Core i3 without AES-NI; Windows Vista 32-bit or Windows 7 32-bit running on Intel Core i5 with AES-NI; Windows Vista 64-bit or Windows 7 64-bit running on Intel Core i7 with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1882); HMAC (Cert. #1125); SHS (Cert. #1654)

-Other algorithms: RC5; AES (non-compliant)

Multi-chip standalone

1676 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Bordwine
TEL: 703-885-3854

CST Lab: NVLAP 200556-0

Symantec Java Cryptographic Module Version 1.1
(Software Version: 1.1)

(When operated in FIPS mode with module RSA BSAFE® Crypto-J Software Module validated to FIPS 140-2 under Cert. #1291 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/09/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 with Sun JRE 5.0; Microsoft Windows XP SP2 with Sun JRE 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1109); DSA (Cert. #357); ECDSA (Cert. #130); DRBG (Cert. #15); HMAC (Cert. #621); RNG (Cert. #616); RSA (Cert. #522); SHS (Cert. #1032); Triple-DES (Cert. #806)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; ANSI X9.31 RNG (non-compliant); MD5Random; SHA1Random (non-compliant)

Multi-chip standalone

"The Symantec Java Cryptographic Module Version 1.1 provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite."
1675 Uplogix, Inc.
7600B N. Capital of Texas Highway
Austin, TX 78731
USA

-Martta Howard
TEL: 512-857-7043

CST Lab: NVLAP 200427-0

Uplogix 430 [1] and 3200 [2]
(Hardware Versions: (43-1002-50 and 43-1102-50) [1] and (37-0326-03 and 37-0326-04) [2]; Firmware Version: 4.3.5.19979)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/06/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Certs. #1644 and #1647); DRBG (Cert. #90); DSA (Certs. #515 and #517); HMAC (Certs. #966 and #968); RNG (Cert. #881); RSA (Certs. #812 and #815); SHS (Certs. #1445 and #1448); Triple-DES (Certs. #1074 and #1076)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5-96; HMAC-SHA-96 (non-compliant); MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)

Multi-chip standalone

"Uplogix is a network independent management platform that locates with - and directly connects to - managed devices. Standing alone or augmenting existing centralized management tools, Uplogix provides configuration, performance and security management actions that are best performed locally. Local Management reduces operational costs, speeds problem resolution, and improves security and compliance versus centralized-only management. Our local focus on network device automation enables the transition to more network sensitive cloud and virtual infrastructure technologies."
1674 Avaya, Inc.
211 Mt. Airy Road
Basking Ridge, NJ 07920
USA

-Dragan Grebovich
TEL: 978-671-3476

CST Lab: NVLAP 200556-0

Secure Router 4134
(Hardware Version: Chassis: 4134, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); 1-port HSSI Medium Card (Part Number: 333-70290-01 Rev 9); 1-port Channelized / Clear Channel T3 Medium Card (Part Number: 333-70280-01 Rev 8); 8-port T1/E1 Medium Card (Part Number: 333-70275-01 Rev 01.0012); 10-port Gigabit Ethernet (GbE) Medium Card (Part Number: 333-70330-01 Rev 01.0023); 24-port Fast Ethernet (FE) Medium Card (Part Number: 333-70325-01 Rev 15); 24-port Fast Ethernet/Power over Ethernet (FE/PoE) Medium Card (Part Number: 333-70325-02 Rev 01.0017); Firmware Version: 10.3.0.100)

(When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy and with all interface card slots filled or covered)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/06/2012;
01/01/2014
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #275 and #1050); AES (Certs. #173 and #1605); SHS (Cert. #1418); HMAC (Cert. #941); RSA (SigVer, Cert. #787); DSA (Cert. #496); DRBG (Cert. #79)

-Other algorithms: DSA (Cert. #501; non-compliant); MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #787; non-compliant)

Multi-chip standalone

"The Secure Router 4134 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs."
1673 Avaya, Inc.
211 Mt. Airy Road
Basking Ridge, NJ 07920
USA

-Dragan Grebovich
TEL: 978-671-3476

CST Lab: NVLAP 200556-0

Secure Router 2330
(Hardware Version: Chassis: 2330, Interface Cards: 2-port T1/E1 Small Card (Assembly Number: 333-70225-01 Rev 4); 2-port Serial Small Card (Assembly Number: 333-70240-01 Rev 02.0011); 1-port ADSL2+ Annex A Small Card (Assembly Number: 333-70260-01 Rev 01); Firmware Version: 10.3.0.100)

(When operated in FIPS mode, the tamper evident seals are installed as indicated in the Security Policy, with all interface card slots filled or covered)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/06/2012 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #210 and #1051); AES (Certs. #96 and #1606); SHS (Certs. #187 and #1419); HMAC (Cert.#942); RSA (SigVer, Cert. #788); DSA (Cert. #497); DRBG (Cert. #80)

-Other algorithms: MD5; NDRNG; Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (SigGen and KeyGen, Cert. #788; non-compliant)

Multi-chip standalone

"The Secure Router 2330 is a modular, multi-service branch router that combine IP routing, wide-area networking (WAN), voice/PSTN gateway and security services in a single platform. With advanced services - including IPv4/IPv6 routing, high-performance WAN, SIP survivable gateway, and IPSec VPN and firewall security - they are well-suited to address enterprise branch, regional and even headquarter WAN routing needs."
1672 IBM Corporation
2455 South Road
Poughkeepsie, NY 12601
USA

-William F Penny
TEL: 845-435-3010
FAX: 845-433-7510

-James Sweeny
TEL: 845-435-7453
FAX: 845-435-8530

CST Lab: NVLAP 200658-0

IBM® z/OS® Version 1 Release 13 ICSF PKCS#11 Cryptographic Module
(Hardware Version: CPACF (P/N COP) and optional 4765-001 (P/N 45D6048); Software Version: ICSF level HCR7780 w/ APAR OA36882 and RACF level HRF7780; Firmware Version: CPACF (FC3863 w/ System Driver Level 86E) and optional 4765-001 (e1ced7a0))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software-Hybrid 02/06/2012 Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with IBM® zEnterprise (TM) 196 (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 [Base GPC, and optional Crypto Express3 Card (Accelerator (CEX3A) is a separately configured version of 4765-001 (P/N 45D6048))] [IBM® zEnterprise (TM) (z196) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 includes FC3863 w/System Driver Level 86E and z/OS® V1R13] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1713 and #1866); Triple-DES (Certs. #1103 and #1212); DSA (Cert. #584); ECDSA (Cert. #261); RSA (Certs. #946, #949 and #971); SHS (Certs. #1497 and #1641); HMAC (Cert. #1112); DRBG (Cert. #151); CVL (Cert. #9)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Triple-DES (non-compliant); DSA (non-compliant); HMAC (non-compliant); RC4; BLOWFISH; MD5; MD2; RIPE-MD; EC Brainpool

Multi-chip standalone

"The ICSF PKCS #11 module consists of software-based cryptographic algorithms, as well as symmetric and hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF) and RSA Hardware clear key modular math cryptography provided through the Crypto Express3 card (CEX3A). The RSA hardware support is accessed through auxiliary module CSFINPVT which acts as a pipe between ICSF PKCS #11 and the cryptographic cards."
1671 Sensage, Inc.
1400 Bridge Parkway
Suite 202
Redwood City, CA 94065
USA

-Brad Kekst
TEL: 415-215-3567
FAX: 650-631-2810

-Rao Yendluri
TEL: 650-830-0484
FAX: 650-631-2810

CST Lab: NVLAP 200002-0

CryptoCore Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/06/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Redhat Enterprise Linux Version 5.1; Redhat Enterprise Linux Version 5.5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1761); Triple-DES (Cert. #1140); RSA (Cert. #877); DSA (Cert. #551); SHS (Cert. #1545); HMAC (Cert. #1032); RNG (Cert. #938)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; DES; CAST5; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Sensage’s purpose-built event data warehouse products enable users to easily collect and store large volumes of log and event data, while also providing an ability to query and perform analyses on the event data that are available. Their Private Encryption File System solution gives product administrators the ability to employ FIPS-validated encryption and decryption on stored data, providing protection of data-at-rest (log files, configuration files, and other stored data) within the product."
1670 Dolby Laboratories, Inc.
100 Potrero Avenue
San Francisco, CA 94103
USA

-Dean Bullock
TEL: 415-645-5336
FAX: 415-645-4000

CST Lab: NVLAP 100432-0

CAT862 Dolby JPEG 2000/MPEG-2 Media Block IDC
(Hardware Versions: P/N CAT862Z, Revisions FIPS_1.0, FIPS_1.1, FIPS_1.2 and FIPS_1.3; Firmware Version: 4.4.0.37)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/02/2012;
02/09/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #519, #520 and #1067); SHS (Certs. #592 and #1086); RSA (Cert. #233); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The CAT862 Dolby JPEG2000/MPEG2 Media Block IDC performs all the cryptography, license management, and video decoding functions for the DSS200 Dolby Screen Server, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality and outstanding reliability. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets DCI specifications for security, data rate, storage capacity, and redundancy."
1669 Research In Motion Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 519-886-4839

CST Lab: NVLAP 200928-0

BlackBerry Cryptographic Kernel
(Firmware Versions: 3.8.7.0 [1], 3.8.7.1 [1,2], 3.8.7.4 [2], 3.8.7.5 [2] and 3.8.7.6 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 01/19/2012;
10/10/2012
Overall Level: 1 

-Design Assurance: Level 3

-Tested: BlackBerry 9900 with BlackBerry OS Versions 7.0 [1] and 7.1 [2]

-FIPS Approved algorithms: Triple-DES (Certs. #1163 and #1164); AES (Certs. #1798, #1799, #1800 and #1801); SHS (Certs. #1581 and #1582); HMAC (Certs. #1063 and #1064); RSA (Certs. #902 and #903); DRBG (Certs. #132 and #133); ECDSA (Certs. #244 and #245)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1668 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team
TEL:

CST Lab: NVLAP 200427-0

Cisco Common Cryptographic Module (C3M)
(Hardware Versions: Intel [Core i5, Core i7 and Xeon] with AES-NI; Software Version: 0.9.8r.1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 01/19/2012;
02/23/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with FreeBSD 8.2 or Windows 7 SP1 running on Intel Core i5 with AES-NI; Red Hat Enterprise Linux v5 running on Intel Xeon with AES-NI or Intel Core i7 with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1758); DSA (Cert. #550); ECDSA (Cert. #234); HMAC (Cert. #1031); RNG (Cert. #937); RSA (Cert. #876); SHS (Cert. #1544); Triple-DES (Cert. #1139)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Common Cryptographic Module (C3M) is a software-hybrid that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS validated cryptographic algorithms for services such as sRTP, SSH, TLS, 802.1x etc. The module does not implement any of the protocols directly. Instead, it provides the cryptographic primitives and functions to allow a developer to implement various protocols."
1667 Qube Cinema, Inc.
601 S. Glenoaks Blvd.
Ste. 102
Burbank, CA 91502
USA

-Rajesh Ramachandran
TEL: 818-392-8155
FAX: 818-301-0401

CST Lab: NVLAP 100432-0

Secure Media Block
(Hardware Versions: Z-OEM-DCI-Q-R0, Z-OEM-DCI-Q-R2 and Z-OEM-DCI-Q-R3; Firmware Version: 105; Security Manager Version: 1.0.3.4)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/11/2012;
06/21/2012
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #812 and #1455); HMAC (Certs. #450 and #854); RNG (Certs. #467 and #797); RSA (Certs. #392 and #711); SHS (Certs. #809, #810, #811 and #1318)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5

Multi-chip embedded

"The Qube Secure Media Block is used in Digital Cinema applications, providing core functionality required to playback Digital Cinema Packages. The module performs essence decryption when processing encrypted content, it ensures link encryption downstream to a projector device, and it provides other features as to enable a fully capable Digital Cinema Server. Content owners and other stake holders rely upon the security features provided by the Qube Secure Media Block to protect their valuable content, and to perform secure logging of operations within a theatre auditorium."
1666 Motorola Mobility, Inc.
600 North US Highway 45
Libertyville, IL 60048
USA

-Ed Simon
TEL: 800-617-2403

CST Lab: NVLAP 100432-0

Motorola Mobility Cryptographic Suite B Module
(Software Version: 5.4fm)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/25/2012;
03/07/2012;
03/14/2012;
05/29/2012
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 2.3; Android 4.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1930); Triple-DES (Cert. #1256); SHS (Cert. #1695); HMAC (Cert. #1164); RSA (Cert. #996); DSA (Cert. #613); RNG (Cert. #1015)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Motorola Mobility Cryptographic Suite B Module is used in Motorola Business Ready Android devices to encrypt sensitive application data. For details on Motorola Business Ready, see www.motorola.com/Business-Ready/US-EN/Home."
1665 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-5335

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-8000 S
(Hardware Version: P/N M-8000 S, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 6.1.15.35)

(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/10/2012 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
1664 Certicom Corp.
4701 Tahoe Blvd.
Building A
Mississauga, Ontario L4W 0B5
Canada

-Certicom Sales
TEL: 905-507-4220
FAX: 905-507-4230

-Kris Orr
TEL: 289-261-4104
FAX: 905-507-4230

CST Lab: NVLAP 200928-0

Security Builder® FIPS Module
(Firmware Versions: 4.0 B and 4.0 S)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 01/10/2012;
03/30/2012
Overall Level: 1 

-Tested: ARM 920T processor running Hand Held Products BASE firmware 31205423-052 or Hand Held Products Scanner firmware 31205480-025; ARM 926EJ-S processor running Honeywell Xenon 1902 Cordless Base Firmware or Honeywell Xenon 1902 Cordless Scanner firmware

-FIPS Approved algorithms: AES (Certs. #547 and #590); SHS (Certs. #612 and #641); HMAC (Certs. #288 and #307); RNG (Certs. #315 and #336); DSA (Certs. #222 and #232)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Security Builder® FIPS Module is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The Security Builder FIPS Module is part of the Certicom Security Architecture, a comprehensive cross-platform security solution which supports multiple cryptographic software and hardware providers with a single common API."
1663

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/05/2012 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1651 Nexgrid, LLC
4444 Germanna Hwy
Locust Grove, VA 22508
USA

-Thomas McLure
TEL: 888-556-0911 ext 1010
FAX: 703-562-8385

-Haim Shaul
TEL: 888-556-0911 ext 1003
FAX: 703-562-8385

CST Lab: NVLAP 200427-0

ecoNet smart grid gateways: ecoNet SL and ecoNet MSA
(Hardware Versions: ENSL2, ENSL5 and ENMSA2; Firmware Version: 3.1.2-FIPS)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/05/2012 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1665); DSA (Cert. #520); HMAC (Cert. #979); RNG (Cert. #887); RSA (Cert. #820); SHS (Cert. #1459); Triple-DES (Cert. #1083)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 224 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"ecoNet smart grid gateways provide the central link between intelligent endpoint devices and the Utility's backhaul or WAN enabling real time network control and monitoring."
1631

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/24/2012;
05/03/2012
Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone


Need Assistance?