CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016
All

Last Updated: 9/26/2016

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Val.
Date
Level / Description
2066Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0
Kanguru Defender Elite 200™
(Hardware Versions: 1.0 (P/Ns KDFE200‐4G-Red, KDFE200-4G‐Green, KDFE200‐4G‐Blue, KDFE200-4G-Yellow, KDFE200-4GBrown, KDFE200‐4G‐Gray, KDFE200-4G‐Silver, KDFE200‐8G‐Red, KDFE200-8G-Green, KDFE200‐8G‐Blue, KDFE200- 8G‐Yellow, KDFE200-8G‐Brown, KDFE200-8G‐Gray, KDFE200-8G‐Silver, KDFE200-16G‐Red, KDFE200-16G‐Green, KDFE200‐16G‐Blue, KDFE200-16G‐Yellow, KDFE200-16G‐Brown, KDFE200-16G‐Gray, KDFE200-16G‐Silver, KDFE200- 32G‐Red, KDFE200-32G-Green, KDFE200-32G‐Blue, KDFE200-32G‐Yellow, KDFE200-32G‐Brown, KDFE200-32G‐Gray, KDFE200‐32G‐Silver, KDFE200‐64G‐Red, KDFE200-64G‐Green, KDFE200‐64G‐Blue, KDFE200-64G‐Yellow, KDFE200-64G‐Brown, KDFE200-64G‐Gray, KDFE200-64G‐Silver, KDFE200-128G-Red, KDFE200-128G‐Green, KDFE200-128G-Blue, KDFE200-128G-Yellow, KDFE200-128G‐Brown, KDFE200-128G-Gray, KDFE200‐128G-Silver); Firmware Versions: 2.03.10 and 2.05.10))

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/24/2013
02/28/2014
06/05/2014
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Kanguru Defender Elite 200™ is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device. It can also be used as a secure platform for remote access and virtualized applications run directly from the device. The device supports onboard hardware random number generation, RSA, HMAC and algorithms."
2064

CST Lab: NVLAP 200002-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/23/2013
08/09/2016
Overall Level: 2

Multi-chip standalone
2062RSAE Labs Inc.
PO Box 15922
PANAMA CITY, FL 32406
United States

Randall Shepard
TEL: 650-464-6201
FAX: 1-850-462-2685

CST Lab: NVLAP 200802-0
Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module
(Hardware Version: 380270-1 Rev. -; Firmware Version: mat_v2_1_0 or sink_v2_1_0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/17/2013
01/24/2014
08/22/2016
Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #1863); DRBG (Cert. #150)

-Other algorithms: NDRNG

Single-chip

"The Cubic Managed Asset Tag Cryptographic Module and Cubic SINK Cryptographic Module securely sends and receives information collected from peripheral sensors to/from an external Cubic Gateway in support of Cubic Mist® mesh networking solutions."
2058RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 6.1 or 6.1.1.0.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/13/2013
07/03/2014
02/12/2016
05/10/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Oracle® JRE 7.0 on Microsoft® Windows 7™ (64-bit) running on Dell™ Dimension C521
JRE 6.0 on Android 2.2 ARM (32-bit) running on Lenovo® Thinkpad® T61 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2249); DRBG (Cert. #273); DSA (Cert. #701); ECDSA (Cert. #357); HMAC (Cert. #1378); PBKDF (vendor affirmed); RSA (Cert. #1154); SHS (Cert. #1938); Triple-DES (Cert. #1408); CVL (Cert. #39)

-Other algorithms: BPS; DES; DESX; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RNG; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime; Shamir's Secret Sharing

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
2057RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 6.1or 6.1.1.0.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/13/2013
07/03/2014
02/12/2016
05/10/2016
Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Oracle® JRE 7.0 on Microsoft® Windows 7™ (64-bit) running on Dell™ Dimension C521
JRE 6.0 on Android 2.2 ARM (32-bit) running on Lenovo® Thinkpad® T61 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2249); DRBG (Cert. #273); DSA (Cert. #701); ECDSA (Cert. #357); HMAC (Cert. #1378); PBKDF (vendor affirmed); RSA (Cert. #1154); SHS (Cert. #1938); Triple-DES (Cert. #1408); CVL (Cert. #39)

-Other algorithms: BPS; DES; DESX; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RNG; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime; Shamir's Secret Sharing

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
2056RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE(R) Crypto-C Micro Edition
(Software Version: 4.0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/05/2013
11/25/2014
02/03/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 32-bit)
Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 64-bit)
Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit)
Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with PAA (x86 32-bit)
Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit)
Red Hat Enterprise Linux 5.5 running on a HP rx2600 (Itanium2 64-bit)
Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit)
Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit)
Red Hat Enterprise Linux 6.0 running on a Intel Maho Bay with PAA (x86 64-bit)
Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8 32-bit)
Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8+ 32-bit)
Oracle Solaris 10 running on a Sun Fire V240 (SPARC v9 64-bit)
Oracle Solaris 10 running on a Dell Poweredge SC420 (x86 32-bit)
Oracle Solaris 10 running on a Intel Sugar Bay with PAA (x86 32-bit)
Oracle Solaris 10 running on a Dell Dimension E521 (x86 64-bit)
Oracle Solaris 10 running on a Intel Sugar Bay with PAA (x86 64-bit)
Microsoft Windows XP Professional SP3 running on a Dell Poweredge SC420 (x86 32-bit)
Microsoft Windows XP Professional SP3 running on a Dell Precision M6500 with PAA (x86 32-bit)
Microsoft Windows XP Professional SP2 running on a Indus Technologies Idex 410 (x86 64-bit)
Microsoft Windows 7 SP1 running on a Dell Precision M6500 with PAA (x86 64-bit)
Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 32-bit)
Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 64-bit)
Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit)
Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit)
IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 32-bit)
IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 64-bit)
IBM AIX v6.1 running on a IBM 9110-51A (PPC 32-bit)
IBM AIX v6.1 running on a IBM 9110-51A (PPC 64-bit)
IBM AIX v7.1 running on a IBM 8231-E2B (PPC 32-bit)
IBM AIX v7.1 running on a IBM 8231-E2B (PPC 64-bit)
HP HP-UX 11.23 running on a HP Visualize C3600 (PA RISC 2.0 32-bit)
HP HP-UX 11.23 running on a HP Visualize C3600 (PA-RISC 2.0W 64-bit)
HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 32-bit)
HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 64-bit)
Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 32-bit)
Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RNG (Cert. #1057); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2054Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0
Datacryptor® 100M Ethernet
(Hardware Versions: 1600x439, Rev. 01 and 1600x439, Rev. 02; Firmware Version: 5.0)
(When configured with the Multi-Point license as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/05/2013Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #2014, #2030 and #2065); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34, key agreement; key establishment methodology provides 192 bits of encryption strength)

-Other algorithms: AES (Cert. #2014, key wrapping); HWRBG

Multi-chip standalone

"The Datacryptor® 100 Mbps Ethernet Layer 2 is a rack-mountable multi-chip standalone cryptographic module designed to secure data in transmissions across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Elliptic Curve Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM. Management of the Datacryptor® is performed via a remote management interface."
2053Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0
Datacryptor® 100M Ethernet
(Hardware Versions: 1600x439, Rev. 01 and 1600x439, Rev. 02; Firmware Version: 5.0)
(When configured with the Point-Point license as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/05/2013Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #2014, #2030 and #2062); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1)

-Other algorithms: HWRBG

Multi-chip standalone

"The Datacryptor® 100 Mbps Ethernet Layer 2 is rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks. Management of the Datacryptor® is performed via a remote management interface."
2051Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0
µMACE
(Hardware Version: P/N AT58Z04; Firmware Versions: R01.03.11, R01.03.12, or R01.03.13)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/03/2013Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1876 and #2146); ECDSA (Cert. #263); KAS (Cert. #28); SHS (Cert. #1619); HMAC (Cert. #1313)

-Other algorithms: AES (Cert. #1876, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (Cert. #1876, vendor affirmed; P25 AES OTAR); AES (Cert. #2146; non-compliant); NDRNG

Single-chip

"The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products."
2050Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

ChrisMarks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade ICX 6430 and ICX 6450 Series Stackable Switch with FastIron 7.4.00a Firmware
(Hardware Versions: ICX-6430-24 P/N 80-1006002-02, ICX-6430-24P P/N 80-1006000-02, ICX-6430-48 P/N 80-1006003-02, ICX-6430-48P P/N 80-1006001-02, ICX-6450-24 P/N 80-1005997-02, ICX-6450-24P P/N 80-1005996-02, ICX-6450-48 P/N 80-1005999-03 and ICX-6450-48P P/N 80-1005998-02 with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: FastIron v7.4.00a)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/03/2013
02/20/2014
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1403); AES (Cert. #2243); SHS (Cert. #1933); HMAC (Cert. #1373); DRBG (Cert. #268); DSA (Cert. #696); RSA (Cert. #1149); ECDSA (Cert. #352)

-Other algorithms: RSA (key wrapping: key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC-MD5; SNMPv3 KDF; SSHv2 KDF; TLSv1.0 KDF; Proprietary two way encryption; DES

Multi-chip standalone

"The Brocade ICX 6430 and 6450 Switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks. Brocade ICX 6430 and 6450 are available in 24- and 48- port 10/100/1000/ Mbps models and 1 Gigabit Ethernet (GbE) or 10 GbE dual-purpose uplink/stacking ports, with or without IEEE 802.3af Power over Ethernet (PoE) and 802.3at Power over Ethernet Plus (PoE+ - to support enterprise edge networking, wireless mobility, and IP communications."
2049SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Security and Certifications Team

CST Lab: NVLAP 200928-0
SafeNet Software Cryptographic Library
(Software Version: 1.0)
(When operated in FIPS mode and when installed, initialized and configured as specified in Section 4 of the provided Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy; No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/27/2013
12/15/2015
Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Windows Server 2008R2 64-bit running on Dell PowerEdge R210II with PAA
Windows Server 2008 64-bit running on Dell PowerEdge R210II
Windows 7 64-bit running on a Acer Aspire AS5750 with PAA
Windows 7 32-bit running on a Acer Aspire AS5750
NetBSD 4.0 32-bit on Vmware ESX running on Dell PowerEdge R210II with PAA
Android 4.0 running on Beagleboard xM with PAA
RHEL 6.2 64-bit running on a Dell PowerEdge R210II with PAA
CentOS 5.6 32-bit running on a Dell PowerEdge 860 (Single User Mode)

-FIPS Approved algorithms: AES (Cert. #2286); CVL (Cert. #45); DRBG (Cert. #283); DSA (Cert. #714); ECDSA (Cert. #370); HMAC (Cert. #1402); RSA (Cert. #1176); SHS (Cert. #1967); Triple-DES (Cert. #1434)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); RNG (non-compliant); DRBG (non-compliant)

Multi-chip standalone

"The SafeNet Software Cryptographic Library is SafeNet's cryptographic service provider that provides extended high performance cryptographic services for SafeNet's broad range of Data Protection products."
2048Allegro Software Development Corporation
1740 Massachusetts Avenue
Boxborough, MA 01719
USA

Larry LaCasse
TEL: 978-264-6600

CST Lab: NVLAP 200928-0
Allegro Cryptographic Engine
(Software Version: 1.1.8)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software11/27/2013
02/20/2014
Overall Level: 2



-Operational Environment: Tested as meeting Level 2 with Microsoft Windows 7 Ultimate running on a Dell Optiplex 755

-FIPS Approved algorithms: AES (Cert. #2671); Triple-DES (Cert. #1602); RSA (Cert. #1374); DSA (Cert. #810); ECDSA (Cert. #465); SHS (Cert. #2243); HMAC (Cert. #1661); DRBG (Cert. #430); CVL (Cert. #148); PBKDF2 (vendor affirmed)

-Other algorithms: MD5; AES (Cert. #2671, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #148, key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #148, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG

Multi-chip standalone

"Allegro’s suite of Embedded Device Security toolkits makes embedding standards-based security protocols into resource sensitive embedded systems and consumer electronics fast, easy and reliable. The Allegro Cryptographic Engine (ACE) is a cryptographic library module specifically engineered for embedded devices. The module provides embedded systems developers with an easily understood software interface to enable bulk encryption and decryption, message digests, digital signature creation and validation and key generation and exchange. For full details see www.allegrosoft.com/ace."
2047RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE(R) Crypto-C Micro Edition
(Hardware Version: SPARC T4; Software Version: 4.0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid11/25/2013
11/25/2014
02/03/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Solaris 10 running on SPARC T4-2 (single user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RNG (Cert. #1057); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2045Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0
Mocana Cryptographic Suite B Module
(Software Version: 5.5fs)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/18/2013
01/03/2014
04/14/2016
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Integrity O/S 5.0 running on Freescale MPC8544ADS Development System
iOS-5 running on Apple iPad 2
iOS-6 running on Apple iPad 2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2356 and #2096); Triple-DES (Cert. #1333); SHS (Cert. #1820); HMAC (Cert. #1271); RSA (Cert. #1075); DSA (Cert. #655); ECDSA (Cert. #307); DRBG (Cert. #221)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt); RNG; Dual EC DRBG

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
2043Hewlett-Packard Company
Longdown Avenue
Stoke Grifford, Bristol BS34 8QZ
United Kingdom

Laura Loredo
TEL: 44 117 3162462

CST Lab: NVLAP 100432-0
HP LTO-6 Tape Drive
(Hardware Versions: AQ278A #912 [1], AQ278C #704 [2], AQ288D #103 [3], and AQ298C #103 [4]; Firmware Versions: J2AW [1], J2AS [2], 32AW [3], and 22CW [4])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/15/2013Overall Level: 2

-FIPS Approved algorithms: AES (Certs. #1442, #2189 and #2190); HMAC (Cert. #1342); DRBG (Cert. #256); RSA (Certs. #1128 and #1129); SHS (Certs. #1897 and #1898); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: MD5; AES (AES Cert. #2189, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption."
2042Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0
Datacryptor® SONET/SDH OC-3/12/48/192C
(Hardware Versions: 1600x435, Rev. 01 and 1600x435, Rev. 02; 1600x427, Rev. 01 and 1600x427, Rev. 02; Firmware Version: 5.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/15/2013
02/13/2015
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #2014, #2030, #2061 and #2063); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1)

-Other algorithms: HWRBG

Multi-chip standalone

"The Datacryptor® SONET/SDH OC-3/12/48/192C are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public SONET or SDH backbone networks. The devices use standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks."
2041Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0
Datacryptor® Gig Ethernet and 10 Gig Ethernet
(Hardware Versions: 1600x433, Rev. 01 and 1600x433, Rev. 02; 1600x437, Rev. 01 and 1600x437, Rev. 02; Firmware Version: 5.0)
(When configured with the Multi-Point license as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/15/2013
02/13/2015
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #2014, #2030, #2064 and #2066); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34)

-Other algorithms: AES (Cert. #2014, key wrapping); HWRBG

Multi-chip standalone

"The Datacryptor® Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules designed to secure data transmissions across public Ethernet Layer 2 networks. The Gig Ethernet uses an SFP transceiver and the 10 Gig Ethernet uses a higher-speed XFP transceiver. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Elliptic Curve Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM."
2039Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0
Datacryptor® Gig Ethernet and 10 Gig Ethernet
(Hardware Versions: 1600x433, Rev. 01 and 1600x433, Rev. 02; 1600x437, Rev. 01 and 1600x437, Rev. 02; Firmware Version: 5.0)
(When configured with the Point-Point license as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/15/2013
02/13/2015
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #2014, #2030, #2061 and #2063); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1)

-Other algorithms: HWRBG

Multi-chip standalone

"The Datacryptor® 1 Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public Ethernet Layer 2 networks. The 1 Gig and 10 Gig units use an standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks."
2038SafeLogic Inc.
459 Hamilton Ave
Suite 306
Palo Alto, CA 94301
USA

SafeLogic Inside Sales

CST Lab: NVLAP 200556-0
CryptoComply™ | Server
(Software Version: 2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software11/15/2013
01/23/2014
02/20/2014
01/25/2016
02/05/2016
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755
SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
Mac OS X 10.8 on a MacBook Air
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755
CentOS 6.3 on a GigaVUE-TA1 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-chip standalone

"CryptoComply™ | Server is a standards-based "Drop-in Compliance" solution for servers and appliances. The module features robust algorithm support, including Suite B algorithm compliance. CryptoComply offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation."
2036SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200928-0
Luna® PCI-E Cryptographic Module
(Hardware Versions: VBD-05, Version Code 0103; Firmware Version: 6.3.1)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/13/2013Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1756, #2262 and #2282); DSA (Certs. #548, #704 and #712); ECDSA (Certs. #233, #364 and #369); KAS (Cert. #38), RSA (Certs. #1159 and #1173); SHS (Certs. #1947 and #1964); HMAC (Certs. #1386 and #1398); Triple-DES MAC (Triple-DES Certs. #1137, #1414 and #1430, vendor-affirmed); Triple-DES (Certs. #1137, #1414 and #1430); KBKDF (Cert. #6); DRBG (Cert. #277)

-Other algorithms: ARIA; AES MAC (Cert. #2282; non-compliant); CAST5; CAST5-MAC; CAST5-ECB; CAST5-CBC; DES; DES MAC; DES-ECB; DES-CBC; GENERIC-SECRET; HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC2-ECB; RC2-CBC; RC4; RC5; RC5-MAC; RC5-ECB; RC5-CBC; RSA (X-509; non-compliant); SEED; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Certs. #1756, #2262 and #2282, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1137, #1414 and #1430, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Luna® PCI-E for Luna® IS cryptographic module features powerful cryptographic processing and hardware key management for applications where performance and security are the priority. The multi-chip embedded hardware cryptographic module offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-E card."
2035Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade ICX 6610 Series Stackable Switch with FastIron 7.3.00c Firmware
(Hardware Versions: ICX 6610-24F-I (P/N: 80-1005350-03), ICX 6610-24F-E (P/N: 80-1005345-03), ICX 6610-24-I (P/N: 80-1005348-04), ICX 6610-24-E (P/N: 80-1005343-04), ICX 6610-24P-I (P/N: 80-1005349-05, ICX 6610-24P-E (P/N: 80-1005344-05), ICX 6610-48-I (P/N: 80-1005351-04, ICX 6610-48-E (P/N: 80-1005346-04, ICX 6610-48P-I (P/N: 80-1005352-05) and ICX 6610-48P-E (P/N: 80-1005347-05); with FIPS kit XBR-0000195; Firmware Version: FastIron (FI) v7.3.00c)
(When operated in FIPS mode with tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware11/13/2013Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #2150); Triple-DES (Cert. #1363); SHS (Cert. #1871); HMAC (Cert. #1317); DRBG (Cert. #239); DSA (Cert. #668); ECDSA (Cert. #324); RSA (Cert. #1106)

-Other algorithms: RSA (key wrapping: key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC-MD5; SNMPv3 KDF; SSHv2 KDF; TLSv1.0 KDF; proprietary two way encryption; DES

Multi-chip standalone

"The Brocade ICX 6610 delivers wire-speed, non-blocking performance across all ports to support latency-sensitive applications such as real-time voice and video streaming and VDI. Brocade ICX 6610 Switches can be stacked to provide an unprecedented 320 Gbps of backplane stacking bandwidth. Additionally, each switch can provide up to eight 10 Gigabit Ethernet (GbE) ports."
2031Stonesoft Corporation
Itälahdenkatu 22A
Helsinki FI-00210
Finland

Klaus Majewski
TEL: +358-40-824-7908

Jorma Levomäki
TEL: +358-9-476711

CST Lab: NVLAP 200658-0
Stonesoft Cryptographic Library
(Software Version: 1.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/13/2013Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-315
Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-1301 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2240 and #2241); Triple-DES (Certs. #1401 and #1402); DSA (Certs. #694 and #695); RSA (Certs. #1147 and #1148); ECDSA (Certs. #349 and #350); SHS (Certs. #1929 and #1930); DRBG (Certs. #266 and #267); HMAC (Certs. #1370 and #1371); CVL (Certs. #37 and #38)

-Other algorithms: Diffie-Hellman (CVL Certs. #37 and #38, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #37 and #38, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); AES (Certs. #2240 and #2241, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength)

Multi-chip standalone

"Stonesoft Cryptographic Library is a software module that provides cryptographic services for Stonesoft network security products."
2029Atos Worldline
Haachtsesteenweg 1442, B-1130
Brussels
Belgium

Filip Demaertelaere
TEL: +32 2 727 61 67

CST Lab: NVLAP 200556-0
Atos Worldline Adyton Cryptographic Module
(Hardware Version: 9071000001; Firmware Version: 1.2.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/13/2013Overall Level: 3

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Cert. #1810); DRBG (Cert. #138); HMAC (Cert. #1068); KBKDF (Cert. #2); RSA (Cert. #907); SHS (Cert. #1589)

-Other algorithms: NDRNG; AES (Cert. #1810, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip embedded

"Atos Worldline’s Adyton is an innovative high-performance Hardware Security Module (HSM) platform. The design of the Adyton is based on high security, reliability and robustness, user friendliness, and conformance to international security standards. Adyton has an integrated color display, full HEX capacitive keyboard, chip card reader, fingerprint reader, and a USB Host connection."
2028

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/12/2013Overall Level: 2

Multi-chip embedded
2027

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/12/2013Overall Level: 2

Multi-chip embedded
2024Coco Communications
800 5th Avenue Suite 3700
Seattle, WA 98104
USA

David Weidenkopf
TEL: 206-812-5783
FAX: 206-770-6461

A. Riley Eller
TEL: 206-812-5726
FAX: 206-770-6461

CST Lab: NVLAP 200658-0
CoCo Cryptographic Module 2.0
(Software Version: 2.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/12/2013
12/31/2014
05/29/2015
02/08/2016
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Linux 2.6 32-bit running on oMG 2000
Vyatta 6.4 32-bit running on Dell PowerEdge R210 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2299 and #2300); Triple-DES (Certs. #1446 and #1447); SHS (Certs. #1980, #1981, #1982 and #1983); HMAC (Certs. #1411, #1412, #1413 and #1414)

-Other algorithms: N/A

Multi-chip standalone

"The CoCo Cryptographic Module is a Linux loadable kernel module that provides cryptographic services in the Linux kernel. It provides an API that can be used by other kernel services."
2022

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/08/2013Overall Level: 2

Multi-chip standalone
2021Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis

CST Lab: NVLAP 200658-0
Apple iOS CoreCrypto Kernel Module, v4.0
(Software Version: 4.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/07/2013
11/22/2013
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with iOS 7.0 running on an iPhone4 with Apple A4 CPU
iOS 7.0 running on an iPhone4S with Apple A5 CPU
iOS 7.0 running on an iPhone5 with Apple A6 CPU
iOS 7.0 running on iPad (3rd generation) with Apple A5 CPU
iOS 7.0 running on an iPhone5S with Apple A7 CPU (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1527, #1528, #1529 and #1595); AES (Certs. #2493, #2494, #2495, #2496, #2497, #2498, #2655 and #2656); SHS (Certs. #2113, #2114, #2115, #2167, #2169, #2171, #2228 and #2229); ECDSA (Certs. #425, #426, #427 and #458); HMAC (Certs. #1535, #1536, #1537, #1588, #1590, #1592, #1646 and #1647); DRBG (Certs. #350, #351, #352 and #422); PBKDF (vendor affirmed)

-Other algorithms: ECDSA (non-compliant); RSA (non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2020Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis

CST Lab: NVLAP 200658-0
Apple iOS CoreCrypto Module, v4.0
(Hardware Versions: A4, A5, A6 and A7; Software Version: 4.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid11/07/2013
11/22/2013
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with iOS 7.0 running on an iPhone4 with Apple A4 CPU
iOS 7.0 running on an iPhone4S with Apple A5 CPU
iOS 7.0 running on an iPhone5 with Apple A6 CPU
iOS 7.0 running on iPad (3rd generation) with Apple A5 CPU
iOS 7.0 running on an iPhone5 with Apple A7 CPU (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1530, #1531, #1542, #1596 and #1597); AES (Certs. #2499, #2500, #2501, #2502, #2503, #2504, #2505, #2506, #2507, #2508, #2509, #2547, #2657, #2658, #2659, #2660, #2661 and #2662); RSA (Certs. #1289, #1290, #1302, #1367 and #1368); SHS (Certs. #2119, #2120, #2148, #2168, #2170, #2172, #2230, #2231, #2232 and #2233); ECDSA (Certs. #428, #429, #437, #459 and #460); HMAC (Certs. #1541, #1542, #1568, #1589, #1591, #1593, #1648, #1649, #1650 and #1651); DRBG (Certs. #353, #354, #355, #356, #357, #380, #423, #424, #425 and #426); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); RSA (non-compliant); ECDSA (non-compliant); DES; MD2; MD4; MD5; RIPEMD; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC

Multi-chip standalone

"The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2019Hewlett-Packard Company
Longdown Avenue
Stoke Grifford, Bristol BS34 8QZ
United Kingdom

Laura Loredo
TEL: 44 117 3162462

CST Lab: NVLAP 100432-0
HP LTO-6 Tape Drive
(Hardware Versions: AQ278A #912 [1], AQ278B #901 [2], AQ278C #704 [3], AQ288D #103 [4], AQ298C #103 [5], and AQ298A #900 [6]; Firmware Versions: J2AW [1], J2AZ [2], J2AS [3], 32AW [4], 22CW [5], and 22CZ [6])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/07/2013Overall Level: 1

-FIPS Approved algorithms: AES (Certs. #1442, #2189 and #2190); HMAC (Cert. #1342); DRBG (Cert. #256); RSA (Certs. #1128 and #1129); SHS (Certs. #1897 and #1898); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: MD5; AES (AES Cert. #2189, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption."
2016Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis

CST Lab: NVLAP 200658-0
Apple OS X CoreCrypto Kernel Module, v4.0
(Software Version: 4.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/07/2013Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with OS X 10.9 running on Mac mini with i5 CPU with PAA
OS X 10.9 running on Mac mini with i5 CPU without PAA
OS X 10.9 running on iMac with i7 CPU with PAA
OS X 10.9 running on iMac with i7 CPU without PAA (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1532 and #1533); AES (Certs. #2511, #2512, #2513, #2514, #2515, #2516, #2517 and #2518); SHS (Certs. #2124, #2125, #2126, #2127, #2128 and #2129); ECDSA (Certs. #430 and #431); HMAC (Certs. #1546, #1547, #1548, #1549, #1550 and #1551); DRBG (Certs. #358, #359, #360, #361, #362 and #363); PBKDF (vendor affirmed)

-Other algorithms: RSA (non-compliant); ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2015Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis

CST Lab: NVLAP 200658-0
Apple OS X CoreCrypto Module, v4.0
(Software Version: 4.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/07/2013Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with OS X 10.9 running on Mac mini with i5 CPU with PAA
OS X 10.9 running on Mac mini with i5 CPU without PAA
OS X 10.9 running on iMac with i7 CPU with PAA
OS X 10.9 running on iMac with i7 CPU without PAA (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1534, #1535, #1536 and #1537); AES (Certs. #2519, #2520, #2521, #2523, #2524, #2027, #2528, #2529, #2530, #2531, #2532, #2533, #2534, #2535, #2536, #2537, #2538, #2539, #2540 and #2541); RSA (Certs. #1293, #1294, #1295 and #1296); SHS (Certs. #2130, #2131, #2132, #2133, #2134, #2135, #2136, #2137, #2138, #2139, #2140 and #2141); ECDSA (Certs. #432, #433, #434 and #435); HMAC (Certs. #1552, #1553, #1554, #1555, #1556, #1557, #1558, #1559, #1560, #1561, #1562 and #1563); DRBG (Certs. #364, #365, #366, #367, #368, #369, #370, #371, #372, #373, #374 and #375); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (P-192, P-224 and P-521; non-compliant); RSA (non-compliant); DES; MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC

Multi-chip standalone

"The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2012Pulse Secure, LLC.
2700 Zanker Road, Suite 200
San Jose, CA 95134
USA

Yvonne Sang
TEL: 408-372-9600

CST Lab: NVLAP 100432-0
Pulse Secure Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/05/2013
12/11/2013
02/13/2015
01/19/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2


-Operational Environment: Tested as meeting Level 1 with IVE OS 1.1 (32-bit) running on a Juniper MAG4610
IVE OS 1.1 (32-bit) on Vmware ESX running on an HP ProLiant BL2x220c G6 Blade Server
IVE OS 1.1 (32-bit) on Vmware ESXi running on an IBM HS22 Blade Server without PAA
IVE OS 1.1 (32-bit) on Vmware ESXi running on an IBM HS22 Blade Server with PAA
Microsoft Windows 7 (32-bit) running on a Dell Poweredge 860 without PAA
Microsoft Windows 7 (32-bit) running on an Acer Aspire with PAA
Microsoft Windows 7 (64-bit) running on a Dell Poweredge 850 without PAA
Microsoft Windows 7 (64-bit) running on an Acer Aspire with PAA
OS X 10.8 (64-bit) running on a Macbook Pro without PAA
OS X 10.8 (64-bit) running on a Macbook Pro with PAA (single-user mode)

-FIPS Approved algorithms: DRBG (Certs. #157 and #383); Triple-DES (Certs. #1223 and #1545); AES (Certs. #1884 and #2553); SHS (Certs. #1655 and #2153); HMAC (Certs. #1126 and #1573); RSA (Certs. #960 and #1306); DSA (Certs. #589 and #780); ECDSA (Certs. #270 and #438); CVL (Certs. #12 and #91)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG (non-compliant)

Multi-chip standalone

"Pulse Secure’s portfolio delivers secure, remote and local network access. It includes the Pulse client, Connect Secure (SSL‐VPN), and Policy Secure (NAC) ‐ available on the MAG Series Gateways or as virtual appliances. These products grants authorized users granular, policydriven secure, remote and LAN‐based network access based on their role, identity, device and location. They supports broad coverage across mobile and non‐mobile devices, with built‐in device integrity checks to further enable secure BYOD initiatives."
2009Stanley Security Solutions, Inc.
6161 E 75th Street
PO Box 50444
Indianapolis, IN 46250
USA

Mr. Robert Strong
TEL: 317-806-3288

Mr. Thomas Schuster
TEL: 317-806-3150

CST Lab: NVLAP 100414-0
Wi-Q Communication Server Cryptographic Module
(Software Version: 3.0.27)
(When operated in FIPS mode with Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1010 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/05/2013Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 with SP2 running on a Lenovo Thinkpad T410 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #739); DRBG (vendor affirmed); HMAC (Cert. #408); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Communication Server Cryptographic Module (CSCM) is a software solution that provides secure key retrieval and key transfer functions within the Stanley Wi-Q Wireless Access Control System."
2006Bull SAS
Rue Jean Jaurès
B.P.68
Les Clayes sous Bois 78340
France

Jean-Luc CHARDON
TEL: +33 1 30 80 79 14
FAX: +33 1 30 80 78 87

Pierre-Jean AUBOURG
TEL: +33 1 30 80 77 02
FAX: +33 1 30 80 78 87

CST Lab: NVLAP 200928-0
CHR Cryptographic Module
(Hardware Version: 005/A; Firmware Version: V1.04-00L)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/25/2013Overall Level: 3

-Physical Security: Level 3 + EFP/EFT

-FIPS Approved algorithms: RSA (Cert. #1107); SHS (Cert. #1872)

-Other algorithms: N/A

Multi-chip standalone

"The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Protect HR" and "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR."
2004Covia Labs, Inc.
465 Fairchild Dr
Ste 130
Mountain View, CA 94043
USA

David Kahn
TEL: 650-351-6444 x110
FAX: 650-564-9740

Dan Illowsky
TEL: 650-351-6444 x111
FAX: 650-564-9740

CST Lab: NVLAP 100432-0
Covia Connector Cryptographic Module
(Software Version: 2.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/30/2013Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.8 running on an Acer AX1430-UR12P (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1896); ECDSA (Cert. #265); DRBG (Cert. #158); SHS (Cert. #1665); HMAC (Cert. #1136); KAS (Cert. #30)

-Other algorithms: AES (Cert. #1896, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); KBKDF (non-compliant)

Multi-chip standalone

"The Covia Connector Cryptographic Module provides cryptographic services for the Covia Connector. These services include but are not limited to pseudo-random number generation, symmetric and asymmetic key generation, data encryption and decryption, key wrapping, and key unwrapping."
2002Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Catalyst 6503-E, Catalyst C6504-E, Catalyst 6506-E, Catalyst 6509-E and Catalyst 6513-E Switches with Supervisor Cards (VS-S2T-10G and VS-S2T-10G-XL) and Line Cards (WS-X6908-10G, WS-X6908-10G-2TXL, WS-X6904-40G-2T and WS-X6904-40G-2TXL)
(Hardware Versions: (6503-E -H0, 6504-E -G0, 6506-E -M0, 6509-E -N0 and 6513-E -S0; Supervisor Cards VS-S2T-10G -B0 and VS-S2T-10G-XL -C0; Line Cards WS-X6904-40G-2T -A0, WS-X6904-40G-2TXL -A0, WS-X6908-10G -A0 and WS-X6908-10G-2TXL-B0; Slot Cover SPA-BLANK -G0) with FIPS kit packaging (CVPN6500FIPS/KIT=); Firmware Version: 15.1(1)SY1)
(When operated in FIPS mode with the tamper evident labels and security devices installed on the initially built configurations as indicated in Table 1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/19/2013
11/01/2013
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1426, #1427, #1589 and #2252); DRBG (Cert. #274); HMAC (Cert. #1380); RSA (Cert. #1155); SHS (Cert. #1940); Triple-DES (Cert. #1409)

-Other algorithms: AES (Cert. #2252, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Catalyst 6500 series switches offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco switches easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1997Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

Malcom Levy
TEL: +972-37534561
FAX: 732-416-1370

CST Lab: NVLAP 200427-0
Check Point CryptoCore
(Software Version: 2.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/13/2013Overall Level: 1

-EMI/EMC: Level 3


-Operational Environment: Tested as meeting Level 1 with Check Point Pre-boot environment (16-bit) running on a Dell Latitude E6500 without PAA
Check Point Pre-boot environment (16-bit) running on a Apple MacBook Pro with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2181); Triple-DES (Cert. #1381); Triple-DES MAC (Triple-DES Cert. #1381, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows 7, Mac OS X, and UEFI firmware. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries."
1994IBM® Corporation
12 - 14 Marine Parade
Seabank Centre
Southport, QLD 4215
Australia

Alex Hennekam
TEL: +61 7-5552-4045
FAX: +61 7 5571 0420

Peter Waltenburg
TEL: +61 - 5552-4016
FAX: +61 7 5571 0420

CST Lab: NVLAP 200658-0
IBM® Crypto for C
(Software Version: 8.2.2.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/27/2013Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008® 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 with PAA
Microsoft Windows Server 2008® 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 without PAA
Microsoft Windows Server 2008® 32-bit running on an IBM 8835 52X AMD Opteron 246
AIX® 6.1 64-bit running on an IBM RS6000 7037-A50 PowerPC 5 64
Solaris® 10 64-bit running on an SunFire T1000 UltraSPARC T1
Red Hat Linux Enterprise Server 5 32-bit running on an IBM 8835 52X AMD Opteron 246
Red Hat Linux Enterprise Server 5 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 with PAA
Red Hat Linux Enterprise Server 5 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 without PAA
Red Hat Linux Enterprise Server 5 64-bit running on an IBM System p5 185 7037-A50 IBM PowerPC 970
Red Hat Linux Enterprise Server 5 64-bit running on an IBM zSeries z196 type 2817 model M32 IBM zSeries z196 with CPACF
Red Hat Linux Enterprise Server 5 64-bit running on an IBM zSeries z196 type 2817 model M32 IBM zSeries z196 without CPACF (single user mode)

-FIPS Approved algorithms: AES (Certs. #2155, #2156, #2157, #2158, #2159, #2160, #2161, #2162, #2163, #2164, #2165, #2166, #2167, #2169, #2170, #2171, #2172, #2179, #2213, #2214, #2421, #2422, #2423, #2424, #2425, #2426, #2427, #2428, #2429, #2430, #2431, #2432, #2433, #2434, #2435, #2436, #2437, #2438, #2439, #2440, #2441 and #2443); Triple-DES (Certs. #1365, #1366, #1367, #1368, #1369, #1370, #1371, #1372, #1373, #1374, #1375, #1376, #1377 and #1379); DSA (Certs. #670, #671, #672, #673, #674, #675, #676, #677, #678, #679, #680, #681, #682, #683, #756 and #757); RSA (Certs. #1109, #1110, #1111, #1112, #1113, #1114, #1115, #1116, #1117, #1118, #1119, #1120, #1121, #1123, #1253 and #1254); ECDSA (Certs. #325, #326, #327, #328, #329, #330, #331, #332, #333, #334, #335, #336, #337, #338, #398 and #399); SHS (Certs. #1874, #1875, #1876, #1877, #1878, #1879, #1880, #1881, #1882, #1883, #1884, #1885, #1886, #1889, #1904 and #1905); DRBG (Certs. #240, #241, #242, #243, #244, #245, #246, #247, #248, #249, #250, #251, #252, #253, #326, #327, #328, #329, #330 and #331); HMAC (Certs. #1319, #1320, #1321, #1322, #1323, #1324, #1325, #1326, #1327, #1328, #1329, #1330, #1331, #1333, #1506 and #1507)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; MDC2; RIPEMD; HMAC MD5; DES; CAST; Camellia; Blowfish; RC4; RC2; KBKDF (non-compliant)

Multi-chip standalone

"The IBM Crypto for C v8.2.2.0 (ICC) cryptographic module is implemented in the C programming language. It is packaged as dynamic (shared) libraries usable by applications written in a language that supports C language linking conventions (e.g. C,C++, Java, Assembler, etc.) for use on commercially available operating systems. The ICC allows these applications to access cryptographic functions using an Application Programming Interface (API) provided through an ICC import library and based on the API defined by the OpenSSL group."
1993IBM® Corporation
11400 Burnet Road
Austin, TX 78758
USA

Tom Benjamin
TEL: 512-286-5319
FAX: 512-436-8009

CST Lab: NVLAP 200427-0
IBM® Java JCE FIPS 140-2 Cryptographic Module
(Software Version: 1.71)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/27/2013
05/29/2015
03/15/2016
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with IBM AIX 7.1 on IBM JVM 1.6 running on IBM 9117-570, Windows 7 32-bit on IBM JVM 1.6 running on Dell Optiplex 755, Solaris 11.0 on IBM JVM 1.6 running on Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2107); DRBG (Cert. #228); DSA (Cert. #657); ECDSA (Cert. #314); HMAC (Cert. #1281); RSA (Cert. #1081); SHS (Cert. #1830); Triple-DES (Cert. #1342)

-Other algorithms: AES (non-compliant); Auth HMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSAforSSL (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSAforSSL (non-compliant); Triple-DES (non-compliant); RNG

Multi-chip standalone

"The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.6 level and higher."
1992TecSec Incorporated
12950 Worldgate Drive
Suite 100
Herndon, VA 20170
USA

Roger Butler
TEL: 571-331-6130
FAX: 571-299-4101

Ron Parsons
TEL: 571-299-4127
FAX: 571-299-4101

CST Lab: NVLAP 100432-0
TecSec Armored Card - Contact Cryptographic Module
(Hardware Version: P/N Inside Secure AT90SC320288RCT Revision E; Firmware Versions: P/Ns Athena IDProtect Version 0108.0264.0001, TecSec SSD Applet Version 1.001, TecSec PIV Applet Version 1.007, TecSec BOCC Applet Version 1.001, TecSec CKM Attribute Container Applet Version 1.002, TecSec CKM Info Applet Version 1.000)
(When operated with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 9. No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/19/2013
02/06/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1654 and #2226); CVL (Cert. #2); DRBG (Cert. #98); ECDSA (Cert. #214); HMAC (Cert. #1354); KBKDF (Cert. #4); RSA (Cert. #824); SHS (Cert. #1465); Triple-DES (Cert. #1087); 02/06/14: (Certs. #218 and #222)

-Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-CMAC (non-compliant)

Single-chip

"The TecSec Armored Card is a cryptographic module which provides enterprise personnel identification, persistent data security for data in transit and at rest, with additional support for physical/logical/functional/content authorization. The Chip is part of a dual-chip PIV smart card that is fully compliant with the end-point service specified in SP800-73-1. This Contact Chip Provides 368k eprom memory leveraging a common robust identity process and additionally providing a federation platform for multiple applications from multiple owners enforced by cryptographic separation."
1991Stonesoft Corporation
Itälahdenkatu 22A
Helsinki FI-00210
Finland

Klaus Majewski
TEL: +358-40-824-7908

Jorma Levomäki
TEL: +358-9-476711

CST Lab: NVLAP 200658-0
Stonesoft Cryptographic Kernel Module
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/13/2013Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-315
Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-1301 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2238 and #2239); Triple-DES (Certs. #1399 and #1400); SHS (Certs. #1927 and #1928); HMAC (Certs. #1368 and #1369)

-Other algorithms: N/A

Multi-chip standalone

"Provides general cryptographic services intended to protect data in transit and at rest."
1989Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Kevin Michelizzi
TEL: 425-707-1227
FAX: 425-936-7329

Chien-Her Chin
TEL: 425-706-5116
FAX: 425-936-7329

CST Lab: NVLAP 200427-0
Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll)
(Software Version: 7.00.1687)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/13/2013Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Windows Embedded Compact 7 running on a Sigma Designs Vantage 8654 Development Kit with a Sigma Designs SMP8654 (MIPSII_FP) CPU
Windows Embedded Compact 7 running on a Sigma Designs Vantage 8654 Development Kit with a Sigma Designs SMP8654 (MIPSII) CPU
Windows Embedded Compact 7 running on a TI OMAP TMDSEVM3530 with Texas Instruments EVM3530 CPU
Windows Embedded Compact 7 running on a Samsung SMDK6410 Development Kit with Samsung SMDK6410 CPU
Windows Embedded Compact 7 running on a Freescale i.MX27 Development Kit with Freescale i.MX27 CPU
Windows Embedded Compact 7 running on an eBox-330-A with MSTI PDX-600 CPU (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2023); DRBG (Cert. #193); DSA (Cert. #645); ECDSA (Cert. #295); HMAC (Cert. #1364); RSA (Cert. #1051); SHS (Cert. #1773); Triple-DES (Cert. #1307)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Dual-EC DRBG (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RSA key transport (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module. The primitive provider functionality is offered through one cryptographic module, BCRYPT.DLL (version 7.00.1687), subject to FIPS-140-2 validation. BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Embedded Compact 7 components and applications running on Windows Embedded Compact 7."
1988Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CN6000 Series Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B [O] (AC), A6041B [O] (DC) and A6042B [O] (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B [O] (AC), A6101B [O] (DC) and A6102B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B [Y] (AC), A6041B [Y] (DC) and A6042B [Y] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B [Y] (AC), A6101B [Y] (DC) and A6102B [Y] (AC/DC); Firmware Version: 2.2.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/13/2013
09/16/2013
02/20/2014
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #2258, #2259, #2264 and #2265); Triple-DES (Cert. #1412); RSA (Cert. #1157); SHS (Cert. #1945); HMAC (Cert. #1385); DRBG (Cert. #276)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN6000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet and Fibre Channel networks. The CN6040 is protocol selectable operating at line rates up to 4Gb/s. Configured in Ethernet mode the CN6040 supports optical and twisted-pair link rates of 10Mb/s, 100Mb/s & 1Gb/s whilst in Fibre Channel mode supports rates of 1.0625, 2.125 & 4.25Gb/s. The CN6100 is an Ethernet model that operates at a line rate of 10Gb/s.SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such."
1987Stanley Security Solutions, Inc.
6161 E 75th Street
PO Box 50444
Indianapolis, IN 46250
USA

Mr. Robert Strong
TEL: 317-806-3288

Mr. Thomas Schuster
TEL: 317-806-3150

CST Lab: NVLAP 100414-0
Wi-Q Portal Gateway
(Hardware Version: 12562C; Firmware Version: 3.017.156)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/13/2013Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #1802); Triple-DES (Cert. #1356); SHS (Certs. #1583 and #1845); RSA (Cert. #1096)

-Other algorithms: AES (Cert. #1802, key wrapping); Triple-DES (Cert. #1356, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Stanley Wi-Q Portal Gateway Cryptographic Module is a wireless gateway device that communicates via wired network to the Stanley Wi-Q Communications Server and communicates via proprietary 802.15.4 protocol to wireless Stanley Wi-Q Controller modules. The Stanley Wi-Q Portal Gateway provides secure key retrieval and key transfer functions within the Stanley Wi-Q Wireless Access Control System."
1986TecSec Incorporated
12950 Worldgate Drive
Suite 100
Herndon, VA 20170
USA

Roger Butler
TEL: 571-331-6130

Ron Parsons
TEL: 571-299-4127
FAX: 571-299-4101

CST Lab: NVLAP 100432-0
TecSec Armored Card - Contactless Cryptographic Module
(Hardware Version: P/N Inside Secure AT90SC28880RCFV Revision G; Firmware Versions: P/Ns Athena IDProtect Duo Version 010E.0264.0001, TecSec SSD Applet Version 1.001, TecSec PIV Applet Version 1.007, TecSec BOCC Applet Version 1.001, TecSec CKM Attribute Container Applet Version 1.002, TecSec CKM Info Applet Version 1.000)
(When operated with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 9. No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/09/2013
02/06/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1655 and #2226); CVL (Cert. #2); DRBG (Cert. #98); ECDSA (Cert. #214); HMAC (Cert. #1354); KBKDF (Cert. #4); RSA (Cert. #824); SHS (Cert. #1465); Triple-DES (Cert. #1088); CVL (Certs. #218 and #222)

-Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-CMAC (non-compliant)

Single-chip

"The TecSec Armored Card is a cryptographic module which provides enterprise personnel identification, persistent data security for data in transit and at rest, with additional support for physical/logical/functional/content authorization. The Chip is part of a dual-chip PIV smart card that is fully compliant with the end-point service specified in SP800-73-1. This Chip provides the contactless functionality leveraging a common robust identity process in support of the federation platform capabilities of the overall card."
1984SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Andrew Young
TEL: 443-327-1183
FAX: 410-931-7524

CST Lab: NVLAP 100432-0
eToken
(Hardware Version: Inside Secure AT90SC25672RCT-USB; Firmware Version: Athena IDProtect 0106.0113.2109 with SafeNet eToken Applet Suite 1.2.9)
(No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/23/2013Overall Level: 3

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"SafeNet eToken is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business resources."
1981Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0
Kanguru Defender 2000™ Cryptographic Module
(Hardware Versions: P/Ns KVD-SMCF-32G, KVD-SMCF-16G, KDF2000-32G, KDF2000-64G, KDF2000-128G, KDF2000-16G, KDF2000-8G, KDF2000-4G, KDF2000-S16G, KDF2000-S2G, KDF2000-S4G and KDF2000-S8G, Version 1.0; Firmware Version: 2.03.10)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/17/2013Overall Level: 3

-FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Kanguru Defender 2000 Cryptographic Module is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device."
1980Cocoon Data Holdings Limited
Level 4
152-156 Clarence St
Sydney, NSW 2000
Australia

Simon Wild
TEL: +61 2 8412 8200
FAX: +61 2 8412 8202

Jim Ivers
TEL: +1 703 657 5260
FAX: +1 703 657 5285

CST Lab: NVLAP 200900-0
Cocoon Data Secure Objects C++ Cryptographic Module Version 1.8
(Software Version: 1.8)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/17/2013
08/07/2013
Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 32-bit with MSVC2010 redistributable running on Dell Vostro 1520
Microsoft Windows XP 32-bit with SP and MSVC2010 redistributable running on Dell Vostro 1520
Microsoft Windows 7 64-bit with MSVC2010 redistributable running on Dell Vostro 3500
Microsoft Windows 7 32-bit with MSVC2012 redistributable running on Dell Vostro 1520
Microsoft Windows XP 32-bit with SP3 and MSVC2012 redistributable running on Dell Vostro 1520
Microsoft Windows 7 64-bit with MSVC2012 redistributable running on Dell Vostro 3500
Ubuntu 12.04 LTS 64-bit running on Dell PowerEdge 1950
Ubuntu 12.04 LTS 64-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel core i7
Ubuntu 12.04 LTS 32-bit running on Dell PowerEdge 1950
Ubuntu 12.04 LTS 32-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7
Redhat Enterprise Linux Server 6.3 64-bit running on Dell PowerEdge 1950
Redhat Enterprise Linux Server 6.3 64-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7
Redhat Enterprise Linux Server 6.3 32-bit running on Dell PowerEdge 1950
Redhat Enterprise Linux Server 6.3 32-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7
Mac OSX 10.8 running on Macbook Pro Intel Core i7 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2192); Triple-DES (Cert. #1385); SHS (Cert. #1900); HMAC (Cert. #1344); DRBG (Cert. #257)

-Other algorithms: N/A

Multi-chip standalone

"The Cocoon Data Secure Objects C++ Cryptographic Module Version 1.8 has been implemented as part of the Cocoon Data Secure Objects solution, an encryption-based access control system for protecting the confidentiality and integrity of electronic files. Coccon Data Holdings Limited is the parent company of all Covata entities."
1979Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

David Abrose
TEL: +972 37534561

Malcolm Levy
TEL: +972 37534561

CST Lab: NVLAP 200002-0
Provider-1
(Firmware Version: R71 with R7x hotfix)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware07/17/2013Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Check Point Smart-1 50 with Check Point SecurePlatform Operating System Version R7x

-FIPS Approved algorithms: AES (Cert. #1836); Triple-DES (Certs. #1188 and #1189); DRBG (Cert. #146); RSA (Cert. #925); HMAC (Certs. #1089 and #1090); SHS (Certs. #1615 and #1616)

-Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1188, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1836, key wrapping)

Multi-chip standalone

"Check Point Provider 1 technology provides virtualized security management, segmenting your security management into multiple virtual domains. Businesses of all sizes can easily create virtual domains based on geography, business unit or security function to strengthen security and simplify management."
1978Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

David Abrose
TEL: +972 37534561

Malcolm Levy
TEL: +972 37534561

CST Lab: NVLAP 200002-0
Security Management
(Firmware Version: R71 with R7x hotfix)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware07/17/2013Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Check Point Smart-1 50 with Check Point SecurePlatform Operating System Version R7x

-FIPS Approved algorithms: AES (Cert. #1835); Triple-DES (Certs. #1186 and #1187); DRBG (Cert. #145); RSA (Cert. #924); HMAC (Certs. #1087 and #1088); SHS (Certs. #1613 and #1614)

-Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1186, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1835, key wrapping)

Multi-chip standalone

"Check Point Security Management technology provides security management. Businesses of all sizes can easily create domains based on geography, business unit or security function to strengthen security and simplify management."
1977Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

David Abrose
TEL: +972 37534561

Malcolm Levy
TEL: +972 37534561

CST Lab: NVLAP 200002-0
Security Gateway
(Firmware Version: R70.1 with R7x hotfix)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware07/17/2013Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Power-1 9070 with Check Point SecurePlatform Operating System Version R70.1

-FIPS Approved algorithms: AES (Cert. #2037); Triple-DES (Certs. #1313 and #1314); DRBG (Cert. #199); RSA (Cert. #1057); HMAC (Certs. #1235 and #1236); SHS (Certs. #1782 and #1783)

-Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1313, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"Check Point VPN-1 Security Gateway allows enterprises and managed service providers to provide firewall, VPN, and intrusion prevention functionality on a single hardware platform."
1976Check Point Software Technologies Ltd.
9900 Belward Campus Drive
Suite 250
Rockville, MD 20850
USA

David Abrose
TEL: +972 37534561

Malcolm Levy
TEL: +972 37534561

CST Lab: NVLAP 200002-0
VSX
(Firmware Version: R67.10 with R7x hotfix)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware07/17/2013Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Check Point Power-1 9070 with Check Point SecurePlatform Operating System Version NGX R67

-FIPS Approved algorithms: AES (Cert. #1837); Triple-DES (Certs. #1190 and #1191); DRBG (Cert. #147); RSA (Cert. #926); HMAC (Certs. #1091 and #1092); SHS (Certs. #1617 and #1618)

-Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1191, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"Check Point VPN-1 Power VSX is a virtualized security gateway that allows virtualized enterprises and managed service providers to create up to 250 virtual systems (firewall, VPN, and intrusion prevention functionality within a virtual network environment) on a single, highly scalable hardware platform."
1975Accellion, Inc.
1804 Embarcadero Road
Suite 200
Palo Alto, CA 94303
USA

Prateek Jain
TEL: +65-6244-5670
FAX: +65-6244-5678

CST Lab: NVLAP 100432-0
Accellion Cryptographic Module
(Software Version: FTALIB_2_0_1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/17/2013Overall Level: 1

-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5 running on a HP ProLiant DL 380 G7 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2316, #2317 and #2318); CVL (Cert. #55); HMAC (Certs. #1436 and #1457); RSA (Cert. #1214); SHS (Certs. #2003 and #2004); Triple-DES (Cert. #1460)

-Other algorithms: AES (Cert. #2316, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1460, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use."
1974

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/29/2013Overall Level: 2

Single-chip
1972Chunghwa Telecom Laboratories
12, Lane 551, Min-Tsu Road SEC.5,
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

Yu-Ling Cheng
TEL: 886 3 424-5883
FAX: 886 3 424-4167

Ming-Hsin Chang
TEL: 886-3-4245885
FAX: 886 3 424-4167

CST Lab: NVLAP 200928-0
HiPKI SafGuard 1200 HSM
(Hardware Version: HSM-HW-20; Firmware Version: HSM-SW-20)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/05/2013Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #1296); Triple-DES MAC (Triple-DES Cert. #1296, vendor affirmed); AES (Cert. #2010); SHS (Cert. #1760); ECDSA (Cert. #290); RSA (Certs. #1039 and #1043); DRBG (Cert. #187); HMAC (Cert. #1215)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"HiPKI SafGuard 1200 HSM is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed accelerator for 1024-4096 bit RSA and ECDSA signatures, and hashing). The HiPKI SafGuard 1200 HSM provides secure identity-based authentication using smart cards and data encryption using FIPS approved Triple-DES and AES encryption."
19713e Technologies International, Inc.
9715 Key West Ave
Suite 500
Rockville, MD 20850
USA

Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6989

Chris Guo
TEL: 301-944-1294
FAX: 301-670-6989

CST Lab: NVLAP 200427-0
3e-520 Secure Access Point Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 5.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/03/2013
02/26/2016
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2060, #2078 and #2105); CVL (Cert. #22); DRBG (Cert. #822); ECDSA (Cert. #303); HMAC (Certs. #1253 and #1259); RSA (Cert. #1072); SHS (Certs. #1801 and #1807)

-Other algorithms: AES (non-compliant); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD5; RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The 3e-520 Secure Access Point acts as an access point for the universal wireless family of devices from 3eTI. The 520 board is installed inside the wireless devices and provides the cryptographic functionality for the device. The access point allows for wireless clients or wireless bridges to securely connect wirelessly with the module and send encrypted data."
1970iStorage Limited
Research House, Fraser Road
Greenford, Middx UB6-7AQ
England

John Michael
TEL: +44 (0) 20 8537-3435
FAX: +44 (0) 20 8537-3438

CST Lab: NVLAP 200802-0
iStorage FIPS Module 140-2
(Hardware Versions: REV. A [A,B] or REV. A with CAN 1A [A,B]; Firmware Version: 4.0 [A] or 4.1 [B])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/02/2013
09/30/2015
Overall Level: 2

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911)

-Other algorithms: NDRNG

Multi-chip embedded

"The iStorage FIPS 140-2 Module is a flexible FIPS module with the ability to interface to multiple types of authentication or hardware. Completely contained within a small footprint/boundary, the module is designed to allow simple integration into various secure storage systems requiring a FIPS validated encryption boundary and does not require software."
1969Thales e-Security Ltd.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA


TEL: 888-744-4976

CST Lab: NVLAP 100432-0
Authentication Token
(Hardware Version: Inside Secure AT90SC28872RCU Revision G; Firmware Version: Athena IDProtect 010B.0333.0004 with Authentication Token Applet 1.0)
(No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/26/2013Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); DRBG (Cert. #98); SHS (Cert. #1465); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); AES (Cert. #1654, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Single-chip

"Authentication Token is a Cryptographic Module containing Thales' authenticated Java applets. Authentication Token is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. Authentication Token supports FIPS-Approved: DRBG; SHA-1 and all SHA-2; TDES; AES; ECDSA and ECC CDC; and, RSA and ECC key generation. Authentication Token is designed to provide users of Thales' hardware security modules with high-performance smart card capabilities in support of their government and enterprise applications."
1968Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder D-16547
Germany

Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

Hasbi Kabacaoglu
TEL: +49-3303-525-656
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0
Postal mRevenector CA 2012
(Hardware Version: 580036020300/01; Firmware Versions: 90.0036.0201.00/2011485001 (Bootloader), 90.0036.0206.00/2011485001 (Software-Loader) and 90.0036.0211.00/2013032001 (CA Application))

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/26/2013Overall Level: 3

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); ECDSA (Cert. #185); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG; Triple-DES (Cert. #1122, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Francotyp-Postalia Postal mRevenector CA 2012 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector CA 2012 has been designed in compliance with the Canadian Postal Specification."
1967Telephonics Sweden AB
Vattenkraftsvagen 8
Stockholm SE-135 70
Sweden

Ingi Bjornsson
TEL: +46 8 7980933
FAX: +46 8 7988433

Magnus Eriksson
TEL: +46 8 7980902
FAX: +46 8 7988433

CST Lab: NVLAP 100432-0
TruLink Control Logic Module CL6882-M1
(Hardware Version: P/N 010.6882-01 Rev. B2; Firmware Versions: Boot: SW7158 v2.4 and Application: SW7151 v2.11.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/26/2013
07/26/2013
Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #2114); HMAC (Cert. #1286); SHS (Cert. #1838)

-Other algorithms: N/A

Multi-chip embedded

"TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio."
1966Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Ciotat 13705
France

Arnaud Lotigier
TEL: +33 4.42.36.60.74
FAX: +33 4.42.36.55.45

CST Lab: NVLAP 100432-0
IDCore 30
(Hardware Version: SLE78CFX3009P; Firmware Versions: IDCore 30 Build 1.17, Demonstration Applet version V1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/21/2013
07/05/2013
08/08/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #2261); CVL (Cert. #41); ECDSA (Cert. #363); RSA (Certs. #1158 and #1163); SHS (Cert. #1946); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed)

-Other algorithms: EC Diffie-Hellman (SP 800-56A; non-compliant); PRNG

Single-chip

"The IDCore 30 is a part of Gemalto's IDCore family of Java Cards and offers a comprehensive array of features and options for logical and physical access control applications. IDCore 30 is a highly secure platform for private and public sector smart card deployments implementing Java Card 2.2.2 and Global Platform 2.1.1 / 2.2 Amdt D specifications. IDCore 30 is ideally suited for markets such as Identity or Security/Access, including one-time password authentication, Public Key Infrastructure (PKI) services, digital transactions and physical access control."
1965Apricorn Inc.
12191 Kirkham Road
Poway, CA 92064
USA

Mike McCandless
TEL: 858-513-4481
FAX: 858-513-4413

CST Lab: NVLAP 200802-0
Apricorn FIPS Module 140-2
(Hardware Versions: REV. A [A,B] or REV. A with CAN 1A [A,B]; Firmware Version: 4.0 [A] or 4.1 [B])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/14/2013
04/16/2014
06/27/2014
10/20/2015
Overall Level: 2

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911)

-Other algorithms: NDRNG

Multi-Chip Embedded

"The Apricorn FIPS 140-2 Module is a flexible FIPS module with the ability to interface to multiple types of authentication or hardware. Completely contained within a small footprint/boundary, the module is designed to allow simple integration into various secure storage systems requiring a FIPS validated encryption boundary and does not require software. The Apricorn FIPS 140-2 Module is used in the Aegis Fortress, Padlock DT FIPS, and the Padlock SSD families."
1964Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis

CST Lab: NVLAP 200658-0
Apple OS X CoreCrypto Module, v3.0
(Software Version: 3.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/14/2013Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with OS X 10.8 running on Mac mini with i5 CPU with PAA
OS X 10.8 running on Mac mini with i5 CPU without PAA
OS X 10.8 running on iMac with i7 CPU with PAA
OS X 10.8 running on iMac with i7 CPU without PAA (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1339 and #1340); AES (Certs. #2088, #2089, #2090, #2091, #2092, #2093, #2094, #2095, #2103 and #2104); RSA (Certs. #1078 and #1079); SHS (Certs. #1816, #1817, #1818, #1819, #1827 and #1828); ECDSA (Certs. #312 and #313); HMAC (Certs. #1267, #1268, #1269, #1270, #1278 and #1279); DRBG (Certs. #217, #218, #219, #220, #226 and #227); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC (non-compliant)

Multi-chip standalone

"The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
1963Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis

CST Lab: NVLAP 200658-0
Apple iOS CoreCrypto Module, v3.0
(Hardware Versions: A4 and A5; Software Version: 3.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid06/14/2013Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with iOS 6.0 running on an iPhone4
iOS 6.0 running on an iPhone4S
iOS 6.0 running on an iPad (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1336 and #1338); AES (Certs. #2072, #2073, #2074, #2075, #2076, #2077, #2100 and #2102); RSA (Certs. #1076 and #1077); SHS (Certs. #1805, #1806, #1824 and #1826); ECDSA (Certs. #309 and #311); HMAC (Certs. #1257, #1258, #1275 and #1277); DRBG (Certs. #209, #210, #223 and #225); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (Curves P-192, P-224 and P-521; non-compliant); DES; MD2; MD4; MD5; RIPEMD; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC (non-compliant)

Multi-chip standalone

"The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
1962ACES
H. No. 156, St 5, F11-1
Islamabad, Islamabad 44000
Pakistan

Dr Mehreen Afzal
TEL: +923009878534
FAX: +92512224453

Dr. Mureed Hussain
TEL: +923238556816
FAX: +92512224453

CST Lab: NVLAP 200856-0
Tahir Pak Crypto Library
(Software Version: 2.1.1)
(When installed, initialized and configured as specified in the Security Policy Section 6.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/14/2013Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3


-Operational Environment: Tested as meeting Level 2 with Red Hat Enterprise Linux 5.3 running on DELL PowerEdge T110 II 11th

-FIPS Approved algorithms: AES (Cert. #2341); DRBG (Cert. #291); DSA (Cert. #733); SHS (Cert. #2018); HMAC (Cert. #1450)

-Other algorithms: N/A

Multi-chip standalone

"TPCL (Tahir Pak Crypto Library) is a software cryptographic module which provides FIPS approved Cryptographic functions to consuming applications via an Application Programming Interface (API)."
1961Telephonics Sweden AB
Vattenkraftsvagen 8
Stockholm SE-135 70
Sweden

Ingi Bjornsson
TEL: +46 8 7980933
FAX: +46 8 7988433

Magnus Eriksson
TEL: +46 8 7980902
FAX: +46 8 7988433

CST Lab: NVLAP 100432-0
TruLink Control Logic Module CL6792-M1
(Hardware Version: P/N 010.6792-01 Rev. H3; Firmware Versions: Boot: SW7098 v2.5 and Application: SW7099 v9.13.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/14/2013
07/26/2013
Overall Level: 1

-FIPS Approved algorithms: AES (Cert. #2113); HMAC (Cert. #1285); SHS (Cert. #1837)

-Other algorithms: N/A

Multi-chip embedded

"TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio."
1958SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

Security and Certifications Team

CST Lab: NVLAP 200556-0
Luna® G5 Cryptographic Module
(Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.2.3 and 6.2.5)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/11/2013
08/07/2015
01/22/2016
05/12/2016
Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2262 and #2263); Triple-DES (Certs. #1414 and #1415); Triple-DES MAC (Triple-DES Certs. #1414 and #1415, vendor affirmed); DSA (Certs. #704 and 705); SHS (Certs. #1947 and #1948); RSA (Certs. #1159 and #1160); HMAC (Certs. #1386 and #1387); DRBG (Cert. #277); ECDSA (Certs. #364 and #365); KAS (Cert. #37); KBKDF (Cert. #5)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2263; non-compliant); AES (Certs. #2262 and #2263, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1414 and #1415, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface."
1957SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

Security and Certifications Team

CST Lab: NVLAP 200556-0
Luna® G5 Cryptographic Module
(Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.2.3 and 6.2.5)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/11/2013
08/07/2015
01/12/2016
01/14/2016
01/22/2016
05/12/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #2262 and #2263); Triple-DES (Certs. #1414 and #1415); Triple-DES MAC (Triple-DES Certs. #1414 and #1415, vendor affirmed); DSA (Certs. #704 and 705); SHS (Certs. #1947 and #1948); RSA (Certs. #1159 and #1160); HMAC (Certs. #1386 and #1387); DRBG (Cert. #277); ECDSA (Certs. #364 and #365); KAS (Cert. #37); KBKDF (Cert. #5)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2263; non-compliant); AES (Certs. #2262 and #2263, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1414 and #1415, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface."
1956Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis

CST Lab: NVLAP 200658-0
Apple OS X CoreCrypto Kernel Module, v3.0
(Software Version: 3.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/07/2013Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with OS X 10.8 running on Mac mini with i5 CPU with PAA
OS X 10.8 running on Mac mini with i5 CPU without PAA
OS X 10.8 running on iMac with i7 CPU with PAA
OS X 10.8 running on iMac with i7 CPU without PAA (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1331 and #1332); AES (Certs. #2080, #2081, #2082, #2083, #2084, #2085, #2086 and #2087); SHS (Certs. #1810, #1811, #1812, #1813, #1814 and #1815); ECDSA (Certs. #305 and #306); HMAC (Certs. #1261, #1262, #1263, #1264, #1265 and #1266); DRBG (Certs. #211, #212, #213, #214, #215 and #216); PBKDF (vendor affirmed)

-Other algorithms: ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC (non-compliant)

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
1955Kony, Inc.
7380 West Sand Lake Road #390
Orlando, FL 32819
USA

Matthew Terry
TEL: 407-730-5669
FAX: 407-404-3738

CST Lab: NVLAP 100432-0
Kony Cryptographic Library
(Software Version: 2.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/03/2013
08/23/2013
09/16/2013
05/16/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2


-Operational Environment: Tested as meeting Level 1 with Android 2.2 running on HTC Desire without NEON
Android 2.2 running on HTC Desire with NEON
Android 3.0 running on Nook BNRV200 without NEON
Android 3.0 running on Nook BNRV200 with NEON
Android 4.0 running on Beagleboard-XM without NEON
Android 4.0 running on Beagleboard-XM with NEON
Apple iOS 5.0 running on iPhone 4 without NEON
Apple iOS 5.0 running on iPhone 4 with NEON
Apple iOS 6.0 running on iPhone 4 without NEON
Apple iOS 6.0 running on iPhone 4 with NEON (single user mode)

-FIPS Approved algorithms: AES (Cert. #2338); DRBG (Cert. #290); DSA (Cert. #732); HMAC (Cert. #1448); RSA (Cert. #1204); SHS (Cert. #2016); Triple-DES (Cert. #1464); ECDSA (Cert. #382); CVL (Cert. #51)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (encrypt/decrypt); RNG; Dual EC DRBG

Multi-chip standalone

"The Kony Cryptographic Library is a full featured cryptographic module used in Kony mobile and multi-channel application platforms and the KonyOne™ Platform."
19523S Group Incorporated
125 Church Street, N.E., Suite 204
Vienna, VA 22180
USA

Satpal Sahni
TEL: 703-281-5015
FAX: 703-281-7816

CST Lab: NVLAP 200002-0
3S Group Cryptographic Module (3SGX)
(Hardware Version: 1.0; Firmware Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/23/2013Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #1315); AES (Cert. #2038); DSA (Cert. #646); RSA (Cert. #1058); SHS (Cert. #1784); DRBG (Cert. #200); ECDSA (Cert. #297); HMAC (Cert. #1237); Skipjack (Cert. #19); KAS (Cert. #35); KTS (vendor affirmed); CVL (Cert. #25)

-Other algorithms: Diffie-Hellman (key agreement); Diffie-Hellman (CVL Cert. #25; key agreement); EC Diffie-Hellman (CVL Cert. #25; key agreement); KEA; RSA (key wrapping); AES (Cert. #2038, key wrapping); Triple-DES (Cert. #1315, key wrapping)

Multi-chip embedded

"3SGX is a high performance embedded PCIe cryptographic module that provides complete cryptographic support to hundreds of concurrent users and/or applications. Each user/application is authenticated twice before accessing its own symmetric and asymmetric keys and certificates. All cryptographic and key management operations are performed within the Hardware Security Module (HSM). 3SGX HSM is the core of 3S Group's hardware security appliances. Available in a range of models and configurations and high-level APIs, it is ideal for enterprise key management, virtualization and cloud server soluti"
1949Harris Corporation
1680 University Avenue
Rochester, NY, NY 14610
USA

Michael Vickers
FAX: 434-455-6851

CST Lab: NVLAP 200996-0
Harris AES Software Load Module
(Software Version: R04A01)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/16/2013Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Texas Instruments DSP/BIOS Software Kernel Version 5.33.03 running on a Texas Instruments TMS320C55x (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1482 and #2320)

-Other algorithms: AES (Cert. #1482, key wrapping)

Multi-chip standalone

"The Harris AES Software Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals."
1947TrellisWare Technologies Inc.
16516 Via Esprillo
Suite 300
San Diego, CA 92127
USA

Jeffery Thomas
TEL: 858-753-1617
FAX: 858-753-1641

James Morse
TEL: 858-753-1646
FAX: 858-753-1640

CST Lab: NVLAP 100432-0
TW-230 (CheetahNet II)
(Hardware Version: ASY0560001 rev X2; Firmware Version: 4c-beta2-FIPS)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/16/2013Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1980); RSA (Cert. #1026); SHS (Cert. #1734)

-Other algorithms: AES (Cert. #1980, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES (non-compliant)

Multi-chip standalone

"The TW-230 combines the high data rate capability of TrellisWare's Tactical Scalable MANET-Enhanced (TSM-E) waveform with narrowband VHF/UHF AM/FM voice. TW-230 provides a robust highly scalable self-forming, self-healing wideband networked waveform transparent to the operator. The TW-230 supports multi-channel push to talk (PTT) voice, IP data, position location information (PLI) tracking, and remote operation of live streaming video. The TW-230 can also be operated in plaintext narrowband voice modes that allow it to interoperate with most other standard AM/FM PTT radios."
1946TrellisWare Technologies Inc.
16516 Via Esprillo
Suite 300
San Diego, CA 92127
USA

Jeffery Thomas
TEL: 858-753-1617
FAX: 858-753-1641

James Morse
TEL: 858-753-1646
FAX: 858-753-1640

CST Lab: NVLAP 100432-0
TW-400 (CUB)
(Hardware Version: ASY0540250 rev X1; Firmware Version: 4c-beta2-FIPS)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/14/2013Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #1980); RSA (Cert. #1026); SHS (Cert. #1734)

-Other algorithms: AES (Cert. #1980, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES (non-compliant)

Multi-chip standalone

"The TW-400 is a small form factor software defined radio that employs an enhanced version of TrellisWare's Tactical Scalable MANET waveform (TSM-E) and is capable of robust operation at high data rate modes. The TW-400 supports multi-channel push to talk (PTT) voice, IP data, network level position location information (PLI) tracking, sleep functions for long term sensing applications, IP gateway features and remote operation of live streaming video sources for networked sensing missions."
1945

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/10/2013Overall Level: 1

Single-chip
1944Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis

CST Lab: NVLAP 200658-0
Apple iOS CoreCrypto Kernel Module, v3.0
(Software Version: 3.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/03/2013Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with iOS 6.0 running on an iPhone4
iOS 6.0 running on an iPhone4S
iOS 6.0 running on an iPad (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1335 and #1337); AES (Certs. #2070, #2071, #2099 and #2101); SHS (Certs. #1803, #1804, #1823 and #1825); ECDSA (Certs. #308 and #310); HMAC (Certs. #1255, #1256, #1274 and #1276); DRBG (Certs. #222 and #224); PBKDF (vendor affirmed)

-Other algorithms: ECDSA (Curves P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC (non-compliant)

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
1940Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
IOS Common Cryptographic Module (IC2M)
(Firmware Versions: Rel 1(1.0.0), Rel 1(1.0.1) and Rel 1(1.0.2))
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware04/30/2013Overall Level: 1


-Tested: Cisco Catalyst 2960 with IOS 15.0SE
Cisco 3925 ISR with IOS 15.2
Cisco 2811 ISR with IOS 15.2

-FIPS Approved algorithms: AES (Certs. #2134 and #2136); CVL (Cert. #30); DRBG (Cert. #237); ECDSA (Cert. #322); HMAC (Cert. #1304); RSA (Cert. #1100); SHS (Certs. #1858 and #1859); Triple-DES (Certs. #1358, #1359 and #1360)

-Other algorithms: DES; HMAC-MD5; MD2; MD5; RC2; RC4; SEAL; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols."
1939Chunghwa Telecom Co., Ltd.
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei
Taoyuan, Taiwan 326
Republic of China

Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

Char-Shin Miou
TEL: +886 3 424 4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0
HiCOS PKI Native Smart Card
(Hardware Versions: HD65255C1 and HD65257C1; Firmware Versions: HardMask: 2.1 and SoftMask: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/30/2013Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1219); Triple-DES MAC (Triple-DES Cert. #1219, vendor affirmed); SHS (Cert. #1649); RSA (Cert. #957); DRBG (Cert. #155)

-Other algorithms: N/A

Single-chip

"The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate."
1938SafeLogic Inc.
459 Hamilton Ave
Suite 306
Palo Alto, CA 94301
USA

SafeLogic Inside Sales

CST Lab: NVLAP 200556-0
CryptoComply™ | Mobile
(Software Version: 2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software04/30/2013
11/08/2013
04/23/2014
01/25/2016
02/10/2016
Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus
iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3
iOS 7 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-chip standalone

"CryptoComply™ | Mobile is a standards-based "Drop-in Compliance" cryptographic engine for mobile devices. The module delivers core cryptographic functions to mobile platforms and features robust algorithm support, including Suite B algorithms. CryptoComply™ | Mobile offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation."
1937Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 200556-0
Symantec App Center Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/30/2013
02/11/2016
Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus
iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-chip standalone

"The Symantec App Center Cryptographic Module Version 1.0 provides cryptographic functions for Symantec App Center, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices."
1935Cisco Systems, Inc.
170 West Tasman Drive,
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco 5915 Embedded Services Routers
(Hardware Versions: Cisco 5915 ESR air-cooled card and Cisco 5915 ESR conduction-cooled card; Firmware Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/18/2013Overall Level: 1

-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2031); DRBG (Cert. #196); HMAC (Certs. #537 and #1232); RSA (Cert. #1055); SHS (Certs. #933 and #1779); Triple-DES (Certs. #757 and #1310)

-Other algorithms: DES; DES MAC; HMAC MD4; HMAC MD5; MD4; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)

Multi-chip embedded

"The Cisco 5915 ESR is a high-performance, ruggedized router designed for use in harsh environments-offering reliable operation in extreme temperatures and under shock and vibration conditions typical for mobile applications in rugged terrain. With onboard hardware encryption, the Cisco 5915 ESR offloads encryption processing from the routing engine to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks."
1931INSIDE Secure
Eerikinkatu 28
Helsinki 00180
Finland

Serge Haumont
TEL: +358 40 5808548

Marko Nippula
TEL: +358 40 762 9394

CST Lab: NVLAP 200427-0
SafeZone FIPS Cryptographic Module
(Software Versions: 1.0.3 and 1.0.3A)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/08/2013
05/20/2014
Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Linux kernel 2.6 running on a Pandaboard
Android 2.3 running on a Pandaboard
Android 4.0 running on a Pandaboard
Android 4.4 running on a Samsung Galaxy Note 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2041 and #2837); CVL (Certs. #21 and #261); CVL (SP 800-135rev1, vendor affirmed); DRBG (Certs. #203 and #493); DSA (Certs. #648 and #854); ECDSA (Certs. #299 and #497); HMAC (Certs. #1240 and #1778); KBKDF (vendor affirmed); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Certs. #1061 and #1479); SHS (Certs. #1787 and #2378); Triple-DES (Certs. #1318 and #1697)

-Other algorithms: AES (Certs. #2041 and #2837, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"SafeZone FIPS Cryptographic Module is a FIPS 140-2 Security Level 1 validated software cryptographic module from INSIDE Secure. The module is a toolkit which provides the most commonly needed cryptographic primitives for a large variety of applications, including but not limited to, primitives needed for DAR, DRM, TLS, and VPN on mobile devices."
1927Feitian Technologies Co., Ltd.
Floor 17th, Tower B, Huizhi Mansion
No.9 Xueqing Road
Haidan District Beijing 100085
People's Republic of China

Tibi Zhang
TEL: 86-010-62304466 x821
FAX: 86-010-62304416

Xiaozhi Zheng
TEL: 86-010-62304466 x531
FAX: 86-010-62304416

CST Lab: NVLAP 200427-0
FEITIAN-FIPS-COS
(Hardware Version: 1.0.0; Firmware Version: 1.0.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/08/2013Overall Level: 2

-Physical Security: Level 3

-FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991)

-Other algorithms: AES MAC (AES Cert. #1473; non-compliant); DES; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"FEITIAN-FIPS-COS, is both an integrated circuit and an operating system, and has been developed to support their ePass series USB1 tokens. These tokens are designed to provide strong authentication and identification and to support network logon, secure online transactions, digital signatures, and sensitive data protection. The FEITIAN-FIPS-COS provides all cryptographic functionality for their ePass line of products. ePass supports dual-factor authentication with an ISO27816-12 USB interface for the PC host connection acting as a smart card reader."
1926

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/08/2013
12/13/2013
Overall Level: 1

Single-chip
1922Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Theresa Conejero
TEL: 650-265-3634
FAX: 650-265-5528

CST Lab: NVLAP 100432-0
HP Enterprise Secure Key Manager
(Hardware Versions: P/Ns AJ585A, Version 3.0 [1] and C8Z51AA, Version 3.1 [2]; Firmware Versions: 5.0.0 [1] and 5.1.0 [2])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/22/2013
05/16/2013
01/01/2014
01/25/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #2069); DRBG (Cert. #207); HMAC (Cert. #1254); CVL (Cert. #23); RSA (Cert. #1073); SHS (Cert. #1802); Triple-DES (Cert. #1328)

-Other algorithms: DSA (Cert. #653; non-compliant); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; MD5; RC4

Multi-chip standalone

"HP Enterprise Secure Key Manager (ESKM) provides key generation, retrieval, and management for encryption devices and solutions. ESKM is a hardened security appliance with secure access control, administration, and logging. ESKM supports high availability with automatic multi-site clustering, replication, and failover."
1921

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/22/2013Overall Level: 2

-Physical Security: Level 3

Multi-chip standalone
1920

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/22/2013Overall Level: 2

-Physical Security: Level 3

Multi-chip standalone
1919

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/22/2013Overall Level: 2

-Physical Security: Level 3

Multi-chip standalone
1918Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco 7600 Series Routers with Supervisor RSP720
(Hardware Versions: (7603-S, 7604, 7606-S, 7609-S, 7613, V02, V07, V13, V14 and -F0) with FIPS kit (Cisco-FIPS-KIT=); Firmware Version: 15.1(3)S3)
(Validated when tamper evident labels are installed as indicated in the Security Policy and when operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/22/2013Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Certs. #598 and #2036); DRBG (Cert. #198); HMAC (Certs. #348 and #1234); RSA (Cert. #1056); SHS (Certs. #647 and #1781); Triple-DES (Certs. #569 and #1312)

-Other algorithms: DES; DES MAC; HMAC MD5; MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 7600-S Router is a compact, high-performance router designed in 3, 4, 6, 9 and 13-slot form factor for deployment at the network edge, where robust performance and IP/Multiprotocol Label Switching (MPLS) services are necessary to meet the requirements of both enterprises and service providers."
1917Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Sunil Chitnis
TEL: 408-333-2444
FAX: 408-333-4887

Bob Colvin
TEL: 408-333-4839
FAX: 408-333-4887

CST Lab: NVLAP 200427-0
Brocade® MLXe® and Brocade NetIron® CER Series Ethernet Routers
(Hardware Versions: BR-MLXE-4-MR-M-AC, BR-MLXE-4-MR-M-DC, BR-MLXE-8-MR-M-AC, BR-MLXE-8-MR-M-DC, BR-MLXE-16-MR-M-AC, BR-MLXE-16-MR-M-DC, NI-CER-2024C-ADVPREM-AC, NI-CER-2024C-ADVPREM-DC, NI-CER-2024F-ADVPREM-AC, NI-CER-2024F-ADVPREM-DC, NI-CER-2048FX-ADVPREM-AC, NI-CER-2048FX-ADVPREM-DC, NI-CER-2048F-ADVPREM-AC, NI-CER-2048F-ADVPREM-DC, NI-CER-2048C-ADVPREM-AC, NI-CER-2048C-ADVPREM-DC, NI-CER-2048CX-ADVPREM-AC and NI-CER-2048CX-ADVPREM-DC with FIPS Kit (P/N Brocade XBR-000195) and NI-MLX-MR Management Module; Firmware Version: IronWare; Software Version: R05.1.01a)
(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8 and 13 as defined in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/21/2013Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1615); DRBG (Cert. #84); DSA (Cert. #503); HMAC (Cert. #947); RSA (Cert. #793); SHS (Cert. #1424); Triple-DES (Cert. #1056)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Brocade MLXe series of core routers support IPv4, IPv6, MPLS and advanced Layer 2 switching. Ideally suited for service provider backbones, Metro Ethernet networks, ISPs, CDNs, IXPs, data centers, and distributed enterprises.The NetIron CER 2000 series 1 Gigabit Ethernet (GbE) routers support copper and hybrid fiber configurations with two optional 10 GbE uplink ports. All the ports support forwarding IP and MPLS packets at wire speed without oversubscription. The routers support standard IPv4, IPv6 routing protocols, RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-IS for IPv6, and BGP/BGP-MP for IPv6."
1916

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/22/2013Overall Level: 1

Single-chip
1906Biscom, Inc.
321 Billerica Road
Chelmsford, MA 01824
USA

Bill Ho
TEL: 978-367-3544
FAX: 978-250-2565

Sharif Rahman
TEL: 510-400-6325
FAX: 978-250-2565

CST Lab: NVLAP 200427-0
Biscom Cryptographic Library
(Software Version: 1.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/12/2013
05/06/2016
05/12/2016
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Windows Server 2012 R2 (SP1) with Sun JRE 8.0 running on a Dell XPS 8700 with PAA
Windows Server 2012 R2 (SP1) with Sun JRE 8.0 running on a Dell XPS 8700 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3897); DRBG (Cert. #1116); HMAC (Cert. #2530); SHS (Cert. #3212)

Multi-Chip Stand Alone

"The Biscom Cryptographic Library (the cryptographic module or the module) provides cryptographic security functions as Java APIs for application developers to integrate cryptographic services into Biscom applications or systems. The module is distributed only as an integrated subcomponent of the Biscom Delivery Server (BDS). The Biscom Cryptographic Library provides security functions for encryption, decryption, random number generation, hashing, getting the status of the integrity test, and running the self-tests. The library is used by the application."
1905Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0
Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module
(Hardware Versions: ST900MM0036 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], ST600MM0036 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], ST450MM0036 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19], ST1200MM0027 [20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33], ST4000NM0063 [34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63], ST3000NM0063 [34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63], ST2000NM0063 [34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63], ST1000NM0063 [34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63], ST4000NM0073 [64, 65, 66], ST3000NM0073 [64, 65, 66], ST2000NM0073 [64, 65, 66], ST1000NM0073 [64, 65, 66], ST600MP0054 [67, 68, 69], ST600MP0084 [70, 71, 72], ST450MP0054 [67, 68, 69], ST450MP0084 [70, 71, 72], ST450MP0024 [73, 74], ST300MP0054 [67, 68, 69], ST300MP0084 [70, 71, 72], ST300MP0024 [73, 74], ST600MX0024 [75], ST600MX0054 [76], ST450MX0024 [75], ST450MX0054 [76], ST300MX0024 [75] and ST300MX0054 [76]; Firmware Versions: A000 [1, 34], 0001 [2, 20], LSF5 [3], LEF5 [4], 0002 [5, 23, 35], NA00F740 [6], NA009A40 [7, 39], 0003 [8, 30, 38], LE05 [9], LF81 [10], 3P00 [11, 42], LSF6 [12], LE09 [13], LEF6 [14], 0004 [15, 46], NA01F741 [16], NA019A41 [17, 50], LSF7 [18], LEF7 [19], ISF2 [21], IEF2 [22], ISF3 [24], IEF4 [25], IEF5 [26], ISF4 [27], IEF6 [28], IEF7 [29], IEF8 [31], ISF5 [32], IEF9 [33], GSF3 [36], GEF3 [37], GE06 [40], GF81 [41], GSF4 [43], GEF4 [44], GE09 [45], GSF5 [47], GEF5 [48], GEF6 [49], GSF6 [51], GEF7 [52], GSF7[53], GSF8[54], GEF8[55], 0006[56], GSF9[57], GEFA[58], GEOD[59], GF84[60], A005[61], NA02[62], 3P01[63], F001 [64], SF03 [65], SF04 [66], FE01 [67], EF02 [68, 75], VEE1 [69], FK01 [70], KF02 [71, 76], VF12 [72], FN01 [73], NF02 [74])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/12/2013
05/22/2013
05/31/2013
08/09/2013
11/08/2013
02/20/2014
04/03/2014
06/05/2014
09/26/2014
12/31/2014
05/08/2015
07/23/2015
12/22/2015
04/05/2016
05/24/2016
05/24/2016
05/24/2016
Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1343, #1974 and #2068); DRBG (Cert. #62); RSA (Cert. #1021); SHS (Cert. #1225)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure® TCG Enterprise SSC FIPS 140 Module is embodied in Savvio®, Enterprise Performance®, Enterprise Turbo® and Constellation® model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instant user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1904General Dynamics Mission Systems
150 Rustcraft Road
Dedham, MA 02026
USA

Certification Director
TEL: 770-689-2040
FAX: 781-455-5555

CST Lab: NVLAP 200427-0
Fortress Mesh Points
(Hardware Versions: ES210, ES2440, ES440, ES520v1, ES520v2 or ES820; Firmware Versions: 5.4.1, 5.4.3 or 5.4.4.1190)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/20/2013
05/17/2013
06/14/2013
06/21/2016
Overall Level: 2

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #688, #694 and #1519); DRBG (Cert. #66); ECDSA (Cert. #371); HMAC (Certs. #367, #371 and #889); KAS (Cert. #10); RSA (Cert. #439); SHS (Certs. #717, #721 and #1357)

-Other algorithms: MD5; PRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1903Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0
Mocana Cryptographic Loadable Kernel Module
(Software Versions: 5.5f and 5.5.1f)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/22/2013
03/28/2013
01/23/2014
02/20/2014
04/03/2014
11/25/2014
04/10/2015
10/15/2015
04/05/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Android 2.2 running on a LG Optimus 3D (LG-P920)
Android 2.3 running on a LG G2X (LG-P999)
Android 4.0 running on a Samsung Nexus-S (GT-I9023)
Android 4.1 running on a LG Optimus (LG-P920)
Ubuntu Linux 32 bit running on a Dell Dimension 9200
Ubuntu Linux 64 bit running on a Dell Dimension 9200
Android 4.3 running on Asus TF 700 Tablet
Android 4.4 running on Nexus 7 Tablet
Android Lollipop Linux 3.4 running on a Qualcomm Snapdragon MSM8974 development device
Android Lollipop Linux 3.10 running on a Qualcomm Snapdragon MSM8992 development device (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2039, #2272 and #2741); DRBG (Certs. #201 and #460); HMAC (Certs. #1238 and #1718); SHS (Certs. #1785 and #2313); Triple-DES (Certs. #1316 and #1650)

-Other algorithms: NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RNG; Dual EC DRBG

Multi-Chip Stand Alone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1899Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0
Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and MicrosoftWindows Storage Server 2012 BitLocker® Dump Filter (DUMPFVE.SYS)
(Software Version: 6.2.9200)
(When installed, initialized and configured as specified in the Security Policy Section 2 with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/13/2013
01/09/2015
Overall Level: 1

-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521
Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT
Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro
Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2196 and #2198)

-Other algorithms: N/A

Multi-chip standalone

"The BitLocker® Dump Filter (DUMPFVE.SYS) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1898Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0
Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Surface Windows 8 Pro, and Microsoft Windows Storage Server 2012 BitLocker® Windows Resume (WINRESUME)
(Software Version: 6.2.9200)
(When operated in FIPS mode with module Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/06/2013
01/09/2015
Overall Level: 1

-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521
Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

-Other algorithms: MD5

Multi-chip standalone

"BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1897Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0
Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Code Integrity (CI.DLL)
(Software Version: 6.2.9200)
(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/06/2013
01/09/2015
Overall Level: 1

-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521
Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT
Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro
Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

-Other algorithms: MD5

Multi-chip standalone

"Code Integrity (CI.DLL) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1896Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0
Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 BitLocker® Windows OS Loader (WINLOAD)
(Software Version: 6.2.9200)
(When operated in FIPS mode with module Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/06/2013
01/09/2015
Overall Level: 1

-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521
Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT
Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro
Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

-Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG

Multi-chip standalone

"The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files. Please note that AES (Cert. #2197) is only used in the entropy source for the module. This particular instance of AES is labeled as non-compliant because it does not perform a power-up self-test. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1895Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0
Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Boot Manager
(Software Version: 6.2.9200)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/13/2013
01/09/2015
Overall Level: 1

-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521
Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT
Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro
Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

-Other algorithms: MD5

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1894Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0
Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Enhanced Cryptographic Provider (RSAENH.DLL)
(Software Version: 6.2.9200)
(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/27/2013
01/09/2015
Overall Level: 1

-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with [Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521
Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT
Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro
Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Enhanced Cryptographic Provider (RSAENH.DLL) encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 validated cryptography. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1893Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0
Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
(Software Version: 6.2.9200)
(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/13/2013
01/09/2015
Overall Level: 1

-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521
Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT
Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro
Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 validated cryptography.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1892Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0
Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, Microsoft Windows Phone 8, and Microsoft WindowsStorage Server 2012 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
(Software Version: 6.2.9200)
(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/06/2013
01/09/2015
Overall Level: 1

-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521
Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without PAA
Microsoft Windows Server 2012 (x64) running on Intel Core i7 with PAA running on an Intel Client Desktop
Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT
Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Windows 8 Pro
Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 (x64) running on an Intel Maho Bay without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)

Multi-chip standalone

"The Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography.This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1889Stanley Security Solutions, Inc.
6161 E 75th Street
PO Box 50444
Indianapolis, IN 46250
USA

Mr. Robert Strong
TEL: 317-806-3288

Mr. Thomas Schuster
TEL: 317-806-3150

CST Lab: NVLAP 100414-0
Wi-Q OMW (OW2000) [1], WAC (SDC2K) [2], WDC [3] and WXC [4] Controllers
(Hardware Version: 12681B [1]; 82065A [2]; 82069B [3]; 82069C [3]; 82069E [3]; 82069F [3] 82376C [4]; 82376D [4]; 82376F [4]; 82376G [4]; Firmware Version: 3.00.039)
(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/13/2013Overall Level: 1

-FIPS Approved algorithms: SHS (Cert. #1583); AES (Cert. #1802)

-Other algorithms: N/A

Multi-chip embedded

"The Stanley Wi-Q Controller Cryptographic Module is a wireless end point device that communicates via proprietary 802.15.4 protocol to a Stanley Wi-Q Portal Gateway module. The Stanley Wi-Q Controller provides secure key entry and data encryption functions within the Stanley Wi-Q Wireless Access Control System."
1887Cambium Networks, Ltd.
Unit B2, Linhay Business Park
Ashburton, Devon TQ13 7UP
United Kingdom

Mark Thomas
TEL: +44 1364 655586
FAX: +44 1364 655500

CST Lab: NVLAP 100432-0
Cambium PTP 600 Series Point to Point Wireless Ethernet Bridges
(Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Versions: PTP600-10-00-FIPS, PTP600‐10‐05‐FIPS or PTP600‐10‐07‐FIPS)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/08/2013
02/22/2013
06/14/2013
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The 600 Series of Point-to-Point wireless Ethernet bridges operates in the 2.5, 4.5, 4.8, 4.9, 5.4, 5.8 and 5.9 GHz spectrum, offering high performance Ethernet and TDM connectivity in line-of-sight and non-line-of-sight environments. PTP 600 links have class-leading sensitivity and power output, supporting data rates up to 300 Mbps and range up to 124 miles. This series of secure wireless bridges makes cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers, utilities, transportation agencies and public safety organizations."
1885Curtiss-Wright Controls Defense Solutions
2600 Paramount Place, Suite 200
Fairborn, OH 45324
USA

Paul Davis
TEL: 937-610-5421
FAX: 937-252-1480

Matt Young
TEL: 937-610-5457
FAX: 937-252-1480

CST Lab: NVLAP 200427-0
3U VPX-1TB FSM Flash Storage Module
(Hardware Versions: RHFS-3UR1024-F, RHFS-3UJ1024-F; Firmware Version: 1.11)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware02/08/2013
05/16/2013
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #250 and #1978); DRBG (Cert. #180); HMAC (Cert. #1191); SHS (Cert. #1732)

-Other algorithms: TRNG

Multi-chip embedded

"The Flash Storage Module (FSM) AES cryptographic engine uses 256-bit encryption keys and performs real-time encryption of all data written to or read from solid state drives. The FSM cryptographic engines provides maximum data-at-rest security in commercial and military applications."
1884Totemo AG
Freihofstrasse 22
Küsnacht CH-8700
Switzerland

Marcel Mock
TEL: +41 44 914 99 00

Daniel Raap
TEL: +41 44 914 99 00

CST Lab: NVLAP 200928-0
Totemo Cryptographic Module (TCM)
(Software Version: 2.0)
(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/08/2013Overall Level: 1



-Operational Environment: Tested as meeting Level 1 with Totemo Appliance OS 2.0 v0711 with JRE 7.0 running on a Apligo NSA 7110 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2059); Triple-DES (Cert. #1326); DSA (Cert. #652); RSA (Cert. #1071); ECDSA (Cert. #302); SHS (Cert. #1800); DRBG (Cert. #206); HMAC (Cert. #1252)

-Other algorithms: AES (Cert. #2059, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1326, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Totemo Cryptographic Module supplies the cryptographic services required by the Totemo Security Platform (TSP) and the Totemo products which provides secure email, file transfer, and mobile messaging solutions. These solutions secure all types of communication without any infrastructure prerequisites."
1883SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Eric Avigdor
TEL: 512-215-7378

Security and Certifications Team

CST Lab: NVLAP 100432-0
eToken 5100, 5105, 5200 and 5205
(Hardware Versions: eToken 5100, eToken 5105, eToken 5200 and eToken 5205; Firmware Version: Athena IDProtect 0106.0113.2109 with SafeNet eToken Applet Suite 1.2.9)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/08/2013
02/15/2013
09/12/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"SafeNet eToken is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business resources."
1881WinMagic Incorporated
200 Matheson Blvd W.
Suite 201
Mississauga, Ontario L5R 3L7
Canada

Alexander Mazuruc
TEL: 905-502-7000 ext. 225
FAX: 905-502-7001

CST Lab: NVLAP 200928-0
SecureDoc® Disk Encryption Cryptographic Engine for MacOS X
(Software Version: 7.2)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/04/2013
07/11/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7 Lion 32-bit running on a MacBook Pro
Mac OS X 10.7 Lion 64-bit running on a MacBook Pro (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3948 and #3949); SHS (Cert. #3257); DRBG (Cert. #1152); HMAC (Cert. #2572)

-Other algorithms: AES (Certs. #3948 and #3949, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"SecureDoc® Disk Encryption Cryptographic Engine for MacOS X provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on MacOS X platform. The module employs PKCS-11 cryptographic standard to deliver full disk and removable media encryption on Apple computers and laptops."
1880WinMagic Incorporated
200 Matheson Blvd W.
Suite 201
Mississauga, Ontario L5R 3L7
Canada

Alexander Mazuruc
TEL: 905-502-7000 ext. 225
FAX: 905-502-7001

CST Lab: NVLAP 200928-0
SecureDoc® Disk Encryption Cryptographic Engine for Windows
(Software Version: 7.2)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/04/2013
07/25/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3


-Operational Environment: Microsoft Windows 7 32-bit running on a Dell Vostro 430 Intel Core i7, Microsoft Windows 7 32-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI, Microsoft Windows 7 64-bit running on a Dell Vostro 430 Intel Core i7, Microsoft Windows 7 64-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3948 and #3949); SHS (Cert. #3257); DRBG (Cert. #1152); HMAC (Cert. #2572)

-Other algorithms: AES (Certs. #3948 and #3949, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"SecureDoc® Disk Encryption Cryptographic Engine for Windows provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on Windows platform. The module employs PKCS-11 cryptographic standard to deliver full disk encryption and other data protection solutions for General Purpose Computers, laptops and removable media."
1878Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0
Mocana Cryptographic Suite B Module
(Software Versions: 5.5f and 5.5.1f)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/31/2013
03/28/2013
01/23/2014
04/03/2014
11/25/2014
02/20/2015
07/06/2015
04/12/2016
07/08/2016
Overall Level: 1



-Operational Environment: Android 2.2 running on a LG Optimus 3D (LG-P920)
Android 2.3 running on a LG G2X (LG-P999)
Android 4.0 running on a Samsung Nexus-S (GT-I9023)
Android 4.1 running on a LG Optimus 3D (LG-P920)
Ubuntu Linux 32 bit running on a Dell Dimension 9200
Ubuntu Linux 64 bit running on a Dell Dimension 9200
Android 4.3 running on Asus TF 700 Tablet
Android 4.4 running on Nexus 7 Tablet
VxWorks 6.8 running on Avaya ERS 4850
Mentor Embedded Linux 4.0 running on an Avaya VSP 4450
Honeywell Xenon RTOS running on Honeywell 1902 Scanner
Android 6.0 32-bit running on Nexus 7 Tablet
Android 6.0 64-bit running on Galaxy S6 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2039, #2272 and #2741); Triple-DES (Certs. #1316 and #1650); SHS (Certs. #1785 and #2313); HMAC (Certs. #1238 and #1718); RSA (Certs. #1059 and #1437); DSA (Certs. #647 and #840); ECDSA (Certs. #298 and #479); DRBG (Certs. #201 and #460)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt); RNG; Dual EC DRBG

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1876Apricorn Inc.
12191 Kirkham Road
Poway, CA 92064
USA

Robert Davidson
TEL: 858-513-4430
FAX: 858-513-2020

CST Lab: NVLAP 100432-0
Apricorn Aegis Secure Key
(Hardware Versions: ASK-256-4GB, ASK-256-8GB, ASK-256-16GB and ASK-256-32GB; Firmware Version: V2.06A01.exe V1.39 with Security Controller Firmware Revision iStorage v12)
(Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/30/2013
03/08/2013
03/28/2013
06/16/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177)

-Other algorithms: NDRNG

Multi-chip standalone

"The Apricorn Aegis Secure Key is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology. The Apricorn Aegis Secure Key uses full-disk hardware based AES 256 bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG)."
1873iStorage Limited
Research House
Fraser Road
Greenford, Middlesex UB6 7AQ
England

John Michael
TEL: +44 20 8537-3435
FAX: +44 20 8537-3438

CST Lab: NVLAP 100432-0
datAshur Secure USB Flash Drive
(Hardware Versions: IS-FL-DA-256-4, IS-FL-DA-256-8, IS-FL-DA-256-16 and IS-FL-DA-256-32; Firmware Version: V2.06A01.exe V1.39 with Security Controller Firmware Revision iStorage v12)
(Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/08/2013
01/24/2013
03/28/2013
08/29/2014
06/16/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177)

-Other algorithms: NDRNG

Multi-chip standalone

"The iStorage datAshur is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology licensed from ClevX, LLC. datAshur uses full-disk hardware based AES 256 Bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG). datAshur supports a single encrypted private partition available to the user when unlocked."
1864Cambium Networks, Ltd.
Unit B2, Linhay Business Park
Ashburton, Devon TQ13 7UP
United Kingdom

Mark Thomas
TEL: +44 1364 655586
FAX: +44 1364 655500

CST Lab: NVLAP 100432-0
Cambium Networks PTP 800 Compact Modem Unit (CMU)
(Hardware Versions: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800-05-02)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/04/2013
02/22/2013
Overall Level: 1

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG

Multi-chip standalone

"Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Cambium Networks Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution."
1862Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0
Seagate Secure® TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module
(Hardware Version: 1BU282; Firmware Version: 0003)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/07/2013
01/25/2013
Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1811 and #1343); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure« Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in the Seagate Pulsar.2 SED model disk drive. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1860CMS Products
12 Mauchly
Unit E
Irvine, CA 92618
USA

Les Kristof
TEL: 714-424-5521
FAX: 949-754-9060

CST Lab: NVLAP 100432-0
CE Secure
(Hardware Versions: P/Ns CE-HDDFIPS-500, CE-HDDFIPS-320 and CE-HDDFIPS-250; Firmware Version: 0001SDM7)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/25/2013Overall Level: 2

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225)

-Other algorithms: NDRNG

Multi-chip embedded

"The CE Secure CE-HDDFIPS is a Self Encrypting Drive used in CMS Products' line of external secure storage devices. All data on the secure storage device is protected with state of the art hardware encryption."