CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 11/26/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
2069 Hewlett-Packard Company
8000 Foothills Blvd
Roseville, CA 95747
USA

-Sunil Amanna
TEL: 916-785-1183
FAX: 916-785-1103

-Harjit Dhillon
TEL: 916-785-0341
FAX: 916-785-1103

CST Lab: NVLAP 200002-0

HP Networking 3800 Switch Series
(Hardware Versions: Switches: (3800-24G-PoE+-2SFP+ Switch (J9573A) [1]; 3800-48G-PoE+-4SPF+ Switch (J9574A) [2]; 3800-24G-2SFP+ Switch (J9575A) [3]; 3800-48G-4SFP+ Switch (J9576A) [4]; 3800-24G-2XG Switch (J9585A) [5]; 3800-48G-4XG Switch (J9586A) [6]; 3800-24G-PoE+-2XG Switch (J9587A) [7]; 3800-48G-PoE+-4XG Switch (J9588A) [8] and 3800-24SFP-2SFP+ Switch (J9584A) [9]); Power Supplies: (J9580A [1,2,7,8] and J9581A [3,4,5,6,9]) with Tamper Evident Seal Kit: J9740A; Firmware Version: KA.15.10.0015)

(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/24/2013 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2051); Triple-DES (Cert. #1322); HMAC (Cert. #1248); SHS (Certs. #1795 and 1796); RSA (Certs. #1067 and #1068); DSA (Cert. #649); RNG (Cert. #1071)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; MD5-96; SHA-1-96 (non-compliant); RNG (Cert. #544; non-compliant); NDRNG

Multi-chip standalone

"The HP Networking 3800 Switch Series cryptographic modules are a family of next-generation gigabit Layer 2/3 enterprise-class access layer switches. The 3800 Switch Series, which is designed with a custom HP ProVision ASIC, delivers unmatched performance and scalability to meet the needs of the most demanding enterprise networks. The HP Networking 3800 Switch Series modules integrate 10 Gb connectivity for high-performance links to the network aggregation and core; allowing for increased throughput and network link redundancy."
2068 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Andy Nissen

CST Lab: NVLAP 200556-0

McAfee SIEM Cryptographic Module
(Software Version: 1.0)

(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/24/2013 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with McAfee Nitro OS 9.1 running on McAfee SIEM Appliance (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2229 and #2230); CVL (Certs. #33 and #34); DSA (Certs. #690 and #691); ECDSA (Certs. #343 and #344); HMAC (Certs. #1357 and #1358); RNG (Certs. #1115 and #1116); RSA (Certs. #1141 and #1142); SHS (Certs. #1917 and #1918); Triple-DES (Certs. #1395 and #1396)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The McAfee SIEM Cryptographic Module provides cryptographic services required by the McAfee SIEM environments."
2067 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Andy Nissen

CST Lab: NVLAP 200556-0

McAfee Virtual SIEM Cryptographic Module
(Software Version: 1.0)

(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/24/2013 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with McAfee Nitro OS 9.1 on VMWare ESXi 5.0 running on a McAfee SIEM appliance

-FIPS Approved algorithms: AES (Certs. #2228 and #2231); CVL (Certs. #32 and #35); DSA (Certs. #689 and #692); ECDSA (Certs. #342 and #345); HMAC (Certs. #1356 and #1359); RNG (Certs. #1114 and #1117); RSA (Certs. #1140 and #1143); SHS (Certs. #1916 and #1919); Triple-DES (Certs. #1394 and #1397)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The McAfee Virtual SIEM Cryptographic Module provides cryptographic services required by the McAfee SIEM virtual environments."
2066 Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0

Kanguru Defender Elite 200™
(Hardware Version: 1.0 (P/Ns KDFE200-4G-Red, KDFE200-4G-Green, KDFE200-4G-Blue, KDFE200-4G-Yellow, KDFE200-4GBrown, KDFE200-4G-Gray, KDFE200-4G-Silver, KDFE200-8G-Red, KDFE200-8G-Green, KDFE200-8G-Blue, KDFE200- 8G-Yellow, KDFE200-8G-Brown, KDFE200-8G-Gray, KDFE200-8G-Silver, KDFE200-16G-Red, KDFE200-16G-Green, KDFE200-16G-Blue, KDFE200-16G-Yellow, KDFE200-16G-Brown, KDFE200-16G-Gray, KDFE200-16G-Silver, KDFE200- 32G-Red, KDFE200-32G-Green, KDFE200-32G-Blue, KDFE200-32G-Yellow, KDFE200-32G-Brown, KDFE200-32G-Gray, KDFE200-32G-Silver, KDFE200-64G-Red, KDFE200-64G-Green, KDFE200-64G-Blue, KDFE200-64G-Yellow, KDFE200-64G-Brown, KDFE200-64G-Gray, KDFE200-64G-Silver, KDFE200-128G-Red, KDFE200-128G-Green, KDFE200-128G-Blue, KDFE200-128G-Yellow, KDFE200-128G-Brown, KDFE200-128G-Gray, KDFE200-128G-Silver); Firmware Version: 2.03.10 and 2.05.10))

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/24/2013;
02/28/2014;
06/05/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Kanguru Defender Elite 200™ is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device. It can also be used as a secure platform for remote access and virtualized applications run directly from the device. The device supports onboard hardware random number generation, RSA, HMAC and algorithms."
2065 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco 5508 Wireless LAN Controller
(Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Versions: 7.0.240.0 or 7.0.250.0)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/24/2013;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1347, #1348 and #2330); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #2014, #1228 and #1230); Triple-DES (Cert. #935); DRBG (Cert. #289)

-Other algorithms: AES (Cert. #2330, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
2064

CST Lab: NVLAP 200002-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/23/2013 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

2063 Neopost Technologies, S. A.
113 Rue Jean-Marin Naudin
Bagneux, 92220
France

-Nathalie TORTELLIER
TEL: 33 01 45 36 30 72
FAX: 33 01 45 36 30 10

CST Lab: NVLAP 200983-0

PSD MODEL 145, 146, 147, 148
(Hardware Version: 4150859LB; Firmware Version: P/N A0015972B, Version 28.02)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/18/2013 Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: RSA (Cert. #260); AES (Cert. #563); HMAC (Cert. #300); SHS (Cert. #629); ECDSA (Cert. #385); RNG (Cert. #328); CVL (Cert. #96)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Neopost PSD (Postal Security Device) for low range Postage Evidencing Systems (PES)."
2062 Cubic Global Tracking Solutions
2560 Mission College Blvd.
Suite 130
Santa Clara, CA 95054-1217
USA

-Paul Berenberg
TEL: 650-887-0805

-Brenda Perrow
TEL: 858-505-2355

CST Lab: NVLAP 200802-0

Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module
(Hardware Version: 380270-1 Rev. -; Firmware Version: mat_v2_1_0 or sink_v2_1_0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/17/2013;
01/24/2014
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #1863); DRBG (Cert. #150)

-Other algorithms: NDRNG

Single-chip

"The Cubic Managed Asset Tag Cryptographic Module and Cubic SINK Cryptographic Module securely sends and receives information collected from peripheral sensors to/from an external Cubic Gateway in support of Cubic Mist® mesh networking solutions."
2061 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Joshua Brickman
TEL: 781-442-0451
FAX: 1-781-442-0451

-Linda Gallops
TEL: 1-781-442-0451
FAX: 1-781-442-0451

CST Lab: NVLAP 200928-0

Oracle Solaris Kernel Cryptographic Framework
(Software Versions: 1.0 and 1.1)

(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/13/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Oracle Solaris 11.1 running on a M3000 Enterprise Server without AES-NI; Oracle Solaris 11.1 running on a Sun Server X3-2 with AES-NI; Oracle Solaris 11.1 running on a Sun Server X3-2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2309 and #2573); Triple-DES (Certs. #1456 and #1559); RSA (Certs. #1192 and #1320); ECDSA (Certs. #374 and #445); SHS (Certs. #1993 and #2173); HMAC (Certs. #1423 and #1595); RNG (Certs. #1151 and #1225)

-Other algorithms: AES-CTS (non-compliant); AES-XCBC-MAC (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Oracle Solaris OS utilizes the Oracle Solaris Kernel Cryptographic Framework module to provide cryptographic functionality for any kernel-level processes that require it, via Oracle-proprietary APIs."
2060 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Joshua Brickman
TEL: 781-442-0451
FAX: 1-781-442-0451

-Linda Gallops
TEL: 1-781-442-0451
FAX: 1-781-442-0451

CST Lab: NVLAP 200928-0

Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and SPARC T5
(Hardware Versions: 527-1437-01 and 7043165; Software Versions: 1.0 and 1.1)

(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 12/13/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Oracle Solaris 11.1 running on a SPARC T4-1 Server; Oracle Solaris 11.1 running on a SPARC T5-2 Server (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2311 and #2574); Triple-DES (Certs. #1458 and #1560); RSA (Certs. #1194 and #1321); ECDSA (Certs. #376 and #446); SHS (Cert. #1994); HMAC (Certs. #1425 and #1596); RNG (Certs. #1152, #1154, #1222 and #1226)

-Other algorithms: AES-CTS (non-compliant); AES-XCBC-MAC (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Oracle Solaris OS utilizes the Oracle Solaris Kernel Cryptographic Framework module to provide cryptographic functionality for any kernel-level processes that require it, via Oracle-proprietary APIs. The module includes the SPARC T4 processor special instruction sets for hardware-accelerated cryptography."
2059 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81 46 202 8074
FAX: +81 46 202 6304

CST Lab: NVLAP 100432-0

Gemini
(Hardware Version: 1.0.0; Firmware Version: 2.0.0 and 2.1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/13/2013;
05/22/2014;
10/31/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); SHS (Certs. #1364, #1365, #1366 and #1367); HMAC (Certs. #901 and #902); RSA (Certs. #750 and #751); RNG (Certs. #828, #829 and #830); CVL (Cert. #115)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5

Multi-chip embedded

"The primary purpose of the Gemini is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
2058 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 6.1 or 6.1.1.0.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/13/2013;
07/03/2014
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Oracle® JRE 7.0 on Microsoft® Windows 7™ (64-bit) running on Dell™ Dimension C521; JRE 6.0 on Android 2.2 ARM (32-bit) running on Lenovo® Thinkpad® T61 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2249); DRBG (Cert. #273); DSA (Cert. #701); ECDSA (Cert. #357); HMAC (Cert. #1378); PBKDF (vendor affirmed); RNG (Cert. #1123); RSA (Cert. #1154); SHS (Cert. #1938); Triple-DES (Cert. #1408); CVL (Cert. #39)

-Other algorithms: BPS; DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime; Shamir's Secret Sharing

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
2057 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 6.1or 6.1.1.0.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/13/2013;
07/03/2014
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Oracle® JRE 7.0 on Microsoft® Windows 7™ (64-bit) running on Dell™ Dimension C521; JRE 6.0 on Android 2.2 ARM (32-bit) running on Lenovo® Thinkpad® T61 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2249); DRBG (Cert. #273); DSA (Cert. #701); ECDSA (Cert. #357); HMAC (Cert. #1378); PBKDF (vendor affirmed); RNG (Cert. #1123); RSA (Cert. #1154); SHS (Cert. #1938); Triple-DES (Cert. #1408); CVL (Cert. #39)

-Other algorithms: BPS; DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime; Shamir's Secret Sharing

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
2056 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Version: 4.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/05/2013;
11/25/2014
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 32-bit); Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 64-bit); Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit); Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with AES-NI (x86 32-bit); Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit); Red Hat Enterprise Linux 5.5 running on a HP rx2600 (Itanium2 64-bit); Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit); Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit); Red Hat Enterprise Linux 6.0 running on a Intel Maho Bay with AES-NI (x86 64-bit); Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8 32-bit); Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8+ 32-bit); Oracle Solaris 10 running on a Sun Fire V240 (SPARC v9 64-bit); Oracle Solaris 10 running on a Dell Poweredge SC420 (x86 32-bit); Oracle Solaris 10 running on a Intel Sugar Bay with AES-NI (x86 32-bit); Oracle Solaris 10 running on a Dell Dimension E521 (x86 64-bit); Oracle Solaris 10 running on a Intel Sugar Bay with AES-NI (x86 64-bit); Microsoft Windows XP Professional SP3 running on a Dell Poweredge SC420 (x86 32-bit); Microsoft Windows XP Professional SP3 running on a Dell Precision M6500 with AES-NI (x86 32-bit); Microsoft Windows XP Professional SP2 running on a Indus Technologies Idex 410 (x86 64-bit); Microsoft Windows 7 SP1 running on a Dell Precision M6500 with AES-NI (x86 64-bit); Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 32-bit); Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 64-bit); Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit); Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit); IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 32-bit); IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 64-bit); IBM AIX v6.1 running on a IBM 9110-51A (PPC 32-bit); IBM AIX v6.1 running on a IBM 9110-51A (PPC 64-bit); IBM AIX v7.1 running on a IBM 8231-E2B (PPC 32-bit); IBM AIX v7.1 running on a IBM 8231-E2B (PPC 64-bit); HP HP-UX 11.23 running on a HP Visualize C3600 (PA RISC 2.0 32-bit); HP HP-UX 11.23 running on a HP Visualize C3600 (PA-RISC 2.0W 64-bit); HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 32-bit); HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 64-bit); Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 32-bit); Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RNG (Cert. #1057); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2055 ActivIdentity
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Stephane Ardiley
TEL: 510-745-6288
FAX: 510-574-0101

CST Lab: NVLAP 200427-0

ActivIdentity Digital Identity Applet v2 on Gemalto IDCore 3020 (v2)
(Hardware Version: A1023378; Firmware Version: Build#11 - M1005011+ Softmask V03, Applet Version: Digital Identity Applet Suite 2.7)

(PIV Card Application: Cert. #34)

(When operated with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/05/2013;
02/06/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed); CVL (Certs. #217 and #224)

-Other algorithms: N/A

Single-chip

"This module is based on a Java Card platform (IDCore 3020 v2) with 128K EEPROM memory and the ActivIdentity Digital Identity Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
2054 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0

Datacryptor® 100M Ethernet
(Hardware Version: 1600x439, Rev. 01 and 1600x439, Rev. 02; Firmware Version: 5.0)

(When configured with the Multi-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/05/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2014, #2030 and #2065); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34, key agreement; key establishment methodology provides 192 bits of encryption strength)

-Other algorithms: AES (Cert. #2014, key wrapping); HWRBG

Multi-chip standalone

"The Datacryptor® 100 Mbps Ethernet Layer 2 is a rack-mountable multi-chip standalone cryptographic module designed to secure data in transmissions across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Elliptic Curve Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM. Management of the Datacryptor® is performed via a remote management interface."
2053 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0

Datacryptor® 100M Ethernet
(Hardware Version: 1600x439, Rev. 01 and 1600x439, Rev. 02; Firmware Version: 5.0)

(When configured with the Point-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/05/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2014, #2030 and #2062); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1)

-Other algorithms: HWRBG

Multi-chip standalone

"The Datacryptor® 100 Mbps Ethernet Layer 2 is rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks. Management of the Datacryptor® is performed via a remote management interface."
2052 Juniper Networks, Inc
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 200697-0

MX Series 3D Universal Edge Routers with the Multiservices DPC
(Hardware Version: [(MX240 with one to two 750-024064), (MX480 and MX960 with one to four 750-024064)] with (750-021524 and RE-S-2000-4096-S) and JNPR-FIPS-TAMPER-LBL; Firmware Version: JUNOS-FIPS 10.4R11)

(The tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/05/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #762, #2218, #2221 and #2222); Triple-DES (Certs. #667, #1388, #1390 and #1391); SHS (Certs. #769, #1908, #1909, #1912 and #1913); HMAC (Certs. #417, #1348, #1349, #1351 and #1352); RNG (Cert. #1112); DSA (Cert. #688); RSA (Cert. #1137)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant); SSH KDF (non-compliant); IKEv1 KDF (non-compliant); NDRNG; ANSI X9.62 RNG (non-compliant)

Multi-chip standalone

"MX Series 3D Universal Edge Routers is a family of Ethernet routers designed to meet very large scale and medium-to-small size applications. It is capable of supporting business, mobile, and residential, services in even the fastest-growing networks and markets. With the Multiservices DPC (the MX Series) provides dedicated high-performance processing for flows and sessions, and integrates advanced security capabilities that protect the network infrastructure as well as user data."
2051 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

µMACE
(Hardware Version: P/N AT58Z04; Firmware Versions: R01.03.11, R01.03.12, or R01.03.13)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/03/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1876 and #2146); ECDSA (Cert. #263); KAS (Cert. #28); SHS (Cert. #1619); HMAC (Cert. #1313)

-Other algorithms: AES (Cert. #1876, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (Cert. #1876, vendor affirmed; P25 AES OTAR); AES (Cert. #2146; non-compliant); NDRNG

Single-chip

"The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products."
2050 Brocade Communications Systems, Inc
130 Holger Way,
San Jose, CA 95134
USA

-Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

Brocade ICX 6430 and ICX 6450 Series Stackable Switch with FastIron 7.4.00a Firmware
(Hardware Versions: ICX-6430-24 P/N 80-1006002-02, ICX-6430-24P P/N 80-1006000-02, ICX-6430-48 P/N 80-1006003-02, ICX-6430-48P P/N 80-1006001-02, ICX-6450-24 P/N 80-1005997-02, ICX-6450-24P P/N 80-1005996-02, ICX-6450-48 P/N 80-1005999-03 and ICX-6450-48P P/N 80-1005998-02 with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: FastIron v7.4.00a)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/03/2013;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1403); AES (Cert. #2243); SHS (Cert. #1933); HMAC (Cert. #1373); DRBG (Cert. #268); DSA (Cert. #696); RSA (Cert. #1149); ECDSA (Cert. #352)

-Other algorithms: RSA (key wrapping: key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC-MD5; SNMPv3 KDF; SSHv2 KDF; TLSv1.0 KDF; Proprietary two way encryption; DES

Multi-chip standalone

"The Brocade ICX 6430 and 6450 Switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks. Brocade ICX 6430 and 6450 are available in 24- and 48- port 10/100/1000/ Mbps models and 1 Gigabit Ethernet (GbE) or 10 GbE dual-purpose uplink/stacking ports, with or without IEEE 802.3af Power over Ethernet (PoE) and 802.3at Power over Ethernet Plus (PoE+ - to support enterprise edge networking, wireless mobility, and IP communications."
2049 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200928-0

SafeNet Software Cryptographic Library
(Software Version: 1.0)

(When operated in FIPS mode and when installed, initialized and configured as specified in Section 4 of the provided Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy; No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/27/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008R2 64-bit running on Dell PowerEdge R210II with AES-NI; Windows Server 2008 64-bit running on Dell PowerEdge R210II; Windows 7 64-bit running on a Acer Aspire AS5750 with AES-NI; Windows 7 32-bit running on a Acer Aspire AS5750; NetBSD 4.0 32-bit on Vmware ESX running on Dell PowerEdge R210II with AES-NI; Android 4.0 running on Beagleboard xM with AES-NI; RHEL 6.2 64-bit running on a Dell PowerEdge R210II with AES-NI; CentOS 5.6 32-bit running on a Dell PowerEdge 860 (Single User Mode)

-FIPS Approved algorithms: AES (Cert. #2286); Triple-DES (Cert. #1434); SHS (Cert. #1967); HMAC (Cert. #1402); RNG (Cert. #1137); DRBG (Cert. #283); RSA (Cert. #1176); DSA (Cert. #714); ECDSA (Cert. #370); CVL (Cert. #45)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The SafeNet Software Cryptographic Library is SafeNet's cryptographic service provider that provides extended high performance cryptographic services for SafeNet's broad range of Data Protection products."
2048 Allegro Software Development Corporation
1740 Massachusetts Avenue
Boxborough, MA 01719
USA

-Larry LaCasse
TEL: 978-264-6600

CST Lab: NVLAP 200928-0

Allegro Cryptographic Engine
(Software Version: 1.1.8)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/27/2013;
02/20/2014
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows 7 Ultimate running on a Dell Optiplex 755

-FIPS Approved algorithms: AES (Cert. #2671); Triple-DES (Cert. #1602); RSA (Cert. #1374); DSA (Cert. #810); ECDSA (Cert. #465); SHS (Cert. #2243); HMAC (Cert. #1661); DRBG (Cert. #430); CVL (Cert. #148); PBKDF2 (vendor affirmed)

-Other algorithms: MD5; AES (Cert. #2671, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #148, key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #148, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG

Multi-chip standalone

"Allegro’s suite of Embedded Device Security toolkits makes embedding standards-based security protocols into resource sensitive embedded systems and consumer electronics fast, easy and reliable. The Allegro Cryptographic Engine (ACE) is a cryptographic library module specifically engineered for embedded devices. The module provides embedded systems developers with an easily understood software interface to enable bulk encryption and decryption, message digests, digital signature creation and validation and key generation and exchange. For full details see www.allegrosoft.com/ace."
2047 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Damon Hopley
TEL: 781-515-6355

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Hardware Version: SPARC T4; Software Version: 4.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 11/25/2013;
11/25/2014
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Solaris 10 running on SPARC T4-2 (single user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RNG (Cert. #1057); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2046 WatchGuard Technologies, Inc.
505 Fifth Avenue South, Suite 500
Seattle, WA 98104
USA

-Peter Eng
TEL: 206-613-6600

CST Lab: NVLAP 200556-0

XTM 515, XTM 525, XTM 535 and XTM 545
(Hardware Versions: NC2AE8 (XTM 515, XTM 525, XTM 535 and XTM 545) with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.5.5)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/18/2013 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #1079 and #1380); AES (Certs. #1659 and #2180); SHS (Certs. #1453 and #1890); HMAC (Certs. #974 and #1334); RSA (Cert. #1124); ECDSA (Cert. #339); RNG (Cert. #1103); DSA (Cert. #684)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5; TKIP; AES-CCM (non-compliant); Password Based Key Derivation Function (for 128 bit AES key; non-compliant)

Multi-chip standalone

"WatchGuard Fireware XTM extensible threat management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need."
2045 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Version: 5.5fs)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/18/2013;
01/03/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Integrity O/S 5.0 running on Freescale MPC8544ADS Development System; iOS-5 running on Apple iPad 2; iOS-6 running on Apple iPad 2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2356 and #2096); Triple-DES (Cert. #1333); SHS (Cert. #1820); HMAC (Cert. #1271); RSA (Cert. #1075); DSA (Cert. #655); ECDSA (Cert. #307); RNG (Cert. #1078); DRBG (Cert. #221)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
2044 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0

Samsung Key Management Module
(Software Versions: KM1.1 and KM1.3)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/18/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 running on Galaxy S2 and Galaxy S3; Android Jelly Bean 4.1 running on Galaxy Note II; Android Jelly Bean 4.2 running on Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2048, #2098, #2142, #2143, #2257 and #2393); SHS (Certs. #1792, #1822, #1864, #1865, #1944 and #2055); RNG (Certs. #1069, #1080, #1097, #1098, #1127 and #1185); HMAC (Certs. #1245, #1273, #1309, #1310, #1384 and #1484); PBKDF (vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Provides general purpose key management services to user-space applications on the mobile platform."
2043 Hewlett-Packard Company
Longdown Avenue
Stoke Grifford, Bristol BS34 8QZ
United Kingdom

-Laura Loredo
TEL: 44 117 3162462

CST Lab: NVLAP 100432-0

HP LTO-6 Tape Drive
(Hardware Version: AQ278A #912 [1], AQ278C #704 [2], AQ288D #103 [3], and AQ298C #103 [4]; Firmware Version: J2AW [1], J2AS [2], 32AW [3], and 22CW [4])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/15/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1442, #2189 and #2190); HMAC (Cert. #1342); DRBG (Cert. #256); RSA (Certs. #1128 and #1129); SHS (Certs. #1897 and #1898); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: MD5; AES (AES Cert. #2189, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption."
2042 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0

Datacryptor® SONET/SDH OC-3/12/48/192C
(Hardware Version: 1600x435, Rev. 02 and 1600x427, Rev. 02; Firmware Version: 5.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/15/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2014, #2030, #2061 and #2063); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1)

-Other algorithms: HWRBG

Multi-chip standalone

"The Datacryptor® SONET/SDH OC-3/12/48/192C are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public SONET or SDH backbone networks. The devices use standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks."
2041 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0

Datacryptor® Gig Ethernet and 10 Gig Ethernet
(Hardware Version: 1600x433, Rev. 02 and 1600x437, Rev. 02; Firmware Version: 5.0)

(When configured with the Multi-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/15/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2014, #2030, #2064 and #2066); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34)

-Other algorithms: AES (Cert. #2014, key wrapping); HWRBG

Multi-chip standalone

"The Datacryptor® Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules designed to secure data transmissions across public Ethernet Layer 2 networks. The Gig Ethernet uses an SFP transceiver and the 10 Gig Ethernet uses a higher-speed XFP transceiver. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Elliptic Curve Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM."
2040 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032
(Hardware Versions: (FWE-S1104, FWE-S2008, FWE-S3008, FWE-S4016, FWE-S5032 and FWE-S6032) with FRU-686-0089-00; Firmware Version: 8.3.1)

(When installed, initialized and configured as indicated in the Security Policy in Section 3. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/15/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1833, #2303 and #2305); Triple-DES (Certs. #1185, #1451 and #1453); SHS (Certs. #1612, #1988 and #1990); HMAC (Certs. #1086, #1418 and #1420); RNG (Certs. #964, #1146 and #1148); RSA (Certs. #1187 and #1189); DSA (Certs. #722 and #724)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2039 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0

Datacryptor® Gig Ethernet and 10 Gig Ethernet
(Hardware Version: 1600x433, Rev. 02 and 1600x437, Rev. 02; Firmware Version: 5.0)

(When configured with the Point-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/15/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2014, #2030, #2061 and #2063); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1)

-Other algorithms: HWRBG

Multi-chip standalone

"The Datacryptor® 1 Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public Ethernet Layer 2 networks. The 1 Gig and 10 Gig units use an standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks."
2038 SafeLogic, Inc.
530 Lytton Avenue
Suite 200
Palo Alto, CA USA

-SafeLogic Inside Sales

CST Lab: NVLAP 200556-0

CryptoComply™ | Server
(Software Version: 2.1)

(The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/15/2013;
01/23/2014;
02/20/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755; SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755; CentOS 6.3 on a Dell OptiPlex 755; Mac OS X 10.8 on a MacBook Air; Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755; CentOS 6.3 on a GigaVUE-TA1 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"CryptoComply™ | Server is a standards-based "Drop-in Compliance" solution for servers and appliances. The module features robust algorithm support, including Suite B algorithm compliance. CryptoComply offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation."
2037 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones; 6510 FC Switch; 6520 FC Switch; and 7800 Extension Switch
(Hardware Versions: {[DCX Backbone P/Ns 80-1001064-10, 80-1006751-01, 80-1004920-04 and 80-1006752-01; DCX 8510-8 Backbone P/Ns 80-1004917-04 and 80-1007025-01; DCX-4S Backbone P/Ns 80-1002071-10, 80-1006773-01, 80-1002066-10 and 80-1006772-01; DCX 8510-4 Backbone P/Ns 80-1004697-04, 80-1006963-01, 80-1005158-04 and 80-1006964-01)] with Blade P/Ns 80-1001070-07, 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1006771-01, 80-1001071-02, 80-1006750-01 80-1000696-01, 80-1005166-02, 80-1005187-02, 80-1001066-01, 80-1006936-01, 80-1001067-01, 80-1006779-01, 80-1001453-01, 80-1006823-01, 80-1003887-01, 80-1007000-01, 80-1002762-04, 80-1006991-01, 80-1000233-10, 80-1002839-03, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05; 6510 FC Switch P/Ns 80-1005232-03, 80-1005267-03, 80-1005268-03, 80-1005269-03, 80-1005271-03 and 80-1005272-03; 6520 FC Switch P/Ns 80-1007245-01, 80-1007246-01, 80-1007242-01, 80-1007244-01 and 80-1007257-01; 7800 Extension Switch P/Ns 80-1002607-07, 80-1006977-02, 80-1002608-07, 80-1006980-02, 80-1002609-07 and 80-1006979-02} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.1.0 (P/N 63-1001187-01))

(When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/13/2013 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #652 and #1043); AES (Certs. #731, #1595 and #1596); SHS (Certs. #749, #1407 and #1408); HMAC (Certs. #397, #933 and #934); RNG (Certs. #426 and #854); RSA (Certs. #1048 and #1049)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96; SSHv2 KDF; TLSv1.0 KDF

Multi-chip standalone

"The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
2036 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200928-0

Luna® PCI-E Cryptographic Module
(Hardware Version: VBD-05, Version Code 0103; Firmware Version: 6.3.1)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/13/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1756, #2262 and #2282); DSA (Certs. #548, #704 and #712); ECDSA (Certs. #233, #364 and #369); KAS (Cert. #38), RSA (Certs. #1159 and #1173); SHS (Certs. #1947 and #1964); HMAC (Certs. #1386 and #1398); Triple-DES MAC (Triple-DES Certs. #1137, #1414 and #1430, vendor-affirmed); Triple-DES (Certs. #1137, #1414 and #1430); KBKDF (Cert. #6); DRBG (Cert. #277)

-Other algorithms: ARIA; AES MAC (Cert. #2282; non-compliant); CAST5; CAST5-MAC; CAST5-ECB; CAST5-CBC; DES; DES MAC; DES-ECB; DES-CBC; GENERIC-SECRET; HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC2-ECB; RC2-CBC; RC4; RC5; RC5-MAC; RC5-ECB; RC5-CBC; RSA (X-509; non-compliant); SEED; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Certs. #1756, #2262 and #2282, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1137, #1414 and #1430, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Luna® PCI-E for Luna® IS cryptographic module features powerful cryptographic processing and hardware key management for applications where performance and security are the priority. The multi-chip embedded hardware cryptographic module offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-E card."
2035 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Chris Marks
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

Brocade ICX 6610 Series Stackable Switch with FastIron 7.3.00c Firmware
(Hardware Versions: ICX 6610-24F-I (P/N: 80-1005350-03), ICX 6610-24F-E (P/N: 80-1005345-03), ICX 6610-24-I (P/N: 80-1005348-04), ICX 6610-24-E (P/N: 80-1005343-04), ICX 6610-24P-I (P/N: 80-1005349-05, ICX 6610-24P-E (P/N: 80-1005344-05), ICX 6610-48-I (P/N: 80-1005351-04, ICX 6610-48-E (P/N: 80-1005346-04, ICX 6610-48P-I (P/N: 80-1005352-05) and ICX 6610-48P-E (P/N: 80-1005347-05); with FIPS kit XBR-0000195; Firmware Version: FastIron (FI) v7.3.00c)

(When operated in FIPS mode with tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/13/2013 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #2150); Triple-DES (Cert. #1363); SHS (Cert. #1871); HMAC (Cert. #1317); DRBG (Cert. #239); DSA (Cert. #668); ECDSA (Cert. #324); RSA (Cert. #1106)

-Other algorithms: RSA (key wrapping: key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC-MD5; SNMPv3 KDF; SSHv2 KDF; TLSv1.0 KDF; proprietary two way encryption; DES

Multi-chip standalone

"The Brocade ICX 6610 delivers wire-speed, non-blocking performance across all ports to support latency-sensitive applications such as real-time voice and video streaming and VDI. Brocade ICX 6610 Switches can be stacked to provide an unprecedented 320 Gbps of backplane stacking bandwidth. Additionally, each switch can provide up to eight 10 Gigabit Ethernet (GbE) ports."
2034 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco FIPS Object Module
(Software Versions: 3.0 and 3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/13/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with Microsoft Windows 7 (32-bit) running on HP Pro 3130 Microtower with AES-NI; Mac OS X 10.7 running on Apple Mac Mini 5,2 with AES-NI; Free BSD 9.0 running Cisco UCS C200 M2 without AES-NI; Linux 2.6 running on Cisco UCS C210 M2 with AES-NI ; Linux 2.6 running on Cavium CN5200-EVP-MB4-Y without AES-NI; Android 4.0 running on Samsung SGH-T989 without AES-NI; Linux 2.6 running on Cisco ASR1K without AES-NI; Apple iOS 5.1 running on Apple iPad (MC705LL) without AES-NI; Android 4.0 running on Samsung Galaxy S II without AES-NI; Linux 2.6 running on a Cisco ASR1K without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2255 and #2558); CVL (Certs. #40 and #95); DRBG (Certs. #275 and #385); DSA (Certs. #703 and #783); ECDSA (Certs. #362 and #440); HMAC (Certs. #1382 and #1578); RNG (Certs. #1125 and #1215); RSA (Certs. #1156 and #1310); SHS (Certs. #1942 and #2157); Triple-DES (Certs. #1410 and #1548)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols."
2033 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200900-0

RSA BSAFE Crypto-J Software Module
(Software Version: 4.1)

(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1291)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/13/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux 2.6 with Sun JRE 5.0 running on Samsung MFP with PowerPC (32bit); Linux 2.6 with Sun JRE 6.0 running on Samsung MFP with ARM9 (32bit) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1109 and #2602); DRBG (Certs. #15 and #396); DSA (Certs. #357 and #789); ECDSA (Certs. #130 and #447); HMAC (Certs. #621 and #1609); RNG (Certs. #616 and #1231); RSA (Certs. #522 and #1330); SHS (Certs. #1032 and #2186); Triple-DES (Certs. #806 and #1568)

-Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
2032 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Greg Farris
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

VDX 6710, VDX 6720, VDX 6730 and VDX 8770 with Network OS (NOS) v3.0.1 Firmware
(Hardware Versions: VDX6710-54-F (P/N 80-1004843-04), VDX6710-54-R (P/N 80-1004702-04), VDX6720-16-F (P/N 80-1004566-07, 80-1006701-02), VDX6720-16-R (P/N 80-1004567-07, 80-1006702-02), VDX6720-24-F (P/N 80-1004564-07, 80-1006699-02), VDX6720-24-R (P/N 80-1004564-07, 80-1006700-02), VDX6720-40-F (P/N 80-1004565-07, 80-1006305-02), VDX6720-40-R (P/N 80-1004571-07, 80-1006306-2), VDX6720-60-F (P/N 80-1004568-07, 80-1006303-02), VDX6720-60-R (P/N 80-1004569-07, 80-1006304-02), VDX6730-16-F (P/N 80-1005469-03, 80-1006709-02), VDX6730-16-R (P/N 80-1005651-03, 80-1006711-02), VDX6730-24-F (P/N 80-1005648-03, 80-1006708-02), VDX6730-24-R (P/N 80-1005650-03, 80-1006710-02), VDX6730-40-F (P/N 80-1005680-03, 80-1006719-02), VDX6730-40-R (P/N 80-1005681-03, 80-1006720-02), VDX6730-60-F (P/N 80-1005679-03, 80-1006718-02), VDX6740-60-R (P/N 80-1005678-03, 80-1006717-02), VDX8770-4 (P/N 80-1005850-02, 80-1006532-02) and VDX8770-8 (P/N 80-1005905-02, 80-1006533-02) with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: Network OS (NOS) v3.0.1)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/13/2013 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #1431 and #1432); AES (Certs. #2283 and #2285); SHS (Certs. #1965 and #1966); HMAC (Certs. #1399 and #1400); RNG (Certs. #1135 and #1136); RSA (Certs. #1174 and #1175)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96; SSHv2 KDF (non-compliant); TLS KDF (non-compliant)

Multi-chip standalone

2031 Stonesoft Corporation
Itälahdenkatu 22A
Helsinki, FI-00210
Finland

-Klaus Majewski
TEL: +358-40-824-7908

-Jorma Levomäki
TEL: +358-9-476711

CST Lab: NVLAP 200658-0

Stonesoft Cryptographic Library
(Software Version: 1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/13/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-315; Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-1301 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2240 and #2241); Triple-DES (Certs. #1401 and #1402); DSA (Certs. #694 and #695); RSA (Certs. #1147 and #1148); ECDSA (Certs. #349 and #350); SHS (Certs. #1929 and #1930); DRBG (Certs. #266 and #267); HMAC (Certs. #1370 and #1371); CVL (Certs. #37 and #38)

-Other algorithms: Diffie-Hellman (CVL Certs. #37 and #38, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #37 and #38, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); AES (Certs. #2240 and #2241, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength)

Multi-chip standalone

"Stonesoft Cryptographic Library is a software module that provides cryptographic services for Stonesoft network security products."
2030 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81 46 202 8074
FAX: +81 46 202 6304

CST Lab: NVLAP 100432-0

Aspen
(Hardware Versions: 1.0.0 and 1.1.0; Firmware Versions: 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1 and 1.2.2)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/13/2013;
11/22/2013;
01/23/2014;
08/29/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); SHS (Certs. #1364, #1365, #1366 and #1367); HMAC (Certs. #901 and #902); RSA (Certs. #750 and #751); RNG (Certs. #828, #829, #830, #1279); CVL (Cert. #115)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5;

Multi-chip embedded

"The primary purpose of the Aspen is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
2029 Atos Worldline
Haachtsesteenweg 1442, B-1130
Brussels, Belgium

-Filip Demaertelaere
TEL: +32 2 727 61 67

CST Lab: NVLAP 200556-0

Atos Worldline Adyton Cryptographic Module
(Hardware Version: 9071000001; Firmware Version: 1.2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/13/2013 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Cert. #1810); DRBG (Cert. #138); HMAC (Cert. #1068); KBKDF (Cert. #2); RSA (Cert. #907); SHS (Cert. #1589)

-Other algorithms: NDRNG; AES (Cert. #1810, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip embedded

"Atos Worldline’s Adyton is an innovative high-performance Hardware Security Module (HSM) platform. The design of the Adyton is based on high security, reliability and robustness, user friendliness, and conformance to international security standards. Adyton has an integrated color display, full HEX capacitive keyboard, chip card reader, fingerprint reader, and a USB Host connection."
2028

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/12/2013 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip embedded

2027

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/12/2013 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip embedded

2026 McAfee, Inc.
2821 Mission College Blvd.
Suite 100
Santa Clara, CA 95054
USA

-James Reardon
TEL: 651-628-5346

CST Lab: NVLAP 200928-0

McAfee Database Security Server Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 4 and operated in FIPS140_MODE)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/12/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 with Sun JRE 5.0; Microsoft Windows XP SP3 with Sun JRE 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1465 and #1766); DRBG (Certs. #57 and #117); DSA (Certs. #464 and #552); ECDSA (Certs. #182 and #236); HMAC (Certs. #863 and #1036); RNG (Certs. #802 and #940); RSA (Certs. #717, #881 and FIPS 186-3, vendor affirmed); SHS (Certs. #1328 and #1549); Triple-DES (Certs. #988 and #1143)

-Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random

Multi-chip standalone

"McAfee Database Security Server Cryptographic Module provides FIPS 140-2 validated services to the server component of the McAfee Database Security product line."
2025 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: (845) 454-6397
FAX: (801) 999-2973

-Tammy Green
TEL: (845) 454-6397

CST Lab: NVLAP 200928-0

Blue Coat Systems, Software Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/12/2013;
05/20/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Solera Operating Environment v6.5.0 running on a Dell Poweredge model R720; Solera Operating Environment v6.5.0 on Vmware ESXi v5.0 running on Dell Poweredge model R720; Solera Operating Environment v6.6.9 on Vmware ESX 5.5 running on Dell Poweredge model R720; Solera Operating Environment v6.6.9 running on Dell Poweredge model R720 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1364); AES (Cert. #2153); SHS (Cert. #1873); HMAC (Cert. #1318); RNG (Cert. #1101); DSA (Cert. #669); RSA (Cert. #1108)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman; AES-CFB1 (non-compliant); ECDSA (non-compliant); EC Diffie-Hellman

Multi-chip standalone

"The Blue Coat Systems, Software Cryptographic Module is a software multi-chip standalone module, providing cryptographic services for Solera DeepSee Software. Solera DeepSee is a solution for security intelligence and analytics that creates a complete record of network traffic. The module is a shared library that links to Solera DeepSee components."
2024 Coco Communications
800 5th Avenue Suite 3700
Seattle, WA 98104
USA

-David Weidenkopf
TEL: 206-812-5783
FAX: 206-770-6461

-A. Riley Eller
TEL: 206-812-5726
FAX: 206-770-6461

CST Lab: NVLAP 200658-0

CoCo Cryptographic Module 2.0
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/12/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux 2.6 32-bit running on oMG 2000; Vyatta 6.4 32-bit running on Dell PowerEdge R210 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2299 and #2300); Triple-DES (Certs. #1446 and #1447); SHS (Certs. #1980, #1981, #1982 and #1983); HMAC (Certs. #1411, #1412, #1413 and #1414)

-Other algorithms: N/A

Multi-chip standalone

"The CoCo Cryptographic Module is a Linux loadable kernel module that provides cryptographic services in the Linux kernel. It provides an API that can be used by other kernel services."
2023 Nuvoton Technology Corporation
8 Hasadnaot Street
Herzlia, 46130
Israel

-Rachel Menda-Shabat
TEL: (972) 9-9702219

-Oren Tanami
TEL: (972)9-9702219

CST Lab: NVLAP 200556-0

Nuvoton TPM 1.2
(Hardware Version: FD5C37; Firmware Version: 4.1.5)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/08/2013 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #2354); RSA (Cert. #1215); SHS (Cert. #2028); HMAC (Cert. #1460); RNG (Cert. #1174); CVL (Cert. #59)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Single-chip

"Nuvoton Trusted Platform Module is a hardware cryptographic module, a member of the Nuvoton SafeKepper family, which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 1.2 specification for PC-Client TPM."
2022

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/08/2013 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

2021 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple iOS CoreCrypto Kernel Module, v4.0
(Software Version: 4.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/07/2013;
11/22/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with iOS 7.0 running on an iPhone4 with Apple A4 CPU; iOS 7.0 running on an iPhone4S with Apple A5 CPU; iOS 7.0 running on an iPhone5 with Apple A6 CPU; iOS 7.0 running on iPad (3rd generation) with Apple A5 CPU; iOS 7.0 running on an iPhone5S with Apple A7 CPU (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1527, #1528, #1529 and #1595); AES (Certs. #2493, #2494, #2495, #2496, #2497, #2498, #2655 and #2656); SHS (Certs. #2113, #2114, #2115, #2167, #2169, #2171, #2228 and #2229); ECDSA (Certs. #425, #426, #427 and #458); HMAC (Certs. #1535, #1536, #1537, #1588, #1590, #1592, #1646 and #1647); DRBG (Certs. #350, #351, #352 and #422); PBKDF (vendor affirmed)

-Other algorithms: ECDSA (non-compliant); RSA (non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2020 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple iOS CoreCrypto Module, v4.0
(Hardware Version: A4, A5, A6 and A7; Software Version: 4.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 11/07/2013;
11/22/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with iOS 7.0 running on an iPhone4 with Apple A4 CPU; iOS 7.0 running on an iPhone4S with Apple A5 CPU; iOS 7.0 running on an iPhone5 with Apple A6 CPU; iOS 7.0 running on iPad (3rd generation) with Apple A5 CPU; iOS 7.0 running on an iPhone5 with Apple A7 CPU (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1530, #1531, #1542, #1596 and #1597); AES (Certs. #2499, #2500, #2501, #2502, #2503, #2504, #2505, #2506, #2507, #2508, #2509, #2547, #2657, #2658, #2659, #2660, #2661 and #2662); RSA (Certs. #1289, #1290, #1302, #1367 and #1368); SHS (Certs. #2119, #2120, #2148, #2168, #2170, #2172, #2230, #2231, #2232 and #2233); ECDSA (Certs. #428, #429, #437, #459 and #460); HMAC (Certs. #1541, #1542, #1568, #1589, #1591, #1593, #1648, #1649, #1650 and #1651); DRBG (Certs. #353, #354, #355, #356, #357, #380, #423, #424, #425 and #426); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); RSA (non-compliant); ECDSA (non-compliant); DES; MD2; MD4; MD5; RIPEMD; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC

Multi-chip standalone

"The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2019 Hewlett-Packard Company
Longdown Avenue
Stoke Grifford, Bristol BS34 8QZ
United Kingdom

-Laura Loredo
TEL: 44 117 3162462

CST Lab: NVLAP 100432-0

HP LTO-6 Tape Drive
(Hardware Versions: AQ278A #912 [1], AQ278B #901 [2], AQ278C #704 [3], AQ288D #103 [4], AQ298C #103 [5], and AQ298A #900 [6]; Firmware Version: J2AW [1], J2AZ [2], J2AS [3], 32AW [4], 22CW [5], and 22CZ [6])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/07/2013 Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #1442, #2189 and #2190); HMAC (Cert. #1342); DRBG (Cert. #256); RSA (Certs. #1128 and #1129); SHS (Certs. #1897 and #1898); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: MD5; AES (AES Cert. #2189, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption."
2018 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Laurence Hamid
TEL: 819-595-3069
FAX: 819-595-3343

CST Lab: NVLAP 100432-0

Imation S250/D250
(Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Versions: 4.0.4 and 4.0.5)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/07/2013;
02/20/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
2017 Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

-Udayan Borkar
TEL: 408-528-2361
FAX: 408-528-2540

-Colin Cooper
TEL: 408-528-2871
FAX: 408-528-2540

CST Lab: NVLAP 100432-0

AP 71xx Series Wireless Access Points - AP 7131N, AP 7131N-GR, AP 7161, AP 7181
(Hardware Versions: AP7131N, AP7131N-GR, AP7161, AP7181; Firmware Version: 5.4.10.0-050GR)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/07/2013;
12/20/2013
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #861, #1114, #2377 and #2378); HMAC (Cert. #1478); KDF (Cert. #10); CVL (Certs. #66, #67, #68 and #69); RNG (Cert. #1180); RSA (Cert. #1231); SHS (Certs. #1037 and #2048); Triple-DES (Cert. #1487).

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); NDRNG; MD5

Multi-chip standalone

"The AP-71xx Series 802.11n Wireless Access Points deliver the high throughput, coverage, and resiliency required to build an all-wireless enterprise. The dual and tri-radio options provide simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and wireless intrusion detection/prevention services."
2016 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple OS X CoreCrypto Kernel Module, v4.0
(Software Version: 4.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/07/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with OS X 10.9 running on Mac mini with i5 CPU with AES-NI; OS X 10.9 running on Mac mini with i5 CPU without AES-NI; OS X 10.9 running on iMac with i7 CPU with AES-NI; OS X 10.9 running on iMac with i7 CPU without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1532 and #1533); AES (Certs. #2511, #2512, #2513, #2514, #2515, #2516, #2517 and #2518); SHS (Certs. #2124, #2125, #2126, #2127, #2128 and #2129); ECDSA (Certs. #430 and #431); HMAC (Certs. #1546, #1547, #1548, #1549, #1550 and #1551); DRBG (Certs. #358, #359, #360, #361, #362 and #363); PBKDF (vendor affirmed)

-Other algorithms: RSA (non-compliant); ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2015 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple OS X CoreCrypto Module, v4.0
(Software Version: 4.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/07/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with OS X 10.9 running on Mac mini with i5 CPU with AES-NI; OS X 10.9 running on Mac mini with i5 CPU without AES-NI; OS X 10.9 running on iMac with i7 CPU with AES-NI; OS X 10.9 running on iMac with i7 CPU without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1534, #1535, #1536 and #1537); AES (Certs. #2519, #2520, #2521, #2523, #2524, #2027, #2528, #2529, #2530, #2531, #2532, #2533, #2534, #2535, #2536, #2537, #2538, #2539, #2540 and #2541); RSA (Certs. #1293, #1294, #1295 and #1296); SHS (Certs. #2130, #2131, #2132, #2133, #2134, #2135, #2136, #2137, #2138, #2139, #2140 and #2141); ECDSA (Certs. #432, #433, #434 and #435); HMAC (Certs. #1552, #1553, #1554, #1555, #1556, #1557, #1558, #1559, #1560, #1561, #1562 and #1563); DRBG (Certs. #364, #365, #366, #367, #368, #369, #370, #371, #372, #373, #374 and #375); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (P-192, P-224 and P-521; non-compliant); RSA (non-compliant); DES; MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC

Multi-chip standalone

"The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2014 Atmel Corporation
1150 E. Cheyenne Mountain Blvd.
Colorado Springs, CO 80906
USA

-Jim Hallman
TEL: 919-846-3391

-Todd Slack
TEL: (719) 540-3021

CST Lab: NVLAP 200002-0

Atmel Trusted Platform Module
(Hardware Versions: AT97SC3204-X4 [1], AT97SC3204-U4 [1], AT97SC3204-G4 [1], AT97SC3204-H4 [1], AT97SC3205-X3 [2], AT97SC3205-U3 [2], AT97SC3205-G3 [2], AT97SC3205-H3 [2], AT97SC3205T-X3 [3], AT97SC3205T-U3 [3], AT97SC3205T-G3 [3] and AT97SC3205T-H3 [3]; Firmware Versions: 1.2.29.01 [1], 1.2.42.05 [2] and 1.2.42.06 [3])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2013;
04/11/2014;
05/20/2014
Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #2333 and #2806); SHS (Certs. #2015 and #2354); HMAC (Certs. #1445 and #1757); RSA (Certs. #1203 and #1469); RNG (Certs. #1163 and #1273); CVL (Cert. #250)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MGF1; NDRNG

Single-chip

"The AT97SC3204 and AT97SC3205 are single chip cryptographic modules used for cryptographic key generation, key storage and key management as well as generation and secure storage for digital certificates."
2013 Dispersive Solutions, Inc.
4501 Singer Court
Suite 220
Chantilly, VA 20151
USA

-Carolyn O’Neill Griffin
TEL: 703-209-7458

CST Lab: NVLAP 200556-0

DSI V2VNet Mobile Crypto Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/05/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus; iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"V2VNet Mobile Crypto Module provides cryptographic functions for Dispersive Solutions V2VNet Mobile Edition, a scalable solution allowing clients to communicate directly with other clients, and securely route voice, video and data communications."
2012 Juniper Networks, Inc.
1194 N. Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Networks Pulse Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/05/2013;
12/11/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with IVE OS 1.1 (32-bit) running on a Juniper MAG4610; IVE OS 1.1 (32-bit) on Vmware ESX running on an HP ProLiant BL2x220c G6 Blade Server; IVE OS 1.1 (32-bit) on Vmware ESXi running on an IBM HS22 Blade Server without AES-NI; IVE OS 1.1 (32-bit) on Vmware ESXi running on an IBM HS22 Blade Server with AES-NI; Microsoft Windows 7 (32-bit) running on a Dell Poweredge 860 without AES-NI; Microsoft Windows 7 (32-bit) running on an Acer Aspire with AES-NI; Microsoft Windows 7 (64-bit) running on a Dell Poweredge 850 without AES-NI; Microsoft Windows 7 (64-bit) running on an Acer Aspire with AES-NI; OS X 10.8 (64-bit) running on a Macbook Pro without AES-NI; OS X 10.8 (64-bit) running on a Macbook Pro with AES-NI (single-user mode)

-FIPS Approved algorithms: RNG (Certs. #985 and #1212); DRBG (Certs. #157 and #383); Triple-DES (Certs. #1223 and #1545); AES (Certs. #1884 and #2553); SHS (Certs. #1655 and #2153); HMAC (Certs. #1126 and #1573); RSA (Certs. #960 and #1306); DSA (Certs. #589 and #780); ECDSA (Certs. #270 and #438); CVL (Certs. #12 and #91)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"Juniper Networks Junos Pulse delivers secure, remote and local network access. It includes the Junos Pulse client, Junos Pulse Secure Access Service (SSL-VPN), and Junos Pulse Access Control Service (UAC) - available on the MAG Series Junos Pulse Gateways or as virtual appliances. Junos Pulse grants authorized users granular, policy-driven secure, remote and LAN-based network access based on their role, identity, device and location. It supports broad coverage across mobile and non-mobile devices, with built-in device integrity checks to further enable secure BYOD initiatives."
2011 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0

FortiGate-200B [1], FortiGate-300C [2], FortiGate-310B [3], FortiGate-600C [4] and FortiGate-620B [5]
(Hardware Version: C4CD24 [1], C4HY50 [2], C4ZF35 [3], C4HR40 [4] and C4AK26 [5] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [1, 3, 5] or FIPS-SEAL-RED [2,4]; Firmware Version: FortiOS 4.0, build3830, 131223)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/05/2013;
06/27/2014
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2277, #2279, #2607 and #2608); Triple-DES (Certs. #1424, #1426, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1958, #1960, #2191 and #2194); HMAC (Certs. #1395, #1397, #1615 and #1616); RSA (Certs. #1168, #1170 and #1334)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2010 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0

FortiGate-5140 Chassis with FortiGate 5000 Series Blades
(Hardware Version: Chassis: C4GL51; Blades: P4CF76, P4CJ36-02, P4CJ36-04 and P4EV74; AMC Components: P4FC12 and AMC4F9; Shelf Manager: PN 21594 346; Alarm Panel: PN 21594 159; Air Filter: PN P10938-01; Front Filler Panel: PN P10945-01: ten; Rear Filler Panel: PN P10946-01: fourteen; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build3830, 131223)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/05/2013;
06/27/2014
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs.#2276, #2277, #2278, #2607 and #2608); Triple-DES (Certs. #1423, #1424, #1425, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1957, #1958, #1959, #2191 and #2192); HMAC (Certs. #1394, #1395, #1396, #1615 and #1616); RSA (Certs. #1168, #1169 and #1334)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2009 Stanley Security Solutions, Inc.
6161 E 75th Street
PO Box 50444
Indianapolis, IN 46250
USA

-Mr. Robert Strong
TEL: 317-806-3288

-Mr. Thomas Schuster
TEL: 317-806-3150

CST Lab: NVLAP 100414-0

Wi-Q Communication Server Cryptographic Module
(Software Version: 3.0.27)

(When operated in FIPS mode with Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1010 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/05/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 with SP2 running on a Lenovo Thinkpad T410 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #739); DRBG (vendor affirmed); HMAC (Cert. #408); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Communication Server Cryptographic Module (CSCM) is a software solution that provides secure key retrieval and key transfer functions within the Stanley Wi-Q Wireless Access Control System."
2008 Hewlett-Packard TippingPoint
7501N. Capital of Texas Highway
Austin, TX 78731
USA

-Dinesh Vakharia
TEL: 512-681-8271

-Freddie Jimenez Jr.
TEL: 512-681-8305

CST Lab: NVLAP 200427-0

HP TippingPoint Intrusion Prevention System
(Hardware Versions: 5200NX and 7100NX; Firmware Version: 3.5)

(When operated in FIPS mode with pick-resistant locks and opaque cover installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/25/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #2183); HMAC (Cert. #1337); RNG (Cert. #1105); RSA (Cert. #1126); SHS (Cert. #1892); Triple-DES (Cert. #1383)

-Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
2007 GDC Technology (USA), LLC
1016 West Magnolia Boulevard
Burbank, CA 91506
USA

-Pranay Kumar
TEL: 852-2507 9565
FAX: (852) 2507 1131

-Peter Lin
TEL: (852) 2507 9557
FAX: (852) 2507 1131

CST Lab: NVLAP 100432-0

Standalone IMB
(Hardware Versions: GDC-IMB-v2, R8 and R9; Firmware Version: 2.0 with Security Manager Firmware Version 1.3.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/25/2013 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2148 and #2149); SHS (Certs. #1869 and #1870); RNG (Cert. #1100); RSA (Cert. #1105); HMAC (Certs. #1315 and #1316)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; S-Box; EC Diffie-Hellman

Multi-chip embedded

"A digital cinema standalone integrated media block that is compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management, and logging."
2006 Bull SAS
Rue Jean Jaurès
B.P.68
Les Clayes sous Bois, 78340
France

-Jean-Luc CHARDON
TEL: +33 1 30 80 79 14
FAX: +33 1 30 80 78 87

-Pierre-Jean AUBOURG
TEL: +33 1 30 80 77 02
FAX: +33 1 30 80 78 87

CST Lab: NVLAP 200928-0

CHR Cryptographic Module
(Hardware Version: 005/A; Firmware Version: V1.04-00L)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/25/2013 Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS Approved algorithms: RSA (Cert. #1107); SHS (Cert. #1872)

-Other algorithms: N/A

Multi-chip standalone

"The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Protect HR" and "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR."
2005 Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, NY 14534
USA

-Michael O'Brien
TEL: 585-267-8345
FAX: 585-248-9185

CST Lab: NVLAP 100432-0

Communication Server
(Software Versions: 6.5.624, 6.6.287 or 7.0.932)

(When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode), (Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1010 operating in FIPS mode) or (Windows 8 and Windows Server 2012 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1894 operating in FIPS mode)]))

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/25/2013;
11/07/2014;
11/25/2014
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 running on a Dell OptiPlex 755; Microsoft Windows Server 2008 running on a Dell OptiPlex 760; Microsoft Windows 8 running on Dell OptiPlex 7010; Microsoft Windows Server 2012 running on SuperMicro 827-14 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1650 and #3088); RNG (Certs. #882 and #1313)

-Other algorithms: RC2

Multi-chip standalone

"The Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel's advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
2004 Covia Labs, Inc.
465 Fairchild Dr
Ste 130
Mountain View, CA 94043
USA

-David Kahn
TEL: 650-351-6444 x110
FAX: 650-564-9740

-Dan Illowsky
TEL: 650-351-6444 x111
FAX: 650-564-9740

CST Lab: NVLAP 100432-0

Covia Connector Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/30/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.8 running on an Acer AX1430-UR12P (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1896); ECDSA (Cert. #265); DRBG (Cert. #158); SHS (Cert. #1665); HMAC (Cert. #1136); KAS (Cert. #30)

-Other algorithms: AES (Cert. #1896, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); KBKDF (non-compliant)

Multi-chip standalone

"The Covia Connector Cryptographic Module provides cryptographic services for the Covia Connector. These services include but are not limited to pseudo-random number generation, symmetric and asymmetic key generation, data encryption and decryption, key wrapping, and key unwrapping."
2003 Doremi Labs
1020 Chestnut St.
Burbank, CA 91506
USA

-Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

-Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 200802-0

IMS-SM
(Hardware Versions: (IMS-SM-C1 and IMS-SM-C2) [1] and (IMS-SM-E1 and IMS-SM-E2) [2]; Firmware Versions: (4.0.3-0, 4.0.0-3 and 6.0.3-0) [1] and (4.2.0-4, 4.2.0-3 and 6.0.12-0) [2])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/30/2013;
01/03/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1252, #1383 and #2220); HMAC (Cert. #731); SHS (Cert. #1148); RNG (Certs. #693 and #696); RSA (Certs. #600, #601 and #777)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG; MD5; HMAC-MD5; EC Diffie-Hellman (non-compliant), TI S-box

Multi-chip embedded

2002 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst 6503-E, Catalyst C6504-E, Catalyst 6506-E, Catalyst 6509-E and Catalyst 6513-E Switches with Supervisor Cards (VS-S2T-10G and VS-S2T-10G-XL) and Line Cards (WS-X6908-10G, WS-X6908-10G-2TXL, WS-X6904-40G-2T and WS-X6904-40G-2TXL)
(Hardware Versions: (6503-E -H0, 6504-E -G0, 6506-E -M0, 6509-E -N0 and 6513-E -S0; Supervisor Cards VS-S2T-10G -B0 and VS-S2T-10G-XL -C0; Line Cards WS-X6904-40G-2T -A0, WS-X6904-40G-2TXL -A0, WS-X6908-10G -A0 and WS-X6908-10G-2TXL-B0; Slot Cover SPA-BLANK -G0) with FIPS kit packaging (CVPN6500FIPS/KIT=); Firmware Version: 15.1(1)SY1)

(When operated in FIPS mode with the tamper evident labels and security devices installed on the initially built configurations as indicated in Table 1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/19/2013;
11/01/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1426, #1427, #1589 and #2252); DRBG (Cert. #274); HMAC (Cert. #1380); RSA (Cert. #1155); SHS (Cert. #1940); Triple-DES (Cert. #1409)

-Other algorithms: AES (Cert. #2252, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Catalyst 6500 series switches offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco switches easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
2001 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200928-0

SafeNet ProtectDrive Cryptographic Engine
(Software Version: 1.0.1)

(When operated in FIPS mode. For Windows 7: With module Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1328 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/17/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP SP3 (X86 version) running on Dell E6400; Windows 7 Ultimate Edition SP1 (X86 version) running on Dell E6400; Windows 7 Ultimate Edition SP1 (X64 version) running on Dell E6400 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1998, #1999 and #2000); SHS (Certs. #1751, #1752, #1753 and #1754); RNG (Cert. #1048); HMAC (Certs. #1208, #1209 and #1210); PBKDF2 (vendor affirmed)

-Other algorithms: DES; Triple-DES (non-compliant); IDEA; RSA (non-compliant)

Multi-chip standalone

"SafeNet ProtectDrive Cryptographic Engine 1.0.1 provides cryptographic services and key management for the SafeNet ProtectDrive Disk Encryption product. SafeNet ProtectDrive delivers full disk encryption for general purpose computers, laptops and removable media."
2000 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200928-0

SafeNet ProtectDrive Cryptographic Engine
(Software Version: 1.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/17/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX620 3.0 GHz Intel Pentium D Processor 830 (1 CPU), running 32-bit WindowsXP version 5.1 SP2

-FIPS Approved algorithms: AES (Certs. #1998, #1999 and #2000); SHS (Certs. #1751, #1752, #1753 and #1754); RNG (Cert. #1048); HMAC (Certs. #1208, #1209 and #1210); PBKDF2 (vendor affirmed)

-Other algorithms: DES; Triple-DES (non-compliant); IDEA; RSA (non-compliant)

Multi-chip standalone

"SafeNet ProtectDrive Cryptographic Engine 1.0.1 provides cryptographic services and key management for the SafeNet ProtectDrive Disk Encryption product. SafeNet ProtectDrive delivers full disk encryption for general purpose computers, laptops and removable media."
1999 Thales Communications, Inc.
22605 Gateway Center Drive
Clarksburg, MD 20871
USA

-Darlo Concepcion
TEL: 240-864-7866
FAX: 240-864-7698

-Jim Kent
TEL: 240-864-7681
FAX: 240-864-7698

CST Lab: NVLAP 200427-0

Liberty™ Cryptographic Module
(Firmware Version: 01.00.05.0018)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 09/17/2013 Overall Level: 1 

-Tested: Thales Liberty Radio PRC7332 with Green Hills INTEGRITY Version 5.0.10

-FIPS Approved algorithms: AES (Cert. #2185); HMAC (Cert. #1338); RNG (Cert. #1106); SHS (Certs. #1893 and #1894)

-Other algorithms: AES (Cert. #2185, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #2185, vendor affirmed; P25 AES OTAR); DES; DES MAC

Multi-chip standalone

"The Liberty™ Cryptographic Module is a firmware stand alone executable module which provides FIPS 140-2 Level 1 certified cryptographic functionality for devices that utilize the APCO project 25 standard. The Liberty™ Cryptographic Module uses Green Hills Integrity™ address space seperation to provide secure isolation of the cryptographic module without requiring a separate cryptographic hardware module."
1998 Motorola Mobility LLC
600 North U.S. Highway 45
Libertyville, IL 60048
USA

-Jose Afonso Pinto
TEL: +55 19-3847-6580
FAX: n/a

-Wesley Ribeiro
TEL: +55 19-3847-6199
FAX: n/a

CST Lab: NVLAP 100432-0

Motorola Mobility Linux Kernel Software Cryptographic Module
(Software Version: 1.0)

(No assurance of the minimum strength of provided entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/17/2013;
01/03/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 4.1.2 running on a Motorola Droid Razr HD/XT926; Android 4.2.2 running on a Motorola Droid Ultra (XT1080); Android 4.3 running on a Motorola Moto G (XT1028); Android 4.4 running on a Motorola Moto X (XT1060) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2287); HMAC (Cert. #1403); RNG (Cert. #1138); SHS (Cert. #1968); Triple-DES (Cert . #1435)

-Other algorithms: N/A

Multi-chip standalone

"Motorola Mobility Linux Kernel Software Cryptographic Module is a software only Linux kernel cryptographic module intended to operate on a multi-chip standalone personal mobile device running Android. It provides general-purpose cryptographic services to the remainder of the Linux kernel. It is designed to operate at FIPS 140-2 overall security level 1."
1997 Check Point Software Technologies Ltd
5 Ha'solelim Street
Tel Aviv, 67897
Israel

-Malcom Levy
TEL: +972-37534561
FAX: 732-416-1370

CST Lab: NVLAP 200427-0

Check Point CryptoCore
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/13/2013 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Check Point Pre-boot environment (16-bit) running on a Dell Latitude E6500 without AES-NI; Check Point Pre-boot environment (16-bit) running on a Apple MacBook Pro with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2181); Triple-DES (Cert. #1381); Triple-DES MAC (Triple-DES Cert. #1381, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows 7, Mac OS X, and UEFI firmware. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries."
1996 Fixmo, Inc.
15 Toronto Street
Suite 1100
Toronto, Ontario M5C 2E3
Canada

-Daniel Ford
TEL: 443-380-3673

CST Lab: NVLAP 200556-0

Fixmo Client Crypto Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/06/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus; iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Fixmo Client Crypto Module provides cryptographic functions for Fixmo client applications and solutions."
1995 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200427-0

Sun Crypto Accelerator 6000
(Hardware Versions: 375-3424, Revisions -02, -03, -04, -05 and -06; Firmware Versions: Bootstrap version 1.0.1 or 1.0.10, Operational firmware versions 1.1.7, 1.1.8 or 1.1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/11/2013;
12/17/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #397 and #2312); DSA (Cert. #319); ECDSA (Cert. #377); HMAC (Certs. #1427 and #1428); RNG (Cert. #1155); RSA (Certs. #1195 and #1196); SHS (Certs. #1995 and #1996); Triple-DES (Cert. #435)

-Other algorithms: AES (Cert. #2312, key wrapping; key establishment methodology provides between 128 and 160 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2

Multi-chip embedded

"The SCA-6000 is a high performance hardware security module for Sun SPARC, x86, x64 platforms in a low-profile, short PCI-E (X8) card. Supported on Linux and Solaris-10, it provides on-board cryptographic acceleration hardware and key store. It supports remote management with serial and USB ports for local administration. It enhances performance by off-loading compute intensive cryptographic calculations, accelerating IPsec and SSL processing and performs many financial service functions. The SCA6000 performs primary cryptographic functions for the Sun KMS 2.X Key Management System."
1994 IBM® Corporation
12 - 14 Marine Parade
Seabank Centre
Southport, QLD 4215
Australia

-Alex Hennekam
TEL: +61 7-5552-4045
FAX: +61 7 5571 0420

-Peter Waltenburg
TEL: +61 - 5552-4016
FAX: +61 7 5571 0420

CST Lab: NVLAP 200658-0

IBM® Crypto for C
(Software Version: 8.2.2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/27/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008® 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 with AES-NI; Microsoft Windows Server 2008® 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 without AES-NI; Microsoft Windows Server 2008® 32-bit running on an IBM 8835 52X AMD Opteron 246; AIX® 6.1 64-bit running on an IBM RS6000 7037-A50 PowerPC 5 64; Solaris® 10 64-bit running on an SunFire T1000 UltraSPARC T1; Red Hat Linux Enterprise Server 5 32-bit running on an IBM 8835 52X AMD Opteron 246; Red Hat Linux Enterprise Server 5 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 with AES-NI; Red Hat Linux Enterprise Server 5 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 without AES-NI; Red Hat Linux Enterprise Server 5 64-bit running on an IBM System p5 185 7037-A50 IBM PowerPC 970; Red Hat Linux Enterprise Server 5 64-bit running on an IBM zSeries z196 type 2817 model M32 IBM zSeries z196 with CPACF; Red Hat Linux Enterprise Server 5 64-bit running on an IBM zSeries z196 type 2817 model M32 IBM zSeries z196 without CPACF (single user mode)

-FIPS Approved algorithms: AES (Certs. #2155, #2156, #2157, #2158, #2159, #2160, #2161, #2162, #2163, #2164, #2165, #2166, #2167, #2169, #2170, #2171, #2172, #2179, #2213, #2214, #2421, #2422, #2423, #2424, #2425, #2426, #2427, #2428, #2429, #2430, #2431, #2432, #2433, #2434, #2435, #2436, #2437, #2438, #2439, #2440, #2441 and #2443); Triple-DES (Certs. #1365, #1366, #1367, #1368, #1369, #1370, #1371, #1372, #1373, #1374, #1375, #1376, #1377 and #1379); DSA (Certs. #670, #671, #672, #673, #674, #675, #676, #677, #678, #679, #680, #681, #682, #683, #756 and #757); RSA (Certs. #1109, #1110, #1111, #1112, #1113, #1114, #1115, #1116, #1117, #1118, #1119, #1120, #1121, #1123, #1253 and #1254); ECDSA (Certs. #325, #326, #327, #328, #329, #330, #331, #332, #333, #334, #335, #336, #337, #338, #398 and #399); SHS (Certs. #1874, #1875, #1876, #1877, #1878, #1879, #1880, #1881, #1882, #1883, #1884, #1885, #1886, #1889, #1904 and #1905); DRBG (Certs. #240, #241, #242, #243, #244, #245, #246, #247, #248, #249, #250, #251, #252, #253, #326, #327, #328, #329, #330 and #331); HMAC (Certs. #1319, #1320, #1321, #1322, #1323, #1324, #1325, #1326, #1327, #1328, #1329, #1330, #1331, #1333, #1506 and #1507)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; MDC2; RIPEMD; HMAC MD5; DES; CAST; Camellia; Blowfish; RC4; RC2; KBKDF (non-compliant)

Multi-chip standalone

"The IBM Crypto for C v8.2.2.0 (ICC) cryptographic module is implemented in the C programming language. It is packaged as dynamic (shared) libraries usable by applications written in a language that supports C language linking conventions (e.g. C, C++, Java, Assembler, etc.) for use on commercially available operating systems. The ICC allows these applications to access cryptographic functions using an Application Programming Interface (API) provided through an ICC import library and based on the API defined by the OpenSSL group."
1993 IBM® Corporation
11400 Burnet Road
Austin, TX 78758
USA

-Tom Benjamin
TEL: 512-286-5319
FAX: 512-436-8009

CST Lab: NVLAP 200427-0

IBM® Java JCE FIPS 140-2 Cryptographic Module
(Software Version: 1.7)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/27/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with IBM AIX 7.1 on IBM JVM 1.6 running on IBM 9117-570, Windows 7 32-bit on IBM JVM 1.6 running on Dell Optiplex 755, Solaris 11.0 on IBM JVM 1.6 running on Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2107); DRBG (Cert. #228); DSA (Cert. #657); ECDSA (Cert. #314); HMAC (Cert. #1281); RNG (Cert. #1082); RSA (Cert. #1081); SHS (Cert. #1830); Triple-DES (Cert. #1342)

-Other algorithms: AES (non-compliant); Auth HMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSAforSSL (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSAforSSL (non-compliant); Triple-DES (non-compliant)

Multi-chip standalone

"The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.6 level and higher."
1992 TecSec Incorporated
12950 Worldgate Drive
Suite 100
Herndon, VA 20170
USA

-Roger Butler
TEL: 571-331-6130
FAX: 571-299-4101

-Ron Parsons
TEL: 571-299-4127
FAX: 571-299-4101

CST Lab: NVLAP 100432-0

TecSec Armored Card - Contact Cryptographic Module
(Hardware Version: P/N Inside Secure AT90SC320288RCT Revision E; Firmware Versions: P/Ns Athena IDProtect Version 0108.0264.0001, TecSec SSD Applet Version 1.001, TecSec PIV Applet Version 1.007, TecSec BOCC Applet Version 1.001, TecSec CKM Attribute Container Applet Version 1.002, TecSec CKM Info Applet Version 1.000)

(PIV Card Application: Cert. #35)

(When operated with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 9. No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/19/2013;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1654 and #2226); CVL (Cert. #2); DRBG (Cert. #98); ECDSA (Cert. #214); HMAC (Cert. #1354); KBKDF (Cert. #4); RSA (Cert. #824); SHS (Cert. #1465); Triple-DES (Cert. #1087); 02/06/14: (Certs. #218 and #222)

-Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-CMAC (non-compliant)

Single-chip

"The TecSec Armored Card is a cryptographic module which provides enterprise personnel identification, persistent data security for data in transit and at rest, with additional support for physical/logical/functional/content authorization. The Chip is part of a dual-chip PIV smart card that is fully compliant with the end-point service specified in SP800-73-1. This Contact Chip Provides 368k eprom memory leveraging a common robust identity process and additionally providing a federation platform for multiple applications from multiple owners enforced by cryptographic separation."
1991 Stonesoft Corporation
Itälahdenkatu 22A
Helsinki, FI-00210
Finland

-Klaus Majewski
TEL: +358-40-824-7908

-Jorma Levomäki
TEL: +358-9-476711

CST Lab: NVLAP 200658-0

Stonesoft Cryptographic Kernel Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/13/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-315; Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-1301 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2238 and #2239); Triple-DES (Certs. #1399 and #1400); SHS (Certs. #1927 and #1928); HMAC (Certs. #1368 and #1369)

-Other algorithms: N/A

Multi-chip standalone

"Provides general cryptographic services intended to protect data in transit and at rest."
1990 Ultra Stereo Labs, Inc.
181 Bonetti Drive
San Luis Obispo, CA 93401
USA

-Larry McCrigler
TEL: 805-549-0161
FAX: 805-549-0163

CST Lab: NVLAP 100432-0

IMB-1000 HFR and IMB-1200 HFR Secure Media Blocks
(Hardware Version: Rev. 14; Firmware Version: 02272013)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/13/2013 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1459, #1460 and #1964); HMAC (Certs. #856 and #857); SHS (Certs. #1320 and #1321); RNG (Certs. #798 and #1165); RSA (Cert. #712); CVL (Cert. #52)

-Other algorithms: RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; TI S-BOX; EC Diffie-Hellman

Multi-chip embedded

"The Image Media Block is a type of Secure Processing Block that contains a Security Manager, Image, Audio and Subtitle Media Decryptors, Image decoder, Image and Audio Forensic Marking (FM) and optional Link Encoder. It is used for playback of encrypted movie content in commercial cinemas."
1989 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Kevin Michelizzi
TEL: 425-707-1227
FAX: 425-936-7329

-Chien-Her Chin
TEL: 425-706-5116
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll)
(Software Version: 7.00.1687)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/13/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Embedded Compact 7 running on a Sigma Designs Vantage 8654 Development Kit with a Sigma Designs SMP8654 (MIPSII_FP) CPU; Windows Embedded Compact 7 running on a Sigma Designs Vantage 8654 Development Kit with a Sigma Designs SMP8654 (MIPSII) CPU; Windows Embedded Compact 7 running on a TI OMAP TMDSEVM3530 with Texas Instruments EVM3530 CPU; Windows Embedded Compact 7 running on a Samsung SMDK6410 Development Kit with Samsung SMDK6410 CPU; Windows Embedded Compact 7 running on a Freescale i.MX27 Development Kit with Freescale i.MX27 CPU; Windows Embedded Compact 7 running on an eBox-330-A with MSTI PDX-600 CPU (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2023); DRBG (Cert. #193); DSA (Cert. #645); ECDSA (Cert. #295); HMAC (Cert. #1364); RSA (Cert. #1051); SHS (Cert. #1773); Triple-DES (Cert. #1307)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Dual-EC DRBG (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RSA key transport (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module. The primitive provider functionality is offered through one cryptographic module, BCRYPT.DLL (version 7.00.1687), subject to FIPS-140-2 validation. BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Embedded Compact 7 components and applications running on Windows Embedded Compact 7."
1988 Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0

CN6000 Series Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B [O] (AC), A6041B [O] (DC) and A6042B [O] (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B [O] (AC), A6101B [O] (DC) and A6102B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B [Y] (AC), A6041B [Y] (DC) and A6042B [Y] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B [Y] (AC), A6101B [Y] (DC) and A6102B [Y] (AC/DC); Firmware Version: 2.2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/13/2013;
09/16/2013;
02/20/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2258, #2259, #2264 and #2265); Triple-DES (Cert. #1412); RSA (Cert. #1157); SHS (Cert. #1945); HMAC (Cert. #1385); DRBG (Cert. #276)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN6000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet and Fibre Channel networks. The CN6040 is protocol selectable operating at line rates up to 4Gb/s. Configured in Ethernet mode the CN6040 supports optical and twisted-pair link rates of 10Mb/s, 100Mb/s & 1Gb/s whilst in Fibre Channel mode supports rates of 1.0625, 2.125 & 4.25Gb/s. The CN6100 is an Ethernet model that operates at a line rate of 10Gb/s. SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such."
1987 Stanley Security Solutions, Inc.
6161 E 75th Street
PO Box 50444
Indianapolis, IN 46250
USA

-Mr. Robert Strong
TEL: 317-806-3288

-Mr. Thomas Schuster
TEL: 317-806-3150

CST Lab: NVLAP 100414-0

Wi-Q Portal Gateway
(Hardware Version: 12562C; Firmware Version: 3.017.156)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/13/2013 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #1802); Triple-DES (Cert. #1356); SHS (Certs. #1583 and #1845); RSA (Cert. #1096)

-Other algorithms: AES (Cert. #1802, key wrapping); Triple-DES (Cert. #1356, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Stanley Wi-Q Portal Gateway Cryptographic Module is a wireless gateway device that communicates via wired network to the Stanley Wi-Q Communications Server and communicates via proprietary 802.15.4 protocol to wireless Stanley Wi-Q Controller modules. The Stanley Wi-Q Portal Gateway provides secure key retrieval and key transfer functions within the Stanley Wi-Q Wireless Access Control System."
1986 TecSec Incorporated
12950 Worldgate Drive
Suite 100
Herndon, VA 20170
USA

-Roger Butler
TEL: 571-331-6130

-Ron Parsons
TEL: 571-299-4127
FAX: 571-299-4101

CST Lab: NVLAP 100432-0

TecSec Armored Card - Contactless Cryptographic Module
(Hardware Version: P/N Inside Secure AT90SC28880RCFV Revision G; Firmware Versions: P/Ns Athena IDProtect Duo Version 010E.0264.0001, TecSec SSD Applet Version 1.001, TecSec PIV Applet Version 1.007, TecSec BOCC Applet Version 1.001, TecSec CKM Attribute Container Applet Version 1.002, TecSec CKM Info Applet Version 1.000)

(PIV Card Application: Cert. #35)

(When operated with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 9. No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/09/2013;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1655 and #2226); CVL (Cert. #2); DRBG (Cert. #98); ECDSA (Cert. #214); HMAC (Cert. #1354); KBKDF (Cert. #4); RSA (Cert. #824); SHS (Cert. #1465); Triple-DES (Cert. #1088); CVL (Certs. #218 and #222)

-Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-CMAC (non-compliant)

Single-chip

"The TecSec Armored Card is a cryptographic module which provides enterprise personnel identification, persistent data security for data in transit and at rest, with additional support for physical/logical/functional/content authorization. The Chip is part of a dual-chip PIV smart card that is fully compliant with the end-point service specified in SP800-73-1. This Chip provides the contactless functionality leveraging a common robust identity process in support of the federation platform capabilities of the overall card."
1985 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0

Samsung FIPS BC for Mobile Phone and Tablet
(Software Version: SBC1.45_1.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 07/23/2013 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Ice-cream Sandwich 4.0 on Galaxy S3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2124); SHS (Cert. #1848); RNG (Cert. #1090); Triple-DES (Cert. #1350); HMAC (Cert. #1295); RSA (Cert. #1093); DSA (Cert. #665)

-Other algorithms: MD2; MD4; MD5; DES; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); IES; ISSAC; SKIPJACK (non-compliant); Blowfish; Twofish; RC2; RC4; RC5; RC6; SALSA20; HC128; HC256; VMPC; SERPENT; RIJNDAEL; CAST5; CAST6; GOST28147; GOST3411; TEA; XTEA; ELGAMAL; IDEA; Tiger; RIPEMD; WHIRPOOL; ISO9797AG3MAC; GOST28147MAC; GOST3410; VPMCMAC; ECGOST3410; Grain; Camelia; Noekeon; SEED; Direct random generator; Thread-based generator; Reverse window generator; ECDSA (non-compliant); RSA (encrypt/decrypt); AES-CMAC (non-compliant); Triple-DES-CMAC (non-compliant)

Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
1984 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Andrew Young
TEL: 443-327-1183
FAX: 410-931-7524

CST Lab: NVLAP 100432-0

eToken
(Hardware Version: Inside Secure AT90SC25672RCT-USB; Firmware Version: Athena IDProtect 0106.0113.2109 with SafeNet eToken Applet Suite 1.2.9)

(No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/23/2013 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"SafeNet eToken is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business resources."
1983 A10 Networks, Inc.
3 West Plumeria Drive
San Jose, CA 95134
USA

-John Chiong
TEL: 408-325-8668
FAX: 408-325-8666

CST Lab: NVLAP 200968-0

AX Series Advanced Traffic Manager AX2500, AX2600-GCF, AX3000-11-GCF, AX5100, AX5200-11, AX1030, AX3030, AX3400, AX3200-12, AX3530 and AX5630, and Thunder Series Application Delivery Controller TH1030S, TH3030S, TH5430S, and TH6430S
(Hardware Versions: AX2500[1,2], AX2600-GCF[1,2], AX3000-11-GCF[1,2], AX5100[1,2], AX5200-11[1,2], AX1030[2], AX3030[2], AX3400[2], AX3200-12[2], AX3530[2], AX5630[2], TH1030S[3], TH3030S[3], TH5430S[3], and TH6430S[3]; Firmware Versions: R261-GR1-P7[1], R270-P2[2] and R271-P2[3])

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/23/2013;
12/20/2013
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #1092, #1124, #1128, #1129 and #1463); AES (Certs. #1693, #1739, #1740 and #2329); SHS (Certs. #1480, #1519, #1524, #1525 and #2013); HMAC (Certs. #985, #1011, #1016, #1017 and #1444); RSA (Certs. #829, #858, #862, #863 and #1202); RNG (Certs. #900 and #1088)

-Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The AX Series Advanced Traffic Manager is designed to meet the growing demands of Web sites, carriers and enterprises. The AX offers intelligent Layer 4-7 application processing capabilities with industry-leading performance and scalability to meet critical business requirements at competitive prices. AX Series standard redundant components and high availability design ensure organizations non-stop service availability for all types of applications."
1982 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst 4507R-E, Catalyst 4507R+E, Catalyst 4510R-E, Catalyst 4510R+E with Supervisor Cards (WS-X45-SUP7-E and WS-X45-Sup7L-E) and Line Cards (WS-X4748-RJ45V+E, WS-X4712-SFP+E, WS-X4640-CSFP-E, WS-X4748-NGPOE+E, and WS-X4748-RJ45-E)
(Hardware Versions: Catalyst 4503-E [1, 3, 4, 5, 6, A], Catalyst 4503-E [2, 5, 7, A], Catalyst 4506-E [1, 3, 4, 5, 6, 7, B], Catalyst 4506-E [2, 3, 4, 5, 6, 7, B], Catalyst 4507R-E [1, 3, 4, 5, 6, 7, C], Catalyst 4507R-E [2, 3, 4, 5, 6, 7, C], Catalyst 4507R+E [1, 3, 4, 5, 6, 7, C], Catalyst 4507R+E [2, 3, 4, 5, 6, 7, C], Catalyst 4510R-E [1, 3, 4, 5, 6, 7, D], Catalyst 4510R+E [1, 3, 4, 5, 6, 7, D], Supervisor Card WS-X45-SUP7-E [1], Supervisor Card WS-X45-SUP7L-E [2], Line Card WS-X4748-RJ45V+E [3], Line Card WS-X4712-SFP+E [4], Line Card WS-X4640-CSFP-E [5], Line Card WS-X4748-NGPOE+E [6], Line Card WS-X4748-RJ45-E [7], FIPS kit packaging (WS-C4503-FIPS-KIT= [A], WS-C4506-FIPS-KIT= [B], WS-C4507-FIPS-KIT= [C] and WS-C4510-FIPS-KIT= [D]) and Filler Plate (C4K-SLOT-CVR-E); Firmware Version: 3.3.1SG)

(When operated in FIPS mode with tamper evident labels and security devices installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/17/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1977 and #2057); DRBG (Cert. #179); HMAC (Cert. #1190); RNG (Cert. #1072); RSA (Certs. #1023 and #1024); SHS (Certs. #1730 and #1731); Triple-DES (Cert. #1282)

-Other algorithms: MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1977, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev."
1981 Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0

Kanguru Defender 2000™ Cryptographic Module
(Hardware Versions: P/Ns KVD-SMCF-32G, KVD-SMCF-16G, KDF2000-32G, KDF2000-64G, KDF2000-128G, KDF2000-16G, KDF2000-8G, KDF2000-4G, KDF2000-S16G, KDF2000-S2G, KDF2000-S4G and KDF2000-S8G, Version 1.0; Firmware Version: 2.03.10)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/17/2013 Overall Level: 3 

-FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Kanguru Defender 2000 Cryptographic Module is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device."
1980 Cocoon Data Holdings Limited
Level 4
152-156 Clarence St
Sydney, NSW 2000
Australia

-Simon Wild
TEL: +61 2 8412 8200
FAX: +61 2 8412 8202

-Jim Ivers
TEL: +1 703 657 5260
FAX: +1 703 657 5285

CST Lab: NVLAP 200900-0

Cocoon Data Secure Objects C++ Cryptographic Module Version 1.8
(Software Version: 1.8)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/17/2013;
08/07/2013
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 32-bit with MSVC2010 redistributable running on Dell Vostro 1520; Microsoft Windows XP 32-bit with SP and MSVC2010 redistributable running on Dell Vostro 1520; Microsoft Windows 7 64-bit with MSVC2010 redistributable running on Dell Vostro 3500; Microsoft Windows 7 32-bit with MSVC2012 redistributable running on Dell Vostro 1520; Microsoft Windows XP 32-bit with SP3 and MSVC2012 redistributable running on Dell Vostro 1520; Microsoft Windows 7 64-bit with MSVC2012 redistributable running on Dell Vostro 3500; Ubuntu 12.04 LTS 64-bit running on Dell PowerEdge 1950; Ubuntu 12.04 LTS 64-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel core i7; Ubuntu 12.04 LTS 32-bit running on Dell PowerEdge 1950; Ubuntu 12.04 LTS 32-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7; Redhat Enterprise Linux Server 6.3 64-bit running on Dell PowerEdge 1950; Redhat Enterprise Linux Server 6.3 64-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7; Redhat Enterprise Linux Server 6.3 32-bit running on Dell PowerEdge 1950; Redhat Enterprise Linux Server 6.3 32-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7; Mac OSX 10.8 running on Macbook Pro Intel Core i7 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2192); Triple-DES (Cert. #1385); SHS (Cert. #1900); HMAC (Cert. #1344); DRBG (Cert. #257)

-Other algorithms: N/A

Multi-chip standalone

"The Cocoon Data Secure Objects C++ Cryptographic Module Version 1.8 has been implemented as part of the Cocoon Data Secure Objects solution, an encryption-based access control system for protecting the confidentiality and integrity of electronic files. Coccon Data Holdings Limited is the parent company of all Covata entities."
1979 Check Point Software Technologies, Ltd.
9900 Belward Campus Dr.
Suite 250
Rockville, MD 20850
USA

-David Abrose
TEL: +972 37534561

-Malcolm Levy
TEL: +972 37534561

CST Lab: NVLAP 200002-0

Provider-1
(Firmware Version: R71 with R7x hotfix)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 07/17/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Check Point Smart-1 50 with Check Point SecurePlatform Operating System Version R7x

-FIPS Approved algorithms: AES (Cert. #1836); Triple-DES (Certs. #1188 and #1189); DRBG (Cert. #146); RSA (Cert. #925); HMAC (Certs. #1089 and #1090); SHS (Certs. #1615 and #1616)

-Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1188, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1836, key wrapping)

Multi-chip standalone

"Check Point Provider 1 technology provides virtualized security management, segmenting your security management into multiple virtual domains. Businesses of all sizes can easily create virtual domains based on geography, business unit or security function to strengthen security and simplify management."
1978 Check Point Software Technologies, Ltd.
9900 Belward Campus Dr.
Suite 250
Rockville, MD 20850
USA

-David Abrose
TEL: +972 37534561

-Malcolm Levy
TEL: +972 37534561

CST Lab: NVLAP 200002-0

Security Management
(Firmware Version: R71 with R7x hotfix)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 07/17/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Check Point Smart-1 50 with Check Point SecurePlatform Operating System Version R7x

-FIPS Approved algorithms: AES (Cert. #1835); Triple-DES (Certs. #1186 and #1187); DRBG (Cert. #145); RSA (Cert. #924); HMAC (Certs. #1087 and #1088); SHS (Certs. #1613 and #1614)

-Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1186, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1835, key wrapping)

Multi-chip standalone

"Check Point Security Management technology provides security management. Businesses of all sizes can easily create domains based on geography, business unit or security function to strengthen security and simplify management."
1977 Check Point Software Technologies, Ltd.
9900 Belward Campus Dr.
Suite 250
Rockville, MD 20850
USA

-David Abrose
TEL: +972 37534561

-Malcolm Levy
TEL: +972 37534561

CST Lab: NVLAP 200002-0

Security Gateway
(Firmware Version: R70.1 with R7x hotfix)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 07/17/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Power-1 9070 with Check Point SecurePlatform Operating System Version R70.1

-FIPS Approved algorithms: AES (Cert. #2037); Triple-DES (Certs. #1313 and #1314); DRBG (Cert. #199); RSA (Cert. #1057); HMAC (Certs. #1235 and #1236); SHS (Certs. #1782 and #1783)

-Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1313, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"Check Point VPN-1 Security Gateway allows enterprises and managed service providers to provide firewall, VPN, and intrusion prevention functionality on a single hardware platform."
1976 Check Point Software Technologies, Ltd.
9900 Belward Campus Dr.
Suite 250
Rockville, MD 20850
USA

-David Abrose
TEL: +972 37534561

-Malcolm Levy
TEL: +972 37534561

CST Lab: NVLAP 200002-0

VSX
(Firmware Version: R67.10 with R7x hotfix)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 07/17/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Check Point Power-1 9070 with Check Point SecurePlatform Operating System Version NGX R67

-FIPS Approved algorithms: AES (Cert. #1837); Triple-DES (Certs. #1190 and #1191); DRBG (Cert. #147); RSA (Cert. #926); HMAC (Certs. #1091 and #1092); SHS (Certs. #1617 and #1618)

-Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1191, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"Check Point VPN-1 Power VSX is a virtualized security gateway that allows virtualized enterprises and managed service providers to create up to 250 virtual systems (firewall, VPN, and intrusion prevention functionality within a virtual network environment) on a single, highly scalable hardware platform."
1975 Accellion, Inc.
1804 Embarcadero Road
Suite 200
Palo Alto, CA 94303
USA

-Prateek Jain
TEL: +65-6244-5670
FAX: +65-6244-5678

CST Lab: NVLAP 100432-0

Accellion Cryptographic Module
(Software Version: FTALIB_2_0_1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/17/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5 running on a HP ProLiant DL 380 G7 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2316, #2317 and #2318); CVL (Cert. #55); HMAC (Certs. #1436 and #1457); RSA (Cert. #1214); SHS (Certs. #2003 and #2004); Triple-DES (Cert. #1460)

-Other algorithms: AES (Cert. #2316, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1460, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use."
1974

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/29/2013 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Single-chip

1973 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Virtual Appliance for Crossbeam XOS
(Software Version: 8.2.1)

(When installed, initialized and configured as specified in the Security Policy Section 3.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/10/2013 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with McAfee Secure OS v8.2 on Crossbeam XOS v9.6.0 running on a Crossbeam X-60; McAfee Secure OS v8.2 on Crossbeam XOS v9.9.0 running on a Crossbeam X-60 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1961, #1962 and #1963); Triple-DES (Certs. #1273, #1274 and #1275); SHS (Certs. #1720, #1721 and #1722); HMAC (Certs. #1182, #1183 and #1184); RNG (Certs. #1030, #1031 and #1032); RSA (Certs. #1015 and #1016); DSA (Certs. #626 and #627)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1972 Chunghwa Telecom Laboratories
12, Lane 551, Min-Tsu Road SEC.5,
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

-Yu-Ling Cheng
TEL: 886 3 424-5883
FAX: 886 3 424-4167

-Ming-Hsin Chang
TEL: 886-3-4245885
FAX: 886 3 424-4167

CST Lab: NVLAP 200928-0

HiPKI SafGuard 1200 HSM
(Hardware Version: HSM-HW-20; Firmware Version: HSM-SW-20)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/05/2013 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #1296); Triple-DES MAC (Triple-DES Cert. #1296, vendor affirmed); AES (Cert. #2010); SHS (Cert. #1760); ECDSA (Cert. #290); RSA (Certs. #1039 and #1043); DRBG (Cert. #187); HMAC (Cert. #1215)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"HiPKI SafGuard 1200 HSM is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed accelerator for 1024-4096 bit RSA and ECDSA signatures, and hashing). The HiPKI SafGuard 1200 HSM provides secure identity-based authentication using smart cards and data encryption using FIPS approved Triple-DES and AES encryption."
1971 3e Technologies International, Inc.
9715 Key West Ave
Suite 500
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6989

-Chris Guo
TEL: 301-944-1294
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-520 Secure Access Point Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 5.0)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/03/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2060, #2078 and #2105); CVL (Cert. #22); ECDSA (Cert. #303); HMAC (Certs. #1253 and #1259); RNG (Cert. #1076); RSA (Cert. #1072); SHS (Certs. #1801 and #1807); Triple-DES (Certs. #1327 and #1329)

-Other algorithms: AES (non-compliant); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD5; RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The 3e-520 Secure Access Point acts as an access point for the universal wireless family of devices from 3eTI. The 520 board is installed inside the wireless devices and provides the cryptographic functionality for the device. The access point allows for wireless clients or wireless bridges to securely connect wirelessly with the module and send encrypted data."
1970 iStorage Limited
Research House, Fraser Road
Greenford, Middx, UB6-7AQ
England

-John Michael
TEL: +44 (0) 20 8537-3435
FAX: +44 (0) 20 8537-3438

CST Lab: NVLAP 200802-0

iStorage FIPS Module 140-2
(Hardware Version: REV. A; Firmware Version: 4.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/02/2013 Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911)

-Other algorithms: NDRNG

Multi-chip embedded

"The iStorage FIPS 140-2 Module is a flexible FIPS module with the ability to interface to multiple types of authentication or hardware. Completely contained within a small footprint/boundary, the module is designed to allow simple integration into various secure storage systems requiring a FIPS validated encryption boundary and does not require software."
1969 Thales e-Security Ltd.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

TEL: 888-744-4976

CST Lab: NVLAP 100432-0

Authentication Token
(Hardware Version: Inside Secure AT90SC28872RCU Revision G; Firmware Version: Athena IDProtect 010B.0333.0004 with Authentication Token Applet 1.0)

(No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/26/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); DRBG (Cert. #98); SHS (Cert. #1465); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); AES (Cert. #1654, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Single-chip

"Authentication Token is a Cryptographic Module containing Thales' authenticated Java applets. Authentication Token is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. Authentication Token supports FIPS-Approved: DRBG; SHA-1 and all SHA-2; TDES; AES; ECDSA and ECC CDC; and, RSA and ECC key generation. Authentication Token is designed to provide users of Thales' hardware security modules with high-performance smart card capabilities in support of their government and enterprise applications."
1968 Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

-Hasbi Kabacaoglu
TEL: +49-3303-525-656
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0

Postal mRevenector CA 2012
(Hardware Version: 580036020300/01; Firmware Versions: 90.0036.0201.00/2011485001 (Bootloader), 90.0036.0206.00/2011485001 (Software-Loader) and 90.0036.0211.00/2013032001 (CA Application))

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/26/2013 Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); ECDSA (Cert. #185); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG; Triple-DES (Cert. #1122, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Francotyp-Postalia Postal mRevenector CA 2012 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector CA 2012 has been designed in compliance with the Canadian Postal Specification."
1967 Telephonics Sweden AB
Vattenkraftsvagen 8
Stockholm, SE-135 70
Sweden

-Ingi Bjornsson
TEL: +46 8 7980933
FAX: +46 8 7988433

-Magnus Eriksson
TEL: +46 8 7980902
FAX: +46 8 7988433

CST Lab: NVLAP 100432-0

TruLink Control Logic Module CL6882-M1
(Hardware Version: P/N 010.6882-01 Rev. B2; Firmware Version: Boot: SW7158 v2.4 and Application: SW7151 v2.11.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/26/2013;
07/26/2013
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #2114); HMAC (Cert. #1286); SHS (Cert. #1838)

-Other algorithms: N/A

Multi-chip embedded

"TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio."
1966 Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Ciotat, 13705
France

-Arnaud Lotigier
TEL: +33 4.42.36.60.74
FAX: +33 4.42.36.55.45

CST Lab: NVLAP 100432-0

IDCore 30
(Hardware Version: SLE78CFX3009P; Firmware Version: IDCore 30 Build 1.17, Demonstration Applet version V1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/21/2013;
07/05/2013
Overall Level: 3 

-FIPS Approved algorithms: RNG (Cert. #1128); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed); AES (Cert. #2261); RSA (Certs. #1158 and #1163); ECDSA (Cert. #363); CVL (Cert. #41); SHS (Cert. #1946)

-Other algorithms: EC Diffie-Hellman (SP 800-56A; non-compliant)

Single-chip

"The IDCore 30 is a part of Gemalto's IDCore family of Java Cards and offers a comprehensive array of features and options for logical and physical access control applications. IDCore 30 is a highly secure platform for private and public sector smart card deployments implementing Java Card 2.2.2 and Global Platform 2.1.1 / 2.2 Amdt D specifications. IDCore 30 is ideally suited for markets such as Identity or Security/Access, including one-time password authentication, Public Key Infrastructure (PKI) services, digital transactions and physical access control."
1965 Apricorn Inc.
12191 Kirkham Road
Poway, CA 92064
USA

-Mike McCandless
TEL: 858-513-4481
FAX: 858-513-4413

CST Lab: NVLAP 200802-0

Apricorn FIPS Module 140-2
(Hardware Version: REV. A [A,B] or REV. A with CAN 1A [A,B]; Firmware Version: 4.0 [A] or 4.1[B])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/14/2013;
04/16/2014;
06/27/2014
Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911)

-Other algorithms: NDRNG

Multi-chip embedded

"The Apricorn FIPS 140-2 Module is a flexible FIPS module with the ability to interface to multiple types of authentication or hardware. Completely contained within a small footprint/boundary, the module is designed to allow simple integration into various secure storage systems requiring a FIPS validated encryption boundary and does not require software. The Apricorn FIPS 140-2 Module is used in the Aegis Fortress, Padlock DT FIPS, and the Padlock SSD families."
1964 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple OS X CoreCrypto Module, v3.0
(Software Version: 3.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/14/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with OS X 10.8 running on Mac mini with i5 CPU with AES-NI; OS X 10.8 running on Mac mini with i5 CPU without AES-NI; OS X 10.8 running on iMac with i7 CPU with AES-NI; OS X 10.8 running on iMac with i7 CPU without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1339 and #1340); AES (Certs. #2088, #2089, #2090, #2091, #2092, #2093, #2094, #2095, #2103 and #2104); RSA (Certs. #1078 and #1079); SHS (Certs. #1816, #1817, #1818, #1819, #1827 and #1828); ECDSA (Certs. #312 and #313); HMAC (Certs. #1267, #1268, #1269, #1270, #1278 and #1279); DRBG (Certs. #217, #218, #219, #220, #226 and #227); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC (non-compliant)

Multi-chip standalone

"The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
1963 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple iOS CoreCrypto Module, v3.0
(Hardware Version: A4 and A5; Software Version: 3.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 06/14/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with iOS 6.0 running on an iPhone4; iOS 6.0 running on an iPhone4S; iOS 6.0 running on an iPad (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1336 and #1338); AES (Certs. #2072, #2073, #2074, #2075, #2076, #2077, #2100 and #2102); RSA (Certs. #1076 and #1077); SHS (Certs. #1805, #1806, #1824 and #1826); ECDSA (Certs. #309 and #311); HMAC (Certs. #1257, #1258, #1275 and #1277); DRBG (Certs. #209, #210, #223 and #225); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (Curves P-192, P-224 and P-521; non-compliant); DES; MD2; MD4; MD5; RIPEMD; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC (non-compliant)

Multi-chip standalone

"The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
1962 ACES
H. No. 156, St 5, F11-1
Islamabad, Islamabad 44000
Pakistan

-Dr Mehreen Afzal
TEL: +923009878534
FAX: +92512224453

-Dr. Mureed Hussain
TEL: +923238556816
FAX: +92512224453

CST Lab: NVLAP 200856-0

Tahir Pak Crypto Library
(Software Version: 2.1.1)

(When installed, initialized and configured as specified in the Security Policy Section 6.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/14/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 2 with Red Hat Enterprise Linux 5.3 running on DELL PowerEdge T110 II 11th

-FIPS Approved algorithms: AES (Cert. #2341); DRBG (Cert. #291); DSA (Cert. #733); SHS (Cert. #2018); HMAC (Cert. #1450)

-Other algorithms: N/A

Multi-chip standalone

"TPCL (Tahir Pak Crypto Library) is a software cryptographic module which provides FIPS approved Cryptographic functions to consuming applications via an Application Programming Interface (API)."
1961 Telephonics Sweden AB
Vattenkraftsvagen 8
Stockholm, SE-135 70
Sweden

-Ingi Bjornsson
TEL: +46 8 7980933
FAX: +46 8 7988433

-Magnus Eriksson
TEL: +46 8 7980902
FAX: +46 8 7988433

CST Lab: NVLAP 100432-0

TruLink Control Logic Module CL6792-M1
(Hardware Version: P/N 010.6792-01 Rev. H3; Firmware Version: Boot: SW7098 v2.5 and Application: SW7099 v9.13.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/14/2013;
07/26/2013
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #2113); HMAC (Cert. #1285); SHS (Cert. #1837)

-Other algorithms: N/A

Multi-chip embedded

"TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio."
1960 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Virtual Appliance for VMware ESXi 4.1
(Software Version: 8.2.1)

(When installed, initialized and configured as specified in the Security Policy Section 3.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/12/2013 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with McAfee Secure OS v8.2 on VMware ESXi v4.1 running on a McAfee 7032 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1961, #1962 and #1963); Triple-DES (Certs. #1273, #1274 and #1275); SHS (Certs. #1720, #1721 and #1722); HMAC (Certs. #1182, #1183 and #1184); RNG (Certs. #1030, #1031 and #1032); RSA (Certs. #1015 and #1016); DSA (Certs. #626 and #627)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1959 Check Point Software Technologies Ltd
5 Ha'solelim Street
Tel Aviv, 67897
Israel

-Malcom Levy
TEL: +972-37534561
FAX: 732-416-1370

CST Lab: NVLAP 200427-0

Check Point CryptoCore
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/12/2013 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 without AES-NI (User Space); Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 without AES-NI (Kernel Space); Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 with AES-NI (User Space); Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 with AES-NI (Kernel Space); Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 without AES-NI (User Space); Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 without AES-NI (Kernel Space); Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 with AES-NI (User Space); Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 with AES-NI (Kernel Space); Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro without AES-NI (User Space); Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro without AES-NI (Kernel Space); Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro with AES-NI (User Space); Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro with AES-NI (Kernel Space); Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro without AES-NI (User Space); Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro without AES-NI (Kernel Space); Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro with AES-NI (User Space); Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro with AES-NI (Kernel Space); UEFI Pre-boot (64-bit) running on a Apple MacBook Pro without AES-NI; UEFI Pre-boot (64-bit) running on a Apple MacBook Pro with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2182); DRBG (Cert. #255); HMAC (Cert. #1336); RNG (Cert. #1104); RSA (Cert. #1125); SHS (Cert. #1891); Triple-DES (Cert. #1382); Triple-DES MAC (Triple-DES Cert. #1382, vendor affirmed)

-Other algorithms: AES (Cert. #2182, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Blowfish; CAST-128; CAST-256; DES; MD5; PKCS#5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant);

Multi-chip standalone

"Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows 7, Mac OS X, and UEFI firmware. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries."
1958 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® G5 Cryptographic Module
(Hardware Version: LTK-03, Version Code 0102; Firmware Version: 6.2.3)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/11/2013 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2262 and #2263); Triple-DES (Certs. #1414 and #1415); Triple-DES MAC (Triple-DES Certs. #1414 and #1415, vendor affirmed); DSA (Certs. #704 and 705); SHS (Certs. #1947 and #1948); RSA (Certs. #1159 and #1160); HMAC (Certs. #1386 and #1387); DRBG (Cert. #277); ECDSA (Certs. #364 and #365); KAS (Cert. #37); KBKDF (Cert. #5)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2263; non-compliant); AES (Certs. #2262 and #2263, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1414 and #1415, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface."
1957 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® G5 Cryptographic Module
(Hardware Version: LTK-03, Version Code 0102; Firmware Version: 6.2.3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/11/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2262 and #2263); Triple-DES (Certs. #1414 and #1415); Triple-DES MAC (Triple-DES Certs. #1414 and #1415, vendor affirmed); DSA (Certs. #704 and 705); SHS (Certs. #1947 and #1948); RSA (Certs. #1159 and #1160); HMAC (Certs. #1386 and #1387); DRBG (Cert. #277); ECDSA (Certs. #364 and #365); KAS (Cert. #37); KBKDF (Cert. #5)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2263; non-compliant); AES (Certs. #2262 and #2263, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1414 and #1415, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface."
1956 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple OS X CoreCrypto Kernel Module, v3.0
(Software Version: 3.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/07/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with OS X 10.8 running on Mac mini with i5 CPU with AES-NI; OS X 10.8 running on Mac mini with i5 CPU without AES-NI; OS X 10.8 running on iMac with i7 CPU with AES-NI; OS X 10.8 running on iMac with i7 CPU without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1331 and #1332); AES (Certs. #2080, #2081, #2082, #2083, #2084, #2085, #2086 and #2087); SHS (Certs. #1810, #1811, #1812, #1813, #1814 and #1815); ECDSA (Certs. #305 and #306); HMAC (Certs. #1261, #1262, #1263, #1264, #1265 and #1266); DRBG (Certs. #211, #212, #213, #214, #215 and #216); PBKDF (vendor affirmed)

-Other algorithms: ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC (non-compliant)

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
1955 Kony, Inc.
7380 West Sand Lake Road #390
Orlando, FL 32819
USA

-Matthew Terry
TEL: 407-730-5669
FAX: 407-404-3738

CST Lab: NVLAP 100432-0

Kony Cryptographic Library
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/03/2013;
08/23/2013;
09/16/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with Android 2.2 running on HTC Desire without NEON; Android 2.2 running on HTC Desire with NEON; Android 3.0 running on Nook BNRV200 without NEON; Android 3.0 running on Nook BNRV200 with NEON; Android 4.0 running on Beagleboard-XM without NEON; Android 4.0 running on Beagleboard-XM with NEON; Apple iOS 5.0 running on iPhone 4 without NEON; Apple iOS 5.0 running on iPhone 4 with NEON; Apple iOS 6.0 running on iPhone 4 without NEON; Apple iOS 6.0 running on iPhone 4 with NEON (single user mode)

-FIPS Approved algorithms: AES (Cert. #2338); DRBG (Cert. #290); DSA (Cert. #732); HMAC (Cert. #1448); RNG (Cert. #1164); RSA (Cert. #1204); SHS (Cert. #2016); Triple-DES (Cert. #1464); ECDSA (Cert. #382); CVL (Cert. #51)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"The Kony Cryptographic Library is a full featured cryptographic module used in Kony mobile and multi-channel application platforms and the KonyOne™ Platform."
1954 ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009
USA

-Ben Davis
TEL: 760-476-2200
FAX: 760-929-3941

CST Lab: NVLAP 100432-0

Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module
(Hardware Versions: P/Ns 1010162 Version 1, 1010162 with ESEM Version 1, 1091549 Version 1, 1075559 Version 1, 1075559 with ESEM Version 1, 1091551 Version 1, 1010163 Version 1, 1010163 with ESEM Version 1, 1091550 Version 1, 1075560 Version 1, 1075560 with ESEM Version 1 and 1091552 Version 1; Firmware Version: 02.03.02)

(The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/30/2013 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1203, #1204 and #2242); SHS (Certs. #1931 and #1932); HMAC (Cert. #1372); ECDSA (Cert. #351); RNG (Cert. #1121)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 256 bits of encryption strength)

Multi-chip standalone

"The Enhanced Bandwidth Efficient Modem (EBEM) is a high-performance multi-input/multi-output SCPC satellite modulator/demodulator that converts multiple baseband digital input signals into multiple waveform intermediate frequencies (IF) and vice-versa.The EBEM provides extensive backwards compatibility with fielded modem and crypto technology, while adding high-order terminal modulation and Turbo coding to further enhance bandwidth efficiency."
1953 NXP Semiconductors
Mikronweg 1
Gratkorn, 8101
Austria

-Markus Moesenbacher
TEL: +43 3124 299 652
FAX: +43 3124 299 270

CST Lab: NVLAP 100432-0

NXP JCOP 2.4.2 R2
(Hardware Versions: P5CC081 V1A, P5CD081 V1A, P5CD081 V1D, P5CC145 V0B and P5CD145 V0B; Firmware Versions: JCOP 2.4.2 R2 Mask ID 59 and patchID 3 with Demonstration Applet v1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/23/2013 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: RNG (Cert. #942); Triple-DES (Certs. #1144 and #1145); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); AES (Certs. #2120, #2121, #2151 and #2152); SHS (Cert. #1553); RSA (Certs. #1090 and #1091); ECDSA (Cert. #317); CVL (Cert. #26)

-Other algorithms: HW RNG; RSA (non-compliant); Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of security strength); AES (Certs. #2120 or #2151, key wrapping; key establishment methodology provides 128 bits of security strength)

Single-chip

"NXP J3D081, J2D081, J3D145, J2D145 Secure Smart Card Controller Revision 2"
1952 3S Group Incorporated
125 Church Street, N.E., Suite 204
Vienna, VA 22180
USA

-Satpal Sahni
TEL: 703-281-5015
FAX: 703-281-7816

CST Lab: NVLAP 200002-0

3S Group Cryptographic Module (3SGX)
(Hardware Version: 1.0; Firmware Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/23/2013 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #1315); AES (Cert. #2038); DSA (Cert. #646); RSA (Cert. #1058); SHS (Cert. #1784); DRBG (Cert. #200); ECDSA (Cert. #297); HMAC (Cert. #1237); Skipjack (Cert. #19); KAS (Cert. #35); KTS (vendor affirmed); CVL (Cert. #25)

-Other algorithms: Diffie-Hellman (key agreement); Diffie-Hellman (CVL Cert. #25; key agreement); EC Diffie-Hellman (CVL Cert. #25; key agreement); KEA; RSA (key wrapping); AES (Cert. #2038, key wrapping); Triple-DES (Cert. #1315, key wrapping)

Multi-chip embedded

"3SGX is a high performance embedded PCIe cryptographic module that provides complete cryptographic support to hundreds of concurrent users and/or applications. Each user/application is authenticated twice before accessing its own symmetric and asymmetric keys and certificates. All cryptographic and key management operations are performed within the Hardware Security Module (HSM). 3SGX HSM is the core of 3S Group's hardware security appliances. Available in a range of models and configurations and high-level APIs, it is ideal for enterprise key management, virtualization and cloud server soluti"
1951 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0

FortiGate-80C [1], FortiGate-110C [2], FortiGate-60C [3] and FortiWiFi-60C [4]
(Hardware Version: C4BC61 [1], C4HA15 [2], C4DM93 [3] and C4DM95 [4] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [1,2] or FIPS-SEAL-RED [3,4]; Firmware Version: (FortiOS 4.0, build3830, 131223))

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/23/2013;
11/08/2013;
06/27/2014
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2277, #2607 and #2608); Triple-DES (Certs. #1424, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1958, #2191 and #2192); HMAC (Certs. #1395, #1615 and #1616); RSA (Certs. #1168 and #1334)

-Other algorithms: AES-CCM (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1950 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0

FortiGate-1000C [1], FortiGate-1240B [2] and FortiGate-3140B [3]
(Hardware Versions: C4HR40 [1], C4CN43 [2] and C4XC55 [3] with Tamper Evident Seal Kits: FIPS-SEAL-RED [1,3] or FIPS-SEAL-BLUE [2]; Firmware Versions: (FortiOS 4.0, build3767, 130923) [1] and (FortiOS 4.0, build3830, 131223) [2,3])

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/23/2013;
11/08/2013;
06/27/2014
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2278, #2279, #2607 and #2608); Triple-DES (Certs. #1425, #1426, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1959, #1960, #2191 and #2192); HMAC (Certs. #1396, #1397, #1615 and #1616); RSA (Certs. #1169, #1170 and #1334)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1949 Harris Corporation
1680 University Avenue
Rochester, NY, NY 14610
USA

-Michael Vickers
FAX: 434-455-6851

CST Lab: NVLAP 200996-0

Harris AES Software Load Module
(Software Version: R04A01)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/16/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Texas Instruments DSP/BIOS Software Kernel Version 5.33.03 running on a Texas Instruments TMS320C55x (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1482 and #2320)

-Other algorithms: AES (Cert. #1482, key wrapping)

Multi-chip standalone

"The Harris AES Software Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals."
1948 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Ross Choi
TEL: 972-761-7628

-Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0

Samsung OpenSSL Cryptographic Module
(Software Version: SFOpenSSL1.0.0e-1.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 05/16/2013 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Ice-cream Sandwich 4.0 on Galaxy S3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2108); HMAC (Cert. #1282); SHS (Cert. #1831); Triple-DES (Cert. #1343); RSA (Cert. #1082); DSA (Cert. #658); RNG (Cert. #1083)

-Other algorithms: Blowfish; Triple-DES-CTR (non compliant); AES-CTR (non compliant); MD5; IDEA; RC2; RC4; Diffie-Hellman; md_rand.c

Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
1947 TrellisWare Technologies Inc.
16516 Via Esprillo
Suite 300
San Diego, CA 92127
USA

-Jeffery Thomas
TEL: 858-753-1617
FAX: 858-753-1641

-James Morse
TEL: 858-753-1646
FAX: 858-753-1640

CST Lab: NVLAP 100432-0

TW-230 (CheetahNet II)
(Hardware Version: ASY0560001 rev X2; Firmware Version: 4c-beta2-FIPS)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/16/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1980); RSA (Cert. #1026); SHS (Cert. #1734)

-Other algorithms: AES (Cert. #1980, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES (non-compliant)

Multi-chip standalone

"The TW-230 combines the high data rate capability of TrellisWare's Tactical Scalable MANET-Enhanced (TSM-E) waveform with narrowband VHF/UHF AM/FM voice. TW-230 provides a robust highly scalable self-forming, self-healing wideband networked waveform transparent to the operator. The TW-230 supports multi-channel push to talk (PTT) voice, IP data, position location information (PLI) tracking, and remote operation of live streaming video. The TW-230 can also be operated in plaintext narrowband voice modes that allow it to interoperate with most other standard AM/FM PTT radios."
1946 TrellisWare Technologies Inc.
16516 Via Esprillo
Suite 300
San Diego, CA 92127
USA

-Jeffery Thomas
TEL: 858-753-1617
FAX: 858-753-1641

-James Morse
TEL: 858-753-1646
FAX: 858-753-1640

CST Lab: NVLAP 100432-0

TW-400 (CUB)
(Hardware Version: ASY0540250 rev X1; Firmware Version: 4c-beta2-FIPS)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/14/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1980); RSA (Cert. #1026); SHS (Cert. #1734)

-Other algorithms: AES (Cert. #1980, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES (non-compliant)

Multi-chip standalone

"The TW-400 is a small form factor software defined radio that employs an enhanced version of TrellisWare's Tactical Scalable MANET waveform (TSM-E) and is capable of robust operation at high data rate modes. The TW-400 supports multi-channel push to talk (PTT) voice, IP data, network level position location information (PLI) tracking, sleep functions for long term sensing applications, IP gateway features and remote operation of live streaming video sources for networked sensing missions."
1945

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/10/2013 Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Single-chip

1944 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple iOS CoreCrypto Kernel Module, v3.0
(Software Version: 3.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/03/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with iOS 6.0 running on an iPhone4; iOS 6.0 running on an iPhone4S; iOS 6.0 running on an iPad (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1335 and #1337); AES (Certs. #2070, #2071, #2099 and #2101); SHS (Certs. #1803, #1804, #1823 and #1825); ECDSA (Certs. #308 and #310); HMAC (Certs. #1255, #1256, #1274 and #1276); DRBG (Certs. #222 and #224); PBKDF (vendor affirmed)

-Other algorithms: ECDSA (Curves P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC (non-compliant)

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
1943 VT iDirect, Inc.
13865 Sunrise Valley Drive
Suite 100
Herndon, VA 20171
USA

-Paul Harr
TEL: 703-648-8225
FAX: 703-648-8088

CST Lab: NVLAP 200556-0

Evolution e8350™ - Satellite Router [1], iConnex e800™ - Satellite Router Board [2], iConnex e850MP™ Satellite Router Board [3], iConnex e850MP™ - IND Satellite Router Board [4], iConnex e850MP™ - IND with Heat Sink Satellite Router Board [5], Evolution eM1D1™ Line Card [6] and Evolution eM0DM™
(Hardware Versions: Part #E0000051-0003 [1]; Part #E0001340-0002 [2]; Part #E0000731-0001 [3]; E0000731-0002 [4]; Part #E0000731-0003 [5]; Part #E0000080-0002 [6]; Part #E0000080-0005 [7]; Firmware Version: iDX version 2.3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/02/2013 Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #1944 and #1945); SHS (Cert. #1709); RNG (Cert. #1024); RSA (Cert. #1007); HMAC (Cert. #1173)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RNG; PBKDF (non-compliant)

Multi-chip embedded

"iDirect's AES-based bidirectional TRANSEC, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical"
1942 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst C4500X-32SFP+ and Catalyst C4500X-F-32SFP+
(Hardware Versions: Catalyst C4500X-32SFP+ and Catalyst C4500X-F-32SFP+; FIPS kit packaging (CVPN4500FIPS/KIT=); Firmware Version: 3.3.1SG)

(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/02/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1977); DRBG (Cert. #179); HMAC (Cert. #1190); RNG (Cert. #1072); RSA (Certs. #1023 and #1024); SHS (Certs. #1730 and #1731); Triple-DES (Cert. #1282)

-Other algorithms: MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The fixed-aggregation Cisco Catalyst 4500-X Series Switches deliver best-in-class scalability, simplified network virtualization, and integrated network services for space-constrained environments in campus networks. The Catalyst 4500-X switches provide a secure and manageable platform that meets FIPS 140-2 Level 2 requirements."
1941 IBM Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, GA 30328
USA

-Scott Sinsel
TEL: 404-236-2722
FAX: 404-236-2632

CST Lab: NVLAP 200416-0

Proventia GX Series Security Appliances
(Hardware Versions: GX7800 and GX7412; with FIPS-LABELS: FIPS 140 tamper evidence labels; Firmware Version: 4.3)

(When operated in FIPS mode when installed with Firmware v4.3 and with the tamper evidence seals installed as indicated in the Security Policy. No assurance of module integrity when operating in non-FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/30/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #2006); HMAC (Cert. #1211); RNG (Cert. #1049); RSA (Cert. #1035); SHS (Cert. #1756)

-Other algorithms: RSA (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"The IBM Proventia Network Intrusion Prevention System (IPS) stops Internet threats before they impact your business and delivers protection to all three layers of the network: core, perimeter and remote segments. Preemptive protection, or protection that works ahead of the threat, is available from IBM Internet Security Systems through its proprietary combination of line-speed performance, security intelligence and a modular protection engine that enables security convergence."
1940 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

IOS Common Cryptographic Module (IC2M)
(Firmware Versions: Rel 1(1.0.0), Rel 1(1.0.1) and Rel 1(1.0.2))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 04/30/2013 Overall Level: 1 

-Tested: Cisco Catalyst 2960 with IOS 15.0SE; Cisco 3925 ISR with IOS 15.2; Cisco 2811 ISR with IOS 15.2

-FIPS Approved algorithms: AES (Certs. #2134 and #2136); CVL (Cert. #30); DRBG (Cert. #237); ECDSA (Cert. #322); HMAC (Cert. #1304); RSA (Cert. #1100); SHS (Certs. #1858 and #1859); Triple-DES (Certs. #1358, #1359 and #1360)

-Other algorithms: DES; HMAC-MD5; MD2; MD5; RC2; RC4; SEAL; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols."
1939 Chunghwa Telecom Co., Ltd.
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei
Taoyuan, Taiwan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886 3 424 4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0

HiCOS PKI Native Smart Card
(Hardware Versions: HD65255C1 and HD65257C1; Firmware Versions: HardMask: 2.1 and SoftMask: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/30/2013 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1219); Triple-DES MAC (Triple-DES Cert. #1219, vendor affirmed); SHS (Cert. #1649); RSA (Cert. #957); DRBG (Cert. #155)

-Other algorithms: N/A

Single-chip

"The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate."
1938 SafeLogic, Inc.
530 Lytton Avenue
Suite 200
Palo Alto, CA USA

-SafeLogic Inside Sales

CST Lab: NVLAP 200556-0

CryptoComply™ | Mobile
(Software Version: 2.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 04/30/2013;
11/08/2013;
04/23/2014
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus; iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3; iOS 7 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"CryptoComply™ | Mobile is a standards-based "Drop-in Compliance" cryptographic engine for mobile devices. The module delivers core cryptographic functions to mobile platforms and features robust algorithm support, including Suite B algorithms. CryptoComply™ | Mobile offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation."
1937 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 200556-0

Symantec App Center Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/30/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus; iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Symantec App Center Cryptographic Module Version 1.0 provides cryptographic functions for Symantec App Center, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices."
1936 Mxtran Inc.
9F, No.16, Li-Hsin Road, Science Park
Hsin-chu, Taiwan 300
Republic of China

-C.W. Pang
TEL: +886-3-6661778#29300
FAX: +886-3-6662568

CST Lab: NVLAP 200824-0

Mxtran Payeeton Solution
(Hardware Version: MX12E320128E; Firmware Version: Simker v3.20)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/24/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1691); ECDSA (Cert. #340); HMAC (Cert. #1339); RNG (Cert. #1107); RSA (Cert. #1127); SHS (Cert. #1479); Triple-DES (Cert. #1091)

-Other algorithms: Triple-DES (Cert. #1091, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"Mxtran Payeeton Solution of Mxtran Inc. acts as a flexible platform for diversified mobile commerce services, allowing Mxtran clients to support both proximity payment and mobile payment via Short Message Service for prepaid, online paid and post-paid services including e-ticketing, e-coupons, access control, membership management and more. Mxtran leverages extensive integrated circuit expertise to deliver highly customizable, portable applications and payment services in a single handset."
1935 Cisco Systems, Inc.
170 West Tasman Drive,
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 5915 Embedded Services Routers
(Hardware Versions: Cisco 5915 ESR air-cooled card and Cisco 5915 ESR conduction-cooled card; Firmware Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/18/2013 Overall Level: 1 

-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2031); DRBG (Cert. #196); HMAC (Certs. #537 and #1232); RSA (Cert. #1055); SHS (Certs. #933 and #1779); Triple-DES (Certs. #757 and #1310)

-Other algorithms: DES; DES MAC; HMAC MD4; HMAC MD5; MD4; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)

Multi-chip embedded

"The Cisco 5915 ESR is a high-performance, ruggedized router designed for use in harsh environments-offering reliable operation in extreme temperatures and under shock and vibration conditions typical for mobile applications in rugged terrain. With onboard hardware encryption, the Cisco 5915 ESR offloads encryption processing from the routing engine to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks."
1934 VT iDirect, Inc.
13865 Sunrise Valley Drive
Suite 100
Herndon, VA 20171
USA

-Paul Harr
TEL: 703-648-8225
FAX: 703-648-8088

CST Lab: NVLAP 200556-0

Evolution e8350™ - FIPSL2 Satellite Router [1], iConnex e800™ - FIPSL2 Satellite Router Board [2], iConnex e850MP™ - FIPSL2 Satellite Router Board [3], Evolution eM1D1™ - FIPSL2 Line Card [4] and Evolution eM0DM™ - FIPSL2 Line Card [5]
(Hardware Versions: Part #E0000051-0005 [1]; Part #E0001340-0001 [2]; Part #E0000731-0004 [3]; Part #E0001306-0001 [4]; Part #E0001306-0002 [5]; Firmware Version: iDX version 2.3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/18/2013 Overall Level: 1 

-Physical Security: Level 2

-FIPS Approved algorithms: AES (Certs. #1944 and #1945); SHS (Cert. #1709); RNG (Cert. #1024); RSA (Cert. #1007); HMAC (Cert. #1173)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); PBKDF (non-compliant)

Multi-chip embedded

"iDirect's AES-based bidirectional TRANSEC, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical"
1933 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Ann-Marie Rubin
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 dm-crypt Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode with Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758, Red Hat Enterprise Linux 6.2 Kernel Crypto API Cryptographic Module validated to FIPS 140-2 under Cert. #1901, Red Hat Enterprise Linux 6.2 Libgcrypt Cryptographic Module validated to FIPS 140-2 under Cert. #1757 and NSS Cryptographic Module validated to FIPS 140-2 under Cert. #1837, each module shall be obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policies specifies the precise RPM file containing each module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/15/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 without AES-NI running on HP ProLiant DL585; Red Hat Enterprise Linux 6.2 with AES-NI running on IBM HS22; Red Hat Enterprise Linux 6.2 without AES-NI running on IBM HS22 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1968, #1969, #1970, #1971 and #1972); Triple-DES (Certs. #1278 and #1279); SHS (Certs. #1657, #1658, #1659, #1660, #1661, #1662, #1663, #1664, #1725, #1726, #1741 and #1742); HMAC (Certs. #1128, #1129, #1130, #1131, #1132, #1133, #1134, #1135, #1199 and #1200); RNG (Certs. #988, #991, #992 and #993); DSA (Certs. #628, #629, #634 and #635); PBKDF (vendor affirmed)

-Other algorithms: DES; AES-CTR (non-compliant); AES-XTS (non-compliant); AES-CBC (non-compliant)

Multi-chip standalone

"Device-mapper is an infrastructure in the Linux kernel that provides a generic way to create virtual layers of block devices on top of real block devices. dm-crypt is a device-mapper target that provides transparent encryption of block devices using the Kernel Crypto API shipped with RHEL 6.2. The user can specify one of the symmetric ciphers, a key (of any allowed size), an IV generation mode which allows the user to create a new block device in /dev. Writes to this device will be encrypted and reads decrypted transparent to the user."
1932 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco ASA 5505, ASA 5510, ASA 5520, ASA 5540, ASA 5550, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances
(Hardware Versions: 5505 [1, 2], 5510 [1], 5520 [1], 5540 [1], 5550 [1], 5580-20 [3], 5580-40 [3], 5585-X SSP-10 [4], 5585-X SSP-20 [4], 5585-X SSP-40 [4], 5585-X SSP-60 [4] with [FIPS Kit (DS-FIPS-KIT= Rev -BO)] [1], [ASA 5505 FIPS Kit (ASA5505-FIPS-KIT Rev-A0)] [2], [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT)] [3] or [ASA 5585 FIPS Kit (ASA5585-X-FIPS-KIT)] [4]; Firmware Version: 8.4.4.1)

(Validated when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy and when operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/08/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Certs. #105, #1407, #2047, #2049 and #2050); HMAC (Certs. #125, #301, #1244, #1246 and #1247); RNG (Certs. #144, #329, #772, #1068 and #1070); RSA (Certs. #106, #261, #1064, #1065 and #1066); SHS (Certs. #196, #630, #1791, #1793 and #1794); Triple-DES (Certs. #217, #559, #960, #1320 and #1321)

-Other algorithms: DES; HMAC MD5; MD5; NDRNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes"
1931 INSIDE Secure
Eerikinkatu 28
Helsinki, 00180
Finland

-Serge Haumont
TEL: +358 40 5808548

-Marko Nippula
TEL: +358 40 762 9394

CST Lab: NVLAP 200427-0

SafeZone FIPS Cryptographic Module
(Software Version: 1.0.3 and 1.0.3A)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/08/2013;
05/20/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux kernel 2.6 running on a Pandaboard; Android 2.3 running on a Pandaboard; Android 4.0 running on a Pandaboard; Android 4.4 running on a Samsung Galaxy Note 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2041 and #2837); CVL (Certs. #21 and #261); CVL (SP 800-135rev1, vendor affirmed); DRBG (Certs. #203 and #493); DSA (Certs. #648 and #854); ECDSA (Certs. #299 and #497); HMAC (Certs. #1240 and #1778); KBKDF (vendor affirmed); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Certs. #1061 and #1479); SHS (Certs. #1787 and #2378); Triple-DES (Certs. #1318 and #1697)

-Other algorithms: AES (Certs. #2041 and #2837, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"SafeZone FIPS Cryptographic Module is a FIPS 140-2 Security Level 1 validated software cryptographic module from INSIDE Secure. The module is a toolkit which provides the most commonly needed cryptographic primitives for a large variety of applications, including but not limited to, primitives needed for DAR, DRM, TLS, and VPN on mobile devices."
1930 SUSE Linux Products GmbH
Maxfeldstr. 5
Nuremberg, 90409
Germany

-Roman Drahtmüller
TEL: +49-911-74053127

CST Lab: NVLAP 200658-0

OpenSSL Module
(Software Version: 0.9.8j)

(The module generates cryptographic keys whose strengths are modified by available entropy. When installed, initialized and configured as specified in the security policy section 9.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/08/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SUSE Linux Enterprise Server 11 SP2 32-bit running on HP ProLiant DL380 without AES-NI; SUSE Linux Enterprise Server 11 SP2 32-bit running on HP ProLiant DL380 with AES-NI; SUSE Linux Enterprise Server 11 SP2 64-bit running on HP ProLiant DL380 without AES-NI; SUSE Linux Enterprise Server 11 SP2 64-bit running on HP ProLiant DL380 with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2052, #2053, #2054 and #2055); Triple-DES (Certs. #1323 and #1324); DSA (Certs. #650 and #651); SHS (Certs. #1797 and #1798); RNG (Certs #1073 and #1074); HMAC (Cert #1249 and #1250); RSA (Certs #1069 and #1070)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"The OpenSSL Module is a software library supporting FIPS 140-2 -approved cryptographic algorithms for the purposes of protecting data in transit and at rest on the SUSE Linux platforms."
1929 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124-3452
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: N/A

CST Lab: NVLAP 100432-0

SRA EX9000
(Hardware Version: P/N 101-500352-50 Rev A; Firmware Version: SRA 10.6.1)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/08/2013 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1868, #1869 and #1870); HMAC (Certs. #1113, #1114 and #1115); RNG (Cert. #980); RSA (Certs. #950 and #951); SHS (Certs. #1642, #1643 and #1644); Triple-DES (Certs. #1213, #1214 and #1215)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4

Multi-chip standalone

"Mobile enterprises with hundreds or even thousands of mobile users can enjoy secure, easy-to-manage remote access with the Dell® SonicWALL® Aventail® E-Class Secure Remote Access (SRA) EX9000 appliance. This clientless SSL VPN solution increases user productivity and maximizes IT control by providing authorized access to any application from a broad range of cross-platform devices."
1928 Christie Digital Systems Canada, Inc.
809 Wellington St. N.
Kitchener, Ontario N2G 4Y7
Canada

-Kevin Draper
TEL: 519-741-3741
FAX: 519-741-3912

CST Lab: NVLAP 200802-0

Christie IMB-S2 4K Integrated Media Block (IMB)
(Hardware Version: 000-102675-01; Firmware Versions: 1.0.1-2641 or 1.0.3-3047 or 1.1.0-3271 or 1.2.0-3400 or 1.2.1-3546)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/08/2013;
04/19/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2042 and #2043); SHS (Certs. #1788 and #1789); HMAC (Certs. #1241 and #1242); RNG (Cert. #1066); RSA (Cert. #1062)

-Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TI ECDH; TI S-box

Multi-chip embedded

"The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material."
1927 Feitian Technologies Co., Ltd.
Floor 17th, Tower B, Huizhi Mansion
No.9 Xueqing Road
Haidan District Beijing, 100085
People's Republic of China

-Tibi Zhang
TEL: 86-010-62304466 x821
FAX: 86-010-62304416

-Xiaozhi Zheng
TEL: 86-010-62304466 x531
FAX: 86-010-62304416

CST Lab: NVLAP 200427-0

FEITIAN-FIPS-COS
(Hardware Version: 1.0.0; Firmware Version: 1.0.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/08/2013 Overall Level: 2 

-Physical Security: Level 3

-FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991)

-Other algorithms: AES MAC (AES Cert. #1473; non-compliant); DES; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"FEITIAN-FIPS-COS, is both an integrated circuit and an operating system, and has been developed to support their ePass series USB1 tokens. These tokens are designed to provide strong authentication and identification and to support network logon, secure online transactions, digital signatures, and sensitive data protection. The FEITIAN-FIPS-COS provides all cryptographic functionality for their ePass line of products. ePass supports dual-factor authentication with an ISO27816-12 USB interface for the PC host connection acting as a smart card reader."
1926

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/08/2013;
12/13/2013
Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Single-chip

1925 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Ross Choi
TEL: 972-761-7628

-Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0

Samsung Key Management Module
(Software Version: KM1.1)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 04/04/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 on Galaxy S2 and Galaxy S3; Android Jelly Bean 4.1 on Galaxy Note II (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2048, #2098, #2142, #2143 and #2257); SHS (Certs. #1792, #1822, #1864, #1865 and #1944); RNG (Certs. #1069, #1080, #1097, #1098 and #1127); HMAC (Certs. #1245, #1273, #1309, #1310 and #1384); PBKDF (vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Provides general purpose key management services to user-space applications on the mobile platform."
1924 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

-Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0

HP MSR30/50 Routers with Encryption Accelerator Modules
(Hardware Versions: HP MSR30-10 with JG585A and JG582A, HP MSR30-10 DC with JG585A and JG582A, HP MSR30-40 with JG585A and JG580A, HP MSR30-40 DC with JG585A and JG580A, HP MSR30-60 with JG585A and JG581A, HP MSR30-60 DC with JG585A and JG581A, HP MSR30-20 PoE with JG585A and JG579A, HP MSR30-20 DC with JG585A and JG579A, HP MSR30-60 PoE with JG585A and JG581A, HP MSR50-40 with JG586A and JG583A and HP MSR50-60 with JG586A and JG584A; Software Version: 5.2; Firmware Version: 5.2)

(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/26/2013;
10/25/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Certs. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The HP MSR30/50 provides devices are suitable for a range of uses: core routers on small and medium enterprise networks, access routers for network branches on some large-sized enterprise networks, regional offices, and mid-sized businesses. Each device is based on the Comware 5.2 platform."
1923 Crossbeam Systems, Inc.
80 Central Street
Boxborough, MA 01719
USA

CST Lab: NVLAP 200556-0

X60 and X80-S Platforms
(Hardware Versions: (APM-9600, CPM-9600, NPM-9610 and NPM-9650) with XS-FIPS-LABEL-KIT; Firmware Version: XOS v9.9.0.0)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Certs. #1877 and #1878); Triple-DES (Certs. #1220 and #1221); RSA (Cert. #958); SHS (Certs. #1650 and #1651); RNG (Certs. #983); DSA (Cert. #587)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (Cert #961; non-compliant); PRNG (Cert #986; non-compliant); DSA (Cert #590; non-compliant); Blowfish; RC4; CAST128

Multi-chip standalone

"Crossbeam’s X-Series network security platform offers enterprises, service providers and governments an open, high-performance architecture that easily scales multiple security applications to meet changing security threats. Crossbeam intelligently manages risk and protects businesses from evolving threats."
1922 Hewlett-Packard Company
1160 Enterprise Way
Sunnyvale, CA 94089
USA

-Theresa Conejero
TEL: 650-265-3634
FAX: 650-265-5528

CST Lab: NVLAP 100432-0

HP Enterprise Secure Key Manager
(Hardware Versions: P/Ns AJ585A, Version 3.0 [1] and C8Z51AA, Version 3.1 [2]; Firmware Versions: 5.0.0 [1] and 5.1.0 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013;
05/16/2013;
01/01/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #2069); DRBG (Cert. #207); HMAC (Cert. #1254); CVL (Cert. #23); RSA (Cert. #1073); SHS (Cert. #1802); Triple-DES (Cert. #1328)

-Other algorithms: DSA (Cert. #653; non-compliant); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; MD5; RC4

Multi-chip standalone

"HP Enterprise Secure Key Manager (ESKM) provides key generation, retrieval, and management for encryption devices and solutions. ESKM is a hardened security appliance with secure access control, administration, and logging. ESKM supports high availability with automatic multi-site clustering, replication, and failover."
1921

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013 Overall Level: 2 

-Physical Security: Level 3

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1920

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013 Overall Level: 2 

-Physical Security: Level 3

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1919

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013 Overall Level: 2 

-Physical Security: Level 3

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1918 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 7600 Series Routers with Supervisor RSP720
(Hardware Versions: (7603-S, 7604, 7606-S, 7609-S, 7613, V02, V07, V13, V14 and -F0) with FIPS kit (Cisco-FIPS-KIT=); Firmware Version: 15.1(3)S3)

(Validated when tamper evident labels are installed as indicated in the Security Policy and when operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Certs. #598 and #2036); DRBG (Cert. #198); HMAC (Certs. #348 and #1234); RSA (Cert. #1056); SHS (Certs. #647 and #1781); Triple-DES (Certs. #569 and #1312)

-Other algorithms: DES; DES MAC; HMAC MD5; MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 7600-S Router is a compact, high-performance router designed in 3, 4, 6, 9 and 13-slot form factor for deployment at the network edge, where robust performance and IP/Multiprotocol Label Switching (MPLS) services are necessary to meet the requirements of both enterprises and service providers."
1917 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Sunil Chitnis
TEL: 408-333-2444
FAX: 408-333-4887

-Bob Colvin
TEL: 408-333-4839
FAX: 408-333-4887

CST Lab: NVLAP 200427-0

Brocade® MLXe® and Brocade NetIron® CER Series Ethernet Routers
(Hardware Versions: BR-MLXE-4-MR-M-AC, BR-MLXE-4-MR-M-DC, BR-MLXE-8-MR-M-AC, BR-MLXE-8-MR-M-DC, BR-MLXE-16-MR-M-AC, BR-MLXE-16-MR-M-DC, NI-CER-2024C-ADVPREM-AC, NI-CER-2024C-ADVPREM-DC, NI-CER-2024F-ADVPREM-AC, NI-CER-2024F-ADVPREM-DC, NI-CER-2048FX-ADVPREM-AC, NI-CER-2048FX-ADVPREM-DC, NI-CER-2048F-ADVPREM-AC, NI-CER-2048F-ADVPREM-DC, NI-CER-2048C-ADVPREM-AC, NI-CER-2048C-ADVPREM-DC, NI-CER-2048CX-ADVPREM-AC and NI-CER-2048CX-ADVPREM-DC with FIPS Kit (P/N Brocade XBR-000195) and NI-MLX-MR Management Module; Firmware Version: IronWare Software R05.1.01a)

(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8 and 13 as defined in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/21/2013 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1615); DRBG (Cert. #84); DSA (Cert. #503); HMAC (Cert. #947); RSA (Cert. #793); SHS (Cert. #1424); Triple-DES (Cert. #1056)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Brocade MLXe series of core routers support IPv4, IPv6, MPLS and advanced Layer 2 switching. Ideally suited for service provider backbones, Metro Ethernet networks, ISPs, CDNs, IXPs, data centers, and distributed enterprises. The NetIron CER 2000 series 1 Gigabit Ethernet (GbE) routers support copper and hybrid fiber configurations with two optional 10 GbE uplink ports. All the ports support forwarding IP and MPLS packets at wire speed without oversubscription. The routers support standard IPv4, IPv6 routing protocols, RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-IS for IPv6, and BGP/BGP-MP for IPv6."
1916

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013 Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Single-chip

1915 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Ross Choi
TEL: 972-761-7628

-Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0

Samsung Kernel Cryptographic Module
(Software Versions: SKC1.4.1, SKC 1.4.1.1 and SKC.1.4.1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/20/2013;
05/23/2013;
06/21/2013
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 running on Galaxy S3; Android Jelly Bean 4.1 running on Note II; Android Jelly Bean 4.2 running on Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2056, #2097, #2141, #2144, #2256 and #2392); SHS (Certs. #1799, #1821, #1863, #1866, #1943 and #2054); RNG (Certs. #1075, #1079, #1096, #1099, #1126 and #1184); Triple-DES (Certs. #1325, #1334, #1361, #1362, #1411 and #1491); HMAC (Certs. #1251, #1272, #1308, #1311, #1383 and #1483)

-Other algorithms: DES; AES-CTS (non-compliant); Triple-DES (CTR; non-compliant); Twofish; AEAD; MD5; ansi_cprng; ARC4; GHASH (GCM hash)

Multi-chip standalone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
1914 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

-Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0

HP MSR30/50 Routers
(Hardware Versions: HP MSR30-10 with JG585A and JG582A, HP MSR30-20 with JG585A and JG579A, HP MSR30-40 with JG585A and JG580A, HP MSR30-60 with JG585A and JG581A, HP MSR30-20 PoE with JG585A and JG579A, HP MSR 30-40 PoE with JG585A and JG580A, HP MSR30-60 PoE with JG585A and JG581A, HP MSR50-40 with JG586A and JG583A, HP MSR50-60 with JG586A and JG584A, HP MSR50-40 DC with JG586A and JG583A and HP MSR50-60 DC with JG586A and JG584A; Software Version: 5.2; Firmware Version: 5.2)

(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/20/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The HP MSR30/50 provides devices are suitable for a range of uses: core routers on small and medium enterprise networks, access routers for network branches on some large-sized enterprise networks, regional offices, and mid-sized businesses. Each device is based on the Comware 5.2 platform."
1913 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

-Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0

HP A-Series Routers
(Hardware Versions: HP 6602 with JG586A and JG575A, HP 6604 with JG586A and JG578A, HP 6608 with JG586A and JG577A, HP 6616 with JG586A and JG576A, HP 8805 with JG586A and JG570A, HP 8808 with JG586A and JG571A and HP 8812 with JG586A and JG572A; Software Version: 5.2; Firmware Version: 5.2)

(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/20/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The HP A-series provides devices are suitable for a range of uses: in IP backbone networks, IP metropolitan area networks (MANs), or the core or convergence layers of large IP networks. The A-series routers provide a flexible, modular form factor."
1912 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

-Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0

HP Networking Switches
(Hardware Versions: HP 5120-24G EI with JG585A and JG557A, HP 5120-48G EI with JG585A and JG557A, HP 5120-24G-PoE+ EI with JG585A and JG559A, HP 5120-48G-PoE+ EI with JG585A and JG559A, HP 5500-24G EI with JG585A and JG557A, HP 5500-24G-PoE+ EI with JG585A and JG559A, HP 5500-24G-SFP EI with JG585A and JG558A, HP 5500-48G EI with JG585A and JG557A, HP 5500-48G-PoE+ EI with JG585A and JG559A, HP 5800-24G with JG585A and JG563A, HP 5800-24G-PoE+ with JG585A and JG560A, HP 5800-24G-SFP with JG585A and JG562A, HP 5800-48G with JG585A and JG563A, HP 5800-48G-PoE with JG585A and JG560A, HP 5800-48G-2slot with JG585A and JG561A, HP 5820-14XG-SFP with JG585A and JG561A, HP 5820-24XG-SFP with JG585A and JG564A, HP 7510 with JG586A and JG565A, HP 7506 with JG586A and JG566A, HP 7506V with JG586A and JG567A, HP 7503 with JG586A and JG568A, HP 7502 with JG586A and JG569A, HP 7503-S with JG586A and JG569A, HP 9505 with JG586A and JG570A, HP 9508V with JG586A and JG571A, HP 9512 with JG586A and JG572A, HP 12504 with JG586A and JG721A, HP 12508 with JG586A and HP 12518 with JG586A; Software Version: 5.2; Firmware Version: 5.2)

(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 03/20/2013;
07/31/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"HP Networking Box Switches are focused on enterprise access and aggregation application or datacenter application and are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The series includes fixed-port L2/L2+ managed Ethernet switch appliances, fixed-port L3 managed Ethernet switch appliances, and modular Ethernet switches. Each device is based on the Comware 5.2 platform."
1911 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

-Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0

HP A-Series Routers with VPN Firewall Module
(Hardware Versions: HP 6604 with JG586A and JG578A, HP 6608 with JG586A and JG577A, HP 6616 with JG586A and JG576A, HP 8805 with JG586A and JG570A, HP 8808 with JG586A and JG571A and HP 8812 with JG586A and JG572A; Software Version: 5.2; Firmware Version: 5.2)

(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/20/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The HP A-series provides devices are suitable for a range of uses: in IP backbone networks, IP metropolitan area networks (MANs), or the core or convergence layers of large IP networks. The A-series routers provide a flexible, modular form factor."
1910 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

-Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0

HP Networking Switches with VPN Firewall
(Hardware Versions: HP 7510 with JG586A and JG565A, HP 7506 with JG586A and JG566A, HP 7506V with JG586A and JG567A, HP 7503 with JG586A and JG568A, HP 7502 with JG586A and JG569A, HP 7503-S with JG586A and JG569A, HP 9505 with JG586A and JG570A, HP 9508V with JG586A and JG571A, HP 9512 with JG586A and JG572A, HP 12504 with JG586A and JG721A, HP 12508 with JG586A and HP 12518 with JG586A; Software Version: 5.2; Firmware Version: 5.2)

(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/20/2013;
07/31/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"HP Networking Box Switches are focused on enterprise access and aggregation application or datacenter applicationan are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The series includes modular Ethernet switches. Each device is based on the Comware 5.2 platform."
1909 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747
FAX: n/a

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2)
(Hardware Version: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL, WS-SUP720-3B, VS-S720-10G-3C or VS-S720-10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K-K9 [B, C, D], WS-SVC-WISM2-K-K9= [B, C, D], WS-SVC-WISM2-K9= [A, B, C, D], WS-SVC-WISM2-5-K9= [A, B, C, D], WS-SVC-WISM2-3-K9= [A, B, C, D], WS-SVC-WISM2-1-K9= [A, B, C, D], WS-SVC-WISM2-5-K9 [A, B, C, D], WS-SVC-WISM2-3-K9 [A, B, C, D] or WS-SVC-WISM2-1-K9 [A, B, C, D]]; Firmware Version: Supervisor Blade: Cisco IOS Release 12.2.33SXJ, Cisco IOS Release 12.2.33SXJ1, or Cisco IOS Release 12.2.33SXJ2; WiSM2: 7.0.230.0 [A], 7.2.103.0 [B], 7.2.115.1 [C] or 7.2.115.2 [D])

(When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/20/2013;
05/16/2013;
07/12/2013
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1908 Panzura, Inc.
22 Great Oaks Blvd # 150
San Jose, CA 95119
USA

-Randy Chou
TEL: 408-457-8504

CST Lab: NVLAP 100432-0

Panzura Cryptographic Module 4.2
(Software Version: 4.2)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/20/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with Panzura Cloud Controller 8.0 running on Dell PowerEdge R410 with AES-NI; Panzura Cloud Controller 8.0 on VMware ESX running on Dell PowerEdge R410 with AES-NI; Panzura Cloud Controller 8.0 on VMware ESX running on Dell PowerEdge R410 (single user mode)

-FIPS Approved algorithms: AES (Cert. #2269); DRBG (Cert. #278); DSA (Cert. #707); HMAC (Cert. #1389); RNG (Cert. #1130); RSA (Cert. #1162); SHS (Cert. #1951); Triple-DES (Cert. #1417); ECDSA (Cert. #366); CVL (Cert. #42)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"The Panzura Cryptographic Module provides validated cryptographic services for multiple Panzura products."
1907 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco Aironet® CAP3602E and CAP3602I Wireless LAN Access Points
(Hardware Versions: CAP3602E Revision B0 and CAP3602I Revision B0; FIPS Kit AIR-AP-FIPSKIT=, Version B0; Firmware Version: 7.2.103.0, 7.2.115.1 or 7.2.115.2)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/14/2013;
05/03/2013;
05/16/2013;
07/12/2013
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1991, #1992 and #1993); HMAC (Certs. #1204 and #1205); RNG (Cert. #1046); RSA (Cert. #1033); SHS (Certs. #1746 and #1747)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5

Multi-chip standalone

"The Cisco Aironet® 3600 Series sustains reliable connections at higher speeds further from the access point than competing solutions, resulting in up to three times more availability of 450 Mbps rates, and optimizing the performance of more mobile devices. Cisco Aironet® 3600 Series is an innovative, modular platform that offers unparalleled investment protection with future module expansion to support incoming 802.11ac clients with 870 Mbps rates, or offer comprehensive security and spectrum monitoring and control."
1906 Biscom, Inc.
321 Billerica Road
Chelmsford, MA 01824
USA

-Bill Ho
TEL: 978-367-3544
FAX: 978-367-9624

-Sharif Rahman
TEL: 978-367-3544
FAX: 978-367-9624

CST Lab: NVLAP 200427-0

Biscom Cryptographic Library Version 1.0
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/12/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) with Sun JRE 6.0 running on a Dell Optiplex 790 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2029); HMAC (Cert. #1231); RNG (Cert. #1062); SHS (Cert. #1778)

-Other algorithms: N/A

Multi-chip standalone

"The Biscom Cryptographic Library (the cryptographic module or the module) provides cryptographic security functions as Java APIs for application developers to integrate cryptographic services into Biscom applications or systems. The module is distributed only as an integrated subcomponent of the Biscom Delivery Server (BDS). The Biscom Cryptographic Library provides security functions for encryption, decryption, random number generation, hashing, getting the status of the integrity test, and running the self-tests. The library is used by the application"
1905 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module
(Hardware Versions: ST900MM0036 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], ST600MM0036 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], ST450MM0036 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], ST1200MM0027 [15, 16, 17, 18, 19, 20, 21, 22, 23, 24], ST4000NM0063 [25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39], ST3000NM0063 [25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39], ST2000NM0063 [25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39], ST1000NM0063 [25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39], ST4000NM0073 [40, 41], ST3000NM0073 [40, 41], ST2000NM0073 [40, 41], ST1000NM0073 [40, 41], ST600MP0054 [42, 45, 48], ST600MP0084 [43, 46, 49], ST450MP0054 [42, 45, 48], ST450MP0084 [43, 46, 49], ST450MP0024 [44, 47], ST300MP0054 [42, 45, 48], ST300MP0084 [43, 46, 49], ST300MP0024 [44, 47], ST600MX0024 [50], ST600MX0054 [51], ST450MX0024 [50], ST450MX0054 [51], ST300MX0024 [50] and ST300MX0054 [51]; Firmware Versions: A000 [1, 25], 0001 [2, 15], LSF5 [3], LEF5 [4], 0002 [5, 26], NA00F740 [6], NA009A40 [7], 0003 [8], LE05 [9], LF81 [10], 3P00 [11, 31], LSF6 [12], LE09 [13], LEF6 [14], ISF2 [16], IEF2 [17], 0002 [18], ISF3 [19], IEF4 [20], IEF5 [21], ISF4 [22], IEF6 [23], IEF7 [24], GSF3 [27], GEF3 [28], 0003 [29], NA009A40 [30], GE06 [31], GF81 [32], GSF4 [33], GEF4 [35], GE09 [36], 0004 [37], GSF5 [38], GEF5 [39], F001 [40], SF03 [41], FE01 [42], FK01 [43], FN01 [44], EF02 [45, 50], KF02 [46, 51], NF02 [47], VEE1 [48] and VF12 [49])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/12/2013;
05/22/2013;
05/31/2013;
08/09/2013;
11/08/2013;
02/20/2014;
04/03/2014;
06/05/2014;
09/26/2014
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1343, #1974 and #2068); DRBG (Cert. #62); RSA (Cert. #1021); SHS (Cert. #1225)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure® TCG Enterprise SSC FIPS 140 Module is embodied in Savvio®, Enterprise Performance®, Enterprise Turbo® and Constellation® model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instant user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1904 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200427-0

Fortress Mesh Points
(Hardware Versions: ES210, ES2440, ES440, ES520v1, ES520v2 or ES820; Firmware Versions: 5.4.1, 5.4.3 or 5.4.4.1190)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/20/2013;
05/17/2013;
06/14/2013
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #688, #694 and #1519); DRBG (Cert. #66); ECDSA (Cert. #371); HMAC (Certs. #367, #371 and #889); KAS (Cert. #10); RNG (Certs. #402 and #406); RSA (Cert. #439); SHS (Certs. #717, #721 and #1357)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1903 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Loadable Kernel Module
(Software Versions: 5.5f and 5.5.1f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/22/2013;
03/28/2013;
01/23/2014;
02/20/2014;
04/03/2014;
11/25/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 2.2 running on a LG Optimus 3D (LG-P920); Android 2.3 running on a LG G2X (LG-P999); Android 4.0 running on a Samsung Nexus-S (GT-I9023); Android 4.1 running on a LG Optimus (LG-P920); Ubuntu Linux 32 bit running on a Dell Dimension 9200; Ubuntu Linux 64 bit running on a Dell Dimension 9200; Android 4.3 running on Asus TF 700 Tablet; Android 4.4 running on Nexus 7 Tablet (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2039, #2272 and #2741); Triple-DES (Certs. #1316 and #1650); SHS (Certs. #1785 and #2313); HMAC (Certs. #1238 and #1718); RNG (Certs. #1065 and #1266); DRBG (Certs. #201 and #460)

-Other algorithms: NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1902 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Laurence Hamid
TEL: 819-595-3069

CST Lab: NVLAP 100432-0

Imation S250/D250
(Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Version: 4.5.0)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/21/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF2 (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1901 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Ann-Marie Rubin
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 Kernel Crypto API Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode with Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837, Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs is automatically verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/21/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 without AES-NI running on HP ProLiant DL585; Red Hat Enterprise Linux 6.2 with AES-NI running on IBM HS22; Red Hat Enterprise Linux 6.2 without AES-NI running on IBM HS22 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1968, #1969, #1970, #1971 and #1972); Triple-DES (Certs. #1278 and #1279); SHS (Certs. #1725 and #1726); HMAC (Certs. #1187, #1188, #1199 and #1200); RNG (Certs. #1033, #1034, #1035, #1036 and #1037); DSA (Certs #628, #629, #634 and #635)

-Other algorithms: DES; Triple-DES (CTR; non-compliant); AES (192 bits, XTS; non-compliant); RNG (X9.31 with stdrng or ansi_cprng; non-compliant)

Multi-chip standalone

"The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 6.2 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator."
1900 Gemalto
Avenue du Pic de Bertagne - BP100
Gemenos, 13881
France

-Anthony Vella
TEL: +33 4 42 36 61 38
FAX: +33 4 42 36 52 36

CST Lab: NVLAP 100432-0

MultiApp ID V2.1 Platform
(Hardware Version: P5CC081 [1] and P5CC145 [2]; Firmware Version: MultiApp ID V2.1 with softmask V2.2 [1] and V2.4 [2] and Demonstration Applet V1.1 [1,2])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/21/2013 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: RNG (Cert. #1023); Triple-DES (Cert. #1264); Triple-DES MAC (Triple-DES Cert. #1264, vendor affirmed); AES (Cert. #1943); RSA (Certs. #1006 and #1010); SHS (Certs. #1706 and #1707); ECDSA (Cert. #280); CVL (Cert. #17)

-Other algorithms: Triple-DES (Cert. # 1264, key wrapping; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman

Single-chip

"MultiApp V2.1 is a highly secured smartcard contact-only platform from Gemalto complying with Javacard 2.2.2 and GP 2.1.1 standards and operated on NXP P5CC081 and P5CC145 chips. Its cryptographic library implements TDES, AES, SHA, RSA, RSA CRT, ECDSA, ECC CDH and RNG ANSX9.31 algorithms. This modular and flexible platform serves various needs, enabling secure data storage, identification, authentication and digital signatures (AS) with biometry control. This field-proven OS has the largest number of references in national ID programs, thus ensuring a secure investment."
1899 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Dump Filter (DUMPFVE.SYS)
(Software Version: 6.2.9200)

(When installed, initialized and configured as specified in the Security Policy Section 2 with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/13/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2196 and #2198)

-Other algorithms: N/A

Multi-chip standalone

"The BitLocker® Dump Filter (DUMPFVE.SYS) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1898 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, and Microsoft Surface Windows 8 Pro BitLocker® Windows Resume (WINRESUME)
(Software Version: 6.2.9200)

(When operated in FIPS mode with module Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/06/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

-Other algorithms: MD5

Multi-chip standalone

"BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1897 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL)
(Software Version: 6.2.9200)

(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/06/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

-Other algorithms: MD5

Multi-chip standalone

"Code Integrity (CI.DLL) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1896 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD)
(Software Version: 6.2.9200)

(When operated in FIPS mode with module Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/06/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

-Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG

Multi-chip standalone

"The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files. Please note that AES (Cert. #2197) is only used in the entropy source for the module. This particular instance of AES is labeled as non-compliant because it does not perform a power-up self-test. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1895 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager
(Software Version: 6.2.9200)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/13/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

-Other algorithms: MD5

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1894 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Enhanced Cryptographic Provider (RSAENH.DLL)
(Software Version: 6.2.9200)

(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/27/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with [Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8] (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Enhanced Cryptographic Provider (RSAENH.DLL) encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 validated cryptography. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1893 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
(Software Version: 6.2.9200)

(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/13/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 validated cryptography. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1892 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
(Software Version: 6.2.9200)

(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/06/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)

Multi-chip standalone

"The Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1891 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS)
(Software Version: 6.2.9200)

(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/06/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)

Multi-chip standalone

"Kernel Mode Cryptographic Primitives Library (CNG.SYS) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet). This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1890 IBM Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, GA 30328
USA

-Scott Sinsel
TEL: 404-236-2722
FAX: 404-236-2632

CST Lab: NVLAP 200416-0

SiteProtector Cryptographic Module
(Software Version: 1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/19/2013 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2003 R2 Standard, Version 5.2 SP 2 on an IBM eServer 326m running on an AMD Opteron Processor 270

-FIPS Approved algorithms: AES (Cert. #1181); HMAC (Cert. #681); RNG (Cert. #652); RSA (Cert. #562); SHS (Cert. #1090)

-Other algorithms: MD5; RSA (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"IBM Proventia+ Management SiteProtectorTM system is a security management system that provides centralized command and control, analysis, reporting and workflow for all ISS IBM Protection devices and select third-party security solutions including network IPS, Network Multi-Function, Server, Endpoint, Vulnerability Assessment, Application Assessment, and DLP. All of these IBM ISS security components have a common update and policy management system as well. The SiteProtector system provides an in-depth security event analysis capability that is specific to the needs of security analysts."
1889 Stanley Security Solutions, Inc.
6161 E 75th Street
PO Box 50444
Indianapolis, IN 46250
USA

-Mr. Robert Strong
TEL: 317-806-3288

-Mr. Thomas Schuster
TEL: 317-806-3150

CST Lab: NVLAP 100414-0

Wi-Q OMW (OW2000) [1], WAC (SDC2K) [2], WDC [3] and WXC [4] Controllers
(Hardware Versions: 12681B [1]; 82065A [2]; 82069B [3]; 82069C [3]; 82069E [3]; 82069F [3] 82376C [4]; 82376D [4]; 82376F [4]; 82376G [4]; Firmware Version: 3.00.039)

(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/13/2013 Overall Level: 1 

-FIPS Approved algorithms: SHS (Cert. #1583); AES (Cert. #1802)

-Other algorithms: N/A

Multi-chip embedded

"The Stanley Wi-Q Controller Cryptographic Module is a wireless end point device that communicates via proprietary 802.15.4 protocol to a Stanley Wi-Q Portal Gateway module. The Stanley Wi-Q Controller provides secure key entry and data encryption functions within the Stanley Wi-Q Wireless Access Control System."
1888 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco Aironet 1552E Outdoor Access Point
(Hardware Version: AIR-CAP1552E-A-K9 Revision: B0; FIPS Kit Version AIRLAP-FIPSKIT=; Firmware Versions: 7.0.116.0, 7.0.230.0, 7.0.240.0, 7.0.250.0, 7.2.103.0, 7.2.115.1 or 7.2.115.2)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/11/2013;
03/28/2013;
05/03/2013;
05/16/2013;
07/12/2013;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1357 and #1359); HMAC (Cert. #794); RNG (Cert. #746); RSA (Cert. #660); SHS (Cert. #1238)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); RC4; MD5; HMAC MD5

Multi-chip standalone

"The Cisco Aironet 1552E Outdoor Access Point is the standard model, dual-radio system with dual-band radios that are compliant with IEEE 802.11a/n (5-GHz) and 802.11b/g/n standards (2.4 GHz). The 1552E has three external antenna connections for three dual-band antennas. It has Ethernet and fiber Smaill Form-Factor Pluggable (SFP) backhaul options, along with the option of a battery backup. This model also has a PoE-out port and can power a video surveillance camera."
1887 Cambium Networks Ltd.
Unit B2, Linhay Business Park
Ashburton, Devon TQ12 7UP
United Kingdom

-Mark Thomas
TEL: +44 1364 655586
FAX: +44 1364 655500

CST Lab: NVLAP 100432-0

Cambium PTP 600 Series Point to Point Wireless Ethernet Bridges
(Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Versions: PTP600-10-00-FIPS, PTP600-10-05-FIPS or PTP600-10-07-FIPS)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013;
02/22/2013;
06/14/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The 600 Series of Point-to-Point wireless Ethernet bridges operates in the 2.5, 4.5, 4.8, 4.9, 5.4, 5.8 and 5.9 GHz spectrum, offering high performance Ethernet and TDM connectivity in line-of-sight and non-line-of-sight environments. PTP 600 links have class-leading sensitivity and power output, supporting data rates up to 300 Mbps and range up to 124 miles. This series of secure wireless bridges makes cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers, utilities, transportation agencies and public safety organizations."
1886 Comtech EF Data Corporation
2114 West 7th Street
Tempe, AZ 85281
USA

-Wallace Davis
TEL: 480-333-2189

CST Lab: NVLAP 200427-0

DMD2050E TRANSEC Module
(Hardware Version: PL-0000192-1, Revision A; Firmware Version: 1.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #2025 and #2026); ECDSA (Cert. #296); HMAC (Cert. #1228); RNG (Cert. #1061); RSA (Cert. #1053); SHS (Cert. #1775); Triple-DES (Cert. #1309)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength);RSA (key transport; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256-bits of encryption strength); MD5

Multi-chip embedded

"The Comtech EF Data FIPS Security Module features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via the DMD2050E Satellite Modem, as well as firmware to provide the cryptographic functions needed to act as an endpoint for TLS and SSH management, and control traffic."
1885 Curtiss-Wright Controls Defense Solutions
2600 Paramount Place, Suite 200
Fairborn, OH 45324
USA

-Paul Davis
TEL: 937-610-5421
FAX: 937-252-1480

-Matt Young
TEL: 937-610-5457
FAX: 937-252-1480

CST Lab: NVLAP 200427-0

3U VPX-1TB FSM Flash Storage Module
(Hardware Versions: RHFS-3UR1024-F, RHFS-3UJ1024-F; Firmware Version: 1.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 02/08/2013;
05/16/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #250 and #1978); DRBG (Cert. #180); HMAC (Cert. #1191); SHS (Cert. #1732)

-Other algorithms: TRNG

Multi-chip embedded

"The Flash Storage Module (FSM) AES cryptographic engine uses 256-bit encryption keys and performs real-time encryption of all data written to or read from solid state drives. The FSM cryptographic engines provides maximum data-at-rest security in commercial and military applications."
1884 Totemo AG
Freihofstrasse 22
Küsnacht, CH-8700
Switzerland

-Marcel Mock
TEL: +41 44 914 99 00

-Daniel Raap
TEL: +41 44 914 99 00

CST Lab: NVLAP 200928-0

Totemo Cryptographic Module (TCM)
(Software Version: 2.0)

(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/08/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Totemo Appliance OS 2.0 v0711 with JRE 7.0 running on a Apligo NSA 7110 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2059); Triple-DES (Cert. #1326); DSA (Cert. #652); RSA (Cert. #1071); ECDSA (Cert. #302); SHS (Cert. #1800); DRBG (Cert. #206); HMAC (Cert. #1252)

-Other algorithms: AES (Cert. #2059, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1326, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Totemo Cryptographic Module supplies the cryptographic services required by the Totemo Security Platform (TSP) and the Totemo products which provides secure email, file transfer, and mobile messaging solutions. These solutions secure all types of communication without any infrastructure prerequisites."
1883 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Andrew Young
TEL: 443-327-1183
FAX: 410-931-7524

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 100432-0

eToken 5100, 5105, 5200 and 5205
(Hardware Versions: eToken 5100, eToken 5105, eToken 5200 and eToken 5205; Firmware Version: Athena IDProtect 0106.0113.2109 with SafeNet eToken Applet Suite 1.2.9)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013;
02/15/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"SafeNet eToken is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business resources."
1882 Entrust, Inc.
One Lincoln Centre
5400 LBJ Freeway
Suite 1340
Dallas, TX 75240
USA

-Entrust Sales

CST Lab: NVLAP 100432-0

Entrust IdentityGuard PIV Credential
(Hardware Version: SCHW 1.0; Firmware Version: SCOS 1.0 with Entrust IdentityGuard PIV Applet 1.0.1 Patch 172799)

(PIV Card Application: Cert. #33)

(When operated in FIPS mode with PIN policies configured as indicated in the Security Policy Section 9)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013;
02/06/2014;
05/28/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: RNG (Cert. #942); Triple-DES (Cert. #1144); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); AES (Cert. #1769); RSA (Cert. #885); ECDSA (Cert. #237); CVL (Cert. #5); CVL (Certs. #219 and #223)

-Other algorithms: HW RNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1769, key wrapping; key establishment methodology provides 256 bits of encryption strength); Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"The Entrust IdentityGuard PIV Credential is a cryptographic module intended for use by US Federal agencies and other markets that require smartcards conformant with the PIV standards. The module can also be configured for use in markets where the set of keys and data objects, or the access control rules governing their use, differ from the PIV data model."
1881 WinMagic Inc.
200 Matheson Boulevard West
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Alexander Mazuruc
TEL: 905-502-7000 ext. 225
FAX: 905-502-7001

CST Lab: NVLAP 200928-0

SecureDoc® Disk Encryption Cryptographic Engine for MacOS X
(Software Version: 6.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/04/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7 Lion 32-bit running on a MacBook Pro; Mac OS X 10.7 Lion 64-bit running on a MacBook Pro (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1924 and #1925); SHS (Cert. #1690); RNG (Cert. #1012); HMAC (Cert. #1159)

-Other algorithms: AES (Certs. #1924 and #1925, key wrapping)

Multi-chip standalone

"SecureDoc® Disk Encryption Cryptographic Engine for MacOS X provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on MacOS X platform. The module employs PKCS-11 cryptographic standard to deliver full disk and removable media encryption on Apple computers and laptops."
1880 WinMagic Inc.
200 Matheson Boulevard West
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Alexander Mazuruc
TEL: 905-502-7000 ext. 225
FAX: 905-502-7001

CST Lab: NVLAP 200928-0

SecureDoc® Disk Encryption Cryptographic Engine for Windows
(Software Version: 6.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/04/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 32-bit running on an Acer Aspire 7745G Intel Core i7, Microsoft Windows 7 32-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI, Microsoft Windows 7 64-bit running on an Acer Aspire 7745G Intel Core i7, Microsoft Windows 7 64-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1924 and #1925); SHS (Cert. #1690); RNG (Cert. #1012); HMAC (Cert. #1159)

-Other algorithms: AES (Certs. #1924 and #1925, key wrapping)

Multi-chip standalone

"SecureDoc® Disk Encryption Cryptographic Engine for Windows provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on Windows platform. The module employs PKCS-11 cryptographic standard to deliver full disk encryption and other data protection solutions for General Purpose Computers, laptops and removable media."
1879 TechGuard Security
28 Hawk Ridge Circle
Suite 107
Lake St. Louis, MO 63367
USA

-David Maestas
TEL: 636-489-2230

CST Lab: NVLAP 200002-0

PoliWall-CCF M10 [1], M50 [2], G01 [3] and G10 [4] Series Security Appliance
(Hardware Versions: PW-CCF-M10-01C [1], PW-CCF-M50-01C [2], PW-CCF-G01-01C [3], PW-CCF-G01-01F [3], PW-CCF-G10-01X [4] and PW-CCF-G10-01F [4] with FIPS Kits: (PW-CCF-M10-FK1 [1,2], PW-CCF-G01-FK1 [3] and PW-CCF-G10-FK1 [4]); Software Version: 2.02.3101)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 02/04/2013 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1600 and #1601); RSA (Cert. #782); RNG (Cert. #857); SHS (Certs. #1412 and #1413)

-Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The TechGuard Security PoliWall is a network boundary device that rapidly determines the country of origin for all incoming packets using HIPPIE (High-speed Internet Protocol Packet Inspection Engine) technology. Packets are filtered according to defined policies, exception lists, and Pre-Compiled Exception Lists (PCEL) that are bound to rule groups for specific network addresses and protocols. PoliWall also provides administrators with the ability to create maps which exclude traffic from selected countries."
1878 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Versions: 5.5f and 5.5.1f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/31/2013;
03/28/2013;
01/23/2014;
04/03/2014;
11/25/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 2.2 running on a LG Optimus 3D (LG-P920); Android 2.3 running on a LG G2X (LG-P999); Android 4.0 running on a Samsung Nexus-S (GT-I9023); Android 4.1 running on a LG Optimus (LG-P920); Ubuntu Linux 32 bit running on a Dell Dimension 9200; Ubuntu Linux 64 bit running on a Dell Dimension 9200; Android 4.3 running on Asus TF 700 Tablet; Android 4.4 running on Nexus 7 Tablet; VxWorks 6.8 running on Avaya ERS 4850 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2039, #2272 and #2741); Triple-DES (Certs. #1316 and #1650); SHS (Certs. #1785 and #2313); HMAC (Certs. #1238 and #1718); RSA (Certs. #1059 and #1437); DSA (Certs. #647 and #840); ECDSA (Certs. #298 and #479); RNG (Certs. #1065 and #1266); DRBG (Certs. #201 and #460)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1877 Palo Alto Networks
3300 Olcott Street
Santa Clara, CA 95054
USA

-Jake Bajic
TEL: 408-753-3901
FAX: 408-753-4001

CST Lab: NVLAP 100432-0

PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series Firewalls
(Hardware Versions: HW P/Ns 910-000006-00O Rev. O with FIPS Kit P/N 920-000005-00A Rev. A (PA-500), 910-000094-00O Rev. O with FIPS Kit P/N 920-000005-00A (PA-500-2GB), 910-000004-00Z Rev. Z with FIPS Kit P/N 920-000004-00A Rev. A (PA-2020), 910-000003-00Z Rev. Z with FIPS Kit P/N 920-000004-00A Rev. A (PA-2050), 910-000002-00AB Rev. AB with FIPS Kit P/N 920-000003-00A Rev. A (PA-4020), HW P/N 910-000001-00AB Rev. AB with FIPS Kit P/N 920-000003-00A Rev. A (PA-4050), 910-000005-00S Rev. S with FIPS Kit P/N 920-000003-00A Rev. A (PA-4060), 910-000010-00F Rev. F w/ FIPS Kit P/N 920-000037-00A Rev. A (PA-5020), 910-000009-00F Rev. F w/ FIPS Kit P/N 920-000037-00A Rev. A (PA-5050) and 910-000008-00F Rev. F w/ FIPS Kit P/N 920-000037-00A Rev. A (PA-5060); Firmware Version: 4.0.10 or 4.0.12-h2)

(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/30/2013;
08/16/2016
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1987); RSA (Cert. #1031); HMAC (Cert. #1201); SHS (Cert. #1743); RNG (Cert. #1044)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES

Multi-chip standalone

"The Palo Alto Networks PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique idenification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications."
1876 Apricorn Inc.
12191 Kirkham Road
Poway, CA 92064
USA

-Robert Davidson
TEL: 858-513-4430
FAX: 858-513-2020

CST Lab: NVLAP 100432-0

Apricorn Aegis Secure Key
(Hardware Versions: ASK-256-4GB [1], ASK-256-8GB [2], ASK-256-16GB [3] and ASK-256-32GB [4]; Firmware Versions: V01.12A13-F05 and V01.12A14-F05 20120817 [1], V01.12A13-F04 and V01.12A14-F05 20120817 [2], V01.12A15 Code Package-111130 and V01.12A14-F05 20120817 [3] and V01.12A14-F05 20120817 [4] with Security Controller Firmware Revision iStorage v6 [1] [2] [3] and iStorage v12 [1] [2] [3] [4])

(Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/30/2013
03/08/2013;
03/28/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177)

-Other algorithms: NDRNG

Multi-chip standalone

"The Apricorn Aegis Secure Key is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology. The Apricorn Aegis Secure Key uses full-disk hardware based AES 256 bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG)."
1875 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with Wireless Services Modules (WiSMs)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2] and P/N 800-26335 [3, 4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL or WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions: Supervisor Blade: Cisco IOS Release 12.2.33-SXI3 or Cisco IOS Release 12.2.33-SXH5; WiSM: 7.0.230.0, 7.0.240.0 or 7.0.250.0)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/25/2013;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1874 Ultra Stereo Labs, Inc.
181 Bonetti Drive
San Luis Obispo, CA 93401
USA

-Larry McCrigler
TEL: 805-549-0161
FAX: 805-549-0163

CST Lab: NVLAP 100432-0

IMB-1000 HFR and IMB-1200 HFR Secure Media Blocks
(Hardware Versions: Rev. 11 and 12; Firmware Version: 08162012)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/18/2013 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1459, #1460 and #1964); HMAC (Certs. #856 and #857); SHS (Certs. #1320 and #1321); RNG (Cert. #798); RSA (Cert. #712); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; TI S-BOX; EC Diffie-Hellman; DCI

Multi-chip embedded

"The Image Media Block is a type of Secure Processing Block that contains a Security Manager, Image, Audio and Subtitle Media Decryptors, Image decoder, Image and Audio Forensic Marking (FM) and optional Link Encoder. It is used for playback of encrypted movie content in commercial cinemas."
1873 iStorage Limited
Research House
Fraser Road
Greenford, Middlesex UB6 7AQ
England

-John Michael
TEL: +44 20 8537-3435
FAX: +44 20 8537-3438

CST Lab: NVLAP 100432-0

datAshur Secure USB Flash Drive
(Hardware Versions: IS-FL-DA-256-4 [1], IS-FL-DA-256-8 [2], IS-FL-DA-256-16 [3] and IS-FL-DA-256-32 [4]; Firmware Versions: V01.12A13-F05 and V01.12A14-F05 20120817 [1], V01.12A13-F04 and V01.12A14-F05 20120817 [2], V01.12A15 Code Package-111130 and V01.12A14-F05 20120817 [3] and V01.12A14-F05 20120817 [4] with Security Controller Firmware Revision iStorage v6 [1] [2] [3] and iStorage v12 [1] [2] [3] [4])

(Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/08/2013;
01/24/2013;
03/28/2013;
08/29/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177)

-Other algorithms: NDRNG

Multi-chip standalone

"The iStorage datAshur is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology licensed from ClevX, LLC. datAshur uses full-disk hardware based AES 256 Bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG). datAshur supports a single encrypted private partition available to the user when unlocked."
1872 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 4150F
(Hardware Version: NSA-4150-FWEX-FRR and FIPS Kit: SAC-4150F-FIPS-KT; Firmware Version: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/08/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement;non-compliant)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1871 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 2150F
(Hardware Version: NSA-2150-FWEX-F and FIPS Kit: SAC-2150F-FIPS-KT; Firmware Version: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/08/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement; non-compliant)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1870 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100F
(Hardware Version: NSA-1100-FWEX-F and FIPS Kit: SAC-1100F-FIPS-KT; Firmware Version: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/08/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement; non-compliant)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1868 Bomgar Corporation
578 Highland Colony Parkway
Paragon Centre, Suite 300
Ridgeland, MS 39157
USA

-Main Office
TEL: 601-519-0123
FAX: 601-510-9080

-Stella Kwon
TEL: 703-736-8363
FAX: 601-510-9080

CST Lab: NVLAP 200002-0

B200™, B300™ and B400™ Remote Support Appliances
(Hardware Versions: B200 [1], B300r1 [2] and B400r1 [3]; Tamper Evident Label Kit: TEL135325 [1,2,3]; Front Bezels: (FB000300 [2] and FB000400 [3]); Software Versions: 12.1.6FIPS [1,2,3] and 13.1.3FIPS [1,2]; Firmware Versions: 3.3.2FIPS [1,2,3], 3.4.0FIPS [1,2] and 3.4.1FIPS [1,2])

(When operated in FIPS mode and with the tamper evident labels and front bezels applied as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/15/2013;
04/08/2014;
10/31/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #2219, #2543 and #3033); Triple-DES (Certs. #1389, #1538 and #1774); RSA (Certs. #1136, #1297 and #1575); SHS (Certs. #1910, #2143 and #2531); HMAC (Certs. #1350, #1564 and #1915); RNG (Certs. #1113, #1208 and #1311

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5

Multi-chip standalone

"Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1864 Cambium Networks, Ltd.
Unit B2, Linhay Business Park
Ashburton, Devon TQ13 7UP
United Kingdom

-Mark Thomas
TEL: +44 1364 655586
FAX: +44 1364 655500

CST Lab: NVLAP 100432-0

Cambium Networks PTP 800 Compact Modem Unit (CMU)
(Hardware Versions: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800-05-02)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/04/2013;
02/22/2013
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG

Multi-chip standalone

"Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Cambium Networks Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution."
1862 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Seagate Secure® TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module
(Hardware Version: 1BU282; Firmware Version: 0003)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/07/2013;
01/25/2013
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1811 and #1343); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure« Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in the Seagate Pulsar.2 SED model disk drive. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1860 CMS Products
12 Mauchly
Unit E
Irvine, CA 92618
USA

-Les Kristof
TEL: 714-424-5521
FAX: 949-754-9060

CST Lab: NVLAP 100432-0

CE Secure
(Hardware Versions: P/Ns CE-HDDFIPS-500, CE-HDDFIPS-320 and CE-HDDFIPS-250; Firmware Version: 0001SDM7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/25/2013 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225)

-Other algorithms: NDRNG

Multi-chip embedded

"The CE Secure CE-HDDFIPS is a Self Encrypting Drive used in CMS Products' line of external secure storage devices. All data on the secure storage device is protected with state of the art hardware encryption."
1855 Nexus Wireless
Artists Court
15 Manette Street
London, W1D 4AP
United Kingdom

-Paul Richards
TEL: +44-207-734-0200
FAX: +44-207-734-0210

CST Lab: NVLAP 200416-0

Nexus FIPS 140-2 Crypto Module
(Hardware Version: 1.01; Firmware Versions: ES0408_RL01_R1_02_001 version 1.02.001 and ES0408_RL02_R1_02_000 version 1.02.000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/18/2013 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #914); DSA (Cert. #337); SHS (Certs. #901 and #928); HMAC (Cert. #533); RNG (Cert. #524)

-Other algorithms: DES; AES MAC (AES Cert. #914, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Nexus FIPS140-2 Crypto Module is a single-board security module designed to conform to FIPS140-2 standards and primarily intended for use in P25 radio equipment. The module supports both KFD and KMF management implementations, including a dedicated 3-wire KFD interface. It includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSKEK keys in non-volatile memory within the FIPS module, with protection from unauthorized disclosure or modification. The FIPS Module executes encryption and decryption of P25 Phase 1 voice and data tra"
1840 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba 3000 [1] and 6000/M3 Revision B2 [2] Controllers with ArubaOS FIPS Firmware
(Hardware Versions: [3200-F1 Revision B2, 3400-F1 Revision B2, 3600-F1 Revision B2, 3200-USF1 Revision B2, 3400-USF1 Revision B2, 3600-USF1 Revision B2] [1] and [(6000-400-F1 or 6000-400-USF1) with (M3mk1-S-F1 Revision B2, LC-2G-1, LC-2G24F-1, LC-2G24FP-1, HW-FT, HW-PSU-200 or HW-PSU-400] [2] with FIPS kit 4010061-01; Firmware Version: ArubaOS_MMC_6.1.2.3-FIPS or ArubaOS_MMC_6.1.4.1-FIPS or ArubaOS_MMC_6.1.4.5-FIPS or ArubaOS_MMC_6.1.4.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400")

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/11/2013;
03/08/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #465, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #416, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #768, #1627, #1629 and #1631); Triple-DES (Certs. #482, #1198 and #1201)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services"
1833 Motorola Solutions, Inc.
One Motorola Plaza
Holtsville, NY 11742
USA

-Bert Scaramozzino
TEL: 631-738-3215
FAX: 631-738-4164

CST Lab: NVLAP 200968-0

Fusion 802.1x Authentication Supplicant
(Software Version: H_3.40.0.0.19)

(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/07/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Motorola ES400 with Windows Mobile 6.5 OS OEM Version 2.31.0002; Motorola MC65 with Windows Mobile 6.5 OS OEM Version 2.31.0002 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1200); AES (Cert. #1853); SHS (Cert. 1630); HMAC (Cert. #1100); RSA (Cert. #936); DSA (Cert. #578); RNG (Cert. #971)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4; RC2; MD5; CCKM; IDEA; SMS4

Multi-chip standalone

"Motorola Fusion 802.1x Authentication Supplicant is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government"
1825 TIBCO LogLogic®, Inc.
110 Rose Orchard Way
Suite 200
San Jose, CA 95134
USA

-Thor Taylor
TEL: 408-215-5941

-Phuong Hoang
TEL: (408) 731-7022

CST Lab: NVLAP 200928-0

LogLogic Communications Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/25/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Oracle Enterprise Linux 5.6 running on LX 820, LX 1020, ST 1020, LX 4020, ST 1020, ST 2020-SAN, ST 4020 and MX 3020 appliances (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1926); SHS (Cert. #1691); HMAC (Cert. #1160); RNG (Cert. #1013)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The LogLogic Communications Cryptographic Module establishes a secure, encrypted tunnel between LogLogic products for the secure transmission of log data."


Need Assistance?