CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 9/22/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
2257 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845-454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

ProxySG S500-10 [1] and S500-20 [2]
(Hardware Versions: 080-03549 [1], 080-03551 [1], 090-02998 [1], 080-03552 [1], 090-02999 [1], 080-03553 [2], 080-03555 [2], 090-03000 [2], 080-03556 [2], 090-03001 [2] with FIPS Security Kit (Part Number: 085-02870); Firmware Version: 6.5.2.9 build 144008)

(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/22/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2931); Triple-DES (Cert. #1744); DRBG (Cert. #541); HMAC (Certs. #1700 and #1857); SHS (Certs. #2291 and #2467); RSA (Cert. #1536); CVL (Certs. #181 and #332)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2256 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845 454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

ProxySG S400-20 [1], S400-30 [2] and S400-40 [3]
(Hardware Versions: 080-03568 [1], 080-03570 [1], 090-03075 [1], 080-03571 [1], 090-03076 [1], 080-03572 [2], 080-03574 [2], 090-03079 [2], 080-03575 [2], 090-03080 [2], 080-03576 [3], 080-03578 [3], 090-03083 [3], 080-03579 [3], 090-03084 [3] with FIPS Security Kit (Part Number: 085-02891); Firmware Version: 6.5.2.9 build 144008)

(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/22/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2931); Triple-DES (Cert. #1744); DRBG (Cert. #541); HMAC (Certs. #1700 and #1857); SHS (Certs. #2291 and #2467); RSA (Cert. #1536); CVL (Certs. #181 and #332)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG; NDRNG

Multi-chip standalone

"Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2255 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845 454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

Secure Web Gateway Virtual Appliance-V100
(Software Version: 6.5.2.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 09/22/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with SGOS v6.5.2.50 on Vmware ESXi 5.1 running on a Dell PowerEdge R720 with AES-NI; SGOS v6.5.2.50 on Vmware ESXi 5.1 running on a Dell PowerEdge R720 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2737); Triple-DES (Cert. #1648); DRBG (Cert. #458); HMAC (Certs. #1715 and #1716); SHS (Certs. #2306 and #2307); RSA (Cert. #1427); CVL (Certs. #182 and #328)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG; NDRNG; ANSI X9.31 PRNG (non-compliant); CAST-128; DES; RC2; RC4; Camellia; MD2; HMAC-MD5; RIPE-MD-160

Multi-chip standalone

"Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2254 Oracle Corporation
500 Eldorado Blvd., Bldg 5
Broomfield, CO 80021
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0

Oracle StorageTek T10000D Tape Drive
(Hardware Version: P/N 7042136; Firmware Version: 4.07.107)

(When operated in FIPS mode. The protocol SSH shall not be used when operated in the FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/22/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2760, #2761, #2762, #2763 and #2764); DRBG (Cert. #467); HMAC (Certs. #1729 and #1730); SHS (Certs. #2324 and #2325); RSA (Cert. #1445); CVL (Cert. #230)

-Other algorithms: AES (Cert. #2763, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SSH KDF (non-compliant); AES (non-compliant); SHS (non-compliant); HMAC (non-compliant); RSA (non-compliant); DRBG (non-compliant)

Multi-chip standalone

"The Oracle StorageTek T10000D Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000D Tape Drive delivers the world's fastest write speeds up to 8.5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution."
2253 Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200928-0

Nexus 7000 Series Switches
(Hardware Versions: Chassis: N7K-C7004, N7K-C7009, N7K-C7010 and N7K-C7018; Supervisor Cards: N7K-SUP1, N7K-SUP2 and N7K-SUP2E; Fabric Cards: N7K-C7009-FAB-2, N7K-C7010-FAB-1, N7K-C7010-FAB-2, N7K-C7018-FAB-1 and N7K-C7018-FAB-2; Line Cards: N7K-M148GS-11L, N7K-M148GT-11L, N7K-M108X2-12L, N7K-M132XP-12, N7K-F132XP-15, N7K-M202CF-22L, N7K-M206FQ-23L, N7K-M224XP-23L, N7K-F248XP-25E and N7K-F248XT-25E; Firmware Version: 6.2.2a)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/22/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1197, #1275, #1276, #1426, #1427, #2710 and #2736); Triple-DES (Cert. #1627); DSA (Cert #827); RSA (Cert. #1406); SHS (Cert. #2275); RNG (Cert. #1258); HMAC (Cert. #1689); CVL (Cert. #287)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); DES; RC4; MD5; HMAC-MD5; Non-Approved RNG; NDRNG

Multi-chip standalone

"The Cisco Nexus 7000 is a highly scalable in the Data Center end-to-end 10 Gigabit Ethernet switch for mission-critical data center operations. The fabric architecture scales beyond 15 terabits per second (Tbps), with support for 40-Gbps and 100-Gbps Ethernet. Powered by Cisco NX-OS, a state of the art modular operating system, the platform is designed for exceptional scalability, continuous system operation, serviceability, and transport flexibility."
2252 Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200928-0

Nexus 7700 Series Switches
(Hardware Versions: Chassis: N7K-C7710 and N7K-C7718; Supervisor Card: N77-SUP2E; Fabric Cards: N77-C7710-FAB-2 and N77-C7718-FAB-2; Line Card: N77-F248XP-23E; Firmware Version: 6.2.2a)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/22/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1197, #1275, #1276, #1426, #1427, #2710 and #2736); Triple-DES (Cert. #1627); DSA (Cert #827); RSA (Cert. #1406); SHS (Cert. #2275); RNG (Cert. #1258); HMAC (Cert. #1689); CVL (Cert. #287)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); DES; RC4; MD5; HMAC-MD5; Non-Approved RNG; NDRNG

Multi-chip standalone

"The Cisco Nexus 7700 Switches are the latest extension to the Cisco Nexus 7700 Series modular switches. With more than 83 terabits per second (Tbps) of overall switching capacity, the Cisco Nexus 7700 Switches delivers the highest-capacity 10, 40, and 100 Gigabit Ethernet ports in the industry, with up to 768 native 10-Gbps ports, 384 40-Gbps ports, or 192 100-Gbps ports. This high system capacity is designed to meet the scalability requirements of the largest cloud environments."
2251 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 4000 PIKE2
(Hardware Version: P/N 51009397004; Firmware Version: R02.03.07)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/22/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); DRBG (Cert. #159)

-Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP; NDRNG

Single-chip

"The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
2250 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 4000 PIKE2
(Hardware Version: P/N 51009397004; Firmware Version: R02.03.07)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/22/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); DRBG (Cert. #159)

-Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP; NDRNG

Single-chip

"The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
2249 Comtech Mobile Datacom Corporation
20430 Century Boulevard
Germantown, MD 20874
USA

-Lajuana Johnson
TEL: 240-686-3300

CST Lab: NVLAP 200427-0

Comtech Mobile Datacom Corporation Cryptographic Library (libcmscrypto)
(Software Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/22/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.3 on qemu-kvm-0.12.1.2-2 on Red Hat Enterprise Linux 6 running on a Dell R900 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2355); HMAC (Cert. #1461); SHS (Cert. #2029); Triple-DES (Cert. #1473)

-Other algorithms: DES

Multi-chip standalone

"libcmscrypto is a library implemented in the Comtech Mobile Datacom Corp. products and provides the basic cryptographic functionality that includes Advanced Encryption Standard (AES) algorithm, SHA1 message digest, HMAC SHA-1 Keyed-Hash message authentication code, and Triple-DES."
2248 Accellion, Inc.
1804 Embarcadero Road,
Suite 200
Palo Alto, CA 94303
USA

-Prateek Jain
TEL: 65-6244-5670
FAX: 65-6244-5678

CST Lab: NVLAP 100432-0

Accellion Cryptographic Module
(Software Version: FTALIB_3_0_1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/19/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5 running on a HP ProLiant DL 380 G7 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2317, #2318, and #2844); CVL (Cert. #268); HMAC (Certs. #1436 and #1783); RSA (Cert. #1485); SHS (Certs. #2004 and #2385); Triple-DES (Cert. #1700)

-Other algorithms: AES (Cert. #2844, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1700, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5

Multi-chip standalone

"Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use."
2247 NXP Semiconductors
Stresemannallee 101
Hamburg, D-22529
Germany

-Hans-Gerd Albertsen
TEL: +49-40-5613-2548
FAX: +49-40-5613-62548

-Markus Moesenbacher
TEL: +43-3124-299-652
FAX: +43-3124-299-270

CST Lab: NVLAP 100432-0

NXP JCOP 2.4.2 R3
(Hardware Versions: P/Ns P5CC081 V1A, P5CD081 V1A, P5CD081 V1D, P5CC145 V0B and P5CD145 V0B; Firmware Version: JCOP 2.4.2 R3 Mask ID 64 and patchID 1 with Demonstration Applet v1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/15/2014 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Certs. #2561, #2564, #2596 and #2597); CVL (Cert. #26); ECDSA (Cert. #317); RNG (Cert. #1229); RSA (Certs. #1090 and #1091); SHS (Cert. #1553); Triple-DES (Certs. #1552 and #1553); Triple-DES MAC (Triple-DES Cert. #1552, vendor affirmed)

-Other algorithms: NDRNG; AES (Certs. #2561 and #2596, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1552, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"Single Chip Module with NXP Secure Smart Card Controller of P5CD081 Family. P5CD081 Family comprises: P5CD145 V0A, P5CC145 V0A, P5CN145 V0A, P5CD128 V0A, P5CC128 V0A, P5CD081 V1A, P5CC081 V1A, P5CN081 V1A, P5CD051 V1A, P5CD041 V1A, P5CD021 V1A, P5CD016 V1A, P5CD145 V0B, P5CC145 V0B, and P5CD081 V1D."
2246 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco ASA Service Module (SM)
(Hardware Version: WS-SVC-ASA-SM1-K9; Firmware Version: 9.1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/12/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2050, #2444 and #2482); DRBG (Certs. #332 and #341); ECDSA (Cert. #411); HMAC (Certs. #1247 and #1524); RSA (Certs. #1066 and #1271); SHS (Certs. #1794 and #2100); Triple-DES (Certs. #1321 and #1520)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA Service Module (SM) Adaptive Security Appliance provides comprehensive security, performance, and reliability for network environments of all sizes."
2245 EFJohnson Technologies
1440 Corporate Drive
Irving, TX 75038
USA

-Marshall Schiring
TEL: 402-479-8375
FAX: 402-479-8472

-Josh Johnson
TEL: 402-479-8459
FAX: 402-479-8472

CST Lab: NVLAP 100432-0

Subscriber Encryption Module
(Hardware Version: R023-5000-980; Firmware Version: 5.28)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/10/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2640); DRBG (Cert. #411); HMAC (Cert. #1632); RSA (Cert. #1351); SHS (Cert. #2213)

-Other algorithms: AES (Cert. #2640, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. 2640, vendor affirmed; P25 AES OTAR); DES; NDRNG

Multi-chip embedded

"The EFJohnson Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the EFJohnson Technology VP600 series radio with secure encrypted voice communication. The SEM supports AES, RSA, HMAC, DRBG and SHA-256 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security."
2244 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 5921 Embedded Services Router (ESR)
(Software Version: 15.2(4)GC)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/10/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with CentOS Linux 6.4 running on an Intel Desktop Board D2500CC (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2785); CVL (Cert. #237); DRBG (Cert. #472); ECDSA (Cert. #486); HMAC (Cert. #1744); RSA (Cert. #1457); SHS (Cert. #2340); Triple-DES (Cert. #1673)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Cisco ESR 5921 Embedded Services Router is a software product that runs IOS 15.2(4)GC in an x86-based Linux host environment. The binary is a Router application which allows Linux software connections with virtual and physical Linux interfaces on the host hardware. The Cisco 5921 Embedded Services Router provides a secure, manageable device which meets FIPS 140-2 Level 1 requirements."
2243 WideBand Corporation
401 W. Grand St.
Gallatin, MO 64640
USA

-GoldKey Sales & Customer Service
TEL: 816-220-3000
FAX: 419-301-3208

-Jon Thomas
TEL: 567-270-3830
FAX: 419-301-3208

CST Lab: NVLAP 200658-0

GoldKey Security Token Cryptographic Module
(Hardware Version: IC USB-CONTROLLER-2LF; Firmware Version: 7.13)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/10/2014 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2347); SHS (Cert. #2024); DRBG (Cert. #297); Triple-DES (Cert. #1470); RSA (Cert. #1210); ECDSA (Cert. #384); CVL (Certs. #54, #234 and #235)

-Other algorithms: N/A

Single-chip

"Provides cryptographic algorithm implementation for GoldKey Products"
2242 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

X-ES XPedite5205 with Cisco IOS
(Hardware Versions: X-ES XPedite5205 air-cooled card and X-ES XPedite5205 conduction-cooled card; Firmware Version: 15.2(4)GC)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/10/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2784); CVL (Cert. #236); DRBG (Cert. #471); ECDSA (Cert. #485); HMAC (Certs. #537 and #1743); RSA (Cert. #1456); SHS (Certs. #933 and #2339); Triple-DES (Certs. #757 and #1672)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The X-ES XPedite5205 is a high-performance, ruggedized router. With onboard hardware encryption, the XPedite5205 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The XPedite5205 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The XPedite5205 Router Card uses industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology."
2241 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 5915 and 5940 Embedded Services Routers
(Hardware Versions: Cisco 5915 ESR air-cooled card, Cisco 5915 ESR conduction-cooled card, Cisco 5940 ESR air-cooled card and Cisco 5940 ESR conduction-cooled card; Firmware Version: 15.2(4)GC)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/10/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2784); CVL (Cert. #236); DRBG (Cert. #471); ECDSA (Cert. #485); HMAC (Certs. #537 and #1743); RSA (Cert. #1456); SHS (Certs. #933 and #2339); Triple-DES (Certs. #757 and #1672)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Cisco 5915, 5940 are high-performance, ruggedized routers. With onboard hardware encryption, the Cisco 5915, 5940 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The Cisco 5915, 5940 Embedded Services Routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The Cisco 5915, 5940 Router Cards use industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology."
2240 Palo Alto Networks
4301 Great America Parkway
Santa Clara, CA 95054
USA

-Jake Bajic
TEL: 408-753-3901
FAX: 408-753-4001

-Richard Bishop
TEL: 408-753-4061
FAX: 408-753-4001

CST Lab: NVLAP 100432-0

PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series and PA-5000 Series Firewalls
(Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6] and PA-5060 P/N 910-000008-00F Rev. F [6]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5] and 920-000037-00A Rev. A [6]; Firmware Version: 5.0.11)

(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/08/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2728); CVL (Cert. #227); HMAC (Cert. #1707); RNG (Cert. #1263); RSA (Cert. #1420); SHS (Cert. #2298)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES

Multi-chip standalone

"The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, and PA-5000 Series next-generation firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. This unique ability empowers customers to safely enable applications, make informed decisions on network access, and strengthen network security."
2238 McAfee, Inc.
2821 Mission College Boulevard
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Virtual Appliance for VMware
(Software Version: 8.3.2 with patch number 8.3.2E14)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/08/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with McAfee SecureOS v8.3 on VMware ESXi 5.0 running on a McAfee S7032 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1963, #2712 and #2714); Triple-DES (Certs. #1275, #1629 and #1631); RSA (Certs. #1408 and #1410); DSA (Certs. #829 and #831); ECDSA (Certs. #473 and #475); SHS (Certs. #1722, #2277 and #2279); HMAC (Certs. #1184, #1691 and #1693); RNG (Cert. #1032); DRBG (Certs. #449 and #451); CVL (Certs. #170 and #172)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2237 McAfee, Inc.
2821 Mission College Boulevard
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032
(Hardware Versions: (FEW-S1104, FEW-S2008, FEW-S3008, FEW-S4016, FEW-S5032 and FEW-S6032) with FRU-686-0089-00; Firmware Version: 8.3.2 with patch number 8.3.2E14)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/08/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1833, #2711 and #2713); Triple-DES (Certs. #1185, #1628 and #1630); RSA (Certs. #1407 and #1409); DSA (Certs. #828 and #830); ECDSA (Certs. #472 and #474); SHS (Certs. #1612, #2276 and #2278); HMAC (Certs. #1086, #1690 and #1692); RNG (Cert. #964); DRBG (Certs. #448 and #450); CVL (Certs. #168 and #171)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2236 McAfee, Inc.
2821 Mission College Boulevard
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100F, 2150F and 4150F
(Hardware Versions: (NSA-1100-FWEX-F, NSA-2150-FWEX-F and NSA-4150-FWEX-F) with FRU-686-0089-00; Firmware Version: 8.3.2 with patch number 8.3.2E14)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/08/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1833, #2711 and #2713); Triple-DES (Certs. #1185, #1628 and #1630); RSA (Certs. #1407 and #1409); DSA (Certs. #828 and #830); ECDSA (Certs. #472 and #474); SHS (Certs. #1612, #2276 and #2278); HMAC (Certs. #1086, #1690 and #1692); RNG (Cert. #964); DRBG (Certs. #448 and #450); CVL (Certs. #168 and #171)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2234 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2706

CST Lab: NVLAP 200416-0

McAfee Email Gateway L2
(Hardware Versions: EMG-5500-C and EMG-5000-C; Firmware Version: 7.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/05/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2013, #2106 and #2281); Triple-DES (Certs. #1299, #1341 and #1429); DSA (Certs. #639, #656 and #711); RSA (Certs. #1042, #1080 and #1172); SHS (Certs. #1763, #1829 and #1963); RNG (Certs. #1055, #1081 and #1134); HMAC (Certs. #1218 and #1280)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES-CBC3-MD5; DES-CBC-MD5; DES-CBC-SHA; EDH-DSS-DES-CBC-SHA; EDH-RSA-DES-CBC-SHA; EXP-DES-CBC-SHA; EXP-EDH-DSS-DES-CBC-SHA; EXP-EDH-RSA-DES-CBC-SHA; EXP-RC2-CBC-MD5; EXP-RC4-MD5; IDEA-CBC-MD5; IDEA-CBC-SHA; RC2-CBC-MD5; RC4-MD5; RC4-SHA; BLOWFISH; CAMELLIA128; CAMELLIA192; CAMELLIA256; CAST5; MD5; RIPEMD160; TWOFISH; DES; MD2; HMAC MD5; DES40; RC2; RC4; RC5; ECAES; RSA PKCS#1 V.2.0 (SHA256 - OAEP; non-compliant)

Multi-chip standalone

"McAfee Email Gateway integrates comprehensive inbound threat protection with outbound data loss prevention, advanced compliance, performance reporting, and simplified administration. By combining local network information with global reputation intelligence from McAfee Global Threat Intelligence, it provides the most complete protection available against inbound threats, spam and malware. Its sophisticated content scanning technologies, multiple encryption techniques, and granular, policy-based message handling prevent outbound data loss and simplify compliance."
2233 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2706

CST Lab: NVLAP 200416-0

McAfee Email Gateway L1
(Hardware Versions: EMG-5500-B, EMG-5000-B, EMG-4500-B, EMG-4000-B, EWS-3400-B, EWS-3300-B, EWS-3200-B, EWS-3100-B and HP Proliant BL460c Gen6 Blade Server (Model: 595729-L21); Firmware Version: 7.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/05/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2013, #2106 and #2281); Triple-DES (Certs. #1299, #1341 and #1429); DSA (Certs. #639, #656 and #711); RSA (Certs. #1042, #1080 and #1172); SHS (Certs. #1763, #1829 and #1963); RNG (Certs. #1055, #1081 and #1134); HMAC (Certs. #1218 and #1280)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES-CBC3-MD5; DES-CBC-MD5; DES-CBC-SHA; EDH-DSS-DES-CBC-SHA; EDH-RSA-DES-CBC-SHA; EXP-DES-CBC-SHA; EXP-EDH-DSS-DES-CBC-SHA; EXP-EDH-RSA-DES-CBC-SHA; EXP-RC2-CBC-MD5; EXP-RC4-MD5; IDEA-CBC-MD5; IDEA-CBC-SHA; RC2-CBC-MD5; RC4-MD5; RC4-SHA; BLOWFISH; CAMELLIA128; CAMELLIA192; CAMELLIA256; CAST5; MD5; RIPEMD160; TWOFISH; DES; MD2; HMAC MD5; DES40; RC2; RC4; RC5; ECAES; RSA PKCS#1 V.2.0 (SHA256 - OAEP; non-compliant)

Multi-chip standalone

"McAfee Email Gateway integrates comprehensive inbound threat protection with outbound data loss prevention, advanced compliance, performance reporting, and simplified administration. By combining local network information with global reputation intelligence from McAfee Global Threat Intelligence, it provides the most complete protection available against inbound threats, spam and malware. Its sophisticated content scanning technologies, multiple encryption techniques, and granular, policy-based message handling prevent outbound data loss and simplify compliance."
2232 Hitachi, Ltd.
322-2 Nakazato, Odawara-shi
Kanagawa-ken, 250-0872
Japan

-Hajime Sato
TEL: +81-465-59-5954
FAX: +81-465-49-4822

CST Lab: NVLAP 200835-0

Hitachi Unified Storage Encryption Module
(Hardware Version: DW-F700-BS6GE; Firmware Version: 02.09.22.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/05/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2787); HMAC (Cert. #1748); SHS (Cert. #2344)

-Other algorithms: AES (Cert. #2787, key wrapping; key establishment methodology provides 256 bits of encryption strength); SHS (non-compliant); HMAC (non-compliant)

Multi-chip embedded

"The Hitachi Unified Storage Encryption Module provides high speed data at rest encryption for Hitachi storage."
2231 Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0

CN6000 Series Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B [O] (AC), A6041B [O] (DC) and A6042B [O] (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B [O] (AC), A6101B [O] (DC) and A6102B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B [Y] (AC), A6041B [Y] (DC) and A6042B [Y] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B [Y] (AC), A6101B [Y] (DC) and A6102B [Y] (AC/DC); Firmware Version: 2.4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/28/2014 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2789, #2790, #2791 and #2793); Triple-DES (Cert. #1677); RSA (Cert. #1460); SHS (Cert. #2345); HMAC (Cert. #1749); DRBG (Cert. #475); CVL (Cert. #242)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN6000 Series is a high-speed hardware encryption platform that secures data over optical and twisted-pair Ethernet and Fibre Channel networks. Models validated are the CN6100 10G Ethernet operating at a line rate of 10Gb/s and the CN6040, Ethernet and FC selectable model operating at data rates up to 4Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is available on the CN6040 for applications that also demand authentication. Additionally TRANSEC transmission security capability can be used to remove patterns from network traffic to prevent traffic analysis."
2230 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba RAP-155 and RAP-155P Wireless Access Points
(Hardware Version: RAP-155-F1, RAP-155-USF1, RAP-155P-F1 and RAP-155P-USF1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/28/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2229 Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

-Hasbi Kabacaoglu
TEL: +49-3303-525-616
FAX: +49-3303-525-609

CST Lab: NVLAP 200983-0

Postal mRevenector GB 2013
(Hardware Version: Hardware P/N: 580036020300/01 and 580036020300/02; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Softwareloader: 90.0036.0206.00/2011485001; GB Application:90.0036.0215.00/2013463001)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/28/2014;
09/19/2014
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG; Triple-DES (Cert. #1122, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"Francotyp-Postalia (FP) is one of the leading global suppliers of mail center solutions. A major component of the business of FP is the development, manufacture and support of postal franking machines (postage meters). These postal franking machines incorporate a postal security device (PSD) that performs all postage meter cryptographic and postal security functions and which protects both Critical Security Parameters (CSPs) and Postal Relevant Data Items (PRDIs) from unauthorized access. The Postal mRevenector GB 2013 is FP’s latest generation of PSD"
2228 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba RAP-5WN Remote Access Point
(Hardware Version: RAP-5WN-F1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/28/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #861, #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #478, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #856, #2246, #2249 and #2250); Triple-DES (Certs. #708, #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs

Multi-chip standalone

"Aruba's RAP-5WN access point aggregates wired and wireless user traffic and forwards it to an Aruba Mobility Controller through a secure IPsec tunnel, using the public Internet or an optional 3G/4G WWAN service for backhaul. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 standard along with optional Suite B cryptography for high-assurance applications. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
2227 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba AP-92, AP-93, AP-104, AP-105 and AP-175 Wireless Access Points
(Hardware Versions: AP-92-F1, AP-93-F1, AP-104-F1, AP-105-F1, AP-175P-F1, AP-175AC-F1 and AP-175DC-F1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/26/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
2226 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba AP-134 and AP-135 Wireless Access Points
(Hardware Versions: AP-134-F1 and AP-135-F1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/26/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
2225 Axway Inc.
2600 Bridge Parkway
Suite 201
Redwood City, CA 94065
USA

-Tom Donahoe
TEL: 480 627 1800
FAX: 480 627 1801

-Hristo Todorov
TEL: 480 627 2644
FAX: 480 627 1801

CST Lab: NVLAP 100432-0

Axway Security Kernel
(Software Version: 3.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/14/2014;
09/12/2014
Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2012 64-bit running on Dell PowerEdge R620 Server; RHEL 6.3 64-bit running on Dell PowerEdge R620 Server; Solaris 10 64-bit running on Sun Blade T6300 Server (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2446); Triple-DES (Cert. #1511); SHS (Cert. #2080); HMAC (Cert. #1510); DSA (Cert. #760); ECDSA (Cert. #402); RNG (Cert. #1196); RSA (Cert. #1257); CVL (Cert. #76)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; Blowfish; Camellia; Cast; DES; des_old; DTLS1; ec; krb5_asn; KSSL; MD4; MD5; MDC2; RC2; RC4; RIPEMD; Seed; Whirlpool

Multi-chip standalone

"The Axway Security Kernel is a software module that provides all security functionalities for several Axway products including the Axway Validation Authority Suite which is a collection of products that provide flexible and robust OCSP/SCVP certificate validation solution for standard and custom desktop and server applications. The suite supports established security standards and technologies and can be used together or integrated with existing solutions."
2224 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS FIPS Firmware
(Hardware Versions: Aruba 3200-F1, Aruba 3200-USF1, Aruba 3400-F1, Aruba 3400-USF1, Aruba 3600-F1, Aruba 3600-USF1 and [(Aruba 6000-400-F1 or Aruba 6000-400-USF1) with M3mk1-S-F1, HW-PSU-200 or HW-PSU-400, LC-2G-1, LC-2G24F-1 or LC-2G24FP-1] with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400")

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/12/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #762, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #417, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #769, #2246, #2249 and #2250); Triple-DES (Certs. #667, #1605 and #1607)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNGs; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2223 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2706

CST Lab: NVLAP 100432-0

McAfee Core Cryptographic Module (kernel)
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/12/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit running on a Dell E5510 without AES-NI; Windows 7 64-bit running on a Dell E5510 without AES-NI; Windows 7 64-bit running on a Lenovo Yoga with AES-NI; Windows 8 64-bit running on a Lenovo Yoga with AES-NI; Windows 8 32-bit running on a Dell Latitude 10 without AES-NI; MacOS X Lion v10.7 running on a MacBook without AES-NI; MacOS X Mountain Lion v10.8 running on a MacPro without AES-NI; MacOS X Mountain Lion v10.8 running on a MacBook Air with AES-NI; MacOS X Lion v10.7 running on a Mac Mini with AES-NI; MacOS X Mountain Lion v10.8 running on a MacBook Pro with AES-NI; Windows Vista 32-bit running on a Dell E6320 with AES-NI; Windows Vista 64-bit running on a Dell E6410 with AES-NI; Windows 7 32-bit running on a Dell E6320 with AES-NI; Windows 8 32-bit running on a Lenovo W530 with AES-NI; Windows 8 64-bit running on a Lenovo W530 with AES-NI; Windows 8 64-bit running on an Intel UBHB2SISQ with AES-NI; Windows 8 32-bit running on a Lenovo Thinkpad 2 without AES-NI; Windows 8 running in 64-bit UEFI mode running on an Intel UBHB2SISQ with AES-NI; Windows 8 running in 32-bit UEFI mode running on a Lenovo Thinkpad 2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2592 and #2755); HMAC (Cert. #1605); SHS (Cert. #2287)

-Other algorithms: N/A

Multi-chip standalone

"The McAfee Core Cryptographic Module provides cryptographic functionality for McAfee's Endpoint Encryption product range."
2222 Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0

CN1000/CN3000 Series Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN1000 Series: A5165B [O] (AC), A5141B [O] (AC) and A5175B [O] (AC); CN3000 Series: A5203B [O] (AC), A5204B [O] (DC), A5213B [O] (AC) and A5214B [O] (DC); Senetas Corp. Ltd. & SafeNet Inc. CN1000 Series: A5165B [Y] (AC), A5141B [Y] (AC) and A5175B [Y] (AC); CN3000 Series: A5203B [Y] (AC), A5204B [Y] (DC), A5213B [Y] (AC) and A5214B [Y] (DC); Firmware Version: 4.4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/12/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1682); AES (Certs. #2577, #2579, #2581, #2798, #2815 and #2816); RSA (Cert. #1464); SHS (Cert. #2350); HMAC (Cert. #1754); DRBG (Cert. #477); CVL (Cert. #247)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN1000/CN3000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet, Fibre Channel or SONET/SDH networks. The CN1000 Series supports line rates up to 4.25Gbps while the CN3000 extends the CN Series line rate capability to 10Gbps. SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such."
2221 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba 620 and 650 Mobility Controllers with ArubaOS FIPS Firmware
(Hardware Versions: Aruba 620-F1, Aruba 620-USF1, Aruba 650-F1 and Aruba 650-USF1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/07/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #779, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #426, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #781, #2246, #2249 and #2250); Triple-DES (Certs. #673, #1605 and #1607)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNGs; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2220 Guidance Software, Inc.
215 North Marengo Avenue, Suite 250
Pasadena, CA 91101
USA

-Emily Woodman
TEL: 626-768-4615
FAX: 626-229-9199

CST Lab: NVLAP 200556-0

Guidance Software EnCase Cryptographic Engine
(Software Version: 1.0)

(When operated with module Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/28/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 running on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2682 and #2683), HMAC (Certs. #1669 and #1670), RSA (Certs. #1382 and #1383), SHS (Certs. #2253 and #2254)

-Other algorithms: N/A

Multi-chip standalone

"The module is the Guidance Software EnCase Cryptographic Engine, version 1.0, which is a software shared library that provides cryptographic services required by Guidance Software host applications."
2219 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-Rose Quijano-Nguyen

CST Lab: NVLAP 200556-0

Symantec Cryptographic Module
(Software Version: 1.1)

(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/07/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.4 (64-bit) on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2646); DRBG (Cert. #413); DSA (Cert. #797); HMAC (Cert. #1637); RSA (Cert. #1355); SHS (Cert. #2219); Triple-DES (Cert. #1587)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Symantec Cryptographic Module is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCrypt is implemented in the C programming language and consists of a shared library that is linked with SSIM application components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
2218 Tripwire, Inc.
101 SW Main St.
Suite 1500
Portland, OR 97204
USA

TEL: 503-276-7500
FAX: 503-223-0182

CST Lab: NVLAP 200802-0

Tripwire Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 08/07/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Java SE Runtime Environment (build 1.6.0_33-b05) [JavaHotSpot 64-bit Server VM (build 20.8-b03 mixed mode)] on Windows 2008 Server R2 with SP1 (64-bit) running on a Dell Optiplex 960; Java SE Runtime Environment (build 1.6.0_33-b05) [JavaHotSpot 64-bit Server VM (build 20.8-b03 mixed mode)] on Windows 2008 Server R2 with SP1 (64-bit) running on a Dell Optiplex 9010 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2719); RSA (Cert. #1414); RNG (Cert. #1260); HMAC (Cert. #1698); SHS (Cert. #2284); DSA (Cert. #835); CVL (Cert. #176)

-Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Tripwire Cryptographic Module supports many FIPS approved cryptographic operations, providing other Tripwire products and Java-based applications access to these algorithms via the standard Java Cryptographic Extension (JCE) framework."
2217 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Hardware Version: SPARC T4 P/N 527-1437-01; Software Version: 4.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 09/08/2014 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Solaris 10 running on SPARC T4-2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RNG (Cert. #1057); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2216 Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

-Noelle Carroll
TEL: 408-826-3246

CST Lab: NVLAP 100432-0

Motorola Network Router (MNR) S6000
(Hardware Version: Base Unit P/N CLN1780L Rev E with Encryption Module P/N CLN8261D Rev N; Firmware Version: GS-16.6.0.69 or PS-16.6.0.69)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/31/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #173 and #2395); DRBG (Cert. #399); HMAC (Certs. #39 and #1486); RSA (Cert. #1239); SHS (Certs. #258 and #2057); Triple-DES (Certs. #275 and #1493); CVL (Certs. #99, #122 and #315)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); RNG (non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2215 Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

-Noelle Carroll
TEL: 408-826-3246

CST Lab: NVLAP 100432-0

Motorola GGM 8000 Gateway
(Hardware Version: Base Unit P/N CLN1841E Rev A with FIPS Kit P/N CLN8787A Rev B and Power Supply [P/N CLN1850A Rev G (AC) or P/N CLN1849A Rev H (DC)]; Firmware Version: XS-16.6.0.69, GS-16.6.0.69 or KS-16.6.0.69)

(When operated in FIPS mode with tamper labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/31/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962 and #2395); DRBG (Cert. #399); HMAC (Certs. #1486 and #1487); RSA (Cert. #1239); SHS (Certs. #933 and #2057); Triple-DES (Certs. #757 and #1493); CVL (Certs. #99, #122 and #315)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); RNG (non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2214 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0

Samsung Kernel Cryptographic Module
(Software Version: SKC 1.4.1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 07/31/2014;
08/29/2014
Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Android KitKat 4.4.2 running on Samsung Galaxy S5; Tizen 2.2.1 running on Samsung Z (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2809, #2810, #2938 and #2939); SHS (Certs. #2357, #2358, #2474 and #2475); RNG (Certs. #1275, #1276, #1297 and #1298); Triple-DES (Certs. #1687 and #1746); HMAC (Certs. #1760, #1761, #1862 and #1863)

-Other algorithms: DES; Twofish; MD4; MD5; ansi_cprng; ARC4; Pcompress; AES-XCBC (non-compliant); CRC32c; Deflate; LZO

Multi-chip standalone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
2213 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81 50 3140 9888
FAX: +81 50 3809 1421

-Shigeki Yamamoto
TEL: +81 50 3140 9131
FAX: +81 50 3809 1421

CST Lab: NVLAP 100432-0

Aspen
(Hardware Version: 2.0.0; Firmware Versions: 1.2.1 and 1.2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/23/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1539, #2695 and #2699); SHS (Certs. #1364, #1365, #2263 and #2264); HMAC (Certs. #902 and #1678); RSA (Certs. #1394 and #1395); RNG (Certs. #828, #829, #830 and #1279); CVL (Cert. #160)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5

Multi-chip embedded

"Aspen is a hardware security module that provides decryption, decoding/encoding of audio/video data for the digital cinema projector system."
2212 United States Special Operations Command (USSOCOM)
7701 Tampa Point Boulevard
MacDill Air Force Base, FL 33621-5323
USA

-William W. Burnham
TEL: (813) 826-2282

CST Lab: NVLAP 200416-0

Suite B Cryptographic Module
(Software Version: 2.3.1)

(When operated in FIPS mode with module Microsoft Windows Server 2008 R2 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1335 operating in FIPS mode or BlackBerry Cryptographic Kernel validated to FIPS 140-2 under Cert. #1669 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/23/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Intel Xeon E5530 w/Microsoft Windows Server 2008; Qualcomm Snapdragon S2 MSM8655 w/BlackBerry OS Version 7.0.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2603); SHS (Cert. #2187); HMAC (Cert. #1610); ECDSA (Cert. #448); CVL (Certs. #98 and #259)

-Other algorithms: N/A

Multi-chip standalone

"KEYW, in coordination with the United States Special Operations Command (USSOCOM), has developed a Suite B-compliant, standards based, AES/GCM-256 layer of encrypted communications between a BlackBerry Enterprise Server (BES) and a BlackBerry Mobile Set (MS) with Elliptic Curve (EC) key exchange used to negotiate symmetric keys."
2211

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/11/2014 Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

2210 3e Technologies International, Inc.
9715 Key West Ave,
Suite 500
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6779

CST Lab: NVLAP 200002-0

3e-636M CyberFence Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/11/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1327 and #1329); AES (Certs. #2060, #2078 and #2105); SHS (Certs. #1801 and #1807); RSA (Certs. #1072 and #1278); HMAC (Certs. #1253 and #1259); ECDSA (Certs. #303 and #415); RNG (Cert. #1076); CVL (Certs. #22, #87 and #169)

-Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1327, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #169, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #87, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength)

Multi-chip embedded

"3e-636M CyberFence module is a high speed information assurance device that combines together a number of different capabilities to create a tailored cyber defense. Acting as an IPsec client or gateway, the module authenticates the IPsec peer using IKEv2 negotiation. It provides further data integrity and confidentiality using the ESP mode of the IPsec. AES with 128/192/256 bits key is used for network data encryption while SHS, CCM or GCM is used for data integrity. The module also implements access control, 802.1X port authentication and deep data packet inspection functions."
2209 Western Digital Corporation
3355 Michelson, Suite 100
Irvine, CA 92612
USA

-Danny Ybarra
TEL: 949-672-9929

CST Lab: NVLAP 100432-0

Verdi Self Encrypting Drive (SED)
(Hardware Version: WD4001FYUG-01UVZ; Firmware Version: VR08)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/11/2014 Overall Level: 2 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1669 and #1678); HMAC (Cert. #1062); RNG (Cert. #951); RSA (Cert. #901); SHS (Cert. #1580)

-Other algorithms: NDRNG

Multi-chip embedded

"A WDC Verdi product is a storage device that supports the Trusted Computing Group security protocol as defined by the TCG Enterprise SSC ( a set of security features that manage self encrypting drive functionality)."
2208 Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0

CN Series Ethernet Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN4010 Series: A4010B [O] (DC); Senetas Corp. Ltd. CN6010 Series: A6010B [O] (AC), A6011B [O] (DC) and A6012B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN4010 Series: A4010B [Y] (DC); Senetas Corp. Ltd. & SafeNet Inc. CN6010 Series: A6010B [Y] (AC), A6011B [Y] (DC) and A6012B [Y] (AC/DC); Firmware Version: 2.4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/11/2014 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #1678); AES (Certs. #2788, #2792 and #2794); RSA (Cert. #1461); SHS (Cert. #2346); HMAC (Cert. #1750); DRBG (Cert. #476); CVL (Cert. #243)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN4010 and CN6010 are high-speed hardware encryption modules that secure data over twisted-pair Ethernet and optical networks. The modules support data rates to 1Gb/s and 100Mb/s and 10Mb/s modes. The CN6010 is additionally equipped with pluggable SFPs to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES CFB and CTR algorithms as well as GCM for applications that demand authentication. Additional transmission security is provided via TRANSEC capability which can be used to remove patterns in network traffic and prevent traffic analysis."
2207 Gemalto
Avenue du Jujubier
Z.I Athelia IV
La Ciotat, 13705
France

-Florence DEFRANCE
TEL: +33 (0) 442366734
FAX: +33 (0) 442365792

-Anthony VELLA
TEL: +33 (0) 442366138
FAX: +33 (0) 442365236

CST Lab: NVLAP 100432-0

MultiApp V3 Platform
(Hardware Versions: M7820 SLE78CLX1600P (Contact-only) and M7820 SLE78CLX1600P (Contactless-only); Firmware Version: MultiApp V3.0, Demonstration Applet V1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/09/2014 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #2261); CVL (Cert. #41); ECDSA (Cert. #363); RNG (Cert. #1128); RSA (Certs. #1287 and #1288); SHS (Cert. #1946); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant); Triple-DES (Cert. #1413, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #2261, key wrapping; key establishment methodology provides 128 bits of encryption strength)

Single-chip

"MultiApp V3.0 is a highly secured smartcard platform from Gemalto complying with Javacard 2.2.2 and GP 2.1.1 standards and operated on the SLE78 chip from Infineon. This field-proven OS has the largest number of references in national ID programs. Its cryptographic library implements TDES, AES, SHA, RSA, RSA CRT, ECDSA, ECC CDH and RNG ANSX9.31 algorithms. This modular and flexible platform serves various needs, enabling ePassport, secure data storage, identification, authentication and digital signature with biometry control."
2206 Aviat Networks, Inc.
5200 Great America Parkway
Santa Clara, CA 95054
USA

-Ruth French
TEL: +44 7771 978599
FAX: +44 1698 717204

-Martin Howard
TEL: +64 4 577 8735
FAX: +64 4 577 8822

CST Lab: NVLAP 100432-0

Aviat Networks Eclipse Cryptographic Module
(Hardware Versions: INUe 2RU Chassis (P/N EXE-002), Fan Card (P/N EXF-101), Node Controller Card (P/N EXN-004), FIPS Installation Kit (P/N 179-530153-001), Replacement Labels (P/N 007-600331-001), at least one of: [RAC 6X (P/N EXR-600-001), RAC 6XE (P/N EXR-600-002), RAC 60 (P/N EXR-660-001), or RAC 60E (P/N EXR-660-002)] and all remaining slots filled by one of the following: P/N 131-501768-001, EXA-001, EXD-040-001, EXD-152-001, EXD-153-001, EXD-156-001, EXD-160-001, EXD-161-001, EXD-171-001, EXD-180-002, EXD-180-005, EXD-180-102, EXD-181-001, EXD-181-002, EXD-252-001, EXD-331-001, EXD-400-002, EXP-024, EXR-910-001, EXR-999-003, EXS-001, EXS-002 or EXX-001; Firmware Versions: 07.07.10, 08.00.55 and 08.00.70)

(When operated in FIPS mode. Installation of components shall be configured per Section 2.2.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/09/2014;
07/24/2014;
08/29/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: HMAC (Cert. #1503); SHS (Cert. #2075); RSA (Cert. #1250); DRBG (Cert. #323); AES (Certs #2260 and #2418); Triple-DES (Cert. #1506); CVL (Cert. #73)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DES

Multi-chip standalone

"This cryptographic module performs encryption of data carried over a microwave radio link."
2205 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

-Sunil Chitnis
TEL: 408-333-2444
FAX: 408-333-4887

CST Lab: NVLAP 200427-0

Brocade® MLXe® and Brocade NetIron® CER 2000 Series Ethernet Routers
(Hardware Versions: BR-MLXE-4-MR-M-AC, BR-MLXE-4-MR-M-DC, BR-MLXE-8-MR-M-AC, BR-MLXE-8-MR-M-DC, BR-MLXE-16-MR-M-AC, BR-MLXE-16-MR-M-DC, BR-MLXE-4-MR2-M-AC, BR-MLXE-4-MR2-M-DC, BR-MLXE-8-MR2-M-AC, BR-MLXE-8-MR2-M-DC, BR-MLXE-16-MR2-M-AC, BR-MLXE-16-MR2-M-DC, NI-CER-2048F-ADVPREM-AC, NI-CER-2048F-ADVPREM-DC, NI-CER-2048FX-ADVPREM-AC, NI-CER-2048FX-ADVPREM-DC, NI-CER-2024F-ADVPREM-AC, NI-CER-2024F-ADVPREM-DC, NI-CER-2024C-ADVPREM-AC, NI-CER-2024C-ADVPREM-DC, NI-CER-2048C-ADVPREM-AC, NI-CER-2048C-ADVPREM-DC, NI-CER-2048CX-ADVPREM-AC and NI-CER-2048CX-ADVPREM-DC with FIPS Kit (P/N Brocade XBR-000195) and NI-MLX-MR and BR-MLX-MR2-M Management Modules; Firmware Version: IronWare Release R05.3.00ea or IronWare Release R05.4.00cb)

(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8 and 12 as defined in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/09/2014 Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2359); DRBG (Cert. #301); DSA (Cert. #737); HMAC (Cert. #1462); RSA (Cert. #1217); SHS (Cert. #2031); Triple-DES (Cert. #1475)

-Other algorithms: DES; Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-SHA-1-96; MD2; MD5; NDRNG; RC2; RC4; RSA (non-compliant); SNMPv3 KDF; SSH KDF; TLS KDF

Multi-chip standalone

"The Brocade MLXe series of core routers support IPv4, IPv6, MPLS and advanced Layer 2 switching. Ideally suited for service provider backbones, Metro Ethernet networks, ISPs, CDNs, IXPs, data centers, and distributed enterprises. The NetIron CER 2000 series 1 Gigabit Ethernet (GbE) routers support copper and hybrid fiber configurations with two optional 10 GbE uplink ports. All the ports support forwarding IP and MPLS packets at wire speed without oversubscription. The routers support standard IPv4, IPv6 routing protocols, RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-IS for IPv6, and BGP/BGP-MP for IPv6."
2204 Feitian Technologies Co., Ltd.
Floor 17th, Tower B, Huizhi Mansion
No.9 Xueqing Road
Haidan District Beijing, 100085
People's Republic of China

-Tibi Zhang
TEL: 86-010-62304466 x821
FAX: 86-010-62304416

-Xiaozhi Zheng
TEL: 86-010-62304466 x531
FAX: 86-010-62304416

CST Lab: NVLAP 200427-0

ePass Token
(Hardware Version: 1.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/07/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The ePass Token, is a USB token containing FEITIAN's own FEITIAN-FIPS-COS cryptographic operating system. The FEITIAN-FIPS-COS is embedded in an ST23YT66 Integrated Circuit (IC) chip and has been developed to support FEITIAN's ePass USB token. The ePass token is designed to provide strong authentication and identification and to support network login, secure online transactions, digital signatures, and sensitive data protection. FEITIAN's ePass token guarantees safety of its cryptographic IC chip and other components with its hard, semi-transparent, polycarbonate shell."
2203 Pitney Bowes, Inc.
37 Executive Drive
Danbury, CT 06810
USA

-Dave Riley
TEL: 203-796-3208
FAX: 203-617-6060

-Thomas J. Niglio
TEL: 203-922-5239
FAX: 203-617-6060

CST Lab: NVLAP 200983-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: MAXQ1959B-F50#; Firmware Version: 09.02.00; Indicia Type: 0, 1, 2, 5, 7 and 8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/09/2014 Overall Level: 3 

-Physical Security: Level 3 +EFP
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: SHS (Cert. #2286); RNG (Cert. #1261); Triple-DES (Cert. #1636); DSA (Cert. #836); HMAC (Cert. #1699)

-Other algorithms: Triple-DES MAC (Non-Compliant)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Royal Mail Mailmark and other international postal authorities' specification. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
2202 Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Ciotat, 13705
France

-Arnaud Lotigier
TEL: +33 4.42.36.60.74
FAX: +33 4.42.36.55.45

CST Lab: NVLAP 100432-0

IDPrime MD 830 with OATH & MPCOS applets
(Hardware Version: SLE78CFX3009P; Firmware Version: IDCore 30 Build 1.17, IDPrime MD Applet version V4.1.2.F with MSPNP Applet V1.0, OATH Applet V2.11 and MPCOS Applet V3.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/07/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: RNG (Cert. #1128); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed); AES (Cert. #2261); RSA (Certs. #1158 and #1163); ECDSA (Cert. #363); CVL (Cert. #41); SHS (Cert. #1946)

-Other algorithms: AES (Cert. #2261, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1413, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (Key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (Key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"IDPrime MD 830 is a Minidriver enabled PKI smartcard, offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure. In addition, OATH applet offers One Time Password based strong authentication while MPCOS offers e-purse and data management services."
2201 IBM® Corporation
9032 South Rita Road
Tucson, AZ 85744
USA

-Christine Knibloe
TEL: 520-799-5719

-Said Ahmad
TEL: 520-799-5538

CST Lab: NVLAP 200427-0

IBM System Storage TS1140 Tape Drive - Machine Type 3592, Model E07
(Hardware Version: EC Level: M11776, P/N: 00V6759; Firmware Version: EC Level: M11776, P/N: 35P2401)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/07/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2384, #2385 and #2387); DRBG (Cert. #314); RSA (Cert. #1234); SHS (Cert. #2051)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG

Multi-chip embedded

"The TS1140 / 3592 E07 Tape Drive provides full line speed, fully validated, hardware implemented, AES 256-bit encryption and compression of customer data recorded to tape. It ensures data confidentiality in the event of a lost tape while also supporting additional cryptographic functions for authentication and secure transfer of key material."
2200 JVC KENWOOD Corporation
1-16-2, Hakusan, Midori-ku
Yokohama-shi, Kanagawa 226-8525
Japan

-Tamaki Shimamura
TEL: +81 45 939 6254
FAX: +81 45 939 7093

-Joe Watts
TEL: (678) 474-4700
FAX: (678) 474-4730

CST Lab: NVLAP 100432-0

Secure Cryptographic Module (SCM)
(Hardware Version: P/N KWD-AE30, Version 2.0.0; Firmware Version: A3.0.1 and A3.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2014;
09/12/2014
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2696); SHS (Cert. #2285)

-Other algorithms: DES; DES MAC; LFSR; AES MAC (AES Cert. #2696, vendor affirmed; P25 AES OTAR); AES (non-compliant)

Multi-chip embedded

"The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption."
2199 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba AP-224 and AP-225 Wireless Access Points
(Hardware Versions: AP-224-F1 and AP-225-F1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1648, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #538, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #934, #2246, #2249 and #2250); Triple-DES (Certs. #758, #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs

Multi-chip standalone

"Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2198 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-127

CST Lab: NVLAP 200427-0

Seagate Secure® TCG Enterprise SSC 1200 SSD Self-Encrypting Drive FIPS 140 Module
(Hardware Version: ST800FM0063; Firmware Version: 0002)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2014 Overall Level: 2 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1343 and #2663); DRBG (Cert. #62); HMAC (Cert. #1597); RSA (Cert. #1021); SHS (Cert. #1225)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140 Module is embodied in Seagate 1200 SSD SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
2197 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845 454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

ProxySG SG9000-20 [1], SG9000-20B [2], SG9000-30 [3] and SG9000-40 [4]
(Hardware Versions: 090-02840 [1], 090-02839 [1], 090-02984 [2], 090-02985 [2], 090-02841 [3], 090-02842 [3], 090-02845 [4] and 090-02846 [4] with FIPS kit 085-02718; Firmware Version: 6.5.1.103)

(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/27/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1265 and #2560); Triple-DES (Certs. #898 and #1549); RSA (Certs. #607, #742 and #1312); SHS (Cert. #2159); HMAC (Certs. #736 and #1580); DRBG (Cert. #386)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2196 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845 454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

ProxySG SG600-10 [1], SG600-20 [2] and SG600-35 [3]
(Hardware Versions: 090-02911 [1], 090-02912 [1], 090-02913 [2], 090-02914 [2], 090-02915 [3] and 090-02916 [3] with FIPS kit 085-02762; Firmware Version: 6.5.1.103)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/27/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #105 and #2560); Triple-DES (Cert. #217 and #1549); RSA (Cert. #1312); SHS (Cert. #2159); HMAC (Cert. #1580); DRBG (Cert. #386)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2195 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845 454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

ProxySG SG900-10B [1], SG900-20 [2], SG900-30 [3], SG900-45 [4] and SG900-55 [5]
(Hardware Versions: 090-02988 [1], 090-02989 [1], 090-02902 [2], 090-02903 [2], 090-02904 [3], 090-02905 [3], 09002908 [4], 090-02909 [4], 090-02979 [5] and 090-02980 [5] with FIPS kit 085-02742; Firmware Version: 6.5.1.103)

(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/27/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1265 and #2560); Triple-DES (Certs. #898 and #1549); RSA (Certs. #607, #742 and #1312); SHS (Cert. #2159); HMAC (Certs. #736 and #1580); DRBG (Cert. #386)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2194 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845-454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

Blue Coat® Systems SSL Visibility Appliance
(Hardware Versions: Model: SV2800; 090-03063 and 080-03562 with FIPS Label Kit: FIPS-LABELS-SV; Firmware Version: 3.5.2 build 961)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2014 Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2642); Triple-DES (Cert. #1585); RSA (Certs. #1238 and #1352); SHS (Cert. #2215); HMAC (Cert. #1634); RNG (Cert. #1246); PBKDF (vendor affirmed); CVL (Cert. #123)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); TRNG; NDRNG; MD5; RC4; HMAC-MD5; Camelia; DES

Multi-chip standalone

"The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic."
2193 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 250M and NSA 250MW
(Hardware Versions: P/N 101-500343-58, Rev. A (NSA 250M) and P/N 101-500326-61, Rev. A (NSA 250MW); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA Series: The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2192 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E10000 Series
(Hardware Versions: P/N 101-500340-50, Rev. A (E10100), P/N 101-500336-50, Rev. A (E10200), P/N 101-500337-50, Rev. A (E10400) and P/N 101-500280-50, Rev. A (E10800); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2191 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E8500 and NSA E8510
(Hardware Versions: P/N 101-500308-57, Rev. A (NSA E8500) and P/N 101-500344-57, Rev. A (NSA E8510); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2190 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

TZ 105, TZ 105W, TZ 205, TZ 205W, TZ 210, TZ 210W, TZ 215 and TZ 215W
(Hardware Versions: P/Ns 101-500356-56, Rev. A (TZ 105); 101-500357-57, Rev. A (TZ 105W); 101-500358-59, Rev. A (TZ 205); 101-500359-59, Rev. A (TZ 205W); 101-500244-50, Rev. A (TZ 210); 101-500214-65, Rev. A (TZ 210W); 101-500354-56, Rev. A (TZ 215); 101-500355-57, Rev. A (TZ 215W); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"SonicWALL's TZ Series is a high performance security platform that combines anti-virus, anti-spyware, intrusion prevention, content filtering, 3G connectivity and redundancy with 802.11 b/g/n wireless for an ultimate SMB security package. These solutions allow remote and branch offices to easily implement network protection from a wide spectrum of emerging threats."
2189 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 4500 and NSA E5500
(Hardware Versions: P/Ns 101-500249-63, Rev. B (NSA 4500) and 101-500228-65, Rev. A (NSA E5500); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA Series: The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2188 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 3500
(Hardware Version: P/N 101-500248-63, Rev. B; Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA Series: The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2187 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 220, NSA 220W and NSA 240
(Hardware Versions: P/Ns 101-500347-62 Rev. A (NSA 220), 101-500342-50 Rev. B (NSA 220W) and 101-500193-62 Rev. A (NSA 240); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2186 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 2400 and NSA 2400MX
(Hardware Versions: P/N 101-500171-75, Rev. A (NSA 2400) and P/N 101-500270-50, Rev. A (NSA 2400MX); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2185 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E6500
(Hardware Version: P/N 101-500227-64, Rev. A; Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Managment (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2184 Sonus Networks, Inc.
4 Technology Park Drive
Westford, MA 01886
USA

-Sandeep Kaushik

CST Lab: NVLAP 200556-0

SBC 5110 and 5210 Session Border Controllers
(Hardware Versions: SBC 5110 and SBC 5210; Firmware Version: 4.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2643 and #2644); CVL (Certs. #124 and #125); DRBG (Cert. #412); HMAC (Certs. #1635 and #1636); RSA (Certs. #1353 and #1354); SHS (Certs. #2216, #2217 and #2218); Triple-DES (Cert. #1586)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5

Multi-chip standalone

"The SBC 5110 and 5210 Session Border Controllers are high-performance air-cooled, 2U, IP encryption appliances that provide secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP signaling and media traffic), media transcoding, flexible SIP session routing & policy management."
2183 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Laurence Hamid
TEL: 819-595-3069

CST Lab: NVLAP 100432-0

IronKey Workspace W700
(Hardware Versions: P/Ns WGHC0B032G0001FIPS, WGHC0B064G0001FIPS, WGHC0B128G0001FIPS and WGHB0B008G0010; Firmware Version: 3.0.3)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1412 and #2559); SHS (Certs. #1282 and #2158); HMAC (Certs. #1577 and #1579); RSA (Certs. #688 and #1311); Triple-DES (Cert. #965); RNG (Cert. #774); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"IronKey Workspace W700 is a Secure USB 3.0 drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities and a tamper-resistant metal housing to help you control user access to desktops, sensitive data and critical applications. IronKey Workspace W700 allows enterprise class device management features like policy updates, password recovery and remote kill features."
2182 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba RAP-3WN, RAP-3WNP, RAP-108, RAP-109, AP-114 and AP-115 Wireless Access Points
(Hardware Versions: RAP-3WN-F1, RAP-3WN-USF1, RAP-3WNP-F1, RAP-3WNP-USF1, RAP-108-F1, RAP-108-USF1, RAP-109-F1, RAP-109-USF1, AP-114-F1 and AP-115-F1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/20/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs

Multi-chip standalone

"Aruba's 802.11n wired and wireless access points offer the highest performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2181 VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

-Eric Betts
TEL: 650-427-1902

CST Lab: NVLAP 200928-0

VMware Java JCE (Java Cryptographic Extension) Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/20/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a vShield Manager OS with Sun JRE 6.0 on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1623); AES (Cert. #2704); SHS (Cert. #2271); HMAC (Cert. #1685); DRBG (Cert. #446); DSA (Cert. #825); RSA (Cert. #1402)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less then 112 bits of encryption strength); AES (Cert. #2704, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1623, key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant); RC2; RC4; TWOFISH; IES; ECIES; DES; MD2; MD5; RIPEMD; TIGER; ISO9797 Alg3 MAC

Multi-chip standalone

"The VMware Java JCE (Java Cryptographic Extension) module is a versatile software library that implements FIPS-140-2 approved cryptographic services for VMware products and platforms."
2180 VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

-Eric Betts
TEL: 1.650.427.1902

CST Lab: NVLAP 200928-0

VMware Kernel Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode with VMware NSS Cryptographic Module validated to FIPS 140-2 under Cert. #2155 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/20/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server with AES-NI; VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1635); AES (Cert. #2718); SHS (Cert. #2283); HMAC (Cert. #1697); RNG (Cert. #1259)

-Other algorithms: DES; Triple-DES (non-compliant); AES-GCM (non-compliant); AES-CCM (non-compliant); AES-XTS (192 bit key; non-compliant); SHA-[384 and 512] (non-compliant); HMAC-SHA-[384 and 512] (non-compliant); RNG (X9.31 with stdrng; non-compliant)

Multi-chip standalone

"The VMware Kernel Cryptographic Module is a flexible software library providing FIPS-140-2 approved cryptographic operations for VMware products and platforms."
2179 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiOS 4.0 MR3
(Firmware Version: FortiOS v4.0, build3830, 131223)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 06/20/2014;
07/24/2014
Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: FortiGate 3950B with FortiOS v4.0, build3767, 130920

-FIPS Approved algorithms: AES (Certs. #2607 and #2608); Triple-DES (Certs. #1572 and #1573); HMAC (Certs. #1615 and #1616); SHS (Certs. #2191 and #2192); RSA (Cert. #1334); RNG (Cert. #1234)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
2178 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Stanley Mesceda
TEL: 443-327-1582
FAX: 410-931-7524

CST Lab: NVLAP 200928-0

Model 650 SafeNet Encryptor
(Hardware Versions: 904-000028-001, 904-000029-001, 904-000036-001, 904-53260-007, 904-53260-207, 943-53270-007, 943-53270-207, 904-53261-007, 904-53361-201, 943-53271-007 and 943-53371-201; Firmware Version: 4.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/18/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2616, 2617 and 2619); Triple-DES (Cert. #1574); RSA (Cert. #1337); SHS (Cert. #2196); DRBG (Cert. #400); HMAC (Cert. #1620); CVL (Cert. #101)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less then 112 bits of encryption); Diffie-Hellman (non-compliant); NDRNG

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
2177 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Stanley Mesceda
TEL: 443-327-1582
FAX: 410-931-7524

CST Lab: NVLAP 200928-0

Model 600 SafeNet Encryptor
(Hardware Versions: 904-000019-001, 904-000021-001, 904-000020-001, 904-000022-001, 904-000024-001, 904-000023-001, 904-000025-001, 904-000027-001, 904-000026-001, 943-000031-001, 943-000032-001, 943-000033-001, 943-000035-001, 943-000034-001, 904-30013-001, 904-30013-007, 904-30013-207, 904-10014-001, 904-10014-007, 904-10014-207, 904-25005-001, 904-25005-007, 904-25005-207, 904-51100-001, 904-51100-007, 904-51100-207, 904-51120-001, 904-51120-007, 904-51120-207, 904-51140-001, 904-51140-007, 904-51140-207, 943-51130-001, 943-51130-007, 943-51130-207, 943-51150-001, 943-51150-007, 943-51150-207, 904-51101-001, 904-51101-007, 904-51101-207, 904-51121-001, 904-51121-007, 904-51121-207, 904-51141-001, 904-51141-007, 904-51141-207, 943-51131-001, 943-51131-007, 943-51131-207, 943-51151-001, 943-51151-007 and 943-51151-207; Firmware Version: 4.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/18/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2615, 2618 and 2619); Triple-DES (Cert. #1574); RSA (Cert. #1337); SHS (Cert. #2196); DRBG (Cert. #400); HMAC (Cert. #1620); CVL (Cert. #101)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant); NDRNG

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks or 200MB and 1GB Ethernet networks."
2176 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco ASA 5505, ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances
(Hardware Versions: 5505 [1, 2], 5510 [1], 5520 [1], 5540 [1], 5550 [1], 5580-20 [3], 5580-40 [3], 5512-X [1], 5515-X [1], 5525-X [1], 5545-X [1], 5555-X[1], 5585-X SSP-10 [4], 5585-X SSP-20 [4], 5585-X SSP-40 [4], 5585-X SSP-60 [4] with [FIPS Kit (DS-FIPS-KIT= Rev -BO)] [1], [ASA 5505 FIPS Kit (ASA5505-FIPS-KIT Rev-A0)] [2], [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT)] [3], or [ASA 5585 FIPS Kit (ASA5585-X-FIPS-KIT)] [4]; Firmware Version: 9.1.5)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/18/2014;
08/29/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #105, #1407, #2049, #2050, #2444, #2472, #2480, #2482 and #2483); DRBG (Certs. #332, #336, #339 and #341); ECDSA (Certs. #411 and #412); HMAC (Certs. #125, #301, #1246, #1247, #1514, #1524 and #1525); RNG (Certs. #1201 and #1210); RSA (Certs. #106, #261, #1066, #1260, #1269, #1271 and #1272); SHS (Certs. #196, #630, #1793, #1794, #2091, #2100 and #2101); Triple-DES (Certs. #217, #559, #960, #1321, #1513, #1520 and #1521)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
2175

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/17/2014 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

2174 Hewlett-Packard Development Company, L.P.
11445 Compaq Center Dr. W
Houston, TX 77070
USA

-Julie Ritter
TEL: 281-514-4087

-Tim McDonough
TEL: 281-518-7531

CST Lab: NVLAP 200928-0

HP BladeSystem Onboard Administrator Firmware
(Firmware Version: 3.71)

(When installed, initialized and configured as indicated in the Security Policy in Section 3 and operated in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 06/17/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Tested: BladeSystem c7000 DDR2 Onboard Administrator with KVM option enclosure; BladeSystem c3000 Tray with Embedded DDR2 Onboard Administrator enclosure; BladeSystem c3000 Dual DDR2 Onboard Administrator enclosure

-FIPS Approved algorithms: AES (Cert. #2289); Triple-DES (Cert. #1439); RSA (Cert. #1178); SHS (Certs. #1972 and #1973); HMAC (Cert. #1406); RNG (Cert. #1140)

-Other algorithms: NDRNG; DSA; RC4; HMAC-SHA1-96; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The module provides administrative control of HP BladeSystem c-Class enclosures. The cryptographic functions of the module provide security for administrative access via HTTPS and SSH, and to administrative commands for the BladeSystem enclosure."
2173 Hewlett-Packard Development Company, L.P.
11445 Compaq Center Dr. W
Houston, TX 77070
USA

-Julie Ritter
TEL: 281-514-4087

-Luis Luciani
TEL: 281-518-6762

CST Lab: NVLAP 200928-0

iLO 3 Cryptographic Module
(Hardware Versions:GLP: 531510-003 [1] and GXE: 438893-503 [2]; Flash Memory: (41050DL00-233-G [1,2]); NVRAM: (420102C00-244-G [1,2]); DDR3 SDRAM: (42020BJ00-216-G [1]); DDR2 SDRAM: (459715-002 [2]); Firmware Version: 1.50)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/17/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2294, #2295, #2296, #2297 and #2298); Triple-DES (Certs. #1443, #1444 and #1445); DSA (Cert. #720); RSA (Certs. #1182 and #1183); SHS (Certs. #1977, #1978 and #1979); HMAC (Cert. #1410)

-Other algorithms: RC2; RC4; HMAC-MD5; DES; MD5; RSA (non-compliant); DSA (non-compliant); RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112-bits of encryption strength); TLSv1.0 KDF; TLSv1.1 KDF

Multi-chip embedded

"HP Integrated Lights-Out (iLO) management built into BladeSystem blade servers and storage blades is an autonomous management subsystem embedded directly on the server. iLO monitors each server’s overall "health", reports issues, and provides a means for setup and managing of power and thermal settings."
2172 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-James Reardon
TEL: 651-628-5346
FAX: 651-628-2701

CST Lab: NVLAP 100432-0

NSM Application Cryptographic Module
(Software Version: 7.1.15.1.11)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/17/2014 Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 running on a GIGABYTE GA-EP45-UD3P

-FIPS Approved algorithms: AES (Cert. #2469); HMAC (Cert. #1513); RNG (Cert. #1198); RSA (Cert. #1259); SHS (Cert. #2083); CVL (Cert. #78)

-Other algorithms: RSA (key wrapping; non-compliant); MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"McAfee Network Security Manager (NSM) is a simple, centralized management software for distributed McAfee Network Security Platform intrusion prevention system (IPS) sensors. The NSM console with its intuitive graphical interface gives administrators complete control and real-time data, so that they can manage, configure, administer, and monitor all IPS appliances across widely distributed, mission-critical deployments. The NSM Application Crypto Module provides cryptographic services for the Network Security Manager application."
2171 HGST, Inc.
5601 Great Oaks Parkway
Building 50-3/C-346
San Jose, CA 95119
USA

-Rajesh Kukreja
TEL: 408-717-6261
FAX: 408-717-9494

-Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0

HGST Ultrastar C15K600 TCG Enterprise HDDs
(Hardware Versions: HUC156060CS4205 [1], HUC156045CS4205 [1], HUC156030CS4205 [1], HUC156060CSS205 [1], HUC156045CSS205 [1], HUC156030CSS205 [1]; Firmware Version: R12E)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/17/2014;
07/17/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; AES (Cert. #2365, key wrapping)

Multi-chip embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C15K600 series are 12Gbs SAS, TCG Enterprise HDDs."
2170 DragonWave Inc.
600-411 Legget Drive
Ottawa, Ontario K2K 3C9
Canada

-Erik McLaughlin
TEL: 613-599-9991

-Greg Friesen
TEL: 613-599-9991

CST Lab: NVLAP 200928-0

DragonWave® Secure Cryptographic Module
(Hardware Versions: Horizon® Quantum (PN: 74-000320) and Horizon® Compact+ (PN: 74-000320) with Tamper Evident Seal (PN: 65-000185-01-01); Firmware Versions: 1.2.5 (Compact+) and 1.3 (Quantum))

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware-Hybrid 06/12/2014 Overall Level: 1 

-Tested: Horizon Quantum (PN 60-000471-03) and Horizon Compact+ (PN CP-HP-18-B1-S-X-010-N-00-R1) with QNX Neutrino Real-Time Operating System Version 6.4.1

-FIPS Approved algorithms: AES (Certs. #2706, #2707, #2708 and #2709); Triple-DES (Certs. #1625 and #1626); RSA (Certs. #1404 and #1405); SHS (Certs. #2273 and #2274); RNG (Certs. #1256 and #1257); HMAC (Certs. #1687 and #1688); CVL (Certs. #164 and #165)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength); DSA (non compliant); MD5; SHA-[224, 384 and 512] (non-compliant); HMAC-SHA-[224, 256, 384 and 512] (non-compliant); RSA (non-compliant); AES (non-compliant); Triple-DES (non-compliant)

Multi-chip standalone

"The DragonWave® Secure Cryptographic Module is a hybrid cryptographic module consisting of firmware and hardware. The hardware portion of the module provides AES for bulk data encryption between two Horizon Compact+ or Horizon Quantum peer devices in a radio link, while the firmware provides cryptographic state management as well as secure peer-to-peer management communications over a protected TLS tunnel."
2169 IBM® Corporation
9032 S Rita Road
Tucson, AZ 85744
USA

-Christine Knibloe
TEL: 520-799-2486

CST Lab: NVLAP 200427-0

IBM LTO Generation 6 Encrypting Tape Drive
(Hardware Versions: 00V7133 EC Level M12977 [1], 00V7137 EC Level M12977 [2], 00V7135 EC Level M12977 [3] and 00V7139 EC Level M12977 [4]; Firmware Versions: LTO6_DA86.fcp_fh_f.fmrz [1], LTO6_DA86.fcp_hh_f.fmrz [2], LTO6_DA86.sas_fh_f.fmrz [3] and LTO6_DA86.sas_hh_f.fmrz [4])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/11/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2692, #2693 and #2694); DRBG (Cert. #440); RSA (Cert. #1392); SHS (Cert. #2261)

-Other algorithms: AES (Cert. #2694, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IBM LTO Generation 6 Encrypting Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Four different host interface types of the LTO Generation 6 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
2168 Tendyron Corporation
Room 1908, Shougang International Building
No. 60 Xizhimen North Street
Haidian District
Beijing, 100082
People's Republic of China

-Mr. Blair Liang
TEL: +86-10-5667566 ext. 1006
FAX: +86-10-56675667

-Mr. Yang Liu
TEL: +86-10-56675666 ext. 3301
FAX: +86-10-56675667

CST Lab: NVLAP 100414-0

OnKey193 USB Token
(Hardware Version: 122.V102; Firmware Version: DBFips-V0.1.12-120313-C000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/11/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #889); RNG (Cert. #509); RSA (Certs. #430 and #1138); SHS (Certs. #879 and #1735); Triple-DES (Cert. #725)

-Other algorithms: AES (Cert. #889, key wrapping); RSA (Cert. #430, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #725, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The OnKey193 USB Token provides RSA, TDES, AES, RNG cryptographic service for government and corporate identification, payment, banking and Web applications."
2167 Neopost Technologies, S.A.
113 Rue Jean Marin Naudin
Bagneux, 92220
France

-Nathalie TORTELLIER
TEL: +33 1 45 36 30 72
FAX: +33 1 45 36 30 10

CST Lab: NVLAP 200983-0

Neopost Postal Security Device (PSD)
(Hardware Version: A0014227-B; Firmware Versions: a22.17.01, a22.17.02, a23.08.01, a23.08.03, a28.02.01, a28.02.04, a28.05)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/11/2014;
08/29/2014
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Certs. #2565 and #2566); ECDSA (Cert. #441); HMAC (Certs. #1583 and #1603); CVL (Cert. #92); RNG (Cert. #1217); RSA (Cert. #1314); SHS (Cert. #2162)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength, non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant)

Multi-chip embedded

"The Neopost Postal Security Device (PSD) is a cryptographic module embedded within postal franking machines. The PSD performs all franking machine’s cryptographic and postal security functions and protects the Critical Security Parameters (CSPs) and Postal Relevant Data from unauthorized access."
2166 Marvell Semiconductor, Inc.
5488 Marvell Lane
Santa Clara, CA 95054
USA

-Minda Zhang
TEL: 508-573-3255
FAX: 508-573-3311

CST Lab: NVLAP 200968-0

Armada Mobile Processor
(Hardware Versions: Armada PXA-2128[1] and Armada PXA-610[2]; Firmware Version: 2128-1.1[1] and 610-1.1[2])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/09/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1982 and #2133); Triple-DES (Certs. #1285 and #1357); SHS (Certs. #1737 and #1857); HMAC (Certs. #1195 and #1303); RSA (Certs. #1028 and #1102); ECDSA (Certs. #287 and #323); DRBG (Certs. #182 and #238)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 256 bits of encryption strength); AES (Certs. #1982 and #2133, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength)

Single-chip

"Marvell’s ARMADA PXA2128 and ARMADA PXA610 are application processors (PXA2128 is multicore) ideally suited for smartphones and tablets that enable a seamless connected lifestyle. Designed in low-power 40-nanometer (nm) process and featuring the Marvell Hybrid Symmetric Multi-Processing (hSMP) technology, they provide new levels of secure internet and multimedia performance, while achieving industry-leading battery life. Featuring Marvell optimized ARMv7 dual high-performance mobile processors with hSMP running at up to 1.2GHz, the ARMADA PXA2128 and PXA610 provide robust 3D graphics, video,"
2165 Ultra Electronics 3eTI
Suite 500
9715 Key West Ave
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6779

CST Lab: NVLAP 200002-0

3e-543 AirGuard iField Wireless Sensor Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/09/2014 Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1611 and #2251); SHS (Cert. #1939); HMAC (Cert. #1379); ECDSA (Cert. #359)

-Other algorithms: N/A

Multi-chip embedded

"3eTI 543 Wireless Sensor Cryptographic Module provides network authentication and data encryption for IEEE 15.4 radio. This module enables the secured transportation of sensor data using AES_CCM over ISA 100.11a or WirelessHard wireless links."
2164 CoCo Communications
800 5th Avenue Suite 3700
Seattle, WA 98104
USA

-David Weidenkopf
TEL: 206-812-5783
FAX: 206-770-6461

-A. Riley Eller
TEL: 206-812-5726
FAX: 206-770-6461

CST Lab: NVLAP 200658-0

CoCo OpenSSL Cryptographic Module 2.1
(Software Version: 2.1)

(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/05/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6 32-bit running on oMG 2000; Vyatta 6.4 32-bit running on Dell PowerEdge R210 with AES-NI; Vyatta 6.4 32-bit running on Dell PowerEdge R210 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2366, #2367 and #2381); Triple-DES (Certs. #1479 and #1480); DSA (Certs. #739 and #740); RSA (Certs. #1222 and #1223); ECDSA (Certs. 389 and #390); CVL (Certs. #62 and #63); SHS (Certs. #2039 and #2040); HMAC (Certs. #1470 and #1471); RNG (Certs. #1176, #1177 and #1182); DRBG (Certs. #304, #305 and #313);

-Other algorithms: Diffie-Hellman; DRBG (DUAL-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CoCo OpenSSL Cryptographic Module 2.1 is an OpenSSL cryptographic library that provides cryptographic services to its calling applications."
2163 MikroM GmbH
Dovestrasse 3
Berlin, Berlin 10587
Germany

-Holger Krahn
TEL: +49 30 398839 0
FAX: +49 30 398839 29

-Michael Hagemeister
TEL: +49 30 398839 0
FAX: +49 30 398839 29

CST Lab: NVLAP 100432-0

MVC201
(Hardware Versions: MVC201-IS1 rev.1.1, MVC201-IF1 rev.1.1, MVC201-MS1 rev.1.1, MVC201-MF1 rev.1.1, MVC201-RS1 rev.1.1 and MVC201-RS2 rev.1.1; Firmware Versions: 1.10.65.18189, 1.10.68.18200 and 1.20.98.19460; Bootloader Versions: 1.3.5.17849, 1.3.7.18217 and 1.3.7.17798)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/05/2014;
07/24/2014
Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: RSA (Cert. #1034); AES (Certs. #1994, #1995, #1996, #1997 and #2898); RNG (Cert. #1047); HMAC (Certs. #1206, #1207 and #1833); SHS (Certs. #1748, #1749 and #1750)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TLS KDF; HW NDRNG; EC Diffie-Hellman; MD5; TI S-Box

Multi-chip embedded

"MVC201 - Digital Cinema Image Media Block for integration into a TI Series 2 DLP Cinema projector"
2162 Encryptics
5566 West Main Street
Suite 207
Frisco, TX 75033
USA

-Chris McCarthy
TEL: 214-453-3518

-Brian Kelly
TEL: 214-453-3518

CST Lab: NVLAP 200002-0

Encryptics® Cryptographic Library
(Software Version: 1.0.3.0)

(When operated with module Windows Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Certs. #989, #1002, #1330, and #1337 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 05/28/2014;
07/03/2014
Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 with .NET Framework 3.5 running on a Dell SC430; Microsoft Windows Vista SP1 (x64 version) with .NET Framework 3.5 running on a Dell SC430; Microsoft Windows 7 SP1 (x64 version) with .NET Framework 3.5 running on a HP Compaq dc7600; Microsoft Windows Server 2008 R2 SP1 (x64 version) with .NET Framework 4.0 running on a HP Compaq dc7600 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739, #781, and #1168); RSA (Certs. #353, #354, #371, #557, #559 and #568); HMAC (Certs. #407, #428, #673, and #687); SHS (Certs. #753, #783, and #1081); RNG (Cert. #477); DRBG (vendor-affirmed and Cert. #23)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Encryptics Cryptographic Library underpins Encryptics technology and offers protection by industry-standard, government approved algorithms to ensure that only authorized users and authorized devices are allowed to access private information stored within the .SAFE package. Encryptics for Email and Encryptics Data Protection API both leverage the Encryptics .SAFE Library to ensure use of FIPS 140-2 validated cryptography."
2161 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100F, 2150F and 4150F
(Hardware Versions: (NSA-1100-FWEX-F, NSA-2150-FWEX-F, and NSA-4150-FWEX-F) with FRU-686-0089-00; Firmware Version: 8.3.1)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/27/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1833, #2303 and #2305); Triple-DES (Certs. #1185, #1451 and #1453); SHS (Certs. #1612, #1988 and #1990); HMAC (Certs. #1086, #1418 and #1420); RNG (Certs. #964, #1146 and #1148); RSA (Certs. #1187 and #1189); DSA (Certs. #722 and #724)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2160 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 819G-4G-A-K9, 819G-4G-V-K9, 819H-K9, 819G-S-K9, 819HG-4G-G-K9, 891, 881, 1905, 1921 and 1941 Integrated Services Routers (ISRs)
(Hardware Versions: 819G-4G-A-K9 , 819G-4G-V-K9 , 819H-K9 , 819G-S-K9, 819HG-4G-G-K9, 881, 891, 1905 [1], 1921 [1], 1941 and FIPS-SHIELD-1900= [1] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/27/2014;
08/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1115, #1535, #1648 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #537, #538, #627 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #933, #934, #1038, #2182 and #2208); Triple-DES (Certs. #757, #758, #812 and #1566)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 800 and 1900 Series Integrated Services Routers are routers that provide collaborative business solutions for data communication to small businesses and enterprise teleworkers. They offer Metro Ethernet and multiple DSL technologies to provide business continuity. The routers provide the performance required for concurrent services, including firewall, intrusion prevention, content filtering, and encryption for VPNs for optimizing voice and video applications."
2159 Comtech EF Data Corporation
2114 West 7th Street
Tempe, AZ 85281
USA

-Wallace Davis
TEL: 480-333-2189

CST Lab: NVLAP 200928-0

Unified Crypto Module
(Hardware Version: PL-0000235-2; Firmware Version: 2.1.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/27/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1538, #2026 and #2417); Triple-DES (Cert. #1505); RNG (Certs. #1173 and #1193); SHS (Cert. #2074); HMAC (Cert. #1502); RSA (Cert. #1249); DSA (Cert. #755); ECDSA (Cert. #397)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip embedded

"The Comtech Unified Crypto Module features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via Comtech Satellite Modems, as well as firmware to provide the cryptographic functions needed to act as a endpoint for secure TLS- and SSH-based management and control traffic."
2158 INSIDE Secure
41 Parc Club du Golf
Aix-en-Provence, 13856
France

-Jerome Ducros
TEL: +33 (0)413758653

CST Lab: NVLAP 100432-0

VaultIC405™, VaultIC421™, VaultIC441™
(Hardware Versions: P/Ns: ATVaultIC405, ATVaultIC421 and ATVaultIC441; Platforms: ATVaultIC405M Silicon Rev C, ATVaultIC421M Silicon Rev C and ATVaultIC441M Silicon Rev C; Firmware Version: 1.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/20/2014 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Cert. #2119); DRBG (Cert. #231); DSA (Cert. #663); ECDSA (Cert. #316); HMAC (Cert. #1291); RSA (Cert. #1089); SHS (Cert. #1843); Triple-DES (Cert. #1348)

-Other algorithms: NDRNG; AES (Cert. #2119, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; DES MAC; Triple-DES (ISO9797; non-compliant); Triple-DES MAC (ISO9797; non-compliant); HOTP; RSA (encrypt/decrypt)

Single-chip

"The VaultIC405™, VaultIC421™ and VaultIC441™ is an Application Specific Standard Product (ASSP) designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection."
2157 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-Mocana Sales
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Hybrid Module
(Hardware Version: Freescale P2020 SEC 3.1; Software Version: 5.5fi)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 05/20/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with VxWorks 6.8 running on a XPedite5500 with a Freescale P2020 SEC3.1 processor (Single-user mode)

-FIPS Approved algorithms: AES (Certs. #2290 and #2291); DRBG (Cert. #284); DSA (Cert. #717); ECDSA (Cert. #372); HMAC (Cert. #1407); RNG (Cert. #1141); RSA (Cert. #1179); SHS (Cert. #1974); Triple-DES (Cert. #1440)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt)

Multi-chip standalone

"The Mocana Cryptographic Suite B Hybrid Module (Software Version 5.5fi) is a hybrid, multi-chip standalone cryptographic module that runs on a general purpose computer. The primary purpose of this module is to provide FIPS Approved cryptographic routines to consuming applications via an Application Programming Interface."
2156 Dell, Inc.
2300 West Plano Parkway
Plano, TX 75075
USA

-Chris Burchett
TEL: 512-723-8065
FAX: 972-577-4375

-Mike Phillips
TEL: 512-723-8420
FAX: 972-577-4375

CST Lab: NVLAP 200002-0

Dell-CREDANT Cryptographic Kernel (Windows Kernel Mode) [1] and Dell-CREDANT Cryptographic Kernel (Windows User Mode) [2]
(Software Version: 1.8 [1,2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/15/2014 Overall Level: 2 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 2 with Windows 7 Enterprise (32-bit) running on Dell Optiplex 755 [1]; Windows 7 Enterprise x64 Edition (64-bit) running on Dell Optiplex 755 [1]; Windows 7 Enterprise (32-bit) running on Dell Optiplex 755 [2]; Windows 7 Enterprise x64 Edition (64-bit) running on Dell Optiplex 755 [2]

-FIPS Approved algorithms: AES (Certs. #2130 and #2131); Triple-DES (Certs. #1353 and #1354); SHS (Certs. #1854 and #1855); HMAC (Certs. #1300 and #1301); DRBG (Certs. #235 and #236)

-Other algorithms: Rijndael; RNG (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant)

Multi-chip standalone

"CREDANT CmgCryptoLib (also known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library implementing AES, DRBG SP 800-90A [CTR], SHA-2 [256, 384, 512], HMAC [SHA-1 & SHA-2], and Triple-DES. CmgCryptoLib is used by commercial products including CREDANT Mobile Guardian (CMG) and Dell Data Protection Encryption (DDPE). CREDANT provides a centrally managed data protection platform for authentication, encryption, access controls and data recovery for laptops, desktops, removable media, smart phones, servers, network shares, cloud storage and applications."
2155 VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

-Eric Betts
TEL: 650-427-1902

CST Lab: NVLAP 200928-0

VMware NSS Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/14/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server with AES-NI; VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1619); AES (Cert. #2700); SHS (Cert. #2267); HMAC (Cert. #1681); DRBG (Cert. #443); DSA (Cert. #821); RSA (Cert. #1398)

-Other algorithms: RC2; RC4; DES; SEED; CAMELLIA; MD2; MD5; Triple-DES (non-compliant); ECDSA (non-compliant); HKDF (non-compliant); J-PAKE; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The VMware NSS Cryptographic Module is a software cryptographic library that provides FIPS 140-2 validated network security services to VMware products."
2154 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100E, 2150E and 4150E
(Hardware Versions: NSA-1100-FWEX-E, NSA-2150-FWEX-E, NSA-4150-FWEX-E with FRU-686-0089-00; Firmware Version: 8.3.1)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/14/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1833, #2303 and #2305); Triple-DES (Certs. #1185, #1451 and #1453); SHS (Certs. #1612, #1988 and #1990); HMAC (Certs. #1086, #1418 and #1420); RNG (Certs. #964, #1146 and #1148); RSA (Certs. #1187 and #1189); DSA (Certs. #722 and #724)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength).

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2153 McAfee, Inc.
2821 Mission College Boulevard
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Virtual Appliance for Crossbeam
(Software Version: 8.3.1)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/13/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with McAfee SecureOS v8.3 on Crossbeam XOS v9.9.0 running on a Crossbeam X80-S AC (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1963, #2304 and #2306); Triple-DES (Certs. #1275, #1452 and #1454); SHS (Certs. #1722, #1989 and #1991); HMAC (Certs. #1184, #1419 and #1421); RNG (Certs. #1032, #1147 and #1149); RSA (Certs. #1188 and #1190); DSA (Certs. #723 and #725): CVL (Certs. #127 and #129)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2152 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 2901, 2911, 2921, 2951, 3925, 3925E, 3945, 3945E and VG350 Integrated Services Routers (ISRs)
(Hardware Versions: 2901 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, A], 2911 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, B], 2921 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, C], 2951 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, D], [3925, 3925E, 3945, 3945E and VG350] [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, E], PVDM2-8 [1], PVDM2-16 [2], PVDM2-32 [3], PVDM2-48 [4], PVDM2-64 [5], PVDM3-16 [6], PVDM3-32 [7], PVDM3-64 [8], PVDM3-128 [9], PVDM3-192 [10], PVDM3-256 [11], FIPS-SHIELD-2901= [A], FIPS-SHIELD-2911= [B], FIPS-SHIELD-2921= [C], FIPS-SHIELD-2951= [D] and FIPS-SHIELD-3900= [E] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/13/2014;
08/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #803, #963, #1115, #1536 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #443, #538, #627 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #801, #934, #1038, #2182 and #2208); Triple-DES (Certs. #758, #812, #1037 and #1566)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
2151 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Papi Menon
TEL: 650-261-2413
FAX: 650-261-2401

CST Lab: NVLAP 200928-0

ProtectV StartGuard
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 05/13/2014 Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2012 (x64) on VMware ESXi 5.0 running on Dell PowerEdge R610 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2550); HMAC (Cert. #1571); SHS (Cert. #2151)

-Other algorithms: N/A

Multi-chip standalone

"ProtectV StartGuard authorizes whether or not a virtual machine instance secured by SafeNet ProtectV can be launched. StartGuard enables a challenge response authentication mechanism to be inserted in the boot transition process when ProtectV is being started up, during the transition between the first to second phase of the boot process. StartGuard is configurable to suit customers’ security and privacy requirements."
2150 Dell, Inc.
2300 West Plano Parkway
Plano, TX 75075
USA

-Chris Burchett
TEL: 512-723-8065
FAX: 972-577-4375

-Mike Phillips
TEL: 512-723-8420
FAX: 972-577-4375

CST Lab: NVLAP 200002-0

Dell-CREDANT Cryptographic Kernel (Mac Kernel Mode) [1], Dell-CREDANT Cryptographic Kernel (Mac User Mode) [2] and Dell-CREDANT Cryptographic Kernel (Linux User Mode) [3]
(Software Version: 1.8 [1,2,3])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/13/2014 Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Mac OS X Lion 10.7.3 (32-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [1]; Mac OS X Lion 10.7.3 (64-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [1]; Mac OS X Lion 10.7.3 (32-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [2]; Mac OS X Lion 10.7.3 (64-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [2]; Ubuntu Linux 11.04 (32-bit) running on a Dell Optiplex 755 [3]; Ubuntu Linux 11.04 (64-bit) running on a Dell Optiplex 755 [3] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2130 and #2131); Triple-DES (Certs. #1353 and #1354); SHS (Certs. #1854 and #1855); HMAC (Certs. #1300 and #1301); DRBG (Certs. #235 and #236)

-Other algorithms: Rijndael; RNG (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant)

Multi-chip standalone

"CREDANT CmgCryptoLib (also known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library implementing AES, DRBG SP 800-90A [CTR], SHA-2 [256, 384, 512], HMAC [SHA-1 & SHA-2], and Triple-DES. CmgCryptoLib is used by commercial products including CREDANT Mobile Guardian (CMG) and Dell Data Protection Encryption (DDPE). CREDANT provides a centrally managed data protection platform for authentication, encryption, access controls and data recovery for laptops, desktops, removable media, smart phones, servers, network shares, cloud storage and applications."
2149 Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0

nShield F3 10+ [1], nShield F3 500+ [2], nShield F3 6000+ [3], nShield F3 500+ for nShield Connect+ [4], nShield F3 1500+ for nShield Connect+ [5] and nShield F3 6000+ for nShield Connect+ [6]
(Hardware Versions: nC4033E-010 [1], nC4433E-500 [2], nC4433E-6K0 [3], nC4433E-500N [4], nC4433E-1K5N [5] and nC4433E-6K0N [6], Build Standard N; Firmware Version: 2.51.10-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/13/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Certs. #181 and #318); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
2148 Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0

nShield F3 10+ [1], nShield F3 500+ [2], nShield F3 6000+ [3], nShield F3 500+ for nShield Connect+ [4], nShield F3 1500+ for nShield Connect+ [5] and nShield F3 6000+ for nShield Connect+ [6]
(Hardware Versions: nC4033E-010 [1], nC4433E-500 [2], nC4433E-6K0 [3], nC4433E-500N [4], nC4433E-1K5N [5] and nC4433E-6K0N [6], Build Standard N; Firmware Version: 2.51.10-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/13/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Certs. #181 and #318); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
2147 SafeNet, Inc.
20 Colonnade Road, Suite 200
Ottawa, Ontario K2L1A1
Canada

-Paul Hampton
TEL: +44 (0) 1276 608057
FAX: +44 (0) 1276 608080

CST Lab: NVLAP 200427-0

SafeNet LUNA® EFT
(Hardware Version: GRK-15, Version Code 0100; Firmware Version: MAL1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/13/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2629); RNG (Cert. #1242); RSA (Cert. #1350); SHS (Cert. #2212); Triple-DES (Cert. #1578)

-Other algorithms: N/A

Multi-chip standalone

"SafeNet LUNA® EFT is designed for Electronic Funds Transfer (EFT) and payment system processing environments, providing powerful end-to-end security for online banking transactions and applications for credit, debit, and chip cards."
2146 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 881W, 881GW, 1941W, 891W, C819HGW+7-A-A-K9, C819HGW-V-A-K9, C819HGW-S-A-K9, and C819HWD-A-K9 Integrated Services Routers (ISRs)
(Hardware Versions: Cisco 881W, 881GW, 891W, C819HGW+7-A-A-K9, C819HGW-V-A-K9, C819HGW-S-A-K9, C819HWD-A-K9 and 1941W with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: Router Firmware Version: IOS 15.2(4)M6A and AP Firmware Version: 15.2.2-JB)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/13/2014;
08/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1115, #1535, #1648, #1791, #2611 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #537, #538, #627, #1606 and #1618); RNG (Cert. #1236); RSA (Certs. #1338 and #1347); SHS (Certs. #933, #934, #1038, #2194, #2182 and #2208); Triple-DES (Certs. #757, #758, #812 and #1566)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 800 Series Integrated Services Routers are fixed-configuration routers that provide collaborative business solutions for data communication to small businesses and enterprise teleworkers. They offer wireless, Metro Ethernet, and multiple DSL technologies to provide business continuity. The routers provide the performance required for concurrent services, including firewall, intrusion prevention, content filtering, and encryption for VPNs for optimizing voice and video applications."
2145 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 1941, 2901, 2911, 2921, 2951, 3925, 3945 Integrated Services Routers (ISRs) and ISM
(Hardware Versions: 1941 [12], 2901 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, A], 2911 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,13, B], 2921 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, C], 2951 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, D], [3925, 3945] [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, E], PVDM2-8 [1], PVDM2-16 [2], PVDM2-32 [3], PVDM2-48 [4], PVDM2-64 [5], PVDM3-16 [6], PVDM3-32 [7], PVDM3-64 [8], PVDM3-128 [9], PVDM3-192 [10], PVDM3-256 [11], ISM-VPN-19 [12], ISM-VPN-29 [13], ISM-VPN-39 [14], FIPS-SHIELD-2901= [A], FIPS-SHIELD-2911= [B], FIPS-SHIELD-2921= [C], FIPS-SHIELD-2951= [D] and FIPS-SHIELD-3900= [E] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/13/2014;
08/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #963, #1115, #1536, #2343 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #538, #627, #1452 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #934, #1038, #2020, #2182 and #2208); Triple-DES (Certs. #758, #812, #1466 and #1566)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options. The VPN ISM is a module for the ISRs that provides the capability to considerably increase performance for VPN encrypted traffic,"
2144 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiGate-3950B/3951B
(Hardware Versions: FortiGate-3950B and FortiGate-3951B with SKU-FIPS-SEAL-RED; Firmware Version: FortiOS v4.0, build3830, 131223)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/06/2014;
07/24/2014
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2278, #2607 and #2608); Triple-DES (Certs. #1425, #1572 and #1573); HMAC (Certs. #1396, #1615 and #1616); SHS (Certs. #1959, #2191 and #2192); RSA (Cert. #1169 and #1334); RNG (Cert. #1234)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
2143 Dell, Inc.
1925 Isaac Newton Square East
Suite 440
Reston, VA 20190
USA

-Joe Leslie
TEL: 949-754-1263
FAX: 949-754-8999

-Jason Raymond
TEL: 617-261-6968

CST Lab: NVLAP 200002-0

Dell AppAssure Crypto Library
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/06/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows 2008 R2 64-bit running on Dell PowerEdge T610 with AES-NI; Windows 2008 R2 64-bit running on Dell PowerEdge T610 without AES-NI; Windows 2012 64-bit running on Dell PowerEdge R720 with AES-NI; Windows 2012 64-bit running on Dell PowerEdge R720 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2601); RSA (Cert. #1329); SHS (Cert. #2185)

-Other algorithms: N/A

Multi-chip standalone

"The Dell AppAssure Crypto Module provides data encryption functionality. The Module is a software component used by other software products to encrypt and decrypt data. The Module implements AES (Rijndael) CBC mode functions. Physically, the Module is a DLL file delivered with a file containing the DLL's digital signature."
2142 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Version: 3.0.0.17)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/06/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Physical Security: N/A

-Operational Environment: Tested as meeting Level 1 with Timesys Linux 2.6.28-rt16 running on a Konica Minolta A5C1H020 with PowerPC (32-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2248); DRBG (Cert. #272); DSA (Cert. #700); ECDSA (Certs. #356 and #358); HMAC (Cert. #1377); RNG (Cert. #1122); RSA (Cert. #1153); SHS (Cert. #1937); Triple-DES (Cert. #1407)

-Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES; ECIES; Entropy RNG; HMAC MD5; MD2; MD5; OTP RNG; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2141 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200427-0

Brocade® FCX L2/L3 Switch and Brocade FastIron® SX Series L2/L3 Switch
(Hardware Versions: FI-SX800-S, FI-SX1600-AC, FI-SX1600-DC, FCX624S, FCX624S-HPOE-ADV, FCX624S-F-ADV, FCX648S, FCX648S-HPOE and FCX648S-HPOE-ADV with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: IronWare Release R07.3.00c)

(When operated in FIPS mode and with the tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/06/2014;
06/05/2014
Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2150); DRBG (Cert. #239); DSA (Cert. #668); HMAC (Cert. #1317); RSA (Cert. #1106); SHS (Cert. #1871); Triple-DES (Cert. #1363)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (non-compliant); RSA (key wrapping; non-compliant)

Multi-chip standalone

"The 24-port and 48-port models of the Brocade FCX Series of switches support Power over Ethernet (PoE) and non-PoE applications. They are designed to meet today's enterprise campus and data center network wire-speed and non-blocking performance requirement. The FastIron SX Series extends control from the network edge to the core with intelligent network services, such as Quality of Service (QoS). The FastIron SX Series provides a scalable, secure, low-latency, and fault-tolerant IP services solution for 1 and 10 Gigabit Ethernet (GbE) enterprise deployments."
2140 Uplogix, Inc.
7600B N. Capital of Texas Hwy., Suite 220
Austin, TX 78731
USA

-Martta Howard
TEL: 512-857-7043

CST Lab: NVLAP 200427-0

Uplogix 430 [1, a], 3200 [2, a], 500 [3, a, b] and 5000 [4, a b]
(Hardware Version: 43-1102-50 [1], 37-0326-04 [2], 61-5050-33 [3] and 61-5500-33 [4] with Tamper Evident Labels Part No. (61-0001-00); Firmware Version: 4.6.4.22900g [a] and 4.6.4.24340g [b])

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/30/2014;
05/20/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2293); CVL (Certs. #46, #47 and #48); DRBG (Cert. #285); DSA (Cert. #719); HMAC (Cert. #1409); RSA (Cert. #1181); SHS (Cert. #1976); Triple-DES (Cert. #1442)

-Other algorithms: AES (non-compliant); DES; DSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits); HMAC (non-compliant); HMAC-MD5-96; HMAC-SHA-96 (non-compliant); IKE KDF; MD5; PBKDF2-SHA-256; RC4; RNG (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); SHS (non-compliant); Triple-DES (non-compliant)

Multi-chip standalone

"Uplogix is a network independent management platform that locates with - and directly connects to - managed devices. Standing alone or augmenting existing centralized management tools, Uplogix provides configuration, performance and security management actions that are best performed locally. Local Management reduces operational costs, speeds problem resolution, and improves security and compliance versus centralized-only management. Our local focus on network device automation enables the transition to more network sensitive cloud and virtual infrastructure technologies."
2139 IBM® Corporation
1701 North Street, Building 256-3
Endicott, NY 13760
USA

-Brian W. Hugenbruch
TEL: 607-429-3660
FAX: 607-429-5920

-William F Penny
TEL: 845-435-3010
FAX: 845-433-7510

CST Lab: NVLAP 200658-0

IBM® z/VM® Version 6 Release 3 System SSL Cryptographic Module
(Hardware Version: z10 CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863; Software Version: 5735FAL00: z/VM Version 6 Release 3 plus APAR PM95516)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 04/30/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with z/VM Version 6 Release 3 running on IBM System z10 (TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #976 and #2627); Triple-DES (Certs. #769 and #1577); DSA (Cert. #792); RSA (Cert. #1344); SHS (Certs. #946 and #2203); HMAC (Cert. #1624); RNG (Cert. #1241); CVL (Cert. #110)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"Module Description: z/VM System SSL provides cryptographic functions which allows z/VM to protect data using the SSL/TLS protocols. z/VM System SSL also enables administrators to create and manage X.509 V3 certificates and keys within key database files."
2138 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-Shirley Stahl
TEL: 424-750-7424

CST Lab: NVLAP 200556-0

Symantec Java Cryptographic Module
(Software Version: 1.2)

(This module contains the embedded module RSA BSAFE® Crypto-J Software Module validated to FIPS 140-2 under Cert. #1786 operating in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/29/2014 Overall Level: 1 

-Physical Security: N/A

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 (64-Bit) with Sun JRE 6.0 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1911); DSA (Cert. #604); ECDSA (Cert. #271); DRBG (Cert. #160); HMAC (Cert. #1148); PBKDF (vendor affirmed); RNG (Cert. #1004); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; DESX; ECIES; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA Keypair Generation MultiPrime (non-compliant); HMAC-MD5

Multi-chip standalone

"The Symantec Java Cryptographic Module provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite."
2137 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Chela Diaz de Villegas
TEL: 651-628-1642

CST Lab: NVLAP 200416-0

McAfee Vulnerability Manager Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/29/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 64-bit running an Intel Xeon on a McAfee® Firewall Enterprise Control Center (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2176); Triple-DES (Cert. #1378); HMAC (Cert. #1332); SHS (Cert. #1888); RSA (Cert. #1122); RNG (Cert. #1102)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (non-compliant)

Multi-chip standalone

"The McAfee Vulnerability Manager Cryptographic Module scans specified targets for vulnerabilities and misconfiguration. It provides a management interface to configure the system and generate reports regarding the results of the scans."
2136 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba 7200 Series Controllers with ArubaOS FIPS Firmware
(Hardware Versions: Aruba 7210-F1, Aruba 7210-USF1, Aruba 7220-F1, Aruba 7220-USF1, Aruba 7240-F1, Aruba 7240-USF1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/09/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2479, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1522, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1268, #1376, #1379 and #1380); SHS (Certs. #2098, #2246, #2249 and #2250); Triple-DES (Certs. #1518, #1605 and #1607)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNGs; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2135 AFORE Solutions Inc.
2680 Queensview Drive
Suite 150
Ottawa, Ontario K2B 8J9
Canada

-Tim Bramble
TEL: 613-224-5995 x232
FAX: 613-224-5410

CST Lab: NVLAP 200928-0

CloudLink Crypto Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 9 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 04/24/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Ubuntu 12.04 on VMWare ESXi 5.1.0 running on a Dell PowerEdge R520 with AES-NI; Ubuntu 12.04 on VMWare ESXi 5.1.0 running on a Dell PowerEdge R520 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2545); Triple-DES (Cert. #1540); SHS (Cert. #2146); HMAC (Cert. #1566); RNG (Cert. #1220); DRBG (Cert. #378); RSA (Cert. #1300); DSA (Cert. #778); CVL (Cert. #104)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECC CDH (non-compliant); ECDSA (non-compliant); Dual-EC DRBG (non-compliant)

Multi-chip standalone

"The CloudLink Crypto Module is a general purpose cryptographic library which provides cryptographic services for all CloudLink application modules."
2134 Harris Corporation
RF Communications Division
1680 University Avenue
Rochester, NY 14610
USA

-James White
TEL: 585-242-3917

-Elias Theodorou
TEL: 585-720-8790

CST Lab: NVLAP 200928-0

RF-7800W Broadband Ethernet Radio
(Hardware Versions: RF-7800W-OU50x, OU47x and OU49x; Firmware Version: 2.00)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/24/2014 Overall Level: 2 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2606); Triple-DES (Cert. #1571); DRBG (Certs. #398); SHS (Cert. #2190); HMAC (Cert. #1614); RSA (Cert. #1333); DSA (Cert. #791); KAS (Cert. #41); CVL (Cert. #100)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"The RF-7800W(-OU47x,-OU49x,-OU50x) Broadband Ethernet Radio(BER) is designed for High Capacity Line of Sight (HCLOS) networks with broadband Ethernet requirements. The radio can be mounted on a mast for quick deployment or on a tower system and is designed for long haul backbone systems. The BER operates in the 4.4 - 5.8 GHz frequency band. The BER is an ideal wireless networking solution for public safety, first responders, training and simulation networks and long haul/short haul battlefield communications. The RF-7800W operates in Point-to-Point and Point to Multipoint in the same platform."
2133 SecureAgent® Software Inc.
2448 E. 81st Street
Tulsa, OK 74137
USA

-Steve Soodsmas
TEL: 918-971-1600
FAX: 918-971-1623

CST Lab: NVLAP 200416-0

SecureAgent® Software Cryptographic Module
(Software Version: 2.2.006)

(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/25/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Sun Solaris 10 running on an IDG 9074 Secure Communications Controller (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2044); SHS (Cert. #1790); HMAC (Cert. #1243); RNG (Cert. #1067)

-Other algorithms: NDRNG; AES (non-compliant); RSA (non-compliant); DSA (non-compliant); SHA-1 (non-compliant); SHA-224 (non-compliant); SHA-256 (non-compliant); SHA-384 (non-compliant); SHA-512 (non-compliant); ANSI X9.31 RNG (non-compliant); PBKDF (non-compliant); TDES (non-compliant); ARCFOUR; BLOWFISH; CAMELLIA; CAST5; DES; RC2; SEED; SERPENT; TWOFISH; Elgamal; HAVAL; MD2; MD4; MD5; RMD160; TIGER; TIGER1; TIGER2; WHIRLPOOL; SIMPLE_S2K; SALTED_S2K; ITERSALTED_S2K

Multi-chip standalone

"The SecureAgent® Software Cryptographic Module provides the core cryptographic services for several secure communications and controller systems designed and manufactured by SecureAgent® Software."
2132 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-3463

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-8000 S
(Hardware Version: P/N M-8000 S, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 7.1.15.4)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/30/2014 Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971); CVL (Certs. #57 and #58)

-Other algorithms: Diffie- Hellman (non-compliant); MD5; NDRNG

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2131 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-3463

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-8000 P
(Hardware Version: P/N M-8000 P, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 7.1.15.4)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/30/2014 Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971); CVL (Certs. #57 and #58)

-Other algorithms: NDRNG; RSA (non-compliant); Diffie-Hellman (non-compliant); MD5

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2130 Northrop Grumman M5 Network Security
Canberra, Australia Level 1 218 Northbourne Ave Braddon, ACT 2612
Level 1 / 218 Northbourne Ave
Braddon, ACT 2612
Australia

-Warwick Hoyle
TEL: +611300656019
FAX: +611300365893

-Kristian Howard
TEL: +611300656019
FAX: +611300365893

CST Lab: NVLAP 200900-0

SCS Linux Kernel Cryptographic Services module
(Software Version: kernel-PAE-2.6.32.14-127.scs.fips.fc12.i686)

(When operated in FIPS mode with module OpenSSL FIPS Object Module V2 validated to FIPS 140-2 under Cert. #1747 operating in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/06/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Fedora 12 (Linux 2.6.32 kernel) running on M5 Network Security model SCS-100; Fedora 12 (Linux 2.6.32 kernel) running on M5 Network Security model SCS-200 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2604); Triple-DES (Cert. #1569); RNG (Cert. #1232); SHS (Cert. #2188); HMAC (Certs. #1126 and #1612)

-Other algorithms: DES; Triple-DES CTR (non-compliant); AES GCM (non-compliant)

Multi-chip standalone

"A FIPS module that provides a C-language application program interface (API) for use by other processes that require cryptographic functionality within the SCS 100 and 200 hardware platforms."
2129 Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

-Udayan Borkar
TEL: 408-528-2361
FAX: 408-528-2540

-Colin Cooper
TEL: 408-528-2871
FAX: 408-528-2540

CST Lab: NVLAP 100432-0

RFS7000 SERIES Wireless Controller
(Hardware Versions: RFS-7010 and RFS-7010 GR; Firmware Version: 5.4.10.0-050GR)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/25/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #762 and #2625); HMAC (Cert. #1623); CVL (Certs. #106, #107, #108 and #109); RNG (Cert. #1240); RSA (Cert. #1342); SHS (Certs. #769 and #2201); Triple DES (Certs. #667 and #1576)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5

Multi-chip standalone

"The RFS-7000 wireless switch is a highly scalable management platform for managing large multi-site distributed and campus wireless networks. The RFS-7000 can manage networks of AP-7131N, AP-7161 and AP-7181 access points. Additionally, it provides functionality like centralized captive portal, centralized security (firewall, VPN) and high availability."
2128 Gigamon Inc.
598 Gibraltar Drive
Milpitas, CA 95035
USA

-Mike Valladao
TEL: 408-831-4000

CST Lab: NVLAP 200556-0

Gigamon Linux-Based Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode and when the module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/20/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with CentOS 6.3 on a GigaVUE-TA1(single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert. #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength);

Multi-chip standalone

"The Gigamon Linux-Based Cryptographic Module provides cryptographic functions for Gigamon products and solutions."
2127 Athena Smartcard, Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

-Ste´phanie Motre´
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0

IDProtect Duo with LASER PKI
(Hardware Version: STMicroelectronics ST23YR80 Rev. G; Firmware Version: Athena IDProtect 0204.0355.0702 with LASER PKI Applet 3.0)

(When operated in FIPS mode. No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/09/2014;
05/28/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1830); RSA (Cert. #919); Triple-DES (Cert. #1183); Triple-DES MAC (Triple-DES Cert. #1183, vendor affirmed); DRBG (Cert. #144); SHS (Cert. #1609); ECDSA (Cert. # 253); CVL (Cert. #8)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman (CVL Cert. #8, key agreement; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1830, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
2126 Integral Memory PLC.
Unit 6 Iron Bridge Close
Iron Bridge Business Park
Off Great Central Way
London, Middlesex NW10 0UF
United Kingdom

-Patrick Warley
TEL: +44 (0)20 8451 8700
FAX: +44 (0)20 8459 6301

-Francesco Rivieccio
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

CST Lab: NVLAP 200996-0

Integral AES 256 Bit Crypto SSD Underlying PCB
(Hardware Versions: INSSD32GS25MCR140-2(R); INSSD64GS25MCR140-2(R); INSSD128GS25MCR140-2(R); INSSD256GS25MCR140-2(R); INSSD512GS25MCR140-2(R); INSSD1TS25MCR140-2(R); INSSD32GS18MCR140-2(R); INSSD64GS18MCR140-2(R); INSSD128GS18MCR140-2(R); INSSD256GS18MCR140-2(R); INSSD512GS18MCR140-2(R); INSSD1TGS18MCR140-2(R); Firmware Version: S5FDM018)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/09/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2175); SHS (Cert. #1887); HMAC (Cert. #1335); DRBG (Cert. #254)

-Other algorithms: N/A

Multi-chip standalone

"Integral Crypto SSD is the Full Disk Encryption solution for Windows desktops and laptops. Featuring AES 256-bit Hardware Encryption so you can encrypt and protect your sensitive data and get the speed, reliability and power benefits of SSD. It comes in, 32 GB 64 GB 128 GB, 256 GB, 512 GB and 1TB SATA II & III versions. The devices feature an epoxy resin coating around both the circuit components and the printed circuit board (PCB)."
2125 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

ACT2Lite Module
(Hardware Version: 15-14497-02(NX315) or 15-14497-02(AT90S072); Firmware Version: 1.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/09/2014 Overall Level: 1 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2556 and #2742); DRBG (Certs. #384 and #461); ECDSA (Certs. #439 and #480); HMAC (Certs. #1576 and #1719); RSA (Certs. #1309 and #1438); SHS (Certs. #2156 and #2314)

-Other algorithms: NDRNG

Single-chip

"ACT2-Lite (Anti-Counterfeit Technology 2 Lite) is the ACT family (ACT 1T, Quack 1 and 2) next generation. It is an ancillary security device containing product identity information and assertion functionality to support product identity for various usages including anti-counterfeit functionality as well as other security functionality to be used across many different hardware platforms."
2124 Vidyo, Inc.
433 Hackensack Ave, 6th Floor
Hackensack, NJ 07601
USA

CST Lab: NVLAP 200556-0

Cryptographic Security Kernel
(Software Version: 2)

(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/09/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on a HP ProLiant GL380 without AES-NI; Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on a Dell PowerEdge R210 II with AES-NI; Mac OS X 10.6.8 32-bit running on a Mac Mini without AES-NI; Mac OS X 10.6.8 64-bit running on a Macbook Pro without AES-NI; Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on a Macbook Pro with AES-NI; Mac OS X 10.7.3 32-bit running on a Mac Mini without AES-NI; Mac OS X 10.7.3 64-bit running on a Macbook Air without AES-NI; Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on a Macbook Air with AES-NI; Windows XP with SP3 32 bit running on a IBM Thinkpad T60 without AES-NI; Windows XP with SP3 32 bit running on a Vidyo HD50 Room System with AES-NI; Windows 7 with SP1 32 bit running on a Mac Mini without AES-NI; Windows 7 with SP1 64 bit running on a Dell Precision M4300 without AES-NI; Windows 7 with SP1 32 bit running on a Vidyo HD40 Room System with AES-NI; Windows 7 with SP1 64 bit running on a Macbook Air with AES-NI; iOS 6.1 running on a Apple iPad 4; iOS 6.1 running on a Apple iPhone 5; Android 4.1.1 running on a Samsung Galaxy Tab 2 10.1; Android 4.1.1 running on a ASUS Transformer Prime; Android 4.1.2 running on a Samsung Galaxy Nexus S; Android 4.2.2 running on a Google Nexus 7; Android 4.0.4 running on a Samsung Galaxy SII; Android 4.1.2 running on a Samsung Galaxy SIII; Kindle Fire OS 8.4.3 running on a Amazon Kindle Fire HD 8.9 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2027, #2028 and #2576); DRBG (Certs. #194, #195 and #389); HMAC (Certs. #1229, #1230 and #1599); SHS (Certs. #1776, #1777 and #2175)

-Other algorithms: N/A

Multi-chip standalone

"The Vidyo Cryptographic Security Kernel (CSK) is a subset of the Vidyo Technology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications."
2123 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Virtual Appliance for VMware
(Software Version: 8.3.1)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/09/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with McAfee SecureOS v8.3 on VMware ESXi 5.0 running on a McAfee S7032 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1963, #2304 and #2306); Triple-DES (Certs. #1275, #1452 and #1454); SHS (Certs. #1722, #1989 and #1991); HMAC (Certs. #1184, #1419 and #1421); RNG (Certs. #1032, #1147 and #1149); RSA (Certs. #1188 and #1190); DSA (Certs. #723 and #725)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2122 VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

-Eric Betts
TEL: 650-427-1902

CST Lab: NVLAP 200928-0

VMware Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/04/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server; VMware vCloud Networking and Security 5.5.0a vShield Manager OS (VMware vCloud Networking and Security 5.5.0a App Firewall OS) on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1620); AES (Cert. #2701); SHS (Cert. #2268); HMAC (Cert. #1682); RNG (Cert. #1255); DSA (Cert. #822); RSA (Cert. #1399)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The VMware Cryptographic Module is a software library providing FIPS 140-2 -approved cryptographic algorithms and services for protecting data-in-transit and data-at-rest on VMware products and platforms."
2121 Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0

nShield F2 500+ [1], nShield F2 1500+ [2] and nShield F2 6000+ [3]
(Hardware Versions: nC3423E-500 [1], nC3423E-1K5 [2] and nC3423E-6K0 [3], Build Standard N; Firmware Version: 2.51.10-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/03/2014;
06/05/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Cert. #181); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 500+, nShield F2 1500+ and nShield F2 6000+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
2120 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0

Samsung OpenSSL Cryptographic Module
(Software Version: SecOpenSSL2.0.3)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/28/2014 Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Android Jelly Bean 4.1 running on Samsung Galaxy Note II; Android Jelly Bean 4.2 running on Samsung Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2351 and #2411); HMAC (Certs. #1458 and #1496); SHS (Certs. #2026 and #2069); Triple-DES (Certs. #1471 and #1501); RSA (Certs. #1212 and #1245); DSA (Certs. #735 and #753); ECDSA (Certs. #386 and #396); RNG (Certs. #1171 and #1190); DRBG (Certs. #299 and #321); CVL (Certs #56 and #72)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Triple-DES-CTR (non-compliant); AES-CTR (non-compliant); MD4; MD5; MDC-2; RC2; RC4; RIPEMD-160; Diffie-Hellman; md_rand.c; DRBG (Certs. #299 and #321; DUAL-EC; non-compliant)

Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
2119 Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

-Monty Forehand
TEL: 720-684-2835
FAX: 720-684-2733

-Harshad Thakar
TEL: 720-684-2580
FAX: 720-684-2733

CST Lab: NVLAP 100432-0

Seagate Secure® TCG Opal SSC Self-Encrypting Drive FIPS 140-2 Module
(Hardware Version: 1G1162 and 1G1164; Firmware Version: SM72, SM73, DM72, DM73, DM82, DM83, HM72, HM73, HM82, HM83, LM72 and LM73)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/28/2014;
05/21/2014;
06/27/2014
Overall Level: 2 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1343 and #1974); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225); HMAC (Cert. #1597)

-Other algorithms: NDRNG

Multi-chip embedded

"The cryptographic module (CM) in the Seagate Secure® TCG Opal SSC Self-Encrypting Drive provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
2118 Hewlett-Packard Development Company, L.P.
3000 Hanover Street
Palo Alto, CA 94394
USA

-Mihai Damian
TEL: 650-236-5870

-Sameer Popli
TEL: 650-258-3374

CST Lab: NVLAP 200002-0

NonStop Volume Level Encryption (NSVLE)
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/03/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Debian Linux HPTE Version 5.0.0 running on an HP ProLiant DL380 Gen8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2375 and #2376); Triple-DES (Cert. #1486); SHS (Cert. #2047); DRBG (Cert. #311); HMAC (Cert. #1477); RSA (Cert. #1230); CVL (Cert. #228)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); MD5

Multi-chip standalone

"HP NonStop Volume Level Encryption, or NSVLE, is a fully integrated encryption solution using FIPS Approved algorithms to protect data from threats such as theft and unauthorized disclosure."
2117 Juniper Networks, Inc.
1194 North Matilda Ave
Sunnyvale, CA 94089
USA

-Sue Lin
TEL: 408-936-8447
FAX: 408-936-1801

CST Lab: NVLAP 200697-0

Juniper Networks EX3300, EX4200, EX4500 Ethernet Switches
(Hardware Version: EX3300-24P, EX3300-24T, EX3300-24T-DC, EX3300-48T, EX3300-48T-BF, EX3300-48P, EX4200-24P, EX4200-24PX, EX4200-24T, EX4200-24F, EX4200-48P, EX4200-48PX, EX4200-48T, EX4500-40-FB and EX4500-40-BF with Tamper Evident Labels: 520-052564; Firmware Version: JUNOS 12.1R6.6)

(When operated in FIPS Mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 03/28/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1494, #1507, #1508 and #1514); AES (Certs. #2396, #2419, #2420 and #2475); DSA (Cert. #762); SHS (Certs. #2058, #2059, #2076, #2077 and #2094); RNG (Cert. #1187); RSA (Certs. #1251, #1252 and #1264); HMAC (Certs. #1488, #1489, #1504, #1505 and #1518); DRBG (Certs. #324, #325 and #338); CVL (Certs. #81)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); NDRNG

Multi-chip standalone

"EX Series Ethernet switches deliver access, aggregation, and core layer switching services in branch, campus, and data center networks to ensure fast, secure, reliable delivery of data and applications. All EX Series Ethernet Switches run the same Junos operating system as other Juniper switches, routers, and security solutions, ensuring consistent, predictable behavior across the entire network infrastructure."
2116 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst 4507R-E, Catalyst 4507R+E, Catalyst 4510R-E, Catalyst 4510R+E, Catalyst C4500X-16SFP+, Catalyst C4500X-F-16SFP+, Catalyst C4500X-32SFP+, Catalyst C4500X-F-32SFP+, Catalyst C4500X-24X-ES, Catalyst C4500X-40X-ES, Catalyst C4500X-24X-IPB with Supervisor Cards (WS-X45-SUP7-E, WS-X45-Sup7L-E) and Line Cards (WS-X4640-CSFP-E, WS-X4712-SFP+E, WS-X4748-NGPOE+E, WS-X4748-RJ45-E and WS-X4748-RJ45V+E)
(Hardware Version: Catalyst 4503-E [1, 3, 4, 5, 6, 8, A], Catalyst 4503-E [2, 5, 7, 8, A], Catalyst 4506-E [1, 3, 4, 5, 6, 7, 8, B], Catalyst 4506-E [2, 3, 4, 5, 6, 7, 8, B], Catalyst 4507R-E [1, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R-E [2, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R+E [1, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R+E [2, 3, 4, 5, 6, 7, 8, C], Catalyst 4510R-E [1, 3, 4, 5, 6, 7, 8, D], Catalyst 4510R+E [1, 3, 4, 5, 6, 7, 8, D], Catalyst C4500X-16SFP+ [E], Catalyst C4500X-F-16SFP+ [E], Catalyst C4500X-32SFP+ [E], Catalyst C4500X-F-32SFP+ [E], Catalyst C4500X-24X-ES [E], Catalyst C4500X-40X-ES [E], Catalyst C4500X-24X-IPB [E], Supervisor Card WS-X45-SUP7-E [1], Supervisor Card WS-X45-SUP7L-E [2], Line Card WS-X4748-RJ45V+E [3], Line Card WS-X4712-SFP+E [4], Line Card WS-X4640-CSFP-E [5], Line Card WS-X4748-NGPOE+E [6], Line Card WS-X4748-RJ45-E [7], Filler Plate (C4K-SLOT-CVR-E) [8] and FIPS kit packaging (WS-C4503-FIPS-KIT= [A], WS-C4506-FIPS-KIT= [B], WS-C4507-FIPS-KIT= [C], WS-C4510-FIPS-KIT= [D] and CVPN4500FIPS/KIT= [E]); Firmware Version: IOS-XE 3.5.2E)

(When operated in FIPS mode with tamper evident labels and security devices installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/26/2014;
04/16/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1589, #2057 and #2624); CVL (Cert. #105); DRBG (Cert. #403); HMAC (Cert. #1622); RSA (Certs. #1339 and #1341); SHS (Certs. #2198 and #2200); Triple-DES (Cert. #1575)

-Other algorithms: Diffie-Hellman (CVL Cert. #105, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD4; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev."
2115 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiAnalyzer-4000B
(Hardware Version: 4000-B with SKU-FIPS-SEAL-RED; Firmware Version: v4.0, build3059, 130918)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 03/26/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1608 and #1609); AES (Cert. #2681); SHS (Certs. #2251 and #2252); RNG (Cert. #1251); RSA (Cert. #1030); HMAC (Certs. #1667 and #1668)

-Other algorithms: Diffie-Hellman (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data."
2114 Proofpoint Incorporated
892 Ross Drive
Sunnyvale, CA 94107
USA

-Jun Wang
TEL: 408-338-6680
FAX: 408-517-4710

CST Lab: NVLAP 200427-0

Proofpoint Security Library
(Software Version: 2.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/26/2014 Overall Level: 1 

-Physical Security: N/A

-Operational Environment: Tested as meeting Level 1 with Dell Latitude E6400 w/ Cent OS 5 running JRE 1.6 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1814); ECDSA (Cert. #250); RNG (Cert. #956); RSA (Cert. #909); SHS (Cert. #1591)

-Other algorithms: AES RNG; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); Extended Secure Remote Password; Secure Remote Password; RC2; Triple-DES (non-compliant)

Multi-chip standalone

"The module is a Java language cryptographic component to be used by the various Proofpoint security products. The module is designed to meet Level 1 requirements of FIPS 140-2 standard. The module is a cryptographic library that provides variety of cryptographic services (both approved as well as non-approved). The module can be executed on any general-purpose PC and operating system capable of running JRE 1.6 or later."
2113 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiGate-VM Virtual Appliances
(Software Version: 4.0 MR3)

(When operated in FIPS mode and when installed, initialized and configured as specified in Section FIPS 140-2 Compliant Operation of the provided Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/25/2014 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: N/A
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with FortiOS 4.0 MR3 on VMWare ESXi 5.0.0 Update 1 running on a Dell PowerEdge R410

-FIPS Approved algorithms: Triple-DES (Certs. #1503 and #1504); AES (Certs. #2414 and #2415); SHS (Certs. #2071 and #2072); HMAC (Certs. #1500 and #1501); RSA (Cert. #1248); RNG (Cert. #1192)

-Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 188 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"FortiGate virtual appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform."
2112 AT&T Services, Inc.
530 McCullough, 2B60
San Antonio, TX 78215
USA

-Jody Hagemann
TEL: 732-457-1891

CST Lab: NVLAP 200928-0

AT&T Toggle Cryptographic Security Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/25/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110; Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110; Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2; Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2; iOS v5 running on a iPad3; iOS v6 running on a iPhone5; Android v4.1 running on a Samsung Galaxy SIII (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2489); Triple-DES (Cert. #1526); SHS (Cert. #2107); HMAC (Cert. #1531); RNG (Cert. #1206); DRBG (Cert. #347); RSA (Cert. #1283); DSA (Cert. #768); ECDSA (Cert. #417); CVL (Cert. #88)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"The AT&T Toggle Cryptographic Security Module (TCSM) 1.0 provides cryptographic services for the Toggle. The TCSM modules provide low level Encryption and MAC Hashing routines, for protecting and securing mobile devices. The TCSM provides a highly secure encrypted container for enterprise-managed mobile applications, content and data to enable a highly secure mobile workspace that separates corporate information from personal information on the same mobile device. Toggle provides application level security, an automated application wrapping process and dynamic app-based security policy cont"
2111 Christie Digital Systems Canada, Inc.
809 Wellington St. N.
Kitchener, Ontario N2G 4Y7
Canada

-Kevin Draper
TEL: 519-741-3741
FAX: 519-741-3912

CST Lab: NVLAP 200802-0

Christie IMB-S2 4K Integrated Media Block (IMB)
(Hardware Version: 000-102675-01; Firmware Versions: 1.0.1-2641, 1.0.3-3047, 1.1.0-3271, 1.2.0-3400, 1.2.1-3546, 1.3.0-3704, 1.3.2-3709 or 1.5.0-3848)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/21/2014;
06/05/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2042 and #2043); SHS (Certs. #1788 and #1789); HMAC (Certs. #1241 and #1242); RNG (Certs. #1066 and #1230); RSA (Cert. #1062); CVL (Cert. #97)

-Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TI ECDH; TI S-box

Multi-chip embedded

"The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material."
2110 BlackBerry Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Security Certifications Team
TEL: 519-888-7465 x72921
FAX: 905-507-4230

CST Lab: NVLAP 200928-0

BlackBerry Cryptographic Library for Secure Work Space
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section A.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/21/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110; Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110; Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2; Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2; iOS v5 running on a iPad3; iOS v6 running on a iPhone5; Android v4.1 running on a Samsung Galaxy SIII (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2544); Triple-DES (Cert. #1539); SHS (Cert. #2145); HMAC (Cert. #1565); RNG (Cert. #1209); DRBG (Cert. #377); RSA (Cert. #1298); DSA (Cert. #776); ECDSA (Cert. #436); CVL (Cert. #89)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"BlackBerry® provides a suite of hardware, software, and services, which allow customers to utilize a single end-to-end Mobile Device Management (MDM) solution. The BlackBerry Cryptographic Library for Secure Work Space is a software module that provides cryptographic services required for secure operation of non-BlackBerry® devices running supported operating systems, when used in conjunction with BlackBerry® MDM solutions."
2109 Juniper Networks, Inc
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Odyssey Security Component Kernel Mode
(Software Version: 2.50)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/21/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows 7 SP1 64-bit on Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1990); Triple-DES (Cert. #1291); SHS (Cert. #1745); HMAC (Cert. #1203); DSA (Cert. #636); RSA (Cert. #1032); RNG (Cert. #1045)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112-bits of encryption strength); AES (Cert. #1990, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC Kernel Mode is a kernel-mode binary module for the Windows operating system."
2108 OpenPeak, Inc.
1750 Clint Moore Road
Boca Raton, FL 33487
USA

-Eric Jen
TEL: 561-289-0214

-Howard A. Kwon
TEL: 561-893-7930
FAX: 561-208-8026

CST Lab: NVLAP 200928-0

OpenPeak Cryptographic Security Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/19/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110; Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110; Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2; Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2; iOS v5 running on a iPad3; iOS v6 running on a iPhone5; Android v4.1 running on a Samsung Galaxy SIII (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2489); Triple-DES (Cert. #1526); SHS (Cert. #2107); HMAC (Cert. #1531); RNG (Cert. #1206); DRBG (Cert. #347); RSA (Cert. #1283); DSA (Cert. #768); ECDSA (Cert. #417); CVL (Cert. #88)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"The OpenPeak Cryptographic Security Module (OCSM) 1.0 provides underlying cryptography primitives for OpenPeak’s ADAM platform, an advanced device and application management suite that provides comprehensive Mobile Enterprise Management as a cloud-hosted service. The OCSM provides a secure encrypted container for enterprise-managed applications, content and data to enable a highly secure mobile workspace that separates corporate information from personal information on the same mobile device."
2107 Vocera Communications, Inc.
525 Race Street
San Jose, CA 95126
USA

-Thirumalai T. Bhattar
TEL: 408-882-5841
FAX: 408-882-5101

-Ken Peters
TEL: 408-882-5858
FAX: 408-882-5101

CST Lab: NVLAP 200996-0

Vocera Cryptographic Module
(Hardware Version: 88W8688; Software Version: 2.1; Firmware Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 03/19/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Vocera Embedded Linux Version 1.1 running on a Vocera B3000 badge (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2224 and #2225); HMAC (Cert. #1353); SHS (Cert. #1914); RSA (Cert. #1139); DRBG (Cert. #261)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"Vocera B3000 Badge is a wearable hands-free voice-controlled device that provides easy-to-use and instantaneous communication on a wireless LAN network. The Vocera Cryptographic Module, embedded in the B3000 Badge, ensures protected communications using industry-standard secure wireless communication protocols."
2106 DTECH LABS, Inc.
22876 Shaw Road
Sterling, VA 20166
USA

-Brian K. Everhart
TEL: 703-547-0638

-Patrick Higdon
TEL: 703-563-0633

CST Lab: NVLAP 200427-0

M3-SE-RTR2 and TXC3
(Hardware Versions: M3-SE-RTR2-FIPS and TXC3-FIPS with DT-FIPS-TEL; Firmware Version: 15.2(2)GC)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/19/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2031); DRBG (Cert. #196); HMAC (Certs. #537 and #1232); RSA (Cert. #1055); SHS (Certs. #933 and #1779); Triple-DES (Certs. #757 and #1310)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The M3-SE-RTR2 and TXC3 are high-performance, ruggedized routers utilizing the Cisco 5915 ESR. With onboard hardware encryption, the Cisco 5915 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The M3-SE-RTR2 and TXC3 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
2105 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiAnalyzer 4.0 MR3
(Firmware Version: v4.0, build3059, 130918)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 03/19/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Tested: FortiAnalyzer 4000-B with FortiAnalyzer v4.0, build3059, 130918

-FIPS Approved algorithms: Triple-DES (Certs. #1608 and #1609); AES (Cert. #2681); SHS (Certs. #2251 and #2252); RNG (Cert. #1251); RSA (Cert. #1030); HMAC (Certs. #1667 and #1668)

-Other algorithms: Diffie-Hellman (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data."
2104 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E7500
(Hardware Version: P/N 101-500226-54, Rev. A; Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/18/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2103 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2L1A1
Canada

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

ProtectServer Gold (PSG)
(Hardware Versions: B2, B3, B4 and PSG-01-0101; Firmware Version: 3.20.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/14/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2605); DSA (Cert. #790); ECDSA (Cert. #449); HMAC (Cert. #1613); RNG (Cert. #1233); RSA (Cert. #1332); SHS (Cert. #2189); Triple-DES (Cert. #1570); Triple-DES MAC (Triple-DES Cert. #1570, vendor affirmed)

-Other algorithms: AES (Cert. #2605, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (AES Cert. #2605, non-compliant); ARIA; CAST 128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112-bits of encryption strength); ECIES; IDEA 128; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112-bits of encryption strength); SEED 128; SEED MAC; Triple-DES (Cert. #1570, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-chip embedded

"The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
2102 Juniper Networks, Inc.
1194 North Matilda Ave
Sunnyvale, CA 94089
USA

-Sue Lin
TEL: 408-936-8447
FAX: 408-936-1801

CST Lab: NVLAP 200697-0

Juniper Networks EX6200 and EX8200 Ethernet Switches Routing Engines
(Hardware Versions: EX6200-SRE64-4XS, EX8208-SRE320 and EX8216-RE320 with Tamper Evident Labels: 520-052564; Firmware Version: JUNOS 12.1R6.6)

(When operated in FIPS Mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 03/11/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1494, #1507, #1508 and #1514 ); AES (Certs. #2396, #2419, #2420 and #2475); DSA (Cert. #762); SHS (Certs. #2058, #2059, #2076, #2077 and #2094); RNG (Cert. #1187); RSA (Certs. #1251, #1252 and #1264); HMAC (Certs. #1488, #1489, #1504, #1505 and #1518); DRBG (Certs. #324, #325 and #338); CVL (Certs. #81)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); NDRNG

Multi-chip standalone

"EX Series Ethernet switches deliver access, aggregation, and core layer switching services in branch, campus, and data center networks to ensure fast, secure, reliable delivery of data and applications. All EX Series Ethernet Switches run the same Junos operating system as other Juniper switches, routers, and security solutions, ensuring consistent, predictable behavior across the entire network infrastructure."
2101 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 100432-0

Symantec App Center Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/14/2014;
04/03/2014
Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3; iOS 7 running on a iPad 3; Android 4.0 running on a Galaxy Nexus (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Symantec App Center Server Cryptographic Module Version 1.0 provides cryptographic functions for Symantec App Center, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices."
2100 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200928-0

Cisco FIPS Object Module
(Software Version: 4.1)

(When installed, initialized and configured as specified in the Security Policy Section 3.2 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/07/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Linux 2.6 running on an Octeon Evaluation Board EBH5200 without Octeon; Linux 2.6 running on an Octeon Evaluation Board EBH5200 with Octeon; Linux 2.6 running on a Cisco ASR1002; Android v4.0 running on a Samsung Galaxy S II; Windows 7 running on a Cisco UCS C200 M2 without AES-NI; Windows 7 running on a Cisco UCS C210 M2 with AES-NI; FreeBSD 9.0 running on a Cisco UCS C210 M2 without-AES-NI; Linux 2.6 running on a Cisco UCS C22 M3 with AES-NI; Linux 2.6 running an Intel Xeon on a Cisco UCS C200 M2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2678 and #2685); Triple-DES (Certs. #1606 and #1611); SHS (Certs. #2247 and #2256); HMAC (Certs. #1664 and #1672); DRBG (Certs. #431 and #435); RSA (Certs. #1377 and #1385); DSA (Certs. #812 and #814); ECDSA (Certs. #467 and #471); CVL (Certs. #151 and #153)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less then 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols."
2099 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Joe Tomasello
TEL: 415-344-5756

-Andy Pang
TEL: 415-247-7341

CST Lab: NVLAP 200928-0

Riverbed Cryptographic Security Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 4 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/07/2014;
04/16/2014
Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with RiOS 8.0 x86 32-bit running on Riverbed Steelhead Appliance; RiOS 8.0 x86 64-bit running on Riverbed Steelhead Appliance; RiOS 8.0 x86 64-bit on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; RiOS 8.0 x86 64-bit on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; Stingray Traffic Manager Virtual Appliance x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; Stingray Traffic Manager Virtual Appliance x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; RiOS 8.0 x86 64-bit running on Riverbed Steelhead Appliance with AES-NI; Granite OS 2.0 running on Riverbed Granite Core Appliance; Granite OS 2.0 x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; Granite OS 2.0 x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; Whitewater OS 3.0 running on Whitewater Appliance without AES-NI; Whitewater OS 3.0 running on Whitewater Appliance with AES-NI; Whitewater OS 3.0 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; Whitewater OS 3.0 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; Interceptor OS 4.5 running on Riverbed Interceptor Appliance (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2374); Triple-DES (Cert. #1485); SHS (Cert. #2046); HMAC (Cert. #1476); RNG (Cert. #1179); DRBG (Cert. #310); RSA (Cert. #1229); DSA (Cert. #745); ECDSA (Cert. #392); CVL (Cert. #65)

-Other algorithms: RSA (encrypt/decrypt); EC Diffie-Hellman

Multi-chip standalone

"The Riverbed Cryptographic Security Module provides the cryptographic functionality for a variety of Riverbed's platforms including Steelhead and Granite appliances. These network appliances deliver a scalable Wide Area Data Services (WDS) solution, transparently and securely optimizing performance across an enterprise network, and the Stingray software family is used to optimize, secure, and accelerate performance of online applications."
2098 Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Ciotat, 13705
France

-Arnaud Lotigier
TEL: +33 4 42 36 60 74
FAX: +33 4.42.36.55.45

CST Lab: NVLAP 100432-0

IDPrime MD 830
(Hardware Version: SLE78CFX3009P; Firmware Version: IDCore30 Build 1.17, IDPrime MD Applet version V4.1.2.F and MSPNP Applet V1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/05/2014 Overall Level: 3 

-FIPS Approved algorithms: RNG (Cert. #1128); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed); AES (Cert. #2261); RSA (Certs. #1158 and #1163); ECDSA (Cert. #363); CVL (Cert. #41); SHS (Cert. #1946)

-Other algorithms: AES (Cert. #2261, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1413, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength)

Single-chip

"IDPrime MD 830 is a Minidriver enabled PKI smartcard, offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure."
2097 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Version: 4.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/05/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 32-bit); Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 64-bit); Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit); Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with AES-NI (x86 32-bit); Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit); Red Hat Enterprise Linux 5.5 running on a HP rx2600 (Itanium2 64-bit); Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit); Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit); Red Hat Enterprise Linux 6.0 running on a Intel Maho Bay with AES-NI (x86 64-bit); Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8 32-bit); Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8+ 32-bit); Oracle Solaris 10 running on a Sun Fire V240 (SPARC v9 64-bit); Oracle Solaris 10 running on a Dell Poweredge SC420 (x86 32-bit); Oracle Solaris 10 running on a Intel Sugar Bay with AES-NI (x86 32-bit); Oracle Solaris 10 running on a Dell Dimension E521 (x86 64-bit); Oracle Solaris 10 running on a Intel Sugar Bay with AES-NI (x86 64-bit); Microsoft Windows XP Professional SP3 running on a Dell Poweredge SC420 (x86 32-bit); Microsoft Windows XP Professional SP3 running on a Dell Precision M6500 with AES-NI (x86 32-bit); Microsoft Windows XP Professional SP2 running on a Indus Technologies Idex 410 (x86 64-bit); Microsoft Windows 7 SP1 running on a Dell Precision M6500 with AES-NI (x86 64-bit); Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 32-bit); Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 64-bit); Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit); Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit); IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 32-bit); IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 64-bit); IBM AIX v6.1 running on a IBM 9110-51A (PPC 32-bit); IBM AIX v6.1 running on a IBM 9110-51A (PPC 64-bit); IBM AIX v7.1 running on a IBM 8231-E2B (PPC 32-bit); IBM AIX v7.1 running on a IBM 8231-E2B (PPC 64-bit); HP HP-UX 11.23 running on a HP Visualize C3600 (PA RISC 2.0 32-bit); HP HP-UX 11.23 running on a HP Visualize C3600 (PA-RISC 2.0W 64-bit); HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 32-bit); HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 64-bit); Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 32-bit); Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RNG (Cert. #1057); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2096 WatchDox, Inc.
299 S California Ave.
Palo Alto, CA 94306
USA

-Adi Ruppin
TEL: 800-209-1688

CST Lab: NVLAP 200427-0

WatchDox® CryptoModule
(Software Version: 1.0)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/05/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6 running on a Dell Poweredge SC1420 without AES-NI (gcc Compiler Version 4.4.4); Windows 7 32-bit running on an Intel Core (x64) with AES-NI running on an Intel Client Desktop (gcc Compiler Version 4.7.3); Apple iOS 6.1 running on an ARMv7 with NEON on an iPhone 5 (gcc Compiler Version 4.2.1); Android 4.1 running on an ARM Cortex A9 with NEON on a Samsung Galaxy S3 Mini (gcc Compiler Version 4.6.3) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2623); ECDSA (Cert. #451); HMAC (Cert. #1621); RNG (Cert. #1239); RSA (Cert. #1340); SHS (Cert. #2199)

-Other algorithms: CVL (non-compliant); DRBG (non-compliant); DSA (non-compliant); EC Diffie-Hellman; RSA (encrypt/decrypt); Triple-DES (non-compliant)

Multi-chip standalone

"The WatchDox Crypto Module provides the services necessary to support the cryptographic features and functions of the WatchDox Secure File Sharing services and products."
2095 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 100432-0

App Center Server Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/28/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with CentOS 6.3 on a Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"App Center Server Cryptogrpahic Module provides cryptographic functions for the Server component of Symantec App Center, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices."
2094 Securonix, Inc.
5777 W. Century Blvd.
Suite #838
Los Angeles, CA 90045
USA

-Chris Bell
TEL: 415-380-0806

CST Lab: NVLAP 100432-0

Intelligence Platform Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/28/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with CentOS 6.3 on a Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Intelligence Platform Cryptographic Module provides cryptographic functions for the Intelligence Platform products from Securonix."
2093 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst 3560-C [1], 3560-X [2] and 3750-X [3] Switches
(Hardware Versions: [3560CG-8PC-S, 3560CG-8TC-S and 3560CPD-8PT-S] [1] [B], [(WS-C3560X-24P-L and WS-C3560X-48T-L) [2] and (WS- C3750X-12S, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P and WS-C3750X-48T) [3]] with [C3KX-SM-10G, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK and C3KX-NM-10GT] [A] with FIPS kit packaging [C3KX-FIPS-KIT 700-34443-01] [A] and [C3KX-FIPS-KIT 47-25129-01] [B]; Firmware Version: 15.0(2)SE4)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/27/2014;
03/12/2014
Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1269, #1275 and #2134); DRBG (Cert. #237); HMAC (Cert. #1304); RSA (Cert. #1100); SHS (Cert. #1858); Triple-DES (Cert. #1358)

-Other algorithms: AES (Cert. #2134, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules."
2092 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0

Samsung FIPS BC for Mobile Phone and Tablet
(Software Versions: SBC1.45_2.0 and SBC1.45_2.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/26/2014 Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Android Jelly Bean 4.1 running on Samsung Galaxy Note II; Android Jelly Bean 4.2 running on Samsung Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2353 and #2409); SHS (Certs. #2027 and #2067); RNG (Certs. #1172 and #1189); Triple-DES (Certs. #1472 and #1499); HMAC (Certs. #1459 and #1494); RSA (Certs. #1213 and #1243); DSA (Certs. #736 and #751)

-Other algorithms: Blowfish; Camellia; Camellia Light; CAST5; CAST6; DES; GOST28147-89; IDEA; IES; Rijndal; RC2; RC4; RC5; RC6; SEED; Serpent; TEA; Twofish; XTEA; Grain218; GrainV1; HC128; HC256; ISAAC; Salsa20; VMPC; Elgamal; Naccache-Stern; MD2; MD4; MD5; RIPEMD-128; RIPEMD-160; RIPEMD-256; RIPEMD-320; Tiger; Whirlpool; GOST3411; ISO9797; HMAC based on RFC 2104; VMPC-MAC; SRP6; ECMQV; Digest random generator; VMPC random number generator; Thread-based seed generator; Reverse window generator; AES light (non-compliant); ECDSA (non-compliant); AES-CMAC (non-compliant); Triple-DES-CMAC (non-compliant); Skipjack (non-compliant); Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); RSA (non-compliant); DSA (non-compliant)

Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
2091 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs)
(Hardware Versions: [15454-M2-SA, 15454-M6-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9 and 15454-M-WSE-K9] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 9.8)

(When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/26/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2352, #2369, #2546 and #2548); DRBG (Certs. #379 and #381); HMAC (Certs. #1567 and #1569); KBKDF (Cert. #12); RSA (Certs. #1301 and #1303); SHS (Certs. #2147 and #2149); Triple-DES (Cert. #1541)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4

Multi-chip standalone

"The Cisco ONS 15454 Multiservice Transport Platform (MSTP) is the most deployed metropolitan-area (metro) and regional dense wavelength division multiplexing (DWDM) solution in the world featuring two- through eight-degree reconfigurable optical add/drop multiplexer (ROADM) technology that enables wavelength provisioning across entire networks and eliminates the need for optical-to-electrical-to-optical (OEO) transponder conversions."
2090 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco ASR 1001 [1][K1], ASR 1002 [2][K2][E1 or E2], ASR1002-X [3][K2], ASR 1004 [4][K3][R1 or R2][E2, E3 or E4], ASR 1006 [5][K4][single or dual E2, E3, E4 or E5][dual R1 or R2] and ASR 1013 [6][K5][E4 or E5][R2]
(Hardware Versions: ASR1001 [1], ASR1002 [2], ASR1002-X [3], ASR1004 [4], ASR1006 [5] and ASR1013 [6]; FIPS KITs: ASR1001-FIPS-Kit [K1], ASR1002- FIPS-Kit [K2], ASR1004-FIPS-Kit [K3], ASR1006-FIPS-Kit [K4] and ASR1013-FIPS-Kit [K5]; Embedded Services Processors: ASR1000-ESP5 [E1], ASR1000-ESP10 [E2], ASR1000-ESP20 [E3], ASR1000-ESP40 [E4] and ASR1000-ESP100 [E5]; Route Processors: ASR-1000-RP1 [R1] and ASR-1000-RP2 [R2]; Firmware Version: 3.7.2tS)

(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/26/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #333, #2346 and #2549); DRBG (Cert. #382); HMAC (Certs. #137, #1455 and #1570); RNG (Certs. #154 and #1170); RSA (Cert. #1304); SHS (Certs. #408, #2023 and #2150); Triple-DES (Certs. #397, #1469 and #1543)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; IKE KDF; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-1 (non-compliant); SNMPv3 KDF; SSH KDF; TLS KDF

Multi-chip standalone

"The ASR 1000 Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services, and reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating environments."
2089 HGST, Inc.
5601 Great Oaks Parkway
Building 50-3/C-346
San Jose, CA 95119
USA

-Rajesh Kukreja
TEL: 408-717-6261
FAX: 408-717-9494

-Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0

HGST Ultrastar SSD800/1000 TCG Enterprise SSDs
(Hardware Versions: P/Ns HUSMH8080ASS205 [0001], HUSMH8040ASS205 [0001], HUSMH8020ASS205 [0001], HUSMM8080ASS205 [0001], HUSMM8040ASS205 [0001], HUSMM8020ASS205 [0001], HUSMR1010ASS205 [0001], HUSMR1050ASS205 [0001] and HUSMR1025ASS205 [0001]; Firmware Version: R210, R230 or R232)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/25/2014;
04/03/2014;
04/11/2014;
07/17/2014;
09/12/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed);

-Other algorithms: AES (Cert. #2365, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG

Multi-chip embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar SSD800/1000 series are 12Gbs SAS, TCG Enterprise SSDs."
2088 McAfee, Inc.
2821 Mission College Blvd.
Suite 100
Santa Clara, CA 95054
USA

-James Reardon
TEL: 651-628-5346

CST Lab: NVLAP 200928-0

McAfee Database Security Sensor Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 4)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/25/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 64-bit with VMWare ESXi 4.0 running on a HP Proliant DL185 GS; Windows Server 2008 64-bit with VMWare ESXi 5.0 running on a HP Proliant DL380 GS; AIX 5.3 on a IBM 9115-305; HP-UX 11.23 running on a HP RX2600 Server; Red Hat Enterprise Linux 5.9 with VMWare ESXi 5.0 running on a Dell PowerEdge R510; CentOS 5.5 with VMWare ESXi 5.0 running on a Dell PowerEdge R510; SUSE 11 patch 2 with VMWare ESXi 5.0 running on a Dell PowerEdge R510; Solaris 9 running on a Sun UltraSPARC C-III (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1557); AES (Cert. #2571); SHS (Cert. #2166); HMAC (Cert. #1587); RNG (Cert. #1223); DSA (Cert. #786); RSA (Cert. #1318)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The McAfee Database Security Sensor Cryptographic Module Version 1.0, is a software shared library that provides cryptographic services required by the McAfee Database Security Sensor."
2087 Fixmo Inc.
22375 Broderick Dr.
Suite 227
Sterling, VA USA

-Daniel Ford
TEL: 443-380-3673

CST Lab: NVLAP 200556-0

Server Crypto Module
(Software Version: 1.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/24/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755; CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Fixmo Server Crypto Module provides cryptographic functions for Fixmo products and solutions."
2086 Oracle Corporation
500 Eldorado Blvd., Bldg 5
Broomfield, CO 80021
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0

StorageTek T10000C Tape Drive
(Hardware Version: P/N 7054185; Firmware Version: 1.57.308)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/22/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1568, #1570, #2404, #2405, #2406, #2407 and #2412); DRBG (Cert. #322); HMAC (Certs. #1497 and #1498); SHS (Certs. #2065 and #2066); RSA (Cert. #1246); CVL (Cert. #82)

-Other algorithms: AES (Cert. #2406, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"The Oracle StorageTek T10000C Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000C Tape Drive delivers the world’s fastest write speeds to a native 5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution."
2085 Curtiss-Wright Controls Defense Solutions
333 Palladium Drive
Kanata, Ontario K2V 1A6
Canada

-Aaron Frank
TEL: 613-599-9199 ext 5242
FAX: 613-599-7777

-Johan A Koppernaes
TEL: 613-599-9199 ext 5817
FAX: 613-599-7777

CST Lab: NVLAP 200996-0

VPX3-685 Secure Routers
(Hardware Versions: Air-Cooled Chassis: VPX3-685-A13014-FC and VPX3-685-A13020-FC; Conduction-Cooled Chassis: VPX3-685-C23014-FC and VPX3-685-C23020-FC; Firmware Version: 2.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/22/2014;
05/22/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #963); Triple-DES (Cert. #758); SHS (Certs. #934 and #1907); HMAC (Cert. #538); RSA (Cert. #1135); DSA (Cert. #713); RNG (Cert. #1111)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The VPX3-685 Secure Routers are used for strong security in the embedded defense and aerospace industries. They support industry standard encryption algorithms used in IPSec/VPN/IKE/PKI and other networking standards. Including H/W accelerated AES bulk encryption."
2084 GOTrust Technology Inc.
10F-1, No.306, Sec. 1, Wenxin Rd., Nantun Dist.
Taichung, Taiwan 408
Republic of China

-Sean Huang
TEL: +886-4-23202525
FAX: +886-4-23202580

CST Lab: NVLAP 200824-0

GO-Trust SDencrypter
(Hardware Versions: GT-3001 with GT-0330; Firmware Versions: 4.1.0.8 with 80023802-33860406 and 80023802-33860506)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 02/22/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1664); HMAC (Cert. #1426); KDF (Cert. #7); RNG (Cert. #999); RSA (Cert. #976); SHS (Cert. #1672); Triple-DES (Cert. #1237)

-Other algorithms: AES (Cert. #1664, key wrapping; key establishment methodology provides 256 bits of encryption strength); AESKW (SP 800-38F, vendor affirmed);

Multi-chip embedded

"SDencrypter is a hardware security module embedded into one microSD. The entire encryption, decryption, key generation process is completed inside the module. Fast íºin-chipí¿ processing, using a high-performance smart card chip, supports streaming voice and media operations. High-assurance protection is provided to keys and sensitive data which are encrypted and stored inside the chip."
2083 FiberLogic Communications, Inc.
5F-3, No.9 Prosperity Road One, Science-Park
Hsinchu, Taiwan 30078
Republic of China

-Jun Tseng
TEL: +886-3-5638889
FAX: +886-3-5638899

CST Lab: NVLAP 200824-0

TS-250
(Hardware Version: 1.0; Firmware Version: 1.0.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/22/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1903); DSA (Cert. #601); HMAC (Cert. #1143); RNG (Certs. #997 and #1000); SHS (Cert. #1673)

-Other algorithms: AES (Cert. #1903, key wrapping); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HRNG

Multi-chip standalone

"The TS-250 can encrypt the high speed network traffic passed through. The module can be configured to encrypt different layer of network traffic, e.g., from Ethernet frame payload or from IP packet payload."
2082 Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku, Tokyo 105-8001
Japan

-Hiroshi Ito
TEL: +81-45-776-5624
FAX: +81-45-776-5624

CST Lab: NVLAP 200822-0

Toshiba Secure TCG Opal SSC and Wipe technology Self-Encrypting Drive (MQ01ABU050BW, MQ01ABU032BW and MQ01ABU025BW)
(Hardware Version: AA; Firmware Version: FN001S)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/13/2014;
04/23/2014
Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2447 and #2448); HMAC (Cert. #1511); SHA (Cert. #2081); DRBG (Cert. #334);

-Other algorithms: NDRNG

Multi-chip embedded

"The Toshiba Secure TCG Opal SSC and Wipe Technology Self-Encrypting Drive is used for hard disk drive data security. This cryptographic module provides various cryptographic services using FIPS approved algorithms. Services are provided through an industry-standard TCG Opal SSC and the Toshiba Wipe Technology. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA ranges, host device authentication and secure automatic data invalidation. The last two services are provided by the Toshiba Wipe Technology."
2081 Dispersive Solutions, Inc.
4501 Singer Court
Suite 220
Chantilly, VA 20151
USA

-Carolyn O¦Neill Griffin
TEL: 703-209-7458

CST Lab: NVLAP 200556-0

V2VNet Common Crypto Module
(Software Version: 1.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/22/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755; CentOS 6.3 on a Dell OptiPlex 755; Mac OS X 10.8 on a MacBook Air (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"V2VNet Common Crypto Module provides cryptographic functions for Dispersive Solutions V2VNet Server Edition, a scalable solution allowing clients to communicate directly with other clients, and securely route voice, video and data communications."
2080 Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0

CN6000 Series Encryptors
(Hardware Versions: CN6040 Series: A6040B [O] (AC), A6040B [Y] (AC), A6041B [O] (DC), A6041B [Y] (DC), A6042B [O] (AC/DC) and A6042B [Y] (AC/DC); CN6100 Series: A6100B [O] (AC), A6100B [Y] (AC), A6101B [O] (DC), A6101B [Y] (DC), A6102B [O] (AC/DC) and A6102B [Y] (AC/DC); Firmware Version: 2.3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 02/10/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2582, #2583, #2584 and #2586); Triple-DES (Cert. #1562); RSA (Cert. #1324); SHS (Cert. #2177); HMAC (Cert. #1601); DRBG (Cert. #391); CVL (Cert. #113)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN6000 Series Encryptor is a high-speed standards based hardware encryption platform designed to secure data transmitted over optical and twisted-pair Ethernet and optical Fibre Channel networks. Two models are validated: the CN6100 10G Ethernet Encryptor operating at a line rate of 10Gb/s and the CN6040, a protocol selectable model operating at data rates up to 4Gb/s. Configured in Ethernet mode the CN6040 model supports rates of 10Mb/s, 100Mb/s & 1Gb/s and in Fibre Channel mode supports rates of 1.0625, 2.125 & 4.25Gb/s. Data privacy is provided by FIPS approved AES algorithms."
2079 Hewlett Packard Development Company, L.P.
Survey No.192, Whitefield Road,
Mahadevapura Post
Bangalore, Karnataka 560 048
India

-Rahul Philip Mampallil
TEL: +91 80 33841568

-Karthik Bhagawan
TEL: +91 80 25166873
FAX: +91 80 28533522

CST Lab: NVLAP 200928-0

HP-UX Kernel Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode; The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/07/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with HP-UX 11i v3 running on an HP Integrity BL860c i2 server blade (single user mode)

-FIPS Approved algorithms: AES (Cert. #2488); SHS (Cert. #2106); HMAC (Cert. #1530); DRBG (Cert. #346); RSA (Cert. #1277)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"HP-UX Kernel Crypto Module (HP-UX KCM) is a kernel-space crypto engine in the HP-UX operating system containing core cryptographic algorithms and operations in a single shared library. It implements asymmetric, symmetric, and digest operations that are used by HP-UX security solutions. HP-UX KCM is available on HP-UX 11i v3 operating system on the HP Integrity Platform (IA-64)."
2078 Dolby Laboratories, Inc.
100 Potrero Ave.
San Francisco, CA 94103
USA

-Marvin Pribadi
TEL: 415-645-5185
FAX: 415-645-4000

CST Lab: NVLAP 100432-0

CAT904 Dolby® JPEG 2000/MPEG-2 Processor
(Hardware Versions: P/N CAT904Z Revisions FIPS_1.0, FIPS_1.0.1, FIPS_1.0.2 and FIPS_1.1; Firmware Version: 1.3.4.21)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/06/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #519, #520 and #1067); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650); RSA (Cert. #233); SHS (Certs. #592 and #1086)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TLS KDF

Multi-chip embedded

"The CAT904 Dolby® JPEG 2000/MPEG-2 Processor performs all the cryptography, license management, and video decoding functions for the DSP100 Dolby Show Player, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality, outstanding reliability, and the highest level of security in the business. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets other key DCI specifications for security, data rate, and storage capacity."
2077 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0

Oracle Solaris Userland Cryptographic Framework
(Software Versions: 1.0 and 1.1)

(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/06/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Oracle Solaris 11.1 running on a M3000 Enterprise Server; Oracle Solaris 11.1 running on a Sun Server X3-2 with AES-NI; Oracle Solaris 11.1 running on a Sun Server X3-2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2308 and #2569); Triple-DES (Certs. #1455 and #1556); RSA (Certs. #1191 and #1317); DSA (Certs. #726 and #785); ECDSA (Certs. #373 and #443); SHS (Certs. #1992 and #2165); HMAC (Certs. #1422 and #1586); RNG (Certs. #1150 and #1221)

-Other algorithms: AES-XCBC-MAC (non-compliant); SHA-512/224 (non-compliant); SHA-512/256 (non-compliant); MD4; MD5; RC4; DES; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Oracle Solaris OS utilizes the Oracle Solaris Userland Cryptographic Framework module for cryptographic functionality for any applications running in user space. It exposes PKCS#11 APIs, uCrypto APIs, and libmd public interfaces to provide cryptography to any application designed to utilize them."
2076 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0

Oracle Solaris Userland Cryptographic Framework with SPARC T4 and SPARC T5
(Hardware Versions: 527-1437-01 and 7043165; Software Versions: 1.0 and 1.1)

(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 02/06/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Oracle Solaris 11.1 running on a SPARC T4-1 Server; Oracle Solaris 11.1 running on a SPARC T5-2 Server (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2310 and #2572); Triple-DES (Cert. #1457 and #1558); RSA (Cert. #1193 and #1319); DSA (Cert. #727 and #787); ECDSA (Cert. #375 and #444); SHS (Cert. #1994); HMAC (Cert. #1424 and #1594); RNG (Cert. #1153 and #1224)

-Other algorithms: AES-XCBC-MAC (non-compliant); SHA-512/224 (non-compliant); SHA-512/256 (non-compliant); MD4; MD5; RC4; DES; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Oracle Solaris OS utilizes two cryptographic modules; one in the Userland space and the second in the Kernel space. The OS uses the Oracle Solaris Userland Cryptographic Framework module for cryptographic functionality for any applications running in user space. It exposes PKCS#11 APIs, uCrypto APIs, and libmd public interfaces to provide cryptography to any application designed to utilize them. The module includes the SPARC T4 and SPARC T5 processor special instruction sets for hardware-accelerated cryptography."
2075 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL, WS-SUP720-3B, VS-S720-10G-3C or VS-S720-10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K9=, WS-SVC-WISM2-5-K9=, WS-SVC-WISM2-3-K9=, WS-SVC-WISM2-1-K9=, WS-SVC-WISM2-5-K9, WS-SVC-WISM2-3-K9 or WS-SVC-WISM2-1-K9]; Firmware Version: Supervisor Blade: Cisco IOS Release 12.2.33SXJ, Cisco IOS Release 12.2.33SXJ1 or Cisco IOS Release 12.2.33SXJ2; WiSM2: 7.0.240.0 or 7.0.250.0)

(When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/29/2014;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1347, #1348 and #2330); HMAC (Certs. #785, #786 and #787); RNG (Cert. #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1230 and #2014); Triple-DES (Cert. #935); DRBG (Cert. #289)

-Other algorithms: AES (Cert. #2330, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); FIPS 186-2 RNG (Cert. #741); NDRNG; RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
2074 ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009
USA

-David Schmolke
TEL: 760-476-2461
FAX: 760-476-4110

-Richard Quintana
TEL: 760-476-2481
FAX: 760-476-4110

CST Lab: NVLAP 100432-0

Embeddable Security System (ES-1200)
(Hardware Version: P/N 1174941, Rev. 001; Firmware Version: 1.0.7)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/22/2014;
03/12/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2633, #2634 and #2635); DRBG (Cert. #406); SHS (Cert. #2207)

-Other algorithms: NDRNG

Multi-chip embedded

"The ES-1200 is a low cost, size, weight & power multichip programmable embedded cryptographic module. It provides encryption and decryption services, plaintext bypass, key management, and PIN-based access control. The ES-1200 is intended for use in environments where FIPS 140-2 Level 2 cryptographic products are required. Typical applications are military Transmission Security (TRANSEC), Communications Security (COMSEC), and Data-At-Rest (DAR) using Suite B cryptography."
2073 GoldKey Security Corporation
26900 E Pink Hill Road
Independence, MO 64057
USA

-GoldKey Sales & Customer Service
TEL: 816-220-3000
FAX: 419-301-3208

-Jon Thomas
TEL: 567-270-3830
FAX: 419-301-3208

CST Lab: NVLAP 200658-0

GoldKey Security Token Cryptographic Module
(Hardware Version: IC USB-CONTROLLER-2LF; Firmware Version: 7.12)

(When operated in FIPS mode with Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/29/2014 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2347); SHS (Cert. #2024); DRBG (Cert. #297); Triple-DES (Cert. #1470); EC Diffie-Hellman (CVL Cert. #54, key agreement); RSA (Cert. #1210); RSA (CVL Cert. #54, signature primitive); ECDSA (Cert. #384)

-Other algorithms: N/A

Single-chip

"Provides cryptographic algorithm implementation for GoldKey Products"
2072 Chunghwa Telecom Co., Ltd.
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886 3 424 4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0

HiCOS PKI Native Smart Card Cryptographic Module
(Hardware Version: RS45C; Firmware Version: HardMask: 2.2 and SoftMask: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/29/2014 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1419); Triple-DES MAC (Triple-DES Cert. #1419, vendor affirmed); SHS (Cert. #1953); RSA (Cert. #1165); DRBG (Cert. #280)

-Other algorithms: NDRNG; Triple-DES (Cert. #1419, key wrapping; key establishment methodology provides 112-bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate."
2071 Fujitsu limited
4-1-1 Kamikodanaka
Nakahara-ku
Kawasaki, Kanagawa 211-8588
Japan

-Eugene Owens
TEL: 408-746-6486
FAX: 408-746-8016

-Hiroyuki Miura

CST Lab: NVLAP 200822-0

ETERNUS DX400/DX8000 Controller Module
(Firmware Version: V20L80-1000)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 01/24/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Tested: ETERNUS DX410 with VxWorks 6.3; ETERNUS DX8400 with VxWorks 6.3

-FIPS Approved algorithms: AES (Cert. #2542); RNG (Cert. #1207); SHS (Cert. #2142)

-Other algorithms: Fujitsu Original Encryption (Encryption/Decryption); AES (Cert. #2542, key wrapping)

Multi-chip embedded

"ETERNUS DX400/DX8000 Controller Module is a module which manages the whole disk storage system. In order to prevent a data leakage by removal of disks, the disk encryption mechanism encrypts data on the disks. This encryption function is valid if the Disk Encryption mechanism is activated through GUI."
2070 API Technologies Corp.
4705 S. Apopka Vineland Road
Suite 210
Orlando, FL 32819
USA

-Henry Gold
TEL: 855-294-3800

CST Lab: NVLAP 200556-0

Common Crypto Module for PRIISMS, PRIISMS RD, SA5600-IA and NetGard MFD
(Software Version: 1.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/24/2014;
04/23/2014
Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755; CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Common Crypto Module for PRIISMS, PRIISMS RD, SA5600-IA, and NetGard MFD is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions and features robust algorithm support, including Suite B algorithms."


Need Assistance?