CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016
All

Last Update: 5/25/2016)

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Val.
Date
Level / Description
2304Accellion, Inc.
1804 Embarcadero Road
Suite 200
Palo Alto, CA 94303
USA

Prateek Jain
TEL: +65-6244-5670
FAX: +65-6244-5678

CST Lab: NVLAP 100432-0
Accellion kiteworks Cryptographic Module
(Software Version: KWLIB_1_0_1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/24/2014Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with CentOS 6.4 on VMware ESXi 5.1.0 running on a Dell Inc. PowerEdge R320 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2850); CVL (Cert. #286); DRBG (Cert. #503); HMAC (Certs. #1790 and #1791); RSA (Cert. #1492); SHS (Certs. #2392 and #2393); Triple-DES (Cert. #1703)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; AES (non-compliant); DRBG (non-compliant); DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); Diffie-Hellman; adler32; Blowfish; CAMELLIA; CAST5; crc32; crc32b; DES; DESX; fnv132; fnv164; gost; haval; IDEA; joaat; MDC2; MD2; MD4; MD5; RC2; RC4; RC4-HMAC-MD5; RIPEMD; SEED; snefru; snefru256; SSLeay; Tiger; Whirlpool; rand(); mtrand()

Multi-chip standalone

"Accellion kiteworks Cryptographic Module is a key component of Accellion's kiteworks product that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use."
2303Oberthur Technologies
402 rue d'Estienne d'Orves
Colombes 92700
France

Christophe Goyet
TEL: 703-322-8951
FAX: n/a

Said Boukyoud
TEL: +33-1-78-14-72-58
FAX: +33-1-78-14-70-20

CST Lab: NVLAP 100432-0
ID-One PIV-C on Cosmo V8
(Hardware Version: '0F'; Firmware Version: '5601'; Firmware Extension: '082371' with ID-One PIV Applet Suite 2.3.5)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/24/2014Overall Level: 3

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Certs. #2910 and #2911); CVL (Cert. #336); DRBG (Cert. #537); ECDSA (Cert. #526); KAS (Cert. #48); KBKDF (Cert. #33); RSA (Certs. #1531 and #1532); SHS (Certs. #2449 and #2450); Triple-DES (Cert. #1727)

-Other algorithms: TRNG; AES (Cert. #2910, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"ID-One Cosmo V8 is a dual interface (ISO 7816 & ISO 14443) smartcard hardware platform compliant with Javacard 3.0.1 and GlobalPlatform 2.2.1 chip with Built-in PIV application, Opacity Secure messaging and fingerprint On-Card-Comparison (OCC)."
2301Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
IOS Common Cryptographic Module (IC2M)
(Firmware Version: Rel 3(1.5.2))
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware12/18/2014
06/12/2015
Overall Level: 1

-Mitigation of Other Attacks: N/A

-Tested: Cisco ASR1K 1NG, Cisco ISR 4451-X, Cisco ISR 4441, Cisco ASR1K RP2 and Cisco ASR1K 2KP (kingpin) with processor Intel Xeon on IOS XE3.10
Cisco ISR 3925E and Cisco ISR 3945E with processor Intel Xeon on IOS 15.3
Cisco ASR1K RP1 with processor Freescale SC8548H on IOS XE3.10
Cisco ISR c2951, Cisco ISR c3925 and Cisco ISR c3945 with processor Freescale 8752E on IOS 15.3
Cisco ISR 1921 with processor Cavium CN5020 on IOS 15.3
Cisco ISR 1941 and Cisco ISR 2900 with processor Cavium CN5220 on IOS 15.3
Cisco Catalyst 4K with processor MPC8572C on IOS XE 3.6
Cisco Catalyst 3750x and Cisco Catalyst 3560x with processor Power-PC 405 on IOS 15.2
Cisco Catalyst 3650 with processor AMCC PowerPC 405EX on IOS XE3.6
Cisco Catalyst 2960 with processor Cavium CN5230 on IOS 15.2

-FIPS Approved algorithms: AES (Certs. #2783 and #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Cert. #1764); RSA (Cert. #1471); SHS (Certs. #2338 and #2361); Triple-DES (Certs. #1670, #1671 and #1688)

-Other algorithms: DES; Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD2; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); SEAL

Multi-chip standalone

"The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols."
2300RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE® Crypto-C Micro Edition
(Software Versions: 4.1 [1], 4.1.0.1 [2] and 4.1.2 [3])
(When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/16/2014
12/21/2015
01/19/2016
01/22/2016
02/12/2016
Overall Level: 1

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3


-Operational Environment: Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without AES-NI [1]
Windows Server 2003 Enterprise R2 running on an Intel Mahobay with AES-NI [1]
Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without AES-NI [1]
Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with AES-NI [1]
Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without AES-NI [1]
Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with AES-NI [1]
Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without AES-NI [1]
Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with AES-NI [1]
Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without AES-NI [1]
Windows Server 2008 Enterprise R2 running on an Intel Mahobay with AES-NI [1]
Windows 7 Enterprise SP1 running on an Intel Mahobay without AES-NI [1]
Windows 7 Enterprise SP1 running on an Intel Mahobay with AES-NI [1]
Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1]
Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1][3]
Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without AES-NI [1]
Windows Server 2003 Enterprise R2 on ESX 5.1 running on a Dell M610 with AES-NI [1]
Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without AES-NI [1]
Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with AES-NI [1]
Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without AES-NI [1]
Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with AES-NI [1]
Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without AES-NI [1]
Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with AES-NI [1]
Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without AES-NI [1]
Windows Server 2008 Enterprise R2 running on an Intel Mahobay with AES-NI [1]
Windows 7 Enterprise SP1 running on an Intel Mahobay without AES-NI [1]
Windows 7 Enterprise SP1 running on an Intel Mahobay with AES-NI [1]
Windows Server 2012 R2 Standard running on a Compaq Pro 6305 without AES-NI [1]
Windows Server 2012 R2 Standard running on a Compaq Pro 6305 with AES-NI [1]
Windows 8.1 Enterprise running on an Intel Mahobay without AES-NI [1]
Windows 8.1 Enterprise running on an Intel Mahobay with AES-NI [1]
Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1]
Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1]
Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without AES-NI [1]
Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with AES-NI [1]
Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without AES-NI [1]
Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with AES-NI [1]
Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without AES-NI [1]
Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with AES-NI [1]
SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 without AES-NI [1]
SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 with AES-NI [1]
Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without AES-NI [1]
Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with AES-NI [1]
SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 without AES-NI [1]
SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 with AES-NI [1]
Red Hat Enterprise Linux 5.5 running on a Server HP RX 2620 [1]
Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1]
SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1]
Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1]
SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1]
FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 without AES-NI [1]
FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 with AES-NI [1]
Mac OS X 10.8 running on an Apple MacBook6,1 without AES-NI [1]
Mac OS X 10.8 running on an Apple Mac Pro 5.1 with AES-NI [1]
Solaris 10 running on a Oracle SPARC T4-2 [1][3]
Solaris 11 running on a Oracle SPARC T4-2 [1][3]
Solaris 11 running on a Oracle SPARC Enterprise T5120 [1][3]
Solaris 11 running on a Oracle SPARC T4-2 without T4 accelerator [1][3]
Solaris 11 running on a Oracle SPARC T4-2 with T4 accelerator [1][3]
Solaris 10 on ESXi 4.1 running on a Dell M610 without AES-NI [1]
Solaris 10 on ESXi 4.1 running on a Dell M610 with AES-NI [1]
Solaris 10 running on a Oracle Sun Fire X2100 without AES-NI [1]
Solaris 10 running on a Oracle Sun Fire X2100 with AES-NI [1]
HPUX 11.31 running on a HP 9000/800/RP3410 [1][3]
HPUX 11.31 running on a HP 9000/800/RP3410 [1][3]
HPUX 11.31 running on a HP RX2620 [1][3]
HPUX 11.31 running on a HP RX2620 [1][3]
AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3]
AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3]
AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3]
AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3]
Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1]
Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1]
Ubuntu 12.04 LTS running on a Beagle dev board [1][3]
Fedora Core 17 running on a Beagle dev board [1]
Android 4.0.3 running on a Motorola RAZR I [1]
Android 2.3.6 running on a Samsung Galaxy S2 [1]
Android 4.1.2 running on a Google Nexus 7
iOS 7.1 running on an Apple iPad 3 [1]
iOS 7.1 running on an Apple iPad 4 [1]
VxWorks 6.4 running on a MVME6100 [1][3]
VxWorks 6.7 running on a MVME6100 [1][3]
VxWorks 6.8 running on a MX31 Lite Kit [1][3]
Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Windows Server 2012 Standard R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Windows 8 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Windows Server 2012 Standard R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Windows 8 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Windows 10 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Windows 10 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Red Hat Enterprise Linux 5.11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Red Hat Enterprise Linux 5.11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Red Hat Enterprise Linux 6.7 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Red Hat Enterprise Linux 6.7 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Red Hat Enterprise Linux 7.1 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Red Hat Enterprise Linux 7.1 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
SUSE Linux Enterprise Server 11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
SUSE Linux Enterprise Server 11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
SUSE Linux Enterprise Server 12 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
SUSE Linux Enterprise Server 12 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Red Hat Enterprise Linux 5.11 running on a HP Integrity RX2620 [3]
Red Hat Enterprise Linux 5.11 on PowerVM 2.2 running on an IBM 8231-E2B [3]
SUSE Linux Enterprise Server 11 on PowerVM 2.2 running on an IBM 8231-E2B [3]
FreeBSD 10.2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
FreeBSD 10.2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Mac OSX 10.10 on vCenter SUSE 11 running on a Mac Pro 6.10 without AES-NI [3]
Mac OSX 10.10 on vCenter SUSE 11 running on a Mac Pro 6.10 with AES-NI [3]
Solaris 10 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Solaris 10 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Red Hat Enterprise Linux 5.11 on z/VM 6.2 running on a IBM s390x [3]
Fedora Core 20 running on a Wandboard Quad [3]
Fedora Core 22 running on an AMD Seattle A0 Overdrive Development System [3]
Android 4.1 running on a Motorola RAZR I [3]
Android 4.4 running on a Google Nexus 7 Tablet [3]
Android 5.1 running on a Google Nexus 5 [3]
Android 5.1 running on a Google Nexus 9 Tablet [3]
CentOS 6.6 running on a Dell R730xd [3]
Linaro Linux 3.10.68 running on a Fujitsu MB86S72 [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2859, #3596 and #3767); CVL (Certs. #296, #297, #298, #299, #300, #618, #619, #620, #621, #622, #714, #715, #716, #717 and #740); DRBG (Certs. #1037, #507 and #931); DSA (Certs. #1047, #858 and #999); ECDSA (Certs. #507, #733 and #810); HMAC (Certs. #1799, #2293 and #2467); PBKDF (vendor affirmed); RSA (Certs. #1499, #1850 and #1938); SHS (Certs. #2402, #2958 and #3137); Triple-DES (Certs. #1706, #2003 and #2095)

-Other algorithms: AES (non-compliant); Camellia; DES; DESX; DES40; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECAES (non-compliant); ECIES; GOST; HMAC MD5; MD2; MD4; MD5; NDRNG; RC2; RC4; RC5; RNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2299

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/15/2014
03/20/2015
Overall Level: 2

Multi-chip embedded
2295Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones, 6510 FC Switch, 6520 FC Switch and 7800 Extension Switch
(Hardware Versions: {[DCX Backbone (P/Ns 80-1001064-10, 80-1006751-01, 80-1004920-04 and 80-1006752-01), DCX-4S Backbone (P/Ns 80-1002071-10, 80-1006773-01, 80-1002066-10 and 80-1006772-01), DCX 8510-4 Backbone (P/Ns 80-1004697-04, 80-1006963-01, 80-1005158-04 and 80-1006964-01), DCX 8510-8 Backbone (P/Ns 80-1004917-04 and 80-1007025-01)] with Blades (P/Ns 80-1001070-07, 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1006771-01, 80-1001071-02, 80-1006750-01, 80-1005166-02, 80-1005187-02, 80-1001066-01, 80-1006936-01, 80-1001067-01, 80-1006779-01, 80-1001453-01, 80-1006823-01, 80-1003887-01, 80-1007000-01, 80-1002762-04, 80-1006991-01, 80-1002839-03, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05), 6510 FC Switch (P/Ns 80-1005232-03, 80-1005267-03, 80-1005268-03, 80-1005269-03, 80-1005271-03 and 80-1005272-03), 6520 FC Switch (P/Ns 80-1007245-03, 80-1007246-03, 80-1007242-03, 80-1007244-03, 80-1007257-03), 7800 Extension Switch (P/Ns 80-1002607-07, 80-1006977-02, 80-1002608-07, 80-1006980-02, 80-1002609-07 and 80-1006979-02)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.2.0 (P/N 63-1001405-01))
(When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/12/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: SHS (Certs. #749 and #1408); RSA (Certs. #1048, #1049, #1279 and #1281)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength; non-compliant); SNMPv3 KDF (non-compliant); HMAC-MD5; NDRNG; TLSv1.0 KDF (non-compliant); SSHv2 KDF (non-compliant); MD5; RADIUS PEAP MS-CHAP V2; AES (non-compliant); HMAC (non-compliant); RNG (non-compliant); Triple-DES (non-compliant); RSA (non-compliant); BF; CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; MD5; RMD160; ARCFOUR BLOWFISH-CBC; CAST128; UMAC-64; HMAC-RIPEMD160; HMAC-SHA-1-96; HMAC-MD5-96

Multi-chip standalone

"The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
2294RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE® Crypto-C Micro Edition
(Software Versions: 4.1 [1], 4.1.0.1 [2] and 4.1.2 [3])
(When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/12/2014
12/21/2015
01/19/2016
01/22/2016
02/12/2016
Overall Level: 1

-Cryptographic Module Specification: Level 3
-Physical Security: N/A
-Design Assurance: Level 3


-Operational Environment: Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without AES-NI [1]
Windows Server 2003 Enterprise R2 running on an Intel Mahobay with AES-NI [1]
Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without AES-NI [1]
Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with AES-NI [1]
Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without AES-NI [1]
Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with AES-NI [1]
Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without AES-NI [1]
Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with AES-NI [1]
Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without AES-NI [1]
Windows Server 2008 Enterprise R2 running on an Intel Mahobay with AES-NI [1]
Windows 7 Enterprise SP1 running on an Intel Mahobay without AES-NI [1]
Windows 7 Enterprise SP1 running on an Intel Mahobay with AES-NI [1]
Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1]
Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1][3]
Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without AES-NI [1]
Windows Server 2003 Enterprise R2 on ESX 5.1 running on a Dell M610 with AES-NI [1]
Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without AES-NI [1]
Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with AES-NI [1]
Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without AES-NI [1]
Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with AES-NI [1]
Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without AES-NI [1]
Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with AES-NI [1]
Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without AES-NI [1]
Windows Server 2008 Enterprise R2 running on an Intel Mahobay with AES-NI [1]
Windows 7 Enterprise SP1 running on an Intel Mahobay without AES-NI [1]
Windows 7 Enterprise SP1 running on an Intel Mahobay with AES-NI [1]
Windows Server 2012 R2 Standard running on a Compaq Pro 6305 without AES-NI [1]
Windows Server 2012 R2 Standard running on a Compaq Pro 6305 with AES-NI [1]
Windows 8.1 Enterprise running on an Intel Mahobay without AES-NI [1]
Windows 8.1 Enterprise running on an Intel Mahobay with AES-NI [1]
Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1]
Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1]
Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without AES-NI [1]
Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with AES-NI [1]
Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without AES-NI [1]
Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with AES-NI [1]
Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without AES-NI [1]
Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with AES-NI [1]
SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 without AES-NI [1]
SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 with AES-NI [1]
Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without AES-NI [1]
Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with AES-NI [1]
SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 without AES-NI [1]
SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 with AES-NI [1]
Red Hat Enterprise Linux 5.5 running on a Server HP RX 2620 [1]
Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1]
SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1]
Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1]
SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1]
FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 without AES-NI [1]
FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 with AES-NI [1]
Mac OS X 10.8 running on an Apple MacBook6,1 without AES-NI [1]
Mac OS X 10.8 running on an Apple Mac Pro 5.1 with AES-NI [1]
Solaris 10 running on a Oracle SPARC T4-2 [1][3]
Solaris 11 running on a Oracle SPARC T4-2 [1][3]
Solaris 11 running on a Oracle SPARC Enterprise T5120 [1][3]
Solaris 11 running on a Oracle SPARC T4-2 without T4 accelerator [1][3]
Solaris 11 running on a Oracle SPARC T4-2 with T4 accelerator [1][3]
Solaris 10 on ESXi 4.1 running on a Dell M610 without AES-NI [1]
Solaris 10 on ESXi 4.1 running on a Dell M610 with AES-NI [1]
Solaris 10 running on a Oracle Sun Fire X2100 without AES-NI [1]
Solaris 10 running on a Oracle Sun Fire X2100 with AES-NI [1]
HPUX 11.31 running on a HP 9000/800/RP3410 [1][3]
HPUX 11.31 running on a HP 9000/800/RP3410 [1][3]
HPUX 11.31 running on a HP RX2620 [1][3]
HPUX 11.31 running on a HP RX2620 [1][3]
AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3]
AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3]
AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3]
AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3]
Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1]
Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1]
Ubuntu 12.04 LTS running on a Beagle dev board [1][3]
Fedora Core 17 running on a Beagle dev board [1]
Android 4.0.3 running on a Motorola RAZR I [1]
Android 2.3.6 running on a Samsung Galaxy S2 [1]
Android 4.1.2 running on a Google Nexus 7
iOS 7.1 running on an Apple iPad 3 [1]
iOS 7.1 running on an Apple iPad 4 [1]
VxWorks 6.4 running on a MVME6100 [1][3]
VxWorks 6.7 running on a MVME6100 [1][3]
VxWorks 6.8 running on a MX31 Lite Kit [1][3]
Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Windows Server 2012 Standard R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Windows 8 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Windows Server 2012 Standard R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Windows 8 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Windows 10 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Windows 10 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Red Hat Enterprise Linux 5.11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Red Hat Enterprise Linux 5.11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Red Hat Enterprise Linux 6.7 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Red Hat Enterprise Linux 6.7 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Red Hat Enterprise Linux 7.1 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Red Hat Enterprise Linux 7.1 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
SUSE Linux Enterprise Server 11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
SUSE Linux Enterprise Server 11 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
SUSE Linux Enterprise Server 12 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
SUSE Linux Enterprise Server 12 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Red Hat Enterprise Linux 5.11 running on a HP Integrity RX2620 [3]
Red Hat Enterprise Linux 5.11 on PowerVM 2.2 running on an IBM 8231-E2B [3]
SUSE Linux Enterprise Server 11 on PowerVM 2.2 running on an IBM 8231-E2B [3]
FreeBSD 10.2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
FreeBSD 10.2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Mac OSX 10.10 on vCenter SUSE 11 running on a Mac Pro 6.10 without AES-NI [3]
Mac OSX 10.10 on vCenter SUSE 11 running on a Mac Pro 6.10 with AES-NI [3]
Solaris 10 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without AES-NI [3]
Solaris 10 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with AES-NI [3]
Red Hat Enterprise Linux 5.11 on z/VM 6.2 running on a IBM s390x [3]
Fedora Core 20 running on a Wandboard Quad [3]
Fedora Core 22 running on an AMD Seattle A0 Overdrive Development System [3]
Android 4.1 running on a Motorola RAZR I [3]
Android 4.4 running on a Google Nexus 7 Tablet [3]
Android 5.1 running on a Google Nexus 5 [3]
Android 5.1 running on a Google Nexus 9 Tablet [3]
CentOS 6.6 running on a Dell R730xd [3]
Linaro Linux 3.10.68 running on a Fujitsu MB86S72 [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2859 [1], #3596 [3] and #3767 [2]); CVL (Certs. #296 [1], #297 [1], #298 [1], #299 [1], #300 [1], #618 [3], #619 [3], #620 [3], #621 [3], #622 [3], #714 [2], #715 [2], #716 [2], #717 [2] and #740 [2]); DRBG (Certs. #507 [1], #931 [3] and #1037 [2]); DSA (Certs. #858 [1], #999 [3] and #1047 [2]); ECDSA (Certs. #507 [1], #733 [3] and #810 [2]); HMAC (Certs. #1799 [1], #2293 [3] and #2467 [2]); PBKDF (vendor affirmed); RSA (Certs. #1499 [1], #1850 [3] and #1938 [2]); SHS (Certs. #2402 [1], #2958 [3] and #3137 [2]); Triple-DES (Certs. #1706 [1], #2003 [3] and #2095 [2])

-Other algorithms: AES (non-compliant); Camellia; DES; DESX; DES40; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECAES (non-compliant); ECIES; GOST; HMAC MD5; MD2; MD4; MD5; NDRNG; RC2; RC4; RC5; RNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2291Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

Monty Forehand
TEL: 720-684-2835
FAX: 720-684-2733

CST Lab: NVLAP 100432-0
Seagate Secure® TCG Opal SSC Self-Encrypting Drive FIPS 140-2 Module
(Hardware Versions: P/Ns 1HN162 and 1M2162; Firmware Versions: 0002SDM7, 0002LIM7 and 0002SED7)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/10/2014Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1343, #2803, #2804 and #2947); SHS (Certs. #1225 and #2352); DRBG (Cert. #62); RSA (Cert. #650); HMAC (Cert. #1597); PBKDF (vendor affirmed)

-Other algorithms: NDRNG

Multi-chip embedded

"The Seagate Secure® TCG Opal SSC Self-Encrypting Drive FIPS 140-2 Module is embedded in Seagate Momentus® Thin Self-Encrypting Drives (SEDs). The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
2290Green Hills Software
30 West Sola Street
Santa Barbara, CA 93101
USA

David Sequino
TEL: 206-310-6795
FAX: 978-383-0560

Douglas Kovach
TEL: 727-781-4909
FAX: 727-781-2915

CST Lab: NVLAP 100432-0
INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit
(Software Version: 2.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/08/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Green Hills Software INTEGRITY Multivisor v4 for ARM running on a Samsung Galaxy Note II (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2745, #2748, #2749, #2750 and #2753); CVL (Cert. #185); DRBG (Cert. #464); ECDSA (Cert. #482); HMAC (Cert. #1724); RSA (Cert. #1441); SHS (Cert. #2319); PBKDF (vendor affirmed)

-Other algorithms: AES (Cert. #2745, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (encrypt/decrypt); Diffie-Hellman; EC Diffie-Hellman; Triple-DES (non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"Green Hills Software ISS ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems."
2286Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® MLXe®, Brocade® NetIron® CER 2000 Ethernet Routers and Brocade CES 2000 Routers and Switches
(Hardware Versions: {[BR-MLXE-4-MR-M-AC (P/N: 80-1006853-01), BR-MLXE-4-MR-M-DC (P/N: 80-1006854-01), BR-MLXE-8-MR-M-AC (P/N: 80-1004809-04), BR-MLXE-8-MR-M-DC (P/N: 80-1004811-04), BR-MLXE-16-MR-M-AC (P/N: 80-1006820-02), BR-MLXE-16-MR-M-DC (P/N: 80-1006822-02), BR-MLXE-4-MR2-M-AC (P/N: 80-1006870-01), BR-MLXE-4-MR2-M-DC (P/N: 80-1006872-01), BR-MLXE-8-MR2-M-AC (P/N: 80-1007225-01), BR-MLXE-8-MR2-M-DC (P/N: 80-1007226-01), BR-MLXE-16-MR2-M-AC (P/N: 80-1006827-02), BR-MLXE-16-MR2-M-DC (P/N: 80-1006828-02)] with Component P/Ns 80-1006778-01, 80-1005643-01, 80-1003891-02, 80-1002983-01,80-1003971-01,80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01,80-1004113-01,80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, NI-CER-2048F-ADVPREM-AC (P/N: 80-1003769-07), NI-CER-2048F-ADVPREM-DC (P/N: 80-1003770-08), NI-CER-2048FX-ADVPREM-AC (P/N: 80-1003771-07), NI-CER-2048FX-ADVPREM-DC (P/N: 80-1003772-08), NI-CER-2024F-ADVPREM-AC (P/N: 80-1006902-02), NI-CER-2024F-ADVPREM-DC (P/N: 80-1006904-02), NI-CER-2024C-ADVPREM-AC (P/N: 80-1007032-02), NI-CER-2024C-ADVPREM-DC (P/N: 80-1007034-02), NI-CER-2048C-ADVPREM-AC (P/N: 80-1007039-02), NI-CER-2048C-ADVPREM-DC (P/N: 80-1007040-02), NI-CER-2048CX-ADVPREM-AC (P/N: 80-1007041-02), NI-CER-2048CX-ADVPREM-DC (P/N: 80-1007042-02), BR-CER-2024F-4X-RT-DC (P/N: 80-1007212-01), BR-CER-2024C-4X-RT-DC (P/N: 80-1007213-01), BR-CER-2024F-4X-RT-AC (P/N: 80-1006529-01), BR-CER-2024C-4X-RT-AC (P/N: 80-1006530-01), NI-CER-2024-2X10G (P/N: 80-1003719-03), BR-CES-2024C-4X-AC (P/N: 80-1000077-01), BR-CES-2024C-4X-DC (P/N: 80-1007215-01), BR-CES-2024F-4X-AC (P/N: 80-1000037-01), BR-CES-2024F-4X-DC (P/N: 80-1007214-01), RPS9 (P/N: 80-1003868-01) and RPS9DC (P/N: 80-1003869-02) } with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.6.00aa)
(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8, 13 and 17 as defined in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/03/2014Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1632, #1633 and #1634); AES (Certs. #2715, #2716 and #2717); DSA (Certs. #832, #833 and #834); SHS (Certs. #2280, #2281 and #2282); RSA (Certs. #1411, #1412 and #1413); HMAC (Certs. #1694, #1695 and #1696); DRBG (Certs. #452, #453 and #454); CVL (Certs. #173, #174 and #175)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SNMPv3 KDF (non-compliant); NDRNG; HMAC-MD5; MD5; RC2; RC4; DES; MD2

Multi-chip standalone

"The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. The Brocade MLXe Series routers feature industry-leading 100 Gigabit Ethernet (GbE), 10 GbE, and 1 GbE wire-speed density."
2284whiteCryption Corporation
920 Stewart Drive
Suite #100
Sunnyvale, CA 94085
USA

Dan Zenchelsky
TEL: 408-616-1600
FAX: 408-616-1626

CST Lab: NVLAP 100432-0
whiteCryption Secure Key Box 4.6.0 Crypto Module
(Software Version: 4.6.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/03/2014Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Android 4.2.2 running on a Google Nexus Phone (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2451, #2452, #2453, #2454, #2455, #2456, #2457, #2458, #2459, #2460, #2461, #2462, #2463, #2464, #2465, #2466, #2467, #2470 and #2471); CVL (Certs. #79, #80, #83, #84 and #94); DRBG (Cert. #335); ECDSA (Certs. #403 and #404); HMAC (Certs. #1516 and #1517); KBKDF (Cert. #11); RSA (Cert. #1263); SHS (Certs. #2084, #2085, #2086, #2087, #2088, #2089 and #2090)

-Other algorithms: RSA (non-compliant)

Multi-chip standalone

"whiteCryption Secure Key Box (SKB) is a C/C++ library that provides cryptographic algorithms. SKB's unique white-box implementation is specifically designed to hide and protect cryptographic keys at all times. It allows safe deployment in insecure environments."
2282Infotecs
41 Madison Avenue
New York, NY 10010
USA

Andrey Krasikov
TEL: 678-431-9502

Andrew Mikhaylov
TEL: +7 495 737 6192 x5277
FAX: +7 495 737 7278

CST Lab: NVLAP 200928-0
ViPNet Common Crypto Core
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 9)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/14/2014Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Windows 8.1 64-bit running on a Dell Inspiron 5537
Android v4.4 running on a Samsung Galaxy Note 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2822 and #2823); SHS (Certs. #2366 and #2367); HMAC (Certs. #1766 and #1767); DRBG (Certs. #483 and #484); KBKDF (Certs. #21 and #22)

-Other algorithms: AES (Certs. #2822 and #2823, key wrapping)

Multi-chip standalone

"The ViPNet Common Crypto Core Library is a software library that provides cryptographic services to a number of ViPNet applications such as ViPNet Network Manager, ViPNet Client for Windows, ViPNet Client for Android, ViPNet Coordinator for Windows, ViPNet Coordinator for Linux, ViPNet Coordinator HW/VA. It is available in user space and kernel driver implementations on a wide range of operational systems. User space library and kernel library use the same base source code."
2281Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0840
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® MLXe® and Brocade NetIron® CER 2000 Series Ethernet Routers, Brocade NetIron CES 2000 Series Ethernet Switches
(Hardware Versions: [BR-MLXE-4-MR-M-AC (80-1006853-01), BR-MLXE-4-MR-M-DC (80-1006854-01), BR-MLXE-8-MR-M-AC (80-1004809-04), BR-MLXE-8-MR-M-DC (80-1004811-04), BR-MLXE-16-MR-M-AC (80-1006820-02), BR-MLXE-16-MR-M-DC (80-1006822-02), BR-MLXE-4-MR2-M-AC (80-1006870-01), BR-MLXE-4-MR2-M-DC (80-1006872-01), BR-MLXE-8-MR2-M-AC (80-1007225-01), BR-MLXE-8-MR2-M-DC (80-1007226-01), BR-MLXE-16-MR2-M-AC (80-1006827-02), BR-MLXE-16-MR2-M-DC (80-1006828-02) with Blade 80-1006778-01, 80-1005643-01, 80-1003891-02, 80-1002983-01, 80-1003971-01, 80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01, 80-1004113-01, 80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, NI-CER-2048F-ADVPREM-AC (80-1003769-07), NI-CER-2048F-ADVPREM-DC (80-1003770-08), NI-CER-2048FX-ADVPREM-AC (80-1003771-07), NI-CER-2048FX-ADVPREM-DC (80-1003772-08), NI-CER-2024F-ADVPREM-AC (80-1006902-02), NI-CER-2024F-ADVPREM-DC (80-1006904-02), NI-CER-2024C-ADVPREM-AC (80-1007032-02), NI-CER-2024C-ADVPREM-DC (80-1007034-02), NI-CER-2048C-ADVPREM-AC (80-1007039-02), NI-CER-2048C-ADVPREM-DC (80-1007040-02), NI-CER-2048CX-ADVPREM-AC (80-1007041-02), NI-CER-2048CX-ADVPREM-DC (80-1007042-02), BR-CER-2024F-4X-RT-DC (80-1007212-01), BR-CER-2024C-4X-RT-DC (80-1007213-01), BR-CER-2024F-4X-RT-AC (80-1006529-01), BR-CER-2024C-4X-RT-AC (80-1006530-01), NI-CER-2024-2X10G (80-1003719-03), RPS9 (80-1003868-01), RPS9DC (80-1003869-02), BR-CES-2024C-4X-AC (80-1000077-01), BR-CES-2024C-4X-DC (80-1007215-01), BR-CES-2024F-4X-AC (80-1000037-01), BR-CES-2024F-4X-DC (80-1007214-01), RPS9 (80-1003868-01) and RPS9DC (80-1003869-02) with FIPS Kit XBR-000195]; Firmware Version: Multi-Service IronWare R05.5.00ca)
(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8, 13 and 17 as defined in the Security Policy. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/14/2014Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: DSA (Certs. #798, #799 and #800); SHS (Certs. #2221, #2222 and #2223)

-Other algorithms: RSA (key wrapping; non-compliant); Diffie-Hellman (non-compliant); SNMPv3 KDF (non-compliant); MD5; NDRNG; HMAC-MD5; HMAC-SHA1-96 (non-compliant); AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant); DRBG (non-compliant); RSA (non-compliant); SSHv2 KDF (non-compliant); TLSv1.0 KDF (non-compliant); DES; MD2; RC2; RC4

Multi-chip standalone

"The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. These fixed-form routers can store a complete Internet table and are ideal for supporting a wide range of applications in Metro Ethernet, data center, and campus networks.The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. These fixed-form 10 GbE-capable 1U switches offer deep buffers and are ideal for Carrier Ethernet service delivery at the network ed"
2280Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0
KDH3000-CM
(Hardware Version: 1.0; Firmware Version: V01.04.0000.0000)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/14/2014Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1623); SHS (Cert. #2144); DRBG (Cert. #376)

-Other algorithms: NDRNG

Multi-chip embedded

"The module is a ruggedized, opaque, tamper-resistant USB disk encryption/file encryption device that connects to an external general purpose computer (GPC) outside of its cryptographic boundary to service as a secure peripheral storage device for the GPC. The module is a self-contained device that automatically encrypts and decrypts data copied to and from the drive from the externally connected GPC."
2279Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 4083330480
FAX: 4083338101

CST Lab: NVLAP 200802-0
Brocade® FCX 624/648, ICX™ 6610, ICX 6450, ICX 6650 and SX 800/1600 Series
(Hardware Versions: [FCX624S (P/N 80-1002388-08), FCX624S-HPOE-ADV (P/N 80-1002715-08), FCX624S-F-ADV (P/N 80-1002727-07), FCX648S (P/N 80-1002392-08), FCX648S-HPOE (P/N 80-1002391-10), FCX648S-HPOE-ADV (P/N 80-1002716-10), FCX-2XG (P/N 80-1002399-01), ICX 6610-24F-I (P/N 80-1005350-04), ICX 6610-24F-E (P/N 80-1005345-04), ICX 6610-24-I (P/N 80-1005348-05), ICX 6610-24-E (P/N 80-1005343-05), ICX 6610-24P-I (P/N 80-1005349-06), ICX 6610-24P-E (P/N 80-1005344-06), ICX 6610-48-I (P/N 80-1005351-05), ICX 6610-48-E (P/N 80-1005346-05), ICX 6610-48P-I (P/N 80-1005352-06), ICX 6610-48P-E (P/N 80-1005347-06), ICX 6450-24 (P/N 80-1005997-03), ICX 6450-24P (P/N 80-1005996-04), ICX 6450-48 (P/N 80-1005999-04), ICX 6450-48P (P/N 80-1005998-04), ICX 6450-C12-PD (P/N 80-1007578-01), ICX6650-32-E-ADV (P/N: 80-1007115-02), ICX6650-32-I-ADV (P/N: 80-1007116-02), ICX6650-40-E-ADV (P/N: 80-1007179-03), ICX6650-40-I-ADV (P/N: 80-1007181-03), ICX6650-48-E-ADV (P/N: 80-1007180-03), ICX6650-48-I-ADV (P/N: 80-1007182-03), ICX6650-56-E-ADV (P/N: 80-1007117-03), ICX6650-56-I-ADV (P/N: 80-1007118-03), ICX6650-80-E-ADV (P/N: 80-1007119-03), ICX6650-80-I-ADV (P/N: 80-1007120-03), FI-SX800-S (P/N 80-1003050-03 and 80-1007143-03), FI-SX1600-AC (P/N 80-1002764-02 and 80-1007137-02), FI-SX1600-DC (P/N 80-1003005-02 and 80-1007138-02), SX-FISF (P/N 80-1002957-03), SX-FI-ZMR-XL (P/N 80-1006486-02), SX-FI-ZMR-XL-PREM6 (P/N 80-1007350-02), SX-ACPWR-SYS (P/N 80-1003883-02) and SX-DCPWR-SYS (P/N 80-1003886-02)] with FIPS Kit XBR-000195; Firmware Version: IronWare R08.0.01)
(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 4, 10 and 11 as defined in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/14/2014Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: DSA (Certs. #668, #801, #802 and #803); SHS (Certs. #2224, #2225, #2226 and #2227)

-Other algorithms: RSA (key wrapping; non-compliant); Diffie-Hellman (non-compliant); SNMPv3 KDF (non-compliant); MD5; SSHv2 KDF (non-compliant); HWRNG; HMAC-MD5; AES (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant); DRBG (non-compliant); TLSv1.0 KDF (non-compliant); RSA (non-compliant); DES; MD2; RC2; RC4

Multi-chip standalone

"The FastIron SX series chassis devices are modular switches that provide the enterprise network with a complete end-to-end Enterprise LAN solution. The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. Brocade ICX 6450 switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks. The Brocade ICX 6650 Switch is a compact Ethernet switch that delivers industry-leading 10/40 GbE density."
2278Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco 4451-X Integrated Services Router (ISR) (with PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256)
(Hardware Version: ISR 4451-X with FIPS kit ISR4451-FIPS-Kit; Firmware Version: IOS-XE 3.10.2)
(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/14/2014Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2345 and #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Certs. #1454 and #1764); RSA (Cert. #1471); SHS (Certs. #2022 and #2361); Triple-DES (Certs. #1468, #1670 and #1688)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength)

Multi-chip standalone

"The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
2276McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Klaus Majewski
TEL: +358-40-824-7908

Jorma Levomäki
TEL: +358-9-476711

CST Lab: NVLAP 200658-0
McAfee NGFW Cryptographic Kernel Module
(Software Version: 2.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/07/2014Overall Level: 1

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Debian GNU/Linux 6.0-based distribution running on McAfee MIL-320
Debian GNU/Linux 6.0-based distribution running on McAfee 5206 with AES-NI
Debian GNU/Linux 6.0-based distribution running on McAfee 3206 with AES-NI
Debian GNU/Linux 6.0-based distribution running on McAfee 3206 without AES-NI
Debian GNU/Linux 6.0-based distribution running on McAfee 3202 with AES-NI
Debian GNU/Linux 6.0-based distribution running on McAfee 3202 without AES-NI
Debian GNU/Linux 6.0-based distribution running on McAfee 1402 with AES-NI
Debian GNU/Linux 6.0-based distribution running on McAfee 1065 with AES-NI
Debian GNU/Linux 6.0-based distribution running on McAfee 1035 with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2914, #2915, #2916, #2917, #2918, #2919, #2920 and #2921); Triple-DES (Certs. #1729, #1730, #1731, #1732, #1733 and #1734); SHS (Certs. #2452, #2453, #2454, #2455, #2456 and #2457); HMAC (Certs. #1843, #1844, #1845, #1846, #1847 and #1848)

-Other algorithms: N/A

Multi-chip standalone

"The McAfee NGFW Cryptographic Kernel Module is a software modulethat provides cryptographic services required by the McAfee NGFW product."
2275Xirrus, Inc.
2101 Corporate Center Drive
Thousand Oaks, CA 91320
USA

Mike de la Garrigue
TEL: 805-262-1655

CST Lab: NVLAP 100432-0
Xirrus XR Series Wi-Fi Products
(Hardware Versions: XR-520 [1], XR-520H-FIPS [2], XR-620-FIPS [1], XR-630-FIPS [1], XR-2425H-FIPS [3], XR-2225 [1], XR-2235 [1], XR-2425 [1], XR-2435 [1], XR-2226 [1], XR-2236 [1], XR-2426 [1], XR-2436 [1], XR-4420 [1], XR-4430 [1], XR-4820 [1], XR-4830 [1], XR-4426 [1], XR-4436 [1], XR-4826 [1], XR-4836 [1], XR-6820 [1], XR-6830 [1], XR-6836 [1], XR-7220 [1], XR-7230 [1], XR-7620 [1], XR-7630 [1] and XR-7636 [1]; Enclosure (Form Factor): XE-6000-TBAR [1], XR-520H-FIPS [2] and XR-2425H-FIPS [3]; Firmware Version: AOS-7.1)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/04/2014Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450 and #2833); CVL (Certs. #257 and #258); DRBG (Cert. #490); HMAC (Cert. #1774); KBKDF (Cert. #24); RSA (Cert. #1475); SHS (Cert. #2374); Triple-DES (Cert. #1693)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; Blowfish; Camellia; CAST; IDEA; RC4; SEED; MD5

Multi-chip standalone

"Wireless networking equipment."
2273Qualcomm Technologies, Inc.
5775 Morehouse Dr
San Diego, California 92121
USA

Lu Xiao
TEL: 858-651-5477

CST Lab: NVLAP 200658-0
QTI Cryptographic Module on Crypto 5 Core
(Hardware Version: Snapdragon 805; Software Version: 5.f1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid11/04/2014Overall Level: 1

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Android 4.4 running on Snapdragon 805 (single-user mode)

-FIPS Approved algorithms: DRBG (Cert. #501); Triple-DES (Cert. #1701); HMAC (Cert. #1786); AES (Cert. #2839); SHS (Cert. #2388)

-Other algorithms: HW RNG; DES; AEAD; kasumi; snow-3g

Multi-chip standalone

"This cryptographic module implements block ciphers including AES, Triple-DES, hash functions SHA-1 and SHA-256, Message Authentication Code functions HMAC and CMAC and DRBG 800-90A."
2272INSIDE Secure
Arteparc Bachasson, Bât A
Rue de la carrière de Bachasson, CS70025
Meyreuil, Bouches-du-Rhône 13590
France

Bob Oerlemans
TEL: +31 736-581-900
FAX: +31 736-581-999

CST Lab: NVLAP 200658-0
VaultIP
(Hardware Version: 1.1.4; Firmware Version: 1.1.4)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/24/2014Overall Level: 2

-Physical Security: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: KBKDF (Cert. #25); KAS (Cert. #46); CVL (Cert. #269); DRBG (Cert. #500); ECDSA (Cert. #502); RSA (Cert. #1488); Triple-DES (Cert. #1702); HMAC (Cert. #1787); SHS (Cert. #2389); AES (Cert. #2847)

-Other algorithms: DES; AES (Cert. #2847, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES (non-compliant); NDRNG

Single-chip

"VaultIP is a Silicon IP Security Module which includes a complete set of high- and low-level cryptographic functions. It offers key management and crypto functions needed for platform and application security such as Content Protection and Mobile Payment, and can be used stand-alone or as a 'Root of Trust' to support a TEE-based platform."
2270Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs)
(Hardware Versions: [15454-M2-SA, 15454-M6-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9, 15454-M-WSE-K9 and 10X10G-LC] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 9.8.1.2 or 9.8.1.3)
(When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/22/2014
06/09/2015
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2352, #2369, #2886 and #2887); CVL (Certs. #316 and #317); DRBG (Certs. #521 and #522); HMAC (Certs. #1820 and #1821); KBKDF (Cert. #29); RSA (Certs. #1526 and #1527); SHS (Certs. #2427 and #2428); Triple-DES (Cert. #1721)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Cisco ONS 15454 Multiservice Transport Platform (MSTP) is the most deployed metropolitan-area (metro) and regional dense wavelength division multiplexing (DWDM) solution in the world featuring two- through eight-degree reconfigurable optical add/drop multiplexer (ROADM) technology that enables wavelength provisioning across entire networks and eliminates the need for optical-to-electrical-to-optical (OEO) transponder conversions."
2267Yubico Inc.
228 Hamilton Avenue
3rd Floor
Palo Alto, CA 94301
USA

Jakob Ehrensvard
TEL: 408-774-4064

CST Lab: NVLAP 200427-0
Yubico YubiKey Standard and YubiKey Nano
(Hardware Version: 1.6; Firmware Version: 2.5.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/14/2014Overall Level: 1

-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2811); HMAC (Cert. #1762); SHS (Cert. #2359)

-Other algorithms: N/A

Single-chip

"The YubiKey and YubiKey Nano are two-factor authentication devices supporting OATH-HOTP as well as the Yubico OTP algorithm. The devices are connected via the USB ports and emulate a generic USB keyboard to allow a true driver-less installation."
2264HGST, Inc.
5601 Great Oaks Parkway
Building 50-3/D393
San Jose, CA 95119
USA

Michael Good
TEL: 408-717-6261
FAX: 408-717-9494

Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar C15K600 TCG Enterprise HDDs
(Hardware Versions: HUC156060CS4205 (1) [1, 2, 3, 4, 5], HUC156060CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8], HUC156045CS4205 (1) [1, 2, 3, 4, 5], HUC156045CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8], HUC156030CS4205 (1) [1, 2, 3, 4, 5], HUC156030CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8], HUC156060CSS205 (1) [1, 2, 3, 4, 5], HUC156060CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8], HUC156045CSS205 (1) [1, 2, 3, 4, 5], HUC156045CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8], HUC156030CSS205 (1) [1, 2, 3, 4, 5], and HUC156030CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8]; Firmware Versions: R3A0 [1], R3F0 [2], R3R0 [3], R3X0 [4], R3X2 [5], R703 [6], R7G2 [7] or R904 [8]))

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/10/2014
02/20/2015
08/07/2015
04/04/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; AES (Cert. #2365, key wrapping)

Multi-chip embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C15K600 series are 12Gbs SAS, TCG Enterprise HDDs."
2263Utimaco IS GmbH
Germanusstraße 4
Aachen 52080
Germany

Dr. Gesa Ott
TEL: +49 241-1696-200
FAX: +49 241-1696-190

CST Lab: NVLAP 100432-0
SafeGuard® CryptoServer Se
(Hardware Versions: P/N CryptoServer Se, Version 3.00.3.1; Firmware Version: 3.0.2.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/07/2014
05/04/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #2739); DRBG (Cert. #459); ECDSA (Cert. #840); HMAC (Cert. #1717); RSA (Certs. #1435 and #1436); SHS (Certs. #2308, #2309 and #2310); Triple-DES (Cert. #1649); Triple-DES MAC (Triple-DES Cert. #1649, vendor affirmed); CVL (Cert. #749)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #2739, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1649, key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement); RSA (non-compliant); ECIES; MD5; MDC-2; RIPEMD-160; DES; Retail-TDES MAC; AES MAC (AES Cert. #2739; non-compliant); PIN generation/PIN verification (e.g., VISA/MasterCard); KDF_ENC_DATA; KDF_HASH; KDF_ECDH; KDF_DH; KDF_XOR_BASE_AND_DATA; KDF_CAT_BASE_AND_KEY; KDF_CAT_BASE_AND_DATA; KDF_CAT_DATA_AND_BASE; KDF_EXTRACT_KEY_FROM_KEY

Multi-chip embedded

"SafeGuard® CryptoServer Se is an encapsulated, tamper-protected hardware security module which provides secure cryptographic services like encryption or decryption, hashing, signing and verification of data, random number generation, on-board secure key generation, key storage and further key management functions."
2262Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku, Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model)
(Hardware Versions: A0 with PX02SMU020, PX02SMU040, PX02SMU080 or PX02SMQ160 [1], A0 with PX02SSU010, PX02SSU020, PX02SSU040, or PX02SSQ080 [2], A0 with PX03SNU020, PX03SNU040, PX03SNU080, or PX03SNQ160 [3]; Firmware Versions: NA00 [1], NA01 [1], 0502 [1], AJ01 [1], AK01 [2], and AL01 [3])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/01/2014
01/09/2015
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2598); HMAC (Cert. #1611); SHS (Cert. #2183); RSA (Cert. #1331); DRBG (Cert. #397)

-Other algorithms: NDRNG

Multi-chip embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2261CipherCloud, Inc.
99 Almaden Blvd., Suite 500
San Jose, CA 95113
USA

Andy Loong
TEL: 408-663-5093

CST Lab: NVLAP 200968-0
Cryptographic Module for CipherCloud Gateway
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/01/2014
05/03/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with CentOS 6.3 with Java JRE 1.6.0 running on IBM 3620 M3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2339); SHS (Cert. #2017); HMAC (Cert. #1449); DRBG (Cert. #303); PBKDF (vendor affirmed)

-Other algorithms: AES-PCBC (non-compliant); AES-CTR (non-compliant); AES-CTS (non-compliant); AES-OFB (non-compliant); AES-OFB8 (non-compliant); AES-OFB128 (non-compliant); ARC4; Blowfish; DES; Diffie-Hellman (non-compliant); DSA (non-compliant); RC2; RSA (encrypt/decrypt); Triple-DES (non-compliant); PBEWithMD5AndDES; PBEWithMD5AndTripleDES; PBEWithSHA1AndDESede; PBEWithSHA1AndRC2_40; MD2; MD5; SHA-384 (non-compliant); HMAC-MD5; HMAC SHA-384 (non-compliant); HMAC SHA-512 (non-compliant)

Multi-chip standalone

"The Cryptographic Module enables all cryptographic operations performed by the CipherCloud Gateway. The CipherCloud Gateway is a software solution that organizations deploy within their network boundaries or delegate operation to a trusted third party. CipherCloud interfaces with clients (e.g., web browsers, mobile applications, APIs, etc.), and leverages format and operations preserving encryption technology to secure sensitive information in real time, before it's sent to cloud applications (e.g. web servers, API services, databases, etc.), without impacting usability or performance."
2260Zebra Technologies Corporation
3 Overlook Point
Lincolnshire, IL 60069
USA

Erv Comer
TEL: 480-628-7901

Tom McKinney
TEL: 631-738-3586

CST Lab: NVLAP 100432-0
Fusion Wireless LAN Cryptographic Module for Android
(Hardware Version: WL1283CYFVR (Rev C); Firmware Version: 1.01; Software Versions: 1.02 and 1.03)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid09/30/2014
08/14/2015
Overall Level: 1

-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Android Jelly Bean 4.1.1 running on a MC40N0
Android KitKat 4.4.4 running on a MC40N0 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2812 and #3462); HMAC (Certs. #1763 and #2208); SHS (Certs. #2360 and #2858)

-Other algorithms: N/A

Multi-chip standalone

"The Fusion WLAN cryptomodule secures the WLAN radio for Android Jelly Bean based devices (e.g., MC40, MC67, MC32, and ET1) and Android KitKat based devices (e.g., MC40 and MC92). These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
2259Cavium Networks
2315 N First Street
San Jose, CA 95131
USA

Albert Harnois
TEL: 408-943-7641
FAX: 408-557-1992

Tony Tran
TEL: 408-943-7128
FAX: 408-577-1992

CST Lab: NVLAP 100432-0
NITROX XL 1600-NFBE HSM Family
(Hardware Version: P/N FN1620-NFBE2-G; Firmware Version: CN16XX-NFBE-FW-2.1-110018)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

This module is in process for the RNG transition.
Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/26/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1265 and #1266); Triple-DES (Cert. #898); RSA (Certs. #607 and #742); ECDSA (Certs. #150 and #188); SHS (Certs. #801, #1166 and #1379); HMAC (Certs. #443, #736 and #1677); KAS (Cert. #5); RNG (Cert. #707); DRBG (Cert. #32); DSA (Cert. #474); CVL (Cert. #166)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE

Multi-chip embedded

"The FN1620-NFBE2-G HSM adapter delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0 via an SFF-8639 connector. The adapter offers up to 30,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets."
2258Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CS Series Encryptors
(Hardware Versions: CS10 Ethernet Encryptor: A4201B [O] and A4201B [Y]; CS100 Ethernet Encryptor: A4203B [O] and A4203B [Y]; Firmware Version: 2.3.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/23/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2585 and #2588); Triple-DES (Cert. #1561); RSA (Cert. #1323); SHS (Cert. #2176); HMAC (Cert. #1600); DRBG (Cert. #390); CVL (Cert. #114)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CS Series is a high performance encryption platform designed to secure data transmitted over 10 and 100Mbps Ethernet networks. The CS10 is a cost-effective, small form factor, encryptor for branch or remote office applications. The CS100 is a 19' rack mounted device suitable for point to point or multipoint connections and is ideally suited for central office operations. SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such."
2257Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Diana Robinson
TEL: 845-454-6397

Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0
ProxySG S500-10 [1] and S500-20 [2]
(Hardware Versions: 080-03549 [1], 080-03551 [1], 090-02998 [1], 080-03552 [1], 090-02999 [1], 080-03553 [2], 080-03555 [2], 090-03000 [2], 080-03556 [2], 090-03001 [2] with FIPS Security Kit (Part Number: 085-02870); Firmware Version: 6.5.2.9 build 144008)
(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/22/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2931); Triple-DES (Cert. #1744); DRBG (Cert. #541); HMAC (Certs. #1700 and #1857); SHS (Certs. #2291 and #2467); RSA (Cert. #1536); CVL (Certs. #181 and #332)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2256Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Diana Robinson
TEL: 845 454-6397

Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0
ProxySG S400-20 [1], S400-30 [2] and S400-40 [3]
(Hardware Versions: 080-03568 [1], 080-03570 [1], 090-03075 [1], 080-03571 [1], 090-03076 [1], 080-03572 [2], 080-03574 [2], 090-03079 [2], 080-03575 [2], 090-03080 [2], 080-03576 [3], 080-03578 [3], 090-03083 [3], 080-03579 [3], 090-03084 [3] with FIPS Security Kit (Part Number: 085-02891); Firmware Version: 6.5.2.9 build 144008)
(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/22/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2931); Triple-DES (Cert. #1744); DRBG (Cert. #541); HMAC (Certs. #1700 and #1857); SHS (Certs. #2291 and #2467); RSA (Cert. #1536); CVL (Certs. #181 and #332)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG; NDRNG

Multi-chip standalone

"Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2255Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Diana Robinson
TEL: 845 454-6397

Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0
Secure Web Gateway Virtual Appliance-V100
(Software Version: 6.5.2.8)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/22/2014Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with SGOS v6.5.2.50 on Vmware ESXi 5.1 running on a Dell PowerEdge R720 with AES-NI
SGOS v6.5.2.50 on Vmware ESXi 5.1 running on a Dell PowerEdge R720 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2737); Triple-DES (Cert. #1648); DRBG (Cert. #458); HMAC (Certs. #1715 and #1716); SHS (Certs. #2306 and #2307); RSA (Cert. #1427); CVL (Certs. #182 and #328)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG; NDRNG; ANSI X9.31 PRNG (non-compliant); CAST-128; DES; RC2; RC4; Camellia; MD2; HMAC-MD5; RIPE-MD-160

Multi-chip standalone

"Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2254Oracle Corporation
500 Eldorado Blvd., Bldg 5
Broomfield, CO 80021
USA

Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0
Oracle StorageTek T10000D Tape Drive
(Hardware Version: P/N 7042136; Firmware Version: 4.07.107)
(When operated in FIPS mode. The protocol SSH shall not be used when operated in the FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/22/2014Overall Level: 1

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2760, #2761, #2762, #2763 and #2764); DRBG (Cert. #467); HMAC (Certs. #1729 and #1730); SHS (Certs. #2324 and #2325); RSA (Cert. #1445); CVL (Cert. #230)

-Other algorithms: AES (Cert. #2763, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SSH KDF (non-compliant); AES (non-compliant); SHS (non-compliant); HMAC (non-compliant); RSA (non-compliant); DRBG (non-compliant)

Multi-chip standalone

"The Oracle StorageTek T10000D Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000D Tape Drive delivers the world's fastest write speeds up to 8.5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution."
2251Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0
Key Variable Loader (KVL) 4000 PIKE2
(Hardware Version: P/N 51009397004; Firmware Versions: R02.03.07, R02.05.03, R02.05.05 and R02.05.08)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/22/2014
01/26/2016
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); DRBG (Cert. #159)

-Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP; NDRNG

Single-chip

"The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
2250Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0
Key Variable Loader (KVL) 4000 PIKE2
(Hardware Version: P/N 51009397004; Firmware Versions: R02.03.07, R02.05.03, R02.05.05 and R02.05.08)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/22/2014
01/25/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); DRBG (Cert. #159)

-Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP; NDRNG

Single-chip

"The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
2249Comtech Mobile Datacom Corporation
20430 Century Boulevard
Germantown, MD 20874
USA

Lajuana Johnson
TEL: 240-686-3300

CST Lab: NVLAP 200427-0
Comtech Mobile Datacom Corporation Cryptographic Library (libcmscrypto)
(Software Version: 1.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/22/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.3 on qemu-kvm-0.12.1.2-2 on Red Hat Enterprise Linux 6 running on a Dell R900 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2355); HMAC (Cert. #1461); SHS (Cert. #2029); Triple-DES (Cert. #1473)

-Other algorithms: DES

Multi-chip standalone

"libcmscrypto is a library implemented in the Comtech Mobile Datacom Corp. products and provides the basic cryptographic functionality that includes Advanced Encryption Standard (AES) algorithm, SHA1 message digest, HMAC SHA-1 Keyed-Hash message authentication code, and Triple-DES."
2248Accellion, Inc.
1804 Embarcadero Road,
Suite 200
Palo Alto, CA 94303
USA

Prateek Jain
TEL: 65-6244-5670
FAX: 65-6244-5678

CST Lab: NVLAP 100432-0
Accellion Cryptographic Module
(Software Version: FTALIB_3_0_1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/19/2014Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5 running on a HP ProLiant DL 380 G7 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2317, #2318, and #2844); CVL (Cert. #268); HMAC (Certs. #1436 and #1783); RSA (Cert. #1485); SHS (Certs. #2004 and #2385); Triple-DES (Cert. #1700)

-Other algorithms: AES (Cert. #2844, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1700, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5

Multi-chip standalone

"Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use."
2246Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco ASA Service Module (SM)
(Hardware Version: WS-SVC-ASA-SM1-K9; Firmware Version: 9.1.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/12/2014
10/23/2014
01/15/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2050, #2444 and #2482); DRBG (Certs. #332 and #341); ECDSA (Cert. #411); HMAC (Certs. #1247 and #1524); RSA (Certs. #1066 and #1271); SHS (Certs. #1794 and #2100); Triple-DES (Certs. #1321 and #1520)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA Service Module (SM) Adaptive Security Appliance provides comprehensive security, performance, and reliability for network environments of all sizes."
2245EF Johnson Technologies
1440 Corporate Drive
Irving, TX 75038-2401
USA

Marshall Schiring
TEL: 402-479-8375
FAX: 402-479-8472

Josh Johnson
TEL: 402-479-8459
FAX: 402-479-8472

CST Lab: NVLAP 100432-0
Subscriber Encryption Module
(Hardware Version: R023-5000-980; Firmware Version: 5.28)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/10/2014Overall Level: 1

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2640); DRBG (Cert. #411); HMAC (Cert. #1632); RSA (Cert. #1351); SHS (Cert. #2213)

-Other algorithms: AES (Cert. #2640, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. 2640, vendor affirmed; P25 AES OTAR); DES; NDRNG

Multi-chip embedded

"The EFJohnson Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the EFJohnson Technology VP600 series radio with secure encrypted voice communication. The SEM supports AES, RSA, HMAC, DRBG and SHA-256 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security."
2244Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco 5921 Embedded Services Router (ESR)
(Software Version: 15.2(4)GC)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/10/2014Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with CentOS Linux 6.4 running on an Intel Desktop Board D2500CC (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2785); CVL (Cert. #237); DRBG (Cert. #472); ECDSA (Cert. #486); HMAC (Cert. #1744); RSA (Cert. #1457); SHS (Cert. #2340); Triple-DES (Cert. #1673)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Cisco ESR 5921 Embedded Services Router is a software product that runs IOS 15.2(4)GC in an x86-based Linux host environment. The binary is a Router application which allows Linux software connections with virtual and physical Linux interfaces on the host hardware. The Cisco 5921 Embedded Services Router provides a secure, manageable device which meets FIPS 140-2 Level 1 requirements."
2243WideBand Corporation
401 W. Grand St.
Gallatin, MO 64640
USA

GoldKey Sales & Customer Service
TEL: 816-220-3000
FAX: 419-301-3208

Jon Thomas
TEL: 567-270-3830
FAX: 419-301-3208

CST Lab: NVLAP 200658-0
GoldKey Security Token Cryptographic Module
(Hardware Version: IC USB-CONTROLLER-2LF; Firmware Version: 7.13)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/10/2014Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2347); SHS (Cert. #2024); DRBG (Cert. #297); Triple-DES (Cert. #1470); RSA (Cert. #1210); ECDSA (Cert. #384); CVL (Certs. #54, #234 and #235)

-Other algorithms: N/A

Single-chip

"Provides cryptographic algorithm implementation for GoldKey Products"
2242Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
X-ES XPedite5205 with Cisco IOS
(Hardware Versions: X-ES XPedite5205 air-cooled card and X-ES XPedite5205 conduction-cooled card; Firmware Version: 15.2(4)GC)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/10/2014Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2784); CVL (Cert. #236); DRBG (Cert. #471); ECDSA (Cert. #485); HMAC (Certs. #537 and #1743); RSA (Cert. #1456); SHS (Certs. #933 and #2339); Triple-DES (Certs. #757 and #1672)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The X-ES XPedite5205 is a high-performance, ruggedized router. With onboard hardware encryption, the XPedite5205 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The XPedite5205 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The XPedite5205 Router Card uses industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology."
2241Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco 5915 and 5940 Embedded Services Routers
(Hardware Versions: Cisco 5915 ESR air-cooled card, Cisco 5915 ESR conduction-cooled card, Cisco 5940 ESR air-cooled card and Cisco 5940 ESR conduction-cooled card; Firmware Version: 15.2(4)GC)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/10/2014Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2784); CVL (Cert. #236); DRBG (Cert. #471); ECDSA (Cert. #485); HMAC (Certs. #537 and #1743); RSA (Cert. #1456); SHS (Certs. #933 and #2339); Triple-DES (Certs. #757 and #1672)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Cisco 5915, 5940 are high-performance, ruggedized routers. With onboard hardware encryption, the Cisco 5915, 5940 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The Cisco 5915, 5940 Embedded Services Routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The Cisco 5915, 5940 Router Cards use industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology."
2239McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2706

CST Lab: NVLAP 100432-0
McAfee Core Cryptographic Module (user)
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/16/2014Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with McAfee Endpoint Encryption Preboot OS running on a Dell E5510 without AES-NI
McAfee Endpoint Encryption Preboot OS running on a Dell E6320 with AES-NI
McAfee Endpoint Encryption Preboot OS running on a Dell E6410 with AES-NI
Windows 8 running in 64-bit UEFI mode running on a Dell Inspiron 3520 without AES-NI
Windows 8 running in 64-bit UEFI mode running on a Lenovo W530 with AES-NI
Windows 8 running in 64-bit UEFI mode running on a Lenovo Yoga with AES-NI
Windows 8 running in 32-bit UEFI mode running on a Samsung 700T without AES-NI
Windows 8 running in 32-bit UEFI mode running on a Dell Latitude 10 without AES-NI
EFI Preboot running on a MacBook without AES-NI
EFI Preboot running on a MacPro without AES-NI
EFI Preboot running on a MacBook Air with AES-NI
EFI Preboot running on a Mac Mini with AES-NI
EFI Preboot running on a MacBook Pro with AES-NI
Windows XP 32-bit running on a Dell E5510 without AES-NI
Windows 7 64-bit running on a Dell E5510 without AES-NI
Windows 7 64-bit running on a Lenovo Yoga with AES-NI
Windows 8 64-bit running on a Lenovo Yoga with AES-NI
Windows 8 32-bit running on a Dell Latitude 10 without AES-NI
MacOS X Lion v10.7 running on a MacBook without AES-NI
MacOS X Mountain Lion v10.8 running on a MacPro without AES-NI
MacOS X Mountain Lion v10.8 running on a MacBook Air with AES-NI
MacOS X Lion v10.7 running on a Mac Mini with AES-NI
MacOS X Mountain Lion v10.8 running on a MacBook Pro with AES-NI
Windows Vista 32-bit running on a Dell E6320 with AES-NI
Windows Vista 64-bit running on a Dell E6410 with AES-NI
Windows 7 32-bit running on a Dell E6320 with AES-NI
Windows 8 32-bit running on a Lenovo W530 with AES-NI
Windows 8 64-bit running on a Lenovo W530 with AES-NI
Windows 8 64-bit running on an Intel UBHB2SISQ with AES-NI
Windows 8 32-bit running on a Lenovo Thinkpad 2 without AES-NI
Windows 8 running in 64-bit UEFI mode running on an Intel UBHB2SISQ with AES-NI
Windows 8 running in 32-bit UEFI mode running on a Lenovo Thinkpad 2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2591, #2592, #2593 and #2755); DRBG (Cert. #394); HMAC (Certs. #1604 and #1605); SHS (Certs. #2181 and #2287)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; PKCS #5

Multi-chip standalone

"The McAfee Core Cryptographic Module provides cryptographic functionality for McAfee's Endpoint Encryption product range."
2232Hitachi, Ltd.
322-2 Nakazato, Odawara-shi
Kanagawa-ken 250-0872
Japan

Hajime Sato
TEL: +81-465-59-5954
FAX: +81-465-49-4822

CST Lab: NVLAP 200835-0
Hitachi Unified Storage Encryption Module
(Hardware Version: DW-F700-BS6GE; Firmware Versions: 02.09.22.00 and 02.09.39.00)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/05/2014
03/10/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2787); HMAC (Cert. #1748); SHS (Cert. #2344)

-Other algorithms: AES (Cert. #2787, key wrapping; key establishment methodology provides 256 bits of encryption strength); SHS (non-compliant); HMAC (non-compliant)

Multi-chip embedded

"The Hitachi Unified Storage Encryption Module provides high speed data at rest encryption for Hitachi storage."
2231Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CN6000 Series Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B [O] (AC), A6041B [O] (DC) and A6042B [O] (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B [O] (AC), A6101B [O] (DC) and A6102B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B [Y] (AC), A6041B [Y] (DC) and A6042B [Y] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B [Y] (AC), A6101B [Y] (DC) and A6102B [Y] (AC/DC); Firmware Version: 2.4.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/28/2014Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #2789, #2790, #2791 and #2793); Triple-DES (Cert. #1677); RSA (Cert. #1460); SHS (Cert. #2345); HMAC (Cert. #1749); DRBG (Cert. #475); CVL (Cert. #242)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN6000 Series is a high-speed hardware encryption platform that secures data over optical and twisted-pair Ethernet and Fibre Channel networks. Models validated are the CN6100 10G Ethernet operating at a line rate of 10Gb/s and the CN6040, Ethernet and FC selectable model operating at data rates up to 4Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is available on the CN6040 for applications that also demand authentication. Additionally TRANSEC transmission security capability can be used to remove patterns from network traffic to prevent traffic analysis."
2230Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0
Aruba RAP-155 and RAP-155P Wireless Access Points
(Hardware Versions: RAP-155-F1, RAP-155-USF1, RAP-155P-F1 and RAP-155P-USF1 with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/28/2014
03/20/2015
01/27/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2229Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder D-16547
Germany

Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

Hasbi Kabacaoglu
TEL: +49-3303-525-616
FAX: +49-3303-525-609

CST Lab: NVLAP 200983-0
Postal mRevenector GB 2013
(Hardware Versions: Hardware P/N: 580036020300/01 and 580036020300/02; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Softwareloader: 90.0036.0206.00/2011485001; GB Application:90.0036.0215.00/2013463001)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/28/2014
09/19/2014
Overall Level: 3

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG; Triple-DES (Cert. #1122, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"Francotyp-Postalia (FP) is one of the leading global suppliers of mail center solutions. A major component of the business of FP is the development, manufacture and support of postal franking machines (postage meters). These postal franking machines incorporate a postal security device (PSD) that performs all postage meter cryptographic and postal security functions and which protects both Critical Security Parameters (CSPs) and Postal Relevant Data Items (PRDIs) from unauthorized access. The Postal mRevenector GB 2013 is FP’s latest generation of PSD"
2228Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0
Aruba RAP-5WN Remote Access Point
(Hardware Version: RAP-5WN-F1 with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/28/2014
03/20/2015
01/27/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #861, #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #478, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #856, #2246, #2249 and #2250); Triple-DES (Certs. #708, #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Aruba's RAP-5WN access point aggregates wired and wireless user traffic and forwards it to an Aruba Mobility Controller through a secure IPsec tunnel, using the public Internet or an optional 3G/4G WWAN service for backhaul. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 standard along with optional Suite B cryptography for high-assurance applications. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
2227Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0
Aruba AP-92, AP-93, AP-104, AP-105 and AP-175 Wireless Access Points
(Hardware Versions: AP-92-F1, AP-93-F1, AP-104-F1, AP-105-F1, AP-175P-F1, AP-175AC-F1 and AP-175DC-F1 with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/26/2014
03/20/2015
01/28/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
2226Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0
Aruba AP-134 and AP-135 Wireless Access Points
(Hardware Versions: AP-134-F1 and AP-135-F1 with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/26/2014
03/20/2015
01/29/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
2224Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0
Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS FIPS Firmware
(Hardware Versions: Aruba 3200-F1, Aruba 3200-USF1, Aruba 3400-F1, Aruba 3400-USF1, Aruba 3600-F1, Aruba 3600-USF1 and [(Aruba 6000-400-F1 or Aruba 6000-400-USF1) with M3mk1-S-F1, HW-PSU-200 or HW-PSU-400, LC-2G-1, LC-2G24F-1 or LC-2G24FP-1] with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400")

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/12/2014
03/20/2015
01/20/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #762, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #417, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #769, #2246, #2249 and #2250); Triple-DES (Certs. #667, #1605 and #1607)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2223McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2706

CST Lab: NVLAP 100432-0
McAfee Core Cryptographic Module (kernel)
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/12/2014Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit running on a Dell E5510 without AES-NI
Windows 7 64-bit running on a Dell E5510 without AES-NI
Windows 7 64-bit running on a Lenovo Yoga with AES-NI
Windows 8 64-bit running on a Lenovo Yoga with AES-NI
Windows 8 32-bit running on a Dell Latitude 10 without AES-NI
MacOS X Lion v10.7 running on a MacBook without AES-NI
MacOS X Mountain Lion v10.8 running on a MacPro without AES-NI
MacOS X Mountain Lion v10.8 running on a MacBook Air with AES-NI
MacOS X Lion v10.7 running on a Mac Mini with AES-NI
MacOS X Mountain Lion v10.8 running on a MacBook Pro with AES-NI
Windows Vista 32-bit running on a Dell E6320 with AES-NI
Windows Vista 64-bit running on a Dell E6410 with AES-NI
Windows 7 32-bit running on a Dell E6320 with AES-NI
Windows 8 32-bit running on a Lenovo W530 with AES-NI
Windows 8 64-bit running on a Lenovo W530 with AES-NI
Windows 8 64-bit running on an Intel UBHB2SISQ with AES-NI
Windows 8 32-bit running on a Lenovo Thinkpad 2 without AES-NI
Windows 8 running in 64-bit UEFI mode running on an Intel UBHB2SISQ with AES-NI
Windows 8 running in 32-bit UEFI mode running on a Lenovo Thinkpad 2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2592 and #2755); HMAC (Cert. #1605); SHS (Cert. #2287)

-Other algorithms: N/A

Multi-chip standalone

"The McAfee Core Cryptographic Module provides cryptographic functionality for McAfee's Endpoint Encryption product range."
2222Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CN1000/CN3000 Series Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN1000 Series: A5165B [O] (AC), A5141B [O] (AC) and A5175B [O] (AC); CN3000 Series: A5203B [O] (AC), A5204B [O] (DC), A5213B [O] (AC) and A5214B [O] (DC); Senetas Corp. Ltd. & SafeNet Inc. CN1000 Series: A5165B [Y] (AC), A5141B [Y] (AC) and A5175B [Y] (AC); CN3000 Series: A5203B [Y] (AC), A5204B [Y] (DC), A5213B [Y] (AC) and A5214B [Y] (DC); Firmware Version: 4.4.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/12/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1682); AES (Certs. #2577, #2579, #2581, #2798, #2815 and #2816); RSA (Cert. #1464); SHS (Cert. #2350); HMAC (Cert. #1754); DRBG (Cert. #477); CVL (Cert. #247)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN1000/CN3000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet, Fibre Channel or SONET/SDH networks. The CN1000 Series supports line rates up to 4.25Gbps while the CN3000 extends the CN Series line rate capability to 10Gbps.SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such."
2221Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0
Aruba 620 and 650 Mobility Controllers with ArubaOS FIPS Firmware
(Hardware Versions: Aruba 620-F1, Aruba 620-USF1, Aruba 650-F1 and Aruba 650-USF1 with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/07/2014
02/20/2015
01/20/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #779, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #426, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #781, #2246, #2249 and #2250); Triple-DES (Certs. #673, #1605 and #1607)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2220Guidance Software, Inc.
215 North Marengo Avenue, Suite 250
Pasadena, CA 91101
USA

Emily Woodman
TEL: 626-768-4615
FAX: 626-229-9199

CST Lab: NVLAP 200556-0
Guidance Software EnCase Cryptographic Engine
(Software Version: 1.0)
(When operated with module Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/28/2014Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 running on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2682 and #2683), HMAC (Certs. #1669 and #1670), RSA (Certs. #1382 and #1383), SHS (Certs. #2253 and #2254)

-Other algorithms: N/A

Multi-chip standalone

"The module is the Guidance Software EnCase Cryptographic Engine, version 1.0, which is a software shared library that provides cryptographic services required by Guidance Software host applications."
2219Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

Rose Quijano-Nguyen

CST Lab: NVLAP 200556-0
Symantec Cryptographic Module
(Software Version: 1.1)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/07/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.4 (64-bit) on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2646); DRBG (Cert. #413); DSA (Cert. #797); HMAC (Cert. #1637); RSA (Cert. #1355); SHS (Cert. #2219); Triple-DES (Cert. #1587)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Symantec Cryptographic Module is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCrypt is implemented in the C programming language and consists of a shared library that is linked with SSIM application components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
2217RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE(R) Crypto-C Micro Edition
(Hardware Version: SPARC T4 P/N 527-1437-01; Software Version: 4.0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid09/08/2014
02/03/2016
Overall Level: 1

-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Solaris 10 running on SPARC T4-2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RNG (Cert. #1057); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2216Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

Noelle Carroll
TEL: 408-826-3246

CST Lab: NVLAP 100432-0
Motorola Network Router (MNR) S6000
(Hardware Version: Base Unit P/N CLN1780L Rev E with Encryption Module P/N CLN8261D Rev N; Firmware Version: GS-16.6.0.69 or PS-16.6.0.69)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/31/2014Overall Level: 1

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #173 and #2395); DRBG (Cert. #399); HMAC (Certs. #39 and #1486); RSA (Cert. #1239); SHS (Certs. #258 and #2057); Triple-DES (Certs. #275 and #1493); CVL (Certs. #99, #122 and #315)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); RNG (non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2215Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

Noelle Carroll
TEL: 408-826-3246

CST Lab: NVLAP 100432-0
Motorola GGM 8000 Gateway
(Hardware Versions: Base Unit P/N CLN1841E Rev A with FIPS Kit P/N CLN8787A Rev B and Power Supply [P/N CLN1850A Rev G (AC) or P/N CLN1849A Rev H (DC)]; Firmware Versions: XS-16.6.0.69, GS-16.6.0.69 or KS-16.6.0.69)
(When operated in FIPS mode with tamper labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/31/2014Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962 and #2395); DRBG (Cert. #399); HMAC (Certs. #1486 and #1487); RSA (Cert. #1239); SHS (Certs. #933 and #2057); Triple-DES (Certs. #757 and #1493); CVL (Certs. #99, #122 and #315)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); RNG (non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2212United States Special Operations Command (USSOCOM)
7701 Tampa Point Boulevard
MacDill Air Force Base, FL 33621-5323
USA

William W. Burnham
TEL: (813) 826-2282

CST Lab: NVLAP 200416-0
Suite B Cryptographic Module
(Software Version: 2.3.1)
(When operated in FIPS mode with module Microsoft Windows Server 2008 R2 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1335 operating in FIPS mode or BlackBerry Cryptographic Kernel validated to FIPS 140-2 under Cert. #1669 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/23/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Intel Xeon E5530 w/Microsoft Windows Server 2008
Qualcomm Snapdragon S2 MSM8655 w/BlackBerry OS Version 7.0.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2603); SHS (Cert. #2187); HMAC (Cert. #1610); ECDSA (Cert. #448); CVL (Certs. #98 and #259)

-Other algorithms: N/A

Multi-chip standalone

"KEYW, in coordination with the United States Special Operations Command (USSOCOM), has developed a Suite B-compliant, standards based, AES/GCM-256 layer of encrypted communications between a BlackBerry Enterprise Server (BES) and a BlackBerry Mobile Set (MS) with Elliptic Curve (EC) key exchange used to negotiate symmetric keys."
2211

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/11/2014Overall Level: 1

Multi-chip standalone
22103e Technologies International, Inc.
9715 Key West Ave,
Suite 500
Rockville, MD 20850
USA

Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6779



CST Lab: NVLAP 200002-0
3e-636M CyberFence Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 5.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/11/2014
03/29/2016
04/14/2016
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2060, #2078 and #2105); SHS (Certs. #1801 and #1807); RSA (Certs. #1072 and #1278); HMAC (Certs. #1253 and #1259); ECDSA (Certs. #303 and #415); DRBG (Cert. #822); CVL (Certs. #22, #87 and #169)

-Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #169, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #87, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength)

Multi-Chip Embedded

"3e-636M CyberFence module is a high speed information assurance device that combines together a number of different capabilities to create a tailored cyber defense. Acting as an IPsec client or gateway, the module authenticates the IPsec peer using IKEv2 negotiation. It provides further data integrity and confidentiality using the ESP mode of the IPsec. AES with 128/192/256 bits key is used for network data encryption while SHS, CCM or GCM is used for data integrity. The module also implements access control, 802.1X port authentication and deep data packet inspection functions."
2208Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CN Series Ethernet Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN4010 Series: A4010B [O] (DC); Senetas Corp. Ltd. CN6010 Series: A6010B [O] (AC), A6011B [O] (DC) and A6012B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN4010 Series: A4010B [Y] (DC); Senetas Corp. Ltd. & SafeNet Inc. CN6010 Series: A6010B [Y] (AC), A6011B [Y] (DC) and A6012B [Y] (AC/DC); Firmware Version: 2.4.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/11/2014Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #1678); AES (Certs. #2788, #2792 and #2794); RSA (Cert. #1461); SHS (Cert. #2346); HMAC (Cert. #1750); DRBG (Cert. #476); CVL (Cert. #243)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN4010 and CN6010 are high-speed hardware encryption modules that secure data over twisted-pair Ethernet and optical networks. The modules support data rates to 1Gb/s and 100Mb/s and 10Mb/s modes. The CN6010 is additionally equipped with pluggable SFPs to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES CFB and CTR algorithms as well as GCM for applications that demand authentication. Additional transmission security is provided via TRANSEC capability which can be used to remove patterns in network traffic and prevent traffic analysis."
2206Aviat Networks, Inc.
5200 Great America Parkway
Santa Clara, CA 95054
USA

Ruth French
TEL: +44 7771 978599
FAX: +44 1698 717204

Martin Howard
TEL: +64 4 577 8735
FAX: +64 4 577 8822

CST Lab: NVLAP 100432-0
Aviat Networks Eclipse Cryptographic Module
(Hardware Versions: INUe 2RU Chassis (P/N EXE-002), Fan Card (P/N EXF-101), Node Controller Card (P/N EXN-004), FIPS Installation Kit (P/N 179-530153-001), Replacement Labels (P/N 007-600331-001), at least one of: [RAC 6X (P/N EXR-600-001), RAC 6XE (P/N EXR-600-002), RAC 60 (P/N EXR-660-001), or RAC 60E (P/N EXR-660-002)] and all remaining slots filled by one of the following: P/N 131-501768-001, EXA-001, EXD-040-001, EXD-152-001, EXD-153-001, EXD-156-001, EXD-160-001, EXD-161-001, EXD-171-001, EXD-180-002, EXD-180-005, EXD-180-102, EXD-181-001, EXD-181-002, EXD-252-001, EXD-331-001, EXD-400-002, EXP-024, EXR-910-001, EXR-999-003, EXS-001, EXS-002 or EXX-001; Firmware Versions: 07.07.10, 08.00.55, 08.00.70, 08.00.72, 08.00.80 and 08.00.81)
(When operated in FIPS mode. Installation of components shall be configured per Section 2.2.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/09/2014
07/24/2014
08/29/2014
07/06/2015
11/18/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: HMAC (Cert. #1503); SHS (Cert. #2075); RSA (Cert. #1250); DRBG (Cert. #323); AES (Certs #2260 and #2418); Triple-DES (Cert. #1506); CVL (Cert. #73)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DES

Multi-chip standalone

"This cryptographic module performs encryption of data carried over a microwave radio link."
2205Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

Sunil Chitnis
TEL: 408-333-2444
FAX: 408-333-4887

CST Lab: NVLAP 200427-0
Brocade® MLXe® and Brocade NetIron® CER 2000 Series Ethernet Routers
(Hardware Versions: BR-MLXE-4-MR-M-AC, BR-MLXE-4-MR-M-DC, BR-MLXE-8-MR-M-AC, BR-MLXE-8-MR-M-DC, BR-MLXE-16-MR-M-AC, BR-MLXE-16-MR-M-DC, BR-MLXE-4-MR2-M-AC, BR-MLXE-4-MR2-M-DC, BR-MLXE-8-MR2-M-AC, BR-MLXE-8-MR2-M-DC, BR-MLXE-16-MR2-M-AC, BR-MLXE-16-MR2-M-DC, NI-CER-2048F-ADVPREM-AC, NI-CER-2048F-ADVPREM-DC, NI-CER-2048FX-ADVPREM-AC, NI-CER-2048FX-ADVPREM-DC, NI-CER-2024F-ADVPREM-AC, NI-CER-2024F-ADVPREM-DC, NI-CER-2024C-ADVPREM-AC, NI-CER-2024C-ADVPREM-DC, NI-CER-2048C-ADVPREM-AC, NI-CER-2048C-ADVPREM-DC, NI-CER-2048CX-ADVPREM-AC and NI-CER-2048CX-ADVPREM-DC with FIPS Kit (P/N Brocade XBR-000195) and NI-MLX-MR and BR-MLX-MR2-M Management Modules; Firmware Version: IronWare Release R05.3.00ea or IronWare Release R05.4.00cb)
(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8 and 12 as defined in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/09/2014Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2359); DRBG (Cert. #301); DSA (Cert. #737); HMAC (Cert. #1462); RSA (Cert. #1217); SHS (Cert. #2031); Triple-DES (Cert. #1475)

-Other algorithms: DES; Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-SHA-1-96; MD2; MD5; NDRNG; RC2; RC4; RSA (non-compliant); SNMPv3 KDF; SSH KDF; TLS KDF

Multi-chip standalone

"The Brocade MLXe series of core routers support IPv4, IPv6, MPLS and advanced Layer 2 switching. Ideally suited for service provider backbones, Metro Ethernet networks, ISPs, CDNs, IXPs, data centers, and distributed enterprises.The NetIron CER 2000 series 1 Gigabit Ethernet (GbE) routers support copper and hybrid fiber configurations with two optional 10 GbE uplink ports. All the ports support forwarding IP and MPLS packets at wire speed without oversubscription. The routers support standard IPv4, IPv6 routing protocols, RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-IS for IPv6, and BGP/BGP-MP for IPv6."
2204Feitian Technologies Co., Ltd.
Floor 17th, Tower B, Huizhi Mansion
No.9 Xueqing Road
Haidan District Beijing 100085
People's Republic of China

Tibi Zhang
TEL: 86-010-62304466 x821
FAX: 86-010-62304416

Xiaozhi Zheng
TEL: 86-010-62304466 x531
FAX: 86-010-62304416

CST Lab: NVLAP 200427-0
ePass Token
(Hardware Version: 1.0.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/07/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The ePass Token, is a USB token containing FEITIAN's own FEITIAN-FIPS-COS cryptographic operating system. The FEITIAN-FIPS-COS is embedded in an ST23YT66 Integrated Circuit (IC) chip and has been developed to support FEITIAN's ePass USB token. The ePass token is designed to provide strong authentication and identification and to support network login, secure online transactions, digital signatures, and sensitive data protection. FEITIAN's ePass token guarantees safety of its cryptographic IC chip and other components with its hard, semi-transparent, polycarbonate shell."
2201IBM® Corporation
9032 South Rita Road
Tucson, AZ 85744
USA

Christine Knibloe
TEL: 520 799-1000

Said Ahmad
TEL: 520-799-5538

CST Lab: NVLAP 200427-0
IBM System Storage TS1140 and TS1150 Tapes Drives – Machine Type 3592, Models E07 and E08
(Hardware Versions: EC Level: M11776 and M12819, P/N: 00V6759 and 38L7468; Firmware Versions: EC Level: M11776 and M13383, P/N: 35P2401 and 38L7468)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/07/2014
05/29/2015
Overall Level: 1

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2384, #2385, #2387, #3356, #3357 and #3358); DRBG (Certs. #314 and #787); RSA (Certs. #1234 and #1720); SHS (Certs. #2051 and #2783)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG

Multi-chip embedded

"The TS1140 / 3592 E07 and TS1150/3592 E08 Tape Drives provides full line speed, fully validated, hardware implemented, AES 256-bit encryption and compression of customer data recorded to tape. It ensures data confidentiality in the event of a lost tape while also supporting additional cryptographic functions for authentication and secure transfer of key material."
2200JVC KENWOOD Corporation
1-16-2, Hakusan, Midori-ku
Yokohama-shi, Kanagawa 226-8525
Japan

Tamaki Shimamura
TEL: +81 45 939 6254
FAX: +81 45 939 7093

Joe Watts
TEL: (678) 474-4700
FAX: (678) 474-4730

CST Lab: NVLAP 100432-0
Secure Cryptographic Module (SCM)
(Hardware Versions: P/N KWD-AE30, Version 2.0.0; Firmware Versions: A3.0.1, A3.0.2 and A3.0.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/27/2014
09/12/2014
05/08/2015
11/23/2015
12/18/2015
Overall Level: 1

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #2696); SHS (Cert. #2285)

-Other algorithms: DES; DES MAC; LFSR; AES MAC (AES Cert. #2696, vendor affirmed; P25 AES OTAR); AES (non-compliant)

Multi-chip embedded

"The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption."
2199Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0
Aruba AP-224 and AP-225 Wireless Access Points
(Hardware Versions: AP-224-F1 and AP-225-F1 with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/27/2014
03/20/2015
01/20/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1648, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #538, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #934, #2246, #2249 and #2250); Triple-DES (Certs. #758, #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2198Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-127

CST Lab: NVLAP 200427-0
Seagate Secure® TCG Enterprise SSC 1200 SSD Self-Encrypting Drive FIPS 140 Module
(Hardware Versions: ST800FM0063 [1, 2, 3, 4,5]; Firmware Versions: 0002 [1], 0004 [2], 0005 [3], 0006 [4], and 0007 [5])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/27/2014
10/16/2014
02/13/2015
07/23/2015
Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1343 and #2663); DRBG (Cert. #62); HMAC (Cert. #1597); RSA (Cert. #1021); SHS (Cert. #1225)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140 Module is embodied in Seagate 1200 SSD SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
2197Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Diana Robinson
TEL: 845 454-6397

Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0
ProxySG SG9000-20 [1], SG9000-20B [2], SG9000-30 [3] and SG9000-40 [4]
(Hardware Versions: 090-02840 [1], 090-02839 [1], 090-02984 [2], 090-02985 [2], 090-02841 [3], 090-02842 [3], 090-02845 [4] and 090-02846 [4] with FIPS kit 085-02718; Firmware Version: 6.5.1.103)
(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/27/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1265 and #2560); Triple-DES (Certs. #898 and #1549); RSA (Certs. #607, #742 and #1312); SHS (Cert. #2159); HMAC (Certs. #736 and #1580); DRBG (Cert. #386)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2196Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Diana Robinson
TEL: 845 454-6397

Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0
ProxySG SG600-10 [1], SG600-20 [2] and SG600-35 [3]
(Hardware Versions: 090-02911 [1], 090-02912 [1], 090-02913 [2], 090-02914 [2], 090-02915 [3] and 090-02916 [3] with FIPS kit 085-02762; Firmware Version: 6.5.1.103)
(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/27/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #105 and #2560); Triple-DES (Cert. #217 and #1549); RSA (Cert. #1312); SHS (Cert. #2159); HMAC (Cert. #1580); DRBG (Cert. #386)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2195Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Diana Robinson
TEL: 845 454-6397

Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0
ProxySG SG900-10B [1], SG900-20 [2], SG900-30 [3], SG900-45 [4] and SG900-55 [5]
(Hardware Versions: 090-02988 [1], 090-02989 [1], 090-02902 [2], 090-02903 [2], 090-02904 [3], 090-02905 [3], 09002908 [4], 090-02909 [4], 090-02979 [5] and 090-02980 [5] with FIPS kit 085-02742; Firmware Version: 6.5.1.103)
(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/27/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1265 and #2560); Triple-DES (Certs. #898 and #1549); RSA (Certs. #607, #742 and #1312); SHS (Cert. #2159); HMAC (Certs. #736 and #1580); DRBG (Cert. #386)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2190Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
TZ 105, TZ 105W, TZ 205, TZ 205W, TZ 210, TZ 210W, TZ 215 and TZ 215W
(Hardware Versions: P/Ns 101-500356-56, Rev. A (TZ 105); 101-500357-57, Rev. A (TZ 105W); 101-500358-59, Rev. A (TZ 205); 101-500359-59, Rev. A (TZ 205W); 101-500244-50, Rev. A (TZ 210); 101-500214-65, Rev. A (TZ 210W); 101-500354-56, Rev. A (TZ 215); 101-500355-57, Rev. A (TZ 215W); Firmware Version: SonicOS 5.9.0.7-22o)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2014
04/21/2015
03/22/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4; RNG

Multi-chip standalone

"Dell SonicWALL's TZ Series is a high performance security platform that combines anti-virus, anti-spyware, intrusion prevention, content filtering, 3G connectivity and redundancy with 802.11 b/g/n wireless for an ultimate SMB security package. These solutions allow remote and branch offices to easily implement network protection from a wide spectrum of emerging threats."
2184Sonus Networks, Inc.
4 Technology Park Drive
Westford, MA 01886
USA

Sandeep Kaushik

CST Lab: NVLAP 200556-0
SBC 5110 and 5210 Session Border Controllers
(Hardware Versions: SBC 5110 and SBC 5210; Firmware Version: 4.0)
(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/25/2014Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2643 and #2644); CVL (Certs. #124 and #125); DRBG (Cert. #412); HMAC (Certs. #1635 and #1636); RSA (Certs. #1353 and #1354); SHS (Certs. #2216, #2217 and #2218); Triple-DES (Cert. #1586)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5

Multi-chip standalone

"The SBC 5110 and 5210 Session Border Controllers are high-performance air-cooled, 2U, IP encryption appliances that provide secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP signaling and media traffic), media transcoding, flexible SIP session routing & policy management."
2182Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0
Aruba RAP-3WN, RAP-3WNP, RAP-108, RAP-109, AP-114 and AP-115 Wireless Access Points
(Hardware Versions: RAP-3WN-F1, RAP-3WN-USF1, RAP-3WNP-F1, RAP-3WNP-USF1, RAP-108-F1, RAP-108-USF1, RAP-109-F1, RAP-109-USF1, AP-114-F1 and AP-115-F1 with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/20/2014
03/20/2015
01/27/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Aruba's 802.11n wired and wireless access points offer the highest performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2181VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

Eric Betts
TEL: 650-427-1902

CST Lab: NVLAP 200928-0
VMware Java JCE (Java Cryptographic Extension) Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/20/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a vShield Manager OS with Sun JRE 6.0 on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1623); AES (Cert. #2704); SHS (Cert. #2271); HMAC (Cert. #1685); DRBG (Cert. #446); DSA (Cert. #825); RSA (Cert. #1402)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less then 112 bits of encryption strength); AES (Cert. #2704, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1623, key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant); RC2; RC4; TWOFISH; IES; ECIES; DES; MD2; MD5; RIPEMD; TIGER; ISO9797 Alg3 MAC

Multi-chip standalone

"The VMware Java JCE (Java Cryptographic Extension) module is a versatile software library that implements FIPS-140-2 approved cryptographic services for VMware products and platforms."
2178SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Stanley Mesceda
TEL: 443-327-1582
FAX: 410-931-7524

CST Lab: NVLAP 200928-0
Model 650 SafeNet Encryptor
(Hardware Versions: 904-000028-001, 904-000029-001, 904-000036-001, 904-53260-007, 904-53260-207, 943-53270-007, 943-53270-207, 904-53261-007, 904-53361-201, 943-53271-007 and 943-53371-201; Firmware Version: 4.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/18/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2616, 2617 and 2619); Triple-DES (Cert. #1574); RSA (Cert. #1337); SHS (Cert. #2196); DRBG (Cert. #400); HMAC (Cert. #1620); CVL (Cert. #101)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less then 112 bits of encryption); Diffie-Hellman (non-compliant); NDRNG

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
2177SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Stanley Mesceda
TEL: 443-327-1582
FAX: 410-931-7524

CST Lab: NVLAP 200928-0
Model 600 SafeNet Encryptor
(Hardware Versions: 904-000019-001, 904-000021-001, 904-000020-001, 904-000022-001, 904-000024-001, 904-000023-001, 904-000025-001, 904-000027-001, 904-000026-001, 943-000031-001, 943-000032-001, 943-000033-001, 943-000035-001, 943-000034-001, 904-30013-001, 904-30013-007, 904-30013-207, 904-10014-001, 904-10014-007, 904-10014-207, 904-25005-001, 904-25005-007, 904-25005-207, 904-51100-001, 904-51100-007, 904-51100-207, 904-51120-001, 904-51120-007, 904-51120-207, 904-51140-001, 904-51140-007, 904-51140-207, 943-51130-001, 943-51130-007, 943-51130-207, 943-51150-001, 943-51150-007, 943-51150-207, 904-51101-001, 904-51101-007, 904-51101-207, 904-51121-001, 904-51121-007, 904-51121-207, 904-51141-001, 904-51141-007, 904-51141-207, 943-51131-001, 943-51131-007, 943-51131-207, 943-51151-001, 943-51151-007 and 943-51151-207; Firmware Version: 4.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/18/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2615, 2618 and 2619); Triple-DES (Cert. #1574); RSA (Cert. #1337); SHS (Cert. #2196); DRBG (Cert. #400); HMAC (Cert. #1620); CVL (Cert. #101)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant); NDRNG

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks or 200MB and 1GB Ethernet networks."
2176Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
ASA 5512-X, ASA 5515-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances
(Hardware Versions: 5580-20 [2], 5580-40 [2], 5512-X [1], 5515-X [1], 5525-X [1], 5545-X [1], 5555-X[1], 5585-X SSP-10 [3], 5585-X SSP-20 [3], 5585-X SSP-40 [3], 5585-X SSP-60 [3] with [FIPS Kit (DS-FIPS-KIT= Rev -BO)] [1], [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT)] [2], or [ASA 5585 FIPS Kit (ASA5585-X-FIPS-KIT)] [3]; Firmware Version: 9.1.6)
(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/18/2014
08/29/2014
01/12/2016
03/02/2016
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #105, #1407, #2049, #2050, #2444, #2472, #2480, #2482 and #2483); DRBG (Certs. #332, #336, #339 and #341); ECDSA (Certs. #411 and #412); HMAC (Certs. #125, #301, #1246, #1247, #1514, #1524 and #1525); RSA (Certs. #106, #261, #1066, #1260, #1269, #1271 and #1272); SHS (Certs. #196, #630, #1793, #1794, #2091, #2100 and #2101); Triple-DES (Certs. #217, #559, #960, #1321, #1513, #1520 and #1521)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
2175

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/17/2014
02/27/2015
Overall Level: 2

Multi-chip standalone
2174Hewlett-Packard Development Company, L.P.
11445 Compaq Center Dr. W
Houston, TX 77070
USA

Julie Ritter
TEL: 281-514-4087

Tim McDonough
TEL: 281-518-7531

CST Lab: NVLAP 200928-0
HP BladeSystem Onboard Administrator Firmware
(Firmware Version: 3.71)
(When installed, initialized and configured as indicated in the Security Policy in Section 3 and operated in FIPS mode.)

This module is in process for the RNG transition.
Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware06/17/2014Overall Level: 1

-Mitigation of Other Attacks: N/A

-Tested: BladeSystem c7000 DDR2 Onboard Administrator with KVM option enclosure
BladeSystem c3000 Tray with Embedded DDR2 Onboard Administrator enclosure
BladeSystem c3000 Dual DDR2 Onboard Administrator enclosure

-FIPS Approved algorithms: AES (Cert. #2289); Triple-DES (Cert. #1439); RSA (Cert. #1178); SHS (Certs. #1972 and #1973); HMAC (Cert. #1406); RNG (Cert. #1140)

-Other algorithms: NDRNG; DSA; RC4; HMAC-SHA1-96; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The module provides administrative control of HP BladeSystem c-Class enclosures. The cryptographic functions of the module provide security for administrative access via HTTPS and SSH, and to administrative commands for the BladeSystem enclosure."
2173Hewlett-Packard Development Company, L.P.
11445 Compaq Center Dr. W
Houston, TX 77070
USA

Julie Ritter
TEL: 281-514-4087

Luis Luciani
TEL: 281-518-6762

CST Lab: NVLAP 200928-0
iLO 3 Cryptographic Module
(Hardware Versions: GLP: 531510-003 [1] and GXE: 438893-503 [2]; Flash Memory: (41050DL00-233-G [1,2]); NVRAM: (420102C00-244-G [1,2]); DDR3 SDRAM: (42020BJ00-216-G [1]); DDR2 SDRAM: (459715-002 [2]); Firmware Version: 1.50)
(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/17/2014Overall Level: 1

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2294, #2295, #2296, #2297 and #2298); Triple-DES (Certs. #1443, #1444 and #1445); DSA (Cert. #720); RSA (Certs. #1182 and #1183); SHS (Certs. #1977, #1978 and #1979); HMAC (Cert. #1410)

-Other algorithms: RC2; RC4; HMAC-MD5; DES; MD5; RSA (non-compliant); DSA (non-compliant); RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112-bits of encryption strength); TLSv1.0 KDF; TLSv1.1 KDF

Multi-chip embedded

"HP Integrated Lights-Out (iLO) management built into BladeSystem blade servers and storage blades is an autonomous management subsystem embedded directly on the server. iLO monitors each server’s overall "health", reports issues, and provides a means for setup and managing of power and thermal settings."
2171HGST, Inc.
5601 Great Oaks Parkway
Building 50-3/C-346
San Jose, CA 95119
USA

Michael Good
TEL: 408-717-6261
FAX: 408-717-9494

Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar C15K600 TCG Enterprise HDDs
(Hardware Versions: HUC156060CS4205 [1], HUC156045CS4205 [1], HUC156030CS4205 [1], HUC156060CSS205 [1], HUC156045CSS205 [1], HUC156030CSS205 [1]; Firmware Version: R12E)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/17/2014
07/17/2014
05/08/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; AES (Cert. #2365, key wrapping)

Multi-chip embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C15K600 series are 12Gbs SAS, TCG Enterprise HDDs."
2169IBM® Corporation
9032 S Rita Road
Tucson, AZ 85744
USA

Christine Knibloe
TEL: 520-799-2486

CST Lab: NVLAP 200427-0
IBM LTO Generation 6 Encrypting Tape Drive
(Hardware Versions: 00V7133 EC Level M12977 [1], 00V7137 EC Level M12977 [2], 00V7135 EC Level M12977 [3] and 00V7139 EC Level M12977 [4]; Firmware Versions: LTO6_DA86.fcp_fh_f.fmrz [1], LTO6_DA86.fcp_hh_f.fmrz [2], LTO6_DA86.sas_fh_f.fmrz [3] and LTO6_DA86.sas_hh_f.fmrz [4])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/11/2014Overall Level: 1

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2692, #2693 and #2694); DRBG (Cert. #440); RSA (Cert. #1392); SHS (Cert. #2261)

-Other algorithms: AES (Cert. #2694, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IBM LTO Generation 6 Encrypting Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Four different host interface types of the LTO Generation 6 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
2166Marvell Semiconductor, Inc.
5488 Marvell Lane
Santa Clara, CA 95054
USA

Minda Zhang
TEL: 508-573-3255
FAX: 508-573-3311

CST Lab: NVLAP 200968-0
Armada Mobile Processor
(Hardware Versions: Armada PXA-2128[1] and Armada PXA-610[2]; Firmware Versions: 2128-1.1[1] and 610-1.1[2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/09/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1982 and #2133); Triple-DES (Certs. #1285 and #1357); SHS (Certs. #1737 and #1857); HMAC (Certs. #1195 and #1303); RSA (Certs. #1028 and #1102); ECDSA (Certs. #287 and #323); DRBG (Certs. #182 and #238)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 256 bits of encryption strength); AES (Certs. #1982 and #2133, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength)

Single-chip

"Marvell’s ARMADA PXA2128 and ARMADA PXA610 are application processors (PXA2128 is multicore) ideally suited for smartphones and tablets that enable a seamless connected lifestyle. Designed in low-power 40-nanometer (nm) process and featuring the Marvell Hybrid Symmetric Multi-Processing (hSMP) technology, they provide new levels of secure internet and multimedia performance, while achieving industry-leading battery life. Featuring Marvell optimized ARMv7 dual high-performance mobile processors with hSMP running at up to 1.2GHz, the ARMADA PXA2128 and PXA610 provide robust 3D graphics, video,"
2165Ultra Electronics 3eTI
Suite 500
9715 Key West Ave
Rockville, MD 20850
USA

Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6779

CST Lab: NVLAP 200002-0
3e-543 AirGuard iField Wireless Sensor Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/09/2014Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1611 and #2251); SHS (Cert. #1939); HMAC (Cert. #1379); ECDSA (Cert. #359)

-Other algorithms: N/A

Multi-chip embedded

"3eTI 543 Wireless Sensor Cryptographic Module provides network authentication and data encryption for IEEE 15.4 radio. This module enables the secured transportation of sensor data using AES_CCM over ISA 100.11a or WirelessHard wireless links."
2164CoCo Communications
800 5th Avenue Suite 3700
Seattle, WA 98104
USA

David Weidenkopf
TEL: 206-812-5783
FAX: 206-770-6461

A. Riley Eller
TEL: 206-812-5726
FAX: 206-770-6461

CST Lab: NVLAP 200658-0
CoCo OpenSSL Cryptographic Module
(Software Versions: 2.1 and 2.2)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/05/2014
12/31/2014
05/29/2015
09/30/2015
02/05/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6 32-bit running on oMG 2000
Vyatta 6.4 32-bit running on Dell PowerEdge R210 with AES-NI
Vyatta 6.4 32-bit running on Dell PowerEdge R210 without AES-NI
Windows 7 x86_64 native and Java support via JNI running on HP Pro Book 640 G1 with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2366, #2367, #2381 and #3474); Triple-DES (Certs. #1479, #1480 and #1959); DSA (Certs. #739, #740 and #982); RSA (Certs. #1222, #1223 and #1790); ECDSA (Certs. #389, #390 and #705); CVL (Certs. #62, #63 and #549); SHS (Certs. #2039, #2040 and #2869); HMAC (Certs. #1470, #1471 and #2219); DRBG (Certs. #304, #305, #313 and #856)

-Other algorithms: Diffie-Hellman; DRBG (DUAL-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-chip standalone

"The CoCo OpenSSL Cryptographic Module 2.1 is an OpenSSL cryptographic library that provides cryptographic services to its calling applications."
2160Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco 819G-4G-A-K9, 819G-4G-V-K9, 819H-K9, 819G-S-K9, 819HG-4G-G-K9, 891, 881, 1905, 1921 and 1941 Integrated Services Routers (ISRs)
(Hardware Versions: 819G-4G-A-K9 , 819G-4G-V-K9 , 819H-K9 , 819G-S-K9, 819HG-4G-G-K9, 881, 891, 1905 [1], 1921 [1], 1941 and FIPS-SHIELD-1900= [1] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A)
(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/27/2014
08/06/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1115, #1535, #1648 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #537, #538, #627 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #933, #934, #1038, #2182 and #2208); Triple-DES (Certs. #757, #758, #812 and #1566)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 800 and 1900 Series Integrated Services Routers are routers that provide collaborative business solutions for data communication to small businesses and enterprise teleworkers. They offer Metro Ethernet and multiple DSL technologies to provide business continuity. The routers provide the performance required for concurrent services, including firewall, intrusion prevention, content filtering, and encryption for VPNs for optimizing voice and video applications."
2158INSIDE Secure
41 Parc Club du Golf
Aix-en-Provence 13856
France

Jerome Ducros
TEL: +33 (0)413758653

CST Lab: NVLAP 100432-0
VaultIC405™, VaultIC421™, VaultIC441™
(Hardware Versions: P/Ns: ATVaultIC405 [2], ATVaultIC421 [1] and ATVaultIC441 [1]; Platforms: ATVaultIC405M Silicon Rev C [2], ATVaultIC421M Silicon Rev C [1] and ATVaultIC441M Silicon Rev C [1]; Firmware Versions: 1.0.1 [1] and 1.0.3 [2])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/20/2014
05/08/2015
Overall Level: 3

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Cert. #2119); DRBG (Cert. #231); DSA (Cert. #663); ECDSA (Cert. #316); HMAC (Cert. #1291); RSA (Cert. #1089); SHS (Cert. #1843); Triple-DES (Cert. #1348)

-Other algorithms: NDRNG; AES (Cert. #2119, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; DES MAC; Triple-DES (ISO9797; non-compliant); Triple-DES MAC (ISO9797; non-compliant); HOTP; RSA (encrypt/decrypt)

Single-chip

"The VaultIC405™, VaultIC421™ and VaultIC441™ is an Application Specific Standard Product (ASSP) designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection."
2157Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

Mocana Sales
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0
Mocana Cryptographic Suite B Hybrid Module
(Hardware Version: Freescale P2020 SEC 3.1; Software Version: 5.5fi)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid05/20/2014
04/05/2016
Overall Level: 1

-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with VxWorks 6.8 running on a XPedite5500 with a Freescale P2020 SEC3.1 processor (Single-user mode)

-FIPS Approved algorithms: AES (Certs. #2290 and #2291); DRBG (Cert. #284); DSA (Cert. #717); ECDSA (Cert. #372); HMAC (Cert. #1407); RSA (Cert. #1179); SHS (Cert. #1974); Triple-DES (Cert. #1440)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt); RNG; Dual EC DRBG

Multi-chip standalone

"The Mocana Cryptographic Suite B Hybrid Module (Software Version 5.5fi) is a hybrid, multi-chip standalone cryptographic module that runs on a general purpose computer. The primary purpose of this module is to provide FIPS Approved cryptographic routines to consuming applications via an Application Programming Interface."
2156Dell, Inc.
2300 West Plano Parkway
Plano, TX 75075
USA

Chris Burchett
TEL: 512-723-8065
FAX: 972-577-4375

Mike Phillips
TEL: 512-723-8420
FAX: 972-577-4375

CST Lab: NVLAP 200002-0
Dell-CREDANT Cryptographic Kernel (Windows Kernel Mode) [1] and Dell-CREDANT Cryptographic Kernel (Windows User Mode) [2]
(Software Versions: 1.8 [1,2])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/15/2014Overall Level: 2

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 2 with Windows 7 Enterprise (32-bit) running on Dell Optiplex 755 [1]
Windows 7 Enterprise x64 Edition (64-bit) running on Dell Optiplex 755 [1]
Windows 7 Enterprise (32-bit) running on Dell Optiplex 755 [2]
Windows 7 Enterprise x64 Edition (64-bit) running on Dell Optiplex 755 [2]

-FIPS Approved algorithms: AES (Certs. #2130 and #2131); Triple-DES (Certs. #1353 and #1354); SHS (Certs. #1854 and #1855); HMAC (Certs. #1300 and #1301); DRBG (Certs. #235 and #236)

-Other algorithms: Rijndael; RNG (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant)

Multi-chip standalone

"CREDANT CmgCryptoLib (also known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library implementing AES, DRBG SP 800-90A [CTR], SHA-2 [256, 384, 512], HMAC [SHA-1 & SHA-2], and Triple-DES. CmgCryptoLib is used by commercial products including CREDANT Mobile Guardian (CMG) and Dell Data Protection Encryption (DDPE). CREDANT provides a centrally managed data protection platform for authentication, encryption, access controls and data recovery for laptops, desktops, removable media, smart phones, servers, network shares, cloud storage and applications."
2155VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

Eric Betts
TEL: 650-427-1902

CST Lab: NVLAP 200928-0
VMware NSS Cryptographic Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/14/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server with AES-NI
VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1619); AES (Cert. #2700); SHS (Cert. #2267); HMAC (Cert. #1681); DRBG (Cert. #443); DSA (Cert. #821); RSA (Cert. #1398)

-Other algorithms: RC2; RC4; DES; SEED; CAMELLIA; MD2; MD5; Triple-DES (non-compliant); ECDSA (non-compliant); HKDF (non-compliant); J-PAKE; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The VMware NSS Cryptographic Module is a software cryptographic library that provides FIPS 140-2 validated network security services to VMware products."
2152Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco 2901, 2911, 2921, 2951, 3925, 3925E, 3945, 3945E and VG350 Integrated Services Routers (ISRs)
(Hardware Versions: 2901 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, A], 2911 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, B], 2921 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, C], 2951 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, D], [3925, 3925E, 3945, 3945E and VG350] [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, E], PVDM2-8 [1], PVDM2-16 [2], PVDM2-32 [3], PVDM2-48 [4], PVDM2-64 [5], PVDM3-16 [6], PVDM3-32 [7], PVDM3-64 [8], PVDM3-128 [9], PVDM3-192 [10], PVDM3-256 [11], FIPS-SHIELD-2901= [A], FIPS-SHIELD-2911= [B], FIPS-SHIELD-2921= [C], FIPS-SHIELD-2951= [D] and FIPS-SHIELD-3900= [E] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A)
(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2014
08/06/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #803, #963, #1115, #1536 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #443, #538, #627 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #801, #934, #1038, #2182 and #2208); Triple-DES (Certs. #758, #812, #1037 and #1566)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
2151SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

Papi Menon
TEL: 650-261-2413
FAX: 650-261-2401

CST Lab: NVLAP 200928-0
ProtectV StartGuard
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/13/2014Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Windows Server 2012 (x64) on VMware ESXi 5.0 running on Dell PowerEdge R610 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2550); HMAC (Cert. #1571); SHS (Cert. #2151)

-Other algorithms: N/A

Multi-chip standalone

"ProtectV StartGuard authorizes whether or not a virtual machine instance secured by SafeNet ProtectV can be launched. StartGuard enables a challenge response authentication mechanism to be inserted in the boot transition process when ProtectV is being started up, during the transition between the first to second phase of the boot process. StartGuard is configurable to suit customers’ security and privacy requirements."
2150Dell, Inc.
2300 West Plano Parkway
Plano, TX 75075
USA

Chris Burchett
TEL: 512-723-8065
FAX: 972-577-4375

Mike Phillips
TEL: 512-723-8420
FAX: 972-577-4375

CST Lab: NVLAP 200002-0
Dell-CREDANT Cryptographic Kernel (Mac Kernel Mode) [1], Dell-CREDANT Cryptographic Kernel (Mac User Mode) [2] and Dell-CREDANT Cryptographic Kernel (Linux User Mode) [3]
(Software Versions: 1.8 [1,2,3])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/13/2014Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Mac OS X Lion 10.7.3 (32-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [1]
Mac OS X Lion 10.7.3 (64-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [1]
Mac OS X Lion 10.7.3 (32-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [2]
Mac OS X Lion 10.7.3 (64-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [2]
Ubuntu Linux 11.04 (32-bit) running on a Dell Optiplex 755 [3]
Ubuntu Linux 11.04 (64-bit) running on a Dell Optiplex 755 [3] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2130 and #2131); Triple-DES (Certs. #1353 and #1354); SHS (Certs. #1854 and #1855); HMAC (Certs. #1300 and #1301); DRBG (Certs. #235 and #236)

-Other algorithms: Rijndael; RNG (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant)

Multi-chip standalone

"CREDANT CmgCryptoLib (also known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library implementing AES, DRBG SP 800-90A [CTR], SHA-2 [256, 384, 512], HMAC [SHA-1 & SHA-2], and Triple-DES. CmgCryptoLib is used by commercial products including CREDANT Mobile Guardian (CMG) and Dell Data Protection Encryption (DDPE). CREDANT provides a centrally managed data protection platform for authentication, encryption, access controls and data recovery for laptops, desktops, removable media, smart phones, servers, network shares, cloud storage and applications."
2149Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F3 10+ [1], nShield F3 500+ [2], nShield F3 6000+ [3], nShield F3 500+ for nShield Connect+ [4], nShield F3 1500+ for nShield Connect+ [5] and nShield F3 6000+ for nShield Connect+ [6]
(Hardware Versions: nC4033E-010 [1], nC4433E-500 [2], nC4433E-6K0 [3], nC4433E-500N [4], nC4433E-1K5N [5] and nC4433E-6K0N [6], Build Standard N; Firmware Versions: 2.51.10-2 and 2.55.1-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2014
11/24/2015
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Certs. #181 and #318); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
2148Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F3 10+ [1], nShield F3 500+ [2], nShield F3 6000+ [3], nShield F3 500+ for nShield Connect+ [4], nShield F3 1500+ for nShield Connect+ [5] and nShield F3 6000+ for nShield Connect+ [6]
(Hardware Versions: nC4033E-010 [1], nC4433E-500 [2], nC4433E-6K0 [3], nC4433E-500N [4], nC4433E-1K5N [5] and nC4433E-6K0N [6], Build Standard N; Firmware Versions: 2.51.10-3 and 2.55.1-3)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2014
11/24/2015
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Certs. #181 and #318); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
2145Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco 1941, 2901, 2911, 2921, 2951, 3925, 3945 Integrated Services Routers (ISRs) and ISM
(Hardware Versions: 1941 [12], 2901 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, A], 2911 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,13, B], 2921 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, C], 2951 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, D], [3925, 3945] [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, E], PVDM2-8 [1], PVDM2-16 [2], PVDM2-32 [3], PVDM2-48 [4], PVDM2-64 [5], PVDM3-16 [6], PVDM3-32 [7], PVDM3-64 [8], PVDM3-128 [9], PVDM3-192 [10], PVDM3-256 [11], ISM-VPN-19 [12], ISM-VPN-29 [13], ISM-VPN-39 [14], FIPS-SHIELD-2901= [A], FIPS-SHIELD-2911= [B], FIPS-SHIELD-2921= [C], FIPS-SHIELD-2951= [D] and FIPS-SHIELD-3900= [E] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A)
(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2014
08/06/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #963, #1115, #1536, #2343 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #538, #627, #1452 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #934, #1038, #2020, #2182 and #2208); Triple-DES (Certs. #758, #812, #1466 and #1566)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options. The VPN ISM is a module for the ISRs that provides the capability to considerably increase performance for VPN encrypted traffic,"
2143Dell, Inc.
1925 Isaac Newton Square East
Suite 440
Reston, VA 20190
USA

Joe Leslie
TEL: 949-754-1263
FAX: 949-754-8999

Jason Raymond
TEL: 617-261-6968

CST Lab: NVLAP 200002-0
Dell AppAssure Crypto Library
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/06/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Windows 2008 R2 64-bit running on Dell PowerEdge T610 with AES-NI
Windows 2008 R2 64-bit running on Dell PowerEdge T610 without AES-NI
Windows 2012 64-bit running on Dell PowerEdge R720 with AES-NI
Windows 2012 64-bit running on Dell PowerEdge R720 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2601); RSA (Cert. #1329); SHS (Cert. #2185)

-Other algorithms: N/A

Multi-chip standalone

"The Dell AppAssure Crypto Module provides data encryption functionality. The Module is a software component used by other software products to encrypt and decrypt data. The Module implements AES (Rijndael) CBC mode functions. Physically, the Module is a DLL file delivered with a file containing the DLL's digital signature."
2141Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200427-0
Brocade® FCX L2/L3 Switch and Brocade FastIron® SX Series L2/L3 Switch
(Hardware Versions: FI-SX800-S, FI-SX1600-AC, FI-SX1600-DC, FCX624S, FCX624S-HPOE-ADV, FCX624S-F-ADV, FCX648S, FCX648S-HPOE and FCX648S-HPOE-ADV with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: IronWare Release R07.3.00c)
(When operated in FIPS mode and with the tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/06/2014
06/05/2014
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2150); DRBG (Cert. #239); DSA (Cert. #668); HMAC (Cert. #1317); RSA (Cert. #1106); SHS (Cert. #1871); Triple-DES (Cert. #1363)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (non-compliant); RSA (key wrapping; non-compliant)

Multi-chip standalone

"The 24-port and 48-port models of the Brocade FCX Series of switches support Power over Ethernet (PoE) and non-PoE applications. They are designed to meet today's enterprise campus and data center network wire-speed and non-blocking performance requirement.The FastIron SX Series extends control from the network edge to the core with intelligent network services, such as Quality of Service (QoS). The FastIron SX Series provides a scalable, secure, low-latency, and fault-tolerant IP services solution for 1 and 10 Gigabit Ethernet (GbE) enterprise deployments."
2140Uplogix, Inc.
7600B N. Capital of Texas Hwy., Suite 220
Austin, TX 78731
USA

Martta Howard
TEL: 512-857-7043

CST Lab: NVLAP 200427-0
Uplogix 430 [1, a], 3200 [2, a], 500 [3, a, b] and 5000 [4, a b]
(Hardware Versions: 43-1102-50 [1], 37-0326-04 [2], 61-5050-33 [3] and 61-5500-33 [4] with Tamper Evident Labels Part No. (61-0001-00); Firmware Versions: 4.6.4.22900g [a] and 4.6.4.24340g [b])
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/30/2014
05/20/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2293); CVL (Certs. #46, #47 and #48); DRBG (Cert. #285); DSA (Cert. #719); HMAC (Cert. #1409); RSA (Cert. #1181); SHS (Cert. #1976); Triple-DES (Cert. #1442)

-Other algorithms: AES (non-compliant); DES; DSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits); HMAC (non-compliant); HMAC-MD5-96; HMAC-SHA-96 (non-compliant); IKE KDF; MD5; PBKDF2-SHA-256; RC4; RNG (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); SHS (non-compliant); Triple-DES (non-compliant)

Multi-chip standalone

"Uplogix is a network independent management platform that locates with - and directly connects to - managed devices. Standing alone or augmenting existing centralized management tools, Uplogix provides configuration, performance and security management actions that are best performed locally.Local Management reduces operational costs, speeds problem resolution, and improves security and compliance versus centralized-only management. Our local focus on network device automation enables the transition to more network sensitive cloud and virtual infrastructure technologies."
2136Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0
Aruba 7200 Series Controllers with ArubaOS FIPS Firmware
(Hardware Versions: Aruba 7210-F1, Aruba 7210-USF1, Aruba 7220-F1, Aruba 7220-USF1, Aruba 7240-F1, Aruba 7240-USF1 with FIPS kit 4011570-01; Firmware Version: ArubaOS 6.4.4-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/09/2014
03/20/2015
01/13/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2479, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1522, #1663 and #1666); KBKDF (Cert. #16); RSA (Certs. #1268, #1376, #1379 and #1380); SHS (Certs. #2098, #2246, #2249 and #2250); Triple-DES (Certs. #1518, #1605 and #1607)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2134Harris Corporation
RF Communications Division
1680 University Avenue
Rochester, NY 14610
USA

James White
TEL: 585-242-3917

Elias Theodorou
TEL: 585-720-8790

CST Lab: NVLAP 200928-0
RF-7800W Broadband Ethernet Radio
(Hardware Versions: RF-7800W-OU50x, OU47x and OU49x; Firmware Version: 2.00)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/24/2014Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2606); Triple-DES (Cert. #1571); DRBG (Certs. #398); SHS (Cert. #2190); HMAC (Cert. #1614); RSA (Cert. #1333); DSA (Cert. #791); KAS (Cert. #41); CVL (Cert. #100)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"The RF-7800W(-OU47x,-OU49x,-OU50x) Broadband Ethernet Radio(BER) is designed for High Capacity Line of Sight (HCLOS) networks with broadband Ethernet requirements. The radio can be mounted on a mast for quick deployment or on a tower system and is designed for long haul backbone systems. The BER operates in the 4.4 - 5.8 GHz frequency band. The BER is an ideal wireless networking solution for public safety, first responders, training and simulation networks and long haul/short haul battlefield communications. The RF-7800W operates in Point-to-Point and Point to Multipoint in the same platform."
2128Gigamon Inc.
3300 Olcott Street
Santa Clara, CA 95054
USA

Mike Valladao
TEL: 408-831-4000

CST Lab: NVLAP 200556-0
Gigamon Linux-Based Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode and when the module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/20/2014
10/23/2014
02/10/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with CentOS 6.3 on a GigaVUE-TA1(single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-chip standalone

"The Gigamon Linux-Based Cryptographic Module provides cryptographic functions for Gigamon products and solutions."
2127Athena Smartcard Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

Stéphanie Motré
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0
IDProtect Duo with LASER PKI
(Hardware Version: STMicroelectronics ST23YR80 Rev. G; Firmware Version: Athena IDProtect 0204.0355.0702 with LASER PKI Applet 3.0)
(When operated in FIPS mode. No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/09/2014
05/28/2014
Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #1830); RSA (Cert. #919); Triple-DES (Cert. #1183); Triple-DES MAC (Triple-DES Cert. #1183, vendor affirmed); DRBG (Cert. #144); SHS (Cert. #1609); ECDSA (Cert. # 253); CVL (Cert. #8)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman (CVL Cert. #8, key agreement; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1830, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
2126Integral Memory PLC.
Unit 6 Iron Bridge Close
Iron Bridge Business Park
Off Great Central Way
London, Middlesex NW10 0UF
United Kingdom

Patrick Warley
TEL: +44 (0)20 8451 8700
FAX: +44 (0)20 8459 6301

Francesco Rivieccio
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

CST Lab: NVLAP 200996-0
Integral AES 256 Bit Crypto SSD Underlying PCB
(Hardware Version: INSSD32GS25MCR140-2(R); INSSD64GS25MCR140-2(R); INSSD128GS25MCR140-2(R); INSSD256GS25MCR140-2(R); INSSD512GS25MCR140-2(R); INSSD1TS25MCR140-2(R); INSSD32GS18MCR140-2(R); INSSD64GS18MCR140-2(R); INSSD128GS18MCR140-2(R); INSSD256GS18MCR140-2(R); INSSD512GS18MCR140-2(R); INSSD1TGS18MCR140-2(R); Firmware Version: S5FDM018)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/09/2014Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2175); SHS (Cert. #1887); HMAC (Cert. #1335); DRBG (Cert. #254)

-Other algorithms: N/A

Multi-chip standalone

"Integral Crypto SSD is the Full Disk Encryption solution for Windows desktops and laptops. Featuring AES 256-bit Hardware Encryption so you can encrypt and protect your sensitive data and get the speed, reliability and power benefits of SSD. It comes in, 32 GB 64 GB 128 GB, 256 GB, 512 GB and 1TB SATA II & III versions. The devices feature an epoxy resin coating around both the circuit components and the printed circuit board (PCB)."
2125Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
ACT2Lite Module
(Hardware Version: 15-14497-02(NX315) or 15-14497-02(AT90S072) or 15-14497-02(NDS_ACT2_V1); Firmware Version: 1.5)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/09/2014
09/18/2015
09/30/2015
Overall Level: 1

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2556, #2742 and #3002); DRBG (Certs. #384, #461 and #572); ECDSA (Certs. #439, #480 and #550); HMAC (Certs. #1576, #1719 and #1899); RSA (Certs. #1309, #1438 and #1570); SHS (Certs. #2156, #2314 and #2513)

-Other algorithms: NDRNG

Single-chip

"ACT2-Lite (Anti-Counterfeit Technology 2 Lite) is the ACT family (ACT 1T, Quack 1 and 2) next generation. It is an ancillary security device containing product identity information and assertion functionality to support product identity for various usages including anti-counterfeit functionality as well as other security functionality to be used across many different hardware platforms."
2124Vidyo, Inc.
433 Hackensack Ave, 6th Floor
Hackensack, NJ 07601
USA

CST Lab: NVLAP 200556-0
Cryptographic Security Kernel
(Software Version: 2)
(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/09/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on a HP ProLiant GL380 without AES-NI
Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on a Dell PowerEdge R210 II with AES-NI
Mac OS X 10.6.8 32-bit running on a Mac Mini without AES-NI
Mac OS X 10.6.8 64-bit running on a Macbook Pro without AES-NI
Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on a Macbook Pro with AES-NI
Mac OS X 10.7.3 32-bit running on a Mac Mini without AES-NI
Mac OS X 10.7.3 64-bit running on a Macbook Air without AES-NI
Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on a Macbook Air with AES-NI
Windows XP with SP3 32 bit running on a IBM Thinkpad T60 without AES-NI
Windows XP with SP3 32 bit running on a Vidyo HD50 Room System with AES-NI
Windows 7 with SP1 32 bit running on a Mac Mini without AES-NI
Windows 7 with SP1 64 bit running on a Dell Precision M4300 without AES-NI
Windows 7 with SP1 32 bit running on a Vidyo HD40 Room System with AES-NI
Windows 7 with SP1 64 bit running on a Macbook Air with AES-NI
iOS 6.1 running on a Apple iPad 4
iOS 6.1 running on a Apple iPhone 5
Android 4.1.1 running on a Samsung Galaxy Tab 2 10.1
Android 4.1.1 running on a ASUS Transformer Prime
Android 4.1.2 running on a Samsung Galaxy Nexus S
Android 4.2.2 running on a Google Nexus 7
Android 4.0.4 running on a Samsung Galaxy SII
Android 4.1.2 running on a Samsung Galaxy SIII
Kindle Fire OS 8.4.3 running on a Amazon Kindle Fire HD 8.9 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2027, #2028 and #2576); DRBG (Certs. #194, #195 and #389); HMAC (Certs. #1229, #1230 and #1599); SHS (Certs. #1776, #1777 and #2175)

-Other algorithms: N/A

Multi-chip standalone

"The Vidyo Cryptographic Security Kernel (CSK) is a subset of the Vidyo Technology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications."
2121Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F2 500+ [1], nShield F2 1500+ [2] and nShield F2 6000+ [3]
(Hardware Versions: nC3423E-500 [1], nC3423E-1K5 [2] and nC3423E-6K0 [3], Build Standard N; Firmware Versions: 2.51.10-2 and 2.55.1-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/03/2014
06/05/2014
11/24/2015
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Cert. #181); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 500+, nShield F2 1500+ and nShield F2 6000+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
2119Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

Monty Forehand
TEL: 720-684-2835
FAX: 720-684-2733

Harshad Thakar
TEL: 720-684-2580
FAX: 720-684-2733

CST Lab: NVLAP 100432-0
Seagate Secure® TCG Opal SSC Self-Encrypting Drive FIPS 140-2 Module
(Hardware Versions: 1G1162 and 1G1164; Firmware Versions: SM72, SM73, DM72, DM73, DM82, DM83, HM72, HM73, HM82, HM83, LM72 and LM73)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/28/2014
05/21/2014
06/27/2014
Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1343 and #1974); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225); HMAC (Cert. #1597)

-Other algorithms: NDRNG

Multi-chip embedded

"The cryptographic module (CM) in the Seagate Secure® TCG Opal SSC Self-Encrypting Drive provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
2118Hewlett-Packard Development Company, L.P.
3000 Hanover Street
Palo Alto, CA 94394
USA

Mihai Damian
TEL: 650-236-5870

Sameer Popli
TEL: 650-258-3374

CST Lab: NVLAP 200002-0
NonStop Volume Level Encryption (NSVLE)
(Software Version: 2.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/03/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Debian Linux HPTE Version 5.0.0 running on an HP ProLiant DL380 Gen8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2375 and #2376); Triple-DES (Cert. #1486); SHS (Cert. #2047); DRBG (Cert. #311); HMAC (Cert. #1477); RSA (Cert. #1230); CVL (Cert. #228)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); MD5

Multi-chip standalone

"HP NonStop Volume Level Encryption, or NSVLE, is a fully integrated encryption solution using FIPS Approved algorithms to protect data from threats such as theft and unauthorized disclosure."
2116Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst 4507R-E, Catalyst 4507R+E, Catalyst 4510R-E, Catalyst 4510R+E, Catalyst C4500X-16SFP+, Catalyst C4500X-F-16SFP+, Catalyst C4500X-32SFP+, Catalyst C4500X-F-32SFP+, Catalyst C4500X-24X-ES, Catalyst C4500X-40X-ES, Catalyst C4500X-24X-IPB with Supervisor Cards (WS-X45-SUP7-E, WS-X45-Sup7L-E) and Line Cards (WS-X4640-CSFP-E, WS-X4712-SFP+E, WS-X4748-NGPOE+E, WS-X4748-RJ45-E and WS-X4748-RJ45V+E)
(Hardware Versions: Catalyst 4503-E [1, 3, 4, 5, 6, 8, A], Catalyst 4503-E [2, 5, 7, 8, A], Catalyst 4506-E [1, 3, 4, 5, 6, 7, 8, B], Catalyst 4506-E [2, 3, 4, 5, 6, 7, 8, B], Catalyst 4507R-E [1, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R-E [2, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R+E [1, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R+E [2, 3, 4, 5, 6, 7, 8, C], Catalyst 4510R-E [1, 3, 4, 5, 6, 7, 8, D], Catalyst 4510R+E [1, 3, 4, 5, 6, 7, 8, D], Catalyst C4500X-16SFP+ [E], Catalyst C4500X-F-16SFP+ [E], Catalyst C4500X-32SFP+ [E], Catalyst C4500X-F-32SFP+ [E], Catalyst C4500X-24X-ES [E], Catalyst C4500X-40X-ES [E], Catalyst C4500X-24X-IPB [E], Supervisor Card WS-X45-SUP7-E [1], Supervisor Card WS-X45-SUP7L-E [2], Line Card WS-X4748-RJ45V+E [3], Line Card WS-X4712-SFP+E [4], Line Card WS-X4640-CSFP-E [5], Line Card WS-X4748-NGPOE+E [6], Line Card WS-X4748-RJ45-E [7], Filler Plate (C4K-SLOT-CVR-E) [8] and FIPS kit packaging (WS-C4503-FIPS-KIT= [A], WS-C4506-FIPS-KIT= [B], WS-C4507-FIPS-KIT= [C], WS-C4510-FIPS-KIT= [D] and CVPN4500FIPS/KIT= [E]); Firmware Version: IOS-XE 3.5.2E)
(When operated in FIPS mode with tamper evident labels and security devices installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/26/2014
04/16/2014
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1589, #2057 and #2624); CVL (Cert. #105); DRBG (Cert. #403); HMAC (Cert. #1622); RSA (Certs. #1339 and #1341); SHS (Certs. #2198 and #2200); Triple-DES (Cert. #1575)

-Other algorithms: Diffie-Hellman (CVL Cert. #105, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD4; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev."
2110BlackBerry Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

Security Certifications Team
TEL: 519-888-7465 x72921
FAX: 905-507-4230

CST Lab: NVLAP 200928-0
BlackBerry Cryptographic Library for Secure Work Space
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section A.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/21/2014
01/24/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110
Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110
Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2
Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2
iOS v5 running on a iPad3
iOS v6 running on a iPhone5
Android v4.1 running on a Samsung Galaxy SIII (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2544); CVL (Cert. #89); DRBG (Cert. #377); DSA (Cert. #776); ECDSA (Cert. #436); HMAC (Cert. #1565); RSA (Cert. #1298); SHS (Cert. #2145); Triple-DES (Cert. #1539)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength), RNG; DRBG (non-compliant)

Multi-chip standalone

"BlackBerry® provides a suite of hardware, software, and services, which allow customers to utilize a single end-to-end Mobile Device Management (MDM) solution. The BlackBerry Cryptographic Library for Secure Work Space is a software module that provides cryptographic services required for secure operation of non-BlackBerry® devices running supported operating systems, when used in conjunction with BlackBerry® MDM solutions."
2107Vocera Communications, Inc.
525 Race Street
San Jose, CA 95126
USA

Thirumalai T. Bhattar
TEL: 408-882-5841
FAX: 408-882-5101

Ken Peters
TEL: 408-882-5858
FAX: 408-882-5101

CST Lab: NVLAP 200996-0
Vocera Cryptographic Module
(Hardware Version: 88W8688; Firmware Version: 2.0; Software Version: 2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid03/19/2014Overall Level: 1

-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Vocera Embedded Linux Version 1.1 running on a Vocera B3000 badge (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2224 and #2225); HMAC (Cert. #1353); SHS (Cert. #1914); RSA (Cert. #1139); DRBG (Cert. #261)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"Vocera B3000 Badge is a wearable hands-free voice-controlled device that provides easy-to-use and instantaneous communication on a wireless LAN network. The Vocera Cryptographic Module, embedded in the B3000 Badge, ensures protected communications using industry-standard secure wireless communication protocols."
2106DTECH LABS, Inc.
22876 Shaw Road
Sterling, VA 20166
USA

Brian K. Everhart
TEL: 703-547-0638

Patrick Higdon
TEL: 703-563-0633

CST Lab: NVLAP 200427-0
M3-SE-RTR2 and TXC3
(Hardware Versions: M3-SE-RTR2-FIPS and TXC3-FIPS with DT-FIPS-TEL; Firmware Version: 15.2(2)GC)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/19/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2031); DRBG (Cert. #196); HMAC (Certs. #537 and #1232); RSA (Cert. #1055); SHS (Certs. #933 and #1779); Triple-DES (Certs. #757 and #1310)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The M3-SE-RTR2 and TXC3 are high-performance, ruggedized routers utilizing the Cisco 5915 ESR. With onboard hardware encryption, the Cisco 5915 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The M3-SE-RTR2 and TXC3 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
2101Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 100432-0
Symantec Mobility: Suite Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/14/2014
04/03/2014
07/23/2015
02/12/2016
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3
iOS 7 running on a iPad 3
Android 4.0 running on a Galaxy Nexus (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-chip standalone

"The Symantec Mobility: Suite Cryptographic Module Version 1.0 provides cryptographic functions for Symantec Mobility: Suite, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices."
2100Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200928-0
Cisco FIPS Object Module
(Software Version: 4.1)
(When installed, initialized and configured as specified in the Security Policy Section 3.2 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/07/2014Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Linux 2.6 running on an Octeon Evaluation Board EBH5200 without Octeon
Linux 2.6 running on an Octeon Evaluation Board EBH5200 with Octeon
Linux 2.6 running on a Cisco ASR1002
Android v4.0 running on a Samsung Galaxy S II
Windows 7 running on a Cisco UCS C200 M2 without AES-NI
Windows 7 running on a Cisco UCS C210 M2 with AES-NI
FreeBSD 9.0 running on a Cisco UCS C210 M2 without-AES-NI
Linux 2.6 running on a Cisco UCS C22 M3 with AES-NI
Linux 2.6 running an Intel Xeon on a Cisco UCS C200 M2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2678 and #2685); Triple-DES (Certs. #1606 and #1611); SHS (Certs. #2247 and #2256); HMAC (Certs. #1664 and #1672); DRBG (Certs. #431 and #435); RSA (Certs. #1377 and #1385); DSA (Certs. #812 and #814); ECDSA (Certs. #467 and #471); CVL (Certs. #151 and #153)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less then 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols."
2099Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

Joe Tomasello
TEL: 415-344-5756

Andy Pang
TEL: 415-247-7341

CST Lab: NVLAP 200928-0
Riverbed Cryptographic Security Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 4 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/07/2014
04/16/2014
09/25/2014
12/15/2015
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with RiOS 8.0 x86 32-bit running on Riverbed Steelhead Appliance
RiOS 8.0 x86 64-bit running on Riverbed Steelhead Appliance
RiOS 8.0 x86 64-bit on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI
RiOS 8.0 x86 64-bit on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI
Stingray Traffic Manager Virtual Appliance x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI
Stingray Traffic Manager Virtual Appliance x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI
RiOS 8.0 x86 64-bit running on Riverbed Steelhead Appliance with AES-NI
Granite OS 2.0 running on Riverbed Granite Core Appliance
Granite OS 2.0 x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI
Granite OS 2.0 x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI
Whitewater OS 3.0 running on Whitewater Appliance without AES-NI
Whitewater OS 3.0 running on Whitewater Appliance with AES-NI
Whitewater OS 3.0 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI
Whitewater OS 3.0 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI
Interceptor OS 4.5 running on Riverbed Interceptor Appliance
RiOS 8.6 32-bit running on Riverbed Steelhead Appliance
RiOS 8.6 64-bit running on Riverbed Steelhead Appliance
RiOS 8.6 64-bit on Vmware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI
RiOS 8.6 64-bit on Vmware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI
RiOS 8.6 64-bit running on Riverbed Steelhead Appliance with AES-NI
Steelhead Mobile Controller 4.6 running on SMC without AES-NI
Steelhead Mobile Controller 4.6 running on SMC with AES NI
Steelhead Mobile Controller 4.6 on Vmware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI
Steelhead Mobile Controller 4.6 on Vmware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2374); CVL (Cert. #65); DRBG (Cert. #310); DSA (Cert. #745); ECDSA (Cert. #392); HMAC (Cert. #1476); RSA (Cert. #1229); SHS (Cert. #2046); Triple-DES (Cert. #1485)

-Other algorithms: RSA (encrypt/decrypt); EC Diffie-Hellman; RNG (non-compliant); DRBG (non-compliant)

Multi-chip standalone

"The Riverbed Cryptographic Security Module provides the cryptographic functionality for a variety of Riverbed's platforms including Steelhead and Granite appliances. These network appliances deliver a scalable Wide Area Data Services (WDS) solution, transparently and securely optimizing performance across an enterprise network, and the Stingray software family is used to optimize, secure, and accelerate performance of online applications."
2097RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE(R) Crypto-C Micro Edition
(Software Version: 4.0.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/05/2014
11/25/2014
02/03/2016
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3


-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 32-bit)
Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 64-bit)
Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit)
Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with AES-NI (x86 32-bit)
Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit)
Red Hat Enterprise Linux 5.5 running on a HP rx2600 (Itanium2 64-bit)
Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit)
Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit)
Red Hat Enterprise Linux 6.0 running on a Intel Maho Bay with AES-NI (x86 64-bit)
Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8 32-bit)
Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8+ 32-bit)
Oracle Solaris 10 running on a Sun Fire V240 (SPARC v9 64-bit)
Oracle Solaris 10 running on a Dell Poweredge SC420 (x86 32-bit)
Oracle Solaris 10 running on a Intel Sugar Bay with AES-NI (x86 32-bit)
Oracle Solaris 10 running on a Dell Dimension E521 (x86 64-bit)
Oracle Solaris 10 running on a Intel Sugar Bay with AES-NI (x86 64-bit)
Microsoft Windows XP Professional SP3 running on a Dell Poweredge SC420 (x86 32-bit)
Microsoft Windows XP Professional SP3 running on a Dell Precision M6500 with AES-NI (x86 32-bit)
Microsoft Windows XP Professional SP2 running on a Indus Technologies Idex 410 (x86 64-bit)
Microsoft Windows 7 SP1 running on a Dell Precision M6500 with AES-NI (x86 64-bit)
Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 32-bit)
Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 64-bit)
Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit)
Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit)
IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 32-bit)
IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 64-bit)
IBM AIX v6.1 running on a IBM 9110-51A (PPC 32-bit)
IBM AIX v6.1 running on a IBM 9110-51A (PPC 64-bit)
IBM AIX v7.1 running on a IBM 8231-E2B (PPC 32-bit)
IBM AIX v7.1 running on a IBM 8231-E2B (PPC 64-bit)
HP HP-UX 11.23 running on a HP Visualize C3600 (PA RISC 2.0 32-bit)
HP HP-UX 11.23 running on a HP Visualize C3600 (PA-RISC 2.0W 64-bit)
HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 32-bit)
HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 64-bit)
Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 32-bit)
Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; Dual EC DRBG; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RNG (Cert. #1057); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2095Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 100432-0
Symantec Mobility: Suite Server Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/28/2014
07/23/2015
02/11/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with CentOS 6.3 on a Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-chip standalone

"The Symantec Mobility: Suite Server Cryptographic Module provides cryptographic functions for the Server component of Symantec Mobility: Suite, a scalable solution for deploying and managing native and web apps on corporate‐liable and employee‐owned mobile devices."
2093Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Catalyst 3560-C [1], 3560-X [2] and 3750-X [3] Switches
(Hardware Versions: [3560CG-8PC-S, 3560CG-8TC-S and 3560CPD-8PT-S] [1] [B], [(WS-C3560X-24P-L and WS-C3560X-48T-L) [2] and (WS- C3750X-12S, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P and WS-C3750X-48T) [3]] with [C3KX-SM-10G, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK and C3KX-NM-10GT] [A] with FIPS kit packaging [C3KX-FIPS-KIT 700-34443-01] [A] and [C3KX-FIPS-KIT 47-25129-01] [B]; Firmware Version: 15.0(2)SE4)
(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/27/2014
03/12/2014
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1269, #1275 and #2134); DRBG (Cert. #237); HMAC (Cert. #1304); RSA (Cert. #1100); SHS (Cert. #1858); Triple-DES (Cert. #1358)

-Other algorithms: AES (Cert. #2134, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules."
2091Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs)
(Hardware Versions: [15454-M2-SA, 15454-M6-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9 and 15454-M-WSE-K9] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 9.8)
(When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/26/2014Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2352, #2369, #2546 and #2548); DRBG (Certs. #379 and #381); HMAC (Certs. #1567 and #1569); KBKDF (Cert. #12); RSA (Certs. #1301 and #1303); SHS (Certs. #2147 and #2149); Triple-DES (Cert. #1541)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4

Multi-chip standalone

"The Cisco ONS 15454 Multiservice Transport Platform (MSTP) is the most deployed metropolitan-area (metro) and regional dense wavelength division multiplexing (DWDM) solution in the world featuring two- through eight-degree reconfigurable optical add/drop multiplexer (ROADM) technology that enables wavelength provisioning across entire networks and eliminates the need for optical-to-electrical-to-optical (OEO) transponder conversions."
2089HGST, Inc.
5601 Great Oaks Parkway
Building 50-3/C-346
San Jose, CA 95119
USA

Michael Good
TEL: 408-717-6261
FAX: 408-717-9494

Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar SSD800/1000/1600 TCG Enterprise SSDs
(Hardware Versions: P/Ns HUSMH8080ASS205 (0001) [1, 2, 3, 4], HUSMH8080ASS205 (0002) [4, 9], HUSMH8080BSS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMH8040ASS205 (0001) [1, 2, 3, 4], HUSMH8040ASS205 (0002) [4, 9], HUSMH8040BSS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMH8020ASS205 (0001) [1, 2, 3, 4], HUSMH8020ASS205 (0002) [4, 9], HUSMH8020BSS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMH8010BSS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMM8080ASS205 (0001) [1, 2, 3, 4], HUSMM8080ASS205 (0002) [4, 9], HUSMM8040ASS205 (0001) [1, 2, 3, 4], HUSMM8040ASS205 (0002) [4, 9], HUSMM8020ASS205 (0001) [1, 2, 3, 4], HUSMM8020ASS205 (0002) [4, 9], HUSMM1680ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 27, 28, 29, 30], HUSMM1640ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMM1620ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMM1616ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 27, 28, 29, 30], HUSMR1619ASS235 (0003) [25], HUSMR1619ASS205 (0003) [10, 16, 17, 24, 25, 31, 32], HUSMR1010ASS205 (0001) [1, 2, 3, 4], HUSMR1010ASS205 (0002) [4, 9], HUSMR1050ASS205 (0001) [1, 2, 3, 4], HUSMR1050ASS205 (0002) [4, 9], HUSMR1025ASS205 (0001) [1, 2, 3, 4], HUSMR1025ASS205 (0002) [4, 9], HUSMR1680ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMR1650ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMR1640ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMR1625ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], HUSMR1616ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28], and HUSMR1610ASS205 (0003) [5, 6, 7, 8, 11, 12, 13, 14, 15, 18, 19, 20, 21, 22, 23, 26, 28]; Firmware Versions: R210 [1], R230 [2], R232 [3], R252 [4], P216 [5], P218 [6], P250 [7], P252 [8], R254 [9], R104 [10], P217 [11], P292 [12], P298 [13], P29A [14], P2C0 [15], R106 [16], R120 [17], P21J [18], P29C [19], P29E [20], P2CA [21], P2CC [22], P2E0 [23], R108 [24], R130 [25], P2F0 [26], K2CC [27], P300 [28], P302 [29], D302 [30], R154 [31] or G155 [32])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/25/2014
04/03/2014
04/11/2014
07/17/2014
09/12/2014
10/23/2014
12/31/2014
01/23/2015
02/13/2015
05/29/2015
08/07/2015
09/04/2015
09/30/2015
12/09/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed);

-Other algorithms: AES (Cert. #2365, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG

Multi-chip embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar SSD800/1000 series are 12Gbs SAS, TCG Enterprise SSDs.10/23/14: Added HW HUSMH8080ASS205, HUSMH8040ASS205, HUSMH8020ASS205, HUSMM8080ASS205, HUSMM8040ASS205, HUSMM8020ASS205, HUSMR1010ASS205, HUSMR1050ASS205, HUSMR1025ASS205"
2086Oracle Corporation
500 Eldorado Blvd., Bldg 5
Broomfield, CO 80021
USA

Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0
StorageTek T10000C Tape Drive
(Hardware Version: P/N 7054185; Firmware Version: 1.57.308)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/22/2014Overall Level: 1

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1568, #1570, #2404, #2405, #2406, #2407 and #2412); DRBG (Cert. #322); HMAC (Certs. #1497 and #1498); SHS (Certs. #2065 and #2066); RSA (Cert. #1246); CVL (Cert. #82)

-Other algorithms: AES (Cert. #2406, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"The Oracle StorageTek T10000C Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000C Tape Drive delivers the world’s fastest write speeds to a native 5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution."
2082Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku, Tokyo 105-8001
Japan

Hiroshi Ito
TEL: +81-45-776-5624
FAX: +81-45-776-5624

CST Lab: NVLAP 200822-0
Toshiba Secure TCG Opal SSC and Wipe technology Self-Encrypting Drive (MQ01ABU050BW, MQ01ABU032BW and MQ01ABU025BW)
(Hardware Version: AA; Firmware Version: FN001S)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/13/2014
04/23/2014
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2447 and #2448); HMAC (Cert. #1511); SHA (Cert. #2081); DRBG (Cert. #334);

-Other algorithms: NDRNG

Multi-chip embedded

"The Toshiba Secure TCG Opal SSC and Wipe Technology Self-Encrypting Drive is used for hard disk drive data security. This cryptographic module provides various cryptographic services using FIPS approved algorithms. Services are provided through an industry-standard TCG Opal SSC and the Toshiba Wipe Technology. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA ranges, host device authentication and secure automatic data invalidation. The last two services are provided by the Toshiba Wipe Technology."
2081Dispersive Technologies, Inc.
2555 Westside Parkway
Suite 500
Alpharetta, GA 30004
USA

Douglas Dimola
TEL: 844.403.5851

CST Lab: NVLAP 200556-0
V2VNet Common Crypto Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/22/2014
09/18/2015
02/26/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
Mac OS X 10.8 on a MacBook Air (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-chip standalone

"V2VNet Common Crypto Module provides cryptographic functions for Dispersive Solutions V2VNet Server Edition, a scalable solution allowing clients to communicate directly with other clients, and securely route voice, video and data communications."
2080Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CN6000 Series Encryptors
(Hardware Versions: CN6040 Series: A6040B [O] (AC), A6040B [Y] (AC), A6041B [O] (DC), A6041B [Y] (DC), A6042B [O] (AC/DC) and A6042B [Y] (AC/DC); CN6100 Series: A6100B [O] (AC), A6100B [Y] (AC), A6101B [O] (DC), A6101B [Y] (DC), A6102B [O] (AC/DC) and A6102B [Y] (AC/DC); Firmware Version: 2.3.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/10/2014Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2582, #2583, #2584 and #2586); Triple-DES (Cert. #1562); RSA (Cert. #1324); SHS (Cert. #2177); HMAC (Cert. #1601); DRBG (Cert. #391); CVL (Cert. #113)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN6000 Series Encryptor is a high-speed standards based hardware encryption platform designed to secure data transmitted over optical and twisted-pair Ethernet and optical Fibre Channel networks. Two models are validated: the CN6100 10G Ethernet Encryptor operating at a line rate of 10Gb/s and the CN6040, a protocol selectable model operating at data rates up to 4Gb/s. Configured in Ethernet mode the CN6040 model supports rates of 10Mb/s, 100Mb/s & 1Gb/s and in Fibre Channel mode supports rates of 1.0625, 2.125 & 4.25Gb/s. Data privacy is provided by FIPS approved AES algorithms."
2079Hewlett-Packard Development Company, L.P.
11445 Compaq Center Drive West
Houston, TX 77070
USA

Rahul Philip Mampallil
TEL: +91 80 33841568

Karthik Bhagawan
TEL: +91 80 25166873
FAX: +91 80 28533522

CST Lab: NVLAP 200928-0
HP-UX Kernel Cryptographic Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode; The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/07/2014Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with HP-UX 11i v3 running on an HP Integrity BL860c i2 server blade (single user mode)

-FIPS Approved algorithms: AES (Cert. #2488); SHS (Cert. #2106); HMAC (Cert. #1530); DRBG (Cert. #346); RSA (Cert. #1277)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"HP-UX Kernel Crypto Module (HP-UX KCM) is a kernel-space crypto engine in the HP-UX operating system containing core cryptographic algorithms and operations in a single shared library. It implements asymmetric, symmetric, and digest operations that are used by HP-UX security solutions. HP-UX KCM is available on HP-UX 11i v3 operating system on the HP Integrity Platform (IA-64)."
2074ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009
USA

David Schmolke
TEL: 760-476-2461
FAX: 760-476-4110

Richard Quintana
TEL: 760-476-2481
FAX: 760-476-4110

CST Lab: NVLAP 100432-0
Embeddable Security System (ES-1200)
(Hardware Versions: P/N 1174941, Rev. 001; Firmware Version: 1.0.7)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/22/2014
03/12/2014
Overall Level: 2

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2633, #2634 and #2635); DRBG (Cert. #406); SHS (Cert. #2207)

-Other algorithms: NDRNG

Multi-chip embedded

"The ES-1200 is a low cost, size, weight & power multichip programmable embedded cryptographic module. It provides encryption and decryption services, plaintext bypass, key management, and PIN-based access control. The ES-1200 is intended for use in environments where FIPS 140-2 Level 2 cryptographic products are required. Typical applications are military Transmission Security (TRANSEC), Communications Security (COMSEC), and Data-At-Rest (DAR) using Suite B cryptography."
2073GoldKey Security Corporation
26900 E Pink Hill Road
Independence, MO 64057
USA

GoldKey Sales & Customer Service
TEL: 816-220-3000
FAX: 419-301-3208

Jon Thomas
TEL: 567-270-3830
FAX: 419-301-3208

CST Lab: NVLAP 200658-0
GoldKey Security Token Cryptographic Module
(Hardware Version: IC USB-CONTROLLER-2LF; Firmware Version: 7.12)
(When operated in FIPS mode with Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/29/2014Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2347); SHS (Cert. #2024); DRBG (Cert. #297); Triple-DES (Cert. #1470); EC Diffie-Hellman (CVL Cert. #54, key agreement); RSA (Cert. #1210); RSA (CVL Cert. #54, signature primitive); ECDSA (Cert. #384)

-Other algorithms: N/A

Single-chip

"Provides cryptographic algorithm implementation for GoldKey Products"
2072Chunghwa Telecom Co., Ltd.
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan 326
Republic of China

Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

Char-Shin Miou
TEL: +886 3 424 4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0
HiCOS PKI Native Smart Card Cryptographic Module
(Hardware Version: RS45C; Firmware Versions: HardMask: 2.2 and SoftMask: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/29/2014
04/22/2016
Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1419); Triple-DES MAC (Triple-DES Cert. #1419, vendor affirmed); SHS (Cert. #1953); RSA (Cert. #1165); DRBG (Cert. #280)

-Other algorithms: NDRNG; Triple-DES (Cert. #1419, key wrapping; key establishment methodology provides 112-bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate."
2070API Technologies Corp.
4705 S. Apopka Vineland Road
Suite 210
Orlando, FL 32819
USA

Henry Gold
TEL: 855-294-3800

CST Lab: NVLAP 200556-0
Common Crypto Module for PRIISMS, PRIISMS RD, SA5600-IA and NetGard MFD
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/24/2014
04/23/2014
02/10/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-chip standalone

"The Common Crypto Module for PRIISMS, PRIISMS RD, SA5600-IA, and NetGard MFD is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions and features robust algorithm support, including Suite B algorithms."