CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 4/24/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
2135 AFORE Solutions Inc.
2680 Queensview Drive
Suite 150
Ottawa, ON K2B 8J9
Canada

-Tim Bramble
TEL: 613-224-5995 x232
FAX: 613-224-5410

CST Lab: NVLAP 200928-0

CloudLink Crypto Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 9 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 04/24/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Ubuntu 12.04 on VMWare ESXi 5.1.0 running on a Dell PowerEdge R520 with AES-NI; Ubuntu 12.04 on VMWare ESXi 5.1.0 running on a Dell PowerEdge R520 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2545); Triple-DES (Cert. #1540); SHS (Cert. #2146); HMAC (Cert. #1566); RNG (Cert. #1220); DRBG (Cert. #378); RSA (Cert. #1300); DSA (Cert. #778); CVL (Cert. #104)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECC CDH (non-compliant); ECDSA (non-compliant); Dual-EC DRBG (non-compliant)

Multi-chip standalone

"The CloudLink Crypto Module is a general purpose cryptographic library which provides cryptographic services for all CloudLink application modules."
2134 Harris Corporation
RF Communications Division
1680 University Avenue
Rochester, NY 14610
USA

-James White
TEL: 585-242-3917

-Elias Theodorou
TEL: 585-720-8790

CST Lab: NVLAP 200928-0

RF-7800W Broadband Ethernet Radio
(Hardware Versions: RF-7800W-OU50x, OU47x and OU49x; Firmware Version: 2.00)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/24/2014 Overall Level: 2 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2606); Triple-DES (Cert. #1571); DRBG (Certs. #398); SHS (Cert. #2190); HMAC (Cert. #1614); RSA (Cert. #1333); DSA (Cert. #791); KAS (Cert. #41); CVL (Cert. #100)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"The RF-7800W(-OU47x,-OU49x,-OU50x) Broadband Ethernet Radio(BER) is designed for High Capacity Line of Sight (HCLOS) networks with broadband Ethernet requirements. The radio can be mounted on a mast for quick deployment or on a tower system and is designed for long haul backbone systems. The BER operates in the 4.4 - 5.8 GHz frequency band. The BER is an ideal wireless networking solution for public safety, first responders, training and simulation networks and long haul/short haul battlefield communications. The RF-7800W operates in Point-to-Point and Point to Multipoint in the same platform."
2127 Athena Smartcard, Inc.
20380 Town Center Lane
Suite 240
Cupertino, CA 95014
USA

-Ian Simmons
TEL: 408-865-0112
FAX: 408-865-0333

CST Lab: NVLAP 100432-0

IDProtect Duo with LASER PKI
(Hardware Version: STMicroelectronics ST23YR80 Rev. G; Firmware Version: Athena IDProtect 0204.0355.0702 with LASER PKI Applet 3.0)

(When operated in FIPS mode. No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/09/2014 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1830); RSA (Cert. #919); Triple-DES (Cert. #1183); Triple-DES MAC (Triple-DES Cert. #1183, vendor affirmed); DRBG (Cert. #144); SHS (Cert. #1609); ECDSA (Cert. # 253); CVL (Cert. #8)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman (CVL Cert. #8, key agreement; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1830, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
2126 Integral Memory PLC.
Unit 6 Iron Bridge Close
Iron Bridge Business Park
Off Great Central Way
London, Middlesex NW10 0UF
United Kingdom

-Patrick Warley
TEL: +44 (0)20 8451 8700
FAX: +44 (0)20 8459 6301

-Francesco Rivieccio
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

CST Lab: NVLAP 200996-0

Integral AES 256 Bit Crypto SSD Underlying PCB
(Hardware Versions: INSSD32GS25MCR140-2(R); INSSD64GS25MCR140-2(R); INSSD128GS25MCR140-2(R); INSSD256GS25MCR140-2(R); INSSD512GS25MCR140-2(R); INSSD1TS25MCR140-2(R); INSSD32GS18MCR140-2(R); INSSD64GS18MCR140-2(R); INSSD128GS18MCR140-2(R); INSSD256GS18MCR140-2(R); INSSD512GS18MCR140-2(R); INSSD1TGS18MCR140-2(R); Firmware Version: S5FDM018)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/09/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2175); SHS (Cert. #1887); HMAC (Cert. #1335); DRBG (Cert. #254)

-Other algorithms: N/A

Multi-chip standalone

"Integral Crypto SSD is the Full Disk Encryption solution for Windows desktops and laptops. Featuring AES 256-bit Hardware Encryption so you can encrypt and protect your sensitive data and get the speed, reliability and power benefits of SSD. It comes in, 32 GB 64 GB 128 GB, 256 GB, 512 GB and 1TB SATA II & III versions. The devices feature an epoxy resin coating around both the circuit components and the printed circuit board (PCB)."
2125 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

ACT2Lite Module
(Hardware Version: 15-14497-02(NX315) or 15-14497-02(AT90S072); Firmware Version: 1.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/09/2014 Overall Level: 1 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2556 and #2742); DRBG (Certs. #384 and #461); ECDSA (Certs. #439 and #480); HMAC (Certs. #1576 and #1719); RSA (Certs. #1309 and #1438); SHS (Certs. #2156 and #2314)

-Other algorithms: NDRNG

Single-chip

"ACT2-Lite (Anti-Counterfeit Technology 2 Lite) is the ACT family (ACT 1T, Quack 1 and 2) next generation. It is an ancillary security device containing product identity information and assertion functionality to support product identity for various usages including anti-counterfeit functionality as well as other security functionality to be used across many different hardware platforms."
2124 Vidyo, Inc.
433 Hackensack Ave, 6th Floor
Hackensack, NJ 07601
USA

CST Lab: NVLAP 200556-0

Cryptographic Security Kernel
(Software Version: 2)

(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/09/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on a HP ProLiant GL380 without AES-NI; Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on a Dell PowerEdge R210 II with AES-NI; Mac OS X 10.6.8 32-bit running on a Mac Mini without AES-NI; Mac OS X 10.6.8 64-bit running on a Macbook Pro without AES-NI; Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on a Macbook Pro with AES-NI; Mac OS X 10.7.3 32-bit running on a Mac Mini without AES-NI; Mac OS X 10.7.3 64-bit running on a Macbook Air without AES-NI; Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on a Macbook Air with AES-NI; Windows XP with SP3 32 bit running on a IBM Thinkpad T60 without AES-NI; Windows XP with SP3 32 bit running on a Vidyo HD50 Room System with AES-NI; Windows 7 with SP1 32 bit running on a Mac Mini without AES-NI; Windows 7 with SP1 64 bit running on a Dell Precision M4300 without AES-NI; Windows 7 with SP1 32 bit running on a Vidyo HD40 Room System with AES-NI; Windows 7 with SP1 64 bit running on a Macbook Air with AES-NI; iOS 6.1 running on a Apple iPad 4; iOS 6.1 running on a Apple iPhone 5; Android 4.1.1 running on a Samsung Galaxy Tab 2 10.1; Android 4.1.1 running on a ASUS Transformer Prime; Android 4.1.2 running on a Samsung Galaxy Nexus S; Android 4.2.2 running on a Google Nexus 7; Android 4.0.4 running on a Samsung Galaxy SII; Android 4.1.2 running on a Samsung Galaxy SIII; Kindle Fire OS 8.4.3 running on a Amazon Kindle Fire HD 8.9 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2027, #2028 and #2576); DRBG (Certs. #194, #195 and #389); HMAC (Certs. #1229, #1230 and #1599); SHS (Certs. #1776, #1777 and #2175)

-Other algorithms: N/A

Multi-chip standalone

"The Vidyo Cryptographic Security Kernel (CSK) is a subset of the Vidyo Technology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications."
2123 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Virtual Appliance for VMware
(Software Version: 8.3.1)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/09/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with McAfee SecureOS v8.3 on VMware ESXi 5.0 running on a McAfee S7032 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1963, #2304 and #2306); Triple-DES (Certs. #1275, #1452 and #1454); SHS (Certs. #1722, #1989 and #1991); HMAC (Certs. #1184, #1419 and #1421); RNG (Certs. #1032, #1147 and #1149); RSA (Certs. #1188 and #1190); DSA (Certs. #723 and #725)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2122 VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

-Eric Betts
TEL: 1-650-427-1902

CST Lab: NVLAP 200928-0

VMware Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/04/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server; VMware vCloud Networking and Security 5.5.0a vShield Manager OS (VMware vCloud Networking and Security 5.5.0a App Firewall OS) on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1620); AES (Cert. #2701); SHS (Cert. #2268); HMAC (Cert. #1682); RNG (Cert. #1255); DSA (Cert. #822); RSA (Cert. #1399)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The VMware Cryptographic Module is a software library providing FIPS 140-2 -approved cryptographic algorithms and services for protecting data-in-transit and data-at-rest on VMware products and platforms."
2121 Thales-eSecurity Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0

nShield F2 500+ [1], nShield F2 1500+ [2] and nShield F2 6000+ [3]
(Hardware Versions: nC3423E-500 [1], nC3423E-1K5 [2] and nC3423E-6K0 [3], Build Standard N; Firmware Version: 2.51.10-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/03/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Cert. #181); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 500+, nShield F2 1500+ and nShield F2 6000+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
2120 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0

Samsung OpenSSL Cryptographic Module
(Software Version: SecOpenSSL2.0.3)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/28/2014 Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Android Jelly Bean 4.1 running on Samsung Galaxy Note II; Android Jelly Bean 4.2 running on Samsung Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2351 and #2411); HMAC (Certs. #1458 and #1496); SHS (Certs. #2026 and #2069); Triple-DES (Certs. #1471 and #1501); RSA (Certs. #1212 and #1245); DSA (Certs. #735 and #753); ECDSA (Certs. #386 and #396); RNG (Certs. #1171 and #1190); DRBG (Certs. #299 and #321); CVL (Certs #56 and #72)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Triple-DES-CTR (non-compliant); AES-CTR (non-compliant); MD4; MD5; MDC-2; RC2; RC4; RIPEMD-160; Diffie-Hellman; md_rand.c; DRBG (Certs. #299 and #321; DUAL-EC; non-compliant)

Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
2119 Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

-Monty Forehand
TEL: 720-684-2835
FAX: 720-684-2733

-Harshad Thakar
TEL: 720-684-2580
FAX: 720-684-2733

CST Lab: NVLAP 100432-0

Seagate Secure® TCG Opal SSC Self-Encrypting Drive FIPS 140-2 Module
(Hardware Version: 1G1162 and 1G1164; Firmware Version: SM72, DM72, DM82, HM72, HM82 and LM72)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/28/2014 Overall Level: 2 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1343 and #1974); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225); HMAC (Cert. #1597)

-Other algorithms: NDRNG

Multi-chip embedded

"The cryptographic module (CM) in the Seagate Secure® TCG Opal SSC Self-Encrypting Drive provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
2118 Hewlett-Packard Development Company, L.P.
3000 Hanover Street
Palo Alto, CA 94394
USA

-Mihai Damian
TEL: 650-236-5870

-Sameer Popli
TEL: 650-258-3374

CST Lab: NVLAP 200002-0

NonStop Volume Level Encryption (NSVLE)
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/03/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Debian Linux HPTE Version 5.0.0 running on an HP ProLiant DL380 Gen8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2375 and #2376); Triple-DES (Cert. #1486); SHS (Cert. #2047); DRBG (Cert. #311); HMAC (Cert. #1477); RSA (Cert. #1230); CVL (Cert. #228)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); MD5

Multi-chip standalone

"HP NonStop Volume Level Encryption, or NSVLE, is a fully integrated encryption solution using FIPS Approved algorithms to protect data from threats such as theft and unauthorized disclosure."
2117 Juniper Networks, Inc.
1194 North Matilda Ave
Sunnyvale, CA 94089
USA

-Sue Lin
TEL: 408-936-8447
FAX: 408-936-1801

CST Lab: NVLAP 200697-0

Juniper Networks EX3300, EX4200, EX4500 Ethernet Switches
(Hardware Version: EX3300-24P, EX3300-24T, EX3300-24T-DC, EX3300-48T, EX3300-48T-BF, EX3300-48P, EX4200-24P, EX4200-24PX, EX4200-24T, EX4200-24F, EX4200-48P, EX4200-48PX, EX4200-48T, EX4500-40-FB and EX4500-40-BF with Tamper Evident Labels: 520-052564; Firmware Version: JUNOS 12.1R6.6)

(When operated in FIPS Mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 03/28/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1494, #1507, #1508 and #1514); AES (Certs. #2396, #2419, #2420 and #2475); DSA (Cert. #762); SHS (Certs. #2058, #2059, #2076, #2077 and #2094); RNG (Cert. #1187); RSA (Certs. #1251, #1252 and #1264); HMAC (Certs. #1488, #1489, #1504, #1505 and #1518); DRBG (Certs. #324, #325 and #338); CVL (Certs. #81)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); NDRNG

Multi-chip standalone

"EX Series Ethernet switches deliver access, aggregation, and core layer switching services in branch, campus, and data center networks to ensure fast, secure, reliable delivery of data and applications. All EX Series Ethernet Switches run the same Junos operating system as other Juniper switches, routers, and security solutions, ensuring consistent, predictable behavior across the entire network infrastructure."
2116 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst 4507R-E, Catalyst 4507R+E, Catalyst 4510R-E, Catalyst 4510R+E, Catalyst C4500X-16SFP+, Catalyst C4500X-F-16SFP+, Catalyst C4500X-32SFP+, Catalyst C4500X-F-32SFP+, Catalyst C4500X-24X-ES, Catalyst C4500X-40X-ES, Catalyst C4500X-24X-IPB with Supervisor Cards (WS-X45-SUP7-E, WS-X45-Sup7L-E) and Line Cards (WS-X4640-CSFP-E, WS-X4712-SFP+E, WS-X4748-NGPOE+E, WS-X4748-RJ45-E and WS-X4748-RJ45V+E)
(Hardware Version: Catalyst 4503-E [1, 3, 4, 5, 6, 8, A], Catalyst 4503-E [2, 5, 7, 8, A], Catalyst 4506-E [1, 3, 4, 5, 6, 7, 8, B], Catalyst 4506-E [2, 3, 4, 5, 6, 7, 8, B], Catalyst 4507R-E [1, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R-E [2, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R+E [1, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R+E [2, 3, 4, 5, 6, 7, 8, C], Catalyst 4510R-E [1, 3, 4, 5, 6, 7, 8, D], Catalyst 4510R+E [1, 3, 4, 5, 6, 7, 8, D], Catalyst C4500X-16SFP+ [E], Catalyst C4500X-F-16SFP+ [E], Catalyst C4500X-32SFP+ [E], Catalyst C4500X-F-32SFP+ [E], Catalyst C4500X-24X-ES [E], Catalyst C4500X-40X-ES [E], Catalyst C4500X-24X-IPB [E], Supervisor Card WS-X45-SUP7-E [1], Supervisor Card WS-X45-SUP7L-E [2], Line Card WS-X4748-RJ45V+E [3], Line Card WS-X4712-SFP+E [4], Line Card WS-X4640-CSFP-E [5], Line Card WS-X4748-NGPOE+E [6], Line Card WS-X4748-RJ45-E [7], Filler Plate (C4K-SLOT-CVR-E) [8] and FIPS kit packaging (WS-C4503-FIPS-KIT= [A], WS-C4506-FIPS-KIT= [B], WS-C4507-FIPS-KIT= [C], WS-C4510-FIPS-KIT= [D] and CVPN4500FIPS/KIT= [E]); Firmware Version: IOS-XE 3.5.2E)

(When operated in FIPS mode with tamper evident labels and security devices installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/26/2014;
04/16/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1589, #2057 and #2624); CVL (Cert. #105); DRBG (Cert. #403); HMAC (Cert. #1622); RSA (Certs. #1339 and #1341); SHS (Certs. #2198 and #2200); Triple-DES (Cert. #1575)

-Other algorithms: Diffie-Hellman (CVL Cert. #105, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD4; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev."
2115 Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiAnalyzer-4000B
(Hardware Version: 4000-B with SKU-FIPS-SEAL-RED; Firmware Version: v4.0, build3059, 130918)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 03/26/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1608 and #1609); AES (Cert. #2681); SHS (Certs. #2251 and #2252); RNG (Cert. #1251); RSA (Cert. #1030); HMAC (Certs. #1667 and #1668)

-Other algorithms: Diffie-Hellman (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data."
2114 Proofpoint Incorporated
892 Ross Drive
Sunnyvale, CA 94107
USA

-Jun Wang
TEL: 408-338-6680
FAX: 408-517-4710

CST Lab: NVLAP 200427-0

Proofpoint Security Library
(Software Version: 2.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/26/2014 Overall Level: 1 

-Physical Security: N/A

-Operational Environment: Tested as meeting Level 1 with Dell Latitude E6400 w/ Cent OS 5 running JRE 1.6 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1814); ECDSA (Cert. #250); RNG (Cert. #956); RSA (Cert. #909); SHS (Cert. #1591)

-Other algorithms: AES RNG; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); Extended Secure Remote Password; Secure Remote Password; RC2; Triple-DES (non-compliant)

Multi-chip standalone

"The module is a Java language cryptographic component to be used by the various Proofpoint security products. The module is designed to meet Level 1 requirements of FIPS 140-2 standard. The module is a cryptographic library that provides variety of cryptographic services (both approved as well as non-approved). The module can be executed on any general-purpose PC and operating system capable of running JRE 1.6 or later."
2113 Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiGate-VM Virtual Appliances
(Software Version: 4.0 MR3)

(When operated in FIPS mode and when installed, initialized and configured as specified in Section FIPS 140-2 Compliant Operation of the provided Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/25/2014 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: N/A
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with FortiOS 4.0 MR3 on VMWare ESXi 5.0.0 Update 1 running on a Dell PowerEdge R410

-FIPS Approved algorithms: Triple-DES (Certs. #1503 and #1504); AES (Certs. #2414 and #2415); SHS (Certs. #2071 and #2072); HMAC (Certs. #1500 and #1501); RSA (Cert. #1248); RNG (Cert. #1192)

-Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 188 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"FortiGate virtual appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform."
2112 AT&T Services, Inc.
530 McCullough, 2B60
San Antonio, TX 78215
USA

-Jody Hagemann
TEL: 732-457-1891

CST Lab: NVLAP 200928-0

AT&T Toggle Cryptographic Security Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/25/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110; Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110; Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2; Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2; iOS v5 running on a iPad3; iOS v6 running on a iPhone5; Android v4.1 running on a Samsung Galaxy SIII (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2489); Triple-DES (Cert. #1526); SHS (Cert. #2107); HMAC (Cert. #1531); RNG (Cert. #1206); DRBG (Cert. #347); RSA (Cert. #1283); DSA (Cert. #768); ECDSA (Cert. #417); CVL (Cert. #88)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"The AT&T Toggle Cryptographic Security Module (TCSM) 1.0 provides cryptographic services for the Toggle. The TCSM modules provide low level Encryption and MAC Hashing routines, for protecting and securing mobile devices. The TCSM provides a highly secure encrypted container for enterprise-managed mobile applications, content and data to enable a highly secure mobile workspace that separates corporate information from personal information on the same mobile device. Toggle provides application level security, an automated application wrapping process and dynamic app-based security policy cont"
2111 Christie Digital Systems Canada, Inc.
809 Wellington St. N.
Kitchener, ON N2G 4Y7
Canada

-Kevin Draper
TEL: 519-741-3741
FAX: 519-741-3912

CST Lab: NVLAP 200802-0

Christie IMB-S2 4K Integrated Media Block (IMB)
(Hardware Version: 000-102675-01; Firmware Versions: 1.0.1-2641, 1.0.3-3047, 1.1.0-3271, 1.2.0-3400, 1.2.1-3546, 1.3.0-3704 or 1.3.2-3709)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/21/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2042 and #2043); SHS (Certs. #1788 and #1789); HMAC (Certs. #1241 and #1242); RNG (Certs. #1066 and #1230); RSA (Cert. #1062); CVL (Cert. #97)

-Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TI ECDH; TI S-box

Multi-chip embedded

"The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material."
2110 BlackBerry Ltd.
295 Phillip Street
Waterloo, ON N2L 3W8
Canada

-Security Certifications Team
TEL: 519-888-7465 x72921
FAX: 905-507-4230

CST Lab: NVLAP 200928-0

BlackBerry Cryptographic Library for Secure Work Space
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section A.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/21/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110; Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110; Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2; Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2; iOS v5 running on a iPad3; iOS v6 running on a iPhone5; Android v4.1 running on a Samsung Galaxy SIII (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2544); Triple-DES (Cert. #1539); SHS (Cert. #2145); HMAC (Cert. #1565); RNG (Cert. #1209); DRBG (Cert. #377); RSA (Cert. #1298); DSA (Cert. #776); ECDSA (Cert. #436); CVL (Cert. #89)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"BlackBerry® provides a suite of hardware, software, and services, which allow customers to utilize a single end-to-end Mobile Device Management (MDM) solution. The BlackBerry Cryptographic Library for Secure Work Space is a software module that provides cryptographic services required for secure operation of non-BlackBerry® devices running supported operating systems, when used in conjunction with BlackBerry® MDM solutions."
2109 Juniper Networks, Inc
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Odyssey Security Component Kernel Mode
(Software Version: 2.50)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/21/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows 7 SP1 64-bit on Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1990); Triple-DES (Cert. #1291); SHS (Cert. #1745); HMAC (Cert. #1203); DSA (Cert. #636); RSA (Cert. #1032); RNG (Cert. #1045)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112-bits of encryption strength); AES (Cert. #1990, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC Kernel Mode is a kernel-mode binary module for the Windows operating system."
2108 OpenPeak, Inc.
1750 Clint Moore Road
Boca Raton, FL 33487
USA

-Eric Jen
TEL: 561-289-0214

-Howard A. Kwon
TEL: 561-893-7930
FAX: 561-208-8026

CST Lab: NVLAP 200928-0

OpenPeak Cryptographic Security Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/19/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110; Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110; Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2; Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2; iOS v5 running on a iPad3; iOS v6 running on a iPhone5; Android v4.1 running on a Samsung Galaxy SIII (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2489); Triple-DES (Cert. #1526); SHS (Cert. #2107); HMAC (Cert. #1531); RNG (Cert. #1206); DRBG (Cert. #347); RSA (Cert. #1283); DSA (Cert. #768); ECDSA (Cert. #417); CVL (Cert. #88)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"The OpenPeak Cryptographic Security Module (OCSM) 1.0 provides underlying cryptography primitives for OpenPeak’s ADAM platform, an advanced device and application management suite that provides comprehensive Mobile Enterprise Management as a cloud-hosted service. The OCSM provides a secure encrypted container for enterprise-managed applications, content and data to enable a highly secure mobile workspace that separates corporate information from personal information on the same mobile device."
2107 Vocera Communications, Inc.
525 Race Street
San Jose, CA 95126
USA

-Thirumalai T. Bhattar
TEL: 408-882-5841
FAX: 408-882-5101

-Ken Peters
TEL: 408-882-5858
FAX: 408-882-5101

CST Lab: NVLAP 200996-0

Vocera Cryptographic Module
(Hardware Version: 88W8688; Software Version: 2.1; Firmware Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 03/19/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Vocera Embedded Linux Version 1.1 running on a Vocera B3000 badge (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2224 and #2225); HMAC (Cert. #1353); SHS (Cert. #1914); RSA (Cert. #1139); DRBG (Cert. #261)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"Vocera B3000 Badge is a wearable hands-free voice-controlled device that provides easy-to-use and instantaneous communication on a wireless LAN network. The Vocera Cryptographic Module, embedded in the B3000 Badge, ensures protected communications using industry-standard secure wireless communication protocols."
2106 DTECH LABS, Inc.
22876 Shaw Road
Sterling, VA 20166
USA

-Brian K. Everhart
TEL: 703-547-0638

-Patrick Higdon
TEL: 703-563-0633

CST Lab: NVLAP 200427-0

M3-SE-RTR2 and TXC3
(Hardware Versions: M3-SE-RTR2-FIPS and TXC3-FIPS with DT-FIPS-TEL; Firmware Version: 15.2(2)GC)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/19/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2031); DRBG (Cert. #196); HMAC (Certs. #537 and #1232); RSA (Cert. #1055); SHS (Certs. #933 and #1779); Triple-DES (Certs. #757 and #1310)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The M3-SE-RTR2 and TXC3 are high-performance, ruggedized routers utilizing the Cisco 5915 ESR. With onboard hardware encryption, the Cisco 5915 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The M3-SE-RTR2 and TXC3 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
2105 Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiAnalyzer 4.0 MR3
(Firmware Version: v4.0, build3059, 130918)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 03/19/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Tested: FortiAnalyzer 4000-B with FortiAnalyzer v4.0, build3059, 130918

-FIPS Approved algorithms: Triple-DES (Certs. #1608 and #1609); AES (Cert. #2681); SHS (Certs. #2251 and #2252); RNG (Cert. #1251); RSA (Cert. #1030); HMAC (Certs. #1667 and #1668)

-Other algorithms: Diffie-Hellman (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data."
2104 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E7500
(Hardware Version: P/N 101-500226-54, Rev. A; Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/18/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2103 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2L1A1
Canada

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

ProtectServer Gold (PSG)
(Hardware Versions: B2, B3, B4 and PSG-01-0101; Firmware Version: 3.20.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/14/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2605); DSA (Cert. #790); ECDSA (Cert. #449); HMAC (Cert. #1613); RNG (Cert. #1233); RSA (Cert. #1332); SHS (Cert. #2189); Triple-DES (Cert. #1570); Triple-DES MAC (Triple-DES Cert. #1570, vendor affirmed)

-Other algorithms: AES (Cert. #2605, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (AES Cert. #2605, non-compliant); ARIA; CAST 128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112-bits of encryption strength); ECIES; IDEA 128; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112-bits of encryption strength); SEED 128; SEED MAC; Triple-DES (Cert. #1570, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-chip embedded

"The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
2102 Juniper Networks, Inc.
1194 North Matilda Ave
Sunnyvale, CA 94089
USA

-Sue Lin
TEL: 408-936-8447
FAX: 408-936-1801

CST Lab: NVLAP 200697-0

Juniper Networks EX6200 and EX8200 Ethernet Switches Routing Engines
(Hardware Versions: EX6200-SRE64-4XS, EX8208-SRE320 and EX8216-RE320 with Tamper Evident Labels: 520-052564; Firmware Version: JUNOS 12.1R6.6)

(When operated in FIPS Mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 03/11/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1494, #1507, #1508 and #1514 ); AES (Certs. #2396, #2419, #2420 and #2475); DSA (Cert. #762); SHS (Certs. #2058, #2059, #2076, #2077 and #2094); RNG (Cert. #1187); RSA (Certs. #1251, #1252 and #1264); HMAC (Certs. #1488, #1489, #1504, #1505 and #1518); DRBG (Certs. #324, #325 and #338); CVL (Certs. #81)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); NDRNG

Multi-chip standalone

"EX Series Ethernet switches deliver access, aggregation, and core layer switching services in branch, campus, and data center networks to ensure fast, secure, reliable delivery of data and applications. All EX Series Ethernet Switches run the same Junos operating system as other Juniper switches, routers, and security solutions, ensuring consistent, predictable behavior across the entire network infrastructure."
2101 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 100432-0

Symantec App Center Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/14/2014;
04/03/2014
Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3; iOS 7 running on a iPad 3; Android 4.0 running on a Galaxy Nexus (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Symantec App Center Server Cryptographic Module Version 1.0 provides cryptographic functions for Symantec App Center, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices."
2100 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200928-0

Cisco FIPS Object Module
(Software Version: 4.1)

(When installed, initialized and configured as specified in the Security Policy Section 3.2 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/07/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Linux 2.6 running on an Octeon Evaluation Board EBH5200 without Octeon; Linux 2.6 running on an Octeon Evaluation Board EBH5200 with Octeon; Linux 2.6 running on a Cisco ASR1002; Android v4.0 running on a Samsung Galaxy S II; Windows 7 running on a Cisco UCS C200 M2 without AES-NI; Windows 7 running on a Cisco UCS C210 M2 with AES-NI; FreeBSD 9.0 running on a Cisco UCS C210 M2 without-AES-NI; Linux 2.6 running on a Cisco UCS C22 M3 with AES-NI; Linux 2.6 running an Intel Xeon on a Cisco UCS C200 M2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2678 and #2685); Triple-DES (Certs. #1606 and #1611); SHS (Certs. #2247 and #2256); HMAC (Certs. #1664 and #1672); DRBG (Certs. #431 and #435); RSA (Certs. #1377 and #1385); DSA (Certs. #812 and #814); ECDSA (Certs. #467 and #471); CVL (Certs. #151 and #153)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less then 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols."
2099 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Joe Tomasello
TEL: 415-344-5756

-Andy Pang
TEL: 415-247-7341

CST Lab: NVLAP 200928-0

Riverbed Cryptographic Security Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 4 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/07/2014;
04/16/2014
Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with RiOS 8.0 x86 32-bit running on Riverbed Steelhead Appliance; RiOS 8.0 x86 64-bit running on Riverbed Steelhead Appliance; RiOS 8.0 x86 64-bit on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; RiOS 8.0 x86 64-bit on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; Stingray Traffic Manager Virtual Appliance x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; Stingray Traffic Manager Virtual Appliance x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; RiOS 8.0 x86 64-bit running on Riverbed Steelhead Appliance with AES-NI; Granite OS 2.0 running on Riverbed Granite Core Appliance; Granite OS 2.0 x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; Granite OS 2.0 x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; Whitewater OS 3.0 running on Whitewater Appliance without AES-NI; Whitewater OS 3.0 running on Whitewater Appliance with AES-NI; Whitewater OS 3.0 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; Whitewater OS 3.0 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; Interceptor OS 4.5 running on Riverbed Interceptor Appliance (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2374); Triple-DES (Cert. #1485); SHS (Cert. #2046); HMAC (Cert. #1476); RNG (Cert. #1179); DRBG (Cert. #310); RSA (Cert. #1229); DSA (Cert. #745); ECDSA (Cert. #392); CVL (Cert. #65)

-Other algorithms: RSA (encrypt/decrypt); EC Diffie-Hellman

Multi-chip standalone

"The Riverbed Cryptographic Security Module provides the cryptographic functionality for a variety of Riverbed's platforms including Steelhead and Granite appliances. These network appliances deliver a scalable Wide Area Data Services (WDS) solution, transparently and securely optimizing performance across an enterprise network, and the Stingray software family is used to optimize, secure, and accelerate performance of online applications."
2098 Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Ciotat, 13705
France

-Arnaud Lotigier
TEL: +33 4.42.36.60.74
FAX: +33 4.42.36.55.45

CST Lab: NVLAP 100432-0

IDPrime MD 830
(Hardware Version: SLE78CFX3009P; Firmware Version: IDCore30 Build 1.17, IDPrime MD Applet version V4.1.2.F and MSPNP Applet V1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/05/2014 Overall Level: 3 

-FIPS Approved algorithms: RNG (Cert. #1128); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed); AES (Cert. #2261); RSA (Certs. #1158 and #1163); ECDSA (Cert. #363); CVL (Cert. #41); SHS (Cert. #1946)

-Other algorithms: AES (Cert. #2261, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1413, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength)

Single-chip

"IDPrime MD 830 is a Minidriver enabled PKI smartcard, offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure."
2097 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE(R) Crypto-C Micro Edition
(Software Version: 4.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/05/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 32-bit); Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 64-bit); Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit); Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with AES-NI (x86 32-bit); Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit); Red Hat Enterprise Linux 5.5 running on a HP rx2600 (Itanium2 64-bit); Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit); Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit); Red Hat Enterprise Linux 6.0 running on a Intel Maho Bay with AES-NI (x86 64-bit); Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8 32-bit); Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8+ 32-bit); Oracle Solaris 10 running on a Sun Fire V240 (SPARC v9 64-bit); Oracle Solaris 10 running on a Dell Poweredge SC420 (x86 32-bit); Oracle Solaris 10 running on a Intel Sugar Bay with AES-NI (x86 32-bit); Oracle Solaris 10 running on a Dell Dimension E521 (x86 64-bit); Oracle Solaris 10 running on a Intel Sugar Bay with AES-NI (x86 64-bit); Microsoft Windows XP Professional SP3 running on a Dell Poweredge SC420 (x86 32-bit); Microsoft Windows XP Professional SP3 running on a Dell Precision M6500 with AES-NI (x86 32-bit); Microsoft Windows XP Professional SP2 running on a Indus Technologies Idex 410 (x86 64-bit); Microsoft Windows 7 SP1 running on a Dell Precision M6500 with AES-NI (x86 64-bit); Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 32-bit); Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 64-bit); Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit); Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit); IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 32-bit); IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 64-bit); IBM AIX v6.1 running on a IBM 9110-51A (PPC 32-bit); IBM AIX v6.1 running on a IBM 9110-51A (PPC 64-bit); IBM AIX v7.1 running on a IBM 8231-E2B (PPC 32-bit); IBM AIX v7.1 running on a IBM 8231-E2B (PPC 64-bit); HP HP-UX 11.23 running on a HP Visualize C3600 (PA RISC 2.0 32-bit); HP HP-UX 11.23 running on a HP Visualize C3600 (PA-RISC 2.0W 64-bit); HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 32-bit); HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 64-bit); Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 32-bit); Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RNG (Cert. #1057); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2096 WatchDox, Inc.
299 S California Ave.
Palo Alto, CA 94306
USA

-Adi Ruppin
TEL: 800-209-1688

CST Lab: NVLAP 200427-0

WatchDox(R) CryptoModule
(Software Version: 1.0)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/05/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6 running on a Dell Poweredge SC1420 without AES-NI (gcc Compiler Version 4.4.4); Windows 7 32-bit running on an Intel Core (x64) with AES-NI running on an Intel Client Desktop (gcc Compiler Version 4.7.3); Apple iOS 6.1 running on an ARMv7 with NEON on an iPhone 5 (gcc Compiler Version 4.2.1); Android 4.1 running on an ARM Cortex A9 with NEON on a Samsung Galaxy S3 Mini (gcc Compiler Version 4.6.3) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2623); ECDSA (Cert. #451); HMAC (Cert. #1621); RNG (Cert. #1239); RSA (Cert. #1340); SHS (Cert. #2199)

-Other algorithms: CVL (non-compliant); DRBG (non-compliant); DSA (non-compliant); EC Diffie-Hellman; RSA (encrypt/decrypt); Triple-DES (non-compliant)

Multi-chip standalone

"The WatchDox Crypto Module provides the services necessary to support the cryptographic features and functions of the WatchDox Secure File Sharing services and products."
2095 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 100432-0

App Center Server Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/28/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with CentOS 6.3 on a Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"App Center Server Cryptogrpahic Module provides cryptographic functions for the Server component of Symantec App Center, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices."
2094 Securonix, Inc.
5777 W. Century Blvd.
Suite #838
Los Angeles, CA 90045
USA

-Chris Bell
TEL: 415-380-0806

CST Lab: NVLAP 100432-0

Intelligence Platform Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/28/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with CentOS 6.3 on a Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Intelligence Platform Cryptographic Module provides cryptographic functions for the Intelligence Platform products from Securonix."
2093 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst 3560-C [1], 3560-X [2] and 3750-X [3] Switches
(Hardware Versions: [3560CG-8PC-S, 3560CG-8TC-S and 3560CPD-8PT-S] [1] [B], [(WS-C3560X-24P-L and WS-C3560X-48T-L) [2] and (WS- C3750X-12S, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P and WS-C3750X-48T) [3]] with [C3KX-SM-10G, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK and C3KX-NM-10GT] [A] with FIPS kit packaging [C3KX-FIPS-KIT 700-34443-01] [A] and [C3KX-FIPS-KIT 47-25129-01] [B]; Firmware Version: 15.0(2)SE4)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/27/2014;
03/12/2014
Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1269, #1275 and #2134); DRBG (Cert. #237); HMAC (Cert. #1304); RSA (Cert. #1100); SHS (Cert. #1858); Triple-DES (Cert. #1358)

-Other algorithms: AES (Cert. #2134, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules."
2092 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0

Samsung FIPS BC for Mobile Phone and Tablet
(Software Versions: SBC1.45_2.0 and SBC1.45_2.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/26/2014 Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Android Jelly Bean 4.1 running on Samsung Galaxy Note II; Android Jelly Bean 4.2 running on Samsung Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2353 and #2409); SHS (Certs. #2027 and #2067); RNG (Certs. #1172 and #1189); Triple-DES (Certs. #1472 and #1499); HMAC (Certs. #1459 and #1494); RSA (Certs. #1213 and #1243); DSA (Certs. #736 and #751)

-Other algorithms: Blowfish; Camellia; Camellia Light; CAST5; CAST6; DES; GOST28147-89; IDEA; IES; Rijndal; RC2; RC4; RC5; RC6; SEED; Serpent; TEA; Twofish; XTEA; Grain218; GrainV1; HC128; HC256; ISAAC; Salsa20; VMPC; Elgamal; Naccache-Stern; MD2; MD4; MD5; RIPEMD-128; RIPEMD-160; RIPEMD-256; RIPEMD-320; Tiger; Whirlpool; GOST3411; ISO9797; HMAC based on RFC 2104; VMPC-MAC; SRP6; ECMQV; Digest random generator; VMPC random number generator; Thread-based seed generator; Reverse window generator; AES light (non-compliant); ECDSA (non-compliant); AES-CMAC (non-compliant); Triple-DES-CMAC (non-compliant); Skipjack (non-compliant); Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); RSA (non-compliant); DSA (non-compliant)

Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
2091 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs)
(Hardware Versions: [15454-M2-SA, 15454-M6-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9 and 15454-M-WSE-K9] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 9.8)

(When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/26/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2352, #2369, #2546 and #2548); DRBG (Certs. #379 and #381); HMAC (Certs. #1567 and #1569); KBKDF (Cert. #12); RSA (Certs. #1301 and #1303); SHS (Certs. #2147 and #2149); Triple-DES (Cert. #1541)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4

Multi-chip standalone

"The Cisco ONS 15454 Multiservice Transport Platform (MSTP) is the most deployed metropolitan-area (metro) and regional dense wavelength division multiplexing (DWDM) solution in the world featuring two- through eight-degree reconfigurable optical add/drop multiplexer (ROADM) technology that enables wavelength provisioning across entire networks and eliminates the need for optical-to-electrical-to-optical (OEO) transponder conversions."
2090 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco ASR 1001 [1][K1], ASR 1002 [2][K2][E1 or E2], ASR1002-X [3][K2], ASR 1004 [4][K3][R1 or R2][E2, E3 or E4], ASR 1006 [5][K4][single or dual E2, E3, E4 or E5][dual R1 or R2] and ASR 1013 [6][K5][E4 or E5][R2]
(Hardware Versions: ASR1001 [1], ASR1002 [2], ASR1002-X [3], ASR1004 [4], ASR1006 [5] and ASR1013 [6]; FIPS KITs: ASR1001-FIPS-Kit [K1], ASR1002- FIPS-Kit [K2], ASR1004-FIPS-Kit [K3], ASR1006-FIPS-Kit [K4] and ASR1013-FIPS-Kit [K5]; Embedded Services Processors: ASR1000-ESP5 [E1], ASR1000-ESP10 [E2], ASR1000-ESP20 [E3], ASR1000-ESP40 [E4] and ASR1000-ESP100 [E5]; Route Processors: ASR-1000-RP1 [R1] and ASR-1000-RP2 [R2]; Firmware Version: 3.7.2tS)

(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/26/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #333, #2346 and #2549); DRBG (Cert. #382); HMAC (Certs. #137, #1455 and #1570); RNG (Certs. #154 and #1170); RSA (Cert. #1304); SHS (Certs. #408, #2023 and #2150); Triple-DES (Certs. #397, #1469 and #1543)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; IKE KDF; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-1 (non-compliant); SNMPv3 KDF; SSH KDF; TLS KDF

Multi-chip standalone

"The ASR 1000 Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services, and reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating environments."
2089 HGST, Inc.
5601 Great Oaks Parkway
Building 50-3/D393
San Jose, CA 95119
USA

-Rajesh Kukreja
TEL: 408-717-6261
FAX: 408-717-9494

-Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0

HGST Ultrastar SSD800/1000 TCG Enterprise SSDs
(Hardware Versions: P/Ns HUSMH8080ASS205 [0001], HUSMH8040ASS205 [0001], HUSMH8020ASS205 [0001], HUSMM8080ASS205 [0001], HUSMM8040ASS205 [0001], HUSMM8020ASS205 [0001], HUSMR1010ASS205 [0001], HUSMR1050ASS205 [0001] and HUSMR1025ASS205 [0001]; Firmware Version: R210)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/25/2014;
04/03/2014;
04/11/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed); AESKW (SP 800-38F, vendor affirmed)

-Other algorithms: NDRNG

Multi-chip embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar SSD800/1000 series are 12Gbs SAS, TCG Enterprise SSDs."
2088 McAfee, Inc.
2821 Mission College Blvd.
Suite 100
Santa Clara, CA 95054
USA

-James Reardon
TEL: 651-628-5346

CST Lab: NVLAP 200928-0

McAfee Database Security Sensor Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 4)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/25/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 64-bit with VMWare ESXi 4.0 running on a HP Proliant DL185 GS; Windows Server 2008 64-bit with VMWare ESXi 5.0 running on a HP Proliant DL380 GS; AIX 5.3 on a IBM 9115-305; HP-UX 11.23 running on a HP RX2600 Server; Red Hat Enterprise Linux 5.9 with VMWare ESXi 5.0 running on a Dell PowerEdge R510; CentOS 5.5 with VMWare ESXi 5.0 running on a Dell PowerEdge R510; SUSE 11 patch 2 with VMWare ESXi 5.0 running on a Dell PowerEdge R510; Solaris 9 running on a Sun UltraSPARC C-III (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1557); AES (Cert. #2571); SHS (Cert. #2166); HMAC (Cert. #1587); RNG (Cert. #1223); DSA (Cert. #786); RSA (Cert. #1318)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The McAfee Database Security Sensor Cryptographic Module Version 1.0, is a software shared library that provides cryptographic services required by the McAfee Database Security Sensor."
2087 Fixmo Inc.
22375 Broderick Dr.
Suite 227
Sterling, VA USA

-Daniel Ford
TEL: 443-380-3673

CST Lab: NVLAP 200556-0

Server Crypto Module
(Software Version: 1.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/24/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755; CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Fixmo Server Crypto Module provides cryptographic functions for Fixmo products and solutions."
2086 Oracle Corporation
500 Eldorado Blvd., Bldg 5
Broomfield, CO 80021
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0

StorageTek T10000C Tape Drive
(Hardware Version: P/N 7054185; Firmware Version: 1.57.308)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/22/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1568, #1570, #2404, #2405, #2406, #2407 and #2412); DRBG (Cert. #322); HMAC (Certs. #1497 and #1498); SHS (Certs. #2065 and #2066); RSA (Cert. #1246); CVL (Cert. #82)

-Other algorithms: AES (Cert. #2406, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"The Oracle StorageTek T10000C Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000C Tape Drive delivers the world’s fastest write speeds to a native 5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution."
2085 Curtiss-Wright Controls Defense Solutions
333 Palladium Drive
Kanata, ON K2V 1A6
Canada

-Aaron Frank
TEL: 613-599-9199 ext 5242
FAX: 613-599-7777

-Johan A Koppernaes
TEL: 613-599-9199 ext 5817
FAX: 613-599-7777

CST Lab: NVLAP 200996-0

VPX3-685 Secure Routers
(Hardware Versions: Air-Cooled Chassis: VPX3-685-A13014-FC and VPX3-685-A13020-FC; Conduction-Cooled Chassis: VPX3-685-C23014-FC and VPX3-685-C23020-FC; Firmware Version: 2.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/22/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #963); Triple-DES (Cert. #758); SHS (Certs. #934 and #1907); HMAC (Cert. #538); RSA (Cert. #1135); DSA (Cert. #713); RNG (Cert. #1111)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DES; MD5

Multi-chip embedded

"The VPX3-685 Secure Routers are used for strong security in the embedded defense and aerospace industries. They support industry standard encryption algorithms used in IPSec/VPN/IKE/PKI and other networking standards. Including H/W accelerated AES bulk encryption."
2084 GOTrust Technology Inc.
10F-1, No.306, Sec. 1, Wenxin Rd., Nantun Dist.
Taichung, 408
Taiwan

-Sean Huang
TEL: +886-4-23202525
FAX: +886-4-23202580

CST Lab: NVLAP 200824-0

GO-Trust SDencrypter
(Hardware Versions: GT-3001 with GT-0330; Firmware Versions: 4.1.0.8 with 80023802-33860406 and 80023802-33860506)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 02/22/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1664); AESKW (SP 800-38F, vendor affirmed); HMAC (Cert. #1426); KDF (Cert. #7); RNG (Cert. #999); RSA (Cert. #976); SHS (Cert. #1672); Triple-DES (Cert. #1237)

-Other algorithms: AES (Cert. #1664, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip embedded

"SDencrypter is a hardware security module embedded into one microSD. The entire encryption, decryption, key generation process is completed inside the module. Fast íºin-chipí¿ processing, using a high-performance smart card chip, supports streaming voice and media operations. High-assurance protection is provided to keys and sensitive data which are encrypted and stored inside the chip."
2083 FiberLogic Communications, Inc.
5F-3, No.9 Prosperity Road One, Science-Park
Hsinchu, 30078
Taiwan

-Jun Tseng
TEL: +886-3-5638889
FAX: +886-3-5638899

CST Lab: NVLAP 200824-0

TS-250
(Hardware Version: 1.0; Firmware Version: 1.0.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/22/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1903); DSA (Cert. #601); HMAC (Cert. #1143); RNG (Certs. #997 and #1000); SHS (Cert. #1673)

-Other algorithms: AES (Cert. #1903, key wrapping); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HRNG

Multi-chip standalone

"The TS-250 can encrypt the high speed network traffic passed through. The module can be configured to encrypt different layer of network traffic, e.g., from Ethernet frame payload or from IP packet payload."
2082 Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku, Tokyo 105-8001
Japan

-Hiroshi Ito
TEL: +81-45-776-5624
FAX: +81-45-776-5624

CST Lab: NVLAP 200822-0

Toshiba Secure TCG Opal SSC and Wipe technology Self-Encrypting Drive (MQ01ABU050BW, MQ01ABU032BW and MQ01ABU025BW)
(Hardware Version: AA; Firmware Version: FN001S)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/13/2014;
04/23/2014
Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2447 and #2448); HMAC (Cert. #1511); SHA (Cert. #2081); DRBG (Cert. #334);

-Other algorithms: NDRNG

Multi-chip embedded

"The Toshiba Secure TCG Opal SSC and Wipe Technology Self-Encrypting Drive is used for hard disk drive data security. This cryptographic module provides various cryptographic services using FIPS approved algorithms. Services are provided through an industry-standard TCG Opal SSC and the Toshiba Wipe Technology. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA ranges, host device authentication and secure automatic data invalidation. The last two services are provided by the Toshiba Wipe Technology."
2081 Dispersive Solutions, Inc.
4501 Singer Court
Suite 220
Chantilly, VA 20151
USA

-Carolyn O¦Neill Griffin
TEL: 703-209-7458

CST Lab: NVLAP 200556-0

V2VNet Common Crypto Module
(Software Version: 1.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/22/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755; CentOS 6.3 on a Dell OptiPlex 755; Mac OS X 10.8 on a MacBook Air (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"V2VNet Common Crypto Module provides cryptographic functions for Dispersive Solutions V2VNet Server Edition, a scalable solution allowing clients to communicate directly with other clients, and securely route voice, video and data communications."
2080 Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0

CN6000 Series Encryptors
(Hardware Versions: CN6040 Series: A6040B [O] (AC), A6040B [Y] (AC), A6041B [O] (DC), A6041B [Y] (DC), A6042B [O] (AC/DC) and A6042B [Y] (AC/DC); CN6100 Series: A6100B [O] (AC), A6100B [Y] (AC), A6101B [O] (DC), A6101B [Y] (DC), A6102B [O] (AC/DC) and A6102B [Y] (AC/DC); Firmware Version: 2.3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 02/10/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2582, #2583, #2584 and #2586); Triple-DES (Cert. #1562); RSA (Cert. #1324); SHS (Cert. #2177); HMAC (Cert. #1601); DRBG (Cert. #391); CVL (Cert. #113)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN6000 Series Encryptor is a high-speed standards based hardware encryption platform designed to secure data transmitted over optical and twisted-pair Ethernet and optical Fibre Channel networks. Two models are validated: the CN6100 10G Ethernet Encryptor operating at a line rate of 10Gb/s and the CN6040, a protocol selectable model operating at data rates up to 4Gb/s. Configured in Ethernet mode the CN6040 model supports rates of 10Mb/s, 100Mb/s & 1Gb/s and in Fibre Channel mode supports rates of 1.0625, 2.125 & 4.25Gb/s. Data privacy is provided by FIPS approved AES algorithms."
2079 Hewlett Packard Development Company, L.P.
Survey No.192, Whitefield Road,
Mahadevapura Post
Bangalore, Karnataka 560 048
India

-Rahul Philip Mampallil
TEL: +91 80 33841568

-Karthik Bhagawan
TEL: +91 80 25166873
FAX: +91 80 28533522

CST Lab: NVLAP 200928-0

HP-UX Kernel Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode; The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/07/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with HP-UX 11i v3 running on an HP Integrity BL860c i2 server blade (single user mode)

-FIPS Approved algorithms: AES (Cert. #2488); SHS (Cert. #2106); HMAC (Cert. #1530); DRBG (Cert. #346); RSA (Cert. #1277)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"HP-UX Kernel Crypto Module (HP-UX KCM) is a kernel-space crypto engine in the HP-UX operating system containing core cryptographic algorithms and operations in a single shared library. It implements asymmetric, symmetric, and digest operations that are used by HP-UX security solutions. HP-UX KCM is available on HP-UX 11i v3 operating system on the HP Integrity Platform (IA-64)."
2078 Dolby Laboratories, Inc.
100 Potrero Ave.
San Francisco, CA 94103
USA

-Marvin Pribadi
TEL: 415-645-5185
FAX: 415-645-4000

CST Lab: NVLAP 100432-0

CAT904 Dolby® JPEG 2000/MPEG-2 Processor
(Hardware Versions: P/N CAT904Z Revisions FIPS_1.0, FIPS_1.0.1, FIPS_1.0.2 and FIPS_1.1; Firmware Version: 1.3.4.21)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/06/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #519, #520 and #1067); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650); RSA (Cert. #233); SHS (Certs. #592 and #1086)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TLS KDF

Multi-chip embedded

"The CAT904 Dolby® JPEG 2000/MPEG-2 Processor performs all the cryptography, license management, and video decoding functions for the DSP100 Dolby Show Player, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality, outstanding reliability, and the highest level of security in the business. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets other key DCI specifications for security, data rate, and storage capacity."
2077 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0

Oracle Solaris Userland Cryptographic Framework
(Software Versions: 1.0 and 1.1)

(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/06/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Oracle Solaris 11.1 running on a M3000 Enterprise Server; Oracle Solaris 11.1 running on a Sun Server X3-2 with AES-NI; Oracle Solaris 11.1 running on a Sun Server X3-2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2308 and #2569); Triple-DES (Certs. #1455 and #1556); RSA (Certs. #1191 and #1317); DSA (Certs. #726 and #785); ECDSA (Certs. #373 and #443); SHS (Certs. #1992 and #2165); HMAC (Certs. #1422 and #1586); RNG (Certs. #1150 and #1221)

-Other algorithms: AES-XCBC-MAC (non-compliant); SHA-512/224 (non-compliant); SHA-512/256 (non-compliant); MD4; MD5; RC4; DES; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Oracle Solaris OS utilizes the Oracle Solaris Userland Cryptographic Framework module for cryptographic functionality for any applications running in user space. It exposes PKCS#11 APIs, uCrypto APIs, and libmd public interfaces to provide cryptography to any application designed to utilize them."
2076 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0

Oracle Solaris Userland Cryptographic Framework with SPARC T4 and SPARC T5
(Hardware Versions: 527-1437-01 and 7043165; Software Versions: 1.0 and 1.1)

(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 02/06/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Oracle Solaris 11.1 running on a SPARC T4-1 Server; Oracle Solaris 11.1 running on a SPARC T5-2 Server (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2310 and #2572); Triple-DES (Cert. #1457 and #1558); RSA (Cert. #1193 and #1319); DSA (Cert. #727 and #787); ECDSA (Cert. #375 and #444); SHS (Cert. #1994); HMAC (Cert. #1424 and #1594); RNG (Cert. #1153 and #1224)

-Other algorithms: AES-XCBC-MAC (non-compliant); SHA-512/224 (non-compliant); SHA-512/256 (non-compliant); MD4; MD5; RC4; DES; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Oracle Solaris OS utilizes two cryptographic modules; one in the Userland space and the second in the Kernel space. The OS uses the Oracle Solaris Userland Cryptographic Framework module for cryptographic functionality for any applications running in user space. It exposes PKCS#11 APIs, uCrypto APIs, and libmd public interfaces to provide cryptography to any application designed to utilize them. The module includes the SPARC T4 and SPARC T5 processor special instruction sets for hardware-accelerated cryptography."
2075 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL, WS-SUP720-3B, VS-S720-10G-3C or VS-S720-10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K9=, WS-SVC-WISM2-5-K9=, WS-SVC-WISM2-3-K9=, WS-SVC-WISM2-1-K9=, WS-SVC-WISM2-5-K9, WS-SVC-WISM2-3-K9 or WS-SVC-WISM2-1-K9]; Firmware Version: Supervisor Blade: Cisco IOS Release 12.2.33SXJ, Cisco IOS Release 12.2.33SXJ1 or Cisco IOS Release 12.2.33SXJ2; WiSM2: 7.0.240.0 or 7.0.250.0)

(When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/29/2014;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1347, #1348 and #2330); HMAC (Certs. #785, #786 and #787); RNG (Cert. #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1230 and #2014); Triple-DES (Cert. #935); DRBG (Cert. #289)

-Other algorithms: AES (Cert. #2330, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); FIPS 186-2 RNG (Cert. #741); NDRNG; RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
2074 ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009
USA

-David Schmolke
TEL: 760-476-2461
FAX: 760-476-4110

-Richard Quintana
TEL: 760-476-2481
FAX: 760-476-4110

CST Lab: NVLAP 100432-0

Embeddable Security System (ES-1200)
(Hardware Version: P/N 1174941, Rev. 001; Firmware Version: 1.0.7)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/22/2014;
03/12/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2633, #2634 and #2635); DRBG (Cert. #406); SHS (Cert. #2207)

-Other algorithms: NDRNG

Multi-chip embedded

"The ES-1200 is a low cost, size, weight & power multichip programmable embedded cryptographic module. It provides encryption and decryption services, plaintext bypass, key management, and PIN-based access control. The ES-1200 is intended for use in environments where FIPS 140-2 Level 2 cryptographic products are required. Typical applications are military Transmission Security (TRANSEC), Communications Security (COMSEC), and Data-At-Rest (DAR) using Suite B cryptography."
2073 GoldKey Security Corporation
26900 E Pink Hill Road
Independence, MO 64057
USA

-GoldKey Sales & Customer Service
TEL: 816-220-3000
FAX: 419-301-3208

-Jon Thomas
TEL: 567-270-3830
FAX: 419-301-3208

CST Lab: NVLAP 200658-0

GoldKey Security Token Cryptographic Module
(Hardware Version: IC USB-CONTROLLER-2LF; Firmware Version: 7.12)

(When operated in FIPS mode with Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/29/2014 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2347); SHS (Cert. #2024); DRBG (Cert. #297); Triple-DES (Cert. #1470); EC Diffie-Hellman (CVL Cert. #54, key agreement); RSA (Cert. #1210); RSA (CVL Cert. #54, signature primitive); ECDSA (Cert. #384)

-Other algorithms: N/A

Single-chip

"Provides cryptographic algorithm implementation for GoldKey Products"
2072 Chunghwa Telecom Co., Ltd.
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886 3 424 4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0

HiCOS PKI Native Smart Card Cryptographic Module
(Hardware Version: RS45C; Firmware Version: HardMask: 2.2 and SoftMask: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/29/2014 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Finite State Model: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Self-Tests: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1419); Triple-DES MAC (Triple-DES Cert. #1419, vendor affirmed); SHS (Cert. #1953); RSA (Cert. #1165); DRBG (Cert. #280)

-Other algorithms: NDRNG; Triple-DES (Cert. #1419, key wrapping; key establishment methodology provides 112-bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate."
2071 Fujitsu limited
4-1-1 Kamikodanaka
Nakahara-ku
Kawasaki, Kanagawa 211-8588
Japan

-Eugene Owens
TEL: 408-746-6486
FAX: 408-746-8016

-Hiroyuki Miura

CST Lab: NVLAP 200822-0

ETERNUS DX400/DX8000 Controller Module
(Firmware Version: V20L80-1000)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 01/24/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Tested: ETERNUS DX410 with VxWorks 6.3; ETERNUS DX8400 with VxWorks 6.3

-FIPS Approved algorithms: AES (Cert. #2542); RNG (Cert. #1207); SHS (Cert. #2142)

-Other algorithms: Fujitsu Original Encryption (Encryption/Decryption); AES (Cert. #2542, key wrapping)

Multi-chip embedded

"ETERNUS DX400/DX8000 Controller Module is a module which manages the whole disk storage system. In order to prevent a data leakage by removal of disks, the disk encryption mechanism encrypts data on the disks. This encryption function is valid if the Disk Encryption mechanism is activated through GUI."
2070 API Technologies Corp.
4705 S. Apopka Vineland Road
Suite 210
Orlando, FL 32819
USA

-Henry Gold
TEL: 855-294-3800

CST Lab: NVLAP 200556-0

Common Crypto Module for PRIISMS, PRIISMS RD, SA5600-IA and NetGard MFD
(Software Version: 1.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/24/2014;
04/23/2014
Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755; CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Common Crypto Module for PRIISMS, PRIISMS RD, SA5600-IA, and NetGard MFD is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions and features robust algorithm support, including Suite B algorithms."


Need Assistance?