CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
All

Last Updated: 3/23/2017

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Validation
Date
Sunset
Date
Level / Description
2938Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Secure Kernel Code Integrity (skci.dll) in Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 under Cert. #2935 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA (single-user mode)

-FIPS Approved algorithms: RSA (Certs. #2193); SHS (Certs. #3347)

-Other algorithms: MD5

Multi-Chip Stand Alone

"Secure Kernel Code Integrity (SKCI) running in the Virtual Secure Mode (VSM) of the Hyper-V hypervisor will only grant execute access to physical pages in the kernel that have been successfully verified. Executable pages will not have write permission outside of Hyper-V. Therefore, only verified code can be executed."
2937Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with the modules Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 under Cert. #2935 operating in FIPS mode and Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2936 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4064); CVL (Certs. #886 and #887); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

-Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Multi-Chip Stand Alone

"The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography."
2936Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2932 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2933 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4064); CVL (Certs. #886 and #887); DRBG (Cert. #1217); DSA (Cert. #1098); ECDSA (Cert. #911); HMAC (Cert. #2651); KAS (Cert. #92); KBKDF (Cert. #101); KTS (AES Cert. #4062; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2192, #2193 and #2195); SHS (Cert. #3347); Triple-DES (Cert. #2227)

-Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)

Multi-Chip Stand Alone

"Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet)."
2935Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2932 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2933 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #2193); SHS (Cert. #3347)

-Other algorithms: AES (non-compliant); MD5

Multi-Chip Stand Alone

"Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk."
2934Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Dump Filter (dumpfve.sys) in Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 under Cert. #2935 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4061 and #4064)

Multi-Chip Stand Alone

"The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file."
2933Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2931 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

-Other algorithms: MD5

Multi-Chip Stand Alone

"BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state."
2932Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 validated to FIPS 140-2 under Cert. #2931 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4061 and #4064); RSA (Cert. #2193); SHS (Cert. #3347)

-Other algorithms: NDRNG; MD5

Multi-Chip Stand Alone

"The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files."
2931Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016
(Software Version: 10.0.14393)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Tested Configuration(s): Windows 10 Enterprise Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise Anniversary Update (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro Anniversary Update (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Anniversary Update (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB Anniversary Update (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell Precision Tower 5810MT with PAA
Windows 10 Enterprise LTSB Anniversary Update (x64) running on a Dell XPS 8700 with PAA
Windows Server 2016 Standard Edition (x64) running on a HP Compaq Pro 6305 with PAA
Windows Server 2016 Standard Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Server 2016 Datacenter Edition (x64) running on a Dell PowerEdge R630 Server with PAA
Windows Storage Server 2016 (x64) running on a Dell PowerEdge R630 Server with PAA
Windows 10 Mobile Anniversary Update (ARMv7) running on a Microsoft Lumia 950 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4061 and #4064); HMAC (Cert. #2651); PBKDF (vendor affirmed); RSA (Cert. #2193); SHS (Cert. #3347)

-Other algorithms: MD5; PBKDF (non-compliant); VMK KDF

Multi-Chip Stand Alone

"The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it."
2867Hewlett Packard Enterprise
Longdown Avenue
Stoke Grifford, Bristol BS34 8QZ
United Kingdom

Laura Loredo
TEL: 44 117 3162462

Dave Tuckett
TEL: 44 117 316 2692

CST Lab: NVLAP 100432-0
HPE LTO-6 Tape Drive
(Hardware Versions: P/Ns AQ278A #912 [1], AQ288D #103 [2] and AQ298C #103 [3]; Firmware Versions: J5SW [1], 35PW [2] and 25MW [3])
(When operated in FIPS mode and initialized to Overall Level 1 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/23/20173/22/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1442, #2189, #3534 and #3535); CVL (Cert. #588); DRBG (Cert. #889); HMAC (Cert. #2258); KTS (AES Cert. #3535); RSA (Certs. #1128 and #1821); SHS (Certs. #1897 and #2913)

-Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-Chip Stand Alone

"HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption."
2866VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

Eric Betts
TEL: 1-650-427-1902

CST Lab: NVLAP 200928-0
VMware Java JCE (Java Cryptographic Extension) Module
(Software Version: 2.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/22/20173/21/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Java SE Runtime Environment 1.7.0 on NSX Controller 6.3.0 OS on Vmware vSphere Hypervisor (ESXi) 6.0 running on HPE ProLiant DL380 Gen8
Java SE Runtime Environment 1.7.0 on NSX Edge 6.3.0 OS on Vmware vSphere Hypervisor (ESXi) 6.0 running on HPE ProLiant DL380 Gen8
Java SE Runtime Environment 1.7.0 on NSX Manager 6.3.0 OS on Vmware vSphere Hypervisor (ESXi) 6.0 running on HPE ProLiant DL380 Gen8 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4153); CVL (Certs. #955, #956 and #957); DRBG (Cert. #1261); DSA (Cert. #1127); ECDSA (Cert. #955); HMAC (Cert. #2721); KAS (Cert. #96); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #107); KTS (vendor affirmed); KTS (AES Cert. #4153; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2269; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #2261); SHA-3 (Cert. #10); SHS (Cert. #3417); Triple-DES (Cert. #2269)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; RSA (non-compliant); SCrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL

Multi-Chip Stand Alone

"The VMware Java JCE (Java Cryptographic Extension) Module is a software cryptographic module based on the Legion of the Bouncy Castle Inc. FIPS Java API (BC-FJA) Module (SW Version 1.0.0). The module is a software library that provides cryptographic functions to various VMware applications via a well-defined Java-language application program interface (API)."
2865Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones, 6510 and 6520 FC Switches, and 7800 Extension Switch
(Hardware Versions: {6510 FC Switch (P/N 80-1005272-03) with FRU (P/N 80-1001304-02) with Software License (P/N 80-1005356-02), 6520 FC Switch (P/N 80-1007257-03) with FRUs (P/Ns 80-1007263-01 and 80-1004580-02) with Software License (P/N 80-1007272-01), 7800 Extension Switch (P/N 80-1006977-02) with Software License (P/N 80-1002820-02); [DCX Backbone (P/N 80-1006752-01), DCX-4S Backbone (P/N 80-1006772-01), DCX 8510-4 Backbone (P/N 80-1006964-01), DCX 8510-8 Backbone (P/N 80-1007025-01)] with Blades (P/Ns 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1006771-01, 80-1006750-01, 80-1005166-02, 80-1005187-02, 80-1006936-01, 80-1006779-01, 80-1006823-01, 80-1007000-01, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.4.0 (P/N 51-1001672-01))
(When operated in FIPS mode and when tamper evident labels are installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware03/21/20173/20/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2876 and #2893); CVL (Certs. #311, #312, #320 and #321); DRBG (Certs. #670 and #671); ECDSA (Certs. #942 and #943); HMAC (Certs. #1814 and #1829); RSA (Certs. #2234 and #2235); SHS (Certs. #2417 and #2436); Triple-DES (Certs. #1719 and #1724)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #311 and #320, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARCFOUR; BLOWFISH; CAST; DES; DES3; DESX; HMAC-MD5-96; HMAC-SHA1-96 (non-compliant); HMAC-RIPEMD160; MD2; MD4; RC2; RC4; RIPEMD160; SNMPv3 KDF (non-compliant); UMAC-64

Multi-Chip Stand Alone

"The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
2864Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Hamid Sobouti
TEL: 408-333-4150
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® MLXe® Series Ethernet Routers, Brocade® NetIron® CER 2000 Series Ethernet Routers and Brocade NetIron® CES 2000 Series Ethernet Switches
(Hardware Versions: {[BR-MLXE-8-MR2-M-AC (80-1007225-01), BR-MLXE-16-MR2-M-AC (80-1006827-02), BR-MLXE-32-MR2-M-AC (80-1007253-04), BR-MLXE-4-MR2-X-AC (80-1006874-03), BR-MLXE-32-MR2-X-AC (80-1007255-04), with Components (80-1005643-01, 80-1005644-03, 80-1005641-02, 80-1005642-03, 80-1007878-02, 80-1007911-02, 80-1008426-01, 80-1008427-02, 80-1007879-02, 80-1003891-02, 80-1002983-01, 80-1008686-01, 80-1003971-01, 80-1003969-02, 80-1004114-01, 80-1004113-01, 80-1004112-01, 80-1004469-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01)], [BR-CER-2024C-4X-RT-AC (80-1006530-01), BR-CER-2024F-4X-RT-AC (80-1006529-01), with Components (80-1003868-01, 80-1004848-01)], [BR-CES-2024C-4X-AC (80-1000077-01), BR-CES-2024F-4X-AC (80-1000037-01), with Component (80-1003868-01)]} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.9.00aa)
(When operated in FIPS mode with the tamper evident labels installed and configured as specified in Section 14 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware03/21/20173/20/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1648, #2154, #2715, #2717, #2946, #3143, #3144 and #3478); CVL (Certs. #173, #175, #393, #394, #403, #404, #712, #713 and #1029); DRBG (Certs. #452, #454 and #684); ECDSA (Certs. #761 and #809); HMAC (Certs. #1694, #1696 and #2848); KBKDF (Cert. #35); KTS (AES Cert. #2946); KTS (AES Cert. #2717 and HMAC Cert. #1696; key establishment methodology provides 112 bits of encryption strength); RSA (Certs. #1411 and #1413); SHS (Certs. #934, #2280 and #2282)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Cert. #712; key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #713, key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-SHA-1-96 (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high performance Ethernet edge routing and MPLS applications.The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. Brocade MLXe Series routers feature industry-leading Gigabit Ethernet ports with wire-speed density; advanced Layer 2 switching; rich IPv4, IPv6, Multi-VRF, MPLS, L2/L3 Virtual Private Networks (VPN),IKEv2/IPsec and PHY based MACsec capabilities without compromising performance."
2863WatchGuard Technologies, Inc.
505 Fifth Avenue South, Suite 500
Seattle, WA 98104
USA

Peter Eng
TEL: 206-613-6600

CST Lab: NVLAP 200556-0
WatchGuard Firebox M200[1], M300[2], M400[3], M500[4], M440[5], M4600[6], M5600[7]
(Hardware Versions: ML3AE8 [1,2]; SL1AE24 [5]; KL5AE8 [3,4]; CL4AE24 [6] with WG8583, WG8584 and WG8597; CL5AE32 [7] with WG8583, WG8584, WG8585, WG8022, and WG8598; FIPS Kit P/N: WG8566; Firmware Version: Fireware OS v11.11.2)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/16/20173/15/2022Overall Level: 2

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3670, #3671, #3672, #3676, #3677, and #3960); CVL (Cert. #793); DRBG (Cert. #1160); HMAC (Certs. #2417, #2418, #2419, #2423, #2424, and #2580); RSA (Cert. #2023); SHS (Certs. #3085, #3086, #3087, #3091, #3092, and #3266); Triple-DES (Certs. #2049, #2050, #2051, #2055, #2056, and #2171)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (non-compliant); DES; MD5; PBKDF (non-compliant); TKIP

Multi-Chip Stand Alone

"WatchGuard® Firebox appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need. And the FIREBOX appliances are completely configurable - turn on or off components and services to fit different network security deployment requirements."
2862Hewlett Packard Enterprise
1160 Enterprise Way
Sunnyvale, CA 94089
USA

Harjit Dhillon
TEL: 916-501-1426

CST Lab: NVLAP 200427-0
HPE Enterprise Secure Key Manager
(Hardware Versions: P/N M6H81AA , Version 5.0; Firmware Version: 7.0.1; Software Version: N/A)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/10/20173/9/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3995); CVL (Certs. #820, #821, #822, #823 and #842); DRBG (Certs. #1185 and #1186); ECDSA (Cert. #889); HMAC (Cert. #2609); KTS (AES Cert #3995; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (AES Cert #3995 and HMAC Cert. #2609; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert #2194 and HMAC Cert. #2609; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2051); SHS (Cert. #3297); Triple-DES (Cert. #2194)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #842; key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; RC4; RSA (encrypt/decrypt)

Multi-Chip Stand Alone

"HP Enterprise Secure Key Manager (ESKM) provides key generation, retrieval, and management for encryption devices and solutions. ESKM is a hardened security appliance with secure access control, administration, and logging. ESKM supports high availability with automatic multi-site clustering, replication, and failover."
2861Dell, Inc.
One Dell Way
Round Rock, Texas 78682
USA

Kylie Gallagher
TEL: +1 512 723 7550

Gang Liu
TEL: +1 512 728 5545

CST Lab: NVLAP 200002-0
Dell Crypto Library for Dell iDRAC and Dell CMC
(Software Version: 2.4)
(When operated in FIPS mode. This validation entry is rebranding from Cert. #2496)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/15/20173/14/2022Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Linux 3.2.18 running on a PowerEdge M1000e Blade Server w/ Dell CMC
Linux 3.4.11 running on a PowerEdge R730 Rack Server w/ Dell iDRAC8 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4248); DRBG (Cert. #1327); DSA (Cert. #1138); HMAC (Cert. #2786); RSA (Cert. #2293); SHS (Cert. #3485); Triple-DES (Cert. #2303)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength); AES CMAC (non-compliant); AES GCM (non-compliant); AES XTS (non-compliant); ANSI X9.31 RNG (non-compliant); ECDSA (non-compliant); Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Triple-DES CMAC (non-compliant)

Multi-Chip Stand Alone

"Dell Cryptographic Module v2.4 is used within various Dell products including the Dell iDRAC8 and Dell CMC. The Integrated Dell Remote Access Controller 8 (Dell iDRAC8) is designed to improve the overall manageability and availability of Dell PowerEdge Servers. The Dell Chassis Management Controller (Dell CMC) is a systems management component designed to manage one or more Dell PowerEdge Systems containing Blade Servers."
2860DocuSign, Inc.
221 Main St.
Suite 1000
San Francisco, CA 94105
USA

Ezer Farhi
TEL: 972-39279529
FAX: 972-39230864

Moshe Harel
TEL: 972-3-9279578
FAX: 972-3-9230864

CST Lab: NVLAP 200002-0
DocuSign HSM Appliance
(Hardware Version: 5.0; Firmware Version: 5.0.0)
(When operated in FIPS mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/08/20173/7/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4029 and #4031); CVL (Certs. #857 and #1039); DRBG (Certs. #98 and #1205); ECDSA (Cert. #900); HMAC (Certs. #2630 and #2632); KTS (AES Cert. #4029 and HMAC Cert. #2630); RSA (Cert. #2069); SHS (Certs. #1465, #3325 and #3326); Triple-DES (Cert. #2207); Triple-DES MAC (Triple-DES Cert. #2207, vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES GCM (AES Cert. #4031; non-compliant); ARDFP; DES; DES MAC; DES Stream; FF3 (non-compliant); MD5

Multi-Chip Stand Alone

"DocuSign HSM Appliance is a high-performance cryptographic service provider. It performs high-speed cryptographic operations while protecting sensitive data. Its features include Triple-DES, AES, Triple-DES MAC, CCM, HMAC, RSA, ECDSA, SHA-1, SHA-256, SHA-384, SHA-512, public key database and certificate support, authenticated and encrypted communication with the module, secure storage of secret/private keys, software key medium and smartcard support, tamper-responsive enclosure, high level API requiring no cryptographic expertise, in-depth logging and auditing, and secure backup capabilities."
2859Mocana Corporation
20 California Street
San Francisco, CA 94111
USA

Srinivas Kumar
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0
Mocana Cryptographic Suite B Module
(Software Version: 6.4.1f)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/08/20173/7/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Mentor Graphics Linux 4.0 running on Avaya VSP 4450 family
Wind River Linux 6.0 running on Intel Atom E3800 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4100 and #4265); CVL (Certs. #971 and #1007); DRBG (Certs. #1232 and #1336); DSA (Certs. #1115 and 1140); ECDSA (Certs. #928 and #994); HMAC (Certs. #2679 and #2810); RSA (Certs. #2219 and #2296); SHS (Certs. #3375 and #3511); Triple-DES (Certs. #2243 and #2306)

-Other algorithms: Diffie-Hellman (CVL Cert. #971 with CVL Cert. #1007, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #971 with CVL Cert. #1007, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES GCM (AES Certs. #4100 and #4265; non-compliant); AES XTS (AES Certs. #4100 and #4265; non-compliant); DES; HMAC-MD5; MD2; MD4; MD5; PRNG; RSA (encrypt/decrypt)

Multi-Chip Stand Alone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
2858Motorola Solutions, Inc.
1303 East Algonquin Road
Schaumburg, IL 60196
USA

Dariusz Wolny

CST Lab: NVLAP 100432-0
Motorola GGM 8000 Gateway
(Hardware Versions: Base Unit P/N CLN1841F Rev AB with FIPS Kit P/N CLN8787A Rev B and Power Supply P/N CLN1850A Rev G (AC) or P/N CLN1849C Rev AA (DC); Firmware Version: KS 16.9.0.48)
(When operated in FIPS mode with tamper labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/08/20173/7/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #962 and #3993); CVL (Certs. #816, #817, #818, and #819); DRBG (Cert. #1184); ECDSA (Cert. #887); HMAC (Certs. #1487, #2606, and #2607); KAS (SP 800-56Arev2 with CVL Certs. #816 and #817; vendor affirmed); KAS (SP 800-56Arev2 with CVL Certs. #816 and #819; vendor affirmed); KTS (AES Cert. #3993 and HMAC Certs. #2606 and #2607); RSA (Cert. #2049); SHS (Certs. #933 and #3295); Triple-DES (Certs. #757 and #2192)

-Other algorithms: AES (Cert. #3993, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); HMAC-MD5; HMAC-SHA-1-96 (non-compliant); MD5; PRNG

Multi-Chip Stand Alone

"GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2857Motorola Solutions, Inc.
1303 East Algonquin Road
Schaumburg, IL 60196
USA

Dariusz Wolny

CST Lab: NVLAP 100432-0
Motorola Network Router (MNR) S6000
(Hardware Version: Base Unit P/N CLN1780L Rev FB with Encryption Module P/N CLN8261D Rev NA; Firmware Version: GS-16.9.0.48)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/08/20173/7/2022Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #173 and #3993); CVL (Certs. #816, #817, #818, and #819); DRBG (Cert. #1184); ECDSA (Cert. #887); HMAC (Certs. #39, #2606, and #2607); KAS (SP 800-56Arev2 with CVL Certs. #816 and #817; vendor affirmed); KAS (SP 800-56Arev2 with CVL Certs. #816 and #819; vendor affirmed); KTS (AES Cert. #3993 and HMAC Certs. #2606 and #2607); RSA (Cert. #2049); SHS (Certs. #258 and #3295); Triple-DES (Certs. #275 and #2192)

-Other algorithms: AES (Cert. #3993, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); HMAC-MD5; HMAC-SHA-1-96 (non-compliant); MD5; PRNG

Multi-Chip Stand Alone

"MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2856Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Jaz Lin
TEL: 408-745-2000

Van Nguyen
TEL: 408-745-2000

CST Lab: NVLAP 100432-0
Juniper Networks SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, and SRX650 Services Gateways
(Hardware Versions: P/Ns {SRX100H2, SRX110H2-VA, SRX110H2-VB, SRX210HE2, SRX220H2, SRX240H2, SRX550, SRX650} with JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.3X48-D30)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/07/20173/6/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4055, #4056, #4066, #4067, #4068 and #4069); CVL (Certs. #880 and #926); DRBG (Cert. #1216); DSA (Certs. #1096, #1099, #1100, #1101 and #1102); ECDSA (Certs. #909, #912, #913, #914 and #915); HMAC (Certs. #2647, #2648, #2653, #2654, #2655 and #2656); RSA (Certs. #2087, #2197, #2198, #2199 and #2200); SHS (Certs. #3342, #3343, #3349, #3350, #3351 and #3352); Triple-DES (Certs. #2217, #2218, #2219, #2220, #2223 and #2224)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-SHA-1-96 (HMAC Certs. #2647, #2648, #2653, #2654, #2655 and #2656); NDRNG; ARCFOUR; Blowfish; CAST; DSA (non-compliant); HMAC-MD5; HMAC-RIPEMD160; UMAC

Multi-Chip Stand Alone

"Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers."
2855Automation Solutions, Inc (AUTOSOL)
16055 Space Center Blvd.
Houston, TX 77062
USA

Ken Brucker
TEL: 281-286-6017
FAX: 281-286-6902

Edgar Cantu

CST Lab: NVLAP 201029-0
CryptoMod
(Hardware Version: CM5705-D9; Firmware Version: 1.0.51.FIPS)
(When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware03/03/20173/2/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4140); CVL (Cert. #946); DRBG (Cert. #1255); HMAC (Cert. #2713); PBKDF (vendor affirmed); RSA (Cert. #2257); SHS (Cert. #3410)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); PBKDF (non-compliant)

Multi-Chip Stand Alone

"AutoSol’s CryptoMod is an end-point security device that protects data exchanged between remote industrial field devices and a centralized SCADA host. Installed in front of equipment, the CryptoMod encrypts traffic for the entire length of an industrial network. It provides authentication for controlling network access, integrity when data is in motion, and confidentiality. It is a CSA Class 1 Div. 2 Gr. ABCD device and a terminal server, so it can fit any existing industrial network. It has a hardware watchdog timer and the capability for remote configuration, management, and updates."
2854EFJohnson Technologies
1440 Corporate Drive
Irving, TX 75038-2401
USA

John Tooker
TEL: 402-479-8447
FAX: 402-479-8472

Marshall Schiring
TEL: 402-479-8375
FAX: 402-479-8472

CST Lab: NVLAP 100432-0
Communication Cryptographic Library (CCL)
(Software Version: Product Number 039-5804-200 Rev 3.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/02/20173/1/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 6.0 running on a Nexus 5X (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3985); DRBG (Cert. #1178); ECDSA (Cert. #882); HMAC (Cert. #2601); KTS (AES Cert. #3985; key establishment methodology provides between 128 and 256 bits of encryption strength); SHS (Cert. #3290)

-Other algorithms: DES

Multi-Chip Stand Alone

"The CCL is a dynamically linked library implemented using the C programming language with an external Java interface. Application developers wishing to use the CCL can use the CCL's Application Programming Interface (API) to perform AES, ECDSA, HMAC, DRBG, SHA256 and SHA512 security related functions. It also includes non-validated legacy services to support DES encryption while operating in the Non-Approved mode of operation."
2853Kaspersky Lab UK Ltd.
1st Floor, 2 Kingdom Street
Paddington, London, W2 6BD
United Kingdom

Oleg Andrianov
TEL: +7 495 797 8700

CST Lab: NVLAP 200968-0
Kaspersky Cryptographic Module (User Mode)
(Software Version: 3.0.1.25)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/02/20173/1/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Windows 7 Professional 32-bit running on an Intel® Core™2 Duo P9600 @ 2.53GHz system without PAA
Windows 8.1 Enterprise 64-bit running on an Intel® Core™ i7-3770S CPU @ 3.10GHz system with PAA
Windows 7 Enterprise 64-bit running on an Intel® Core™ i5-2400 CPU @ 3.10GHz system with PAA
Windows 8.1 Enterprise 64-bit running on an Intel® Core™ i7-4770 CPU @ 3.40GHz system with PAA
Windows 10 Enterprise 64 bit running on an Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz system with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2849, #2959, #2960 and #2980); DRBG (Certs. #502, #561, #890, #891, #896 and #897); HMAC (Certs. #1789 and #1879); PBKDF (vendor affirmed); RSA (Certs. #1490 and #1558); SHA-3 (vendor affirmed); SHS (Certs. #2391 and #2492)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength), RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"Kaspersky Cryptographic Module (User Mode) is a software library that provides cryptographic services for various Kaspersky Lab applications. The module is provided as a user-mode DLL."
2852CTERA Networks Ltd.
CTERA Networks NA HQ
205 E. 42nd Street
New York, NY 10017
USA

Aron Brand

Zohar Kaufman

CST Lab: NVLAP 100432-0
CTERA Crypto Module™ (Java)
(Software Version: 3.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys. This validation entry is a non-security relevant modification to Cert. #2804.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/01/201712/7/2021Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): Java SE Runtime Environment v8 (1.8.0) on CentOS 6.4 on vSphere 6 running on a Cisco UCSB-B200-M4 Blade (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3756); CVL (Certs. #704, #705 and #706); DRBG (Cert. #1031); DSA (Cert. #1043); ECDSA (Cert. #804); HMAC (Cert. #2458); KAS (Cert. #73); KAS (SP 800-56Arev2, vendor affirmed); KBKDF (Cert. #78); KTS (vendor affirmed); KTS (AES Cert. #3756; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #2090; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Cert. #1932); SHA-3 (Cert. #3); SHS (Cert. #3126); Triple-DES (Cert. #2090)

-Other algorithms: Diffie-Hellman (CVL Cert. #704, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ARC4 (RC4); Blowfish; Camellia; CAST5; DES; DSTU4145; ElGamal; GOST28147; GOST3410-1994; GOST3410-2001; GOST3411; HMAC-GOST3411; HMAC-MD5; HMAC-RIPEMD; HMAC-TIGER; HMAC-WHIRLPOOL; IDEA; KBKDF (non-compliant); PBKDF (non-compliant); RC2; RIPEMD; PRNG; Scrypt; SEED; Serpent; SipHash; SHACAL-2; TIGER; Twofish; WHIRLPOOL

Multi-Chip Stand Alone

"CTERA Crypto Module™ (Java) is a secure cryptographic engine used by CTERA Enterprise File Services Platform. The platform enables organizations to securely sync, serve and protect data on any private or public cloud infrastructure."
2851United States Special Operations Command (USSOCOM)
7701 Tampa Point Boulevard
MacDill Air Force Base, FL 33621-5323
USA

William W. Burnham
TEL: (813) 826-2282
FAX: N/A

CST Lab: NVLAP 200416-0
Suite B Cryptographic Module
(Software Version: v3.0.0.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/27/20172/26/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): BlackBerry OS 10.3 running on Qualcomm Snapdragon 801
BlackBerry OS 10.3 running on Qualcomm Snapdragon S4
Microsoft Windows Server 2012 R2 (64-bit) running on Intel Xeon E5530 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3328 and #4312); CVL (Cert. #484); ECDSA (Cert. #657); HMAC (Cert. #2119); KAS (Cert. #55); KBKDF (Cert. #116); KTS (AES Cert. #3328); PBKDF (vendor affirmed); SHS (Cert. #2761)

-Other algorithms: N/A

Multi-Chip Stand Alone

"KEYW, in coordination with the United States Special Operations Command (USSOCOM), has developed a Suite B-compliant, standards based, AES/GCM-256 layer of encrypted communications between a BlackBerry Enterprise Server (BES) and a BlackBerry Mobile Set (MS) with Elliptic Curve (EC) key exchange used to negotiate symmetric keys."
2850Cavium Inc.
2315 N 1st Street
San Jose, CA 95131
USA

Phanikumar Kancharla
TEL: 408-943-7496

Tejinder Singh
TEL: 408-943-7403

CST Lab: NVLAP 100432-0
NITROXIII CNN35XX-NFBE HSM Family
(Hardware Versions: P/Ns CNL3560P-NFBE-G, CNL3560-NFBE-G, CNL3530-NFBE-G, CNL3510-NFBE-G, CNL3510P-NFBE-G, CNN3560P-NFBE-G, CNN3560-NFBE-G, CNN3530-NFBE-G and CNN3510-NFBE-G; Firmware Version: CNN35XX-NFBE-FW-2.0 build 69)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/27/2017
02/28/2017
2/26/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2033, #2034, #2035, #3205, #3206 and #4104); CVL (Certs. #167 and #563); DRBG (Cert. #680); DSA (Cert. #916); ECDSA (Cert. #589); HMAC (Certs. #1233 and #2019); KAS (Cert. #53); KAS (SP 800-56B, vendor affirmed); KBKDF (Cert. #65); KTS (AES Certs. #3206 and #4104); KTS (Triple-DES Cert. #2242; key establishment methodology provides 112 bits of encryption strength); RSA (Certs. #1634 and #2218); SHS (Certs. #1780 and #2652); Triple-DES (Certs. #1311 and #2242)

-Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); PBE; RC4

Multi-Chip Embedded

"CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in a virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers."
2849Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

CST Lab: NVLAP 200556-0
Symantec Messaging Gateway Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/27/20172/26/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): CentOS 6 running on a Dell PowerEdge R430 with Intel Xeon E5-2600

-FIPS Approved algorithms: AES (Cert. #4124); CVL (Cert. #931); DRBG (Cert. #1244); DSA (Cert. #1117); ECDSA (Cert. #939); HMAC (Cert. #2695); RSA (Cert. #2238); SHS (Cert. #3393); Triple-DES (Cert. #2255)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #931, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES XTS (AES Cert. #4124; non-compliant); PRNG

Multi-Chip Stand Alone

"The Symantec Messaging Gateway Cryptographic Module provides cryptographic functions for the Messaging Gateway platforms software.The module's logical cryptographic boundary is the shared library files and their integrity check HMAC files. The module is a multi-chip standalone embodiment installed on a General Purpose Device.All operations of the module occur via calls from host applications and their respective internal daemons/processes. As such there are no untrusted services calling the services of the module."
2848Micron Technology, Inc.
570 Alder Drive
Milpitas, CA 95035
USA

Dale McNamara
TEL: 408-834-1729

Jimmy Ruane
TEL: 408-834-1894

CST Lab: NVLAP 100432-0
MICRON 1100 SSD
(Hardware Versions: MTFDDAK256TBN-1AR15FCHA [1], MTFDDAK512TBN-1AR15FCHA [1], MTFDDAK256TBN-1AR15FCYY [2], MTFDDAK512TBN-1AR15FCYY [2], MTFDDAV256TBN-1AR15FCHA [1], MTFDDAV512TBN-1AR15FCHA [1], MTFDDAV256TBN-1AR15FCYY [2] and MTFDDAV512TBN-1AR15FCYY [2]; Firmware Versions: HPC0F10 [1] and MOMF000 [2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/23/2017
03/07/2017
2/22/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4111, #4051 and #4052); DRBG (Cert. #1236); HMAC (Cert. #2685); KTS (AES Cert. #4111); PBKDF (vendor affirmed); RSA (Cert. #2224); SHS (Cert. #3383)

-Other algorithms: NDRNG

Multi-Chip Embedded

"The MICRON 1100 SSD is a multi-chip embedded device which provides hardware AES 256 encryption/decryption of user data that is stored in the NAND flash. The cryptographic module (CM) supports the SATA interface and is compliant with the Trusted Computing Group (TCG) SSC specification Opal."
2847Digital Guardian, Inc.
860 Winter Street
Suite 3
Waltham, MA 02451
USA

Craig Hansen
TEL: 201-572-3784

CST Lab: NVLAP 200427-0
Verdasys Secure Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. This validation entry is a non-security-relevant modification to Cert. #1607)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/22/20172/22/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Windows XP 32-bit
Windows XP 64-bit (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1384); DRBG (Cert. #50); HMAC (Cert. #814); RSA (Cert. #677); SHS (Cert. #1261)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"The Verdasys Secure Cryptographic Module, VSEC.SYS, is a software module that provides cryptographic services for Digital Guardian's DG Agent for Windows endpoint products. The Verdasys Secure Cryptographic Module is leveraged in a variety of functions including securing communication, protecting agent components, and file encryption."
2846Prometheus Security Group Global, Inc.
3019 Alvin Devane Blvd.
Building 4, Suite #450
Austin, TX 78741
USA

Jeremy Freeze-Skret
TEL: 512-247-3700
FAX: 512-519-4054

Mark Thomas
TEL: 503-647-7762
FAX: 512-519-4054

CST Lab: NVLAP 100432-0
Talon™ Multi-Function Security Appliance
(Hardware Versions: P/Ns: TAL-SD (FIPS) v1.0 and TAL-HD (FIPS) v1.0; Firmware Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/22/20172/21/2022Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3924 and #3926); CVL (Cert. #780); DRBG (Certs. #1134 and #1135); HMAC (Certs. #2549 and #2550); KTS (AES Cert. #3924 and HMAC Cert. #2549); KTS (Triple-DES Cert. #2153 and HMAC Cert. #2549; key establishment methodology provides 112 bits of encryption strength); RSA (Cert. #2004); SHS (Certs. #3234 and #3235); Triple-DES (Cert. #2153)

-Other algorithms: AES (Cert. #3924, key wrapping; key establishment methodology provides 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength)

Multi-Chip Stand Alone

"The Talon provides ultra-high securtiy standards compliant approach to delivery of high definition real time video, control signaling and physical security data over an IP network. Meeting stringent government encryption and data validation standards, the end user can rest assured that their sensitive data is reliably transported and securely delivered. The device offers an unrivaled level of security and is not susceptible to spoofing or snooping. The product delivers all these features at a price point lower than existing solutions which would require multiple technology combinations."
2845LG Electronics, Inc.
20 Yoido-dong Youngdungpo-gu
Seoul 152-721
Republic of Korea

Jongseong Kim
TEL: 82-10-4535-0110
FAX: 82-2-6950-2080

CST Lab: NVLAP 200997-0
LG Kernel Loadable Cryptographic Module
(Hardware Version: Qualcomm Snapdragon 617; Qualcomm Snapdragon 808; Qualcomm Snapdragon 820; Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid02/22/20172/21/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 6.0.1 (Linux kernel 3.18) running on an LG G5 (A64 with CE PAA)
Android 6.0.1 (Linux kernel 3.10) running on an LG Vista2 (A32 with CE PAA)
Android 6.0.1 (Linux kernel 3.10) running on an LG Vista2 (A32 with NEON PAA)
Android 6.0.1 (Linux kernel 3.10) running on an LG V10 (ARMv8 with CE PAA) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3973, #3974 and #3975); DRBG (Certs. #1166, #1167 and #1168); HMAC (Certs. #2591, #2592 and #2593); SHA (Certs. #3278, #3279 and #3280); Triple-DES (Certs. #2178, #2179 and #2180)

-Other algorithms: NDRNG

Multi-Chip Stand Alone

"The LG Kernel Cryptographic Module is a software library located within the operating system kernel providing a C-language application program interface (API) for use by user and kernel applications that require cryptographic functionality."
2844Centrify Corporation
3300 Tannery Way
Santa Clara, CA 95054
USA

Kitty Shih

CST Lab: NVLAP 200556-0
Centrify Cryptographic Module
(Software Version: 2.0)
(When installed, initialized, and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/21/20172/20/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Mac OS 10.11.5 running on a MacBook Pro Intel Core i7
Red Hat Enterprise Linux 7.2 running on a Intel Xeon E5620 x86_64
AIX 7.2 (32-bit) running on a PowerPC Power7 Processor
AIX 7.2 (64-bit) running on a PowerPC Power7 Processor

-FIPS Approved algorithms: AES (Cert. #4087); CVL (Cert. #903); DRBG (Cert. #1226); DSA (Cert. #1110); ECDSA (Cert. #923); HMAC (Cert. #2667); RSA (Cert. #2212); SHS (Cert. #3363); Triple-DES (Cert. #2232)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)

Multi-Chip Stand Alone

"Centrify Cryptographic Module is a general purpose cryptographic library. The Centrify Cryptographic Module provides the cryptographic services for all Centrify products."
2843Ciena® Corporation
7035 Ridge Road
Hanover, MD 21076
USA

Patrick Scully
TEL: 613-670-3207

CST Lab: NVLAP 200928-0
Ciena 6500 Flex3 WaveLogic 3e OCLD Encryption Module
(Hardware Version: 2.0 with PCB P/N NTK539QS-220; Firmware Version: 2.01)
(When installed, initialized and configured as specified in Section 3.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/20/20172/19/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4231 and #4232); CVL (Cert. #980); DRBG (Cert. #1315); ECDSA (Certs. #976 and #977); HMAC (Cert. #2770); SHS (Certs. #3468 and #3469); Triple-DES (Cert. #2291)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG

Multi-Chip Embedded

"The Ciena 6500 Packet-Optical Platform Flex3 WaveLogic 3e OCLD Encryption Module offers an integrated transport encryption solution providing protocol-agnostic 100Gb/s or 200Gb/s wirespeed encryption service for enterprises, datacenters, government and also offered through service providers as differentiated managed service."
2842McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

James Reardon
TEL: 651-628-5346
FAX: n/a

CST Lab: NVLAP 100432-0
Network Security Platform Sensor NS-7100, NS-7200 and NS-7300
(Hardware Versions: P/Ns IPS-NS7100 Version 1.10, IPS-NS7200 Version 1.10 and IPS-NS7300 Version 1.10; FIPS Kit P/N IAC-FIPS-KT2; Firmware Version: 8.1.17.16)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocol SNMP shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware02/17/20172/16/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3156); CVL (Certs. #409 and #599); DRBG (Cert. #649); HMAC (Cert. #1989); RSA (Certs. #1600 and #1825); SHS (Certs. #2612 and #2923)

-Other algorithms: AES (Cert. #3156, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-SHA-1-96 (HMAC Cert. #1989); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (non-compliant); DES; HMAC (non-compliant); MD5; RC4; RSA (non-compliant); SHS (non-compliant); SNMP KDF (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2841Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Adaptive Security Appliance (ASA) Virtual
(Software Version: 9.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/15/20172/14/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): ASA Virtual 9.6 on Vmware ESXi 5.5 running on Cisco C220 M3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4344); CVL (Cert. #1048); DRBG (Cert. #1386); ECDSA (Cert. #1027); HMAC (Cert. #2882); RSA (Cert. #2346); SHS (Cert. #3579); Triple-DES (Cert. #2348)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4

Multi-Chip Stand Alone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA Virtual Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
2840Arxan Technologies
650 California St
San Francisco, CA 94108
USA

Sam Kerr
TEL: 301-968-4290
FAX: 415-247-0910

Andrei Alexandru
TEL: 301-968-4290
FAX: 415-247-0910

CST Lab: NVLAP 100432-0
Arxan Cryptographic Key & Data Protection
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/14/20172/13/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android KitKat 4.4.1 running on a Samsung Galaxy Tablet 4 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4123); CVL (Cert. #930); ECDSA (Cert. #938); HMAC (Cert. #2694); SHS (Cert. #3392); Triple-DES (Cert. #2253)

-Other algorithms: N/A

Multi-Chip Stand Alone

"Arxan Cryptographic Key & Data Protection solution implements state-of-the-art Whitebox Cryptography to protect Crypto Keys and Data (at-rest, in-transit & in-use). It transforms crypto keys and data so neither can be discovered statically in the application or in runtime memory. Arxan Cryptographic Key & Data Protection offers strongest security, broader platform support, with better performance, smaller footprint and easier integration. It provides all the major crypto algorithms and features required to protect sensitive keys and data in hostile or untrusted operational environments."
2839VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

Eric Betts
TEL: 1-650-427-1902

CST Lab: NVLAP 200928-0
VMware OpenSSL FIPS Object Module
(Software Version: 2.0.9)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/14/2017
02/22/2017
1/29/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Intel Core I without PAA w/ Windows 8.1 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Core I without PAA w/ Windows 7 SP1 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Core I with PAA w/ Windows 7 SP1 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Core I without PAA w/ Windows 10 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Core I with PAA w/ Windows 10 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Core I with PAA w/ Windows 8.1 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Xeon with PAA w/ Windows 2012 64 bit on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Xeon without PAA w/ Windows 2012 64 bit on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Xeon with PAA w/ Windows 2012 R2 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Xeon without PAA w/ Windows 2012 R2 on ESXi 6.0 (Microsoft C/C++ Optimizing Compiler Version 18.00.21005.1)
Intel Xeon without PAA w/ VMware NSX Controller OS 12.04 on ESXi 6.0 (gcc Compiler Version 4.6.3)
Intel Xeon with PAA w/ VMware NSX Controller OS 12.04 on ESXi 6.0 (gcc Compiler Version 4.6.3)
Intel Xeon without PAA w/ VMware NSX Edge OS 3.14 on ESXi 6.0 (gcc Compiler Version 4.6.3)
Intel Xeon with PAA w/ VMware NSX Edge OS 3.14 on ESXi 6.0 (gcc Compiler Version 4.6.3)
Intel Xeon with PAA w/ VMware NSX Manager OS 3.17 on ESXi 6.0 (gcc Compiler Version 4.6.3)
Intel Xeon without PAA w/ VMware NSX Manager OS 3.17 on ESXi 6.0 (gcc Compiler Version 4.6.3)
Intel Xeon with PAA w/ SLES 11 SP3 on ESXi 6.0 (gcc Compiler Version 5.3.0)
Intel Xeon without PAA w/ SLES 11 SP3 on ESXi 6.0 (gcc Compiler Version 5.3.0)
Intel Xeon without PAA w/ Photon OS 1.0 on ESXi 6 (gcc Compiler Version 5.3.0)
Intel Xeon with PAA w/ Photon OS 1.0 on ESXi 6 (gcc Compiler Version 5.3.0)

-FIPS Approved algorithms: AES (Cert. #4137); CVL (Cert. #943); DRBG (Cert. #1254); DSA (Cert. #1123); ECDSA (Cert. #949); HMAC (Cert. #2710); RSA (Cert. #2251); SHS (Cert. #3407); Triple-DES (Cert. #2261)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #943, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of strength); Dual EC DRBG; PRNG

Multi-Chip Stand Alone

"The VMware OpenSSL FIPS Object Module provides cryptographic functions to various VMware applications."
2838Mitsubishi Space Software Co., Ltd.
Tsukuba Mitsui Bldg.,
1-6-1, Takezono
Tsukuba-shi, Ibaraki-ken 305-0032
Japan

Ikuo Shionoya
TEL: +81-29-856-0155
FAX: +81-29-858-0848

Ken Nakajima
TEL: +81-29-856-0155
FAX: +81-29-858-0848

CST Lab: NVLAP 200928-0
Command Encryption Module
(Firmware Version: 3.0)
(When installed, initialized and Windows Firewall Advanced Security Version 6.1 configured as specified in Section 11 of the Security Policy with tamper evident seals (part number: MSS-FIPS-16-500) installed as indicated in Section 5 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware02/13/20172/12/2022Overall Level: 2

-Operational Environment: N/A
-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Windows 7 Professional SP1 running on a HP ProDesk 600 G2

-FIPS Approved algorithms: Triple-DES (Cert. #2191)

-Other algorithms: N/A

Multi-Chip Stand Alone

"Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
2837IBM Corporation
11400 Burnet Road
Austin, TX 78758
USA

Tom Benjamin
TEL: 512-286-5319
FAX: 512-973-4763

Karthik Ramamoorthy
TEL: 512-286-8135
FAX: 512-973-4763

CST Lab: NVLAP 200658-0
IBM Java JCE FIPS 140-2 Cryptographic Module with CPACF
(Hardware Version: COP chips integrated within processor unit; Firmware Version: 3863 (aka FC3863) with System Driver Level 22H; Software Version: 1.8)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid02/13/20172/12/2022Overall Level: 1

-Tested Configuration(s): Tested as meeting Level 1 with z/OS version 2 release 2 running on IBM z13 model N63
Red Hat Enterprise Linux Server release 7.2 running on IBM z13 model N63 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3909 and #3910); CVL (Certs. #768, #769, #770 and #771); DRBG (Certs. #1124 and #1125); DSA (Certs. #1067 and #1068); ECDSA (Certs. #852 and #853); HMAC (Certs. #2538 and #2539); KTS (vendor affirmed); RSA (Certs. #1993 and #1994); SHS (Certs. #3221 and #3222); Triple-DES (Certs. #2145 and #2146)

-Other algorithms: Diffie-Hellman (CVL Certs. #769 and #771; key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #769 and #771; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); MD5; Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework."
2836Chunghwa Telecom Co., Ltd. and NXP Semiconductors
No. 99, Dianyan Road
Yangmei Dist.
Taoyuan City 32661
Taiwan (R.O.C.)

Char-Shin Miou
TEL: 03-4244381

Yeou-Fuh Kuan
TEL: 03-4244333

CST Lab: NVLAP 100432-0
HiCOS PKI Applet and Taiwan TWNID Applet on NXP JCOP 3 SecID P60 (OSA)
(Hardware Version: P6022y VB; Firmware Versions: JCOP 3 SECID P60 (OSA) version 0x0503.8211; Applets: HiCOS PKI Applet V1.0, TWNID Applet V1.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/13/20172/12/2022Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3997); CVL (Cert. #824); DRBG (Cert. #1187); ECDSA (Cert. #890); KBKDF (Cert. #91); KTS (AES Cert. #3997; key establishment methodology provides 128 and 256 bits of encryption strength); RSA (Certs. #2053 and #2086); SHS (Cert. #3299); Triple-DES (Cert. #2195)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #824, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG

Single Chip

"The Taiwan TID Applet is a Javacard applet that stores personal information related to the user. It allows governmental organizations to retrieve pieces of data. The HiCOS PKI Applet is a Javacard applet that provides security for stored user data and credentials and an easy to use interface to PKI services (i.e., for strong authentication, encryption and digital signatures)."
2835Apricorn, Inc.
12191 Kirkham Road
Poway, CA 92064
USA

Robert Davidson
TEL: 858-513-4430
FAX: 858-513-4404

CST Lab: NVLAP 200802-0
Apricorn FIPS Module 140-2
(Hardware Versions: REV. D with CAN 1A [A, B]; Firmware Versions: 7.0 [A], 7.6 [B])
(When installed, initialized and configured as specified in Section 11.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware02/08/2017
03/10/2017
2/7/2022Overall Level: 2

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2235 and #4032); DRBG (Cert. #260); ECDSA (Cert. #919); KAS (Cert. #86); SHS (Cert. #1911);

-Other algorithms: NDRNG

Multi-Chip Embedded

"The FIPS 140-2 Module is a complete encryption system that provides USB 3.1 interface to any SATA media. The boundary includes all CSPs including seed generation, RNG, code storage & all encryption functions. No CSPs leave the boundary for improved security. Its software free design allows interface to any host that supports USB & mass storage. The module supports 1 Admin & 4 users, brute force, recovery PINs, 7-16 digit PINs, auto lock, read only, etc. & is compatible with Apricorn’s Aegis Configurator. The FIPS 140-2 Module is used in Aegis Fortress, Padlock DT FIPS & Padlock SSD."
2834Apricorn, Inc.
12191 Kirkham Road
Poway, CA 92064
USA

Robert Davidson
TEL: 858-513-4430
FAX: 858-513-4404

CST Lab: NVLAP 200802-0
Aegis Secure Key 3.0 Cryptographic Module
(Hardware Versions: RevD {ASK3-8GB (8GB) [A, B], ASK3-16GB (16GB) [A, B], ASK3-30GB (30GB) [A, B], ASK3-60GB (60GB) [A, B], ASK3-120GB (120GB) [A, B], ASK3-240GB (240GB) [A, B], ASK3-480GB (480GB) [A, B]}; Firmware Versions: 7.1 [A], 7.7 [B])
(When installed, initialized and configured as specified in Section 11.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/07/2017
03/10/2017
2/6/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2235 and #4032); DRBG (Cert. #260); ECDSA (Cert. #919); KAS (Cert. #86); SHS (Cert. #1911)

-Other algorithms: NDRNG

Multi-Chip Stand Alone

"The Apricorn Aegis Secure Key 3.0 is a hardware encrypted USB 3.1 memory key. Its software free design allows interface to any host that supports USB and mass storage. Authentication is performed via the embedded keypad and all critical security parameters (PINs, encryption keys, etc) never leave the device boundary for improved security. The device supports 1 administrator and 1 user and offers a variety of features including programmable brute force, recovery PINs, 7-16 digit PINs, auto lock, read only modes, and is compatible with Apricorn’s Aegis Configurator"
2833Aruba a Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0
Aruba VMC-TACT Series Virtual Controllers with ArubaOS FIPS Firmware
(Firmware Version: ArubaOS VMC 6.4.2.0-1.3-FIPS)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware02/03/20172/2/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): PacStar 451 SSV Small Server with Processor Intel i7 running on VMWare ESXI 5.5

-FIPS Approved algorithms: AES (Certs. #3778 and #3845); CVL (Certs. #718 and #734); DRBG (Cert. #1044); ECDSA (Certs. #813 and #830); HMAC (Certs. #2474 and #2494); KBKDF (Cert. #80); RSA (Certs. #1945, #1964 and #2082); SHS (Certs. #3145, #3167 and #3338); Triple-DES (Certs. #2099 and #2118)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-Chip Stand Alone

"The Aruba Networks Virtual Mobility Controller (VMC) is a virtualized network device that serves as a gateway between wired and wireless networks and provides command-and-control over Access Points (APs) within an Aruba dependent wireless network."
2832Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
USA

Shawn Geddis
TEL: 669-227-3579
FAX: 866-315-1954

CST Lab: NVLAP 200658-0
Apple macOS CoreCrypto Module, v7.0
(Software Version: 7.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/02/20172/1/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): macOS Sierra v10.12.2 running on Mac mini with i5 CPU with PAA
macOS Sierra v10.12.2 running on Mac mini with i5 CPU without PAA
macOS Sierra v10.12.2 running on MacBook Pro with i7 CPU with PAA
macOS Sierra v10.12.2 running on MacBook Pro with i7 CPU without PAA
macOS Sierra v10.12.2 running on MacPro with Xeon CPU with PAA
macOS Sierra v10.12.2 running on MacPro with Xeon CPU without PAA
macOS Sierra v10.12.2 running on MacBook with Core M CPU with PAA
macOS Sierra v10.12.2 running on MacBook with Core M CPU without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4191, #4192, #4193, #4194, #4195, #4196, #4197, #4198, #4207, #4208, #4209, #4210, #4211, #4212, #4213, #4214, #4215, #4216, #4217, #4218, #4219, #4220, #4221, #4222, #4223, #4224, #4225, #4226, #4227, #4228, #4229, #4230, #4270, #4271, #4272, #4273, #4274, #4275, #4276 and #4277); CVL (Certs. #972, #973, #974, #975, #976, #977, #978 and #979); DRBG (Certs. #1291, #1292, #1293, #1294, #1295, #1296, #1297, #1298, #1299, #1300, #1301, #1302, #1303, #1304, #1305, #1306, #1307, #1308, #1309, #1310, #1311, #1312, #1313 and #1314); ECDSA (Certs. #968, #969, #970, #971, #972, #973, #974 and #975); HMAC (Certs. #2746, #2747, #2748, #2749, #2750, #2751, #2752, #2753, #2754, #2755, #2756, #2757, #2758, #2759, #2760, #2761, #2762, #2763, #2764, #2765, #2766, #2767, #2768, #2769, #2796, #2797, #2798, #2799, #2800, #2801 and #2809); KTS (AES Certs. #4215, #4216, #4217, #4218, #4219, #4220, #4221, #4222, #4223, #4224, #4225, #4226, #4227, #4228, #4229, #4230, #4270, #4271, #4272, #4273, #4274, #4275, #4276 and #4277; key establishment methodology provides between 128 and 160 bits of encryption strength); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Certs. #2275, #2276, #2277, #2278, #2279, #2280, #2281 and #2282); SHS (Certs. #3444, #3445, #3446, #3447, #3448, #3449, #3450, #3451, #3452, #3453, #3454, #3455, #3456, #3457, #3458, #3459, #3460, #3461, #3462, #3463, #3464, #3465, #3466, #3467, #3497, #3498, #3499, #3500, #3501, #3502 and #3510); Triple-DES (Certs. #2283, #2284, #2285, #2286, #2287, #2288, #2289 and #2290)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; RSA (non-compliant); SP800-56C KDF (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The Apple macOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2831Oracle Corporation
500 Eldorado Blvd., Bldg 5
Broomfield, CO 80021
USA

Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0
Oracle StorageTek T10000D Tape Drive
(Hardware Versions: P/N: 7042136 and P/N: 7314405; Firmware Version: RB411111)
(When operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/02/20172/1/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2760, #4039, #4040 and #4047); CVL (Certs. #866 and #867); DRBG (Cert. #1209); ECDSA (Cert. #905); HMAC (Certs. #2636, #2637 and #2642); KTS (AES Cert. #4047); RSA (Cert. #2074); SHS (Certs. #3330 and #3331)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement, key establishment methodology provides 128 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-Chip Stand Alone

"The Oracle StorageTek T10000D Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000D Tape Drive delivers the world's fastest write speeds up to 8.5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution."
2830Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
USA

Shawn Geddis
TEL: 669-227-3579
FAX: 866-315-1954

CST Lab: NVLAP 200658-0
Apple macOS CoreCrypto Kernel Module, v7.0
(Software Version: 7.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/01/20171/31/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): macOS Sierra 10.12.2 running on Mac mini with i5 CPU with PAA
macOS Sierra 10.12.2 running on Mac mini with i5 CPU without PAA
macOS Sierra 10.12.2 running on MacBook Pro with i7 CPU with PAA
macOS Sierra 10.12.2 running on MacBook Pro with i7 CPU without PAA
macOS Sierra 10.12.2 running on MacPro with Xeon CPU with PAA
macOS Sierra 10.12.2 running on MacPro with Xeon CPU without PAA
macOS Sierra 10.12.2 running on MacBook with Core M CPU with PAA
macOS Sierra 10.12.2 running on MacBook with Core M CPU without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4199, #4200, #4201, #4202, #4203, #4204, #4205, #4206, #4261, #4262, #4263, #4264, #4289, #4290, #4291 and #4292); DRBG (Certs. #1287, #1288, #1289, #1290, #1332, #1333, #1334, #1335, #1349, #1350, #1351 and #1352); ECDSA (Certs. #999, #1000, #1001 and #1002); HMAC (Certs. #2792, #2793, #2794, #2795, #2802, #2803, #2804, #2805, #2806, #2807, #2808, #2825, #2826, #2827 and #2828); KTS (AES Certs. #4199, #4200, #4201, #4203, #4261, #4262, #4263, #4264, #4289, #4290, #4291 and #4292; key establishment methodology provides between 128 and 160 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2310, #2311, #2312 and #2313); SHS (Certs. #3493, #3494, #3495, #3496, #3503, #3504, #3505, #3506, #3507, #3508, #3509, #3527, #3528, #3529 and #3530); Triple-DES (Certs. #2310, #2311, #2312 and #2313)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; SP800-56C KDF (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The Apple macOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2829IBM Corporation
2455 South Road
Poughkeepsie, NY 12601-5400
USA

John Monti
TEL: 845-435-4164

Alyson Comer
TEL: 607-429-4309

CST Lab: NVLAP 200658-0
IBM® z/OS® Version 2 Release 1 System SSL Cryptographic Module
(Hardware Version: COP chips integrated within processor unit; Firmware Version: Feature 3863 (aka FC3863) with System Driver Level 22H; Software Version: HCPT410/JCPT411 with APAR OA50589)
(When operated in FIPS mode with modules IBM(R) z/OS(R) Version 2 Release 1 Security Server RACF(R) Signature Verification Module version 1.0 validated to FIPS 140-2 under Cert. #2691 operating in FIPS mode and IBM(R) z/OS(R) Version 2 Release 1 ICSF PKCS #11 Cryptographic Module validated to FIPS 140-2 under Cert. #2763 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid02/01/20171/31/2022Overall Level: 1

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): IBM z/OS Version 2 Release 1 running on an IBM z13 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3958, #4083 and #4084); CVL (Certs. #901, #902, #934 and #935); DSA (Certs. #1108, #1109, #1119 and #1120); HMAC (Certs. #2665, #2666, #2697 and #2698); RSA (Certs. #2210, #2211, #2231, #2232, #2240, #2241, #2242, #2243, #2244, #2245, #2246 and #2247); SHS (Certs. #3196, #3361 and #3362); Triple-DES (Certs. #2214, #2230 and #2231)

-Other algorithms: HMAC-MD5; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"z/OS® System SSL provides a rich set of C based application programming interfaces that allow applications to protect data using the SSL/TLS protocols and through PKCS#7 cryptographic messages. z/OS System SSL also enables applications to create and manage X.509 V3 certificates and keys within key database files and PKCS#11 tokens."
2828Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
USA

Shawn Geddis
TEL: 669-227-3579
FAX: 866-315-1954

CST Lab: NVLAP 200658-0
Apple iOS CoreCrypto Kernel Module v7.0
(Software Version: 7.0)
(When operated in FIPS Mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/01/20171/31/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): iOS 10.2 running on iPhone5S with Apple A7 CPU
iOS 10.2 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU
iOS 10.2 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU
iOS 10.2 running on iPhone7 (iPhone7 and iPhone7 Plus) with Apple A10 CPU
iOS 10.2 running on iPad Air 2 with Apple A8X CPU
iOS 10.2 running on iPad Pro with Apple A9X CPU (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4255, #4256, #4257, #4258, #4259, #4260, #4293, #4294, #4295, #4296, #4297 and #4298); DRBG (Certs. #1353, #1354, #1355, #1356, #1357 and #1358); ECDSA (Certs. #1003, #1004, #1005, #1006, #1007 and #1008); HMAC (Certs. #2829, #2830, #2831, #2832, #2833, #2834, #2854, #2855, #2856, #2857, #2858 and #2859); KTS (AES Certs. #4255, #4256, #4257, #4258, #4259, #4260, #4293, #4294, #4295, #4296, #4297 and #4298; key establishment methodology provides between 128 and 160 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2314, #2315, #2316, #2317, #2318 and #2319); SHS (Certs. #3531, #3532, #3533, #3534, #3535, #3536, #3557, #3558, #3559, #3560, #3561 and #3562); Triple-DES (Certs. #2314, #2315, #2316, #2317, #2318 and #2319)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; HASH_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; SP800-56C KDF (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2827Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
USA

Shawn Geddis
TEL: 669-227-3579
FAX: 866-315-1954

CST Lab: NVLAP 200658-0
Apple iOS CoreCrypto Module v7.0
(Software Version: 7.0)
(When operated in FIPS Mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/01/20171/31/2022Overall Level: 1

-Physical Security: N/A
-Tested Configuration(s): iOS 10.2 running on iPhone5S with Apple A7 CPU
iOS 10.2 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU
iOS 10.2 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU
iOS 10.2 running on iPhone7 (iPhone7 and iPhone7 Plus) with Apple A10 CPU
iOS 10.2 running on iPad Air 2 with Apple A8X CPU
iOS 10.2 running on iPad Pro with Apple A9X CPU (single-user mode)

-FIPS Approved algorithms: AES (Certs. #4156, #4157, #4158, #4159, #4160, #4161, #4162, #4163, #4164, #4165, #4166, #4167, #4168, #4169, #4170, #4171, #4172, #4173, #4174, #4175, #4176, #4177, #4178, #4179, #4180, #4181, #4182, #4183, #4184, #4185, #4186, #4187, #4188, #4189, #4190 and #4269); CVL (Certs. #959, #960, #961, #962, #963, #964, #965, #966, #967, #968, #969 and #1010); DRBG (Certs. #1264, #1265, #1266, #1267, #1268, #1269, #1270, #1271, #1272, #1273, #1274, #1275, #1276, #1277, #1278, #1279, #1280, #1281, #1282, #1283, #1284, #1285, #1286 and #1339); ECDSA (Certs. #957, #958, #959, #960, #961, #962, #963, #964, #965, #966, #967 and #997); HMAC (Certs. #2723, #2724, #2725, #2726, #2727, #2728, #2729, #2730, #2731, #2732, #2733, #2734, #2735, #2736, #2737, #2738, #2739, #2740, #2741, #2742, #2743, #2744, #2745 and #2813); KTS (AES Certs. #4156, #4157, #4158, #4159, #4160, #4161, #4162, #4163, #4164, #4166, #4169, #4170, #4180, #4181, #4182, #4183, #4184, #4185, #4186, #4187, #4188, #4189, #4190 and #4269; key establishment methodology provides between 128 and 160 bits of encryption strength); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Certs. #2264, #2265, #2266, #2267, #2268, #2269, #2270, #2271, #2272, #2273, #2274 and #2299); SHS (Certs. #3421, #3422, #3423, #3424, #3425, #3426, #3427, #3428, #3429, #3430, #3431, #3432, #3433, #3434, #3435, #3436, #3437, #3438, #3439, #3440, #3441, #3442, #3443 and #3514); Triple-DES (Certs. #2272, #2273, #2274, #2275, #2276, #2277, #2278, #2279, #2280, #2281, #2282 and #2308)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES-CMAC (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RFC6637 KDF; RIPEMD; RC2; RC4; RSA (non-compliant); SP800-56C KDF (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2826DataLocker Inc.
7007 College Blvd
Suite 240
Overland Park, KS 66211
USA

Jay Kim
TEL: 913-310-9088

CST Lab: NVLAP 100432-0
DataLocker H350
(Hardware Versions: P/Ns MXKB1B500G5001FIPS, MXKB1B001T5001FIPS, MXKB1B002T5001FIPS, DL-H350-0250SSD, DL-H350-0500SSD, DL-H350-1000SSD; Firmware Version: 1.1.0)
(Files distributed with the module mounted within the Read-Only drive are excluded from validation)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/31/20171/30/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #1412 and #4139); DRBG (Cert. #1257); HMAC (Certs. #2712 and #2715); PBKDF (vendor affirmed); RSA (Certs. #2255 and #2256); SHS (Certs. #1282 and #3409)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-Chip Stand Alone

"DataLocker H350 is a secure USB hard disk drive with 256-bit AES encryption and PKI operations combined with advanced authentication and policy management capabilities to help organizations control user access to sensitive data. DataLocker H350 allows enterprise management features like password recovery and remote kill."
2825Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Ciotat 17305
France

Chanan Lavy
TEL: 972-3-9781254
FAX: 972-3-9781010

Frederic Garnier
TEL: +33 442364368
FAX: +33 442366953

CST Lab: NVLAP 100432-0
eToken 5110
(Hardware Versions: P/Ns STM32F042K6U6TR [1] and SLE78CFX3000PH [2]; Firmware Versions: 5110 FIPS FW ver-15.0 [1] and IDCore30-revB- Build 06, eToken Applet version 1.8, eTPnP Applet V1.0 [2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/30/20171/29/2022Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3779); CVL (Certs. #719, #803 and #804); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); RSA (Certs. #1946, #1947 and #2037); SHS (Certs. #3146 and #3276); Triple-DES (Cert. #2100); Triple-DES MAC (Triple-DES Cert. #2100, vendor affirmed)

-Other algorithms: AES (Cert. #3779, key wrapping; key establishment methodology provides between 128 and 256 bits of strength); EC Diffie-Hellman (CVL Cert. #719, key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG; Triple-DES (Cert. #2100, key wrapping; key establishment methodology provides 112 bits of strength)

Multi-Chip Stand Alone

"SafeNet eToken 5110 FIPS is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business."
2824Apricorn, Inc.
12191 Kirkham Road
Poway, CA 92064
USA

Robert Davidson
TEL: 858-513-4430
FAX: 858-513-4404

CST Lab: NVLAP 200802-0
Aegis Secure Key 3Z Cryptographic Module
(Hardware Versions: RevA {P/Ns ASK3Z-8GB (8GB) [A, B, C], ASK3Z-16GB (16GB) [A, B, C], ASK3Z-32GB (32GB) [A, B, C], ASK3Z-64GB (64GB) [A, B, C] and ASK3Z-128GB (128GB) [A, B, C]}; Firmware Versions: 7.1 [A], 7.5 [B], 7.7 [C])
(When installed, initialized and configured as specified in Section 11.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/30/2017
03/10/2017
1/29/2022Overall Level: 3

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2235 and #4032); DRBG (Cert. #260); ECDSA (Cert. #919); KAS (Cert. #86); SHS (Cert. #1911)

-Other algorithms: NDRNG

Multi-Chip Stand Alone

"The Apricorn Aegis Secure Key 3z is a hardware encrypted USB 3.1 memory key. Its software free design allows interface to any host that supports USB and mass storage. Authentication is performed via the embedded keypad and all critical security parameters (PINs, encryption keys, etc) never leave the device boundary for improved security. The device supports 1 administrator and 1 user and offers a variety of features including programmable brute force, recovery PINs, 7-16 digit PINs, auto lock, read only modes, and is compatible with Apricorn’s Aegis Configurator"
2823UnaliWear, Inc.
3410 Cherry Lane
Austin, TX 78746
USA

Jean Anne Booth
TEL: 512-917-3088

Brian Kircher
TEL: 512-773-7854

CST Lab: NVLAP 100432-0
Kanega Watch
(Software Version: 3.9.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/20171/25/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): OpenRTOS v9.0.0 running on Atmel Sam4L8 Xplained Pro (single-user mode)

-FIPS Approved algorithms: AES (Cert. #4012); HMAC (Cert. #2617); SHS (Cert. #3310)

-Other algorithms: N/A

Multi-Chip Stand Alone

"The Kanega Watch is a cryptography software library."
2822Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX05S model) Type B
(Hardware Versions: A1 with PX05SVQ160B[1], A1 with PX05SVQ320B[2], A0 with PX05SRQ384B[3], A2 with PX05SVQ040B[4], A2 with PX05SRQ192B[5]; Firmware Versions: PX05MS00[1][2], PX056901[3], PX05MD42[4][5])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/25/2017
02/22/2017
1/24/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879)

-Other algorithms: NDRNG

Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2821Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

Diana Robinson
TEL: 845-454-6397

Ian Hall
TEL: 703-598-6876

CST Lab: NVLAP 200928-0
SSL Visibility Appliance
(Hardware Versions: SV3800 [1], SV3800B [2] and SV3800B-20 [3]; 090-03064 [1], 080-03563 [1], 080-03679 [1], 090-03550 [2], 080-03782 [2], 080-03787 [2], 090-03551 [3], 080-03783 [3], and 080-03788 [3] with FIPS Kit: FIPS-LABELS-SV; Firmware Versions: 3.8.2F build 227, 3.8.4FC, 3.10 build 40)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/25/20171/24/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3195, #3496 and #4106); CVL (Certs. #429, #562 and #919); DRBG (Certs. #669, #866 and #1233); ECDSA (Certs. #584, #711 and #931); HMAC (Certs. #2013, #2230 and #2682); PBKDF (vendor affirmed); RSA (Certs. #1238, #1625, #1794 and #2222); SHS (Certs. #2052, #2642, #2885 and #3378); Triple-DES (Certs. #1821, #1968 and #2244)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camelia; ChaCha20-Poly1305; DES; HMAC-MD5; MD5; RC4

Multi-Chip Stand Alone

"The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic."
2820Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Adaptive Security Appliances
(Hardware Versions: ASA 5506-X[1], ASA 5506H-X[1], ASA 5506W-X[1], ASA 5508-X[2][3], ASA 5512-X[2], ASA 5515-X[5], ASA 5516-X[2][4], ASA 5525-X[5], ASA 5545-X[5], ASA 5555-X[5], ASA 5585-X SSP-10[6], 5585-X SSP-20[6], 5585-X SSP-40[6], and 5585-X SSP-60[6] with [ASA5506-FIPS-KIT=][1], [ASA5500X-FIPS-KIT=][2], [ASA5508-FIPS-KIT=][3], [ASA5516-FIPS-KIT=][4], [CISCO-FIPS-KIT=][5] or [ASA5585-X-FIPS-KIT][6]; Firmware Version: 9.6)
(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/23/20171/22/2022Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2050, #2444, #2472, #3301 and #4249); CVL (Cert. #1002); DRBG (Certs. #332, #336, #819 and #1328); ECDSA (Cert. #989); HMAC (Certs. #1247, #1514, #2095 and #2787); RSA (Cert. #2298); SHS (Certs. #1794, #2091, #2737 and #3486); Triple-DES (Certs. #1321, #1513, #1881 and #2304)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4

Multi-Chip Stand Alone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
2819Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX05S model) Type A
(Hardware Versions: A1 with PX05SVQ080B, A1 with PX05SVQ160B or A1 with PX05SRQ384B; Firmware Version: PX05NA00)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/19/20171/18/2022Overall Level: 2

-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879)

-Other algorithms: NDRNG

Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2818Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco ASA Service Module (SM)
(Hardware Version: WS-SVC-ASA-SM1-K9; Firmware Version: 9.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/18/20171/17/2022Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #2050, #2444 and #4249); CVL (Cert. #1002); DRBG (Certs. #332 and #1328); ECDSA (Cert. #989); HMAC (Certs. #1247 and #2787); RSA (Cert. #2298); SHS (Certs. #1794 and #3486); Triple-DES (Certs. #1321 and #2304)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4

Multi-Chip Embedded

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The Cisco ASA Service Module (SM) provides comprehensive security, performance, and reliability for network environments of all sizes."
2817Hypori, Inc.
9211 Waterford Centre Blvd
Suite 100
Austin, TX 78758
USA

Evan Watkins
TEL: 512-646-1040

CST Lab: NVLAP 200427-0
Hypori FIPS Object Module for OpenSSL
(Software Version: 2.0.10)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #1747)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/13/20171/12/2022Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Android 2.2 running on Qualcomm QSD8250 (ARMv7) without PAA (gcc Compiler Version 4.4.0)Android 2.2 running on Qualcomm QSD8250 (ARMv7) with PAA (gcc Compiler Version 4.4.0)Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)uCLinux 0.9.29 running on ARM 922T (ARMv4) (gcc Compiler Version 4.2.1)Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1)HP-UX 11i (32 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)HP-UX 11i (64 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)Ubuntu 10.04 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)Ubuntu 10.04 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)Android 3.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.0)Linux 2.6.27 running on PowerPC e300c3 (gcc Compiler Version 4.2.4)Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00)Ubuntu 10.04 running on Intel Core i5 with PAA (32 bit) (gcc Compiler Version 4.1.3)Linux 2.6.33 running on PowerPC32 e300 (gcc Compiler Version 4.1.0)Android 2.2 running on OMAP 3530 (ARMv7) with PAA (gcc Compiler Version 4.1.0)VxWorks 6.8 running on TI TNETV1050 (MIPS) (gcc Compiler Version 4.1.2)Linux 2.6 running on Broadcom BCM11107 (ARMv6) (gcc Compiler Version 4.3.2)Linux 2.6 running on TI TMS320DM6446 (ARMv4) (gcc Compiler Version 4.3.2)Linux 2.6.32 running on TI AM3703CBP (ARMv7) (gcc Compiler Version 4.3.2)Oracle Solaris 10 (32 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version3.4.3)Oracle Solaris 10 (64 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version 3.4.3)Oracle Solaris 11 (32 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)Oracle Solaris 11 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)Oracle Solaris 11 running on Intel Xeon 5675 with PAA (32 bit) (gcc Compiler Version 4.5.2)Oracle Solaris 11 running on Intel Xeon 5675 with PAA (64 bit) (gcc Compiler Version 4.5.2)Oracle Linux 5 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.1.2)CascadeOS 6.1 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)CascadeOS 6.1 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)Oracle Linux 5 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.1.2)Oracle Linux 6 running on Intel Xeon 5675 without PAA (gcc Compiler Version 4.4.6)Oracle Linux 6 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.4.6)Oracle Solaris 11 (32 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)Oracle Solaris 11 (64 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)Android 4.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.3)Apple iOS 5.1 running on ARMv7 (gcc Compiler Version 4.2.1)Microsoft Windows CE 6.0 running on ARMv5TEJ (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM)Microsoft Windows CE 5.0 running on ARMv7 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM)Linux 2.6 running on Freescale PowerPCe500 (gcc Compiler Version 4.1.0)DSP Media Framework 1.4 running on TI C64x+ (TMS320C6x C/C++ Compiler v6.0.13)Android 4.0 running on TI OMAP 3 (ARMv7) with PAA (gcc Compiler Version 4.4.3)NetBSD 5.1 running on PowerPCe500 (gcc Compiler Version 4.1.3)NetBSD 5.1 running on Intel Xeon 5500 (gcc Compiler Version 4.1.3)Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64)Android 4.1 running on TI DM3730 (ARMv7) without PAA (gcc Compiler Version 4.6)Android 4.1 running on TI DM3730 (ARMv7) with PAA (gcc Complier Version 4.6)Android 4.2 running on Nvidia Tegra 3 (ARMv7) without PAA (gcc Compiler Version 4.6)Android 4.2 running on Nvidia Tegra 3 (ARMv7) with PAA (gcc Compiler Version 4.6)Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with PAA (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with PAA (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with PAA (gcc compiler Version 4.4.3)Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2)Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with PAA (gcc Compiler Version 4.2.1)OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3)QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1)eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2)Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1)Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without PAA (gcc Compiler Version 4.7.3)Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with PAA (gcc Compiler Version 4.7.3)Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3)Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without PAA (gcc Compiler Version 4.2.1)iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with PAA (gcc Compiler Version 4.2.1)PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L without PAA (gcc Compiler Version 4.6.3)PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L with PAA (gcc Compiler Version 4.6.3)Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1)AcanOS 1.0 running on Intel Core i7-3612QE (x86) without PAA (gcc Compiler Version 4.6.2)AcanOS 1.0 running on Intel Core i7-3612QE (x86) with PAA (gcc Compiler Version 4.6.2)AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3)FreeBSD 8.4 running on Intel Xeon E5440 (x86) without PAA (gcc Compiler Version 4.2.1)FreeBSD 9.1 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1)FreeBSD 9.1 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1)ArbOS 5.3 running on Xeon E5645 (x86) without PAA (gcc Compiler Version 4.1.2)Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5)Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5)ArbOS 5.3 running on Xeon E5645 (x86) with PAA (gcc Compiler Version 4.1.2)FreeBSD 9.2 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1)FreeBSD 9.2 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1)FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3)FreeBSD 10.0 running on Xeon E5- 2430L (x86) with PAA (clang Compiler Version 3.3)FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1)Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1)Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without PAA (clang Compiler Version 5.1)Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with PAA (clang Compiler Version 5.1)TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)iOS 8.1 64-bit running on Apple A7 (ARMv8) without PAA and Crypto Extensions (clang Compilerv Version 600.0.56)iOS 8.1 64-bit running on Apple A7 (ARMv8) with PAA and Crypto Extensions (clang Compiler Version 600.0.56)VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3)iOS 8.1 32-bit running on Apple A7 (ARMv8) without PAA (clang Compiler Version 600.0.56)iOS 8.1 32-bit running on Apple A7 (ARMv8) with PAA (clang Compiler Version 600.0.56)Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without PAA (gcc Compiler Version 4.9)Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with PAA (gcc Compiler Version 4.9)Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without PAA and Crypto Extensions (gcc Compiler Version 4.9)Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with PAA and Crypto Extensions (gcc Compiler Version 4.9) Android 4.4 (ARMv7 with Houdini) running under VMware ESXI 6 on Dell PowerEdge R430 (x86) (gcc Compiler Version 4.8.5)Android 4.4 running under VMware ESXI 6 on Dell PowerEdge R430 (x86) (gcc Compiler Version 4.8.5) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929, #3090, #3264 and #4154); CVL (Certs. #10, #12, #24, #36, #49, #53, #71, #85, #260, #331, #372, #472 and #958); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540, #607, #723 and #1262); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870, #896, #933 and #1128); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528, #558, #620 and #956); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856, #1937, #2063 and #2722); RSA (Certs. #960, #1086, #1145, #1205, #1237, #1273, #1477, #1535, #1581, #1664 and #2262); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465, #2553, #2702 and #3419); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742, #1780, #1853 and #2270)

-Other algorithms: EC Diffie-Hellman; PRNG; RSA (encrypt/decrypt)

Multi-Chip Stand Alone

"Re-brand of OpenSSL Version 2.0.10 running in Hypori Virtual Device"
2816Microwave Networks Inc.
4000 Greenbriar Dr., #100A
Stafford, TX 77477
USA

Ben Lee
TEL: 281-263-6569
FAX: 281-263-6400

Angelos Liveris
TEL: 281-263-6701
FAX: n/a

CST Lab: NVLAP 100432-0
Proteus MX Licensed Band Radio Cryptographic Module
(Hardware Versions: P/Ns 8209361-10 Rev A03 [1], 8209361-12 Rev A03 [1], 8209361-14 Rev A03 [1], 8209363-10 Rev A03 [2], 8209363-12 Rev A03 [2] and 8209363-14 Rev A03 [2]; Firmware Version: 8746006-02 Rev A02 [1] or 8746007-02 Rev A02 [2])
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/12/20171/11/2022Overall Level: 2

-Cryptographic Module Specification: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #4080, 4081 and #4082); CVL (Cert. #900); DSA (Cert. #1107); HMAC (Cert. #2664); SHS (Cert. #3360)

-Other algorithms: HMAC-SHA-1-96 (HMAC Cert. #2664); DES; Diffie-Hellman; HMAC (non-compliant); HMAC-MD5; MD5; PRNG; RC4; SHS (non-compliant); Triple-DES (non-compliant)

Multi-Chip Embedded

"The module is a cryptographic device enclosed in a plug-in chassis that provides mux/demux and mod/dmod functions along with optional payload encryption for a line of license band point-to-point radios."
2815CTERA Networks Ltd.
CTERA Networks NA HQ
205 E. 42nd Street
New York, NY 10017
USA

Aron Brand

Zohar Kaufman

CST Lab: NVLAP 201029-0
CTERA Crypto Module
(Software Version: 2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/12/2017
01/17/2017
1/16/2022Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755, CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual EC DRBG; RNG

Multi-Chip Stand Alone

"CTERA Crypto Module™ (Server) is a secure cryptographic engine used by CTERA Enterprise File Services Platform. The platform enables organizations to securely sync, serve and protect data on any private or public cloud infrastructure."
2814Utimaco IS GmbH
Germanusstr. 4
52080 Aachen
Germany

Dr. Gesa Ott
TEL: +49 241-1696-245
FAX: +49 241-1696-199

CST Lab: NVLAP 200983-0
CryptoServer Se-Series Gen2
(Hardware Versions: 5.01.2.0 and 5.01.4.0; Firmware Version: 5.0.10.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/11/2017
01/25/2017
1/24/2022Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #4028); CVL (Certs. #855 and #856); DRBG (Cert. #1202); DSA (Cert. #1091); ECDSA (Certs. #897 and #898); HMAC (Cert. #2628); KBKDF (Cert. #97); RSA (Certs. #2066 and #2067); SHS (Cert. #3321, #3322, and #3323); Triple-DES (Cert. #2205); Triple-DES MAC (Triple-DES Cert. #2205, Vendor Affirmed)

-Other algorithms: AES (Cert. #4028, key wrapping; key establishment method provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); Triple-DES (Cert. #2205, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES MAC (Cert. #4028; non-compliant); DES; ECIES; KDF per PKCS #11 (non-compliant); MD5; MDC-2; RIPEMD-160; RSA (non-compliant); Triple-DES ANSI Retail MAC

Multi-Chip Embedded

"The CryptoServer Se-Series Gen2 Version 5.01.2.0 and 5.01.4.0 is an encapsulated protected security module which is realized as a multi-chip embedded cryptographic module as defined in FIPS 140-2. It's realization meets the overall FIPS 140-2 Level 3 requirements. The primary purpose of this module is to provide secure cryptographic services such as encryption or decryption, hashing, signing and verification of data, random number generation, on-board secure key generation, key storage and further key management functions in a tamper-protected environment."
2813Gemalto SA
Avenue du Jujubier, Z.I Athelia IV
La Ciotat 13705
France

Carlos ROMERO-LICERAS
TEL: +33 442365666
FAX: +33 442365545

Frederic GARNIER
TEL: +33 442364368
FAX: +33 442366953

CST Lab: NVLAP 100432-0
TOPDLv2.1 Platform
(Hardware Version: NXP P60D144P VA (MPH149); Firmware Versions: TOPDLV2.1 (Filter04), Demonstration Applet version V1.3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/11/20171/10/2022Overall Level: 3

-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Cert. #3543); CVL (Certs. #597, #815 and #834); DRBG (Cert. #900); ECDSA (Cert. #721); KBKDF (Cert. #85); KTS (AES Cert, #3543; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (Triple-DES Cert. #1984; key establishment methodology provides 112 bits of encryption strength); RSA (Certs. #1822 and #1823); SHS (Cert. #2921); Triple-DES (Cert. #1984); Triple-DES MAC (Triple-DES Cert. #1984, vendor affirmed)

-Other algorithms: NDRNG

Single Chip

"TOPDLv2.1 is a part of Gemalto's TOPDL family of Java Cards and offers a comprehensive array of features and options for logical and physical access control applications. TOPDLv2.1 is a highly secure platform for private and public sector smart card deployments implementing Java Card 2.2.2 and Global Platform 2.1.1/2.2 Amdt D specifications with both contact and contactless interfaces. TOPDLv2.1 is ideally suited for markets such as Identity or Security/Access, including one-time password authentication, Public Key Infrastructure (PKI) services, digital transactions and physical access control"
2812Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

Diana Robinson
TEL: 845-454-6397

Ian Hall
TEL: 703-598-6876

CST Lab: NVLAP 200928-0
SSL Visibility Appliance
(Hardware Versions: SV1800-C [1], SV1800B-C [2], SV1800-F [3], SV1800B-F [4], SV2800 [5] and SV2800B [6]; 090-03061 [1], 080-03560 [1], 080-03676 [1], 090-03547 [2], 080-03779 [2], 080-03784 [2], 090-03062 [3], 080-03561 [3], 080-03677 [3], 090-03548 [4], 080-03780 [4], 080-03785 [4], 090-03063 [5], 080-03562 [5], 080-03678 [5], 090-03549 [6], 080-03781 [6], 080-03786 [6] with FIPS Kit: FIPS-LABELS-SV; Firmware Versions: 3.8.2F build 227, 3.8.4FC, 3.10 build 40)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/11/20171/10/2022Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #3195, #3496 and #4106); CVL (Certs. #429, #562 and #919); DRBG (Certs. #669, #866 and #1233); ECDSA (Certs. #584, #711 and #931); HMAC (Certs. #2013, #2230 and #2682); PBKDF (vendor affirmed); RSA (Certs. #1238, #1625, #1794 and #2222); SHS (Certs. #2052, #2642, #2885 and #3378); Triple-DES (Certs. #1821, #1968 and #2244)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Camelia; ChaCha20-Poly1305; DES; HMAC-MD5; MD5; RC4

Multi-Chip Stand Alone

"The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic."
2811Samsung Electronics Co., Ltd.
275-18, Samsung 1-ro
Hwaseong-si, Gyeonggi-do 445-330
Korea

Jisoo Kim
TEL: 82-31-3096-2832
FAX: 82-31-8000-8000(+62832)

CST Lab: NVLAP 200802-0
Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series
(Hardware Versions: MZILS7T6HMLS-000H9 and MZILS15THMLS-000H9; Firmware Version: 3P00)
(When installed, initialized and configured as specified in the Security Rules Section of the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/05/20171/4/2022Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Tested Configuration(s): N/A

-FIPS Approved algorithms: AES (Certs. #617 and #3213); DRBG (Cert. #121); ECDSA (Cert. #932); SHS (Cert. #3382)

-Other algorithms: NDRNG

Multi-Chip Stand Alone

"Samsung SAS 12G TCG Enterprise SSC SEDs PM1633a Series are a high-performance Self-Encrypting SSDs supporting SAS 12G Interface that provides on-the-fly encryption/decryption of user data without performance loss. It implements AES256-XTS for user data encryption, ECDSA P-224 for FW authentication, and CTR_DRBG for key generation."