CMVP Main Page

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine if their product utilizes an embedded validated cryptographic module. There is inevitably a larger number of security products or applications available which use embedded validated cryptographic modules, than the number of modules which are found in this list. In addition, it is possible that other vendors, who are not found in this list, might incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the product or application that is being offered is either a validated cryptographic module itself (e.g. VPN, SmartCard, etc) or the product or application uses an embedded validated cryptographic module (toolkit, etc). Ask the vendor to supply a signed letter stating their application, product or module is a validated module or incorporates a validated module, the module provides all the cryptographic services in the solution, and reference the modules validation certificate number from this listing.

*** NOTE: Module descriptions were provided by the vendors, and their contents have not been verified for accuracy by NIST or CSEC. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (non-FIPS-approved algorithms) have not been validated or tested through the CMVP. ***

Questions regarding modules on this list should first be directed to the indicated vendor.

Cert#	Vendor	Cryptographic Module	Module Type	Val. Date	Level / Description
1257	Comtech Mobile Datacom Corporation 20430 Century Boulevard Germantown, MD 20874 USA -Ngone Boissy TEL: 240-686-3302	Comtech Mobile Datacom Corporation Cryptographic Library (libcmscrypto) (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/28/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v5.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #1124); HMAC (Cert. #635); SHA (Cert. #1047) -Other algorithms: DES; Triple-DES (non-compliant) Multi-chip standalone "libcmscrypto is a library implemented in the Comtech Mobile Datacom Corp. products and provides the basic cryptographic functionality that includes Advanced Encryption Standard (AES) algorithm, SHA1 message digest, HMAC SHA-1 Keyed-Hash message authentication code."
1256	Aastra USA, Inc. 11279 Perry Highway Suite 500 Wexford, PA 15090 USA -Lloyd Hucke TEL: 724-934-1200 x3820 FAX: 724-934-1205 -Keith Huthmacher TEL: 724-934-1200 x3810 FAX: 724-934-1205	ViPr Cryptographic Module (Hardware Version: BCM5812, rev. A0; Software Version: 3.0.5; Firmware Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hybrid	01/15/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 4402-A ViPr Desktop Terminal running Redhat Linux 2.4.31 OS -FIPS-approved algorithms: AES (Cert. #1075); RNG (Cert. #563) -Other algorithms: MD5 Multi-chip standalone "ViPr Cryptographic Module ver.1.0 is part of ViPr Video Conferencing system comprised of a ViPr Media Center Terminal running ViPr application software version 3.0.5"
1254	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101	Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Version: P/N 5185912Y01; Firmware Versions: R01.00.00 and R01.00.00 (AES Cert. #819)) (When operated in FIPS mode with firmware R01.00.00 installed) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/15/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio system products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1253	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Harinder Sood TEL: 301-944-1325 FAX: 301-670-6989	3e-523-F2 and 3e-523-3 Secure Multi-function Wireless Data Points (Hardware Versions: 1.0, 1.1, 1.2 (3e-523-F2) and 2.0 (3e-523-3); Firmware Version: 4.3.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/28/2010	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1021 and #1022); Triple-DES (Certs. #782 and #783); SHS (Certs. #975 and #976); HMAC (Certs. #570 and #571); RNG (Cert. #583); RSA (Cert. #490) -Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; DES; AES CFB (non-compliant) Multi-chip standalone "The 3e-523-F2 and 3e-523-3 operate as either a gateway connecting a local area network to wide area network (WAN), an access point within a wireless local area network (WLAN), a client within a WLAN, or a wireless bridging device. 3eTI software provides the following major services in FIPS mode: Wireless 802.11a/b/g Access Point functionality; Wireless 802.11a/b/g Client functionality; Wireless 802.11a/b/g Bridge functionality; Wireless 802.11a/b/g Mesh functionality (auto-forming, self-healing wireless capability); IEEE 802.11i."
1252	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Version: 3.8.5.85) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	01/06/2010	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 9550 with BlackBerry OS Version 5.0 -FIPS-approved algorithms: Triple-DES (Cert. #838); AES (Certs. #1157 and #1158); SHS (Cert. #1070); HMAC (Cert. #659); RSA (Cert. #547); RNG (Cert. #640); ECDSA (Cert. #137) -Other algorithms: EC Diffie-Hellman (key agreement); ECMQV (key agreement) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1251	Fortress Technologies, Inc. 4023 Tampa Road Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388 FAX: 813-288-7389	Fortress Controller -X (FC-X) (Hardware Versions: FC-250, FC-250SB, FC500, FC500SB, FC-1500 and FC1500SB; Firmware Versions: 5.1.2 and 5.1.2.5100CAJ) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	01/06/2010; 01/28/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #852, #853 and #389); HMAC (Certs. #469, #569 and #371); SHS (Certs. #845, #846, #721, #722 and #715); RNG (Certs. #487, #488 and #189); RSA (Cert. #488); Triple-DES (Cert. #703) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; Hardware RNG Multi-chip standalone "The Fortress Controller -X (FC-X) secures wireless devices, users and network infrastructure. It implements Fortress's Mobile Security Protocol (MSP) to provide network authentication, key exchange, and data encryption and integrity checking at layer 2 of the OSI networking model."
1250	CipherOptics, Inc. 701 Corporate Center Drive Raleigh, NC 27607 USA -Kevin Nigh TEL: 412-262-2571 FAX: 919-865-0679	CipherOptics ESG100 and CipherOptics ESG1002 (Hardware Versions: ESG100, A and ESG1002, A; Firmware Version: 2.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/29/2009	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #209); RNG (Cert. #274) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5; HMAC MD5; DES; NDRNG Multi-chip standalone "The CipherOptics ESG100 and ESG1002 are high performance, integrated security appliances that offer Gigabit and 10/100 Ethernet IPSec encryption respectively. Housed in a tamper evident chassis, have two ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
1249	Oberthur Technologies 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503	Oberthur ID-One Cosmo V7-n Lite (Hardware Version: P/N C6; Firmware Versions: FC10 with op-codes (069776 or 017962)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/29/2009; 02/05/2010	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); RNG (Cert. #480); RSA (Cert. #403); SHS (Cert. #833) -Other algorithms: Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 80 bits of encryption strength) Single-chip "This new generation Oberthur Smart Card programmable modules offers a highly secure architecture with state of the art on board cryptographic services that include Data Encryption Standard (2TDEA and 3TDEA) for symmetric encryption; Secure Hash Algorithm (SHA up to 512) for message digest; Elliptic-Curve Diffie-Hellman (ECDH) for key agreement and Digital Signature Algorithm (ECDSA up to f =521) for digital signatures. Additional features include Logical Channels and Delegated Management. The module supports Java Card 2.2.2 and Global Platform 2.1.1.A and is available in variable EEPROM sizes."
1248	Oberthur Technologies 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503	Oberthur ID-One Cosmo V7-a (Hardware Versions: P/Ns BF [1, 2], C0 [3, 4], C3 [3, 4] and CF [5, 6]; Firmware Versions: 0801 with op-codes (071621 and 070534) [1], (071621 and 071891) [2], (071631 and 070544) [3], (071631 and 071901) [4], (071641 and 070554) [5] or (071641 and 071911) [6]) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/29/2009; 02/05/2010	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #770); Triple-DES MAC (Triple-DES Cert. #770, vendor affirmed); AES (Cert. #978); RNG (Cert. #555); RSA (Cert. #471); SHS (Cert. #949) -Other algorithms: Triple-DES (Triple-DES Cert. #770, key wrapping; key establishment methodology provides 80 bits of encryption strength) Single-chip "This new generation Smart Card programmable module offers a highly secure architecture with state of the art on board cryptographic services that include and even exceed NSA SUITE-B cryptography with Advanced Encryption Standard (AES up to 256); Secure Hash Algorithm (SHA up to 512); Elliptic-Curve Diffie-Hellman (ECDH) and Digital Signature Algorithm (ECDSA up to P-521). The module supports Java Card 2.2.2 and Global Platform 2.1.1.A with Delegated Management, and is available with contact (ISO 7816) and contactless (ISO 14443) communication interfaces."
1247	Good Technology, Inc. 101 Redwood Shores Parkway Suite 400 Redwood City, CA 94065 USA -Sriram Krishnan TEL: 650-486-6000	FIPSCrypto on Windows Mobile (Software Version: 4.7.0.50906) Validated to FIPS 140-2 Security Policy Certificate	Software	12/29/2009; 02/05/2010	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows CE 5.2 -FIPS-approved algorithms: AES (Cert. #1219); Triple-DES (Cert. #879); SHS (Cert. #1122); HMAC (Cert. #712) -Other algorithms: N/A Multi-chip standalone "The FIPSCrypto is a FIPS 140-2 validated software-based cryptographic module that implements Triple-DES, AES, SHA-1, and HMAC-SHA-1."
1246	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484 USA -Douglas Clark TEL: 203-923-3206 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: MAXQ1959B-F50#; Firmware Version: 9.01.00; Indicia Type 0, 1, 2, 5, 7 and 8) (When operated in FIPS mode and configured by Pitney Bowes, Inc.) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/29/2009	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: DSA (Cert. #363); HMAC (Cert. #631); RNG (Cert. #623); SHS (Cert. #1043); Triple-DES (Cert. #817); Triple-DES MAC (Triple-DES Cert. #817, vendor affirmed) -Other algorithms: RNG (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP). It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
1245	Tropos Networks 555 Del Rey Ave. Sunnyvale, CA 94085 USA -Michael Ren TEL: 408-331-6809 FAX: 408-331-6801 -Sreedhar Kamishetti TEL: 408-331-6881 FAX: 408-331-6801	Tropos Wireless IP Mesh Router (Hardware Versions: 5320-2531, 5320-2631, 5320-3030, 5320-3130, 5320-6000, 5320-6060, 6310-3030, 6320-2531, 6320-3030, 7320-2531, 7320-2631, 7320-3030, 7320-3130, 7320-6000 and 7320-6060; Firmware Version: 7.3) (When operating in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/15/2010	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #993, #1082, #1083 and #1085); Triple-DES (Cert. #774); SHS (Certs. #959 and #1017); HMAC (Certs. #559 and #607); RNG (Cert. #562); RSA (Cert. #477) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Blowcrypt; MD5; RC4 Multi-chip standalone "Tropos's single/multi-radio, wireless 802.11 a/b/g/n Wireless IP Mesh routers provide a secure, high-performance, easy to deploy, and cost-effective networking solution for outdoor environments. Tropos routers support IEEE 802.1X and 802.11i with AES encryption and secure EAP types while operating in FIPS 140-2 mode."
1244	Tropos Networks 555 Del Rey Ave. Sunnyvale, CA 94085 USA -Michael Ren TEL: 408-331-6809 FAX: 408-331-6801 -Sreedhar Kamishetti TEL: 408-331-6881 FAX: 408-331-6801	Tropos Wireless IP Mobile Router (Hardware Version: 4210-2100; Firmware Version: 7.3) (When operating in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/15/2010	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #993 and #1082); Triple-DES (Cert. #774); SHS (Cert. #959); HMAC (Cert. #559); RNG (Cert. #562); RSA (Cert. #477) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Blowcrypt; MD5; RC4 Multi-chip standalone "Tropos's single/multi-radio, wireless 802.11 b/g Wireless IP Mobile routers provide a secure, high-performance, easy to deploy, and cost-effective networking solution for outdoor environments. Tropos routers support IEEE 802.1X and 802.11i with AES encryption and secure EAP types while operating in FIPS 140-2 mode."
1243	Secure64 Software Corporation 5600 South Quebec Street Suite 320D Greenwood Village, CO 80111 USA -Christopher Worley TEL: 303-242-5890 FAX: 720-489-0694	Secure64 Cryptographic Module (Firmware Version: 1.2) Validated to FIPS 140-2 Security Policy Certificate	Firmware	12/29/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -Tested: Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx2660; Secure 64 SourceT Micro Operating System running on a HP Integrity Server rx3600 -FIPS-approved algorithms: AES (Certs. #882 and #956); Triple-DES (Cert. #722); RNG (Cert. #507); SHS (Certs. #874 and #936); HMAC (Cert. #580); DSA (Cert. #350); RSA (Certs. #495 and #426) -Other algorithms: N/A Multi-chip standalone "The Secure64 Cryptographic Module is a firmware module designed for use only with systems based on Secure64 SourceT, a limited operational environment running on an Intel Itanium-based server platform. The Secure64 Cryptographic Module provides cryptographic functions that can be used by applications running in this environment. Example applications include DNSSEC signing (secure DNS using digital signatures), certificate management applications, etc. Example functions include key generation, secure key storage, encryption, decryption, hashing, and digital signing."
1242	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94002 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) (Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL and WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions [1, 2, 3, 4]: Supervisor Blade: Cisco IOS Release 12.2(18)SXF11, Cisco IOS Release 12.2.33-SXH5 and Cisco IOS Release 12.2(18)SXF7; WiSM: 5.2.157.0, 5.2.178.5 and 5.2.193.0; Hardware)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/29/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Module (WiSM) provide unparalleled security, mobility, redundancy, centralized control and scalability for large-scale Government and Enterprise wireless LAN networks and supports the IEEE 802.11i wireless security standard in conjunction with meeting the Wi-Fi Alliances interoperability specification WPA2 to enable a Secure Wireless Architecture. The module supports voice, video and data services, location & asset tracking, integrated intrusion detection & intrusion protection and intelligent radio."
1241	Bloombase Technologies Ltd. 22/F, 3 Lockhart Road, Wan Chai Hong Kong, People's Republic of China -Walter Wong TEL: +852-3690-2928 FAX: +852-3690-2128 -Justy Wong TEL: +852-3690-2928 FAX: +852-3690-2128	Bloombase Cryptographic Module (Software Version: 8.0) Validated to FIPS 140-2 Security Policy Certificate	Software	12/29/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Bloombase SpitfireOS 5 (single-user mode), JRE 1.6 -FIPS-approved algorithms: AES (Cert. #1041); HMAC (Cert. #583); RSA (Cert. #496); RNG (Cert. #591); SHS (Cert. #991) -Other algorithms: N/A Multi-chip standalone "Bloombase Cryptographic Module for multi-platforms is a scalable, generic and multipurpose module used by various Bloombase products, performing a broad range of approved cryptographic operations including encryption, key generation, key storage and zeroization, signature generation and verification, hashing, keyed hashing and random number generation, supporting services including cryptography, authentication, PKCS and key management, etc."
1240	Asigra, Inc. 1120 Finch Avenue West Suite 400 Toronto, ON M3J 3H7 Canada -David Farajun TEL: 416-736-8111 ext 100 FAX: 416-736-7120	AsigraEncModule Encryption Library (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	01/12/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 (32-bit) Enterprise Edition, 5.2.3790, Service Pack 2; Microsoft Windows Server 2003 (64-bit), Standard Edition, 5.2.3790, Service Pack 1; RedHat Enterprise Linux 5 (32-bit), Update 6; RedHat Enterprise Linux 5 (64-bit), Update 6; Mac OS X, 10.5 (single user mode) -FIPS-approved algorithms: AES (Cert. #968); SHS (Cert. #938); HMAC (Cert. #541); RNG (Cert. #546) -Other algorithms: N/A Multi-chip standalone "The AsigraEncModule ("Cryptographic Module" or "Module") is a cryptographic library for C++ language users providing hash algorithms, AES symmetric encryption algorithms and random number generation."
1239	Giesecke & Devrient and ActivIdentity Inc. 45925 Horseshoe Drive Dulles, VA 20166 USA -Michael Poitner TEL: 650-312-1241 FAX: 650-312-8129 -Stephane Ardiley TEL: 510-745-6288 FAX: 510-745-0101	Sm@rtCafé Expert 3.2 by Giesecke & Devrient with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV (Hardware Versions: P5CD080 [1] and P5CD144 [2]; Firmware Versions: CPDIxJC_RSEFI-025CD080V402 [1] and CPDYxJC_RSEFI-025CD144V503 [2], Applet Versions [1,2]: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.4, SMA applet package v2.6.2B.3) (PIV Card Application: Cert. #17) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/07/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #745 and #746); DSA (Certs. #277 and #278); RSA (Certs. #350 and #351); RNG (Certs. #433 and #434); SHS (Certs. #760 and #761); Triple-DES (Certs. #662 and #663); Triple-DES MAC (Triple-DES Certs. #662 and #663, vendor affirmed) -Other algorithms: DES; DES MAC; DSA (512-bits and 768-bits, non-compliant) Single-chip "This product combines the Giesecke & Devrient (G&D) Smart Card Chip Operating System Sm@rtCafé Expert(SCE) 3.2 and the ActivIdentity(AI) Applet framework v2.6.2b. SCE 3.2 is a JC2.2.1 & GP2.1.1 compliant dual-interface module supporting, at a minimum 2048-bit RSA, SHA-256 hash and 256-bit AES. AI Applet framework works over dual-interface and supports GSC-IS v2.1 & NIST SP800-73-1(for HSPD-12/PIV). The product supports Secure issuance and post-issuance along with SMA protocol(secure messaging) and One Time Password solution. Combined product is suitable for government and corporate deployments"
1238	Nexus Wireless Artists Cour 15 Manette Street London, W1D 4AP United Kingdom -Paul Richards TEL: +44-207-734-0200 FAX: +44-207-734-0210	Nexus FIPS 140-2 Crypto Module (Hardware Version: 1.0; Firmware Versions: ES0408_RL01_R1_00_000 version 1.00.000 and ES0408_RL02_R1_00_000 version 1.00.000) (When Operated in FIPS Mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/05/2010	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #914); DSA (Cert. #337); SHS (Certs. #901 and #928); HMAC (Cert. #533); RNG (Cert. #524) -Other algorithms: DES; AES MAC (AES Cert. #914, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The Nexus FIPS140-2 Crypto Module is a single-board security module designed to conform to FIPS140-2 standards and primarily intended for use in P25 radio equipment. The module supports both KFD and KMF management implementations, including a dedicated 3-wire KFD interface. It includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSKEK keys in non-volatile memory within the FIPS module, with protection from unauthorized disclosure or modification. The FIPS Module executes encryption and decryption of P25 Phase 1 voice and data."
1237	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839	BlackBerry Cryptographic Library (Software Version: 2.0.0.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/07/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional 2002 with SP3, 32-bit edition (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #819); AES (Cert. #1122); SHS (Cert. #1045); HMAC (Cert. #633); RNG (Cert. #625); ECDSA (Cert. #131) -Other algorithms: Rijndael; EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry½ is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry½ Cryptographic Library is a software module that provides cryptographic services to many BlackBerry½ desktop products such as the BlackBerry½ Enterprise Server, BlackBerry½ Desktop Software, and many other BlackBerry½ products."
1236	Oberthur Technologies 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christophe Goyet TEL: 703-263-0100 FAX: 703-263-0503 -N/A TEL: N/A FAX: N/A	Oberthur ID-One Cosmo V7-n (Hardware Versions: P/Ns B0 [1,2], BA [1,2], C8 [1,2], C4 [1,2], C7 [1,2] and CA [1,2]; Firmware Versions: FC10 with op-codes 069776 [1] or 071962 [2]) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/07/2009; 02/05/2010	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #698); Triple-DES MAC (Triple-DES Cert. #698, vendor affirmed); AES (Cert. #840); RNG (Cert. #480); RSA (Cert. #403); SHS (Cert. #833) -Other algorithms: Triple-DES (Triple-DES Cert. #698, key wrapping; key establishment methodology provides 80 bits of encryption strength) Single-chip "This new generation Smart Card programmable module offers a highly secure architecture with state of the art on board cryptographic services that include and even exceed NSA SUITE-B cryptography with Advanced Encryption Standard (AES up to 256); Secure Hash Algorithm (SHA up to 512); Elliptic-Curve Diffie-Hellman (ECDH) and Digital Signature Algorithm (ECDSA up to P-521). The module supports Java Card 2.2.2 and Global Platform 2.1.1.A with Delegated Management, and is available with contact (ISO 7816) and contactless (ISO 14443) communication interfaces."
1235	Advanced Communications Concepts Inc 8831 N.Capital of Texas Highway Suite 212 Austin, TX 78759 USA -Eric Sweeney TEL: 512-275-6245	TUCrypt Cryptographic Module (Software Version: 2.32.0.0) Validated to FIPS 140-2 Security Policy Certificate	Software	12/07/2009; 01/28/2010	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Pro (32-bit edition), Microsoft Windows Vista (32-bit and 64-bit editions), and Microsoft Windows 7 (32-bit and 64-bit editions) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1057, #1058 and #1102); SHS (Certs. #1003, #1004 and #1025); HMAC (Certs. #595, #596 and #616) -Other algorithms: AES (Certs. #1057, #1058 and #1102, key wrapping) Multi-chip standalone "The TUCrypt Cryptographic Module is a multi-chip standalone software module that executes on a IBM compatable personal computer. The software module is intended to be used by other ACCI software to provide FIPS 140-2 approved cryptographic services."
1234	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-923-3206 FAX: 203-924-3406	Pitney Bowes iButton Postal Security Device (PSD) (Hardware Version: MAXQ1959B-F50#; Firmware Versions: 6.01.02 and 8.01.03; Indicia Type 0, 2 and 5) (When operated in FIPS mode and configured by Pitney Bowes, Inc.) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2009; 01/06/2010	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: DSA (Cert. #353); RNG (Cert. #604); SHS (Cert. #1010); Triple-DES (Cert. #797); Triple-DES MAC (Triple-DES Cert. #797; vendor-affirmed) -Other algorithms: RNG (non-compliant) Multi-chip standalone "The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), and Deutsche Post's FrankIT New Generation Digital Franking program. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
1233	Brocade Communications 1745 Technology Drive San Jose, CA 95110 USA -Greg Farris TEL: 408-333-7315 FAX: 408-333-8101	Brocade 7500 SAN Extension Switch Cryptographic Module (Hardware Version: P/N Brocade 7500 Version H; Firmware Version: Fabric OS v6.0.0) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #731); Triple-DES (Cert. #652); SHS (Cert. #749); HMAC (Cert. #397); RNG (Cert. #426); RSA (Cert. #342) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Brocade 7500 SAN Extension Switch Cryptographic Module provides an enterprise building block for consolidation, data mobility, and business continuity solutions that improve efficiency and cost savings. It combines FCIP extension with Fibre Channel switching and routing to provide local and remote storage and SAN connectivity while isolating SAN fabrics and IP WAN networks."
1232	Brocade Communications 1745 Technology Drive San Jose, CA 95110 USA -Greg Farris TEL: 408-333-7315 FAX: 408-333-8101	Brocade DCX Backbone and 48000 Director (Hardware Version: P/Ns Brocade DCX Version C and Brocade 48000 Version L; Firmware Version: Fabric OS v6.0.0) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/30/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #731); Triple-DES (Cert. #652); SHS (Cert. #749); HMAC (Cert. #397); RNG (Cert. #426); RSA (Cert. #342) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Brocade DCX Backbone consolidates server-to-server, server-to-storage and storage-to-storage traffic into a logical, multiprotocol infrastructure. It is designed to support existing and emerging protocols, including 8Gb Fibre Channel, FICON«, FCIP, IPFC, 10 Gigabit Ethernet, Converged Enhanced Ethernet (CEE), and Fibre Channel over Ethernet (FCoE). The Brocade 48000 Director delivers 4, 8, and 10 Gbit/sec Fibre Channel performance, high availability and multiprotocol connectivity, including Fibre Channel Routing, FCIP, iSCSI, and fabric-based applications."
1231	MeshDynamics, Inc. 2953 Bunker Hill Lane Suite 400 Santa Clara, CA 95054 USA -Francis daCosta TEL: 408-373-7700 FAX: 408-516-8987	MD4000-FIPS Structured Mesh™ Module (Hardware Version: MD4000-FIPS; Firmware Version: 2.5.72) (When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/30/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #728); SHS (Cert. #746); RNG (Cert. #425); HMAC (Cert. #394) -Other algorithms: RC4; MD5; HMAC-MD5; AES (Cert. #728; key wrapping; key establishment methodology provides 128 bits of encryption strength) Multi-chip standalone "Multi-Radio Wireless Mesh Networking Node. Nodes connect to each other forming a "MESH" network. Data from Client devices connected to the mesh node, is routed according to the destination address. Client devices need to authenticate before they can join the network. All data from client is encrypted using AES-CCM using temporal keys generated using WPA2/802.11i standard."
1230	Tropos Networks 555 Del Rey Ave. Sunnyvale, CA 94085 USA -Roman Arutyunov TEL: 408-331-6825 FAX: 408-331-6801 -Sreedhar Kamishetti TEL: 408-331-6881 FAX: 408-331-6801	Tropos Control Element Management System (Software Version: 7.3) (When operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/30/2009	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -Operational Environment: Tested as meeting Level 1 with CentOS 5 (x86) (single-user mode) -FIPS-approved algorithms: AES (Certs. #1084 and #1086); Triple-DES (Certs. #799 and #800); SHS (Certs. #1018 and #1019); HMAC (Certs. #608 and #609); RNG (Certs. #608 and #609); RSA (Certs. #511 and #512) -Other algorithms: Blowcrypt; MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Tropos Control is a comprehensive management system that streamlines the deployment, optimization, maintenance, and control of large-scale wireless networks. Tropos Control uses FIPS 140-2 approved algorithms to provide secured communication to Tropos routers and to its web-based client application."
1229	BitArmor Systems, Inc. Three Gateway Center 401 Liberty Avenue Suite 1900 Pittsburgh, PA 15222 USA -Hugh Docherty	BitArmor Secure Cryptographic Engine (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	11/30/2009; 12/11/2009	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (32-bit); SuSE Linux Enterprise Server 10.0 (32-bit); Windows Server 2003 (32-bit); Windows Server 2008 (64-bit); Windows 7 Enterprise (32-bit) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1101); Triple-DES (Cert. #802); SHS (Cert. #1024); HMAC (Cert. #614); RNG (Cert. #613) -Other algorithms: DES; MD5; HMAC-MD5 Multi-chip standalone "BitArmor DataControl is an advanced software solution that provides disk encryption and device independent file/folder encryption. It provides precise access control for data on the Windows operating system. BitArmor DataControl includes automatic key management that is transparent to users and a central console for management of users and access privileges."
1228	Atos Wordline S.A./N.V. Haachtsesteenweg 1442 ChaussTe de Haecht Brussels, 1130 Belgium -Filip Demaertelaere TEL: +32-2-727-6167 FAX: +32-2-727-6250 -Sam Yala TEL: +32-2-727-6194 FAX: +32-2-727-6250	DEP/PCI v4 (Hardware Versions: PCI card: 033-120010-1.0; Alarm card: 033-120020-2.0; Firmware Versions: Boot firmware: 4.0.l; FPGA firmware: 661442; Alarm firmware: 5.0.m) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/24/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #883); SHS (Cert. #875) -Other algorithms: N/A Multi-chip embedded "The DEP/PCI (a PCI adapter board) is a hardware cryptographic module, also known as a hardware security module (HSM). Its boot software together with its cryptographic coprocessor implements different cryptographic algorithms which are used for secure key entry, secure application loading and secure boot firmware update. The alarm firmware implements the tamper detection and tamper responsive logic."
1227	Kingston Technology, Inc. 17600 Newhope Street Fountain Valley, CA 92708 USA -John Terpening TEL: 714-427-3743 FAX: 714-435-2628	DataTraveler 5000 (DT5000) (Hardware Version: P/N 88007021F, Version 01.00.02; Firmware Version: 03.00.04) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/07/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1015 and #1016); SHS (Certs. #972, #973 and #974); ECDSA (Cert. #122); DRBG (Cert. #10); RNG (Cert. #582); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Kingston's ultra-secure DataTraveler 5000 USB Flash drive protects sensitive data with FIPS 140-2 Level 2 certification and 256-bit AES hardware-based encryption in XEX mode. Secured by Spyrus, DT5000 uses elliptic curve cryptography encryption algorithms (ECC) that meet the Suite B standards approved by the U.S. government. The drive features complex password protection and locks down after 10 intrusion attempts. DT5000 is waterproof (up to 4 feet) and features a rugged, titanium-coated steel casing."
1226	Eastman Kodak Company 343 State Street Rochester, NY 14650 USA -Nancy Telfer TEL: 585-477-8399 FAX: 585-477-8789	Eastman Kodak Company® Secure Module 3000 (Hardware Version: 4F6138 Version A; Firmware Version: 1.0-068) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/24/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1071, #1072 and #1076); HMAC (Certs. #603 and #604); RNG (Cert. #606); RSA (Cert. #508); SHS (Certs. #1012 and #1013) -Other algorithms: HMAC-MD5; MD5; RSA (key wrapping; key establishment methodology provides 112-bits of encryption strength) Multi-chip embedded "The Kodak Secure Module 3000 is a fully DCI compliant cryptographic module that is the core of the Kodak Digital Cinema content playback system. The Secure Module converts the packaged, compressed and encrypted data into raw image, sound, subtitles and auxiliary data used in exhibition. It performs security functions such as media decryption, link encryption, forensic watermarking, and key management."
1225	SafeNet, Inc. 20 Colonnade Road Ottawa, K2E 7M6 Canada -Iain Holness TEL: 613-221-5049 FAX: 613-723-5079	SafeEnterpriseTM Encryptor, Model 650 (Hardware Version: 904-23160-007; Firmware Version: 3.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/24/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #268); AES (Certs. #391 and #240); RSA (Cert. #15); SHS (Certs. #251 and #319); HMAC (Cert. #48); RNG (Certs. #18 and #76) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SafeEnterpriseTM SONET Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network."
1224	BeCrypt Limited 130 Shaftesbury Avenue London, W1D 5EU United Kingdom -Dr. Pali Surhar, Certification Manager TEL: +44 (0)845 838 2050 FAX: +44 (0)845 838 2060	BeCrypt Cryptographic Library (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	11/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional 32-bit with SP3; Windows XP Professional 64-bit with SP2; Linux Ubuntu 8.10; MAC OS X (single-user mode) -FIPS-approved algorithms: AES (Certs. #1087 and #1088); SHS (Certs. #1020 and #1021); RNG (Cert. #610); RSA (Cert. #513); HMAC (Certs. #610 and #611) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; Triple-DES (non-compliant); RC2 Multi-chip standalone "The BeCrypt Cryptographic Library provides core cryptographic functionality for BeCrypt's Enterprise security products including a range of market leading disk encryption, media encryption and data protection products. The cryptographic library provides a capability to develop complex and flexible security applications that require cryptographic functionality in both pre-OS and 32 bit/64 bit operating environments."
1223	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085-4121 USA -John L. Sellers, Director of Federal Markets TEL: 703-338-4994	ProxySG 510 and ProxySG 810 (Hardware Versions: 100-02639, 106-02838, 106-02868, 100-02641, 106-02834 and 106-02884; Firmware Version: 5.3.1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/17/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #859); Triple-DES (Cert. #706); RSA (Cert. #413); DSA (Cert. #310); SHS (Cert. #854); HMAC (Cert. #476); RNG (Cert. #491) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet), and to provide acceleration and compression of transmitted data. The ProxySG is one of several appliance lines manufactured by Blue Coat"
1222	Blue Coat Systems, Inc. 420 N. Mary Avenue Sunnyvale, CA 94085-4121 USA -John L. Sellers, Director of Federal Markets TEL: 703-338-4994	ProxySG 8100 (Hardware Versions: 100-02644, 106-02835 and 106-02883; Firmware Version: 5.3.1.9) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/17/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #859); Triple-DES (Cert. #706); RSA (Cert. #413); DSA (Cert. #310); SHS (Cert. #854); HMAC (Cert. #476); RNG (Cert. #491) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 and 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 and 112 bits of encryption strength) Multi-chip standalone "The foundation of Blue Coat's application delivery infrastructure, Blue Coat ProxySG appliances establish points of control that accelerate and secure business applications for users across the distributed organization. Blue Coat appliances serve as an Internet proxy and wide area network (WAN) optimizer. The purpose of the appliances is to provide a layer of security between an Internal and External Network (typically an office network and the Internet), and to provide acceleration and compression of transmitted data. The ProxySG is one of several appliance lines manufactured by Blue Coat"
1221	Bull SAS Rue Jean Jaurès B.P.68 Les Clayes sous Bois, 78340 France -Jean-Luc CHARDON TEL: +33 1 30 80 79 14 FAX: +33 1 30 80 78 87 -Pierre-Jean AUBOURG TEL: +33 1 30 80 77 02 FAX: +33 1 30 80 78 87	CHR Cryptographic Module (Hardware Version: 003/A; Firmware Version: V1.02-00L) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/17/2009	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: RSA (Cert. #438); SHS (Cert. #893) -Other algorithms: N/A Multi-chip standalone "The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR."
1220	SkyRecon Systems 8 rue La Fayette Paris, 75009 France -Patrick Prajs TEL: +33 (0)1 73 54 02 60 -Jean-Baptiste LERNOUT TEL: 33 (0)1.73.54.02.72	SkyRecon Cryptographic Module (SCM) (Software Version: 1.04) Validated to FIPS 140-2 Security Policy Certificate	Software	12/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional with SP3 (single-user mode) -FIPS-approved algorithms: AES (Cert. #931); SHS (Cert. #914); RNG (Cert. #532); HMAC (Cert. #613) -Other algorithms: N/A Multi-chip standalone "SkyRecon Cryptographic Module (SCM) is a software-based dynamically linked cryptographic library containing several validated cryptographic algorithms. Software developers can link the SkyRecon Cryptographic Module (SCM) into their applications to provide FIPS 140-2 compliant cryptographic support."
1219	Check Point Software Technologies Ltd. 12007 Sunrise Valley Dr. Suite 130 Reston, VA 20191 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972 3-7534561	VPN-1 (Firmware Version: NGX R65 with hot fix HFA 30) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Firmware	10/27/2009; 11/20/2009	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -Tested: Dell PowerEdge 1750 and Power-1 5070 with Check Point SecurePlatform Operating System, version NGX R65 HFA 30 -FIPS-approved algorithms: Triple-DES (Certs. #338, #733, #824 and #825); AES (Certs. #257 and #1130); SHS (Certs. #332, #890, #1053 and #1054); HMAC (Certs. #67, #502, #642 and #643); RSA (Certs. #66, #132 and #537); RNG (Certs. #90 and #628) -Other algorithms: CAST 40 bit; CAST 128 bit; DES (Cert. #314); MD5; HMAC-MD5; Diffie-Hellman (key agreement, key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping, key establishment methodology provides between 80 bits and 150 bits of encryption strength) Multi-chip standalone "Check Point's VPN-1 version NGX (R65) with hot fix HFA 30 is a tightly integrated software solution combining the FireWall-1 (FW-1) security suite with sophisticated Virtual Private Network (VPN) technologies and a hardened Secure Platform operating system (OS). The cornerstone of Check Point's Secure Virtual Network (SVN) architecture, VPN-1 meets the demanding requirements of Internet, intranet, and extranet VPNs by providing secure connectivity to corporate networks, remote and mobile users, branch offices, and business partners."
1218	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Harinder Sood TEL: 301-944-1325 FAX: 301-670-6989	3e-636S-1 Accelerated Crypto Module (Hardware Version: 1.0(A); Firmware Version: 4.3.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1022 and #1023); Triple-DES (Certs. #783 and #784); SHS (Certs. #976 and #977); HMAC (Certs. #571 and #572); RNG (Cert. #583); RSA (Cert. #490) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); MD5 Multi-chip embedded "3eTI's 3e-636S-1 Accelerated Crypto Module provides AES and Triple-DES data encryption, SHS secure hashing, and HMAC keyed hashing at very high levels of sustained bandwidth. The 3e-636S-1 leverages built-in hardware-based cryptography to greatly accelerate device performance. The 3e-636S-1 is a robust, stand-alone inline encryptor which can straightforwardly be inserted into a network where FIPS 140-2 Validation is required. The 3e-636S-1 helps customers meet Federal Cryptography requirements at extremely high levels of performance, where traditional software-based algorithm implementation"
1217	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-546-4744	Cygnus X3 PSD Cryptographic Module (Hardware Version: P/N 1R84000 Version A; Software Version: 01.05.05; Firmware Version: 01.00.06) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2009	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: DSA (Cert. #234); SHS (Cert. #650); AES (Cert. #600); RNG (Cert. #592); HMAC (Cert. #311) -Other algorithms: N/A Single-chip "The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1216	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Peter Hayman TEL: 919-462-1900 x273 FAX: (919) 462-1933	SafeEnterprise™ Encryptor, Model 600 (Hardware Versions: 904-10001-00x, 904-10002-00x, 904-10003-00x, 904-10014-00x, 904-10112-00x, 904-10113-00x, 904-20001-00x, 904-20002-00x, 904-20003-00x, 904-25005-00x, 904-30013-00x, 904-511i0-00x and 943-511i0-00x; Firmware Version: 3.4.0.1) (Note: Refer to the cryptographic module’s security policy for the details on the letter i and x designations) Security Policy Certificate	Hardware	10/22/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #647); AES (Certs. #711, #713 and #725); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DSA (non-compliant) Multi-chip standalone "The SafeEnterprise™ Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks."
1215	SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA -Tom Dickens TEL: 408-392-9131 FAX: 408-392-0319	Hydra PC Locksmith (Hardware Version: P/N 88007021F, Version 01.00.02; Firmware Version: 03.00.04) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/22/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #1015 and #1016); SHS (Certs. #972, #973 and #974); ECDSA (Cert. #122); DRBG (Cert. #10); RNG (Cert. #582); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength) -Other algorithms: EC-Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Hydra Privacy Card (Hydra PC) Locksmith device provides hardware-based, sector by sector full disk encryption providing the protective military strength of the U. S. Government's Suite B algorithm standards, including AES, ECDSA, SHA-2, and EC-DH. The USB encryption device comes with an easy to use, user-friendly interface that operatates on the Microsoft Windows operating systems without installing any drivers."
1214	Juniper Networks, Inc. One Rogers St. Sixth Floor Cambridge, MA 02142 USA -Robert Smith TEL: 617-949-4067 FAX: 617-547-1031	Odyssey Security Component Portable (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	10/19/2009	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single-user mode) -FIPS-approved algorithms: AES (Certs. #785 and #786); Triple-DES (Cert. #680); SHS (Cert. #788); HMAC (Cert. #431); DSA (Cert. #294); RSA (Cert. #374); RNG (Cert. #452) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / Portable is a C language version that can be compiled without modification for a variety of operating systems."
1213	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94002 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco 4402 and 4404 Wireless LAN Controllers (Hardware Versions: [4402, Revision Number A0 and 4404, Revision Number A0]; Opacity Baffle Version 1.0; Firmware Versions: 5.2.157.0, 5.2.178.5 or 5.2.193.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009; 11/20/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 4400 Series Wireless LAN Controllers provide centralized control and scalability for medium to large-scale Government and Enterprise wireless LAN networks and support the IEEE 802.11i wireless security standard while meeting the Wi-Fi Alliances interoperability specification WPA2 for Secure Wireless Architecture. The Cisco WLAN Controllers support voice, video and data services, intrusion detection, intrusion protection and intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the Department of Defense (DoD)."
1212	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101	Voice Processing Module Cryptographic Module (VPMCM) (Hardware Version: VPMCRYPTO_B; Firmware Versions: R01.01.03 and R01.00.00 (AES Cert. #819)) (When operated with AES Cert. #819) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009	Overall Level: 1  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 2 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The Motorola Voice Processing Module Cryptographic Module provides cryptographic services to the Voice Processing Module in which it is embedded. The Voice Processing Module provides dispatch console audio routing between a dispatch operator (e.g., 911 dispatcher), peripherals, and a local network."
1211	Motorola, Inc. 1 Motorola Plaza Holtsville, NY 11742 USA -Steven Chew TEL: 631-738-3507 FAX: 631-738-4164 -Bert Scaramozzino TEL: 631-738-3215 FAX: 631-738-4164	Motorola Wireless Fusion on Windows CE Cryptographic Module (Hardware Version: CX 55222; Software Version: 3.00.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hybrid	11/18/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows CE 6.0 -FIPS-approved algorithms: AES (Certs. #1035 and #1037); SHS (Cert. #988); HMAC (Cert. #581) -Other algorithms: RC4; TKIP Multi-chip standalone "Motorola Wireless Fusion Cryptographic Module is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
1210	Motorola, Inc. 1 Motorola Plaza Holtsville, NY 11742 USA -Steven Chew TEL: 631-738-3507 FAX: 631-738-4164 -Bert Scaramozzino TEL: 631-738-3215 FAX: 631-738-4164	Motorola Wireless Fusion on Windows Mobile Cryptographic Module (Hardware Version: CX 55222; Software Version: 3.00.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hybrid	11/18/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Mobile 6.1 -FIPS-approved algorithms: AES (Certs. #1036 and #1038); SHS (Cert. #989); HMAC (Cert. #582) -Other algorithms: RC4; TKIP Multi-chip standalone "Motorola Wireless Fusion Cryptographic Module is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
1209	SafeNet, Inc. 4690 Millennium Drive Belcamp, MD 21017 USA -Peter Hayman TEL: 919-462-1900 x273 FAX: 919-462-1933	SafeEnterprise™ Encryptor, Model 650 (Hardware Versions: 904-53260-007 and 943-53270-007; Firmware Version: 3.4.0.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #647); AES (Certs. #710, #725 and #964); RSA (Cert. #340); SHS (Cert. #743); HMAC (Cert. #391); RNG (Cert. #422) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DSA (non-compliant) Multi-chip standalone "The SafeEnterprise™ Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
1208	ARX (Algorithmic Research) 10 Nevatim Street Kiryat Matalon, Petach Tikva 49561 Israel -Ezer Farhi TEL: 972-3-9279529	CoSign (Hardware Version: 4.0; Firmware Version: 4.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #498 and #523); Triple-DES MAC (Triple-DES Cert. #498, vendor affirmed); SHS (Certs. #554 and #586); HMAC (Cert. #241); RNG (Cert. #265); RSA (Cert. #227) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data."
1207	Juniper Networks, Inc. One Rogers St. Sixth Floor Cambridge, MA 02142 USA -Robert Smith TEL: 617-949-4067 FAX: 617-547-1031	Odyssey Security Component User Mode and Odyssey Security Component Kernel Mode (Software Versions: Version 2.0 (Odyssey Security Component User Mode) and Version 2.0 (Odyssey Security Component Kernel Mode)) Validated to FIPS 140-2 Security Policy Certificate	Software	10/19/2009	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2; Microsoft Windows 2000 SP3 (single-user mode) -FIPS-approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / User Mode is a user mode binary module for the Windows operating system. OSC / Kernel Mode is a kernel-mode binary module for the Windows operating system."
1206	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94002 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Catalyst 3750G Integrated Wireless LAN Controller (Hardware Versions: P/N WS-C3750G, Version 02 and P/N 69-1707-01 (FIPS Kit); Firmware Versions: 5.2.157.0, 5.2.178.5 and 5.2.193.0) (When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009; 11/20/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #959, #960 and #1211); HMAC (Certs. #535, #536 and #706); RNG (Cert. #542); RSA (Certs. #463, #464 and #583); SHS (Certs. #931, #932 and #1115); Triple-DES (Cert. #756) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); AES (Cert. #960, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM Multi-chip standalone "The Cisco 3750G Wireless LAN Controller provides centralized control and scalability for medium to large-scale wireless LAN networks and supports IEEE 802.11i wireless security and is Wi-Fi certified for WPA2. Cisco WLAN Controllers support voice, video, data services, intrusion protection (including Management Frame Protection (MFP), intelligent radio resource management and comply with the wireless security policies issued by the U.S. Federal Government and the U.S. Department of Defense (DoD)."
1205	Lexar Media, Inc. 47300 Bayside Parkway Fremont, CA 94538 USA -Mehdi Asnaashari TEL: 510-413-1200 FAX: 510-440-3499	JumpDrive SAFE S3000 (Hardware Versions: P/Ns LAD2GBCENAG600 [1,2], LAD4GBCENAG600 [1,2], LAD8GBCENAG600 [1,2] and LAD16GCENAG600 [1,2], Versions FC4410-EF-AB [1] and FC4410-EF-AC [2]; Firmware Version: 1511) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/19/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #877 and #990); HMAC (Cert. #491); RNG (Cert. #503); RSA (Cert. #424); SHS (Certs. #869 and #957); Triple-DES (Cert. #719) -Other algorithms: AES (Cert. #877, key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "Lexar Media introduces JumpDrive SAFE S3000, the world's first FIPS 140-2 Level 3 approved secure USB flash drive. The advanced flash drive combines an onboard cryptographic controller that encrypts all data stored on the secure partition by approved hardware-based AES 256bit, a smartcard chip that provides key management through proven technology, and a ruggedized tamper resistant housing to create a complete portable secure storage solution for all users looking to protect their data. For more information please visit http://www.lexar.com."
1204	Midland Radio Corporation 5900 Parretta Drive Kansas City, MO 64120 USA -David Berneking TEL: 816-462-0421	Midland Radio Base Station Cryptographic Module (Hardware Versions: 91-1060A, 91-1060B, 91-1110A, 91-1110B, 91-4050A, 91-4050B, 91-4100A, 91-4100B, 91-4100C, 91-4100D, 91-7100B and 91-8100B; Firmware Version: FIPS_ver010b) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #485); SHS (Cert. #945); HMAC (Cert. #548); DRBG (Cert. #7) -Other algorithms: DES Multi-chip standalone "The Midland BTIII Base Stations provide Project 25 encrypted and clear voice, data and Short Message Service communications in accordance with the Project 25 Digital Land Mobile Radio standards suite. In addition, conventional analog radio voice communications are supported. It is multi-chip standalone cryptographic module validated at a FIPS 140-2 Security Level 1."
1203	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect (Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500, nC4033E-030, nC4033E-6K0N, nC4033E-1K5N and nC4033E-500N, Build Standard N; Firmware Version: 2.38.4-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009; 12/08/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, nShield 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1202	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 500 and nShield F2 10 PCI (Hardware Versions: nC3023P-500, nC3023P-10, Build Standard N; Firmware Version: 2.38.4-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #994 an #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nShield modules: nShield F2 500 & nShield F2 10 PCI family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1201	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 4000, nShield F2 2000 and nShield F2 500 (Hardware Versions: nC3023P-4K0, nC3023P-2K0, and nC3123P-500, Build Standard N; Firmware Version: 2.38.4-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nShield modules: nShield F2 4000, nShield F2 2000, and nShield F2 500 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1200	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI (Hardware Versions: nC4033P-500, nC4033P-500N and nC4033P-10; Build Standard N; Firmware Version: 2.38.4-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #994 and #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nShield modules: nShield F3 500, F3 500 for NetHSM, & nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1199	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 4000, nShield F3 2000, nShield F3 2000 for NetHSM, nShield F3 500 and nShield F3 500 for NetHSM (Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Version: 2.38.4-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 + EFP/EFT -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; and HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1198	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 500, nShield F3 500 for NetHSM and nShield F3 10 PCI (Hardware Versions: nC4033P-500, nC4033P-500N, and nC4033P-10, Build Standard N; Firmware Version: 2.38.4-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #994 and #962); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #757); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nCipher modules: nShield F3 500, Shield F3 500 for NetHSM, and nShield 10 family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1197	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect (Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500, nC4033E-030, nC4033E-6K0N, nC4033E-1K5N and nC4033E-500N, Build Standard N; Firmware Version: 2.38.4-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009; 12/08/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, nShield 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1196	Thales - nCipher 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e (Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3032E-030, Build Standard N; Firmware Version: 2.38.4-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #994 and #397); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #435); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1195	Thales - nCipher 92 Montvale Ave. Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 4000, nShield F3 2000, nShield F3 2000 for NetHSM, nShield F3 500 and nShield F3 500 for NetHSM (Hardware Versions: nC4033P-4K0, nC4033P-2K0, nC4033P-2K0N, nC4133P-500 and nC4133P-500N, Build Standard N; Firmware Version: 2.38.4-3) (When operated in FIPS mode and initialized to Overall Level 3 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/06/2009	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: AES (Cert. #994); AES GCM (Cert. #994, vendor affirmed); Triple-DES (Certs. #775 and #132); Triple-DES MAC (Cert. #775, vendor affirmed); DSA (Cert. #341); ECDSA (Cert. #121); SHS (Cert. #960); HMAC (Cert. #560); RSA (Cert. #478); RNG (Cert. #564) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; AES (Cert. #994, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); NDRNG; DSA (FIPS 186-3, non-compliant); ECDSA (FIPS 186-3, non-compliant) Multi-chip embedded "The nShield modules: nCipher 4000, nShield 2000, nShield 2000 for NetHSM, nShield 500, and nShield 500 for NetHSM family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1194	Juniper Networks, Inc. One Rogers St. Sixth Floor Cambridge, MA 02142 USA -Robert Smith TEL: 617-949-4067 FAX: 617-547-1031	Juniper Network Connect Cryptographic Module (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	10/06/2009	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP Professional SP2 running on a Dell Optiplex GX270; Microsoft Windows 2000 Professional SP3 running on a Dell Optiplex GX400 -FIPS-approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Juniper Network Connect Cryptographic Module (JNCCM) is a general purpose cryptographic library. The JNCCM is a user mode binary module for the Windows operating system."
1193	Neopost Technologies 113 Rue Jean Marin Naudin Bagneux, 92220 France -Nathalie Tortellier TEL: 33 1 45 36 30 00 FAX: 33 1 45 36 30 10	PSD Model C22 (Hardware Version: P/N 4129955LD; Firmware Version: P/N 4145980DA Version 22.12) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/06/2009	Overall Level: 3  -Physical Security: Level 3 + EFP/EFT -FIPS-approved algorithms: AES (Cert. #563); SHS (Cert. #629); RNG (Cert. #328); RSA (Cert. #260); HMAC (Cert. #300); ECDSA (Cert. #62) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength) Multi-chip embedded "Neopost Canadian PSD (Postal Secure Device) for Low to High Range Franking machines."
1192	Sony Corporation 1-7-1 Konan Minato-ku, Tokyo 108-0075 Japan -Hirotaka Kondo TEL: +81-46-202-8074 FAX: +81-46-202-6304	Sony Security Module (Hardware Version: 1.0.0; Firmware Version: 1.0.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/06/2009; 01/06/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 - -FIPS-approved algorithms: AES (Certs. #901 and #902); RNG (Cert. #517); RSA (Cert. #437); SHS (Cert. #882) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip embedded "The Sony Security Module (SSM) is a multi-chip embedded cryptographic module that is encapsulated in a hard opaque commercial grade metal case. The cryptographic boundary is defined as the entire metal case perimeter, including all hardware, software, and firmware encapsulated within. The interfaces are all traces that cross the crypto graphic boundary. The primary purpose of the SSM is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
1191	SanDisk Corporation 601 McCarthy Boulevard Milpitas, CA 95035 USA -Rotem Sela TEL: +972-4-9078811 FAX: +972-4-9078777	TrustedFlash v1.0 - microSD (Hardware Versions: HermonS2TM 256MB, HermonS2TM 512MB, HermonS2TM 1GB and HermonS2TM 2GB; Firmware Version: v1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2009; 11/20/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #643); RNG (Cert. #366); RSA (Cert. #294); SHS (Cert. #678); Triple-DES (Cert. #595) -Other algorithms: AES MAC (AES Cert. #643; non-compliant); DES; RNG; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip embedded "TrustedFlash(TM) v1.0 - microSD is SanDisk's proprietary TrustedFlash v1.0 security technology implemented on the microSD form factor which provides a platform for the implementation of an advance security technology that complies with FIPS 140-2 level 3 requirements. TrustedFlash provides authentication and data encryption that can be used with secured applications including e-commerce, protected digital content distribution and enabling users to play protected content, services and applications on authorized TrustedFlash-enabled devices, such as mobile phones, portable media players, etc."
1190	Raytheon Oakley Systems, Inc. 2755 E. Cottonwood Parkway Suite 600 Salt Lake City, UT 84121 USA -Mindy Gilbert TEL: 801-733-1443 FAX: 801-944-5800 -Morgan Greenwood TEL: 801-733-1433 FAX: 801-844-5800	FIPS Linux Cryptographic Module (Software Version: 1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	09/21/2009	Overall Level: 1  -Operational Environment: Red Hat Enterprise Linux v4 (single-user mode) -FIPS-approved algorithms: AES (Cert. #943); HMAC (Cert. #524); SHS (Cert. #919) -Other algorithms: N/A Multi-chip standalone "The Raytheon Oakley Systems FIPS Linux Cryptographic Module is a software module providing cryptographic functionality for the Raytheon Oakley Systems InnerView insider threat product. InnerView is an enterprise monitoring, threat detection, and policy enforcement solution."
1189	Juniper Networks, Inc. One Rogers St. Sixth Floor Cambridge, MA 02142 USA -Robert Smith TEL: 617-949-4067 FAX: 617-547-1031	Odyssey Security Component (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	10/28/2009	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Microsoft Windows XP Professional SP2 running on a Dell Optiplex GX270; Microsoft Windows 2000 Professional SP3 running on a Dell Optiplex GX400 -FIPS-approved algorithms: AES (Certs. #783 and #784); Triple-DES (Cert. #679); SHS (Cert. #787); HMAC (Cert. #430); DSA (Cert. #293); RSA (Cert. #373); RNG (Cert. #451) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC / User Mode is a user mode binary module for the Windows operating system."
1188	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 94002 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252 and AP1522 Wireless LAN Access Points (Hardware Versions: AP1131 Revision S0, AP1142 Revision A0, AP1242 Revision P0, AP1252 Revision F0 and AP1522 Outdoor Mesh Revision L0; Firmware Versions: 5.2.157.0, 5.2.178.5 and 5.2.193.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/20/2009; 11/20/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #1005, #1006, #1007, #1008 and #1009); HMAC (Certs. #564, #565 and #566); RNG (Certs. #567, #568 and #569); RSA (Certs. #482, #483 and #484); SHS (Certs. #965, #966 and #967) -Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength); RC4; MD5; HMAC MD5 Multi-chip standalone "The Cisco Aironet Lightweight 1142, 1131, 1252, 1242, 1522 access points deliver the versatility, high capacity and enterprise class security required for small, medium and large Government indoor and outdoor wireless deployments. In FIPS 140-2 mode of operation, the Cisco APs support the LWAPP, MFP, IEEE 802.11i & IEEE 802.1x standards & AES for WPA2 encryption. WPA2 is the Wi-Fi Alliance certification for interoperable, standards-based WLAN security."
1187	Thales e-Security 2200 North Commerce Parkway Suite 200 Weston, Florida 33326 USA -Juan Asenjo TEL: 954-888-6202 FAX: 954-888-6211	Datacryptor® Gig Ethernet v1.0 and v1.1 (Hardware Version: 1600X409 v1.00; Firmware Versions: v1.0 and v1.1) Security Policy Certificate Vendor Product Link	Hardware	09/21/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #454); DSA (Cert. #184); SHS (Cert. #517); RNG (Cert. #239) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Datacryptor® Gig Ethernet v1.0 and v1.1 are multi-chip standalone cryptographic modules. They secure communications using signed Diffie-Hellman key exchange and AES-256 encryption over Gigabit Ethernet networks. They provide data encryption over 1000baseX (802.3z) with supported media types of 1000BaseSX (short-haul fiber), 1000BaseLX (long-haul fiber) or 1000BaseCX (single twisted-pair copper). The units also provide integrated secure unit management capability employing the same techniques used for traffic encryption."
1186	Midland Radio Corporation 5900 Parretta Drive Kansas City, MO 64120 USA -David Kingsolver TEL: 816-462-0421	Syn-Tech III P25 Radio Series (Hardware Versions: STP105B, STP404A, STP404B, STM1050B, STM1055B, STM1115B, STM4040A, STM4045A, STM4040B, STM4045B, STM4085A, STM4085B, SDT1090, SDT4080A and SDT4080B; Firmware Versions: Control Micro-Processor Boot Firmware Version: 1.00 Build:1080, Control Micro-Processor Firmware Version: MDV 1.01 Build:3320, Digital Signal Processor(DSP) Firmware Version: SPV 1.03 Build:0556;) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #645); SHS (Cert. #916); HMAC (Cert. #521); DRBG (Cert. #5) -Other algorithms: DES Multi-chip standalone "The Midland Syn-Tech III P25 radios provide Project 25 encrypted and clear voice, data and Short Message Service communications in accordance with the Project 25 Digital Land Mobile Radio standards suite. In addition, conventional analog radio voice communications are supported. It is a multi-chip standalone cryptographic module consisting of production grade components in accordance to FIPS 140-2 security level 1."
1185	RELM Wireless Corporation 7100 Technology Drive West Melbourne, FL 32904 USA -Jim Holthaus TEL: 402-896-6406 FAX: 785-856-1302	FIPSCOM Cryptographic Module (Hardware Versions: P/N 7011-30967-000, Versions 071609 [1] and 071709 [2]; Firmware Versions: 0722-05072-000 [1] and 0722-05072-001 [2] (bootcodes) and 0722-05073-004 [1,2] (application)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/21/2009; 10/16/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #899); RSA (Cert. #139); SHS (Cert. #462) -Other algorithms: DES; AES (AES Cert. #899, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip embedded "The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
1184	Fortinet, Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-5050 and FortiGate-5140 (Hardware Versions: FortiGate-5050 (build C4QP38); FortiGate-5140 (build C4GL51); FortiGate-5001SX (build P4CF76); FortiGate-5001FA2 (build C5FA26); Firmware Version: FortiOS 3.0, build8931, 081110) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	09/21/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #490, #742 and #743); RNG (Cert. #530); AES (Certs. #476, #925 and #926); SHS (Certs. #544, #909 and #910); RSA (Cert. #449); HMAC (Certs. #233, #516 and #517) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1183		Validated to FIPS 140-2 Security Policy Certificate	Software	08/31/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1182	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Suresh Subramanian TEL: 408-346-5682 FAX: 408-346-3463	Network Security Platform Sensor M-6050 and M-8000 (M-8000 P and M-8000 S) (Hardware Versions: P/Ns M-6050 (IAP-M65K-ISA, IFO-M65K-ISA, IIP-M65K-ISA) V1.4 and M-8000 (IAP-M80K-ISA, IFO-M80K-ISA, IIP-M80K-ISA) V1.4; Firmware Version: 4.1.11.26) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #486); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Blowfish; DES; MD5; TACACS Multi-chip standalone "Network Security Platform products (formerly known as IntruShield) are IPS & IDS systems that protect network infrastructures & endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, & encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments & permits the customer to receive real-time network status updates & alerts, implement customized security policies & incident response plans, & perform forensic analysis of attacks."
1181	Motorola, Inc. 1301 East Algonquin Road Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101	Astro Subscriber Motorola Advanced Crypto Engine (MACE) (Hardware Version: P/N 5185912Y01; Firmware Version: R01.00.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #819); SHS (Cert. #817); RSA (Cert. #396); RNG (Cert. #471) -Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); DES; DES-XL; DVP-XL; ADP; LFSR Single-chip "The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
1180	Security First Corp. 22362 Gilberto #130 Rancho Santa Margarita, CA 92688 USA -Rick Orsini TEL: 949-858-7525 FAX: 949-858-7092	SecureParser® (Hardware Version: P/N AC2020-S, Version 1.0; Software Version: 4.7.0; Firmware Version: 1.0) (When operated in FIPS mode) Security Policy Certificate	Hybrid	08/31/2009	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Ubuntu 8; Windows 2003 (single-user mode) -FIPS-approved algorithms: AES (Certs. #1017, #1027 and #1028); RNG (Cert. #584); RSA (Cert. #491); DSA (Cert. #346); SHS (Certs. #980 and #981); HMAC (Certs. #575 and #576); ECDSA (Cert. #123) -Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1027, key wrapping; key establishment methodology provides 128, 192, or 256 bits of encryption strength) Multi-chip standalone "The SecureParser® is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
1179	SPYRUS, Inc. 1860 Hartog Drive San Jose, CA 95131-2203 USA -Tom Dickens TEL: 408-392-4324 FAX: 408-392-0319	Hydra PC Personal Edition FIPS Module (Hardware Versions: P/Ns 880070103F [1], 880070104F [2] and 880070105F [3], Versions 01.00.01 [1,2] and 01.00.02 [3]; Firmware Versions: 01.02.12 [1] and 01.02.13 [2,3]) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/31/2009; 10/30/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #846, #850 and #858); SHS (Certs. #837 and #852); RNG (Cert. #486); DRBG (Cert. #3); ECDSA (Certs. #96 and #97) -Other algorithms: EC-Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #846, key wrapping) Multi-chip standalone "The Hydra PC Personal Edition FIPS Module is a multifunctional security device providing the U. S. Government's Suite B standard algorithms, including AES, ECC, and SHA-2. The Hydra PC Personal Edition FIPS Module stores encrypted files on a replaceable miniSD/miniSDHC memory card for almost unlimited storage capacity. An exclusive authentication feature can limit the use of a Hydra PC Personal Edition FIPS Module to a specifically designated enclave, preventing all external use even if the user knows the logon PIN. Comes with Microsoft Windows file interface."
1178	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® CA4 (Hardware Version: LTK-02-0501; Firmware Version: 4.6.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #933); DSA (Cert. #331); ECDSA (Cert. #116); HMAC (Cert. #522); RNG (Cert. #534); RSA (Cert. #452); SHS (Cert. #917); Triple-DES (Cert. #747); Triple-DES MAC (Triple-DES Cert. #747, vendor affirmed) -Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; AES-MAC, DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Luna CA4 cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services."
1177	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCM (Hardware Version: LTK-02-0501; Firmware Version: 4.6.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #933); DSA (Cert. #331); ECDSA (Cert. #116); HMAC (Cert. #522); RNG (Cert. #534); RSA (Cert. #452); SHS (Cert. #917); Triple-DES (Cert. #747); Triple-DES MAC (Triple-DES Cert. #747, vendor affirmed) -Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; AES-MAC, DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Luna PCM cryptographic module is a multi-chip standalone hardware cryptographic module in the form of a PCMCIA card that typically resides within a custom computing or secure communications appliance. It is contained in its own secure enclosure that provides physical resistance to tampering. The module provides secure key generation and storage for symmetric keys and asymmetric key pairs along with symmetric and asymmetric cryptographic services. Access to key material and cryptographic services for users and user application software is provided indirectly through the host appliance."
1176	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.6.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #510 and #934); DSA (Cert. #332); ECDSA (Cert. #117); HMAC (Cert. #523); RNG (Cert. #535); RSA (Cert. #453); SHS (Cert. #918); Triple-DES (Certs. #520 and #748); Triple-DES MAC (Triple-DES Certs. #520 and #748, vendor affirmed) -Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1175		Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/13/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
1174	Hewlett-Packard Company, Atalla Security Products 19091 Pruneridge Ave. MS 4441 Cupertino, CA 95014 USA -Jane Blanchard TEL: 408-447-2168 FAX: 408-447-5525	Atalla Cryptographic Subsystem (ACS) (Hardware Version: P/N 545517-002; Firmware Version: Loader Version 1.02, PSMCU Version 7.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 4  -FIPS-approved algorithms: AES (Cert. #406); RNG (Cert. #200); RSA (Cert. #531); SHS (Cert. #473) -Other algorithms: N/A Multi-chip embedded "The Atalla Cryptographic Subsystem (ACS) is a multiple-chip embedded cryptographic module that provides secure cryptographic processing. The ACS features secure key management and storage capabilities, and also provides high performance AES processing."
1173	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200	SSG 520M and SSG 550M (Hardware Versions: P/Ns SSG-520M (SSG 520M) and SSG-550M (SSG 550M); Firmware Version: ScreenOS 6.2.0r3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 01/28/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #712); AES (Cert. #867); DSA (Cert. #315); RNG (Cert. #497); RSA (Cert. #418); SHS (Cert. #861); HMAC (Cert. #483); ECDSA (Cert. #104) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The SSG 500 Series consists of high-performance security platforms for regional branch office and medium-sized, standalone businesses that want to stop internal and external attacks, prevent unauthorized access and achieve regulatory compliance. The SSG 550/SSG 550M provides 1+ Gbps of stateful firewall performance and 500 Mbps of IPSec VPN performance, while the SSG 520/SSG 520M provides 650 Mbps of stateful firewall performance and 300 Mbps of IPSec VPN performance."
1172	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200	SSG 320M and SSG 350M (Hardware Versions: P/Ns SSG-320M (SSG 320M) and SSG-350M (SSG 350M); Firmware Version: ScreenOS 6.2.0r3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 01/28/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #713); AES (Cert. #868); DSA (Cert. #316); RNG (Cert. #498); RSA (Cert. #419); SHS (Cert. #862); HMAC (Cert. #484); ECDSA (Cert. #105) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The SSG 300 Series comprises high-performance security platforms that help businesses stop internal and external attacks, prevent unauthorized access, and achieve regulatory compliance. The SSG 350M provides 500 Mbps of stateful firewall performance and 225 Mbps of IPSec VPN performance, while the SSG 320M provides 400 Mbps of stateful firewall performance and 175 Mbps of IPSec VPN performance."
1171	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200	SSG 140 (Hardware Version: P/N SSG-140; Firmware Version: ScreenOS 6.2.0r3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 01/28/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #714); AES (Cert. #869); DSA (Cert. #317); RNG (Cert. #499); RSA (Cert. #420); SHS (Cert. #863); HMAC (Cert. #485); ECDSA (Cert. #106) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The SSG 140 is a high-performance security platform for branch offices and small/medium sized standalone businesses that want to stop internal and external attacks, prevent unauthorized access, and achieve regulatory compliance. The SSG 140 is a modular platform that delivers more than 350 Mbps of stateful firewall traffic and 100 Mbps of IPSec VPN traffic."
1170	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200	SSG 5 and SSG 20 (Hardware Versions: P/Ns SSG-5 (SSG 5) and SSG-20 (SSG 20); Firmware Version: ScreenOS 6.2.0r3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 01/28/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #711 and #715); AES (Certs. #866 and #870); DSA (Certs. #314 and #318); RNG (Certs. #496 and #500); RSA (Certs. #417 and #421); SHS (Certs. #860 and #864); HMAC (Certs. #482 and #486); ECDSA (Certs. #103 and #107) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The SSG 5 and SSG 20 are high-performance security platforms for small branch office and standalone businesses that want to stop internal and external attacks, prevent unauthorized access and achieve regulatory compliance. Both the SSG 5 and SSG 20 deliver 160 Mbps of stateful firewall traffic and 40 Mbps of IPSec VPN traffic."
1169	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200	NetScreen-ISG 1000 and NetScreen-ISG 2000 (Hardware Versions: P/Ns NS-ISG-1000 (NetScreen-ISG 1000) and NS-ISG-2000 (NetScreen-ISG 2000); Firmware Version: ScreenOS 6.2.0r3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 01/28/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #709); AES (Cert. #864); DSA (Cert. #312); RNG (Cert. #494); RSA (Cert. #415); SHS (Cert. #858); HMAC (Cert. #480); ECDSA (Cert. #101) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks ISG 1000 and ISG 2000 are fully integrated firewall/VPN systems that provide multi-gigabit performance, modular architecture and rich virtualization capabilities. They provide an ideal solution for large enterprise, data center, and service provider networks. The ISG Series firewall/VPN-based systems deliver security features such as Intrusion Prevention System (IPS), anti-spam, Web filtering, and Internet Content Adaptation Protocol (ICAP) antivirus redirection support."
1168	Juniper Networks, Inc. 1194 N. Mathilda Ave. Sunnyvale, CA 94089 USA -Mike Kouri TEL: 408-936-8206 FAX: 408-936-8200	NetScreen-5200 and NetScreen-5400 (Hardware Versions: P/Ns NS-5200/NS-5000-MGT2 (NetScreen-5200), NS-5200/NS-5000-MGT3 (NetScreen-5200), NS-5400/NS-5000-MGT2 (NetScreen-5400) and NS-5400/NS-5000-MGT3 (NetScreen-5400); Firmware Version: ScreenOS 6.2.0r3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 01/28/2010	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #710); AES (Cert. #865); DSA (Cert. #313); RNG (Cert. #495); RSA (Cert. #416); SHS (Cert. #859); HMAC (Cert. #481); ECDSA (Cert. #102) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 97 or 112 bits of encryption strength); DES; MD5 Multi-chip standalone "The Juniper Networks NetScreen-5000 Series is a line of purpose built, high-performance security systems designed to deliver a new level of high-performance capabilities for large enterprise, carrier, and data center networks. The NetScreen-5000 Series consists of two products, the 2-slot NetScreen-5200 and the 4-slot NetScreen-5400. The NetScreen-5000 Series security systems integrate firewall, DoS and DDoS protection, VPN, and traffic management functionality in low-profile modular chassis."
1167	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module (Hardware Version: VBD-03-0100; Firmware Version: 4.6.8) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/31/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510 and #934); DSA (Cert. #332); ECDSA (Cert. #117); HMAC (Cert. #523); RNG (Cert. #535); RSA (Cert. #453); SHS (Cert. #918); Triple-DES (Certs. #520 and #748); Triple-DES MAC (Triple-DES Certs. #520 and #748, vendor affirmed) -Other algorithms: ARIA; DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; DES-MAC; RC2-MAC; RC5-MAC; CAST-MAC; CAST3-MAC; CAST5-MAC; MD2; MD5; HAS-160; HMAC-MD5; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip embedded "Luna PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1166	Accellion, Inc. 1900 Embarcadero Road, Suite 207 Palo Alto, CA 94303 USA -Prateek Jain TEL: 650-739-0095 FAX: 650-739-0561	Secure File Transfer Appliance (Hardware Version: P/N ACFIPS-01 Version 1.0.0; Firmware Versions: FTA_8_0_3 and FTA_8_0_136) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009; 10/02/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Certs. #843, #844 and #845); SHS (Certs. #835, #836 and #842); HMAC (Cert. #468); DSA (Cert. #307); Triple-DES (Cert. #771) -Other algorithms: Triple-DES (Cert. #771, key wrapping; key establishment methodology provides 80 bits of encryption strength); AES (Cert. #845, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Blowfish; MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Accellion Secure File Transfer Appliance is a key component of Accellion's secure file transfer solution that enables enterprises an easy to use solution for securely transferring large files. It helps eliminate FTP servers and offload file attachments from email resulting in improved email performance and reduced email storage. Extensive tracking and reporting tools enable companies to demonstrate compliance with SOX, HIPAA, FDA, and GLB regulations. Accellion appliances provide the highest level of security and ease of use of any enterprise file transfer solution."
1165	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Bridge (Hardware Versions: ES520V1, ES520V2 and ES300; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	08/18/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5; Hardware RNG Multi-chip standalone "The Fortress Secure Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1164	Meru Networks 894 Ross Drive Sunnyvale, CA 94089 USA -Joe Epstein TEL: 408-215-5300 FAX: 408-215-5301	Meru Networks Security Gateway SG1000 Cryptographic Module (Hardware Version: P/N MN-SG1000; Firmware Version: 1.0-27) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #720); AES (Certs. #903 and #904); SHS (Cert. #894); HMAC (Cert. #493); RSA (Cert. #440); RNG (Cert. #518); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits of encryption strength) -Other algorithms: MD5; AES (Cert. #903, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Multi-chip embedded "The Meru Networks Security Gateway SG1000 Cryptographic Module is a high performance purpose built security solution for Wireless LAN deployments. The Meru Networks Security Gateway SG1000 Cryptographic Module provides a FIPS 140-2 Level 3 security solution conforming to the IEEE 802.11i security standards. The Meru Networks Security Gateway SG1000 Cryptographic Module is installed in a slot in the Meru Networks Security Gateway SG1000 appliance."
1163	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	Luna® PCI Cryptographic Module for Luna® IS (Hardware Version: VBD-03-0100; Firmware Versions: 5.2.5 and 5.2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/18/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #510, #910 and #913); Triple-DES (Certs. #520, #728 and #738); DSA (Certs. #320 and #326); RSA (Certs. #442, #444, #454 and #455); ECDSA (Certs. #110 and #112); SHS (Certs. #898 and #900); HMAC (Certs. #507 and #509); Triple-DES MAC (Triple DES Certs. #520, #728 and #738; vendor affirmed); RNG (Certs. #522 and #523) -Other algorithms: AES MAC (AES Certs. #510, #910 and #913; non-compliant); DES; RC2; RC4; RC5; CAST; CAST3; CAST5; SEED; CAST5 in a CBC-MAC; MD2; MD5; HAS-160 (plain hash and HMAC); SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; PBE-MD2-DES; PBE-MD5-DES; PBE-MD5-CAST; PBE-MD5-CAST3; PBE-SHA-1-CAST5; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip embedded "The Luna® PCI for Luna® IS offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI card."
1162	Brocade Communications 1745 Technology Drive San Jose, CA 95110 USA -Greg Farris TEL: 408-333-7315	Brocade Encryption Switch/FS8-18 Cryptographic Module (Hardware Versions: BES [P/Ns 60-1001079-01 Rev. B and C] and FS8-18 [P/Ns 60-1001078-01 Rev. B and C]) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/29/2009; 12/22/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #596 and #851); AES GCM (AES Cert. #851, vendor affirmed); RNG (Cert. #358); HMAC (Cert. #346); SHS (Certs. #645 and #844); RSA (Certs. #337 and #407) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); ECC-CDH (non-compliant); AES (Cert. #596, key wrapping; key establishment methodology provides 256 bits of encryption strength) Multi-chip embedded "Cryptographic module for the Brocade Encryption Switch and FS8-18."
1161	Fortinet, Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-1000A and FortiGate-3600 (Hardware Versions: FortiGate 1000A (build C4WA49) and FortiGate 3600 (build C4KW75); Firmware Version: FortiOS 3.0, build8931, 081110) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/29/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #742, #743, #489 and #490); RNG (Cert. #530); AES (Certs. #925, #926, #475 and #476); SHS (Certs. #909, #910, #543 and #544); RSA (Cert. #449); HMAC (Certs. #516, #517, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1160	Motorola, Inc. 1301 East Algonquin Rd. Schaumburg, IL 60196 USA -Kirk Mathews TEL: 847-576-4101 FAX: 847-538-2770	KVL 3000 Plus (Hardware Version: P/N T6717A; Firmware Version: R03.52.45) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/29/2009	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -FIPS-approved algorithms: AES (Cert. #2); Triple-DES (Cert. #82); Triple-DES MAC (Triple-DES Cert. #82, vendor affirmed); SHS (Cert. #335); RNG (Cert. #121) -Other algorithms: DES; DES MAC; DES-XL; DVI-XL; DVI-SPFL; DVP-XL; ADP; HCA; LFSR; AES MAC (AES Cert. #2; vendor affirmed; P25 AES OTAR) Multi-chip standalone "The KVL 3000 Plus is a portable key distribution device. Encryption keys can be loaded into the KVL manually through its keypad interface or transferred from a Key Management Facility through its serial interface. These keys can then be distributed to various secure communications equipment such as mobile and portable radios, base stations, zone controllers, data controllers, and other fixed network devices. The KVL also includes a PCMCIA interface for software upgrades."
1159	RSA Security, Inc. 228 South Street Hopkinton, MA 01748 USA -Jeff Stone TEL: 508-249-1189 -Nirav Mehta TEL: 508-249-2964	RSA BSAFE® Crypto-Kernel (Software Version: 1.3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/29/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP2 (x86 Celeron); Windows Server 2003 SP2 (x64 AMD Athlon X2); Windows Server 2003 SP2 (Itanium 2) (single-user mode) -FIPS-approved algorithms: AES (Cert. #1105); HMAC (Cert. #617); SHS (Cert. #1028) -Other algorithms: AES-XTS Multi-chip standalone "RSA BSAFE® Crypto-Kernel is a cryptographic library from RSA, The Security Division of EMC, to provide symmetric encryption, hashing, and message authentication code creation, in the operating system kernel. It provides Advanced Encryption Standard (AES) cipher, SHA-256 message digest, and HMAC capabilities."
1158	AirMagnet, Inc. 830 E. Arques Ave. Sunnyvale, CA 94085 USA -Tony Ho TEL: 408-400-1255 FAX: 408-744-1250	SmartEdge Sensor A5020, A5023, A5120 and A5123 (Hardware Versions: A5020, A5023, A5120 and A5123; Firmware Version: 8.5.0-12047) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/29/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #331); Triple-DES (Cert. #395); SHS (Cert. #406); RSA (Cert. #111); RNG (Cert. #152); HMAC (Cert. #135) -Other algorithms: RC4; RC2; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); DES; Triple-DES (non-compliant); AES (non-compliant); IDEA; Blowfish; Twofish Multi-chip standalone "The SmartEdge Sensor is equipped with patent pending AirWISE Analytical Engine that, in real time, monitors and analyzes the security, performance, and reliability of the wireless network."
1157	Sun Microsystems, Inc. 500 Eldorado Blvd., Bldg 5 Broomfield, CO 80021 USA -Alexander Stewart TEL: 303-272-7572 FAX: 303-272-3023	Sun StorageTek™ T10000A Tape Drive (Hardware Version: P/N 315462802; Firmware Versions: 1.40.108, 1.41.110 and 1.41.111) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/16/2009; 09/02/2009	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #495, #647, #941, #942 and #967); DRBG (Cert. #6); HMAC (Certs. #398 and #540); SHS (Certs. #736 and #937); RSA (Cert. #334) -Other algorithms: AES (Cert. #941, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5 Multi-chip standalone "The Sun StorageTek™ T10000A tape drive provides 500 GB native capacity and 120 MB/sec throughput. The T10000A is designed for maximum security and performance in enterprise-level applications. It employs AES-256 encryption to protect and authenticate customer data while also using AES-256 to provide secure and authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Sun KMA 2.x to provide a secure end-to-end management solution."
1156	Sun Microsystems, Inc. 500 Eldorado Blvd., Bldg 5 Broomfield, CO 80021 USA -Alexander Stewart TEL: 303-272-7572 FAX: 303-272-3023	Sun StorageTek™ T10000B Tape Drive (Hardware Version: P/N 315488302; Firmware Versions: 1.40.208, 1.41.210 and 1.41.211) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/16/2009; 09/02/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #495, #647, #941, #942 and #967); DRBG (Cert. #6); HMAC (Certs. #398 and #540); SHS (Certs. #736 and #937); RSA (Cert. #334) -Other algorithms: AES (Cert. #941, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5 Multi-chip standalone "The Sun StorageTek™ T10000B tape drive provides 1 TB native capacity and 120 MB/sec throughput using the same media and with backward read compatibility to the T10000A. Designed for maximum security and performance, the T10000B provides AES-256 encryption to protect and authenticate customer data and to provide secure, authenticated transmission of key material. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Sun KMA 2.x to provide a secure end-to-end management solution."
1155	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Mike Soto TEL: 408-902-8125 FAX: 408-853-3122	Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3) (Hardware Versions: 6506, 6509, 6506-E and 6509-E; Backplane chassis: Hardware Versions 1.1 (6506-E), 1.4 (6509-E), 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 5.7(SUP720-3B), 5.7 (SUP720-3BXL), 2.1 (SUP720-10GbE); IPSec VPN SPA; Hardware Version 1.0; Firmware Versions: Modular IOS 12.2(33)SXI and 12.2(33)SXI1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/16/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert #598); HMAC (Certs. #348 and #550); RNG (Certs. #356 and #554); SHS (Certs. #647 and #948); Triple-DES (Cert #569) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "The Catalyst 6500 series switches with the IPSec VPN SPA offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1154	Digi International, Inc. 11001 Bren Road East Minnetonka, MN 55343 USA -Brian O'Rourke TEL: 952-912-3444 FAX: 952-912-4952	Digi Passport 4 FIPS, 8 FIPS, 16 2 AC FIPS, 32 2 AC FIPS and 48 2 AC FIPS (Hardware Version: Rev. 1.1; Firmware Version: 1.2.0F) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	07/16/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #821); Triple-DES (Cert. #693); SHS (Cert. #819); RSA (Cert. #398); DSA (Cert. #301); RNG (Cert. #473); HMAC (Cert. #454) -Other algorithms: RC4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); DES Multi-chip standalone "The latest entry in Digi's advanced console management line, the Digi Passport provides secure remote access to the console ports of computer systems and network equipment. In addition to conventional serial console connections, the Digi Passport connects to the service processors of the leading server vendors. It also provides SMASH extensions to each of these network-based access protocols."
1153	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Mike Soto TEL: 408-902-8125 FAX: 408-853-3122	Cisco Catalyst 6506, Catalyst 6506-E, Catalyst 6509 and Catalyst 6509-E Switch with Catalyst 6500 Series VPN Services Port Adapter (ws-ipsec-2 and ws-ipsec-3) (Hardware Versions: 6506, 6509, 6506-E and 6509-E; Backplane chassis: Hardware Versions 1.1(6506-E), 1.4 (6509-E) and 3.0 (6506, 6509); Supervisor Blade: Hardware Versions 5.7 (SUP720-3B), 5.7 (SUP720-3BXL) and 2.1 (SUP720-10GbE); IPSec VPN SPA: Hardware Version 1.0; Firmware Versions: IOS 12.2(33)SXI and IOS 12.2(33)SXI1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/01/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #598); HMAC (Certs. #348 and #549); RNG (Certs. #356 and #553); SHS (Certs. #647 and #947); Triple-DES (Cert. #569) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); MD5; HMAC-MD5; RSA (non-compliant) Multi-chip standalone "The Catalyst 6500 series switches with the VPN Services Port Adapter offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco router easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
1152	IBM Corporation 9032 S Rita Road Tucson, AZ 85744 USA -David L. Swanson TEL: 520-799-5515 -Christine Knibloe TEL: 520-799-5719	IBM System Storage LTO Ultrium 4 Tape Drive (Hardware Versions: 23R9539 (Fibre Channel), 23R9904 (SAS), and 95P4613 (SCSI); Firmware Versions: df080911bf_89Bb.FC.fips.ro (Fibre Channel), df080911bf_89Bb.SAS.fips.ro (SAS), and df080911bf_89Bb.SCSI.fips.ro (SCSI)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/01/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #918 and #919); AES GCM (Certs. #918 and #919, vendor affirmed); RNG (Cert. #527); RSA (Cert. #446); SHS (Cert. #906) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IBM LTO Ultrium 4 Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Three different host interface types of the LTO Ultrium 4 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
1151	Rajant Corporation 400 E. King Street Malvern, PA 19355 USA -Marty Lamb TEL: 610-873-6788 x209	BreadCrumb® ME2 1S2F (Hardware Version: ME2 1S2F; Firmware Version: 10.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/01/2009	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #791 and #908); RSA (Cert. #378); SHS (Cert. #792); HMAC (Cert. #434); RNG (Cert. #455); -Other algorithms: RC4; MD5; Diffie-Hellman; AES (Cert #791, key wrapping) Multi-chip standalone "The Rajant BreadCrumb® ME2 1S2F is a rugged wireless transmitter-receiver that forms a mesh network (using InstaMesh®) when used in conjunction with other BreadCrumb® devices. This portable wireless mesh network node supports an open-standard IEEE 802.11 b/g radio with up to two antennas to enable data, voice and video applications."
1150		Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/22/2009; 12/11/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip embedded
1149	IronKey, Inc. 5150 El Camino Real, Suite C31 Los Altos, CA 94022 USA -Gil Spencer TEL: 650-492-4055 FAX: 650-967-4650	IronKey S200/D200 (Hardware Versions: P/Ns D2-S200-S01, D2-S200-S02, D2-S200-S04, D2-S200-S08, D2-S200-S16, D2-D200-S01, D2-D200-S02, D2-D200-S04, D2-D200-S08, D2-D200-S16 and D2-D200-S32; Firmware Versions: 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.5 and 2.0.6) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009; 08/28/2009; 10/02/2009; 11/20/2009; 12/22/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #1034); RNG (Cert. #587); RSA (Cert. #494); SHS (Certs. #986 and #987); HMAC (Cert. #579) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The IronKey Secure Flash Drive includes a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA-256, SHA-1, and RNG algorithms."
1148	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Clint Winebrenner TEL: 919-564-9143	Cisco Unified Wireless IP Phone 7921G and 7925G (Hardware Versions: 7921G and 7925G; Firmware Version: 1.3(2)) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Certs. #987 and #988); HMAC (Certs. #555 and #556); RNG (Cert. #560); RSA (Cert. #475); SHS (Certs. #954 and #955); Triple-DES (Cert. #773) -Other algorithms: HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); MD5 Multi-chip standalone "For workers who need to communicate while moving about the workplace or campus, the Cisco Unified Wireless IP Phone 7921G and 7925G provide wired phone capabilities in an easy-to-navigate, menu directed wireless phone. These phones can be programmed with six extensions or a combination of extensions and speed dials. Each have a 2-inch color display; speakerphone capabilities, a new combination charger and speakerphone stand. Additionally, the 7925G provides support for bluetooth headsets."
1147		Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/18/2009	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1146	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 ext.72921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Version: 3.8.5.51) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	06/24/2009; 01/28/2010	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry Storm 9500 with BlackBerry OS Version 4.7 -FIPS-approved algorithms: Triple-DES (Cert. #750); AES (Certs. #946 and #947); SHS (Cert. #921); HMAC (Cert. #526); RSA (Cert. #456); RNG (Cert. #536); ECDSA (Cert. #118) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1145	Oberthur Technologies 4250 Pleasant Valley Road Chantilly, VA 20151-1221 USA -Christopher Goyet TEL: 703-263-0100 FAX: 703-263-0503	Oberthur ID-One Cosmo 128 v5.5 for DoD CAC (Hardware Version: B0; Firmware Versions: F310-067733 with ASC library package v2.6.2B.3, ACA applet package v2.6.2B.4, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.4, and SMA applet package v2.6.2B.3) (PIV Card Application: Cert. #15) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #606); Triple-DES MAC (Triple-DES Cert. #606, vendor affirmed); RSA (Cert. #304); RNG (Cert. #377) -Other algorithms: RSA (key transport; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "This module is based on the Oberthur Dual Interface (ISO7816 & ISO14443) ID-One Cosmo family of Smart Cards that provide a secure Javacard platform with data storage and enhanced cryptographic processing capabilities specifically designed to fit the needs of government and enterprise personnel identification applications. This configuration runs ActivIdentity applet suite V 2.6.2B into its 144K EEPROM memory. The Applet Suite provides services for authentication, access control, generic container and PKI. It conforms to SP800-73-1 Transitional & End-Point Card Edge (for HSPD-12/PIV)."
1144	SCsquare Ltd. 2A Habarzel St. Ramat Hahayal Tel Aviv, 69710 Israel -Yossi Fixman TEL: +972-3-7657-331 FAX: +972-3-649-4975	Apollo OS V4.03 on SLE66CX680PE m1534-a13 (Firmware Version 4.03) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	06/24/2009	Overall Level: 3  -Tested: SLE66CX680PE m1534-a13 smart card controller IC -FIPS-approved algorithms: Triple-DES (Cert. #701); DSA (Cert. #306); SHS (Cert. #839); RNG (Cert.#483); RSA (Cert. #406); HMAC (Cert. #464) -Other algorithms: ECDSA (non-compliant) Single-chip "Apollo OS V4.03 on SLE66CX680PE is a multi-purpose smart card utilizing an ISO 7816 file system. Apollo OS V4.03 is implemented as firmware in ROM of an Infineon SLE66CX680PE smart card controller IC."
1143	Mitsubishi Electric Corporation Kamakura Works 325 Kamimachiya Kamakura, Kanagawa 247-8520 Japan -Masanori Sato TEL: +81-467-41-6640 FAX: +81-467-41-6975 -Koichiro Sasaki TEL: +81-467-41-6670 FAX: +81-467-41-6975	Command Encryption Module (Firmware Version: 1.1) (When operated in FIPS mode with the Operational Environment configuration specified on the reverse with the Firewall configured per Section 11 in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Firmware	06/24/2009	Overall Level: 2  -EMI/EMC: Level 3 -Tested: HP Compaq DC 5100 Running Microsoft Windows 2000 SP4 and Zone Labs Zone Alarm Pro Firewall version 7.0.481.000 -FIPS-approved algorithms: Triple-DES (Cert. #759) -Other algorithms: N/A Multi-chip standalone "Command Encryption Module is a firmware module designed to perform Triple DES CFB mode encryption functions."
1142		Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/03/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1141	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019	Cisco ASA 5505, 5510, 5520, 5540 and 5550 Security Appliances (Hardware Versions: 5505, 5510, 5520, 5540 and 5550; Firmware Versions: 8.0.4.16, 8.0.4.28 and 8.0.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/24/2009; 07/17/2009; 01/28/2010	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #105, #564, #966 and #1258); HMAC (Certs. #125, #301, #539 and #735); RNG (Certs. #144, #329, #545 and #701); RSA (Certs. #106, #261, #467 and #604); SHS (Certs. #196, #630, #935 and #1153); Triple-DES (Certs. #217, #559, #760 and #897) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); ECDH (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; DES; RC4; HMAC MD5; RSA (key wrapping; key establishment methodology provides 80 bits or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
1140	EF Johnson Technologies 1440 Corporate Drive Irving, TX 75038-2401 USA -John Oblak TEL: 507-837-5116 FAX: 507-837-5120	Johnson Encryption Machine 2 (JEM2) (Hardware Version: 023-3900-183; Firmware Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	06/25/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #917); SHS (Cert. #904); HMAC (Cert. #512); DSA (Cert. #328); RNG (Cert. #526) -Other algorithms: AES (Cert. #917, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (AES Cert. #917, vendor affirmed; P25 AES OTAR); DES Multi-chip standalone "The EF Johnson Technologies Johnson Encryption Machine 2 (JEM2) is a cryptographic module meeting the FIPS140-2, Level 1 requirement. The JEM2 provides cryptographic operations to support Project 25 infrastructure. The JEM2 supports AES OTAR, AES, DSA, SHA-1, SHA-256, SHA-512, and HMAC FIPS Approved algorithms."
1139	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Chris Romeo TEL: 919-392-0512 FAX: 919-640-1019 -Mike Soto TEL: 408-902-8125	Cisco 3271 High Performance Mobile Access Router Card (HMARC) (Hardware Version: A0; Firmware Version: 12.4(15)T7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/28/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #890 and #945); HMAC (Certs. #497 and #530); RNG (Cert. #511); RSA (Cert. #432); SHS (Certs. #881 and #920); Triple-DES (Certs. #727 and #749) -Other algorithms: DES; DES-MAC; TDES-MAC (non-compliant); MD5; MD4; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength) Multi-chip embedded "The Cisco 3271 Rugged ISR is a high-performance, ruggedized router designed to support multiple applications running concurrently over wired or wireless networks. With onboard hardware encryption, the Cisco 3271 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks."
1138	NitroSecurity Inc 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169	NitroView ESM/Receiver Cryptographic Module (Hardware Version: NS-ESMRCV-2250-R; Software Versions: 8.0.0.20080605 and 8.2.0) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroView ESM/Receiver is a multi-chip standalone cryptographic module consisting of production grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1137	SafeNet, Inc. 20 Colonnade Road Suite 200 Ottawa, Ontario K2E 7M6 Canada -Terry Fletcher TEL: 613-221-5009 FAX: 613-723-5079	ProtectServer Gold (PSG) (Hardware Version: Revision B4; Firmware Version: 2.07.00) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009; 07/24/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Cert. #921); DSA (Cert. #329); ECDSA (Cert. #114); HMAC (Cert. #515); RNG (Cert. #529); RSA (Cert. #448); SHS (Cert. #908); Triple-DES (Cert. #741); Triple-DES MAC (Triple-DES Cert. #741, vendor affirmed) -Other algorithms: AES MAC (AES Cert. #921; non-compliant); CAST 128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 152 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECIES; IDEA; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 80 and 152 bits of encryption strength); SEED; SEED MAC Multi-chip standalone "The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
1136	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arie, Petach Tikva Israel -Chanan Lavi TEL: 972-3-9781111 FAX: 972-3-9781010	Aladdin eToken PRO (Java) HD (Hardware Versions: P/N Aladdin eToken PRO (Java) HD Version 4.29; Firmware Versions: 0106.7130.0207 or 0106.8015.0508 with Aladdin eToken v1.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #681); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); SHS (Cert. #789) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "Aladdin eToken PRO (Java) HD offers strong authentication and guaranteed non-repudiation for sensitive applications such a eBanking, stock trading, eCommerce and financial transactions. Aladdin eToken PRO (Java) HD is based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and Global Platform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits including on board key generation."
1135	Aladdin Knowledge Systems, Ltd. 35 Efal St. Kiryat Arie, Petach Tikva Israel -Chanan Lavi TEL: 972-3-9781111 FAX: 972-3-9781010	Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC (Hardware Versions: P/Ns Aladdin eToken PRO (Java) Version 4.29 and Aladdin eToken PRO (Java) SC Versions 7 or 8; Firmware Versions: 0106.7130.0207 or 0106.8015.0508 with Aladdin eToken v1.1) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #681); AES (Cert. #788); RNG (Cert. #453); RSA (Cert. #375); Triple-DES MAC (Triple-DES Cert. #681, vendor affirmed); SHS (Cert. #789) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC offers strong authentication and guaranteed non-repudiation for sensitive applications such a eBanking, stock trading, eCommerce and financial transactions. Aladdin eToken PRO (Java) and Aladdin eToken PRO (Java) SC are based on the Athena IDProtect Java Card smart card operating system that is compliant with the Java Card 2.2.2 and Global Platform 2.1.1 specifications and FIPS 140-2 Level 3 (Level 4 for physical security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 bits incl"
1134	Mobile Armor, Inc. 400 South Woods Mill Road Suite 300 St. Louis, MO 63017 USA -Brian Wood TEL: 443-468-1238	Mobile Armor Cryptographic Module (Software Version: 3.0) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista; Microsoft Windows Vista 64-bit; Red Hat Enterprise Linux 5.1; Red Hat Enterprise Linux 5.1 64-bit; Fedora Core 8; Fedora Core 8 64-bit; Ubuntu 7.10; Ubuntu 7.10 64-bit; Apple OS X 10.5; Windows Mobile 6 (single user mode) -FIPS-approved algorithms: AES (Cert. #820); Triple-DES (Cert. #692); SHS (Cert. #818); HMAC (Cert. #453); RNG (Cert. #472) -Other algorithms: N/A Multi-chip standalone "The Mobile Armor Cryptographic Module 3.0 is a multi-chip standalone software module running on a standard IBM compatible personal computer, an Intel-based Mac, or a mobile device. On the PC, the software module can execute within a Linux, Microsoft Windows or Mac OS X operating system; while on a mobile device the module can be executed within a Windows Mobile Operating System."
1133	Stonewood Group Sanford Lane Wareham, Dorset BH20 4DY United Kingdom -Tim D. Stone TEL: +44 1929 55 44 00 FAX: +44 1929 55 25 25	FlagStone Core (Hardware Versions: V2.0.1.1, V2.0.1.2, V2.0.1.3, V2.0.2.1, V2.0.2.2, V2.0.2.3, V2.0.3.3 and V2.0.3.4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	05/22/2009; 06/01/2009; 01/06/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #922 and #923); RNG (Cert. #531) -Other algorithms: N/A Multi-chip embedded "The FlagStone Core is a multi-chip embedded cryptographic module used within the Eclypt and the Eclypt Freedom Drives. The FlagStone Core, and subsequently the Eclypt and Eclypt Freedom Drives utilising the FlagStone Core, provide access control and data encryption services to protect access to data stored on a HDD (Hard Disk Drive). All accessible sectors on a HDD connected to a FlagStone Core are encrypted."
1132	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766	McAfee Endpoint Encryption for Files and Folders (Software Versions: 3.1.1.7 and 3.1.2.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2009; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista 32; Microsoft Windows Vista 64; Microsoft Windows XP Professional (single-user mode) -FIPS-approved algorithms: AES (Cert. #891); DSA (Cert. #323); RNG (Cert. #512); SHS (Cert. #884) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RC5; AES (non-compliant) Multi-chip standalone "McAfee Endpoint Encryption for Files and Folders is a user transparent and high performing client software for encryption of files and folders on local drives, network shares, removable media and CD/DVD. E-mail attachments may also be encrypted for both internal and external recipients. In addition, the centralized McAfee Endpoint Encryption management system provides flexible and powerful management of encryption policies and keys, robust recovery tools, policy enforcement and remote deployment."
1131	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766	McAfee Endpoint Encryption for PCs (Software Versions: 5.1.6 and 5.1.7) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/22/2009; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista 64; Microsoft Windows Vista 32; Microsoft Windows XP Professional (single-user mode) -FIPS-approved algorithms: AES (Cert. #893); DSA (Cert. #325); RNG (Cert. #514); SHS (Cert. #886) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "McAfee Endpoint Encryption for PC is a high performance software solution that provides sector-level encryption of a PC's hard drive in a manner that is totally transparent to the user. In addition, the centralized McAfee Endpoint Encryption management system provides robust recovery tools, administration, and implementation."
1130	CommVault Systems, Inc. 2 Crescent Place Oceanport, NJ 07757 USA -Zahid Ilkal, Product Manager TEL: 732-870-4812 FAX: 732-870-4525	CommVault Crypto Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	05/12/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Intel Core2 Duo w/ Microsoft Windows 2003; Intel Core2 Duo w/ Redhat Linux 5.0; UltraSPARC II w/ Sun Solaris 10 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #700); AES (Cert. #847); SHS (Cert. #838); HMAC (Cert. #465); RSA (Cert. #405); RNG (Cert. #482) -Other algorithms: DES; Blowfish; Serpent; Twofish; MD5; HMAC-MD5 Multi-chip standalone "CommVault Crypto Library (CVCL) is a cryptographic software module used in various products by CommVault Systems, Inc. The module provides a collection of FIPS Approved and Non-FIPS Approved cryptographic services for key generation, symmetric and asymmetric encryption, hash, HMAC and signature generation/verification."
1129	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -William McIntosh TEL: 813-288-7388 x117	Fortress Secure Client (Software Version: 4.1.1 Build 4278X) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	07/06/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2000 Professional SP 4, Windows XP Professional SP 2, Windows 2003 Server SP2, Windows Vista Ultimate Edition (single-user mode) -FIPS-approved algorithms: AES (Cert. #975); HMAC (Cert. #547); RNG (Cert. #552); SHS (Cert. #944); Triple-DES (Cert. #768) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; RSA (non-compliant) Multi-chip standalone "The Fortress Secure Client is a software module designed to deliver security on wireless devices such as bar scanners, handhelds, and laptops using various operating systems. A plug-and-play solution, the Client encrypts and decrypts communication across the WLAN and protects the device against attacks without user intervention."
1128	NeoScale Systems, Inc. 1655 McCarthy Blvd Milpitas, CA 95035 USA -Marcus Streets TEL: 011-44-1223-723613 FAX: 011-44-1223-723601	CryptoStor Tape FC702R and FC704R (Hardware Versions: FC702R - P/N FA00005-00, Rev 6 and FC704R - P/N FA00006-00 Rev 8; Firmware Version: 2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/12/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #516); AES (Certs. #173 and #506); SHS (Certs. #258 and #577); RSA (Cert. #221); HMAC (Certs. #39 and #259); RNG (Cert. #285) -Other algorithms: N/A Multi-chip standalone "NeoScale CryptoStor Tape is a family of readily deployable, high-speed tape security appliances that compress, encrypt and digitally sign data as it goes to tape media or virtual tape without disrupting backup processes. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery. Used in conjunction with the NeoScale CryptoStor KeyVault key management system, CryptoStor Tape provides an automated, secure and open key sharing capability between locations, businesses or applications."
1127	NeoScale Systems, Inc. 1655 McCarthy Blvd. Milpitas, CA 95035 USA -Marcus Streets TEL: 011-44-1223-723613 FAX: 011-44-1223-723601	CryptoStor Tape SC702R (Hardware Version: P/N FAS00004-00 Rev 6; Firmware Version: 2.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/12/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #516); AES (Certs. #173 and #506); SHS (Certs. #258 and #577); RSA (Cert. #221); HMAC (Certs. #39 and #259); RNG (Cert. #285) -Other algorithms: N/A Multi-chip standalone "NeoScale CryptoStor Tape is a family of readily deployable, high-speed tape security appliances that compress, encrypt and digitally sign data as it goes to tape media or virtual tape without disrupting backup processes. It seamlessly integrates with widely used backup applications and incorporates Global Key Management technology for strong key management and data recovery. Used in conjunction with the NeoScale CryptoStor KeyVault key management system, CryptoStor Tape provides an automated, secure and open key sharing capability between locations, businesses or applications."
1126	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-5050 Chassis with FortiGate-5001A-DW Blade (Hardware Versions: FortiGate-5001A-DW (P4CJ36), ADM-XB2 (AMC28F), ADM-FB8 (P4FB78) and FG-5050 (C4QP38); Firmware Version: FortiOS 3.00, build8864,080819) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/12/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); AES (Certs. #612, #613 and #614); SHS (Certs. #660, #661 and #662); RSA (Certs. #284 and #285); HMAC (Certs. #315, #316 and #317) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1125	Fortress Technologies, Inc. 4023 Tampa Rd. Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Bridge (Hardware Versions: ES520V1 and ES520V2; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	05/14/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #688, #694 and #698); SHS (Certs. #715, #717, #721, #722 and #726); HMAC (Certs. #367, #371, #372 and #376); RSA (Cert. #439); RNG (Certs. #402, #406 and #409) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); MD5 Multi-chip standalone "The Fortress Secure Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1124	McAfee, Inc. 3965 Freedom Circle Santa Clara, CA 95054 USA -Mike Siegel TEL: 888-847-8766	McAfee Endpoint Encryption for Mobile (Software Versions: 2.3.0.5 and 2.4.0.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	05/01/2009; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Mobile 5 (single-user mode) -FIPS-approved algorithms: AES (Cert. #892); DSA (Cert. #324); RNG (Cert. #513); SHS (Cert. #885) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "McAfee Endpoint Encryption for Mobile is a security system for smart phones and pocket PCs that prevents the data stored on such devices from being read or used by an unauthorized person. In simple terms, McAfee Endpoint Encryption for Mobile takes control of a user's data away from the operating system."
1123	Mobile Armor, Inc. 400 South Woods Mill Rd. Suite 300 Chesterfield, MO 63017 USA -Brian Wood TEL: 314-590-0900 FAX: 314-590-0995	Mobile Armor Cryptographic Module 3.5 (Software Version: 3.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/24/2009	Overall Level: 2  -Operational Environment: Tested as meeting Level 2 with Windows XP Professional SP2 running on Dell Optiplex GX270; Windows 2000 Professional SP3 running on Dell Optiplex GX400; Windows Server 2003 SP1 running on Dell Optiplex GX270; Red Hat Enterprise Linux Version 5 running on IBM System x3455; SUSE Linux Enterprise Server 10 SP1 running on IBM System x3455 -FIPS-approved algorithms: AES (Cert. #920); HMAC (Cert. #514); RNG (Cert. #528); SHS (Cert. #907); Triple-DES (Cert. #740) -Other algorithms: DES Multi-chip standalone "The Mobile Armor Cryptographic Module provides the core cryptographic functionality of Mobile Armor's Enterprise Mobile Data Security products which provide enterprise-level data encryption and device management."
1122	Kanguru Solutions 1360 Main St. Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462	Kanguru Biolock (Software Version: 1.0.1.8) (This module contains the embedded module Crypto++ validated to FIPS 140-2 under Cert. #819 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/14/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #499); SHS (Cert. #569); HMAC (Cert. #253); RNG (Cert. #279); DSA (Cert. #206); Triple-DES (Cert. #512 ) -Other algorithms: N/A Multi-chip standalone "Kanguru Solutions is the leader in portable secure storage devices. Kanguru Biolock addresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
1121	Pitney Bowes, Inc. 35 Waterview Drive Shelton, CT 06484-8000 USA -Douglas Clark TEL: 203-924-3206 FAX: 203-924-3406	Cygnus X-2 Postal Security Device (Hardware Versions: 1MEC BBC/BAJ (Canada), 1MES BBC/BAJ (Canada), 1MCT BBC/BAJ (Canada), 1MET BBC/BAJ (Canada), 1M00 BBC/BAJ (US) and 1M05 BBC/BAJ (US)) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2009	Overall Level: 3  -Physical Security: Level 3 +EFP -FIPS-approved algorithms: ECDSA (Cert. #48); DSA (Cert. #200); SHS (Cert. #562); Triple-DES (Cert. #503); Triple-DES MAC (Triple-DES Cert. #503, vendor affirmed); RNG (Cert. #272); HMAC (Cert. #246) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The Pitney Bowes Cygnus X-2 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 and IPMAR security protection profile in order to support the USPS IBIP and international digital indicia standards globally. The PSD employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1120	TecSec, Atmel, CPI Card Group, and Athena Smartcard 1048 Dead Run Drive McLean, VA 22101-2121 USA -Ron Parsons TEL: 301-639-5510 FAX: 703-506-1484	TecSec PIV Eagle Card - Contact (Hardware Version: P/N Atmel AT90SC144144CT Revision G; Software Version: P/N TecSec Contact PIV Applet Version 1.01 JCT; Firmware Version: P/N Athena IDProtect XL Version 010A.7204.0004) (PIV Card Application: Cert. #11) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #592); Triple-DES MAC (Triple-DES Cert. #592, vendor affirmed); AES (Cert. #639); SHS (Cert. #674); RNG (Cert. #364); RSA (Cert. #292) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "The TecSec PIV Eagle Card - Contact cryptographic module provides data security for government and enterprise personnel identification. The primary purpose of this device is to enable the creation of a dual-chip PIV smart card as described in [FIPS201] that is fully compliant with the end-point service specified in SP800-73-1. The CM contains two Java Card applets implementing the PIV functionality (the Software) running on a GlobalPlatform Java Card operating system (the Firmware). The CM is physically connected to a smart card contact plate as defined in [7816-1] and [7816-2]."
1119	LiteScape Technologies, Inc. 1000 Bridge Parkway, Suite 200 Redwood Shores, CA 94065 USA -Kayvan Alikhani	LiteScape SPAR (Hardware Version: 021013A; Firmware Version: 1.0.7, Bootloader: v52b4) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #822); HMAC (Certs. #455, #456 and #457); SHS (Certs. #820, #821 and #822) -Other algorithms: N/A Multi-chip standalone "SPAR (Secure Personal Authentication Reader) is a multi-factor authentication device that provides RFID, Biometric and Magnetic-card interfaces. Using the SPAR at the edge of VOIP networks when coupled with devices such as IP phone terminals dramatically increases the security, validation and personalization process for business applications."
1118	TecSec, Atmel, CPI Card Group, and Athena Smartcard 1048 Dead Run Drive McLean, VA 22101-2121 USA -Ron Parsons TEL: 301-639-5510 FAX: 703-506-1484	TecSec PIV Eagle Card - Contactless (Hardware Version: P/N Atmel AT90SC12872RCFT Revision M; Software Version: P/N TecSec Contactless PIV Applet Version 1.0 JCL; Firmware Version: P/N Athena ID Protect Duo Version 0107.7099.0105) (PIV Card Application: Cert. #11) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009	Overall Level: 3  -Physical Security: Level 4 -FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); SHS (Cert. #680); RNG (Cert. #368); RSA (Cert. #296) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "TecSec PIV Eagle Card - Contactless is a cryptographic module that may be configured as a contact or contactless PIV application. With this unique solution, a dual-chip product can be created without changing the user experience that assures the information stored on the contact chip is not compromised through the contactless interface. The CM is based on the Athena OS755 Java Card smart card operating system that is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 2 (Level 4 for physical security)."
1117	Chunghwa Telecom Co., Ltd. Telecommunication Laboratories 12, Lane 551, Min-Tsu Road SEC.5, Yang-Mei, Taoyuan, Taiwan 326 Republic of China -Yeou-Fuh Kuan TEL: +886-3-424-4333 FAX: +886-3-424-4129 -Char-Shin Miou TEL: +886-3-424-4381 FAX: +886-3-424-4129	HiKey - Flash and HiKey PKI Token (Hardware Versions: 1.5 and 1.8; Software Version: Card OS version 3.1 with GINA Applet: 1.0, PKI Applet: 2.0, FISC II Applet: 1.2; Firmware Version: 1.25) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	07/07/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: RSA (Cert. #434); Triple-DES (Cert. #732); SHS (Cert. #889); RNG (Cert. #515); HMAC (Cert. #501); Triple-DES MAC (Cert. #732, vendor affirmed); AES (Cert. #896); -Other algorithms: AES-MAC (AES Cert. #896; non-compliant) Multi-chip standalone "The HiKey Flash and HiKey PKI Token modules are multi-chip standalone implementations of a cryptographic module. The Hikey - Flash and HiKey PKI Token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The HiKey - Flash and HiKey PKI Token cryptographic modules contain an implementation of the Open Platform (OP) Version 2.0.1 specification defining a secure infrastructure for post-issuance programmable smart cards."
1116	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Robbie Gill TEL: 408-754-8406 FAX: 408-227-4550	Aruba AP-65, AP-70 and AP-85 Wireless Access Points (Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 and AP-85TX-F1 Rev. 01; Firmware Version: ArubaOS 3.3.2.18-FIPS) (When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/03/2009; 05/18/2009; 07/24/2009; 12/10/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #895 and #900); HMAC (Certs. #500 and #503); RNG (Cert. #516); RSA (Certs. #433 and #436); SHS (Certs. #887, #888 and #892); Triple-DES (Certs. #731 and #734) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1115	Safend Ltd. 32 Habarzel Street Tel Aviv, 69710 Israel -Alon Barel TEL: +972-3-644-2662 x225 FAX: +972-3-648-6146	Safend Cryptographic Library (Software Version: 3.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2009; 05/18/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional (single-user mode) -FIPS-approved algorithms: AES (Cert. #879); SHS (Cert. #870); HMAC (Cert. #492); RNG (Cert. #504) -Other algorithms: DES; SHA-256 (Cert. #870; non-compliant) Multi-chip standalone "The Safend Cryptographic Library offers reliable, simple and tamper-proof endpoint monitoring, device identification, and blocking based on administrator-defined policies. Protects all local, physical communications ports including USB, Firewire and PCMCIA, wireless endpoints such as WiFi, Bluetooth and IrDA, and removable and physical storage devices such as CD/DVD-RWs and iPods."
1114	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086-5301 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-310B (Hardware Version: C4ZF35; Firmware Version: FortiOS 3.00, build8864,080819) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/03/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #612, #613 and #614); Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); SHS (Certs. #660, #661 and #662); HMAC (Certs. #315, #316 and #317); RSA (Certs. #284 and #285) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1113	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-200A/200A-HD; FortiGate-300A/300A-HD; FortiGate-500A/500A-HD; FortiGate-800 (Hardware Versions: FortiGate-200/200A-HD (build C4AY89), FortiGate-300/300A-HD (build C4FK88), FortiGate-500/500A-HD (build C4BE21), FortiGate-800 (build C4UT39); Firmware Version: FortiOS 3.0, build8931, 081110) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	04/03/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #742, #743, #489 and #490); RNG (Cert. #530); AES (Certs. #925, #926, #475 and #476); SHS (Certs. #909, #910, #543 and #544); RSA (Cert. #449); HMAC (Certs. #516, #517, #232 and #233) -Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 110 bits of encryption strength); MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1112	Technical Communications Corporation 100 Domino Drive Concord, MA 01742-2892 USA -Fidel Camero TEL: 978- 287-6303 FAX: 978-371-1280	CipherTalk® 8000 Cryptographic Module (Software Version: 2.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	04/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Mobile 5.0; Windows Mobile 6.1; Windows XP Embedded with SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #848); SHS (Cert. #840); RNG (Cert. #484); HMAC (Cert. #466) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 149 bits of encryption strength); Twofish Multi-chip standalone "The CipherTalk® 8000 Cryptographic Module is an Operating System Agnostic cipher engine, encapsulating all the cryptographic functions for TCC's CipherTalk family of wireless products. Its functions include encryption and key exchange algorithms, authentication algorithms, and integrity and verification algorithms."
1111	Open Source Software Institute 3610 Pearl Street Hattiesburg, MS 39401 USA -Steve Marquess TEL: 301-524-9915 FAX: 301-831-8447	OpenSSL FIPS Runtime Module (Software Version: 1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	04/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Fedora Linux 9; Microsoft Windows XP SP 2 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #623 and #624); AES (Certs. #681 and #682); SHS (Certs. #711 and #712); HMAC (Certs. #362 and #363); RSA (Certs. #318 and #319); DSA (Certs. #257 and #258); RNG (Certs. #397 and 398) -Other algorithms: DES; Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL v0.9.8 product."
1110	Gesellschaft für sichere Mobile Kommunikation mbH Marienstrasse 11 Berlin, 10117 Germany -Bjoern Rupp TEL: +49 700 2797 8835 -Frank Rieger TEL: +49 700 2797 8835	CryptoPhone Security Kernel (Software Version: 2.0) Validated to FIPS 140-2 Security Policy Certificate	Software	03/26/2009; 07/08/2009	Overall Level: 1  -Operational Environment: Windows Mobile 5.0; Windows Mobile 6.1; Windows XP Embedded with SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #849); SHS (Cert. #841); RNG (Cert. #485); HMAC (Cert. #467) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 149 bits of encryption strength); Twofish Multi-chip standalone "The CryptoPhone Security Kernel is a portable multi-platform cryptographic module that provides strong encryption, authentication, key exchange, message integrity verification, and secure memory abstraction services to GSMK CryptoPhone encryption products. All GSMK products come with full source code for independent review."
1109	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Robbie Gill TEL: 408-754-8406 FAX: 408-227-4550	Aruba AP-120 Series Wireless Access Points (Hardware Versions: AP-124-F1 Rev. 01and AP-125-F1 Rev. 01; Firmware Version: ArubaOS 3.3.2.18-FIPS) (When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/26/2009; 05/18/2009; 07/24/2009; 12/10/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #861 and #900); HMAC (Certs. #478 and #503); RNG (Cert. #516); RSA (Certs. #435 and #436); SHS (Certs. #891, #856 and #892); Triple-DES (Certs. #708 and #734) -Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba's single and multi-radio wireless access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Multi-Service Mobility Controllers, where per-user role based access controls are applied. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i client standard, the xSec client and 256-bit AES encryption. Also, Aruba APs can provide Air Monitoring for intrusion detection and have Wi-Fi Alliance certification for IEEE 802.11a, IEEE 802.11b, IEEE 802.11g, and IEEE 802.11"
1108	Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.) 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701	Secure Firewall (Sidewinder) 1100E (Hardware Version: 1100; Firmware Version: 7.0.1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1107	Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.) 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701	Secure Firewall (Sidewinder) 2150E (Hardware Version: 2150; Firmware Version: 7.0.1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1106	Secure Computing Corporation (Wholly owned subsidiary of McAfee, Inc.) 2340 Energy Park Drive St. Paul, MN 55108 USA -Mark Hanson TEL: 651-628-1633 FAX: 651-628-2701	Secure Firewall (Sidewinder) 4150E (Hardware Version: 4150; Firmware Version: 7.0.1.01) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/09/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #972, #973 and #974); Triple-DES (Certs. #765, #766 and #767); SHS (Certs. #941, #942 and #943); HMAC (Certs. #544, #545 and #546); RNG (Certs. #549, #550 and #551); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES Multi-chip standalone "Secure Firewall (Sidewinder) solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. Secure Computing's Secure Firewall (Sidewinder) appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1105	AJA Video Systems, Inc. 443 Crown Point Circle Grass Valley, CA 95945 USA -Fred Dominikus TEL: 530-274-2048 FAX: 530-274-9442	JPG2K (Hardware Versions: 102387-00, 102387-02 and 102387-03; Firmware Versions: 1.0 and 1.5) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/26/2009; 01/06/2010	Overall Level: 3  -FIPS-approved algorithms: RSA (Cert. #392) -Other algorithms: N/A Multi-chip embedded "The JPG2K is a PCIe card that provides a platform for secure media processing."
1104	NitroSecurity Inc 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169	NitroView Receiver Cryptographic Module (Hardware Version: NS-RCV-2250-R; Software Versions: 8.0.0.20080605 and 8.2.0) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/26/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroView Receiver is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1103	NitroSecurity Inc 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169	NitroView ESM Cryptographic Module (Hardware Versions: NS-ESM-4245-R, NS-ESMR-4200-R and NS-ESM-5750-R; Software Versions: 8.0.0.20080605 and 8.2.0) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/26/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroView ESM is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device."
1102	Hewlett-Packard Company 19091 Pruneridge Ave. MS 4441 Cupertino, CA 95014 USA -Jane Blanchard TEL: 408-447-2168 FAX: 408-447-5525	HP StorageWorks Secure Key Manager (Hardware Version: P/N AJ087B, Version 1.1; Firmware Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	04/14/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #653); DSA (Cert. #244); HMAC (Cert. #470); RNG (Cert. #375); RSA (Cert. #302); SHS (Cert. #847); Triple-DES (Cert. #604) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); KAS (vendor affirmed, key establishment methodology provides 80 bits of encryption strength); DES; MD5; RC4 Multi-chip standalone "The HP Secure Key Manager automates encryption key generation and management based on security policies. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
1101	PGP Corporation 200 Jefferson Dr. Menlo Park, CA 94025 USA -Vinnie Moscaritolo TEL: 650-319-9000 FAX: 650-319-9001	PGP Software Developer's Kit (SDK) Cryptographic Module (Software Version: 3.12.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/26/2009	Overall Level: 1  -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Mac OS X 10.5; Linux, 32-bit: Fedora Core 6 (single-user mode) -FIPS-approved algorithms: Triple-DES (Certs. #753, #754 and #755); AES (Certs. #951, #954 and #955); RSA (Certs. #459, #460 and #461); DSA (Certs. #334, #335 and #336); SHS (Certs. #925, #926 and #927); HMAC (Certs. #529, #531 and #532); RNG (Certs. #538, #539 and 540) -Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD60; ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1100	Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972-37534561	Check Point Crypto Core (Software Version: 1.3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	03/26/2009; 05/28/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Mobile 6.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #430); Triple-DES (Cert. #459); SHS (Cert. #499); RSA (Cert. #162); HMAC (Cert. #202); RNG (Cert. #222); Triple-DES MAC (Triple-DES Cert. #459; vendor-affirmed) -Other algorithms: Blowfish; CAST-128; CAST-256; DES; MD5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength) Multi-chip standalone "Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows Mobile 6. The module provides cryptographic services accessible user mode on the respective platforms through implementation of platform specific binaries."
1099	Gemalto Austin Arboretum Plaza II 9442 Capital of Texas Hwy North Suite 4 Austin, TX 78759 USA -Pedro Martinez TEL: 512-257-3871 FAX: 512-257-3881	Gemalto .NET Smart Card (Hardware Version: Infineon SLE 88CFX4000P; Firmware Versions: .Net Platform and Content Manager v2.2; FIPS Assembly v1.1; FIPS Access Manager v1.0) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/10/2009; 03/19/2009	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #719); AES (Cert. #877); RNG (Cert. #503); RSA (Cert. #424); SHS (Cert. #869); HMAC (Cert. #491) -Other algorithms: AES (key wrapping; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "The Gemalto .NET v2.2 Smart Card Platform implements a subset of the .NET Framework with high end cryptographic capabilities, including Random Number Generation, on Board Key Generation, and encryption and hashing algorithms such as 3DES, AES, SHA, and 2048 bit RSA. The combination of advanced programmability provided by the .NET Framework and the high end security features make .NET v2.2 a perfect support for Enterprise and Government security solutions."
1098	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiGate-3016B, FortiGate-3600A and FortiGate-3810A-E4 (Hardware Versions: C4XA14, V3BU94 and C3GV75; Firmware Version: FortiOS 3.00, build8785, 080605) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/10/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #612, #613 and #614); Triple-DES (Certs. #582, #583 and #584); RNG (Cert. #345); SHS (Certs. #660, #661 and #662); HMAC (Certs. #315, #316 and #317); RSA (Certs. #284 and #285) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment method provides 112 bits of encryption strength); DES; MD5; HMAC-MD5 Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1097	NitroSecurity Inc. 230 Commerce Way Portsmouth, NH 03801 USA -Bill Virtue TEL: 603-570-3936 FAX: 603-766-8169	NitroGuard IPS cryptographic module (Hardware Versions: NS-IPS-620R-4C-B, NS-IPS-1220R-6C-B, NS-IPS-1220R-4C-2F-B, NS-IPS-620R-4C-BFS, NS-IPS-4245-R-4BTX, NS-IPS-4245-R-4BSX; Software Versions: 8.0.0.20080605 and 8.2.0) (When operated in FIPS mode with module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #918 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	03/03/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #668); Triple-DES (Cert. #613); SHS (Cert. #701); HMAC (Cert. #352); RNG (Cert. #387); RSA (Cert. #310) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "The NitroGuard IPS is a multi-chip standalone cryptographic module consisting of production-grade components contained within an opaque hard production-grade enclosure (the outside case is steel). The removable cover is protected by tamper evident security seals in accordance with FIPS 140-2 Level 2. The cryptographic boundary is the metal enclosure of the device. The network interface cards do not contain any security-relevant functionality. They are within the cryptographic boundary but are excluded from the evaluation."
1096		Validated to FIPS 140-2 Security Policy Certificate	Firmware	02/24/2009; 04/03/2009	Overall Level: 1  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1095	Fortinet Inc. 1090 Kifer Road Sunnyvale, CA 94086-5301 USA -Jeff Lake, Vice President, Federal Operations TEL: 678-402-8021 FAX: 678-402-8021	FortiWiFi-50B (Hardware Version: C5WF27; Firmware Version: FortiOS 3.00, build8802,080626) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/03/2009	Overall Level: 2  -Cryptographic Module Ports and Interfaces: Level 3 -Roles, Services, and Authentication: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #489, #583 and #584); AES (Certs. #475, #613; #614 and #758); SHS (Certs. #543, #661 and #662); HMAC (Certs. #232, #316 and #317); RSA (Cert. #285); RNG (Cert. #345) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 201 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; HMAC-MD5; DES Multi-chip standalone "FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1094	ERUCES, Inc. 11142 Thompson Ave. Lenexa, KS 66219 USA -Dr. Bassam Khulusi TEL: 913-310-0888 FAX: 913-859-9797 -Oggy Vasic TEL: 913-310-0888 FAX: 913-859-9797	Tricryption Cryptographic Module (Software Version: 7.0) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	03/03/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2003 R2; Red Hat Enterprise Linux 5 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #684); AES (Cert. #796); SHS (Cert.#795); HMAC (Cert. #437); RSA (Cert. #380); RNG (Cert. #457); ECDSA (Cert. #88) -Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 128 bits of encryption strength) Multi-chip standalone "Tricryption Cryptographic Module is a software library providing cryptographic services for ERUCES' Tricryption family of high volume encryption & key management products including key servers, file, database, executables encryption, and special services (anonymization, de-identification, & privacy protection)."
1093	Vertex Standard Co., Ltd. 4-8-8 Nakameguro Meguro-Ku, Tokyo 153-8644 Japan -Yukimasa Tomita TEL: 81-3-5725-6112 FAX: 81-3-5725-6201	Vertex Standard Cryptographic Module 001 (Hardware Version: P/N 013790D; Firmware Version: 71.72) Validated to FIPS 140-2 Security Policy Certificate	Hardware	03/03/2009	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #813); SHS (Cert. #813) -Other algorithms: DES; LFSR Multi-chip embedded "The Vertex Standard Cryptographic Module 001 (VSCM) is a cryptographic module (also processes digital data) that is to be incorporated into two-way digital radio products. These digital radios are for use in communication with other APCO Project 25 compatible devices."
1092	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (Software Version: 3.0.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/24/2009; 03/06/2009	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux AS 4.0 (x86 32-bit) with LSB 3.0.3; Windows Vista Ultimate (x86 32-bit) - Visual Studio 2005 SP1 /MD option; Windows XP Professional SP2 (x86 32-bit) - Visual Studio 2005 SP1 /MT option (single user mode) -FIPS-approved algorithms: AES (Cert. #860); AES GCM (Cert. #860, vendor affirmed: SP 800-38D); DRBG (Cert. #4); DSA (Cert. #311); ECDSA (Certs. #98 and #100); HMAC (Cert. #477); RNG (Cert. #492); RSA (Cert. #412); SHS (Cert. #855); Triple-DES (Cert. #707) -Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1091	Kanguru Solutions 1360 Main St. Millis, MA 02054 USA -Nate Cote TEL: 508-376-4245 FAX: 508-376-4462	KanguruLock (Software Version: 1.0.4.25) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Service Pack 2 (single user mode) -FIPS-approved algorithms: AES (Cert. #243); SHS (Cert. #321); HMAC (Cert. #51); RNG (Cert. #78) -Other algorithms: N/A Multi-chip standalone "Kanguru Solutions is the leader in portable secure storage devices. KanguruLockaddresses security concerns and information assurance by incorporating 256-bit AES encryption technology to portable storage devices."
1090	Proxim Wireless Corporation 1561 Buckeye Drive Milpitas, CA 95035 USA -Cor van de Water TEL: 408-383-7626 FAX: 408-383-7680 -Kishore Gandham TEL: 408-383-7665	Tsunami MP.11 HS 245054_R, Tsunami MP.11 HS 245054_RC and Tsunami MP.11 HS 245054_S (Hardware Version: 2.0.0; Firmware Version: 1.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/24/2009; 09/18/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #794 and #830); Triple-DES (Cert. #695); SHS (Cert. #826); DSA (Cert. #302); RSA (Cert. #400); HMAC (Cert. #461); RNG (Cert. #477) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Proxim Tsunami MP.11 HS 245054_R, 245054_RC, and 245054_S wireless products offer fixed and mobile WiMAX capabilities to distribute wireless broadband access supporting video, voice, and data applications. In FIPS mode, the modules support proprietary WORP protocol for wireless transmission and serial, TLS, SSH, and SNMP for management."
1089	Motorola, Inc. 6480 Via Del Oro San Jose, CA, CA 95119 USA -Colin R. Cooper TEL: 408-528-2871 FAX: 408-528-2903	RFS7000 RF Switch (Hardware Version: RFS7000; Firmware Versions: RFS7000-1.0.0.0-020GR and RFS7000-1.0.0.0-022GR) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	02/09/2009; 06/01/2009	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #646, #648 and #649); AES (Certs. #724, #726, #727 and #773); SHS (Certs. #742, #744 and #745); HMAC (Certs. #390, #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "Designed for large scale, high bandwidth deployments, the RFS7000 Wireless Switch from Motorola provides robust, highly scalable support for seamless enterprise mobility. Motorola's Wi-NG architecture, optimized for enterprise mobility and multimedia applications, simplifies network deployment and management, provides superior performance, security and scalability, and supports emerging RF technologies. Built on this platform, the RFS7000 enables campus wide roaming across subnets, and offers powerful failover capabilities, exceptional quality of service (QoS) and increased voice capacity."
1088	Motorola, Inc. 6480 Via Del Oro San Jose, CA, CA 95119 USA -Colin R. Cooper TEL: 408-528-2871 FAX: 408-528-2903	WS5100 Wireless Switch (Hardware Version: WS5100; Firmware Versions: WS5100-3.0.0.0-020GR and WS5100-3.0.0.0-022GR) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/09/2009; 06/01/2009	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Certs. #648 and #649); AES (Certs. #726, #727 and #772); SHS (Certs. #744 and #745); HMAC (Certs. #392 and #393); RSA (Cert. #341); DSA (Cert. #274); RNG (Certs. #423 and #424) -Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength) Multi-chip standalone "The WS5100 Wireless Switch from Motorola provides enhanced support for enterprise mobility and multimedia applications, as well as security and manageability. Based on Motorola's Wi-NG (Wireless Next Generation) architecture, the WS5100 enables seamless campus-wide roaming, more robust failover capabilities, enhanced security, improved mobile client battery life, and increased voice capacity. Robust security features includes an IPSec VPN gateway, and secure guest access provisioning. The WS5100 supports 48 802.11 a/b/g Access Ports/Points for L2/L3 adoption and mobility."
1087	Lenel Systems International, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA -Robert Pethick TEL: 585-248-9720 FAX: 585-248-9185	FIPS Key Generator (Software Version: 2.1) (When operated with Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #382 operating in FIPS mode and Communication Server validated to FIPS 140-2 under Cert. #1086 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	02/09/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single-user mode) -FIPS-approved algorithms: AES (Cert. #327); RNG (Cert. #149); RSA (Cert. #81); SHS (Cert. #364); RNG (vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The FIPS Key Generator module's primary purpose is to provide a cryptographically secure means for generating 128-bit AES keys to be used as Master Keys within Lenel's Communication Server module. The FIPS Key Generator module is part of the Lenel advanced access control and alarm monitoring system which is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, biometrics and smart card support, is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1086	Lenel Systems International, Inc. 1212 Pittsford-Victor Road Pittsford, NY 14534 USA -Robert Pethick TEL: 585-248-9720 FAX: 585-248-9185	Communication Server (Software Versions: 5.11.216 + Hot Fix 2.0.3 and 5.12.012 + Hot Fix 2.0.3) (When operated in FIPS mode with Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #382 operating in FIPS mode and FIPS Key Generator validated to FIPS 140-2 under Cert. #1087) Validated to FIPS 140-2 Security Policy Certificate	Software	02/09/2009	Overall Level: 1  -EMI/EMC: Level 3 -Design Assurance: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 SP1 (single-user mode) -FIPS-approved algorithms: AES (Cert. #327); RNG (Cert. #149); RSA (Cert. #81); SHS (Cert. #364); RNG (vendor affirmed) -Other algorithms: RC2 Multi-chip standalone "The Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
1085	Gemalto and ActivIdentity Inc. Arboretum Plaza II 9442 Capital of Texas Highway North Suite 400 Austin, TX 78759 USA -Vincent Prothon TEL: 512-257-3810 FAX: 512-257-3881 -Stephane Ardiley TEL: 510-745-6288 FAX: 510-745-0101	SafesITe TOP DL GX4 - FIPS with ActivIdentity Digital Identity Applet Suite V2 for Extended PIV (Hardware Versions: A1005291 - CHIP.P5CD144.MPH051B and A1011108 - CHIP.P5CD144.MPH051B; Firmware Version: GX4-FIPS EI08, Applet Versions: ACA applet package v2.6.2B.4, ASC library package v2.6.2B.3, PKI/GC/SKI applet package v2.6.2B.4, PIV End Point Wrapper module v2.6.2B.4, PIV End Point Extended module v2.6.2B.3, SMA applet package v2.6.2B.3) (PIV Card Application: Cert. #14) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	02/03/2009; 02/23/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #782); RNG (Cert. # 450); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed) -Other algorithms: N/A Single-chip "This module is based on a Gemalto Dual Interface (Contact ISO7816 and Contactless ISO14443) Open OS Smart Card with a large (128K EEPROM) memory, with a cryptographic applet suite V 2.6.2b developed by ActivIdentity. The SmartCard platform has on board Triple DES and RSA up to 2048 algorithms and provides X9.31 on board key generation. The Applet Suite supports management of 3DES keys and PINs, and provides services for authentication, access control, generic container, PKI, One Time password and Secure Messaging (SMA). The module conforms to Java Card 2.2.1, Global Platform 2.1.1 and GSC/IS 2"
1084	NetLib® A Subsidiary of Communication Horizons, LLC 65 High Ridge Road Suite 428 Stamford, CT 06905 USA -Neil Weicher TEL: 203-321-1278 x91	NetLib® Encryptionizer® for SQL Server (Software Version: 8.601.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	02/03/2009; 06/04/2009	Overall Level: 1  -EMI/EMC: Level 2 -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Server; Windows 2003 Server; Windows 2003 x64 Server (single user mode) -FIPS-approved algorithms: AES (Cert. #857); SHS (Cert. #851); HMAC (Cert. #474) -Other algorithms: N/A Multi-chip standalone "The NetLib® Encryptionizer® for SQL Server 8.601.1 provides encryption of data stored in MS SQL Server databases and backups. It can be deployed without programming and without adding any administrative overhead. The purpose of whole database encryption is to make a database unusable if it is stolen, copied, downloaded, lost, or otherwise improperly accessed."
1083	Research In Motion Ltd. 295 Phillip Street Waterloo, Ontario N2L 3W8 Canada -Certifications Team TEL: 519-888-7465 x72921 FAX: 519-886-4839	BlackBerry Cryptographic Kernel (Firmware Versions: 3.8.5.42[1], 3.8.5.48[1] and 3.8.5.50a[2]) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Firmware	01/22/2009; 01/30/2009; 02/24/2009	Overall Level: 1  -Design Assurance: Level 3 -Tested: BlackBerry 9000 with BlackBerry OS Versions 4.6[1][2] and 4.6.1[2] -FIPS-approved algorithms: Triple-DES (Certs. #717, #718 and #739); AES (Certs. #873, #874, #875, #876, #915 and #924); SHS (Certs. #867, #868 and #902); HMAC (Certs. #489, #490 and #511); RSA (Certs. #422, #423 and #445); RNG (Certs. #501, #502 and #525); ECDSA (Certs. #108, #109 and #113) -Other algorithms: EC Diffie-Hellman (key agreement, key establishment methodology provides 256 bits of encryption strength); ECMQV (key agreement, key establishment methodology provides 256 bits of encryption strength) Multi-chip standalone "BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Kernel is the software module that provides the basic cryptographic functionality for the BlackBerry."
1082	Teletec Corporation 5617-107 Departure Drive Raleigh, NC 27616 USA -Diane Hunter TEL: 919-954-7300 FAX: 919-954-7500 -Harry Taji TEL: +962 65824941 FAX: +962 65844950	"Guardian" Subscriber Encryption Module (Hardware Version: R2; Firmware Versions: Main firmware: 1.00.02, Bootloader firmware: 1.00.01) Validated to FIPS 140-2 Security Policy Certificate	Hardware	01/22/2009	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #826); SHS (Cert. #825); HMAC (Cert. #460); RNG (Cert. #476) -Other algorithms: N/A Multi-chip embedded ""Guardian" Subscriber Encryption Module (SEM) is a multi-chip embedded cryptographic module intended to be installed in conventional FM radio equipment to provide digital level of encryption with 256-bit AES cipher. Key and configuration are loaded using programming cable and specific software executed on a generic Windows personal computer. Module supports secure update of internal firmware, providing a mean for future enhancements."
1081	IBM Corporation 11400 Burnet Road Austin, TX 78758 USA -Tom Benjamin TEL: 512-286-5319 FAX: 512-436-8009	IBM Java JCE FIPS 140-2 Cryptographic Module (Software Version: 1.3.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	01/22/2009; 03/13/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2 using IBM JVM 1.6 (single-user mode) -FIPS-approved algorithms: AES (Cert. #805); DSA (Cert. #297); HMAC (Cert. #445); RNG (Cert. #463); RSA (Cert. #387); SHS (Cert. #803); Triple-DES (Cert. #687) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80-bits and greater than 256-bits of encryption strength); MD5 Multi-chip standalone "The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.6 level and higher."
1080	BigFix, Inc. 1480 64th St. Suite 200 Emeryville, CA 94608 USA -Noah Salzman TEL: 510-740-0308 FAX: 510-652-6742 -Peter Loer TEL: 510-740-5158 FAX: 510-652-6742	BigFix Cryptographic Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	01/07/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Operational Environment: Tested as meeting Level 2 with AIX 5.2 running on IBM P610; HP-UX 11.11 running on HP C3000; SUSE Linux Enterprise Server 9 running on IBM eServer 325; Mac OS X 10.3.6 running on iMac G4; Red Hat Enterprise Linux 4 Update 2 Advanced Server running on HP XW4100 Pentium 4; Red Hat Enterprise Linux 4 Update 2 Advanced Server 64-bit running on HP ProLiant DL145 G2; Solaris 9 SPARC running on Sun Blade 150; Solaris 10 SPARC running on Sun Blade 150; Solaris 10 x86 running on Dell Precision 650; Windows 2000 Pro with SP3 running on Dell Optiplex GX400; Windows 2003 Enterprise Edition with SP1 running on Dell Optiplex GX270; Windows XP Pro with SP2 running on Dell Optiplex GX270 -FIPS-approved algorithms: Triple-DES (Cert. #688); AES (Cert. #806); DSA (Cert. #298); SHS (Cert. #804); HMAC (Cert. #446); RSA (Cert. #388); RNG (Cert. #464) -Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The BigFix Cryptographic Module 1.0 is a software library that runs on a wide variety of computing platforms and performs encryption, hashing, and random number generation functions."
1079	Secuware Torre Picasso Plaza Pablo Ruiz Picasso, s/n. Madrid, 28020 Spain -Jorge López Hernández-Ardieta TEL: +34 915-649-149 FAX: +34 915-629-697 TEL: +34 608-271-936	Secuware Security Framework - Crypt4000 Module (Software Version: 4.0) (When obtained, built, installed, protected and initialized as specified in Section 8.2 of the provided Security Policy. Section 8.2 of the provided Security Policy specifies the complete set of source files of this module. There shall be no additions, deletions or alterations of this set as used during module build. All source files shall be obtained via secure FTP. Any deviation from the specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Security Policy Certificate	Software	12/24/2008; 01/26/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP2 (single user mode) -FIPS-approved algorithms: AES (Cert. #792); SHS (Cert. #905); HMAC (Cert. #513) -Other algorithms: N/A Multi-chip standalone "The SCM is a function library implementing crypto services which is delivered to the final user as a SW cryptographic object module, running on Windows operating system in a General Purpose Computer. The logical cryptographic boundary for the SCM is the discrete block of object code containing the machine instructions and data generated from the SCM FIPS source, which will be allocated continuously in a main memory address space, as used by the calling application."
1078	MRV Communications 295 Foster St. Littleton, MA 01460 USA -Nicholas Minka TEL: 978-952-5742 -Tim Bergeron TEL: 978-952-5647	LX-4000T Series Console Servers (Hardware Versions: 600-R3265 RevB through 600-R3288 RevB (inclusive) [1] and 600-R3265 RevC through 600-R3288 RevC (inclusive) [2]; Firmware Versions: linuxito Versions: (5.3.1 [1] and 5.3.5 [2]) and ppciboot Versions: (5.3.1 [1] and 5.3.5 [2])) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008; 12/11/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #854 and #855); DSA (Cert. #308); RNG (Cert. #489); RSA (Cert. #408); SHS (Certs. #848 and #849); Triple-DES (Certs. #704 and #705); HMAC (Certs. #471 and #472) -Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength); RNG (non-compliant) Multi-chip standalone "The LX-4000T Series Console Servers are a key component of MRV's Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization's networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV's Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access."
1077	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba 200, 800, and 6000/SCII Mobility Controllers with ArubaOS FIPS Firmware (Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000 with 6000-BASE-2PSU-200-FIPS or 6000-BASE-2PSU-400-FIPS, LC-2G-1, LC-2G24F-1, LC-2G24FP-1, and one or two SC-48-C1-1, SC-128-C1-1, SC-256-C2-1; Firmware Versions: 200: A200_3.3.2.0-FIPS, A200_3.3.2.11-FIPS, A200_3.3.2.14-FIPS and A200_3.3.2.18-FIPS; 800: A800_3.3.2.0-FIPS, A800_3.3.2.11-FIPS, A800_3.3.2.14-FIPS and A800_3.3.2.18-FIPS; 6000: A5000_3.3.2.0-FIPS, A5000_3.3.2.11-FIPS, A5000_3.3.2.14-FIPS and A5000_3.3.2.18-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008; 03/30/2009; 07/29/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Cert. #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1076	Kenwood Corporation 1-16-2, Hakusan, Midori-ku Yokohama-shi, Kanagawa 226-8525 Japan -Tamaki Shimamura TEL: +81 45 939 6254 FAX: +81 45 939 7093 -Joe Watts TEL: 678-474-4700 FAX: 678-474-4730	Secure Cryptographic Module (SCM) (Hardware Version: P/N KWD-AE20, Version 1.0.0; Firmware Version: A2.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008; 01/26/2009	Overall Level: 1  -Cryptographic Module Specification: Level 3 -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Certs. #831 and #832); SHS (Cert. #827) -Other algorithms: DES; DES MAC; LFSR; AES MAC (AES Cert. #831, vendor affirmed; P25 AES OTAR) Multi-chip embedded "The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing Kenwood radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption."
1075	Aruba Networks, Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS FIPS Firmware (Hardware Versions: 3200: 3200-8-AOS-STD-FIPS-US; 3400: 3400-32-AOS-STD-FIPS-US; 3600: 3600-64-AOS-STD-FIPS-US; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, LC-2G-1, LC-2G24F-1, LC-2G24FP-1, and one or two M3mk1-G10X-10G2X; Firmware Versions: A3000_3.3.2.0-FIPS, ArubaOS_MMC_3.3.2.0-FIPS, A3000_3.3.2.11-FIPS, ArubaOS_MMC_3.3.2.11-FIPS, A3000_3.3.2.14-FIPS, ArubaOS_MMC_3.3.2.14-FIPS, FW A3000_3.3.2.18-FIPS and ArubaOS_MMC_3.3.2.18-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008; 03/30/2009; 07/29/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #762 and #823); HMAC (Certs. #417 and #458); RNG (Cert. #475); RSA (Cert. #399); SHS (Certs. #769 and #823); TDES (Certs. #667 and #694) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "Aruba Networks' Mobility Controller system completely changes how 802.11 networks are deployed, secured, and managed. The only mobile security system with an integrated ICSA-certified stateful firewall and hardware-based encryption, the Aruba mobility controller is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security stan"
1074	Check Point Software Technologies Ltd. 9900 Belward Campus Drive Suite 250 Rockville, MD 20850 USA -David Ambrose TEL: 703-628-2935 -Malcolm Levy TEL: +972-37534561	Nokia VPN Appliance (Hardware Versions: IP390 and IP560; Firmware Versions: IPSO v4.1 and Check Point VPN-1 NGX (R60) [HFA-03]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008; 05/28/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #397, #342, #442 and #497); Triple-DES (Certs. #507, #510, #465, #466, #435 and #406); HMAC (Certs. #248, #251, #207, #208, #176 and #146); SHS (Certs. #564, #567, #508, #509, #469 and #417); DSA (Certs. #202 and #204); RSA (Certs. #211, #213, #215 and #167); RNG (Certs. #275, #277, #229 and #230) -Other algorithms: CAST; DES (Cert. #314); HMAC MD5; MD5; Arcfour; Twofish; Blowfish; Diffie-Hellman (key agreement; key establishment methodology provides between 80 bits and 128 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength); Triple-DES (K3 mode, non-compliant) Multi-chip standalone "The Nokia VPN Applicances are full-featured enterprise systems designed for small to medium enterprises, with Service Provider flexibility and rapid serviceability option in a single rack space. When combined with Check Point VPN-1 these platforms provide reliable, easy to manage distributed security and access."
1073	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Dave Norton TEL: 978-288-7079 FAX: 978-288-4004 -Dragon Grebovich TEL: 978-288-8069 FAX: 978-288-8153	VPN Router 1750, 2700, 2750 and 5000 with VPN Router Security Accelerator (Hardware Versions: 1750, 2700, 2750 and 5000 with DM0011085; Firmware Version: 07_05.100) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #102, #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #143, #738 and #739); Triple-DES (Certs. #158, #641 and #642) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access"
1072	RELM Wireless Corporation 7100 Technology Drive West Melbourne, FL 32904 USA -Jim Holthaus TEL: 402-896-6406 FAX: 785-856-1302	FIPSCOM Cryptographic Module (Hardware Versions: P/N 7011-30967-000, Versions 100808 and 100908; Firmware Versions: 0722-05072-001 and 0722-05073-002) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #899); RSA (Cert. #139); SHS (Cert. #462) -Other algorithms: DES Multi-chip embedded "The FIPSCOM is an embedded cryptographic module that provides encryption functions for secure digital communications products. The FIPSCOM can be incorporated into any BK Radio brand subscriber equipment requiring FIPS 140-2, Level 1 security."
1071	CipherMax, Inc. 3 Results Way Cupertino, CA 95014 USA -Steven Tan TEL: 408-777-8090 FAX: 408-861-3650	CM140T (Hardware Version: P/N 81-00048-01 Version ELC 9.2; Firmware Version: 5.4.0.36) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008; 02/23/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #633); Triple-DES (Cert. #590); DSA (Cert. #241); RNG (Cert. #360); RSA (Cert. #289); SHS (Cert. #670); HMAC (Cert. #326) -Other algorithms: MD5; Diffie-Hellman (key wrapping; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "CM140T provides a scalable, easy-to-manage storage security solution for tape backup in a compact 1U chassis. With support for 16 FC-port, any-to-any connectivity, storage access control, line-speed data compression, data integrity authentication, and automated key management, the CM140T delivers a complete solution for all tape-based applications."
1070	CipherMax, Inc. 3 Results Way Cupertino, CA 95014 USA -Steven Tan TEL: 408-777-8090 FAX: 408-861-3650	CM180D (Hardware Version: P/N 81-00038-01 Version ILC 6.11; Firmware Version: 5.4.0.36) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/24/2008; 02/23/2009	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #629); Triple-DES (Cert. #590); DSA (Cert. #241); RNG (Cert. #360); RSA (Cert. #289); SHS (Cert. #670); HMAC (Cert. #326) -Other algorithms: MD5; Diffie-Hellman (key wrapping; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "CM180D delivers a complete solution for all primary and secondary disk-based storage application, with in-line encryption processing, discrete security administration controls, and a comprehensive, automated key management system. The integration of powerful encryption processing and high port count, any-to-any connectivity allows for CM180D to deliver an enormous amount of functionality with far less consumption space, power, and cooling than first generation in-line encryption appliances."
1069		Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/09/2008; 12/11/2009	Overall Level: 2  -FIPS-approved algorithms: -Other algorithms: Multi-chip standalone
1068	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Dave Norton TEL: 978-288-7079 FAX: 978-288-4004 -Dragon Grebovich TEL: 978-288-8069 FAX: 978-288-8153	VPN Router 1750, 2700, 2750 and 5000 with Hardware Accelerator (Hardware Versions: 1750, 2700, 2750 and 5000 with DM0011052; Firmware Version: 07_05.100) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #101, #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #51, #738 and #739);Triple-DES (Certs. #29, #641 and #642) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); HMAC MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access"
1067	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Dave Norton TEL: 978-288-7079 FAX: 978-288-4004 -Dragan Gribovich TEL: 978-288-8069 FAX: 978-288-4004	Nortel VPN Router 1010, 1050 and 1100 (Hardware Versions: 1010, 1050 and 1100; Firmware Version: 07_05.100) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/15/2008	Overall Level: 1  -Roles, Services, and Authentication: Level 2 -Design Assurance: Level 2 -FIPS-approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #738 and #739); Triple-DES (Certs. #641 and #642) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provide 80 or 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ECDH (non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The FIPS 140-2 Level 1 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
1066	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Dave Norton TEL: 978-288-7079 FAX: 978-288-4004 -Dragon Grebovich TEL: 978-288-8069 FAX: 978-288-8153	Nortel VPN Router 600, 1750, 2700, 2750 and 5000 (Hardware Versions: 600, 1750, 2700, 2750 and 5000; Firmware Version: 07_05.100) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #718 and #719); DSA (Cert. #272); HMAC (Certs. #387 and #388); RNG (Certs. #419 and #420); RSA (Certs. #338 and #339); SHS (Certs. #738 and #739); Triple-DES (Certs. #641 and #642) -Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provide 80 or 96 bits of encryption strength; non-compliant less than 80-bits of encryption strength); ECDH (non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The FIPS 140-2 Level 2 compliant VPN Routers are the ideal solution for enterprises requiring secure, low-cost connectivity across the Internet or managed IP networks. The VPN Routers provide, IP routing, Virtual Private Networking (VPN), stateful firewall, encryption, authentication, directory and policy services, Quality of Service (QoS), and bandwidth management services in a single integrated platform. These devices provide a solution for small, medium, and large sites requiring Internet connectivity for both secure VPN communications and for basic IP/Internet access."
1065	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e (Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3032E-030, Build Standard N; Firmware Version: 2.33.82-2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/15/2008; 08/28/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #397 and #754); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435 and #666); Triple-DES MAC (Triple-DES Certs. #435 and #666, vendor affirmed); DSA (Cert. #280); ECDSA (Cert. #81); SHS (Cert. #764); HMAC (Cert. #410); RSA (Cert. #356); RNG (Cert. #436) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield F2 6000e, Shield F2 1500e, nShield F2 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1064	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7] (Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Version: 2.33.82-2) (When operated in FIPS mode and initialized to Overall Level 2 per Security Policy) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/15/2008; 08/28/2009; 01/28/2010	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Certs. #397 and #754); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435 and #666); Triple-DES MAC (Triple-DES Certs. #435 and #666, vendor affirmed); DSA (Cert. #280); ECDSA (Cert. #81); SHS (Cert. #764); HMAC (Cert. #410); RSA (Cert. #356); RNG (Cert. #436) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
1063	nCipher Corporation Ltd. 92 Montvale Ave Suite 4500 Stoneham, MA 02180 USA -sales@ncipher.com TEL: 800-NCIPHER FAX: 781-994-4001	nShield F3 6000e [1], nShield F3 1500e [2], nShield F3 500e [3], nShield F3 10e [4], nShield F3 6000e for nShield Connect [5], nShield F3 1500e for nShield Connect [6] and nShield F3 500e for nShield Connect [7] (Hardware Versions: nC4033E-6K0 [1], nC4033E-1K5 [2], nC4033E-500 [3], nC4033E-030 [4], nC4033E-6K0N [5], nC4033E-1K5N [6] and nC4033E-500N [7], Build Standard N; Firmware Version: 2.33.82-3) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/15/2008; 08/28/2009; 01/28/2010	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #397 and #754); AES GCM (Cert. #754, vendor affirmed); Triple-DES (Certs. #435 and #666); Triple-DES MAC (Triple-DES Certs. #435 and #666, vendor affirmed); DSA (Cert. #280); ECDSA (Cert. #81); SHS (Cert. #764); HMAC (Cert. #410); RSA (Cert. #356); RNG (Cert. #436) -Other algorithms: ARC FOUR; Aria; Camelia; CAST 6; DES; MD5; SEED; HMAC-MD5, HMAC-Tiger, HMAC-RIPEMD160; RIPEMD 160; Tiger; El-Gamal; KCDSA; HAS 160; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength), ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip embedded "The nCipher modules: nShield F3 6000e, Shield F3 1500e, nShield F3 500e, and nShield 10e family of secure e-commerce HSM's are multi-tasking hardware modules that is optimized for performing modular arithmetic on very large integers. The nCipher modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
1062	BeCrypt Limited 130 Shaftesbury Avenue London, W1D 5EU United Kingdom -Pali Surdhar TEL: +44 (0)845 838 2050 FAX: +44 (0)845 838 2060	BeCrypt DISK Protect (Software Version: 4.2.10.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with real mode pre-boot environment (single-user mode) -FIPS-approved algorithms: AES (Certs. #247 and #667); SHS (Certs. #324 and #700); HMAC (Cert. #351); RSA (Cert. #309); RNG (Cert. #386) -Other algorithms: N/A Multi-chip standalone "BeCrypt DISK Protect is a full-disk encryption product that provides up to three layers of security: full disk encryption, strong pre-boot authentication, and optional removable media encryption."
1061	Sybase iAnywhere, A subsidiary of Sybase One Sybase Drive Dublin, CA 94568 USA -Pali Surdhar TEL: +44 (0)845 838 2050 FAX: +44 (0)845 838 2060	DISK Protect for Afaria Security Manager (Software Version: 4.2.10.5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2 with real mode pre-boot environment (single-user mode) -FIPS-approved algorithms: AES (Certs. #247 and #667); SHS (Certs. #324 and #700); HMAC (Cert. #351); RSA (Cert. #309); RNG (Cert. #386) -Other algorithms: N/A Multi-chip standalone "DISK Protect for Afaria Security Manager is a full-disk encryption product that provides up to three layers of security: full disk encryption, strong pre-boot authentication, and optional removable media encryption."
1060	Secured User Inc. 11490 Commerce Park Drive Suite 240 Reston, VA 20191 USA -Ken Hetzer TEL: 703-964-3164 FAX: 703-783-0446 -Bruce Mitchell TEL: 703-964-3167; 647-477-7892 FAX: 647-477-5052	SUSK Security Module (Software Version: 1.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	12/01/2008; 12/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows 2003 Server Service Pack 1; SuSe 10; Fedora 6; Red Hat 2.6; HP-UX B.11.11 and Windows Server 2003 X64 with SP1 (single user mode) -FIPS-approved algorithms: AES (Certs. #474 and #770); SHS (Cert. #542); HMAC (Cert. #231); RNG (Cert. #257) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The SUSK Security Module is a software-based cryptographic module. Secured UserÆs product performs all of its work by transparently intercepting and transforming the data stream between entities. All of the cryptographic functionalities of the Secured User product are provided by the central shared library, SUSK Security Module. The cryptographic module offers Transport Layer Security (TLS) services along with bulk encryption and hashing services exclusively to Secured User application. This application is considered as host application to the module."
1059	Stonewood Electronics Ltd. Sandford Lane Wareham, BH20 4DY United Kingdom -Flavio da Silva TEL: +44 1929 554400 FAX: +44 1929 552525	PICOfreedom (Hardware Versions: P/N 8A-SFS-0000-09P, Version A and Version 2; Firmware Versions: 6.600 and 6.612) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	12/01/2008	Overall Level: 2  -EMI/EMC: Level 3 -FIPS-approved algorithms: AES (Cert. #464); RSA (Cert. #200); RNG (Cert. #263); SHS (Cert. #555) -Other algorithms: RSA (encrypt/decrypt) Multi-chip standalone "The PICOfreedom provides FIPS 140-2 Approved security functionality to DiskOnKey USB flash drives. The PICOfreedom employs Federal Information Processing Standard (FIPS 140-2) encryption and key management functionality to ensure the protection of data stored on FLASH memory. The module is a multi-chip standalone cryptographic module, as defined by FIPS 140-2, and consists of the S2 controller and an EEPROM. Both components are encased in a hard, opaque, production grade integrated circuit packaging."
1058	RSA Security Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402 USA -Kathy Kriese TEL: 650-931-9781	RSA BSAFE® Crypto-C Micro Edition (Software Version: 3.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	12/01/2008	Overall Level: 1  -Cryptographic Module Specification: Level 3 -Operational Environment: Tested as meeting Level 1 with AIX 5L v5.3 (PowerPC 32-bit); AIX 5L v5.3 (PowerPC 64-bit); HP-UX 11.11 (PA-RISC 2.0 32-bit); HP-UX 11.23 (PA-RISC 2.0W 64-bit); HP-UX 11.31 (Itanium2 32-bit); HP-UX 11.31 (Itanium2 64-bit); Red Hat Enterprise Linux AS 4.0 (x86 32-bit) with LSB 3.0.3; Red Hat Enterprise Linux AS 5.0 (x86_64 64-bit) with LSB 3.0.3; Solaris 10 (SPARC v8 32-bit); Solaris 10 (SPARC v8+ 32-bit); Solaris 10 (SPARC v9 64-bit); Solaris 10 (x86_64 64-bit); VxWorks 5.5 (PowerPC 603 32-bit); VxWorks 5.5 (PowerPC 604 32-bit); VxWorks General Purpose Platform 6.0 (PowerPC 604); Windows Mobile 2003/Pocket PC (ARM 32-bit); Windows Mobile 5.0 (ARM 32-bit); Windows Mobile 6.0 Professional (ARM 32-bit); Windows 2003 Server SP2 (x86_64 64-bit) - Visual Studio 2005 SP1 build /MT option; Windows 2003 Server SP2 (Itanium 2 64-bit) - Visual Studio 2005 SP1 build /MT option; Windows 2003 Server SP2 (Itanium 2 64-bit) - Visual Studio 2005 SP1 build /MD option; Windows Vista Ultimate (x86 32-bit) - Visual Studio 2005 SP1 /MD option; Windows Vista Ultimate (x86_64 64-bit) - Visual Studio 2005 SP1 /MD option; Windows XP Professional SP2 (x86 32-bit) - Visual Studio 2005 SP1 /MT option (single user mode) -FIPS-approved algorithms: AES (Cert. #810); AES GCM (Cert. #810, vendor affirmed: SP 800-38D); DRBG (Cert. #2); DSA (Cert. #300); ECDSA (Certs. #92 and #93); HMAC (Cert. #449); RNG (Cert. #466); RSA (Cert. #390); SHS (Cert. #807); Triple-DES (Cert. #690) -Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant) Multi-chip standalone "The Crypto-C Micro Edition (ME) Module is RSA Security Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1057	Vormetric Inc. 3131 Jay Street Santa Clara, CA 95054 USA -Phil Scott TEL: 408-961-2509 FAX: 408-844-8638 -Frank Teruel TEL: 408-961-6132 FAX: 408-844-8638	NetBackup Media Server Encryption Option (MSEO) Driver (Software Version: 6.1.0) Validated to FIPS 140-2 Security Policy Certificate	Software	11/25/2008	Overall Level: 1  -Design Assurance: Level 2 -Operational Environment: Tested as meeting Level 1 with Windows 2000 Advanced Server SP4; Windows 2003 Server Enterprise SP2 32-bit; Windows 2003 Server Enterprise SP2 64-bit; Windows 2003 Server Enterprise SP2 X64 Edition; Solaris 8 64-bit; Solaris 9 64-bit; Solaris 10 64-bit; Red Hat Linux Enterprise 4 Update 4 64-bit (single-user mode) -FIPS-approved algorithms: AES (Cert. #809); SHS (Cert. #806); HMAC (Cert. #448); -Other algorithms: N/A Multi-chip standalone "The "Powered by Vormetric", NetBackup Media Server Encryption Option (MSEO) product from Symantec, provides a cost-effective, easy to manage data encryption solution for securing enterprise backup tapes. It is based on robust encryption methods and provides a centralized approach for the encryption process and key management."
1056	Certicom Corp. 5520 Explorer Drive 4th Floor Mississauga, Ontario L4W 5L1 Canada -sales@certicom.com TEL: 905-507-4220 FAX: 905-507-4230	Security Builder FIPS Java Module (Software Versions: 2.2 and 2.2.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/25/2008; 03/06/2009; 10/02/2009; 12/08/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Sun Java Runtime Environment (JRE) 1.6.0 running on Solaris 10, 32-bit; Solaris 10, 64-bit; Red Hat Linux AS 5.0, 32-bit; Red Hat Linux AS 5.0, 64-bit; Windows Vista, 32-bit; Windows Vista, 64-bit; Windows 2008 Server, 64-bit; NetBSD 2.0.3, 32-bit (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #686); AES (Cert. #804); SHS (Cert. #802); HMAC (Cert. #444); RNG (Cert. #462); DSA (Cert. #296); ECDSA (Cert. #91); RSA (Cert. #386); DRBG (Cert. #1) -Other algorithms: ARC2; ARC4; MD2; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
1055	Keycorp Limited Level 5, Keycorp Tower 799 Pacific Highway Chatswood NSW Sydney, MD 2067 Australia -Graeme Bradford TEL: 703-635-7723 FAX: 301-948-1233	Keycorp MULTOS I4F 80K with MULTOS PIV Card Application (Hardware Version: SLE66CLX800PEM; Firmware Version: 1.0) (PIV Card Application: Cert. #5) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/25/2008	Overall Level: 2  -Physical Security: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #605); RSA (Cert. #303); RNG (Cert. #376) -Other algorithms: RSA-AHASH; DES; Hardware RNG Multi-chip standalone "The Keycorp MULTOS I4F 80K Smart Card with MULTOS PIV Card Application can be employed in a wide range of solutions. The smart card provides a highly portable, secure token for enhancing the security of network access and ensuring secure electronic communications. Combined with the PIV Card Application it provides enhanced I&A functionality."
1054	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Tony Ureche TEL: 800-MICROSOFT	BitLocker™ Drive Encryption (Software Version: 6.0.6001.18000 and 6.0.6002.18005) (When operated in FIPS mode with Microsoft Kernel Mode Security Support Provider Interface and Microsoft Windows Cryptographic Primitives Library (Bcrypt.dll) validated to FIPS 140-2 under Cert. #1007 and Cert. #1008 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/25/2008;	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2008 (x86 version); Windows Server 2008 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #760); HMAC (Cert #415); SHS (Cert #753) -Other algorithms: Elephant Diffuser Multi-chip standalone "Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
1053	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Tony Ureche TEL: 800-MICROSOFT	BitLocker™ Drive Encryption (Software Version: 6.0.6001.18000 and 6.0.6002.18005) (When operated in FIPS mode with Microsoft Kernel Mode Security Support Provider Interface and Microsoft Windows Cryptographic Primitives Library (Bcrypt.dll) validated to FIPS 140-2 under Cert. #1000 and Cert. #1001 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	11/25/2008;	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Vista Ultimate Edition SP1 (x86 Version); Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #760); HMAC (Cert #415); SHS (Cert #753) -Other algorithms: Elephant Diffuser Multi-chip standalone "Windows BitLocker Drive Encryption is a data protection feature available in Windows Vista Enterprise and Windows Vista Ultimate for client computers. BitLocker provides enhanced protection against data theft or exposure on computers that are lost or stolen, and more secure data deletion when BitLocker-protected computers are decommissioned."
1052	Gemalto 1140 Welsh Road Suite 200 North Wales, PA 19454 USA -Nick Hislop TEL: 215-390-2805 FAX: 215-390-2825	TOP IM CY2 with ACS PKI applet (formerly Cyberflex Access 64K V2 with PKI applets) (Hardware Version: P/N A1002631; Firmware Versions: Hardmask 1V3, PKI Applet 1.11, PIN Manager Applet 1.6) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/17/2008; 11/21/2008	Overall Level: 2  -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #220); SHS (Cert. #301); RSA (Cert. #51); RNG (Cert. #64); Triple-DES (Cert. #312); Triple-DES MAC (Triple-DES Cert. #312, vendor affirmed) -Other algorithms: DES; DES MAC; RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength) Single-chip "The Cyberflex Access 64K V2 with PKI applets provides secure PKI (public key infrastructure) and digital signature technology. Cyberflex Access 64K V2 serves as a highly portable, secure device for enhancing the security of network access and ensuring secure electronic communications. Cyberflex Access 64K V2 supports on-card Triple-DES, AES and 2048-bit RSA algorithms with on-card key generation. It is compliant to Java Card v2.1.1 and Open Platform v2.0.1. The Cyberflex Access 64K V2 smart card fits well into physical and logical access, e-transactions and other applications."
1051	Open Source Software Institute 3610 Pearl Street Hattiesburg, MS 39401 USA -John Weathersby TEL: 601-427-0152 FAX: 601-427-0156	OpenSSL FIPS Object Module (Software Version: 1.2) (When built, installed, protected and initialized as specified in the provided Security Policy. Appendix B of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file, shall be verified as specified in Appendix B of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 2.3 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	11/17/2008; 11/20/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with OpenSuSE Linux 32-bit Version 10.2 (gcc Compiler Version 4.1.2 20061115 prerelease); OpenSuSE Linux 64-bit Version 10.2 (gcc Compiler Version 4.1.2 20061115 prerelease); Windows XP Pro SP2 32 bit (Microsoft Visual C++ version 8); Windows XP Pro SP2 64 bit (Microsoft Visual C++ version 8); µClinux Kernel Version 2.4.32 (gcc Compiler Version 3.4.4) (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #627); AES (Cert. #695); DSA (Cert. #264); SHS (Cert. #723); HMAC (Cert. #373); RSA (Cert. #323); RNG (Cert. #407) -Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The OpenSSL FIPS Object Module is a cryptographic library that can be downloaded from www.openssl.org/source/"
1050	Sun Microsystems 4150 Network Circle Santa Clara, CA 95054 USA -Mehdi Bonyadi TEL: 858-625-5163 FAX: 858-926-9020 -Ling Qin TEL: 408-276-0097 FAX: 858-526-9020	Sun Crypto Accelerator 6000 (Hardware Versions: 375-3424, Revisions -02, -03 and -04; Firmware Versions: Bootstrap version 1.0.1 or 1.0.10, Operational firmware version 1.1.2) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	11/04/2008; 12/17/2008; 05/18/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #397 and #862); DSA (Cert. #319); ECDSA (Cert. #99); HMAC (Certs. #475 and #479); RNG (Cert. #493); RSA (Certs. #411 and #414); SHS (Certs. #853 and #857); Triple-DES (Cert. #435) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2 Multi-chip embedded "The SCA-6000 is a high performance hardware security module for Sun SPARC, x86, x64 platforms in a lowprofile, short PCI-E (X8) card. Supported on Linux and Solaris-10, it provides on-board cryptographic acceleration hardware and key store. It supports remote management with serial and USB ports for local administration. It enhances performance by off-loading compute intensive cryptographic calculations, accelerating IPsec and SSL processing and performs many financial service functions. The SCA6000 performs primary cryptographic functions for the Sun KMS 2.X Key Management System."
1049	PGP Corporation 200 Jefferson Dr. Menlo Park, CA 94025 USA -Vinnie Moscaritolo TEL: 650-319-9000 FAX: 650-319-9001	PGP Software Developer's Kit (SDK) Cryptographic Module (Software Version: 3.10.3 and 3.11.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/27/2008; 12/03/2008	Overall Level: 1  Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Mac OS X 10.5 (single-user mode) -FIPS-approved algorithms: Triple-DES (Cert. #471); AES (Cert. #453); RSA (Cert. #172); DSA (Cert. #183); SHS (Cert. #516); HMAC (Cert. #216); RNG (Cert. #238) -Other algorithms: AES (EME2 mode; non-compliant); DSA (FIPS 186-3 with SHA-256; non-compliant); CAST-5; IDEA; Two-Fish; Blow-Fish; ARC4-128; MD5; HMAC-MD5; RIPEMD60; ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); Shamir Threshold Secret Sharing Multi-chip standalone "The PGP SDK Cryptographic Module is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for PGP products including: PGP Whole Disk Encryption, PGP NetShare, PGP Command Line, PGP Universal, and PGP Desktop. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations. The PGP SDK offers developers this same cryptographic library that is at the heart of PGP products."
1048	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402 USA -Kathy Kriese TEL: 650-931-9781 FAX: 650-295-7700	RSA BSAFE® Crypto-J JCE Provider Module (Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/27/2008; 01/26/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.4.2; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.5; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.6 (single-user mode) -FIPS-approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389 and vendor affirmed: SP 800-90); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614) -Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman; DESX; ECAES; EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (SHA1 and Triple-DES); RIPEMD 160; RNG (X9.31 non-compliant, MD5 and SHA1); RC2; RC4; RC5; RSA OAEP (for key transport); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1047	RSA Security, Inc. 177 Bovet Road Suite 200 San Mateo, CA 94402 USA -Kathy Kriese TEL: 650-931-9781 FAX: 650-295-7700	RSA BSAFE® Crypto-J Software Module (Software Version: 4.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/27/2008; 01/26/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.4.2; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.5; 32-bit x86 Intel Pentium M w/ Windows XP SP2 Professional with Sun JRE 1.6 (single-user mode) -FIPS-approved algorithms: AES (Cert. #670); DSA (Cert. #252); ECDSA (Cert. #73); HMAC (Cert. #354); RNG (Cert. #390 and vendor affirmed: SP 800-90); RSA (Cert. #312); SHS (Cert. #703); Triple-DES (Cert. #615) -Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman; DESX; ECAES; EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (SHA-1 and Triple-DES); RIPEMD 160; RNG (X9.31 non-compliant, MD5 and SHA-1); RC2; RC4; RC5; RSA OAEP (for key transport); Raw RSA; RSA Keypair Generation MultiPrime; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); HMAC-MD5 Multi-chip standalone "RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. RSA BSAFE Crypto-J supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
1046	Fortress Technologies, Inc. 4023 Tampa Rd Suite 2000 Oldsmar, FL 34677 USA -Bill McIntosh TEL: 813-288-7388	Fortress Secure Wireless Access Bridge (SWAB) ES520 (Hardware Versions: ES520V1 and ES520V2; Firmware Versions: 2.6.11, 2.6.12 and 2.6.12.2500LR) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	12/08/2008; 07/09/2009; 07/28/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #686); SHS (Cert. #714); HMAC (Cert. #365); RNG (Cert. #400) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength); RSA (non-compliant); MD5; Hardware RNG Multi-chip standalone "The Fortress Secure Wireless Access Bridge is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1045	Chunghwa Telecom Co., Ltd. Telecommunication Laboratories 12, Lane 551, Min-Tsu Road SEC.5 Yang-Mei, Taoyuan, Taiwan 326 Republic of China -Yu-Ling Cheng TEL: 886 3 424-5883 FAX: 886 3 424-4167	HiPKI SafGuard 1000 HSM (Hardware Version: HSM-HW-10; Firmware Version: HSM-SW-T8051.10) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/16/2008	Overall Level: 3  -FIPS-approved algorithms: Triple-DES (Cert. #668); AES (Cert. #763); SHS (Cert. #770); RSA (Cert. #362); RNG (Cert. #439); Triple-DES MAC (Triple-DES Cert. #668, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "Hi PKI SafGuard 1000 HSM is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed math accelerator for 1024-2048 bit public key signatures, and hashing). The HiPKI SafGuard 1000 HSM provides secure identity-based challenge-response authentication using smart cards and data encryption using FIPS approved Triple-DES and AES encryption."
1044	Gemalto Arboretum Plaza II 9442 Capital of Texas Highway North, Suite 400 Austin, TX 78759 USA -Vincent Prothon TEL: 512-257-3810 FAX: 512-257-3881	SafesITe PIV TPC DL FIPS GX4 with SafesITe FIPS 201 Applet v1.20 (Hardware Versions: A1005291- CHIP.P5CD144.MPH051B and A1011108 - CHIP.P5CD144.MPH051B; Firmware Version: GX4-FIPS EI08, Applet Version: SafesITe FIPS 201 Applet v1.20) (PIV Card Application: Cert. #13) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/15/2008; 02/23/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -Physical Security: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #782); RNG (Cert. #450); RSA (Cert. #372); SHS (Cert. #786); Triple-DES (Cert. #678); Triple-DES MAC (Triple-DES Cert. #678, vendor affirmed); -Other algorithms: N/A Single-chip "This module is based on a Java platform (GemCombiXpresso R4) with 144K EEPROM memory and on the SafesITe FIPS201 applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved. Module Ref# A1005963 - Card Ref# M1002255."
1043	Entrust, Inc. One Hanover Park 16633 Dallas Parkway Suite 800 Addison, TX 75001 USA -Entrust Sales TEL: 888-690-2424	Entrust Entelligence™ Kernel-Mode Cryptomodule (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP2; Microsoft Windows Vista Enterprise, 32-bit edition; Microsoft Windows Vista Ultimate SP1; 64-bit edition (single-user mode) -FIPS-approved algorithms: AES (Cert. #738); Triple-DES (Cert. #655); Triple-DES MAC (Triple-DES Cert. #655, vendor affirmed) -Other algorithms: N/A Multi-chip standalone "The Entrust Entelligence Kernel-Mode Cryptomodule is a software module that implements AES encryption and decryption functions suitable for use in kernel-mode drivers on Windows platforms."
1042	SafeNet, Inc. 4690 Millennium Drive Suite 400 Belcamp, MD 21017 USA -Davin Baker TEL: 443-327-1488	SafeNet HighAssurance 4000 Gateway (Hardware Version: A; Firmware Version: 5.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/15/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #258); AES (Cert. #156); SHS (Cert. #117); HMAC (Cert. #34); RSA (Cert. #209); RNG (Cert. #274) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 90 bits of encryption strength); MD5; HMAC MD5; DES Multi-chip standalone "The SafeNet HighAssurance 4000 Gateway is a high performance, integrated security appliance that offers Gigabit IPSec encryption. Housed in a tamper evident chassis, have two gigabit ethernet ports. Traffic on the local port is received in the clear, while traffic on the remote port has security processing applied to it."
1041	Optica Technologies Incorporated 2051 Dogwood Street Suite 210 Louisville, CO 80027 USA -William Colvin TEL: 905-876-3147 FAX: 905-876-3479 -Gil Fisher TEL: 720-214-2800 x12 FAX: 720-214-2805	Optica Technologies Eclipz ESCON Tape Encryptor (Hardware Version: 44200-04; Firmware Version: 1.3.10) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/15/2008	Overall Level: 2  -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #670); AES (Certs. #771 and #266); SHS (Certs. #776 and #345); HMAC (Certs. #422 and #78); RSA (Cert. #366); DSA (Cert. #289); RNG (Cert. #442); ECDSA (Cert. #84) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength) Multi-chip standalone "The Optica Technologies Eclipz ESCON Tape Encryptor is an inline encryption appliance that directly integrates hardware accelerated encryption into native ESCON channels. It provides fully transparent, high performance data encryption for legacy ESCON tape systems. Eclipz preserves legacy ESCON tape device investments and interoperates with leading appliance-based key management solutions. . It supports 4 ESCON channels within a single appliance. The encryptor provides encryption for tape backup and recovery operations, and tape-based information sharing with business partners."
1040	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 and Cisco 3845 Integrated Services Routers (Hardware Versions: 3825 and 3845; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/14/2008; 08/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #795 [1] and #1199 [2]); HMAC (Certs. #50, #436 [1] and #696 [2]); RNG (Certs. #456 [1] and #663 [2]); RSA (Certs. #379 [1] and #576 [2]); SHS (Certs. #317, #794 [1] and #1104 [2]); Triple-DES (Certs. #210, #683 [1] and #867 [2]) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard."
1039	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router (Hardware Version: 2851; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/14/2008; 08/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #795 [1] and #1199 [2]); HMAC (Certs. #50, #436 [1] and #696 [2]); RNG (Certs. #456 [1] and #663 [2]); RSA (Certs. #379 [1] and #576 [2]); SHS (Certs. #317, #794 [1] and #1104 [2]); Triple-DES (Certs. #210, #683 [1] and #867 [2]) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
1038	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Routers (Hardware Versions: 2811and 2821; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/14/2008; 08/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #265, #795 [1] and #1199 [2]); HMAC (Certs. #77, #436 [1] and #696 [2]); RNG (Certs. #456 [1] and #663 [2]); RSA (Certs. #379 [1] and #576 [2]); SHS (Certs. #344, #794 [1] and #1104 [2]); Triple-DES (Certs. #347, #683 [1] and #867 [2]) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard."
1037	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 1841 and Cisco 2801 Integrated Services Routers (Hardware Versions: 1841 and 2801; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/14/2008; 08/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #181, #795 [1] and #1199 [2]); HMAC (Certs. #27, #436 [1] and #696 [2]); RNG (Certs. #456 [1] and #663 [2]); RSA (Certs. #379 [1] and 576 [2]); SHS (Certs. #267, #794 [1] and #1104 [2]); Triple-DES (Certs. #283, #683 [1] and #867 [2]) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard."
1036	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 1841 Integrated Services Routers with AIM-VPN/BPII-Plus and Cisco 2801 Integrated Services Routers with AIM-VPN/EPII-Plus (Hardware Versions: 1841 and 2801; AIM-VPN/BPII-Plus Version: 1.0, Board Version: C1; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/14/2008; 08/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #100, #181, #795 [1] and #1192 [2]); HMAC (Certs. #27, #38, #436 [1] and #696 [2]); RNG (Certs. #80, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #383 and #576 [2]); SHS (Certs. #267, #401, #794 [1] and #1104 [2]); Triple-DES (Certs. #213, #283, #683 [1] and #867 [2]) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/BPII-Plus and AIM-VPN/EPII-Plus)."
1035	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Routers with AIM-VPN/EPII-Plus (Hardware Versions: 2811 and 2821; AIM Version: 1.0, Board Version: D0; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008; 08/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #100, #265, #795 [1] and #1199 [2]); HMAC (Certs. #38, #77, #436 [1] and #696 [2]); RNG (Certs. #80, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #383 and #576 [2]); SHS (Certs. #344, #401, #794 [1] and #1104 [2]); Triple-DES (Certs. #213, #347, #683 [1] and #867 [2]) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2811 and 2821 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus)."
1034	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router with AIM-VPN/EPII-Plus (Hardware Version: 2851, AIM Version: 1.0, Board Version: D0; Firmware Version: Versions: 12.4(15)T3[1] and 12.4(15)T10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008; 08/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #100, #795 [1] and #1199 [2]); HMAC (Certs. #38, #50, #436 [1] and #696 [2]); RNG (Certs. #80, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #383 and #576 [2]); SHS (Certs. #317, #401, #794 [1] and #1104 [2]); Triple-DES (Certs. #210, #213, #683 [1] and #867 [2]) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2851 router features the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus)."
1033	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 Integrated Services Routers with AIM-VPN/EPII-Plus and Cisco 3845 Integrated Services Routers with AIM-VPN/HPII-Plus (Hardware Versions: 3825 and 3845; AIM-VPN/EPII-Plus Version: 1.0, Board Version: D0; AIM-VPN/HPII-Plus Version: 1.0, Board Version: D0; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008; 08/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #100, #795 [1] and #1199 [2]); HMAC (Certs. #38, #50, #436 [1] and #696 [2]); RNG (Certs. #80, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #383 and #576 [2]); SHS (Certs. #317, #401, #794 [1] and #1104 [2]); Triple-DES (Certs. #210, #213, #683 [1] and #867 [2]) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 3825 and 3845 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/EPII-Plus and AIM-VPN/HPII-Plus)."
1032	Nortel Networks 600 Technology Park Billerica, MA 01821 USA -Dave Norton TEL: 978-288-7079 -Dragan Grebovich TEL: 978-288-8069 FAX: 978-670-8153	VPN Client Software (Software Version: 7_11.101) (When operated in FIPS mode with Microsoft® Enhanced Cryptographic Provider validated to FIPS 140-1 under Cert. #238 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/07/2008	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Windows XP Professional Service Pack 2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #721); HMAC (Cert. #389); RNG (Cert. #421); SHS (Cert. #740); Triple-DES (Cert. #644) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); DES; 40-bit DES; MD5; ECDH (non-compliant); HMAC-MD5 Multi-chip standalone "The Contivity VPN Client provides stable, secure network access via Nortel VPN routers and VPN gateways. The client can be preconfigured and customized by IT administrators for quick install and connect, or easily configured by end users via the connection wizard. The VPN client works over all IP infrastructures including all wireless, broadband, and satellite services. The VPN client also supports seamless roaming, enabling a user to roam wirelessly without losing the virtual connection."
1031	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 1841 with AIM-VPN/SSL-1 and Cisco 2801 with AIM-VPN/SSL-2 Integrated Services Routers (Hardware Versions: 1841 and 2801, AIM-VPN/SSL-1 Version: 1.0, Board Version: 01, AIM-VPN/SSL-2 Version: 1.0, Board Version: 01; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008; 08/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #173, #181, #795 [1] and #1199 [2]); HMAC (Certs. #27, #39, #436 [1] and #696 [2]); RNG (Certs. #83, #456 [1] and #663 [2]); RSA (Certs. #379 [1], #382 and #576 [2]); SHS (Certs. #258, #267, #794 [1] and #1104 [2]); Triple-DES (Certs. #275, #283, #683 [1] and #867 [2]) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 1841 and 2801 routers feature the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. These routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 1841 and 2801 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-1 and AIM-VPN/SSL-2)."
1030	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2811 and Cisco 2821 Integrated Services Routers with AIM-VPN/SSL-2 (Hardware Versions: 2811 and 2821, AIM Version: 1.0, Board Version: 01; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008; 08/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #173, #265, #795 [1] and Cert. #1199 [2]); HMAC (Certs. #39, #77, #436 [1] and Cert. #696 [2]); RNG (Certs. #83, #456 [1] and Cert. #663 [2]); RSA (Certs. #379 [1], #382 [1] and Cert. #576 [2]); SHS (Certs. #258, #344, #794 [1] and Cert. #1104 [2]); Triple-DES (Certs. #275, #347, #683 [1] and Cert. #867 [2]) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2811 and 2821 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-2)."
1029	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 3825 and Cisco 3845 Integrated Services Routers with AIM-VPN/SSL-3 (Hardware Versions: 3825 and 3845, AIM-VPN/SSL-3 Version: 1.0, Board Version: 01; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008; 08/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #173, #795 [1] and Cert. #1199 [2]); HMAC (Certs. #50, #39, #436 [1] and Cert. #696 [2]); RNG (Certs. #83, #456 [1] and Cert. #663 [2]); RSA (Certs. #379 [1], #382 and Cert. #576 [2]); SHS (Certs. #258, #317, #794 [1] and Cert. #1104 [2]); Triple-DES (Certs. #210, #275, #683 [1] and Cert. #867 [2]) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 3800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to T3 connection. The Cisco 3800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 3825 and 3845 routers feature the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-3)."
1028	Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134 USA -Michael Soto TEL: 408-902-8125 FAX: 408-902-8095	Cisco 2851 Integrated Services Router with AIM-VPN/SSL-2 (Hardware Version: 2851, AIM Version: 1.0, Board Version: 01; Firmware Versions: 12.4(15)T3[1] and 12.4(15)T10[2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	10/07/2008; 08/28/2009; 10/23/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #96, #173, #795 [1] and Cert. #1199 [2]); HMAC (Certs. #50, #39, #436 [1] and Cert. #696 [2]); RNG (Certs. #83, #456 [1] and Cert. #663 [2]); RSA (Certs. #379 [1], #382 and Cert. #576 [2]); SHS (Certs. #258, #317, #794 [1] and Cert. #1104 [2]); Triple-DES (Certs. #210, #275, #683 [1] and Cert. #867 [2]) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 or 96 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES Multi-chip standalone "The Cisco 2800 Series features the ability to deliver multiple high-quality simultaneous services at wire speeds up to multiple T1/E1/xDSL connections. The Cisco 2800 Series routers offer embedded encryption acceleration on the motherboard. For additional performance, the Cisco 2851 router features the ability to optionally add encryption acceleration advanced integration modules (AIM-VPN/SSL-2)."
1027	Attachmate Corporation 1500 Dexter Ave N Seattle, WA 98109 USA -Diane Agemura TEL: 206-217-7500 FAX: 206-272-1346 -Kjell Swedin TEL: 206-217-7332 FAX: 206-272-1345	Attachmate Cryptographic Module (Software Version: 2.0.40) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	10/07/2008	Overall Level: 1  -EMI/EMC: Level 3 -Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2003 Server SP2 (x86); Red Hat Enterprise Linux 4.0 (x86); Sun Solaris 10 (x86); Microsoft Windows 2003 Server SP2 (x64); SuSE Linux Enterprise Server 9.0 (x64); Solaris 10 (x64); Microsoft Windows 2003 Server SP2 (IA64); Red Hat Enterprise Linux 4.0 (IA64); HP-UX 11iv3 (IA64); Solaris 8 (UltraSPARC); HP-UX 11iv1 (PA-RISC); AIX 5.2 (Power5); SuSE Linux Enterprise Server 9.0 (s390); Red Hat Enterprise Linux 4.0 on Hercules 3.05 s390 Emulator on Red Hat Enterprise Linux 5.0 (s390x) (single user mode) -FIPS-approved algorithms: AES (Cert. #808); DSA (Cert. #299); HMAC (Cert. #447); RNG (Cert. #465); RSA (Cert. #389); SHS (Cert. #805); Triple-DES (Cert. #689) -Other algorithms: Arcfour; Blowfish; CAST; DES; RIPEMD-160; MD4; MD5; MD2; RC5; RC2; HMAC-MD5; HMAC-MD4; HMAC-MD2; HMAC-RIPEMD-160; SHA-224 (non-compliant); SHA-384 (non-compliant); HMAC SHA-224 (non-compliant); HMAC SHA-384 (non-compliant); CBC-DES MAC; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80-bits of encryption strength) Multi-chip standalone "The Attachmate Crypto Module is used in a range of solutions from Attachmate, provider of host connectivity, secure communications and systems and security management."
1026	Sun Microsystems 4150 Network Circle Santa Clara, CA 95054 USA -Mehdi Bonyadi TEL: 858-625-5163 FAX: 858-926-9020 -Ling Qin TEL: 408-276-0097 FAX: 858-526-9020	Sun Crypto Accelerator 6000 (Hardware Version: 375-3424, Revisions -02, -03 and -04; Firmware Version: Bootstrap versions 1.0.1 and 1.0.10, Operational firmware version 1.0.11) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Hardware	10/07/2008; 12/17/2008; 05/18/2009	Overall Level: 3  -FIPS-approved algorithms: AES (Certs. #397 and #856); DSA (Cert. #309); HMAC (Cert. #473); RNG (Cert. #490); RSA (Certs. #409 and #410); SHS (Certs. #469 and #850); Triple-DES (Cert. #435) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2 Multi-chip embedded "The Sun Cryptographic Accelerator 6000 (SCA-6000) is a high performance hardware security module for Sun platforms (SPARC, x86, x64). It is a low-profile, short PCI-E (X8) card consisting of on-board cryptographic acceleration hardware and a secure cryptographic key store. SCA-6000 supports remote management functions. It has serial and USB ports for local administration. It enhances platform performance by off-loading compute intensive cryptographic calculations by accelerating both IPsec and SSL processing, and by performing many financial service functions. Supported on Linux and Solaris-10"
1025	BeCrypt Limited 130 Shaftesbury Avenue London, W1D 5EU United Kingdom -Dr. Pali Surdhar, Certification Manager TEL: +44 (0)845 838 2050 FAX: +44 (0)845 838 2060	BeCrypt Cryptographic Library (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate Vendor Product Link	Software	10/07/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2; Linux Ubuntu 8.0.4 (single-user mode) -FIPS-approved algorithms: AES (Certs. #764 and #765); SHS (Certs. #771 and #772); RNG (Cert. #440); RSA (Cert. #363); HMAC (Certs. #418 and #419) -Other algorithms: N/A Multi-chip standalone "The BeCrypt Cryptographic Library provides core cryptographic functionality for BeCrypt's Enterprise security products including a range of market leading disk encryption, media encryption and data protection products. The cryptographic library provides a capability to develop complex and flexible security applications that require cryptographic functionality in both pre-OS and 32 bit operating environments."
1024	Inter-4, A Division of Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Linux (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	09/24/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Linux 2.6 (single user mode) -FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: N/A Multi-chip standalone "The STS Secure for Linux is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NetFilter Driver, that runs on a general purpose computer. It is the basis for Inter-4's TACTI-NET networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless and/or wired traffic."
1023	3e Technologies International, Inc. 9715 Key West Avenue Suite 500 Rockville, MD 20850 USA -Ryon Coleman TEL: 301-944-1277	3e-525A-3, 3e-525A-3 BASIC, 3e-525A-3 BASIC with TEC, 3e-525A-3MP, 3e-525A-3MP with TEC, 3e-525V-3, 3e-525Ve-3 and 3e-525Ve-4 AirGuard™ Wireless Access Points (Hardware Versions: 2.0(A): (3e-525A-3 [2], 3e-525A-3 BASIC [2], 3e-525A-3 BASIC with TEC [2], 3e-525A-3MP [2], 3e-525A-3MP with TEC [2], 3e-525V-3 [2], 3e-525Ve-3 [2] and 3e-525Ve-4 [1]); and 2.1: (3e-525A-3 [2], 3e-525A-3MP [2], 3e-525V-3 [2] and 3e-525Ve-4 [1]); Firmware Versions: 4.3.2 [1] and 4.3.3 [2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/24/2008; 12/09/2008; 02/05/2010	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #238); CCM (Cert. #1); HMAC (Cert. #13); RNG (Cert. #22); SHS (Cert. #278); Triple-DES (Cert. #292) -Other algorithms: AES CFB (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); MD5; RC4; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength) Multi-chip standalone "The AirGuard™ model 525A-3 and model 525V-3/4 Wireless Access Points are packaged in rugged IP 66 weatherproof enclosure and conforms to 802.11a/b/g wireless standards. They provide access point, gateway, bridge/repeater, and mesh networking for wireless applications. In access point or gateway mode, the 525A-3 can establish links to laptops, PDAs and other wireless devices at data rates from 11 Mbps up to 108 Mbps. The 525V-3/4 incorporates an extra video module to provide capability for remote video surveillance and camera control."
1022	Memory Experts International, Inc. 227 Montcalm Suite 101 and 202 Gatineau, Quebec J8Y 3B9 Canada -Larry Hamid TEL: 819-595-3069 FAX: 819-595-3353	Outbacker MXP (Hardware Versions: 1.0 Outbacker MXP 80 GB, 1.0 Outbacker MXP 120 GB, 1.0 Outbacker MXP 160 GB, 1.0 Outbacker MXP 250 GB, 1.0 Outbacker MXP 320 GB and 1.0 Outbacker MXP 500 GB with MXI AES: Part # 933000334R Version 1.0; Firmware Version: 4.23 with Version 2.1 of Boot loader) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/10/2008; 02/24/2009	Overall Level: 2  -Roles, Services, and Authentication: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: AES (Cert. #768); SHS (Cert. #485); RSA (Cert. #154); RNG (Cert. #211); HMAC (Cert. #190) -Other algorithms: N/A Multi-chip standalone "Outbacker MXP is a USB Portable Security Device with authentication and cryptographic services. It provides up to 320 gigabytes of encrypted portable storage and digital identity operations for enterprise security and user authentication via biometric and password."
1021	CoCo Communications Corporation 999 3rd Ave, Suite 3700 Seattle, WA 98104 USA -Jeff Meyer TEL: 206-284-9387 FAX: 206-770-6461 -Mikhail Voloshin TEL: 206-812-5735 FAX: 206-770-6461	The CoCo Crypto Module (Software Version: 1.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	09/02/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP with SP2, Debian GNU/Linux 4.0 (single-user mode) -FIPS-approved algorithms: AES (Cert. #693); DSA (Cert. #263); HMAC (Cert. #370); RNG (Cert. #405); SHS (Cert. #720) -Other algorithms: Diffie-Hellman; SSLeay RNG Multi-chip standalone "The CoCo Crypto Module provides cryptographic services for the core components of CoCo Communications' tactical and military product lines. With the CoCo Crypto Module, users of CoCo's mobile digital network systems can be assured that their communications are safe from spoofing, eavesdropping, and other forms of information attack. As used within the CoCo Communications product suite, the CoCo Crypto module is interchangeable with the OpenSSL DLL, allowing for easy deployment-time transition to suit the needs of the problem domain."
1020	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba 200, 800 and 6000 Mobility Controller with ArubaOS FIPS Firmware (Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, SC-48-C1-1, SC-128-C1-1, SC-256-C2-1, LC-2G-1, LC-2G24F-1, LC-2G24FP-1; Firmware Versions: A200_2.4.8.22-FIPS, A800_2.4.8.22-FIPS, A5000_2.4.8.22-FIPS, A200_2.4.8.23-FIPS, A800_2.4.8.23-FIPS, A5000_2.4.8.23-FIPS, A200_2.4.8.24-FIPS, A800_2.4.8.24-FIPS and A5000_2.4.8.24-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/02/2008; 10/16/2008; 03/19/2009	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Certs. #298, #299, #300 and #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength). Multi-chip standalone "Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1019	Aruba Wireless Networks Inc. 1322 Crossman Avenue Sunnyvale, CA 94089 USA -Harsha Nagaraja TEL: 408-754-3010	Aruba 200, 800 and 6000 Mobility Controller with ArubaOS FIPS Firmware (Hardware Versions: 200: 200-6-AOS-STD-FIPS-US; 800: 800-16-TX-AOS-STD-FIPS, 800-16-SX-AOS-STD-FIPS; 6000: 6000-BASE-2PSU-200-FIPS, 6000-BASE-2PSU-400-FIPS, SC-48-C1-1, SC-128-C1-1, SC-256-C2-1, LC-2G-1, LC-2G24F-1, LC-2G24FP-1; Firmware Versions: A200_3.1.1.7-FIPS, A200_3.1.1.29-FIPS, A800_3.1.1.7-FIPS, A800_3.1.1.29-FIPS, A5000_3.1.1.7-FIPS and A5000_3.1.1.29-FIPS) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	09/02/2008; 12/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #649, #650, #651 and #700); HMAC (Certs. #334, #335, #336 and #378); RNG (Cert. #411); RSA (Certs. #298, #299, #300 and #326); SHS (Certs. #682, #683, #684 and #728); Triple-DES (Certs. #600, #601, #602 and #631) -Other algorithms: DES; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength). Multi-chip standalone "Aruba Networks' Mobility Controller system with an integrated ICSA-certified stateful firewall and hardware-based encryption, is the industry's highest performing and most scalable enterprise mobility platform on the market today. Aruba offers the industry's only modular and stackable mobility controllers from every enterprise environment. Now, administrators are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise."
1018	Inter-4, A Division of Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Windows XP, Embedded XP (Software Version: 1.2 5/30/2008) Validated to FIPS 140-2 Security Policy Certificate	Software	09/02/2008; 12/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP Professional SP2, Windows XP Professional Embedded SP2 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); RNG (Cert. #167); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: N/A Multi-chip standalone "The STS Secure for Windows XP, Embedded XP is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA), Key Generator Application, and the AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's Tactinet networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless/wired traffic. In addition to data in transit (DIT), file based encryption protects files transferred to/from the platform via external USB drives."
1017	Inter-4, A Division of Sierra Nevada Corporation 1777 Montgomery Street San Francisco, CA 94111 USA -Paul Matz TEL: 415-771-4444 FAX: 415-771-8444 -Dan Haddick TEL: 415-771-4444 FAX: 415-771-8444	STS Secure for Windows CE (Software Version: 1.2 5/30/2008) Validated to FIPS 140-2 Security Policy Certificate	Software	09/02/2008; 12/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows CE 4.2 (single-user mode) -FIPS-approved algorithms: DSA (Cert. #157); SHS (Cert. #425); AES (Cert. #350) -Other algorithms: N/A Multi-chip standalone "The STS Secure for Windows CE is a FIPS 140-2 Level 1 software module, comprised of the Security Manager Application Service (SMA) & AES NDIS Filter Driver, that runs on a general purpose computer. It is the basis for Inter-4's Tactinet networking technology. The primary purpose for the STS Secure software module is to provide data security for all network wireless/wired traffic. In addition to data in transit (DIT), file based encryption protects files tranferred to/from the platform via external USB drives, and sensitive data at rest (DAR) stored internally is also encrypted and zeroizable."
1016	Cisco Systems, Inc. 170 West Tasman Dr. San Jose, CA 95134 USA -Brian Mansfield TEL: 408-853-5469 FAX: 408-853-3529	Cisco Secure Services Client FIPS Module (Software Version: 1.0.0.0) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP and Microsoft Windows 2000 (single-user mode) -FIPS-approved algorithms: RSA (Cert. #325); AES (Cert. #699); HMAC (Cert. #377); SHS (Cert. #727); Triple-DES (Cert. #630); RNG (Cert. #410) -Other algorithms: RC4; DES; MD4; MD5; HMAC-MD5; DSA (non-compliant); AES (Cert. #699; key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman Multi-chip standalone "The Cisco Secure Services Client FIPS Module is a self contained crypto module that supports IEEE 802.11i (WPA2) key exchange and IEEE 802.1X wired and wireless authentication. The module provides cryptographic support for 802.1X EAP types such as EAP-TLS, EAP-FAST and PEAP as well as WPA2-PSK (Pre-shared key)."
1015	Lexmark International, Inc. 740 West New Circle Road Lexington, KY 40550 USA -Sean Gibbons TEL: 859-232-2000 FAX: 859-232-3120	Lexmark Encryption Plug-In (Software Version: 1.1) Validated to FIPS 140-2 Security Policy Certificate	Software	08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (single-user mode) -FIPS-approved algorithms: AES (Cert. #767); SHS (Cert. #774); HMAC (Cert. #420); RNG (Cert. #441) -Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength) Multi-chip standalone "A secure rendering plug-in that provides AES encryption of print data from the host through a print server with the AES encrypted data continuing on to a Lexmark decryption-enabled device. The rendering plug-in uses the Lexmark device's public key such that only the target device will be able to decrypt the data."
1014	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Scot Bennett TEL: 847-576-6935	Motorola Network Router (MNR) S2500 (Hardware Version: S2500 Base Unit P/N ST2500B Tanapa Number CLN1713E Revision B with S2500 Encryption Module P/N ST2516A Tanapa Number CLN8262C Revision C; Firmware Versions: XS-15.1.0.75, XS-15.1.0.76, XS-15.2.0.20, XS-15.4.0.60, XS-15.6.0.27 and XS-15.7.0.60) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/22/2008; 01/26/2009; 07/28/2009; 12/23/2009	Overall Level: 1  -EMI/EMC: Level 3 -FIPS-approved algorithms: Triple-DES (Certs. #581 and #588); AES (Certs. #611 and #625); DSA (Cert. #237); SHS (Certs. #659 and #693); HMAC (Certs. #322 and #342); RNG (Cert. #349); RSA (Cert. #283) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "MNR S2500 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S2500 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S2500 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1013	Motorola, Inc. 1301 E. Algonquin Road Schaumburg, IL 60196 USA -Scot Bennett TEL: 847-576-6935	Motorola Network Router (MNR) S6000 (Hardware Versions: S6000 Base Unit P/N ST6000C Tanapa Number CLN1780D Revision B with S6000 Encryption Module P/N ST6016A Tanapa Number CLN8261D Revision H [1] and S6000 Base Unit ST6000C Tanapa Number CLN1780C Revision A with S6000 Encryption Module P/N ST6016A Tanapa Number CLN8261D Revision H [2]; Firmware Versions: PS-15.1.0.75 [1, 2], GS-15.1.0.75 [1, 2], PS-15.1.0.76 [1, 2], GS-15.1.0.76 [1, 2], PS-15.2.0.20 [1, 2], GS-15.2.0.20 [1, 2], PS-15.4.0.60 [1, 2], GS-15.4.0.60 [1, 2], PS-15.6.0.27 [1, 2], GS-15.6.0.27 [1, 2], PS-15.7.0.60 [1, 2] and GS-15.7.0.60 [1, 2]) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/22/2008; 01/26/2009; 07/28/2009; 12/23/2009	Overall Level: 1  -FIPS-approved algorithms: Triple-DES (Certs. #275 and #580); AES (Certs. #173 and #609); DSA (Cert. #236); SHS (Certs. #258 and #658); HMAC (Certs. #39 and #323); RNG (Cert. #348); RSA (Cert. #282) -Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); MD5; DES; HMAC-MD5 Multi-chip standalone "MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
1012	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) (Software Version: 5.2.3790.4313) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/22/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Windows Server 2003 Service Pack 2 (x86, x64 and IA64) (single-user mode) -FIPS-approved algorithms: AES (Cert. #818); HMAC (Cert. #452); RNG (Cert. #470); RSA (Cert. #395); SHS (Cert. #816); Triple-DES (Cert. #691) -Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA X9.31 signature verification (non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 256 bits of encryption strength) Multi-chip standalone "The Microsoft Enhanced Cryptographic Provider is a FIPS 140-2 compliant, software-based, cryptographic module.RSAENH encapsulates several different cryptographic algorithms (including SHA-1, 3DES, AES, RSA, HMAC) in a cryptographic module accessible via the Microsoft CryptoAPI."
1011	Francotyp-Postalia Triftweg 21-26 Birkenwerder, 16547 Germany -Hasbi Kabacaoglu TEL: +49-3303-525-656 FAX: +49-3303-525-669	Revenector2008 (Hardware Versions: P/Ns 58.0036.0001.00/07 and 58.0036.0006.00/04; Firmware Version: 8.20) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 3  -Physical Security: Level 3 + EFP -FIPS-approved algorithms: RSA (Cert. #365); SHS (Cert. #765) -Other algorithms: N/A Multi-chip embedded "Revenector2008 is an embedded security device that can enhance the security of various kinds of appliances and computerized devices. The hardware of the Revenector2008 is designed to protect critical security parameters as well as application specific revenues. Its firmware enables hosting systems to load or update signed application specific firmware."
1010	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) (Software Versions: 6.0.6001.22202 and 6.0.6002.18005) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #739); HMAC (Cert. #408); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1009	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Versions: 6.0.6001.18000 and 6.0.6002.18005) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #282); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) -Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Multi-chip standalone "DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1008	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Server 2008 Cryptographic Primitives Library (bcrypt.dll) (Software Versions: 6.0.6001.22202 and 6.0.6002.18005) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #1006 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #757); DSA (Cert. #284); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant provides less than 80 bits of encryption strength) Multi-chip standalone "BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1007	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Server 2008 Kernel Mode Security Support Provider Interface (ksecdd.sys) (Software Versions: 6.0.6001.22202, 6.0.6002.18005, 6.0.6001.18272, 6.0.6001.22450, 6.0.6002.18051 and 6.0.6002.22152) (When operated in FIPS mode with Windows Server 2008 OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008; 02/23/2009; 07/30/2009; 10/16/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
1006	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Code Integrity (ci.dll) (Software Versions: 6.0.6001.18000 and 6.0.6002.18005) (When operated in FIPS mode with Winload OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #1005 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: RSA (Cert. #355); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is a dynamically linked library that runs as ntoskrnl.exe. It verifies the integrity of executable files, including kernel mode drivers, critical system components and user mode crypto modules, before these files are loaded from disk into memory by the memory manager."
1005	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Winload OS Loader (winload.exe) (Software Versions: 6.0.6001.18000 and 6.0.6002.18005) (When operated in FIPS mode with Boot Manager (bootmgr) validated to FIPS 140-2 under Cert. #1004 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #760); RSA (Cert. #355); SHS (Cert. #753) -Other algorithms: MD5 Multi-chip standalone "This is the OS loader. It loads the boot-critical driver image files and the OS kernel image file itself."
1004	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Server 2008 Boot Manager (bootmgr) (Software Versions: 6.0.6001.18000 and 6.0.6002.18005) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 (x86 Version); Microsoft Windows Server 2008 (x64 version); Microsoft Windows Server 2008 (IA64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #760); HMAC (Cert. #415); RSA (Cert. #355); SHS (Cert. #753) -Other algorithms: N/A Multi-chip standalone "This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity and then checks the integrity of the OS loader and launches it."
1003	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) (Software Versions: 6.0.6001.18000 and 6.0.6002.18005) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: DSA (Cert. #281); RNG (Cert. #435); SHS (Cert. #753); Triple-DES (Cert. #656); Triple-DES MAC (Triple-DES Cert. #656, vendor affirmed) -Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); MD5; RC2; RC2 MAC; RC4 Multi-chip standalone "DSSENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Software developers dynamically link the Microsoft DSSENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1002	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Windows Vista Enhanced Cryptographic Provider (RSAENH) (Software Versions: 6.0.6001.22202 and 6.0.6002.18005) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Cert. #739); HMAC (Cert. #407); RNG (SP 800-90, vendor affirmed); RSA (Certs. #353 and #354); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "RSAENH encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. Developers dynamically link the Microsoft RSAENH module into their applications to provide FIPS 140-2 compliant cryptographic support."
1001	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Vista Cryptographic Primitives Library (bcrypt.dll) (Software Versions: 6.0.6001.22202 and 6.0.6002.18005) (When operated in FIPS mode with Code Integrity (ci.dll) validated to FIPS 140-2 under Cert. #980 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008; 07/24/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #756); DSA (Cert. #283); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90, vendor affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant provides less than 80 bits of encryption strength) Multi-chip standalone "BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Vista components and applications running on Windows Vista. The cryptographic module, BCRYPT.DLL, encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CNG (Cryptography, Next Generation) API. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 compliant cryptography."
1000	Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows Vista Kernel Mode Security Support Provider Interface (ksecdd.sys) (Software Versions: 6.0.6001.22202, 6.0.6002.18005, 6.0.6001.18272, 6.0.6001.22450, 6.0.6002.18051 and 6.0.6002.22152) (When operated in FIPS mode with Windows Vista OS Loader (winload.exe) validated to FIPS 140-2 under Cert. #979 operating in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008; 07/24/2009; 10/16/2009	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows Vista Ultimate Edition SP1 (x86 Version); Microsoft Windows Vista Ultimate Edition SP1 (x64 version) (single-user mode) -FIPS-approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656) -Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength; non-compliant less than 80 bits of encryption strength) Multi-chip standalone "KSECDD.SYS runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows Vista kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request irp (I/O request packet)."
999	Hewlett-Packard Company 19091 Pruneridge Ave., MS 4441 Cupertino, CA 95014 USA -Mark Otto TEL: 408-447-3422 FAX: 408-447-5525	HP StorageWorks Secure Key Manager (Hardware Version: P/N AJ087A, Version 1.0; Firmware Version: 1.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -FIPS-approved algorithms: AES (Cert. #653); DSA (Cert. #244); HMAC (Cert. #338); RNG (Cert. #375); RSA (Cert. #302); SHS (Cert. #686); Triple-DES (Cert. #604) -Other algorithms: RSA (key wrapping; key establishment methodology provides 80 or 112 bits of encryption strength; non-compliant less than 80 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength); DES; MD5; RC4; RC2 Multi-chip standalone "The HP Secure Key Manager automates encryption key generation and management based on security policies. It is a hardened security appliance delivering identity-based access, administration and logging. Additionally, the Secure Key Manager provides reliable lifetime key archival with automatic multi-site key replication and failover capabilities."
998	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA E7500 (Hardware Version: P/N 101-500163-50, Rev. A; Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #636); AES (Cert. #705); DSA (Cert. #270); RNG (Cert. #416); RSA (Cert. #331); SHS (Cert. #733); HMAC (Cert. #383) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
997	Microsoft Corporation One Microsoft Way Redmond, WA 98052 USA -Dave Friant TEL: 425-704-7984 FAX: 425-936-7329	Microsoft Windows XP Kernel Mode Cryptographic Module (FIPS.SYS) (Software Version: 5.1.2600.5512) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Software	08/15/2008	Overall Level: 1  -Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP Professional SP3 (single-user mode) -FIPS-approved algorithms: HMAC (Cert. #429); RNG (Cert. #449); SHS (Cert. #785); Triple-DES (Cert. #677); Triple-DES MAC (Triple-DES Cert. #677, vendor affirmed) -Other algorithms: DES; MD5; HMAC MD5 Multi-chip standalone "FIPS.sys is a general-purpose, software-based, cryptographic module residing at the Kernel level of the Windows Operating System. It runs as a kernel mode export driver (a kernel-mode DLL) and encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible by other kernel mode services."
996	Alcatel-Lucent 600-700 Mountain Avenue Murray Hill, NJ 07974 USA -Paul Fowler TEL: 908-582-1734	Alcatel-Lucent VPN Firewall Bricks® 150, 700 AC and 700 DC (Hardware Versions: 150, 700 AC and 700 DC; Firmware Version: 9.1.299) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Cert. #101, #672 and #747); DSA (Certs. #253 and #256); HMAC (Certs. #220, #356, #359 and #405); RNG (Cert. #391); SHS (Certs. #193, #705, #708 and #762); Triple-DES (Certs. #214, #617, #620 and #664) -Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant) Multi-chip standalone "The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
995	Alcatel-Lucent 600-700 Mountain Avenue Murray Hill, NJ 07974 USA -Paul Fowler TEL: 908-582-1734	Alcatel-Lucent VPN Firewall Brick® 1200 (Hardware Versions: 1200 AC, 1200HS AC and 1200HS DC; Firmware Version: 9.1.299) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #266 and #672); DSA (Certs. #253 and #256); HMAC (Certs. #78, #356 and #359); RNG (Cert. #391); SHS (Certs. #345, #705 and #708); Triple-DES (Certs. #348, #617 and #620) -Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant) Multi-chip standalone "The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
994	Alcatel-Lucent 600-700 Mountain Avenue Murray Hill, NJ 07974 USA -Paul Fowler TEL: 908-582-1734	Alcatel-Lucent VPN Firewall Brick® 50 (Hardware Version: 50; Firmware Version: 9.1.299) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: AES (Certs. #671 and #672); DSA (Certs. #253 and #256); HMAC (Certs. #355, #356 and #359); RNG (Cert. #391); SHS (Certs. #704, #705 and #708); Triple-DES (Certs. #616, #617 and #620) -Other algorithms: ARC4; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 112 bits of encryption strength); ElGamal; MD5; RNG; RSA (non-compliant) Multi-chip standalone "The Alcatel-Lucent VPN Firewall Brick portfolio offers a broad range of enterprise-class security solutions to protect corporate networks and deliver mission-critical IP applications to headquarters, branch offices, trading partners, road warriors and customers. The Alcatel- Lucent VPN Firewall Brick solution provides simplified management - unique client/server design, centralized staging, real-time monitoring and "no-touch" management of all VPN, security and service quality assurance capabilities via the scalable, proven Lucent Security Management Server system."
993	Sun Microsystems, Inc. One Storagetek Drive MS 4338 Louisville, CO 80028 USA -Alexander Stewart TEL: 303-661-2775 FAX: 303-661-5743	Key Token (Hardware Version: P/N 314478004 Version G; Firmware Version: 1.20) Validated to FIPS 140-2 Security Policy Certificate	Hardware	11/06/2008	Overall Level: 1  -FIPS-approved algorithms: AES (Cert. #636) -Other algorithms: N/A Multi-chip standalone "The Key Token is a part of the larger Sun Microsystems' Encrypted Data-At-Rest Solution (EDRS). The primary purpose for this device is to provide secure key storage and key transport between the two other EDRS components. The additional two components that the EDRS includes are the Key Management Station (KMS) and the Encrypting Tape Drive (ETD). For more information on these components please contact Sun Microsystems."
992	SonicWALL, Inc. 1143 Borregas Ave. Sunnyvale, CA 94089-1306 USA -Usha Sanagala TEL: 408-745-9600 FAX: 408-745-9300	NSA 4500, NSA 5000 and NSA E5500 (Hardware Versions: P/N 101-500166-50, Rev. A (NSA 4500); P/N 101-500088-50, Rev. A (NSA 5000); P/N 101-500165-50, Rev. A (NSA E5500); Firmware Version: SonicOS v5.0.1) (When operated in FIPS mode) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -FIPS-approved algorithms: Triple-DES (Cert. #634); AES (Cert. #703); DSA (Cert. #268); RNG (Cert. #414); RSA (Cert. #329); SHS (Cert. #731); HMAC (Cert. #381) -Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 or 112 bits of encryption strength) Multi-chip standalone "The SonicWALL E-Class Network Security Appliance (NSA) series is engineered to meet the needs of the expanding enterprise network by providing a high performance, scalable, multifunction threat prevention appliance."
991	Athena Smartcard Inc. 20380 Town Center Lane Suite 240 Cupertino, CA 95014 USA -Ian Simmons TEL: 408-865-0112 FAX: 408-865-0333	Athena IDProtect Duo PIV (Hardware Version: P/N AT90SC12872RCFT Revision M; Firmware Version: P/N Athena IDProtect Duo Version 0107.7099.0105; Software Version: P/N Athena PIV Applet Version 1.0; (PIV Card Application: Cert. #12) Validated to FIPS 140-2 Security Policy Certificate	Hardware	08/15/2008	Overall Level: 2  -Cryptographic Module Specification: Level 3 -Roles, Services, and Authentication: Level 3 -Physical Security: Level 4 -Cryptographic Key Management: Level 3 -EMI/EMC: Level 3 -Design Assurance: Level 3 -FIPS-approved algorithms: Triple-DES (Cert. #598); Triple-DES MAC (Triple-DES Cert. #598, vendor affirmed); AES (Cert. #646); RNG (Cert. #368); RSA (Cert. #296); SHS (Cert. #680) -Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) Single-chip "The Athena IDProtect Duo PIV cryptographic module is compliant with FIPS 201 as an end point compliant card. The PIV application is hosted by the Athena IDProtect dual interface smart card operating system compliant with the Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and FIPS 140-2 Level 2 (Level 4 for Physical Security). IDProtect supports FIPS Approved Random Number Generator, TDES, AES, SHA-1, SHA-256, and RSA up to 2048 b