CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules

Historical, 1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016
All

Last Updated: 8/29/2016

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert#Vendor / CST LabCryptographic ModuleModule
Type
Val.
Date
Level / Description
2728BlackBerry Limited
BlackBerry B
2200 University Ave. E
Waterloo, Ontario N2K 0A7
Canada

Security Certifications Team
TEL: (519) 888-7465 x 72921
FAX: (519) 888-9852

CST Lab: NVLAP 200928-0
BlackBerry Linux Kernel Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Appendix C)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/29/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: CentOS 7 64-bit running on a Kontron NSN2U IP Network Server with AES-NI
CentOS 7 64-bit running on a Kontron NSN2U IP Network Server without AES-NI
Android 5.1 64-bit running on a Qualcomm Snapdragon MSM8992 development device (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3464); DRBG (Cert. #850); HMAC (Cert. #2209); SHS (Cert. #2859); Triple-DES (Cert. # 1953)

-Other algorithms: AES GCM (Cert. #3464; non-compliant); AES LRW; DES; RNG

Multi-Chip Stand Alone

"The BlackBerry Linux Kernel Cryptographic Module is a software-only external Linux Kernel module that provides general-purpose cryptographic services to the remainder of the kernel. The BlackBerry Linux Kernel Cryptographic Module expands the secure capabilities and features BlackBerry is known for, to devices running operating systems other than the BlackBerry OS."
2727Hitachi, Ltd.
322-2 Nakazato, Odawara-shi
Kanagawa-ken 250-0872
Japan

Hajime Sato
TEL: +81-465-59-5954
FAX: +81-465-49-4822

CST Lab: NVLAP 200835-0
Hitachi Virtual Storage Platform (VSP) Encryption Adapter
(Hardware Versions: P/N: eSCAx(WP820) Version: B/A5, B/A6 or B/A7; Firmware Versions: 02.09.28.00, 02.09.32.00 or 02.09.37.00)
(When installed, initialized and configured as specified in Section 8.1 and 8.2 of the Security Policy. The tamper evident seals installed as indicated in Section 1.1 of the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/29/2016Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #2787); HMAC (Cert. #1748 and #1889); SHS (Cert. #2344 and #2504); KTS (AES Cert. #2787)

-Other algorithms: N/A

Multi-Chip Embedded

"The Hitachi Virtual Storage Platform (VSP) Encryption Adapter provides high speed data at rest encryption for Hitachi storage."
2726Sony Mobile Communications, Inc.
1-8-15 Kohnan
Minato-ku, Tokyo 108-0075
USA

Takuya Nishibayashi
TEL: +81-3-5782-5285
FAX: +81-3-5782-5258

CST Lab: NVLAP 100432-0
Xperia Cryptographic Module
(Software Version: 1.0.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/29/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Android 5.0 running on Xperia Z4 tablet with ARMv8 Cryptographic Instruction
Android 5.0 running on Xperia Z4 tablet without ARMv8 Cryptographic Instruction (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3329); CVL (Cert. #485); DRBG (Cert. #774); DSA (Cert. #946); ECDSA (Cert. #658); HMAC (Cert. #2120); RSA (Cert. #1709); SHS (Cert. #2762); Triple-DES (Cert. #1900)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #485, key agreement methodology provides between 112 and 256 bits of security strength; non-compliant less than 112 bits of encryption strength); DUAL EC DRBG; RSA (key wrapping methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-Chip Stand Alone

"The Xperia Cryptographic Module provides a functionality/service, intended to protect data in transit and at rest."
2725FinalCode, Inc.
3031 Tisch Way
Suite 115
San Jose, CA 95128
USA

Inquiries
TEL: 855-201-8822

CST Lab: NVLAP 201029-0
FinalCode FIPS Crypto Module
(Software Version: 1.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/29/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755
SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
Mac OS X 10.8 on a MacBook Air
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG

Multi-Chip Stand Alone

"FinalCode FIPS Crypto Module is a standards-based cryptographic engine for FinalCode that delivers cryptographic functions within and between FinalCode components for secure key management, file data at rest encryption, authentication and secure communications as part of our file IRM platform."
2724Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Catalyst 3560-CX Switch
(Hardware Version: WS-3560CX-8TC-S; Firmware Version: 15.2(3)E1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/29/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3984 and #4016); CVL (Cert. #813); DRBG (Cert. #1177); HMAC (Cert. #2600); RSA (Cert. #2045); SHS (Cert. #3289); Triple-DES (Cert. #2187)

-Other algorithms: AES (Cert. #3984, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); AES (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules."
2723Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Coitat 13705
France

Arnaud LOTIGER
TEL: +33 442366074
FAX: +33 442365545

Frederic GARNIER
TEL: +33 442364368
FAX: +33 442366953

CST Lab: NVLAP 100432-0
IDCore 30-revB
(Hardware Version: SLE78CFX3000PH; Firmware Versions: IDCore 30 rev B - Build 06, Demonstration Applet version V1.1)
(When operated in FIPS mode with module IDPrime MD 830-revB validated to FIPS 140-2 under Cert. #2714 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/26/2016Overall Level: 3

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3779); CVL (Cert. #719); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); RSA (Certs. #1946 and #1947); SHS (Cert. #3146); Triple-DES (Cert. #2100); Triple-DES MAC (Triple-DES Cert. #2100, vendor affirmed)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG

Single Chip

"IDCore 30-revB is a highly secured smartcard platform compliant with Javacard 2.2.2, Global Platform 2.1.1 & 2.2 Amendment D standards, designed to operate with Infineon SLE78 chip family. The library implements TDEA, AES, AES-CMAC, SHA1-224-256-384-512, RSA, RSA CRT, ECDSA, ECC CDH and SP800-90A RNG algorithms."
2722SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131-2203
USA

William Sandberg-Maitland
TEL: 613-298-3416
FAX: 408-392-0319

Jack Young
TEL: 408-392-4334
FAX: 408-392-0319

CST Lab: NVLAP 100432-0
SPYRUS MDTU-P384 Encryption Module
(Hardware Versions: P/N 880074014F, Version 2.00.02; Firmware Version: 03.00.0D)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/26/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3877 and #3878); DRBG (Cert. #1106); ECDSA (Cert. #837); KAS (Cert. #75); SHS (Certs. #3198 and #3199)

-Other algorithms: NDRNG

Multi-Chip Stand Alone

"The MDTU P-384 module is a Suite B cryptographic storage device featuring XTS-AES 256-bit full disk encryption and P-384 based digital signature services. The device is fully adapted for the storage and protection of sensitive data assets and provides an automated secure data exchange service with external devices by way of a high strength authentication mechanism. The physical security and capabilities of this module make it ideal for secure transfer of essential assets in mission-critical applications."
2721Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Rezník
TEL: +420-532-294-645

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0
(Software Version: 4.0)
(With module Red Hat Enterprise Linux NSS Cryptographic Module v4.0 validated to FIPS 140-2 under Cert. #2711 operating in FIPS mode and Red Hat Enterprise Linux 7.1 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software08/29/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A
Red Hat Enterprise Linux 7.1 running on IBM z13 (single-user mode)

-FIPS Approved algorithms: CVL (Certs. #679, #680 and #681)

-Other algorithms: N/A

Multi-Chip Stand Alone

"Red Hat Enterprise Linux Libreswan Cryptographic Module v4.0 is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec."
2720Intel Corporation
2200 Mission College Blvd.
Santa Clara, CA 95054
USA

Steve F. Taylor
TEL: 202-361-7778

Kevin Fiftal
TEL: 860-326-6293

CST Lab: NVLAP 200658-0
Cryptographic Module for Intel® vPro™ Platforms' Security Engine Chipset
(Hardware Version: 3.0; Firmware Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware-Hybrid08/26/2016Overall Level: 1

-Operational Environment: Intel Sunrise Point PCH chipset with ME device firmware version 11.6.0.1102 CORPORATE SKU

-FIPS Approved algorithms: AES (Cert. #3923); CVL (Certs. #779, #798 and #799); DRBG (Cert. #1156); ECDSA (Certs. #871 and #872); HMAC (Certs. #2547 and #2548); KAS (SP 800-56B, vendor affirmed); Triple-DES (Cert. #2152); PBKDF (vendor affirmed); RSA (Certs. #2003 and #2022); SHS (Certs. #3232 and #3233)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; HMAC-MD5; MD5; RC4

Multi-Chip Stand Alone

"The Cryptographic Module for Intel® vPro™ Platforms' Security Engine Chipset is a hybrid cryptographic module present on recent Intel® vPro™ platforms. The Security Engine Chipset consists of both hardware and firmware that are utilized by the Management Engine (ME) of vProTM platforms. The hardware and firmware combine to perform cryptographic functions within the Intel® vPro™ ME for applications executing in the ME."
2719Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Mahesh Bommareddy
TEL: 408-936-5493

Van Nguyen
TEL: 408-936-2247

CST Lab: NVLAP 100432-0
Juniper Networks SRX1400, SRX3400, and SRX3600 Services Gateways
(Hardware Versions: P/Ns SRX1400BASE-GE-AC with [1] or [2], SRX1400BASE-GE-DC with [1] or [2], SRX1400BASE-XGE-AC with [1] or [2], SRX1400BASE-XGE-DC with [1] or [2], SRX3400BASE-AC with [2], SRX3400BASE-DC with [2], SRX3400BASE-DC2 with [2], SRX3600BASE-AC with [2], SRX3600BASE-DC with [2], and SRX3600BASE-DC2 with [2]; Service Processing Cards SRX1K-NPC-SPC-1-10-40 [1] or SRX3K-SPC-1-10-40 [2]; with Tamper Seals JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.1X46-D40)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/24/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3650, #3656 and #3663); CVL (Certs. #659 and #660); DRBG (Cert. #981); DSA (Certs. #1022 and #1033); ECDSA (Certs. #758 and #770); HMAC (Certs. #2400, #2406 and #2413); RSA (Certs. #1885 and #1896); SHS (Certs. #3068, #3074 and #3081); Triple-DES (Certs. #2035, #2036 and #2038)

-Other algorithms: ARCFOUR; ARCFOUR128; ARCFOUR256; BLOWFISH; CAST128; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; HMAC-MD5-96; HMAC-RIPEMD160; HMAC-SHA-1-96 (HMAC Certs. #2400, #2406 and #2413); NDRNG; UMAC-64; UMAC-128

Multi-Chip Stand Alone

"Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers."
2718Christie Digital Systems Canada Inc.
809 Wellington St. N.
Kitchener, ON N2G 4Y7
CANADA

Kevin Draper
TEL: 519-741-3741
FAX: 519-741-3912

CST Lab: NVLAP 200802-0
Christie F-IMB 4K Integrated Media Block (IMB)
(Hardware Version: 000-105081-01; Firmware Version: 1.6.0-4363)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/22/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: SHS (Cert. #1788); RSA (Cert. #1062)

-Other algorithms: TI ECDH; RNG; NDRNG; MD5; AES (non-compliant); HMAC (non-compliant); TLS v1.0 KDF (non-compliant)

Multi-Chip Embedded

"The Christie F-IMB is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a Christie digital cinema projector with the Fusion architecture. The F-IMB permits the playback of alternative content and High Frame Rate (HFR) material."
2717FinalCode, Inc.
3031 Tisch Way
Suite 115
San Jose, CA 95128
USA

Inquiries
TEL: 855-201-8822

CST Lab: NVLAP 201029-0
FinalCode FIPS Crypto Module for Mobile
(Software Version: 1.1)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/22/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus
iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3
iOS 7 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG

Multi-Chip Stand Alone

"FinalCode FIPS Crypto Module for Mobile is a standards-based cryptographic engine for FinalCode that delivers cryptographic functions within and between FinalCode mobile components for secure key management, file data at rest encryption, authentication and secure communications as part of our file IRM platform."
2716HGST, a Western Digital company
3403 Yerba Buena Road
San Jose, CA 95135
USA

Chung-chih Lin
TEL: 408-717-6289
FAX: 408-717-9494

Michael Williamson
TEL: 408-717-8458
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar® SSD800MH.B, SSD1600MM and SSD1600MR TCG Enterprise SSD
(Hardware Versions: P/Ns HUSMH8080BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], HUSMH8040BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], HUSMH8020BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], HUSMH8010BSS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], HUSMM1616ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], HUSMM1680ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], HUSMM1640ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], HUSMM1620ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], HUSMR1619ASS235 (0003) [11], HUSMR1619ASS205 (0003) [12, 13], HUSMR1616ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], HUSMR1610ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], HUSMR1680ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], HUSMR1650ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10], HUSMR1640ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] and HUSMR1625ASS205 (0003) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10]; Firmware Versions: D326 [1], D327 [2], D370 [3], K326 [4], K370 [5], P326 [6], P33G [7], P344 [8], P370 [9], Q4CB [10], R1C0 [11], G192 [12] or R192 [13])
(When installed, initialized and configured as specified in Sections 2.1 and 7.2 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/22/2016
08/25/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); DRBG (Cert. #302); HMAC (Cert. #1468); PBKDF (vendor affirmed); RSA (Cert. #1220); SHS (Cert. #2037)

-Other algorithms: NDRNG

Multi-Chip Embedded

"HGST's self-encrypting Ultrastar SSD800/1600 TCG Enterprise SSDs Drives implement TCG Storage specifications that meet or exceed the most demanding performance and security requirements. The Ultrastar SSD800/1600 family combines enterprise-grade MLC NAND Flash memory and advanced endurance management firmware. The power loss data management techniques extend reliability, endurance, and sustained performance over the life of the SSD."
2715IBM Corporation
11400 Burnet Road
Austin, TX 78758
USA

Tom Benjamin
TEL: 512-286-5319
FAX: 512-973-4763

Karthik Ramamoorthy
TEL: 512-286-8135
FAX: 512-973-4763

CST Lab: NVLAP 200658-0
IBM Java JCE FIPS 140-2 Cryptographic Module
(Software Version: 1.8)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/22/2016Overall Level: 1

-Physical Security: N/A
-Operational Environment: Tested as meeting Level 1 with Windows Server 2012 release 2 running on ThinkCentre M92P Tower Desktop with PAA
Red Hat Enterprise Linux Server release 7.1 running on ThinkCentre M93P with PAA
AIX 7 running on IBM 9119-MHE with PAA
Red Hat Enterprise Linux Server release 7.1 running on IBM 9119-MHE with PAA
Windows 7 64-bit running on ThinkCentre M93P without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3904, #3905, #3906, #3907 and #3908); CVL (Certs. #758, #759, #760, #761, #762, #763, #764, #765, #766 and #767); DRBG (Certs. #1119, #1120, #1121, #1122 and #1123); DSA (Certs. #1062, #1063, #1064, #1065 and #1066); ECDSA (Certs. #847, #848, #849, #850 and #851); HMAC (Certs. #2533, #2534, #2535, #2536 and #2537); KTS (vendor affirmed); RSA (Certs. #1988, #1989, #1990, #1991 and #1992); SHS (Certs. #3216, #3217, #3218, #3219 and #3220); Triple-DES (Certs. #2140, #2141, #2142, #2143 and #2144)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #759, #761, #763, #765 and #767; key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #759, #761, #763, #765 and #767; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework."
2714Gemalto
20 Colonade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Frederic GARNIER
TEL: +33 442364368
FAX: +33 442366953

Arnaud Lotigier
TEL: +33 4.42.36.60.74
FAX: +33 4.42.36.55.45

CST Lab: NVLAP 100432-0
IDPrime MD 830-revB
(Hardware Version: SLE78CFX3000PH; Firmware Versions: IDCore30-revB - Build 06, IDPrime MD Applet V4.3.5.D and MSPNP Applet V1.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/19/2016Overall Level: 3

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3779); CVL (Cert. #719); DRBG (Cert. #1045); ECDSA (Cert. #814); KBKDF (Cert. #81); KTS (vendor affirmed); RSA (Certs. #1946 and #1947); SHS (Cert. #3146); Triple-DES (Cert. #2100)

-Other algorithms: AES (Cert. #3779, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #719, key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single Chip

"IDPrime MD 830-revB is a Minidriver enabled PKI smartcards, working seamlessly with any Microsoft® environment (without any additional middleware), and offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure."
2713INTEGRITY Security Services
7585 Irvine Center Drive
Suite 250
Irvine, CA 92618
USA

David Sequino
TEL: 206-310-6795
FAX: 978-383-0560

Douglas Kovach
TEL: 727-781-4909
FAX: 727-781-2915

CST Lab: NVLAP 201029-0
INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit
(Firmware Version: 3.0.1)
(When installed, initialized and configured as specified in Section 2.4.1 of the Security Policy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware08/18/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: ATSAM4CMS32 with ARM Cortex-M4

-FIPS Approved algorithms: AES (Cert. #3943); DRBG (Cert. #1147); ECDSA (Cert. #864); HMAC (Cert. #2567); SHS (Cert. #3252)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength)

Multi-Chip Embedded

"Green Hills Software/INTEGRITY Security Services (ISS) ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems."
2712Imprivata
10 Maguire Road
Building 4
Lexington, MA 02421
USA

Troy Kuehl
TEL: 781-674-2716
FAX: 781-674-2760

Joel Lemieux
TEL: 781-674-2418
FAX: 781-674-2760

CST Lab: NVLAP 100432-0
Imprivata FIPS 140-2 Cryptographic Module
(Software Versions: 3.6.0 and 3.6.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/16/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Linux 3.0 (SLES 11 SP4, 64-bit) running on Imprivata OneSign
Linux 3.0 (SLES 11 SP4, 64-bit) on Microsoft Hyper-V 2012R2 Core running on Dell® PowerEdge™ r630
Linux 3.0 (SLES 11 SP4, 64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge™ r630
Windows 7 (64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge™ r630 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3417); DRBG (Cert. #821); HMAC (Cert. #2175); RSA (Cert. #1749); SHS (Cert. #2823); Triple-DES (Cert. #1928)

-Other algorithms: RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); MD5; AES (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5

Multi-Chip Stand Alone

"Imprivata delivers best in class solutions that optimize clinical workflow efficiency and enhance care delivery. OneSign® offers single sign-on, authentication management, and virtual desktop roaming enabling fast, secure No Click Access® to clinical applications and patient information, anytime, anywhere and from any device. Cortext® enables clinicians to securely collaborate across care teams and organizations. Confirm ID™ is the comprehensive identity and two-factor authentication platform for remote access, EPCS and medical device access."
2711Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Reznik
TEL: +420 532 294 645

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux NSS Cryptographic Module v4.0
(Software Version: 4.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software08/15/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 7.1 running on IBM POWER8 Little Endian 8286-41A
Red Hat Enterprise Linux 7.1 running on IBM z13 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3604, #3605, #3606, #3607, #3608, #3609 and #3610); CVL (Certs. #625, #626, #627, #628 and #629); DRBG (Certs. #935, #936, #937, #938 and #940); DSA (Certs. #1001, #1002, #1003, #1004 and #1005); ECDSA (Certs. #738, #739, #740, #741 and #742); HMAC (Certs. #2299, #2300, #2301, #2303 and #2305); RSA (Certs. #1853, #1854, #1855, #1856, #1857, #2031, #2032, #2033, #2034 and #2035); SHS (Certs. #2965, #2966, #2967, #2969 and #2971); Triple-DES (Certs. #2006, #2007, #2008, #2009 and #2010)

-Other algorithms: Camellia; DES; RC2; RC4; RC5; SEED; MD2; MD5; AES (Certs. #3604, #3605, #3606, #3607, #3608, #3609 and #3610, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #2006, #2007, #2008, #2009 and #2010, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); JPAKE

Multi-Chip Stand Alone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/"
2710GDC Technology (USA), LLC
1016 West Magnolia Boulevard
Burbank, CA 91506
USA

Pranay Kumar
TEL: (852) 2507 9565
FAX: (852) 2579 1131

Chern Yue Kwok
TEL: (852) 2507 9552
FAX: (852) 2579 1131

CST Lab: NVLAP 100432-0
Standalone IMB
(Hardware Versions: GDC-IMB-v3, R12; Firmware Version: 2.5 with Security Manager Firmware Version 1.5.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/12/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2148 and #3938); CVL (Cert. #785); DRBG (Cert. #1145); HMAC (Certs. #1315 and #2560); RSA (Cert. #2012); SHS (Certs. #1869 and #3247)

-Other algorithms: EC Diffie-Hellman (non-compliant); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-Chip Embedded

"A digital cinema standalone integrated media block that is compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management and logging."
2709Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) Type A
(Hardware Versions: A0 with PX04SVQ080B, PX04SVQ160B or PX04SRQ384B[1], A1 with PX04SVQ080B, PX04SVQ160B or PX04SRQ384B[2]; Firmware Versions: ZZ01[1], NA01[2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/11/2016
08/26/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); HMAC (Cert. #2231); SHS (Cert. #2879); RSA (Cert. #1795); DRBG (Cert. #867)

-Other algorithms: NDRNG

Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2708

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/09/2016Overall Level: 2

Multi-Chip Embedded
2707Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model) Type B
(Hardware Versions: A2 with PX04SVQ040B, PX04SVQ080B, PX04SVQ160B or PX04SRQ192B; Firmware Version: PD09)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/09/2016Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879)

-Other algorithms: NDRNG

Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2706V-Key
72 Bendemeer Road
#02-20 Luzerne
Singapore, Singapore 339941
Singapore

Joseph Gan
TEL: +65 6471 2524
FAX: +65 6471 2526

CST Lab: NVLAP 200901-0
V-Key Cryptographic Module
(Software Version: 3.6.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/09/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: VOS 3.6.0 running on a Samsung Galaxy S4 with Android 4.4.2 operating in single user mode

-FIPS Approved algorithms: AES (Cert #3679); Triple-DES (Cert #2057); SHS (Cert #3093); HMAC (Cert #2425); KBKDF (Cert #74); RSA (Cert #1900)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); RNG

Multi-Chip Stand Alone

"A software cryptographic module residing within a virtual machine, V-OS that provides a sandboxed operating environment. The Module provides symmetric ciphers, including AES and Triple DES, asymmetric cipher RSA, secure hash functions SHA-1 and SHA-256, message authentication, key derivation and key storage."
2705ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009-1699
USA

Savitha Naik
TEL: 760-476-7416
FAX: 760-929-3941

David Suksumrit
TEL: 760-476-2306
FAX: 760-929-3941

CST Lab: NVLAP 100432-0
Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module
(Hardware Versions: P/Ns 1010162 Version 1, 1010162 with ESEM Version 1, 1091549 Version 1, 1075559 Version 1, 1075559 with ESEM Version 1, 1091551 Version 1, 1010163 Version 1, 1010163 with ESEM Version 1, 1091550 Version 1, 1075560 Version 1, 1075560 with ESEM Version 1 and 1091552 Version 1; P/N 1047117 (tamper evident seal applied over ESEM); Firmware Version: 02.08.13)
(The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware08/08/2016Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3449, #3450 and #3879); CVL (Certs. #454 and #747); DRBG (Cert. #1107); ECDSA (Cert. #839); HMAC (Cert. #2521); KAS (Cert. #76); KTS (AES Cert. #3879); SHS (Certs. #2689, #3201 and #3202)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; AES (non-compliant); DES; DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); HMAC MD5; MD5; PBKDF (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The Enhanced Bandwidth Efficient Modem (EBEM) is the only commercially-available bandwith efficient modem certified to MIL-STD-188-165B and compliant with STANAG 4486 ed. 3. The MD-1366 defines a new military standard in FDMA for high-speed satellite communications. Using military and commercial satellites at X-, C-, Ku-, and Ka-band frequencies, the MD-1366 delivers much-needed capacity for the military's high speed broadband and multimedia transmissions."
2704Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Catalyst 3750-X Switch
(Hardware Versions: WS-C3750X-24T with C3KX-SM-10G, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK, or C3KX-NM-10GT; Firmware Version: 15.2(3)E1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/08/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1269, #1275, and #2817); CVL (Cert. #253); DRBG (Cert. #481); HMAC (Cert. #1764); KBKDF (Cert. #49); RSA (Cert. #1471); SHS (Cert. #2361); Triple-DES (Cert. #1688)

-Other algorithms: AES (Cert. #2817, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 1 requirements as multi-chip standalone modules."
2703Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Dump Filter (dumpfve.sys) in Microsoft Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub
(Software Version: 10.0.10586)
(When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB under Cert. #2604 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/26/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635
Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3629 and #3653)

-Other algorithms: N/A

Multi-Chip Stand Alone

"The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file."
2702Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise
(Software Version: 10.0.10586)
(When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2700 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/26/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA
Windows 10 (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)

-Other algorithms: MD5

Multi-Chip Stand Alone

"BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state."
2701Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub
(Software Version: 10.0.10586)
(When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2700 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/26/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA
Windows 10 (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a Dell XPS 8700 with PAA
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635
Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3629 and #3653); RSA (Cert. #1871); SHS (Cert. #3048)

-Other algorithms: MD5; NDRNG

Multi-Chip Stand Alone

"The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files."
2700Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub
(Software Version: 10.0.10586)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/26/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA
Windows 10 (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a Dell XPS 8700 with PAA
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635
Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3629 and #3653); HMAC (Cert. #2381); PBKDF (vendor affirmed); RSA (Cert. #1871); SHS (Certs. #3047 and #3048)

-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)

Multi-Chip Stand Alone

"The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it."
2699Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Joshua Brickman
TEL: 781-442-0451
FAX: 781-442-0451

Linda Gallops
TEL: 704-972-5018
FAX: 980-355-5399

CST Lab: NVLAP 200928-0
Oracle Solaris Userland Cryptographic Framework
(Software Version: 1.3)
(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/08/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server with PAA
Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server without PAA
Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server with PAA
Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server without PAA
Oracle Solaris 11.3 running on an Oracle Server X5-2 with PAA
Oracle Solaris 11.3 running on an Oracle Server X5-2 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3936); Triple-DES (Cert. #2159); RSA (Cert. #2011); DSA (Cert. #1074); ECDSA (Cert. #862); SHS (Cert. #3245); HMAC (Cert. #2558); DRBG (Cert. #1143)

-Other algorithms: AES (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); SHS (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Camelia; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"The Oracle Solaris Userland Cryptographic Framework module provides cryptographic functionality for any application that calls into it. The module provides encryption, decryption, hashing, secure random number generation, signature generation and verification, certificate generation and verification, message authentication functions, and key pair generation for RSA and DSA. The module can leverage the algorithm acceleration from SPARC and x86 processors when available."
2698Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Joshua Brickman
TEL: 781-442-0451
FAX: 781-442-0451

Linda Gallops
TEL: 704-972-5018
FAX: 980-355-5399

CST Lab: NVLAP 200928-0
Oracle Solaris Kernel Cryptographic Framework
(Software Version: 1.3)
(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/08/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server with PAA
Oracle Solaris 11.3 running on an Oracle SPARC T5-1B Server without PAA
Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server with PAA
Oracle Solaris 11.3 running on an Oracle SPARC T7-2 Server without PAA
Oracle Solaris 11.3 running on an Oracle Server X5-2 with PAA
Oracle Solaris 11.3 running on an Oracle Server X5-2 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3935); Triple-DES (Cert. #2158); RSA (Cert. #2010); ECDSA (Cert. #861); SHS (Cert. #3243); HMAC (Cert. #2556); DRBG (Cert. #1142)

-Other algorithms: AES (non-compliant); ECDSA (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Camelia; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"The Oracle Solaris Kernel Cryptographic Framework module provides cryptographic functionality for the kernel module. The module provides encryption, decryption, hashing, signature generation and verification, secure random number generation, and message authentication functions. The module can leverage the algorithm acceleration from SPARC and x86 processors when available."
2697Ciena Corporation
7035 Ridge Road
Hanover, MD 21076
USA

Patrick Scully
TEL: 613-670-3207

CST Lab: NVLAP 200928-0
Ciena 6500 Flex3 WaveLogic 3e OCLD Encryption Module
(Hardware Version: 1.0 with PCB P/N NTK539QS-220; Firmware Version: 2.00)
(When installed, initialized and configured as specified in Section 3.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/04/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3601 and #3602); CVL (Cert. #624); DRBG (Cert. #934); ECDSA (Certs. #736 and #737); HMAC (Cert. #2298); SHS (Certs. #2963 and #2964); Triple-DES (Cert. #2005)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG

Multi-Chip Embedded

"The Ciena 6500 Packet-Optical Platform Flex3 WaveLogic 3e OCLD Encryption Module offers an integrated transport encryption solution providing protocol-agnostic 100Gb/s or 200Gb/s wirespeed encryption service for enterprises, datacenters, government and also offered through service providers as differentiated managed service."
2696Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Mahesh Bommareddy
TEL: 408-936-5493

Van Nguyen
TEL: 408-936-2247

CST Lab: NVLAP 100432-0
Juniper Networks SRX100, SRX110, SRX210, SRX220, SRX240, SRX550, and SRX650 Services Gateways
(Hardware Versions: P/Ns {SRX100H, SRX100H2, SRX100H-TAA, SRX110H2-VA, SRX110H2-VB, SRX110H-VA, SRX110H-VB; SRX210HE, SRX210HE2, SRX210HE2-POE, SRX210HE-POE, SRX210HE-POE-TAA, SRX210HE-TAA, SRX210H2-POE-TAA, SRX210H2-TAA; SRX220H, SRX220H2, SRX220H-POE, SRX220H2-POE; SRX240H, SRX240H2, SRX240H2-DC, SRX240H2-POE, SRX240H-DC, SRX240H-POE, SRX240H-POE-TAA, SRX240H-TAA, SRX240H2-DC-TAA, SRX240H2-POE-TAA, SRX240H2-TAA; SRX550-645AP, SRX550-645DP, SRX550-645AP-TAA, SRX550-645DP-TAA; SRX650-BASE-SRE6-645AP, SRX650-BASE-SRE6-645DP, SRX650B-SRE6-645AP-TAA} with JNPR-FIPS-TAMPER-LBLS; Firmware Version: JUNOS-FIPS 12.1X46-D40)
(When operated in FIPS mode and with the tamper-evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/04/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #2035, #2036, #2039, #2040, #2041, #2042 and #2043); AES (Certs. #3650, #3656, #3657, #3658, #3659, #3660 and #3661); SHS (Certs. #3068, #3074, #3075, #3076, #3077, #3078 and #3079); HMAC (Certs. #2400, #2406, #2407, #2408, #2409, #2410 and #2411); CVL (Certs. #659 and #660); RSA (Certs. #1885, #1890, #1891, #1892, #1893 and #1894); DSA (Certs. #1022, #1027, #1028, #1029, #1030 and #1031); ECDSA (Certs. #758, #764, #765, #766, #767 and #768); DRBG (Cert. #981)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); NDRNG; HMAC-SHA-1-96 (HMAC Certs. #2400, #2406, #2407, #2408, #2409, #2410 and #2411); HMAC-MD5; HMAC-MD5-96; HMAC-RIPEMD160; UMAC-128; UMAC-64; ARCFOUR; ARCFOUR128; ARCFOUR256; BLOWFISH; CAST128

Multi-Chip Stand Alone

"Juniper Networks SRX Series Services Gateways provide the essential capabilities necessary to connect, secure, and manage enterprise and service provider networks, from the smallest sites to the largest headquarters and data centers."
2695Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

Harshad Thakar
TEL: 720-684-2880

CST Lab: NVLAP 201029-0
Seagate Secure® TCG Opal SSC Self-Encrypting Drive (SED) FIPS 140-2 Module
(Hardware Versions: ST1000LM038 - 1RD172 [1], ST2000LM010 - 1RA174 [2]; Firmware Versions: SDM1 [1,2], RSE1 [1], LSM1 [1,2], RDE1 [2])
(When operated in FIPS Mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/03/2016Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1343, #2804, #2947, #3758, #3759 and #3760); CVL (Certs. #707 and #708); DRBG (Cert. #62); HMAC (Certs. #1597 and #2460); KTS (AES Cert. #2947); RSA (Certs. #1933 and #1934); SHS (Certs. #1225, #3128 and #3129); PBKDF (vendor affirmed)

-Other algorithms: Diffie-Hellman (CVL Cert. #707, key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-Chip Embedded

"The ‘Seagate Secure® TCG Opal SSC Self-Encrypting Drive (SED) FIPS 140-2 Module’ is embodied in Seagate Laptop thin and Laptop Self-Encrypting Drive model disk drives. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
2694Hitachi, Ltd.
322-2 Nakazato, Odawara-shi
Kanagawa-ken 250-0872
Japan

Hajime Sato
TEL: +81-465-59-5954
FAX: +81-465-49-4822

CST Lab: NVLAP 200835-0
Hitachi Virtual Storage Platform (VSP) Encryption Board
(Hardware Version: HM800SL1; Firmware Versions: 03.07.49.00, 03.07.54.00 or 03.07.56.00)
(When installed, initialized and configured as specified in Section 8.1 and 8.2 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/03/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3305); HMAC (Cert. #2097); SHS (Cert. #2738); KTS (AES Cert. #3305)

-Other algorithms: N/A

Multi-Chip Embedded

"The Hitachi Virtual Storage Platform (VSP) Encryption Board provides high speed data at rest encryption for Hitachi storage."
2693Forcepoint
10900-A Stonelake Blvd
Quarry Oaks 1, Ste 350
Austin, TX 78759
USA

Michael Carney
TEL: 952-444-9546

CST Lab: NVLAP 200556-0
Forcepoint Sidewinder
(Firmware Version: 8.3.2P07 with patch 8.3.2E106)
(When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware08/03/2016Overall Level: 1

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: The module was tested on the 1402-C3 McAfee Firewall Enterprise with a proprietary OS (SecureOS® version 8.3)

-FIPS Approved algorithms: AES (Certs. #1833, #2711 and #2713); Triple-DES (Certs. #1185, #1628 and #1630); RSA (Certs. #1407 and #1409); DSA (Certs. #828 and #830); ECDSA (Certs. #472 and #474); SHS (Certs. #1612, #2276 and #2278); HMAC (Certs. #1086, #1690 and #1692); DRBG (Certs. #448 and #450); CVL (Certs. #168 and #171)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2692Zanjia Electronic Science & Technology (Beijing) Co., Ltd.
Rm 1701, Bldg B, Wantong New World Plaza
No.2 Fuchengmenwai St.
Xicheng Dist.
Beijing, Beijing 100037
China

Jingqiang Lin
TEL: +86-18910039067

Zheng Li
TEL: +86-18600339661

CST Lab: NVLAP 200658-0
HSM-ZJ2014
(Hardware Version: ZJ2014-2697v2-680-32G; Firmware Version: 1.0.0.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/28/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3912); DRBG (Cert. #1128); ECDSA (Cert. #855); HMAC (Cert. #2541); RSA (Cert. #1996); SHS (Cert. #3224)

-Other algorithms: AES (Cert. #3912, key wrapping); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength )

Multi-Chip Stand Alone

"HSM-ZJ2014 is a hardware security module, providing cryptographic services including encryption, decryption, signature generation and verification, and key management."
2691IBM Corporation
11400 Burnet Road
Austin, TX 78758
USA

Michael Zagorski
TEL: 845-435-1853

Michael Onghena
TEL: 919-543-4049

CST Lab: NVLAP 200658-0
IBM® z/OS® Version 2 Release 1 Security Server RACF® Signature Verification Module version 1.0
(Hardware Version: FC 3863 EC N98775 Drv 22H; Software Version: RACF level HRF7790)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid07/28/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: IBM z/OS Version 2 Release 1 running on an IBM z13 (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #1979); SHS (Cert. #3196)

-Other algorithms: N/A

Multi-Chip Stand Alone

"The z/OS RACF Program Signature Verification package consists of the core module (IRRPVERS) that is utilized when verifying signed code as it is loaded as well as an auxiliary module responsible for driving the initialization of IRRPVERS. The RACF Program Signature Verification module consists of software-based cryptographic algorithms, as well as hashing algorithms provided by the CP Assist for Cryptographic Function (CPACF)."
2690Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Van Nguyen
TEL: 408-936-2247

Seyed Safakish
TEL: 408-745-8158

CST Lab: NVLAP 100432-0
MX240, MX480, and MX960 3D Universal Edge Routers with the Multiservices MPC and Junos 14.2X4-D10.7
(Hardware Versions: MX240, MX480 and MX960 with components identified in Security Policy Table 1; Firmware Version: Junos 14.2X4-D10.7)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/28/2016Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3955, #3956 and #3957); CVL (Certs. #791 and #792); DRBG (Certs. #1157 and #1158); DSA (Certs. #1078 and #1079); ECDSA (Certs. #869 and #870); HMAC (Certs. #2575, #2576, #2577 and #2578); RSA (Certs. #2019 and #2020); SHS (Certs. #3261, #3262, #3263 and #3264); Triple-DES (Certs. #2166, #2167 and #2168);

-Other algorithms: ARCFOUR; BLOWFISH; CAST128; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); HMAC-MD5; HMAC-RIPEMD160; NDRNG; UMAC-128; UMAC-64

Multi-Chip Stand Alone

"The MX 3D Universal Edge Routers deliver high performance, reliability, and scale to enable a cost-effective solution. Key features include support for a wide range of L2/L3 VPN services and advanced broadband network gateway functions, along with integrated routing, switching and security services."
2689Kaminario
75 Second Avenue
6th Floor, Suite 620
Needham, MA 02494
USA

Mike Jochimsen
TEL: 1-925-915-0495

Mark Shteiman
TEL: 972-52-5222883

CST Lab: NVLAP 201029-0
Kaminario Encryption Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/27/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG

Multi-Chip Stand Alone

"The Kaminario Encryption Module is a standalone cryptographic module of the Kaminario K2 All Flash Array (AFA) product, the backbone of the modern data center. The module delivers core cryptographic functions and features robust algorithm support. Kaminario K2 offloads to the Cryptographic Module various crypto functions such as authentication, secure key management, data integrity, management traffic encryption and data at rest encryption."
2688iStorage Limited
iStorage House
13 Alpherton Lane, Perivale
Middlesex UB6 8DH
United Kingdom

John Michael
TEL: +44 (0)20 8991 6260
FAX: +44 (0)20 8991 6277

Lev Bolotin
TEL: 425-820-9929

CST Lab: NVLAP 200983-0
datAshur Pro 3.0
(Hardware Version: IS-FL-DA3-256-8; IS-FL-DA3-256-16; IS-FL-DA3-256-32; IS-FL-DA3-256-64; Firmware Version: Encryption Controller: MPALL_F1_6600_v384_0A-0002; Security Controller: v1.11; Software Version: N/A)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/26/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3749 and #3757); DRBG (Cert. #1032); HMAC (Cert. #2459); SHS (Cert. #3127); PBKDF (Vendor Affirmed)

-Other algorithms: NDRNG

Multi-Chip Stand Alone

"iStorage datAshur Secure USB Flash Drive (iStorage datAshur Pro 3.0 or datAshur) is an encrypted storage device that provides a secure way to store and transfer data. User authentication is self-contained via an onboard keypad. User data is protected by hardware-based 256-bit XTS-AES encryption to secure sensitive information in the event that the drive is lost or stolen.The data encryption key (DEK) and other cryptographic parameters are generated within the module on first use through the use of a NIST approved DRBG. The seed for the DRBG is also produced within the module from an NDRNG."
2687SyncDog, Inc.
1818 Library Street
Suite 500
Reston, VA 20190
USA

Jonas Gyllensvaan
TEL: 1-855-796-2364

CST Lab: NVLAP 201029-0
SyncDog Cryptographic Module
(Software Version: 2.5)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/25/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus
iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3
iOS 7 running on a iPad 3

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG

Multi-Chip Stand Alone

"The SyncDog Cryptographic Module provides validated cryptographic functions for SentinelSecure™ SentinelSecure secures data in transport and data at rest for all applications utilizing its security protocols. SentinelSecure provides a secure mobile communications platform and app containerization."
2686HPE Data Security
20400 Stevens Creek Blvd STE 500
Cupertino, CA 95014
USA

Luther Martin
TEL: 408-886-3255
FAX: 408-886-3201

CST Lab: NVLAP 200802-0
Voltage Cryptographic Module v.5.0
(Software Version: Version 5.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/19/2016
08/04/2016
08/22/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: CPU Intel(R) Core(TM) i7-3770 with AES-NI w/ CentOS Linux release 7.0.1406 running on Dell Optiplex 7010
CPU Intel(R) Core(TM) i7-3770 w/o AES-NI w/ CentOS Linux release 7.0.1406 running on Dell Optiplex 7010
CPU Intel Itanium 9300, model NB54000c w/ HP NonStop TNS/E J06.19.00 - OSS running on HP Integrity NonStop BladeSystem NB54000c
CPU Intel Xeon E5-2600 v2 with AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - OSS running on HP Integrity NonStop X NS7 X1
CPU Intel Itanium 9300, model NB54000c w/ HP NonStop TNS/E J06.19.00 - Guardian running HP Integrity NonStop BladeSystem NB54000c
CPU Intel Xeon E5-2600 v2 with AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - Guardian running on HP Integrity NonStop X NS7 X1
CPU Intel Xeon E5-2600 v2 w/o AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - OSS running HP Integrity NonStop X NS7 X1
CPU Intel Xeon E5-2600 v2 w/o AES-NI, model NS7 X1 w/ HP NonStop TNS/X L15.08.00 - Guardian running HP Integrity NonStop X NS7 X1
CPU Intel(R) Core(TM) i7-2600 with AES-NI w/ Windows Server 2012 R2 running on Dell Optiplex 790
CPU Intel(R) Core(TM) i7-2600 w/o AES-NI w/ Windows Server 2012 R2 running on Dell Optiplex 790 (single-user mode)

-FIPS Approved algorithms: ECDSA (Certs. #803, #806, #829, #845 and #846); DSA (Certs. #1042, #1044, #1050, #1059 and #1060); Triple-DES (Certs. #1915, #1916, #1917, #1918, #2091, #2117, #2137, #2138, #2169, #2208 and #2209); SHS (Certs. #2791, #2792, #2793, #2794, #3131, #3166, #3210 and #3211); AES (Certs. #3372, #3373, #3374, #3375, #3410, #3411, #3412, #3413, #3761, #3843, #3894, #3895, #3918, #4033 and #4034); HMAC (Certs. #2455, #2461, #2493, #2528 and #2529); RSA (Certs. #1730, #1731, #1732, #1733, #1935, #1963, #1984 and #1985); DRBG (Certs. #796, #797, #798, #799, #1033, #1088, #1114, and #1115); KBKDF (Certs. #63, #67, #68, #69, #76, #83, #87 and #88); CVL (Certs. #509, #510, #511, #512, #709, #732, #754 and #755); PBKDF (vendor affirmed);

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RNG; Dual EC DRBG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)

Multi-Chip Stand Alone

"The Voltage Cryptographic Module v.5.0 provides the Validated algorithms used by the HPE SecureMail, HPE SecureFile and HPE SecureData families of products."
2685SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131
USA

William Sandberg-Maitland
TEL: 613-298-3416
FAX: 408-392-0319

CST Lab: NVLAP 200802-0
SPYRUS USB-3 Module
(Hardware Version: SFP100000-1; SFP100000-2; SFP100000-3; SFP100000-4; SFP200000-1; SFP200000-2; SFP200000-3; SFP200000-4; SFP300000-1; SFP300000-2; SFP300000-3; SFP300000-4; Firmware Version: 3.0.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/19/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1772); AES (Certs. #3028 and #3406); KTS (AES Cert. #3115); ECDSA (Cert. #578); RSA (Cert. #1611); HMAC (Cert. #1913); SHS (Cert. #2529); CVL (Cert. #419); KAS (Cert. #52); DRBG (Cert. #658); KBKDF (Cert. #54)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-Chip Stand Alone

"The SPYRUS USB-3 Module provides multiple security functionalities in a single platform, including WindowsToGo, PKI support, Secure Mass Storage and conventional cryptographic token capabilities. This Module provides Suite-B algorithms that ensure the protection and integrity of User Data and application data on board."
2684Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 201029-0
Cisco C819 ISR, C880 ISR, C890 ISR, CGR 2010, C800M, ESR5921, and IR809
(Hardware Versions: C819G-4G-GA, C819G-4G-NA, C819G-4G-ST, C819G-4G-VZ, C819HG-4G-A, C819HG-4G-G, C819HG-4G-V, ESR5921, C881, C881G-4G-GA, C887VAG-4G-GA, C891F, C892FSP, C897VA, C897VAG-LTE-GA, C899G-LTE-GA, C899G-LTE-NA, C899G-LTE-ST, C899G-LTE-VZ, CGR 2010 [1], C841M-4X, C841M-8X, IR809G-LTE-VZ, IR809G-LTE-NA with GRWIC-ESM-8x [1] or GRWIC-ESM-4x [1]; Firmware Version: IOS 15.5M)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/19/2016Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2817 and #3625); CVL (Certs. #253 and #645); DRBG (Certs. #481 and #953); ECDSA (Certs. #493 and #752); HMAC (Certs. #1764 and #2377); RSA (Certs. #1471 and #1868); SHS (Certs. #2361 and #3043); Triple-DES (Certs. #1688 and #2020)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 to 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
2683Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 201029-0
Cisco Integrated Services Router (ISR) 891W, 1941W, 829W
(Hardware Versions: C891FW-A, C891FW-E, 1941W, IR829GW-LTE-NA-A, IR829GW-LTE-VZ-A; Firmware Versions: Router IOS 15.5M and AP IOS 15.3.3-JB)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/19/2016Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1791, #2343, #2817 and #3625); CVL (Certs. #253 and #645); DRBG (Certs. #481 and #953); ECDSA (Certs. #493 and #752); HMAC (Certs. #1452, #1764 and #2377); KBKDF (Certs. #49 and #86); RSA (Certs. #1471 and #1868); SHS (Certs. #2020, #2361 and #3043); Triple-DES (Certs. #1466 and #1688)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
2682Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 201029-0
Cisco Integrated Services Router (ISR) 1905 ISR, 1921 ISR, 1941 ISR, 2901 ISR, 2911 ISR, 2921 ISR, 2951 ISR, 3925 ISR, 3925E ISR, 3945 ISR, 3945E ISR, 5915 ESR and 5940 ESR
(Hardware Versions: 1905, 1921, 1941 [3], 2901 [4], 2911 [5], 2921 [6], 2951 [7], 3925 [8], 3945 [9], 3925E [10], 3945E [11], 5915, 5940 with PVDM2-8 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-16 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-32 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-48 [4, 5, 6, 7, 8, 9, 10, 11], PVDM2-64 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-16 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-32 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-64 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-128 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-192 [4, 5, 6, 7, 8, 9, 10, 11], PVDM3-256 [4, 5, 6, 7, 8, 9, 10, 11] and ISM-VPN-19 [3], ISM-VPN-29 [4, 5, 6, 7], ISM-VPN-39 [8, 9]; Firmware Version: IOS 15.5M)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/19/2016Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2343 and #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Certs. #1764 and #1452); RSA (Cert. #1471); SHS (Certs. # 2020 and #2361); Triple-DES (Certs. #1466 and #1688)

-Other algorithms: DES; Diffie-Hellman (CVL Cert. #252, key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #252, key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
2681Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® NetIron® CER 2000 Ethernet Routers and Brocade CES 2000 Routers and Switches
(Hardware Versions: {[BR-CER-2024C-4X-RT-AC (80-1006530-01), BR-CER-2024C-4X-RT-DC (80-1007213-01), BR-CER-2024F-4X-RT-AC (80-1006529-01), BR-CER-2024F-4X-RT-DC (80-1007212-01), RPS9 (80-1003868-01) and RPS9DC (80-1003869-02)], [BR-CES-2024C-4X-AC (80-1000077-01), BR-CES-2024C-4X-DC (80-1007215-01), BR-CES-2024F-4X-AC (80-1000037-01), BR-CES-2024F-4X-DC (80-1007214-01), RPS9 (80-1003868-01) and RPS9DC (80-1003869-02)]} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.8.00a)
(When operated in FIPS mode with the tamper evident labels installed as specified in Appendix A and configured as specified in Tables 4 and 8 and as per Section 9 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware07/15/2016Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2715 and #3143); SHS (Cert. #2280); RSA (Cert. #1411); HMAC (Cert. #1694); DRBG (Cert. #452); CVL (Certs. #173, #394 and #403); Triple-DES (Cert. #1632); HMAC-SHA-1-96 (HMAC Cert. #1694)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; HMAC-MD5; MD5; DES

Multi-Chip Stand Alone

"The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. These fixed-form routers can store a complete Internet table and are ideal for supporting a wide range of applications in Metro Ethernet, data center, and campus networks.The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor."
2680LG Electronics, Inc.
20 Yoido-dong
Youngdungpo-gu
Seoul 152-721
Republic of Korea

Joonwoong Kim
TEL: 82-10-2207-1919
FAX: 82-2-6950-2080

Adam Wick
TEL: 503-808-7216
FAX: 503-350-0833

CST Lab: NVLAP 100432-0
LG Kernel Cryptographic Module
(Software Versions: 3.4.0 [1] or 3.10.49 [2, 3])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/15/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: [1] Android 5.0.1 running on an LG G3 (Model VS985)
[2] Android 5.0.1 running on an LG G-Flex 2 (Model LGLS996)
[3] Android 5.1 running on an LG G4 (Model VS986) (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1875 and #1940); AES (Certs. #3290 and #3443); SHS (Certs. #2729 and #2843); HMAC (Certs. #2088 and #2192)

-Other algorithms: DES; Twofish; MD5; MD4; ARC4; GHASH; RNG

Multi-Chip Stand Alone

"The LG Kernel Cryptographic Module is a software library located within the operating system kernel providing a C-language application program interface (API) for use by user and kernel applications that require cryptographic functionality."
2679Gemalto SA
6, rue de la Verrerie - CS 20001
Meudon Cedex 92197
France

Gilles ROMME
TEL: +33 155015712
FAX: +33 155015170

Guennole Tripotin
TEL: +33 442365522
FAX: +33 442365236

CST Lab: NVLAP 100432-0
MultiApp V31 Platform
(Hardware Versions: NXP P60D080P VC (MPH132), NXP P60D144P VA (MPH149); Firmware Versions: MultiApp V31 patch 1.4, Demonstration Applet version V1.3)
(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/15/2016Overall Level: 3

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3543); CVL (Cert. #597); DRBG (Cert. #900); ECDSA (Cert. #721); KBKDF (Cert. #85); RSA (Certs. #1822 and #1823); SHS (Cert. #2921); Triple-DES (Cert. #1984); Triple-DES MAC (Triple-DES Cert. #1984, vendor affirmed)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); Triple-DES (Cert. #1984, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #3543, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single Chip

"The MultiApp ID smart cards are fully compliant with two major industry standards: Sun's Javacard 2.2.1 and Global Platform (GP) Card Specification version 2.1.1. They are therefore Java-GP cards, capable of managing applets in a controlled and secure manner in this multi-applet environment. This platform is delivered with a set of applet already loaded loaded in ROM and that can be installed if proper ordering options have been set."
2678EFJohnson Technologies
1440 Corporate Drive
Irving, TX 75038-2401
USA

Marshall Schiring
TEL: 402-479-8375
FAX: 402-479-8472

Josh Johnson
TEL: 402-479-8459
FAX: 402-479-8472

CST Lab: NVLAP 100432-0
Johnson Encryption Machine 2 (JEM2)
(Hardware Versions: P/Ns R035-3900-180-00 and R035-3900-280-01; Firmware Version: 4.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/15/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3436 and #3437); DRBG (Cert. #837); ECDSA (Cert. #692); HMAC (Cert. #2187); KTS (AES Cert. #3437); SHS (Cert. #2838)

-Other algorithms: AES-MAC (AES Cert. #3436, vendor affirmed; P25 AES OTAR); DES; NDRNG

Multi-Chip Embedded

"The EF Johnson Technologies Johnson Encryption Machine 2 (JEM2) is a cryptographic module meeting the FIPS140-2, Level 1 requirement. The JEM2 provides cryptographic operations to support Project 25 infrastructure. The JEM2 supports AES OTAR, AES Key Wrap, AES, ECDSA, DRBG, SHA-1, SHA-256, SHA-512, and HMAC FIPS Approved algorithms."
2677Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Gary Tomlinson
TEL: 408-962-6756
FAX: 408-745-9300

CST Lab: NVLAP 100432-0
SMA 6200 and SMA 7200
(Hardware Versions: P/Ns 101-500399-57 Rev A and 101-500398-57 Rev A; Firmware Version: SRA 10.7.2-619)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/15/2016Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: DRBG (Cert. #954); AES (Certs. #3626, #3627 and #3628); RSA (Certs. #1869 and #1870); Triple-DES (Certs. #2021, #2022 and #2023); SHS (Certs. #3044, #3045 and #3046); HMAC (Certs. #2378, #2379 and #2380); CVL (Certs. #646, #647, #648 and #649)

-Other algorithms: MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"Dell Software SMA 6200 and SMA 7200 are part of the Dell Security Solution Enterprise product family. They provide hardware appliance based VPN Virtual Private Network mobile access solutions to a wide variety of end user devices including Microsoft Windows, Apple OSX, Linux, Apple iOS and Google Android among others."
2676Cohesity, Inc.
451 El Camino Real
Suite 235
Santa Clara, CA 95050
USA

Vivek Agarwal
TEL: 415-690-7805

CST Lab: NVLAP 200427-0
Cohesity OpenSSL FIPS Object Module
(Software Version: 1.0.1)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #2398)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/11/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: CentOS 7.2 running on a Cohesity CS2500 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3967); CVL (Cert. #796); DRBG (Cert. #1162); DSA (Cert. #1081); ECDSA (Cert. #873); HMAC (Cert. #2585); RSA (Cert. #2027); SHS (Cert. #3271); Triple-DES (Cert. #2176)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); PRNG

Multi-Chip Stand Alone

"The Cohesity OpenSSL FIPS Object Module is a general purpose cryptographic module compiled from the source code for the OpenSSL FIPS Object Module ECP 2.0.12. It is incorporated into the CS2000 family of Cohesity Storage Systems."
2675Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 201029-0
Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs) & NCS 2000 Series
(Hardware Versions: [15454-M2-SA, 15454-M6-SA, NCS2002-SA, NCS2006-SA, NCS2015-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9, NCS2K-TNCS-O-K9, NCS2K-TNCS-K9, 15454-M-WSE-K9, NCS2K-MR-MXP-LIC, 15454-M-10X10G-LC, and NCS2K-200G-CK-LIC] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 10.5)
(When installed, initialized and configured as specified in Section 6 of the Security Policy with tamper evident seals installed as indicated in Section 5.6 of the Security Policy and when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/11/2016Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2352, #2369, #2769, #2770, #3770 and #3771); CVL (Certs. #750 and #751); DRBG (Certs. #1040 and #1041); HMAC (Certs. #2470 and #2471); KBKDF (Cert. #79); RSA (Certs. #1940 and #1941); SHS (Certs. #3140 and #3141); Triple-DES (Cert. #2098)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-Chip Stand Alone

"The Cisco ONS 15454 Multiservice Transport Platforms (MSTPs) and NCS 2000 Series provide capital and operational efficiency by addressing the increasing demand for multiple services, greater transport capacity, networking flexibility, multiple distance options, and management simplicity in a single platform."
2674Samsung Electronics Co., Ltd.
R5 416, Maetan 3-dong Yeongton-gu
Suwon-si, Gyeonggi 443-742
Korea

Brian Wood
TEL: +1-973-440-9125

JungHa Paik
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0
Samsung Kernel Cryptographic Module
(Software Version: SKC1.7)
(When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software07/11/2016Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Android Marshmallow 6.0.1 running on Samsung Galaxy S7 with PAA
Android Marshmallow 6.0.1 running on Samsung Galaxy S7 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3836 and #3837); SHS (Certs. #3160, #3161 and #3193); HMAC (Certs. #2487, #2488 and #2516); DRBG (Certs. #1082 and #1083)

-Other algorithms: DES; Twofish; MD5; krng; ARC4; Pcompress; CRC32c; Deflate; LZO; GHASH; GF128MUL; Triple-DES (non-compliant)

Multi-Chip Stand Alone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
2673MRV Communications Inc.
300 Apollo Dr.
Chelmsford, MA 01824
USA

Tim Bergeron
TEL: 978-674-6860

Phil Bellino
TEL: 978-674-6870

CST Lab: NVLAP 200427-0
LX-4000T Series Console Servers
(Hardware Versions: 600-R3265 RevB through 600-R3288 RevB (inclusive), 600-R3265 RevC through 600-R3288 RevC (inclusive), 600-R3265 RevD through 600-R3288 RevD (inclusive) and 600-R3265 RevE through 600-R3288 RevE (inclusive); Firmware Versions: LinuxITO Version: 6.1.0 and PPCiboot Version: 5.3.9)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy. The protocols IPsec, SNMP, SSH and TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/08/2016Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #3765); DRBG (Cert. #1035); DSA (Cert. #1046); SHS (Cert. #3134)

-Other algorithms: DES; EC Diffie-Hellman (non-compliant); HMAC-MD5; IKEv1 KDF (non-compliant); IKEv2 KDF (non-compliant); MD5; NDRNG; RSA (non-compliant); SNMP KDF (non-compliant); SSH KDF (non-compliant); TLS KDF (non-compliant)

Multi-Chip Stand Alone

"The LX-4000T Series Console Servers are a key component of MRV's Out-of-Band Network solution. Out-of-Band Networks provide secure remote service port access and remote power control to devices in an organization's networks and infrastructures. This nearly eliminates the need for physical presence at a device to correct problems or manage its everyday operation. MRV's Out-of-Band Network solution includes console servers, terminal servers, device servers, remote power control and management system, making the LX Series an ideal choice for secure remote access."
2672Information Assurance Specialists, Inc.
900 Route 168
Suite C4
Turnersville, NJ 08012
USA

William Morgan
TEL: 856-581-8033 Ext. 1006
FAX: 856-228-1265

Keiron Tomasso
TEL: 856-581-8033 Ext. 1001
FAX: 856-228-1265

CST Lab: NVLAP 100432-0
IAS Router
(Hardware Versions: P/Ns IAS STEW Rev 1.0, IAS KG-RU Rev 1.0 and IAS Router Micro Rev 1.0; Firmware Version: 50e8756 - 2015-11-24)
(When operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/07/2016Overall Level: 2

-Cryptographic Module Specification: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1935); AES (Cert. #3430); DRBG (Cert. #782); ECDSA (Cert. #663); HMAC (Cert. #2182); CVL (Certs. #493 and #523); RSA (Cert. #1756); KTS (vendor affirmed); SHS (Cert. #2830)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; MD5

Multi-Chip Stand Alone

"IAS Routers are purpose-built secure IP Routers/VPN Gateways designed to be small, lightweight, low power consumption, highly portable devices able to leverage a wide range of WAN connectivity options to allow secure communications back to a central site from nearly anywhere on the planet."
2671Duo Security, Inc.
123 North Ashley Street
Suite 200
Ann Arbor, MI 48104
USA

Duo Mobile Security

CST Lab: NVLAP 201029-0
Duo Security Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/07/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus

-FIPS Approved algorithms: AES (Cert. #2125); HMAC (Cert. #1296); DSA (Cert. #666); ECDSA (Cert. #319); RSA (Cert. #1094); SHS (Cert. #1849); Triple-DES (Cert. #1351); DRBG (Cert. #233); CVL (Cert. #28)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG

Multi-Chip Stand Alone

"The Duo Security Cryptographic Module is a cryptographic engine for mobile devices. The module delivers core cryptographic functions to Duo Security's Two-Factor Authentication mobile application."
2670Ceragon Networks, Ltd.
24 Raul Wallenberg St.
Tel Aviv 69719
Israel

Yoav Shilo

CST Lab: NVLAP 201029-0
FibeAir® IP-20C, FibeAir® IP-20S, FibeAir® IP-20N, FibeAir® IP-20A, FibeAir® IP-20G, and FibeAir® IP-20GX
(Hardware Versions: IP-20N, IP-20A, IP-20G, IP-20GX, IP-20C, IP-20S, IP-20-TCC-B-MC+SD-AF: 24-T009-1|A, IP-20-TCC-B2+SD-AF: 24-T010-1|A, IP-20-TCC-B2-XG-MC+SD-AF: 24-T011-1|A, IP-20-RMC-B-AF: 24-R010-0|A; Firmware Version: CeraOS 8.3)
(When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/04/2016Overall Level: 2

-Operational Environment: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3865 and #3867); CVL (Cert. #742); DRBG (Cert. #1099); HMAC (Cert. #2509); KTS (AES Cert. #3865 and HMAC Cert. #2509; key establishment methodology provides 256 bits of encryption strength); RSA (Cert. #1973); SHS (Certs. #3185)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement, key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD5; RC5; CRC32; CRC16; CRC7; ECDSA (non-compliant); DSA (non-compliant); NDRNG; AES (non-compliant)

Multi-Chip Stand Alone

"FibeAir IP-20 platform provides secured wireless backhaul solutions to deliver mission-critical multimedia services, 4G and other applications with high security and reliability. The platform provides multi gigabit wireless links in 4-86GHz frequency bands, supporting IP and TDM services in a wide range of topologies and network architectures."
2669INTEGRITY Security Services
7585 Irvine Center Drive
Suite 250
Irvine, CA 92618
USA

David Sequino
TEL: 206-310-6795
FAX: 978-383-0560

Douglas Kovach
TEL: 727-781-4909
FAX: 727-781-2915

CST Lab: NVLAP 100432-0
INTEGRITY Security Services High Assurance Embedded Cryptographic Toolkit
(Software Version: 3.0.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/30/2016
08/08/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: FreeRTOS 7.6 running on Cubic PU-4 (ST-Micro STM32F4xxx/ARM Cortex-M4)

-FIPS Approved algorithms: AES (Certs. #3773, #3774, #3775, #3776 and #3777); DRBG (Cert. # 1043); ECDSA (Cert. #812); CVL (Cert. #720); HMAC (Cert. #2473); RSA (Cert. #1943); SHS (Cert. #3143); PBKDF (vendor affirmed)

-Other algorithms: AES (Cert. #3773, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (shared secret computation provides 192 bits of encryption strength); EC Diffie-Hellman (shared secret computation provides between 112 and 256 bits of encryption strength); Triple-DES (non-compliant); MD5; HMAC-MD5

Multi-Chip Stand Alone

"Green Hills Software/INTERGRITY Security Services (ISS) ECT is a standards-based crypto toolkit providing a flexible framework to integrate encryption, digital signatures and other security mechanisms into a wide range of applications. ISS ECT is designed to support multiple cryptographic providers with a single common API, easily targeted to a variety of Operating Systems."
2668Motorola Solutions, Inc.
1303 East Algonquin Road
Schaumburg, IL 60196
USA

Dariusz Wolny

CST Lab: NVLAP 100432-0
Motorola Network Router (MNR) S6000
(Hardware Version: Base Unit P/N CLN1780L Rev F with Encryption Module P/N CLN8261D Rev NA; Firmware Version: GS-16.8.1.06)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/30/2016
08/29/2016
Overall Level: 1

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #173 and #3547); DRBG (Cert. #903); HMAC (Certs. #39, #2265 and #2266); RSA (Cert. #1827); SHS (Certs. #258 and #2926); Triple-DES (Certs. #275 and #1986); CVL (Certs. #603, #604 and #605)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; MD5; HMAC-MD5; HMAC-SHA-96 (non-compliant); DSA (non-compliant); RNG

Multi-Chip Stand Alone

"MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2667Micron Technology, LLC
Micron Technology
8000 S. Federal Way
Boise, ID 83716-9632
USA

Paul Barna
TEL: 208-492-1062

Michael Selzler
TEL: 720-494-5217

CST Lab: NVLAP 200427-0
Micron S650DC® SAS TCG Enterprise SSC Self-Encrypting Drive
(Hardware Versions: MTFDJAK400MBS-BAN16FCYYES / MTFDJAK400MBS-2AN16FCYY, MTFDJAK800MBS-BAN16FCYYES / MTFDJAK800MBS-2AN16FCYY, MTFDJAL1T6MBS-BAN16FCYYES / MTFDJAL1T6MBS-2AN16FCYY, MTFDJAL3T2MBS-BAN16FCYYES / MTFDJAL3T2MBS-2AN16FCYY; Firmware Version: MB13)
(When installed, initialized and configured as specified in Section 7 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/30/2016Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947 and #3441); DRBG (Cert. #62); HMAC (Certs. #1597 and #2190); KTS (AES Cert. #2947); PBKDF (vendor affirmed); RSA (Certs. #1021 and #1762); SHS (Certs. #1225 and #2841)

-Other algorithms: NDRNG

Multi-Chip Embedded

"The Micron Secure ® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Micron S650DC SAS SED model solid state drive. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption (AES-XTS), instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
2666Cambium Networks, Ltd.
Unit B2, Linhay Business Park, Eastern Road
Ashburton TQ13 7UP
UK

Mark Thomas
TEL: +44 1364 655586
FAX: +44 1364 655500

CST Lab: NVLAP 100432-0
PTP 700 Point to Point Wireless Ethernet Bridge
(Hardware Versions: P/Ns C045070B001A, C045070B002A, C045070B003A, C045070B004A, C045070B005A, C045070B006A, C045070B007A, C045070B008A, C045070B009A, C045070B010A, C045070B011A, C045070B012A, C045070B013A, C045070B014A, C045070B015A, C045070B016A, C045070B017A, C045070B018A, C045070B019A, C045070B020A, C045070B021A, C045070B022A, C045070B023A, C045070B024A, C045070B025A, C045070B026A, C045070B027A, C045070B028A, C045070B029A and C045070B030A; Firmware Version: 700-01-00-FIPS)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/29/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2594 and #2754); DRBG (Cert. #465); DSA (Cert. #842); HMAC (Cert. #1728); SHS (Cert. #2323); CVL (Certs. #202 and #203); KTS (AES Cert. #2754 and HMAC Cert. #1728; key establishment methodology provides 128 or 256 bits of encryption strength)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG

Multi-Chip Stand Alone

"The PTP 700 is deployed in pairs to create a wireless bridge between two Ethernet networks. The Module operates in licensed, lightly-licensed, and unlicensed frequency bands between 4400 MHz and 5875 MHz, in channel bandwidths up to 45 MHz, providing aggregate data rates up to 450 Mbit/s. The Module transmits and receives Ethernet frames as plaintext, and transmits and receives encrypted wireless signals. The Module is available in 24 different variants, consisting of combinations of physical format, regional variants, capacity variants and ATEX/HAZLOC units."
2665DocuSign, Inc.
221 Main St.
Suite 1000
San Francisco, CA 94105
USA

Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0
DocuSign Signature Appliance
(Hardware Versions: 7.0 and 8.0; Firmware Version: 8.0)
(When operated in FIPS mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/21/2016
07/25/2016
Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: CVL (Certs. #786 and #787); DRBG (Certs. #98, #1137 and #1138); HMAC (Certs. #2551, #2552, #2563 and #2564); KTS (Triple-DES Cert. #2160 and HMAC Cert. #2563; key establishment methodology provides 112 bits of encryption strength); KTS (Triple-DES Cert. #2161 and HMAC Cert. #2564; key establishment methodology provides 112 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #2005 and #2006); SHS (Certs. #3237, #3238, #3248 and #3249); Triple-DES (Certs. #2155, #2156 #2160 and #2161); Triple-DES MAC (Triple-DES Certs. #2155 and #2156, vendor affirmed)

-Other algorithms: HMAC (non-compliant); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA-RESTful-TLS (key wrapping; non-compliant); SHS (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The DocuSign Signature Appliance is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to the appliance from their PC for the purpose of signing documents and data."
2664Advanced Card Systems Ltd.
Units 2010-2013, 20/F Chevalier Commercial Centre
8 Wang Hoi Road Kowloon Bay
Hong Kong

Andrew Chan
TEL: +852-27967873
FAX: +852-27961286

CST Lab: NVLAP 200427-0
ACOS5-64
(Hardware Version: ACOS5-64; Firmware Version: 3.00)
(When installed, initialized and configured as specified in the Security Policy Section Secure Initialization. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/20/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3539); CVL (Cert. #591); DRBG (Cert. #893); RSA (Cert. #1816); SHS (Cert. #2917); Triple-DES (Cert. #1982); Triple-DES MAC (Triple-DES Cert. #1982, vendor affirmed)

-Other algorithms: NDRNG; Triple-DES (Cert. #1982, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single Chip

"ACOS5-64 is a hardware cryptographic module validated against FIPS 140-2 at Security Level 3. It is a two-factor authentication smart card module. It provides digital signature creation/verification for online authentication and data encryption/decryption for online transactions."
2663Palo Alto Networks
4401 Great America Parkway
Santa Clara, CA 95054
USA

Jake Bajic
TEL: 408-753-4000

Amir Shahhosseini
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls
(Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B with 910-000028-00B Rev. B [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6] and 920-000112-00A Rev. A [7]; Firmware Version: 6.0.13)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/20/2016
06/23/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3931 and #3932); RSA (Certs. #2008 and #2009); HMAC (Certs. #2554 and #2555); DRBG (Certs. #1140 and 1141); SHS (Certs. #3241 and #3242); CVL (Certs. #782 and 783)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES

Multi-Chip Stand Alone

"The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications."
2662LG Electronics, Inc.
20 Yoido-dong
Youngdungpo-gu
Seoul 152-721
Republic of Korea

Adam Wick
TEL: 503-808-7216
FAX: 503-350-0833

Wonchan Chun
TEL: 82-2-6950-4945
FAX: 82-2-6950-2081

CST Lab: NVLAP 100432-0
LG Framework Cryptographic Module
(Software Version: 1.0.0)
(When operated in FIPS mode. The protocol TLS shall not be used when operated in FIPS mode. No assurance of the minimum strength of generated keys. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/17/2016Overall Level: 1

-Physical Security: N/A
-Operational Environment: Android 5.0.1 running on an LG G3 (Model VS985)
Android 5.0.1 running on an LG G Flex 2 (Model LGLS996) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3289); DRBG (Cert. #748); DSA (Cert. #943); HMAC (Cert. #2087); RSA (Cert. #1683); SHS (Cert. #2728); Triple-DES (Cert. #1874)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); PRNG; ECDSA (non-compliant); TLS KDF (non-compliant)

Multi-Chip Stand Alone

"The LG Framework Cryptographic Module is a software library that provides cryptographic functionality."
2661Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Bob Pittman
TEL: 978-264-5211
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HPE 6125XLG Blade Switches
(Hardware Version: HPE 6125XLG; Firmware Version: 7.1.045)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/16/2016Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2943 and #2990); CVL (Cert. #341); DRBG (Cert. #546); DSA (Cert. #875); HMAC (Certs. #1866 and #1896); RSA (Cert. #1546); SHS (Certs. #2479 and #2511)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

"The HPE Networking device is suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The device includes fixed-port L2/L3 managed Ethernet switch appliances. This device is based on the Comware 7.1 platform."
2660Samsung Electronics Co., Ltd.
275-18, Samsung 1-ro
Hwaseong-si, Gyeonggi-do 445-330
Korea

Jisoo Kim
TEL: 82-31-3096-2832
FAX: 82-31-8000-8000(+62832)

CST Lab: NVLAP 200802-0
Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series
(Firmware Versions: CXP2 [1], NA01 [2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/16/2016
07/22/2016
Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3213); ECDSA (Cert. #595); SHS (Cert. #2660); DRBG (Cert. #121)

-Other algorithms: NDRNG

Multi-Chip Stand Alone

"Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series, is a FIPS 140-2 Level 2 SSD (Solid State Drive), supporting TCG Enterprise SSC based SED (Self-Encrypting Drive) features, designed to protect unauthorized access to the user data stored in its NAND Flash memories. The built-in AES HW engines in the cryptographic module’s controller provide on-the-fly encryption and decryption of the user data without performance loss. The SED’s nature also provides instantaneous sanitization of the user data via cryptographic erase."
2659L-3 Communications, Aviation Recorders
100 Cattlemen Road
Sarasota, Florida 34232
USA

Tom Fields
TEL: 941-377-5540
FAX: 941-377-5591

Robert S. Morich
TEL: 941-371-0811, x5774
FAX: 941-377-5591

CST Lab: NVLAP 200002-0
eSRVIVR(r) Cockpit Voice and Flight Data Recorder (CVFDR) Encryption Module
(Firmware Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware06/16/2016Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: eSRVIVR® Cockpit Voice and Flight Data Recorder (Hardware version: 1493200-3000) with Nucleus PLUS 1.15.6

-FIPS Approved algorithms: AES (Cert. #3754)

-Other algorithms: N/A

Multi-Chip Embedded

"A software-based AES implementation in a Cockpit Voice and Flight Data Recorder (CVFDR) that supports 128, 192, and 256 bit key lengths. Various data types can be selected for encryption prior to being recorded in a crash-protected module."
2658Rubrik Inc.
299 South California Avenue
Suite 250
Palo Alto, CA 94046
USA

Rubrik Support

CST Lab: NVLAP 201029-0
Rubrik Cryptographic Library
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. This validation entry is a non-security relevant modification to Cert. #2038.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/15/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
CentOS 6.3 on a GigaVUE-TA1
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG

Multi-Chip Stand Alone

"The Rubrik Cryptographic Library provides FIPS 140-2 validated cryptographic functions (including Suite B algorithms) for Rubrik’s Hybrid Appliances."
2657Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Rezník
TEL: +420-532-294-645

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux libgcrypt Cryptographic Module v4.0
(Software Version: 4.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software06/13/2016Overall Level: 1

-Physical Security: N/A
-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A
Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3643, #3644, #3645, #3646, #3647, #3648 and #3649); Triple-DES (Certs. #2030, #2031, #2032, #2033 and #2034); SHS (Certs. #3062, #3063, #3064, #3065 and #3066); RSA (Certs. #1879, #1880, #1881, #1882 and #1883); DSA (Certs. #1017, #1018, #1019, #1020 and #1021); HMAC (Certs. #2395, #2396, #2397, #2398 and #2399); DRBG (Certs. #972, #973, #974, #975, #976, #977, #978, #979 and #980)

-Other algorithms: ARC4; Blowfish; Camellia; Cast5; CRC32; CSPRNG; DES; El Gamal; Gost; IDEA; MD4; MD5; OpenPGP S2K Salted and Iterated/salted; RC2; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Serpent; Tiger; Twofish; Whirlpool

Multi-Chip Stand Alone

"The libgcrypt FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the libgcrypt library delivered with RHEL 7.1."
2656Motorola Solutions, Inc.
1303 East Algonquin Road
Schaumburg, IL 60196
USA

Dariusz Wolny

CST Lab: NVLAP 100432-0
Motorola GGM 8000 Gateway
(Hardware Versions: Base Unit P/N CLN1841E Rev AB with FIPS Kit P/N CLN8787A Rev B and Power Supply P/N CLN1850A Rev G (AC) or P/N CLN1849A Rev H (DC); Firmware Version: KS-16.8.1.06)
(When operated in FIPS mode with tamper labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/09/2016
07/06/2016
08/29/2016
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #962 and #3547); DRBG (Cert. #903); HMAC (Certs. #1487, #2265 and #2266); CVL (Certs. #603, #604 and #605); RSA (Cert. #1827); SHS (Certs. #933 and #2926); Triple-DES (Certs. #757 and #1986)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; MD5; HMAC-MD5; HMAC-SHA-1-96 (non-compliant); DSA (non-compliant); RNG

Multi-Chip Stand Alone

"GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2655Nuvoton Technology Corporation
4, Creation Road III
Hsinchu Science Park
Taiwan

Yossi Talmi
TEL: +972-9-9702364

CST Lab: NVLAP 200556-0
NPCT6XX TPM 1.2
(Firmware Versions: 5.81.0.0, 5.81.1.0, 5.81.2.1)
(When operated in FIPS mode and installed, initialized, and configured as specified in the Security Policy Section 8)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/09/2016
08/19/2016
Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3093 and #3468); RSA (Certs. #1582 and #1779); HMAC (Certs. #1938 and #2213); SHS (Certs. #2554 and #2863); CVL (Certs. #373 and #535)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; AES (Certs. #3093 and #3468, key wrapping); RNG

Single Chip

"Nuvoton NPCT6XX TPM 1.2 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation."
2654Broadcom Ltd.
3151 Zanker Road
San Jose, CA 95134
USA

Gary Goodman
TEL: 408-922-1092
FAX: 408-922-1023

Alfonso Ip
TEL: 408-922-1023
FAX: 408-922-8050

CST Lab: NVLAP 100432-0
BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0
(Hardware Versions: P/Ns BCM58101B0, BCM58102B0 and BCM58103B0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/07/2016
06/13/2016
Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3762 and 3763); HMAC (Cert. #2462); SHS (Cert. #3132); DRBG (Cert. #1034); ECDSA (Cert. #807); DSA (Cert. #1045); RSA (Cert. #1936)

-Other algorithms: EC Diffe-Hellman (key agreement; key establishment methodology provides 128-bits of encryption strength); NDRNG

Single Chip

"Highly integrated, low power, security processor."
2653Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco Adaptive Security Appliance (ASA) Virtual
(Software Version: 9.4.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/06/2016
08/15/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: ASA Virtual 9.4 on VMware ESXi 5.5 running on Cisco C220 M3
ASA Virtual 9.4 on VMware ESXi 5.5 running on Cisco E180D M2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3911); CVL (Cert. #772); DRBG (Cert. #1126); ECDSA (Cert. #854); HMAC (Cert. #2540); RSA (Cert. #1995); SHS (Cert. #3223); Triple-DES (Cert. #2147)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA Virtual Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
2652Vormetric, Inc.
2860 Junction Ave
San Jose, CA 95134
USA

Peter Tsai
TEL: (669) 770-6927
FAX: (408) 844-8638

Steve He
TEL: (669) 770-6852
FAX: (408) 844-8638

CST Lab: NVLAP 200002-0
Vormetric Data Security Manager Module
(Hardware Version: 3.0; Firmware Version: 5.3.0)
(When Operated in FIPS mode. The protocol SSH shall not be used when operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/06/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3499 and #3536); SHS (Certs. #2887, #2914 and #2915); HMAC (Certs. #2234, #2259 and #2260); RSA (Cert. #1796); ECDSA (Cert. #712); DRBG (Cert. #869); CVL (Certs. #589 and #590); KTS (AES Cert. #3499 and HMAC Cert. #2234)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); Triple-DES (non-compliant); MD5; Aria; SSH KDF (non-compliant); NDRNG

Multi-Chip Stand Alone

"The Vormetric Data Security Server is a multi-chip standalone cryptographic module. The Vormetric Data Security Server is the central point of management for the Vormetric Data Security product. It manages keys and policies, and controls Vormetric Transparent Encryption Agents. These agents contain the Vormetric Encryption Expert Cryptographic Module, which has been validated separately from this module."
2651Huawei Technologies Co., Ltd.
Huawei Industrial Base, Bantian Longgang
Shenzhen, Guangdong 518129
China

blue.li@huawei.com
TEL: 0086-0755-28976679
FAX: 0086-0755-28976679

CST Lab: NVLAP 200856-0
Huawei FIPS Cryptographic Library (HFCL)
(Software Version: V300R003C22SPC805)
(When installed, initialized and configured as specified in the Security Policy Section 6.1. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/03/2016Overall Level: 2

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: DELL PowerEdge T110 II Intel Pentium w/ RHEL 5.3 evaluated at EAL4

-FIPS Approved algorithms: AES (Cert. #3477); Triple-DES (Cert. #1960); DSA (Cert. #984); RSA (Cert. #1785); ECDSA (Cert. #707); SHA (Cert. #2872); DRBG (Cert. #857); HMAC (Cert. #2221); CVL (Certs. #551 and #552)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength)

Multi-Chip Stand Alone

"Huawei FIPS Cryptographic Library (HFCL) is a software cryptographic module which provides FIPS approved Cryptographic functions to consuming applications via an Application Programming Interface (API)."
2650Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco ASA Service Module (SM)
(Firmware Version: 9.4.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/02/2016
08/15/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2050, #2444 and #3439); CVL (Cert. #525); DRBG (Certs. #332 and #838); ECDSA (Cert. #693); HMAC (Certs. #1247 and #2188); RSA (Cert. #1760); SHS (Certs. #1794 and #2839); Triple-DES (Certs. #1321 and #1937)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The Cisco ASA Service Module (SM) provides comprehensive security, performance, and reliability for network environments of all sizes."
2649Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® ICX ™ 6610 and ICX 7450 Series
(Hardware Versions: {ICX6610-24F-I (80-1005350-04), ICX6610-24F-E (80-1005345-04), ICX6610-24-I (80-1005348-05), ICX6610-24-E (80-1005343-05), ICX6610-24P-I (80-1005349-06), ICX6610-24P-E (80-1005344-06), ICX6610-48-I (80-1005351-05), ICX6610-48-E (80-1005346-05), ICX6610-48P-I (80-1005352-06), ICX6610-48P-E (80-1005347-06), ICX7450-24 (80-1008060-01), ICX7450-24P (80-1008061-01), ICX7450-48 (80-1008062-01), ICX7450-48P (80-1008063-01), ICX7450-48F (80-1008064-01), with Components (80-1005261-04; 80-1005259-04; 80-1005262-03; 80-1005260-03; 80-1007165-03; 80-1007166-03; 80-1008334-01; 80-1008333-01; 80-1008332-01; 80-1008331-01; 80-1008308-01; 80-1008309-01; 123400000829A-R01; 123400000830A-R01; 123400000833A-R01)} with FIPS Kit XBR-000195 (80-1002006-02); Firmware Version: IronWare R08.0.30b)
(When operated in FIPS mode with tamper evident labels installed and with configurations as defined in Table 5 of the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/27/2016
07/14/2016
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1197, #1269, #1276, #2697, #2981, #2984, #3008, #3139, #3142 and #3438); KTS (AES Certs. #2984 and #3438; key establishment methodology provides 128 bits of encryption strength); SHS (Certs. #2265 and #2505); HMAC (Certs. #1679 and #1890); DRBG (Certs. #442 and #569); RSA (Certs. #1396 and #1565); CVL (Certs. #161, #362, #386, #388, #390 and #400); KBKDF (Certs. #36 and #58); Triple-DES (Certs. #1617 and #1764); DSA (Certs. #819 and #887)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; HMAC-MD5; DES; DSA (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. The Brocade 7450 Switch delivers the performance and scalability required for enterprise Gigabit Ethernet (GbE) access deployments."
2648NetApp, Inc.
495 E. Java Drive
Sunnyvale, CA 94089
USA

CST Lab: NVLAP 201029-0
NetApp Cryptographic Security Module
(Software Version: 1.0)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/27/2016
06/10/2016
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: SUSE Linux 11 operating on Fujitsu RX300-S6 Server with Intel Xeon
SUSE Linux 11 operating on Fujitsu RX200S5 Server with Intel Xeon
FreeBSD 9.1 operating on Fujitsu RX300-S6 Server with Intel Xeon
FreeBSD 9.1 operating on Fujitsu RX200S5 Server with Intel Xeon
Debian Linux 8 operating on Fujitsu RX300-S6 Server with Intel Xeon
Debian Linux 8 operating on Fujitsu RX200S5 Server with Intel Xeon
Scientific Linux 6.1 operating on Fujitsu RX300-S6 Server with Intel Xeon
Scientific Linux 6.1 operating on Fujitsu RX200S5 Server with Intel Xeon.

-FIPS Approved algorithms: AES (Cert. #3593); CVL (Cert. #615); DRBG (Cert. #928); DSA (Cert. #998); ECDSA (Cert. #732); HMAC (Cert. #2290); RSA (Cert. #1847); SHS (Cert. #2955); Triple-DES (Cert. #2000)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #615, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-Chip Stand Alone

"The NetApp Cryptographic Security Module is a software library that provides cryptographic services to a vast array of NetApp's storage and networking products."
2647SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131
USA

William Sandberg-Maitland
TEL: 613-298-3416
FAX: 408-392-0319

CST Lab: NVLAP 200802-0
SPYCOS® 3.0 QFN
(Hardware Version: 742100004F; Firmware Version: 3.0.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/25/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1772); AES (Certs. #3028 and #3115); KTS (AES Cert. #3115; key establishment methodology provides between 128 and 256 bits of encryption strength); ECDSA (Cert. #578); RSA (Cert. #1611); HMAC (Cert. # 1913); SHS (Cert. #2529); CVL (Cert. #419); KAS (Cert. #52); DRBG (Cert. #658)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Single Chip

"SPYCOS® 3.0 is a hardware encryption engine in QFN form factor supporting Suite B functionality that is ideal for embedded and secure flash storage applications."
2646Samsung Electronics Co., Ltd.
R5 416, Maetan 3-dong Yeongton-gu
Suwon-si, Gyeonggi 443-742
Korea

Bumhan Kim
TEL: +82-10-9397-1589

Brian Wood
TEL: +1-973-440-9125

CST Lab: NVLAP 200658-0
Samsung Flash Memory Protector V1.1
(Hardware Version: 3.0.1; Software Version: 1.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software-Hybrid05/13/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: Android Marshmallow 6.0.1 running on Samsung Galaxy S7 edge (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3839); SHS (Cert. #3163); HMAC (Cert. #2490)

-Other algorithms: N/A

Multi-Chip Stand Alone

"The driver for the on-the-fly Hardware encryption module to flash memory for Disk/File Encryption solution. The Harware module supports AES with CBC mode and XTS-AES cryptographic services."
2645Harris Corporation
RF Communications Division
1680 University Avenue
Rochester, NY 14610
USA

Steven Ruggieri
TEL: 585-239-7806
FAX: 585-241-8159

CST Lab: NVLAP 200928-0
RF-7800W Broadband Ethernet Radio
(Hardware Versions: RF-7800W-OU50x, OU47x and OU49x; Firmware Version: 4.10)
(When installed, initialized and configured as specified in Section 3.1 of the Security Policy and the tamper evident seals installed as indicated in Section 2.4 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3530 and #3581); Triple-DES (Cert. #1993); DRBG (Cert. #920); SHS (Cert. #2943); HMAC (Cert. #2281); RSA (Cert. #1842); DSA (Cert. #994); KAS (Cert. #69); CVL (Cert. #609)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-Chip Stand Alone

"The RF-7800W(-OU47x,-OU49x,-OU50x) Broadband Ethernet Radio(BER) is designed for High Capacity Line of Sight (HCLOS) networks with broadband Ethernet requirements. The radio can be mounted on a mast for quick deployment or on a tower system and is designed for long haul backbone systems. The BER operates in the 4.4 - 5.8 GHz frequency band. The BER is an ideal wireless networking solution for public safety, first responders, training and simulation networks and long haul/short haul battlefield communications. The RF-7800W operates in Point-to-Point and Point to Multipoint in the same platform."
2644Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+
(Hardware Versions: nC4033E-010, nC4433E-500, nC4433E-6K0, nC4433E-500N, nC4433E-1K5N and nC4433E-6K0N, Build Standard N; Firmware Version: 2.61.2-3)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

"The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+, nShield F3 6000+ for nShield Connect+ are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed."
2643Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F2 500+, nShield F2 1500+ and nShield F2 6000+
(Hardware Versions: nC3423E-500, nC3423E-1K5 and nC3423E-6K0, Build Standard N; Firmware Version: 2.61.2-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

"The nShield modules: nShield F2 500+, nShield F2 1500+, nShield F2 6000+ are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed."
2642Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
MiniHSM, MiniHSM for nShield Edge F2, and MiniHSM for Time Stamp Master Clock
(Hardware Versions: nC4031Z-10, nC3021U-10, and TSMC200, Build Standard N; Firmware Version: 2.61.1-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3419); CVL (Cert. #515); DRBG (Cert. #824); DSA (Cert. #963); ECDSA (Cert. #686); HMAC (Cert. #2177); KBKDF (Cert. #57); KTS (AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1751); SHS (Cert. #2825); Triple-DES (Cert. #1930); Triple-DES MAC (Triple-DES Cert. #1930, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

"The MiniHSM, MiniHSM for nShield Edge F2 and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
2641Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F2 6000e, nShield F2 1500e, nShield F2 500e and nShield F2 10e
(Hardware Versions: nC3023E-6K0, nC3023E-1K5, nC3023E-500 and nC3023E-010, Build Standard N; Firmware Version: 2.61.2-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

"The nShield modules: nShield F2 10e, nShield F2 500e, nShield F2 1500e, nShield F2 6000e are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed."
2640Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F3 6000e, nShield F3 1500e, nShield F3 500e, nShield F3 10e, nShield F3 6000e for nShield Connect, nShield F3 1500e for nShield Connect and nShield F3 500e for nShield Connect
(Hardware Versions: nC4033E-6K0, nC4033E-1K5, nC4033E-500, nC4033E-010, nC4033E-6K0N, nC4033E-1K5N and nC4033E-500N, Build Standard N; Firmware Version: 2.61.2-3)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3419); CVL (Certs. #516 and #532); DRBG (Cert. #824); DSA (Cert. #963); ECDSA (Cert. #686); HMAC (Cert. #2177); KBKDF (Cert. #57); KTS (AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1751); SHS (Cert. #2825); Triple-DES (Cert. #1930); Triple-DES MAC (Triple-DES Cert. #1930, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

"The nShield modules: nShield F3 10e, nShield F3 500e, nShield F3 1500e, nShield F3 6000e, nShield F3 500e for nShield Connect, nShield F3 1500e for nShield Connect, nShield F3 6000e for nShield Connect are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed."
2639Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
MiniHSM, MiniHSM for nShield Edge F3, and MiniHSM for Time Stamp Master Clock
(Hardware Versions: nC4031Z-10, nC4031U-10 and TSMC200, Build Standard N; Firmware Version: 2.61.1-3)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3419); CVL (Cert. #515); DRBG (Cert. #824); DSA (Cert. #963); ECDSA (Cert. #686); HMAC (Cert. #2177); KBKDF (Cert. #57); KTS (AES Cert. #3419; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1751); SHS (Cert. #2825); Triple-DES (Cert. #1930); Triple-DES MAC (Triple-DES Cert. #1930, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #515, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1930, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

"The MiniHSM, MiniHSM for nShield Edge F3 and MiniHSM for Time Stamp Master Clock are fully featured HSMs supplied in a single chip package. The MiniHSM Modules offer all the security and key management features of other nShield modules - but with reduced processing speed. The MiniHSM modules are OEM parts and will be included within other appliances or products, for example switches or routers. The MiniHSM modules have a real time clock which also makes them suitable for use as a time-stamping engine."
2638Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0
nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+
(Hardware Versions: nC4033E-010, nC4433E-500, nC4433E-6K0, nC4433E-500N, nC4433E-1K5N and nC4433E-6K0N, Build Standard N; Firmware Version: 2.61.2-2)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy. The protocol TLS shall not be used when operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3420 and #3446); CVL (Certs. #516 and #532); DRBG (Cert. #825); DSA (Cert. #964); ECDSA (Cert. #695); HMAC (Cert. #2178); KBKDF (Cert. #56); KTS (AES Cert. #3446; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1752); SHS (Cert. #2826); Triple-DES (Cert. #1931); Triple-DES MAC (Triple-DES Cert. #1931, vendor affirmed)

-Other algorithms: ARC4; Aria; Camellia; CAST-256; DES; Diffie-Hellman (CVL Cert. #516, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #532, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); El-Gamal; HAS-160; HMAC-MD5; HMAC-RIPEMD160; HMAC-Tiger; KCDSA; MD5; NDRNG; RIPEMD-160; RSA (encrypt/decrypt); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Tiger; TLS KDF (non-compliant); Triple-DES (Cert. #1931, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

"The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+, nShield F3 6000+ for nShield Connect+ are tamper evident and tamper responsive Hardware Security Modules which provide support for the widest range of cryptographic algorithms, application programming interfaces (APIs) and host operating systems, enabling the devices to be used with virtually any business application. The units are identical in operation and only vary in the processing speed."
2637Palo Alto Networks
4401 Great America Parkway
Santa Clara, CA 95054
USA

Richard Bishop
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 Firewalls
(Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6], PA-5060 P/N 910-000008-00F Rev. F [6] and PA-7050 P/N 910-000102-00B Rev. B with 910-000028-00B or 910-000117-00A Rev. B [7]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5], 920-000037-00A Rev. A [6], and 920-000112-00A Rev. A [7]; Firmware Versions: 7.0.1-h4 and 7.0.3)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3475); ECDSA (Cert. #713); RSA (Cert. #1782); HMAC (Cert. #2220); SHS (Cert. #2870); DRBG (Cert. #870); CVL (Certs. #564, #565, #566 and #567)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 bits or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #3475, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RIPEMD; Camellia; SEED; Triple-DES (non-compliant); Blowfish; CAST; RC4; UMAC; HMAC-MD5; HMAC-RIPEMD; DSA (non-compliant)

Multi-Chip Stand Alone

"The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, PA-5000 Series and PA-7050 firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security polices - safely enabling organizations to adopt new applications."
2636Redline Communications
302 Town Centre Blvd.
4th Foor
Markham, ON L3R 0E8
Canada

Andrew Spurgeon
TEL: 905-479-8344
FAX: 905-479-5331

CST Lab: NVLAP 200928-0
RDL-3000 and eLTE-MT
(Hardware Versions: RDL-3000, eLTE-MT; Firmware Version: 3.1)
(When installed, initialized and configured as specified in Section 3.1 of the Security Policy and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/13/2016Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3469 and #3472); DRBG (Cert. #854); SHS (Certs. #2866 and #2867); HMAC (Certs. #2216 and #2217); RSA (Cert. #1780); DSA (Cert. #981); KAS (Cert. #63); ECDSA (Cert. #703); CVL (Cert. #541)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The RDL-3000, Elte-MT Broadband Wireless Systems by Redline Communications leverage proven orthogonal frequency-division multiplexing (OFDM) technology to deliver high-speed Ethernet throughput over wireless links."
2635Ciena® Corporation
7035 Ridge Road
Hanover, MD 21076
USA

Patrick Scully
TEL: 613-670-3207

CST Lab: NVLAP 200928-0
Ciena 6500 Packet-Optical Platform 4x10G
(Hardware Versions: 2.0 and 3.0)
(When installed, initialized and configured as specified in Section 3.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016
08/15/2016
Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3599 and #3600); Triple-DES (Cert. #2004); SHS (Cert. #2962); HMAC (Cert. #2297); DRBG (Cert. #933); RSA (Cert. #1851); ECDSA (Cert. #735); CVL (Cert. #623)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG

Multi-Chip Embedded

"The 6500 Packet Optical Platform 4x10G OTR with encryption card offers an integrated and protocol agnostic transport encryption solution in a high density form factor. With 4 independent AES-256 10G encryption engines, this ultra-low latency wirespeed encryption solution is designed for deployments within enterprises of all sizes, government agencies and datacenters, whether as standalone encryption solution or as part of a service provider managed service offering."
2634Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0
Seagate Secure® TCG Enterprise SSC 1200.2 SSD Self-Encrypting Drive
(Hardware Versions: ST400FM0293, ST800FM0213, ST1600FM0023 and ST3200FM0043; Firmware Version: 3504)
(When installed, initialized and configured as specified in Section 7 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/13/2016Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1343, #2841, #2947 and #3441); DRBG (Cert. #62); HMAC (Certs. #1597 and #2190); KTS (AES Cert. #2947); PBKDF (vendor affirmed); RSA (Certs. #1021 and #1762); SHS (Certs. #1225 and #2841)

-Other algorithms: NDRNG

Multi-Chip Embedded

"The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140-2 Module is embodied in Seagate 1200.2 SSD SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
2633Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Rezník
TEL: +420-532-294-645

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux OpenSSH Client Cryptographic Module
(Software Version: 4.0)
(When operated in FIPS mode with module Red Hat Enterprise Linux 7.1 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software05/12/2016
06/17/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A
Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode)

-FIPS Approved algorithms: CVL (Certs. #700, #701 and #702)

-Other algorithms: N/A

Multi-Chip Stand Alone

"The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 7.1. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
2632Dell Software, Inc.
5450 Great America Pkwy
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

Usha Sanagala

CST Lab: NVLAP 100432-0
Dell SonicWALL SM 9800
(Hardware Versions: P/N 101-500380-71, Rev. A; Firmware Version: SonicOS v6.2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/12/2016Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3403); Triple-DES (Cert. #1925); SHS (Cert. #2816); DSA (Cert. #960); RSA (Cert. #1742); HMAC (Cert. #2171); DRBG (Cert. #815); CVL (Cert. #503)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; NDRNG; MD5; RC4; RSA (non-compliant)

Multi-Chip Stand Alone

"The Dell SonicWALL™ SuperMassive™ Series is Dell's Next-Generation Firewall (NGFW) platform designed for large networks to deliver scalability, reliability and deep security at multi-gigabit speeds with near zero latency."
2631Intel Corporation
2200 Mission College Blvd.
Santa Clara, CA 95054-1549
USA

Mark Hanson
TEL: 651-628-1633

CST Lab: NVLAP 200928-0
Intel OpenSSL FIPS Object Module
(Software Versions: 2.0.5 and 2.0.8)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/03/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Linux 3.10 on VMware ESXi 6.00 running on Intel Xeon with PAA (gcc Compiler Version 4.8.3)
Linux 3.10 on Vmware ESXi 6.00 running on Intel Xeon without PAA (gcc Compiler Version 4.8.3)
Linux 3.10 running on Intel Xeon with PAA (gcc Compiler Version 4.8.3)
Linux 3.10 running on Intel Xeon without PAA (gcc Compiler Version 4.8.3)

-FIPS Approved algorithms: AES (Certs. #3848 and #3849); DRBG (Certs. #1092 and #1093); DSA (Certs. #1051 and #1052); HMAC (Certs. #2496 and #2497); RSA (Certs. #1965 and #1966); SHS (Certs. #3170 and #3171); Triple-DES (Certs. #2119 and #2120); ECDSA (Certs. #831 and #832); CVL (Certs. #735 and #736)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG (non-compliant); Dual EC DRBG

Multi-Chip Stand Alone

"The Intel OpenSSL FIPS Object Module provides cryptographic services for Intel Security products."
2630Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Rezník
TEL: +420-532-294-645

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux OpenSSH Server Cryptographic Module
(Software Version: 4.0)
(When operated in FIPS mode with module Red Hat Enterprise Linux 7.1 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software05/02/2016
06/17/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 7.1 running on ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 7.1 running on IBM Power8 Little Endian 8286-41A
Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode)

-FIPS Approved algorithms: CVL (Certs. #700, #701 and #702)

-Other algorithms: N/A

Multi-Chip Stand Alone

"The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 7.1. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
2629Zebra Technologies, Corp.
475 Half Day Road
Suite 500
Lincolnshire, IL 60069
USA

Brian Stormont
TEL: 401-276-5751
FAX: 401-276-5889

Gerry Corriveau
TEL: 401-276-5667
FAX: 401-276-5889

CST Lab: NVLAP 100432-0
ZBR-88W8787-WLAN
(Hardware Versions: P/N: 88W8787, Version 1.0; Firmware Version: Marvell Firmware Version 14.66.35.p51; Zebra Driver Firmware Version 1.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware-Hybrid05/01/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: Zebra QLn320 Printer with QNX 6.5.0

-FIPS Approved algorithms: AES (Cert. #3003); HMAC (Cert. #2248); SHS (Cert. #2902)

-Other algorithms: SAFER+

Multi-Chip Stand Alone

"The ZBR-88W8787-WLAN Module implements cryptographic support for Zebra wireless devices."
2628Giesecke & Devrient GmbH
Prinzregentenstrasse 159
Munich, Bavaria D-81677
Germany

Alexander Summerer
TEL: +49-89/4119-2418
FAX: +49-89/4119-2819

Rodrigue Gil
TEL: +49-89/4119-3492
FAX: +49-89/4119-783492

CST Lab: NVLAP 100432-0
StarSign Crypto-USB Token S powered by Sm@rtCafé Expert 7.0 Secure Element
(Hardware Version: SLE78CUFX5000PH (M7893 B11); Firmware Versions: Sm@rtCafé Expert 7.0, Demonstration Applet V1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/28/2016Overall Level: 3

-Operational Environment: N/A

-FIPS Approved algorithms: DRBG (Cert. #455); Triple-DES (Cert. #1637); Triple-DES MAC (Triple-DES Cert. #1637, vendor affirmed); AES (Certs. #2720 and #2721); SHS (Certs. #2288, #2289 and #2290); RSA (Certs. #1506 and #1507); DSA (Cert. #837); ECDSA (Cert. #476); KBKDF (Cert. #18); CVL (Cert. #177)

-Other algorithms: AES (Cert. #2721, key wrapping; key wrapping establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG

Single Chip

"StarSign Crypto-USB Token S powered by Sm@rtCafé Expert 7.0 Secure Element is a highly secured and integrated smartcard-based platform from Giesecke & Devrient complying with JavaCard Classic 3.0.4 and GlobalPlatform 2.2.1 standards.The Sm@rtCafé Expert 7.0 OS-platform is deployed in national ID, ePassport, authentication and digital signature programs with match-on-card biometric verification.StarSign Crypto-USB Token S is the ideal platform in a USB-Token form factor for secure logical access, online tax declaration, web based online authentication applications using FIDO and certificate"
2627Nuvoton Technology Corporation
4, Creation Road III
Hsinchu Science Park
Taiwan

Yossi Talmi
TEL: +972-9-9702364

CST Lab: NVLAP 200556-0
NPCT6XX TPM 2.0
(Hardware Versions: FB5C85D and FB5C85E IN TSSOP28 PACKAGE and FB5C85D and FB5C85E IN QFN32 PACKAGE; Firmware Versions: 1.3.0.1, 1.3.1.0)
(When installed, initialized, and configured as specified in the Security Policy Section 8 and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/28/2016
08/25/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3541 and #3542); CVL (Certs. #593, #594, #595, and #596); KAS (Certs. #66 and #67); ECDSA (Certs. #719 and #720); DRBG (Certs. #898 and #899); HMAC (Certs. #2262 and #2263); RSA (Certs. #1819 and #1820); SHS (Certs. #2919 and #2920)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; AES (Certs. #3541 and #3542, key wrapping, key establishment methodology provides 128 bits of encryption strength)

Single Chip

"Nuvoton NPCT6XX TPM 2.0 is a hardware cryptographic module that implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography; as well as key generation and random number generation."
2626Century Longmai Technology Co. Ltd
3rd Floor, Gongkong Building
No. 1 Wangzhuang Rd
Haidian District
Beijing, Vendor State 100083
China

Lemon Yang
TEL: +86 13810314817
FAX: +86 10 62313636

CST Lab: NVLAP 200658-0
mToken CryptoID
(Hardware Version: SCC-X; Firmware Version: 3.11)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/14/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1994); AES (Cert. #3582); SHS (Cert. #2944); DRBG (Cert. #921); ECDSA (Cert. #728); RSA (Cert. #1843); HMAC (Cert. #2282); KAS (Cert. #70); CVL (Cert. #610); KAS (SP 800-56Arev2 with CVL Cert. #610, vendor affirmed); KTS (Triple-DES Cert. #1994); KTS (AES Cert. #3582)

-Other algorithms: SHS (non-compliant); RSA (key wrapping; non-compliant less than 112 bits of encryption strength); HMAC (non-compliant); NDRNG

Multi-Chip Stand Alone

"mToken CryptoID is designed based on a secure smartcard chip that utilizes the in-built mCOS to communicate with computer device via USB interface in a "plug and play" manner. It can realize various Public Key Infrastructure (PKI) applications including digital signature, online authentications, online transactions, software security, etc."
2625ECI Telecom Ltd.
30, Hasivim Street
Petach Tikvah 49517
Israel

Milind Barve
TEL: +91-9987537250
FAX: +972-3-928-7100

CST Lab: NVLAP 200556-0
ECI TR10_4EN Encryption Module
(Hardware Versions: Board-Type=0x856B, Revision# D3; Firmware Version: R6.3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/28/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3551, #3552 and #3576)

-Other algorithms: AES (Cert. #3552, key wrapping)

Multi-Chip Embedded

"TR10_4EN is a ‘1U’ sized card that fits into ECI’s Apollo chassis."
2624Siemens PLM Software Inc.
5800 Granite Parkway
Suite 600
Plano, TX 75024
USA

Vikas Singh
TEL: 651-855-6176

CST Lab: NVLAP 200427-0
Teamcenter Cryptographic Module
(Software Version: 3.0)
(When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/27/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Windows 7 SP1 (x86 32-bit) running on an HP Compaq Pro 6305
Windows 7 SP1 (x64) running on an HP Compaq Pro 6305
SUSE Linux 11.2 (x64) running on an HP Compaq Pro 6305
Mac OS X 10.11 (x64) running on a Mac Mini (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3680); CVL (Cert. #676); DRBG (Cert. #988); DSA (Cert. #1037); ECDSA (Cert. #774); HMAC (Cert. #2426); RSA (Cert. #1901); SHS (Cert. #3094); Triple-DES (Cert. #2058)

-Other algorithms: DES; Diffie-Hellman (non-compliant); EC Diffie-Hellman (CVL Cert. #676, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"Teamcenter powers innovation and productivity by connecting people and processes with knowledge. Teamcenter is the de facto standard for PLM deployment, providing solutions to drive business performance goals. This includes the need to increase the yield of innovation, compress time-to-market, meet business and regulatory requirements, optimize operational resources and maximize globalization advantages. With this FCAP-FIPS certification status, Teamcenter now offers the best in class and highest levels of encryption to our security-conscious customers."
2623Veritas Technologies LLC
500 East Middlefield Road
Mountain View, CA 94043
USA

Ravi Mahendrakar

CST Lab: NVLAP 201029-0
Veritas Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/25/2016
05/10/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG

Multi-Chip Stand Alone

"The Veritas Cryptographic Module from Veritas provides cryptographic services which are used to encrypt the data at rest and in the secure communication with a trusted third party."
2622SUSE, LLC
10 Canal Park, Suite 200
Cambridge, Massachusetts 02141
USA

Thomas Biege
TEL: +49 911 74053 500

Michael Hager
TEL: +49 911 74053 80

CST Lab: NVLAP 200658-0
SUSE Linux Enterprise Server 12 - NSS Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software04/22/2016Overall Level: 2

-Physical Security: N/A
-Operational Environment: SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3452); Triple-DES (Cert. #1943); DSA (Cert. #971); ECDSA (Cert. #699); RSA (Cert. #1767); SHS (Cert. #2848); HMAC (Cert. #2198); DRBG (Cert. #846)

-Other algorithms: Camellia; DES; RC2; RC4; RC5; SEED; MD2; MD5; AES (Cert. #3452, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1943, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides at least 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); JPAKE

Multi-Chip Stand Alone

"SUSE Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications."
2621Forcepoint
10900-A Stonelake Blvd.
Quarry Oaks 1
Ste. 350
Austin, TX 78759
USA

Matt Sturm
TEL: 858-320-9444

CST Lab: NVLAP 201029-0
Websense C Cryptographic Module
(Software Version: 2.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/21/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG

Multi-Chip Stand Alone

"Websense produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Websense C Crypto Module provides support for cryptographic and secure communications services for these solutions."
2620Palo Alto Networks
4301 Great America Parkway
Santa Clara, CA 95054
USA

Richard Bishop
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
Palo Alto Networks VM-Series
(Software Version: 7.0.1-h4 or 7.0.3)
(When operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/21/2016Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: VMware ESXi 5.5 running on PA-VM-ESX-7.0.1.ova or PA-VM-NSX-7.0.1.ova
CentOS 6.5 - KVM running on PA-VM-KVM-7.0.1.qcow2
Citrix XenServer 6.1.0 running on PA-VM-SDX-7.0.1.xva (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3501); ECDSA (Cert. #714); RSA (Cert. #1797); HMAC (Cert. #2235); SHS (Cert. #2888); DRBG (Cert. #871); CVL (Certs. #568, #569, #570 and #571)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #569, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #3501, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RIPEMD; Camellia; SEED; Triple-DES (non-compliant); Blowfish; CAST; RC4; UMAC; HMAC-MD5; HMAC-RIPEMD; DSA (non-compliant)

Multi-Chip Stand Alone

"The VM-Series allows you to protect your applications and data from cyber threats with our next-generation firewall security and advanced threat prevention features."
2619Vocera Communications, Inc.
525 Race Street
San Jose, CA 95126
USA

Ammath Keunemany
TEL: 408-882-4615

CST Lab: NVLAP 200996-0
Vocera Cryptographic Module v3.0
(Hardware Version: 88W8787; Firmware Version: 3.0; Software Version: 3.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid04/19/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: Vocera Embedded Linux Version 3.0 running on a B3000n badge (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3531 and #3532); HMAC (Cert. #2257); SHS (Cert. #2912); RSA (Cert. #1815); DRBG (Cert. #888); CVL (Cert. #586)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5

Multi-Chip Stand Alone

"Vocera B3000n Badge is a wearable hands-free voice-controlled device that provides easy-to-use and instantaneous communication on a wireless LAN network. The Vocera Cryptographic Module, embedded in the B3000n Badge, ensures protected communications using industry-standard secure wireless communication protocols."
2618Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200997-0
Cisco ASA 5506-X, ASA 5506H-X, ASA 5506W-X, ASA 5508-X, ASA 5512-X, ASA 5515-X, ASA 5516-X, ASA 5525-X, ASA 5545-X, ASA 5555-X, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Adaptive Security Appliances
(Firmware Version: 9.4.3)
(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/19/2016
08/10/2016
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2050, #2444, #2472, #3301 and #3439); CVL (Cert. #525); DRBG (Certs. #332, #336, #819 and #838); ECDSA (Cert. #693); HMAC (Certs. #1247, #1514, #2095 and #2188); RSA (Cert. #1760); SHS (Certs. #1794, #2091, #2737 and #2839); Triple-DES (Certs. #1321, #1513, #1881 and #1937)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
2617Palo Alto Networks
4301 Great America Parkway
Santa Clara, CA 95054
USA

Jake Bajic
TEL: 408-753-4000

Amir Shahhosseini
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
WildFire WF-500
(Hardware Version: P/N: 910-000097-00G Rev G; FIPS Kit P/N: 920-000145 Version Rev 00A; Firmware Version: 7.0.3)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware04/18/2016Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3475); RSA (Cert. #1782); ECDSA (Cert. #713); HMAC (Cert. #2220); SHS (Cert. #2870); DRBG (Cert. #870); CVL (Certs. #564, #565, #566 and #567)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; Triple-DES (non-compliant); CAST; ARCFOUR; Blowfish; Camellia; SEED; RC2; RC4; HMAC-MD5; UMAC; HMAC-RIPEMD

Multi-Chip Stand Alone

"WildFire WF-500 identifies unknown malware, zero-day exploits, and Advanced Persistent Threats (APTs) through dynamic analysis, and automatically disseminates protection in near real-time to help security teams meet the challenge of advanced cyber-attacks"
2616Palo Alto Networks
4301 Great America Parkway
Santa Clara, CA 95054
USA

Richard Bishop
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
PA-3060 and PA-7080 Firewalls
(Hardware Versions: PA-3060 P/N 910-000104-00C Rev. C and PA-7080 P/N 910-000122-00A with 910-000028-00B or 910-000117-00A; FIPS Kit P/Ns: 920-000138-00A Rev. A and 920-000119-00A Rev. A; Firmware Versions: 7.0.1-h4 and 7.0.3)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/18/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3475); ECDSA (Cert. #713); RSA (Cert. #1782); HMAC (Cert. #2220); SHS (Cert. #2870); DRBG (Cert. #870); CVL (Certs. #564, #565, #566 and #567)

-Other algorithms: EC Diffie-Hellman (CVL Cert. #567, key agreement; key establishment methodology provides 128 bits or 192 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #3475, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength); NDRNG; MD5; RIPEMD; Camellia; SEED; Triple-DES (non-compliant); Blowfish; CAST; RC4; UMAC; HMAC-MD5; HMAC-RIPEMD

Multi-Chip Stand Alone

"The Palo Alto Networks PA-3060 and PA-7080 firewalls provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications, instead of the traditional "all-or-nothing" approach offered by traditional port-blocking firewalls used in many security infrastructures."
2615Mojo Networks, Inc.
339 N. Bernardo Avenue
Suite 200
Mountain View, CA 94043
USA

Hemant Chaskar
TEL: 650-961-1111
FAX: 650-961-1169

CST Lab: NVLAP 200002-0
AirTight Wireless Sensor
(Hardware Versions: C-75 and C-75-E with Tamper Evident Seal Kit: C-TPL-A; Firmware Version: 7.2.FIPS.04)
(When operated in FIPS mode and with tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/12/2016
04/14/2016
04/15/2016
04/19/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3766); CVL (Cert. #710); DRBG (Cert. #1036); HMAC (Cert. #2465); KBKDF (Cert. #77); KTS (AES Cert. #3766 and HMAC Cert. #2465; key establishment methodology provides 128 or 256 bits of encryption strength); RSA (Cert. #1937); SHS (Cert. #3135)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-Chip Stand Alone

"The module performs wireless intrusion detection and prevention. It monitors radio channels to ensure conformance of wireless activity to security policy. It mitigates various types of wireless security violations such as rogue wireless networks, unauthorized wireless connections, network mis-configurations and denial of service attacks."
2614Qualcomm Technologies, Inc.
5775 Morehouse Dr
San Diego, CA 92121
USA

Lu Xiao
TEL: 858-651-5477
FAX: 858-845-1523

Yin Ling Liong
TEL: 858-651-7034
FAX: 858-845-1523

CST Lab: NVLAP 200658-0
QTI Crypto Engine Core
(Hardware Version: 5.3.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/11/2016Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1980); AES (Cert. #3526); SHS (Cert. #2909); HMAC (Cert. #2254)

-Other algorithms: DES; AEAD

Single Chip

"QTI Crypto Engine Core is a general purpose cryptographic hardware engine capable of securely processing various confidentiality and integrity algorithms across multiple execution environments."
2613Nokia Corporation
600 March Road
Ottawa, ON K2K 2E6
Canada

Carl Rajsic

CST Lab: NVLAP 200556-0
SR-OS Cryptographic Module
(Firmware Version: 13.0R4)
(When operated in FIPS mode. When installed, initialized and configured as specified in the Security Policy Section 9.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware04/11/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: SR-OS 13.0R4 on CPM-7950 XRS-20 CPM
SR-OS 13.0R4 on CPM-7950 XRS-16 CPM
SR-OS 13.0R4 on CPM-7750 SR CPM5
SR-OS 13.0R4 on CFP-7750 SR-c12 CFM-XP-B
SR-OS 13.0R4 on CPM-7750 SR-a

-FIPS Approved algorithms: AES (Cert. #3484); Triple-DES (Cert. #1965); RSA (Cert. #1789); HMAC (Cert. #2226); SHS (Cert. #2878); DRBG (Cert. #861); DSA (Cert. #985); CVL (Cert. #560)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The SR-OS Cryptographic Module (SRCM) provides the cryptographic algorithm functions needed to allow SR-OS to implement cryptography for those services and protocols that require it."
2612Qualcomm Technologies, Inc.
5775 Morehouse Dr
San Diego, CA 92121
USA

Lu Xiao
TEL: 858-651-5477
FAX: 858-845-1523

Yin Ling Liong
TEL: 858-651-7034
FAX: 858-845-1523

CST Lab: NVLAP 200658-0
QTI Pseudo Random Number Generator
(Hardware Version: 2.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/08/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: DRBG (Cert. #885); SHS (Certs. #2908 and #2930)

-Other algorithms: NDRNG

Single Chip

"QTI Pseudo Random Number Generator is a hardware random number generator that provides cryptographic functions through on-chip entropy sources and hash based DRBG."
2611Silent Circle
174 Waterfront Street
Suite 500
National Harbor, MD 20745
USA

Ian Kanski

Allen Stone

CST Lab: NVLAP 201029-0
Java Crypto Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/07/2016
06/20/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with Windows Server 2012 with Java Runtime Environment (JRE) v1.7.0_17 running on OEM PowerEdge R420 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3192); DSA (Cert. #914); ECDSA (Cert. #583); RSA (Cert. #1622); HMAC (Cert. #2011); SHS (Cert. #2637); DRBG (Cert. #668); Triple-DES (Cert. #1818)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); RNG; Blowfish; Camellia; CAST5; CAST6; ChaCha; DES; Triple-DES (non-compliant); ElGamal; GOST28147; GOST3411; Grain128; Grainv1; HC128; HC256; IDEA; IES; ISAAC; MD2; MD4; MD5; Naccache Stern; Noekeon; Password-Based-Encryption (PBE); RC2; RC2 Key Wrapping; RC4; RC532; RC564; RC6; RFC3211 Wrapping; RFC3394 Wrapping; Rijndael; Ripe MD128; Ripe MD160; Ripe MD256; Ripe MD320; RSA Encryption; Salsa 20; SEED; SEED Wrapping; Serpent; Shacal2; SHA-3 (non-compliant); SHA-512/t (non-compliant); Skein-256-*; Skein-512-*; Skein-1024-*; Skipjack; DRBG (non-compliant); TEA; Threefish; Tiger; TLS v1.0 KDF (non-compliant); Twofish; VMPC; Whirlpool; XSalsa20; XTEAEngine

Multi-Chip Stand Alone

"The Java Crypto Module provides cryptographic functions for SilentOS from Silent Circle."
2610Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis
TEL: (669) 227-3579
FAX: (866) 315-1954

CST Lab: NVLAP 200658-0
Apple OS X CoreCrypto Module, v6.0
(Software Version: 6.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/05/2016Overall Level: 1

-Physical Security: N/A
-Operational Environment: OS X El Capitan v10.11 running on Mac mini with i5 CPU with PAA
OS X El Capitan v10.11 running on Mac mini with i5 CPU without PAA
OS X El Capitan v10.11 running on iMac with i7 CPU with PAA
OS X El Capitan v10.11 running on iMac with i7 CPU without PAA
OS X El Capitan v10.11 running on MacPro with Xeon CPU with PAA
OS X El Capitan v10.11 running on MacPro with Xeon CPU without PAA
OS X El Capitan v10.11 running on MacBook with Core M CPU with PAA
OS X El Capitan v10.11 running on MacBook with Core M CPU without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3797, #3798, #3799, #3800, #3801, #3802, #3803, #3804, #3805, #3806, #3807, #3808, #3809, #3810, #3811, #3812, #3813, #3814, #3815, #3816, #3817, #3818, #3819, #3820, #3821, #3822, #3823, #3824, #3825, #3826, #3827, #3828, #3829, #3830, #3831, #3832, #3833, #3834, #3835 and #3847); CVL (Certs. #722, #723, #724, #725, #726, #727, #728 and #729); DRBG (Certs. #1059, #1060, #1061, #1062, #1063, #1064, #1065, #1066, #1067, #1068, #1069, #1070, #1071, #1072, #1073, #1074, #1075, #1076, #1077, #1078, #1079, #1080, #1081 and #1091); ECDSA (Certs. #820, #821, #822, #823, #824, #825, #826 and #827); HMAC (Certs. #2325, #2326, #2327, #2328, #2329, #2330, #2331, #2332, #2333, #2334, #2335, #2336, #2337, #2338, #2339, #2340, #2341, #2342, #2343, #2344, #2345, #2346, #2347, #2348, #2479, #2480, #2481, #2482, #2483, #2484, #2485 and #2486); KTS (AES Certs. #3797, #3798, #3799, #3800, #3801, #3802, #3803, #3804, #3805, #3806, #3807, #3808, #3809, #3810, #3811, #3812, #3813, #3814, #3815, #3816, #3817, #3818, #3819, #3820, #3821, #3822, #3823, #3824, #3825, #3826, #3827, #3828, #3829, #3830, #3831, #3832, #3833, #3834, #3835 and #3847; key establishment methodology provides between 128 and 160 bits of encryption strength); RSA (Certs. #1953, #1954, #1955, #1956, #1957, #1958, #1959 and #1960); SHS (Certs. #2991, #2992, #2993, #2994, #2995, #2996, #2997, #2998, #2999, #3000, #3001, #3002, #3003, #3004, #3005, #3006, #3007, #3008, #3009, #3010, #3011, #3012, #3013, #3014, #3152, #3153, #3154, #3155, #3156, #3157, #3158 and #3159); Triple-DES (Certs. #2106, #2107, #2108, #2109, #2110, #2111, #2112 and #2113); PBKDF (vendor affirmed)

-Other algorithms: AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RC2; RC4; RFC6637 KDF; RIPEMD; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2609Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis
TEL: (669) 227-3579
FAX: (866) 315-1954

CST Lab: NVLAP 200658-0
Apple iOS CoreCrypto Kernel Module v6.0
(Software Version: 6.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/05/2016Overall Level: 1

-Physical Security: N/A
-Operational Environment: iOS 9.0 running on iPhone4S with Apple A5 CPU
iOS 9.0 running on iPhone5 with Apple A6 CPU
iOS 9.0 running on iPhone5S with Apple A7 CPU
iOS 9.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU
iOS 9.0 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU
iOS 9.0 running on iPad (3rd generation) with Apple A5X CPU
iOS 9.0 running on iPad (4th generation) with Apple A6X CPU
iOS 9.0 running on iPad Air 2 with Apple A8X CPU
iOS 9.1 running on iPad Pro with Apple A9X CPU (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3729, #3730, #3731, #3732, #3733, #3734, #3735, #3736, #3737, #3738, #3739, #3741, #3742, #3743, #3744, #3745, #3746 and #3747); DRBG (Certs. #1017, #1018, #1020, #1021, #1022, #1023, #1024, #1025 and #1026); ECDSA (Certs. #791, #792, #794, #795, #796, #797, #798, #799 and #800); HMAC (Certs. #2349, #2350, #2351, #2352, #2353, #2354, #2355, #2356, #2357, #2442, #2443, #2445, #2446, #2447, #2448, #2449, #2450 and #2451); RSA (Certs. #1918, #1919, #1921, #1922, #1923, #1924, #1925, #1926 and #1927); SHS (Certs. #3015, #3016, #3017, #3018, #3019, #3020, #3021, #3022, #3023, #3111, #3112, #3114, #3115, #3116, #3117, #3118, #3119 and #3120); Triple-DES (Certs. #2076, #2077, #2079, #2080, #2081, #2082, #2083, #2084 and #2085); KTS (AES Certs. #3729, #3730, #3731, #3732, #3733, #3734, #3735, #3736, #3737, #3738, #3739, #3741, #3742, #3743, #3744, #3745, #3746 and #3747; key establishment methodology provides between 128 and 160 bits of encryption strength); PBKDF (vendor affirmed)

-Other algorithms: AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; HASH_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC; RIPEMD; RC2; RC4; RFC6637 KDF; RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SP800-56C KDF; Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2608Sonus Networks, Inc.
4 Technology Park Drive
Westford, MA 01886
USA

Adam Elshama
TEL: 978-614-8327

CST Lab: NVLAP 200556-0
SBC 5110 and 5210 Session Border Controllers
(Hardware Versions: SBC 5110 and SBC 5210; Firmware Version: 5.0)
(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/05/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3480 and #3481); CVL (Certs. #554, #555 and #556); DRBG (Cert. #859); ECDSA (Cert. #708); HMAC (Certs. #2222 and #2223); RSA (Cert. #1787); SHS (Certs. #2874 and #2875); Triple-DES (Certs. #1961 and #1962)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5

Multi-Chip Stand Alone

"The SBC 5110 and 5210 Session Border Controllers are high-performance air-cooled, 2U, IP encryption appliances that provide secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP signaling and media traffic), media transcoding, flexible SIP session routing & policy management."
2607Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Secure Kernel Code Integrity (skci.dll) in Microsoft Windows 10 Enterprise, Windows 10 Enterprise LTSB
(Software Versions: 10.0.10240 [1] and 10.0.10586 [2])
(When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub under Cert. #2604 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/02/2016
08/26/2016
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][2]
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][2]
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][2]
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][2]
Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA [1]
Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1]
Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1]
Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [2] (single-user mode)

-FIPS Approved algorithms: RSA (Certs. #1784 and #1871); SHS (Certs. #2871 and #3048)

-Other algorithms: MD5

Multi-Chip Stand Alone

"Secure Kernel Code Integrity (SKCI) running in the Virtual Secure Mode (VSM) of the Hyper-V hypervisor will only grant execute access to physical pages in the kernel that have been successfully verified. Executable pages will not have write permission outside of Hyper-V. Therefore, only verified code can be executed."
2606Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub
(Software Versions: 10.0.10240 [1] and 10.0.10586 [2])
(When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub under Cert. #2604 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/02/2016
08/26/2016
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][2]
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA [1][2]
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA [1][2]
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA [1][2]
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][2]
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][2]
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA [1][2]
Windows 10 (x86) running on a Dell Inspiron 660s without PAA [1][2]
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][2]
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA [1][2]
Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA [1][2]
Windows 10 (x64) running on a Dell XPS 8700 with PAA [1][2]
Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA [1]
Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1]
Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1]
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 [2]
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 [2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [2]
Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA [2]
Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA [2]
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA [2]
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3497 and #3629); CVL (Certs. #575, #576, #663 and #664); DRBG (Certs. #868 and #955); DSA (Certs. #983 and #1024); ECDSA (Certs. #706 and #760); HMAC (Certs. #2233 and #2381); KAS (Certs. #64 and #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66 and #72); KTS (AES Certs. #3507 and #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, #1802, #1887, #1888 and #1889); SHS (Certs. #2886 and #3047); Triple-DES (Certs. #1969 and #2024)

-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)

Multi-Chip Stand Alone

"The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography."
2605Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub
(Software Versions: 10.0.10240 [1] and 10.0.10586 [2])
(When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2601 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2602 operating in FIPS mode or BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2701 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise validated to FIPS 140-2 under Cert. #2702 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/02/2016
08/26/2016
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][2]
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA [1][2]
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA [1][2]
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA [1][2]
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][2]
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][2]
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA [1][2]
Windows 10 (x86) running on a Dell Inspiron 660s without PAA [1][2]
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][2]
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA [1][2]
Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA [1][2]
Windows 10 (x64) running on a Dell XPS 8700 with PAA [1][2]
Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA [1]
Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1]
Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1]
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 [2]
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 [2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [2]
Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA [2]
Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA [2]
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA [2]
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3497 and #3629); CVL (Certs. #576 and #663); DRBG (Certs. #868 and #955); DSA (Certs. #983 and #1024); ECDSA (Certs. #706 and #760); HMAC (Certs. #2233 and #2381); KAS (Certs. #64 and #72; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); KBKDF (Certs. #66 and #72); KTS (AES Certs. #3507 and #3653; key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. #1783, #1798, #1802, #1887, #1888 and #1889); SHS (Certs. #2886 and #3047); Triple-DES (Certs. #1969 and #2024)

-Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Multi-Chip Stand Alone

"Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet)."
2604Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows 10 for Surface Hub
(Software Versions: 10.0.10240 [1] and 10.0.10586 [2])
(When operated in FIPS mode with modules BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2601 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2602 operating in FIPS mode or BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Mobile, Windows 10 for Surface Hub validated to FIPS 140-2 under Cert. #2701 operating in FIPS mode or BitLocker(R) Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise validated to FIPS 140-2 under Cert. #2702 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/02/2016
08/26/2016
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA [1][2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA [1][2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA [1][2]
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA [1][2]
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA [1][2]
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA [1][2]
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA [1][2]
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA [1][2]
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA [1][2]
Windows 10 (x86) running on a Dell Inspiron 660s without PAA [1][2]
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA [1][2]
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA [1][2]
Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA [1][2]
Windows 10 (x64) running on a Dell XPS 8700 with PAA [1][2]
Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA [1]
Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA [1]
Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA [1]
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 950 [2]
Windows 10 Mobile (ARMv7) running on a Microsoft Lumia 635 [2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Book with PAA [2]
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 4 with PAA [2]
Windows 10 Pro (x64) running on a Microsoft Surface Book with PAA [2]
Windows 10 Pro (x64) running on a Microsoft Surface Pro 4 with PAA [2]
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 84" with PAA [2]
Windows 10 for Surface Hub (x64) running on a Microsoft Surface Hub 55" with PAA [2] (single-user mode)

-FIPS Approved algorithms: RSA (Certs. #1784 and #1871); SHS (Certs. #2871 and #3048)

-Other algorithms: AES (non-compliant); MD5

Multi-Chip Stand Alone

"Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk."
2603Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Dump Filter (dumpfve.sys) in Microsoft Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB
(Software Version: 10.0.10240)
(When operated in FIPS mode with the module Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB under Cert. #2604 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/02/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA
Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3497 and #3498)

-Other algorithms: N/A

Multi-Chip Stand Alone

"The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file."
2602Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Windows Resume (winresume) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB
(Software Version: 10.0.10240)
(When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2600 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/02/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA
Windows 10 (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA
Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

-Other algorithms: MD5

Multi-Chip Stand Alone

"BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state."
2601Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Windows OS Loader (winload) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB
(Software Version: 10.0.10240)
(When operated in FIPS mode with module Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB validated to FIPS 140-2 under Cert. #2600 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/02/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA
Windows 10 (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA
Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3497 and #3498); RSA (Cert. #1784); SHS (Cert. #2871)

-Other algorithms: MD5; NDRNG

Multi-Chip Stand Alone

"The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files."
2600Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Boot Manager in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB
(Software Version: 10.0.10240)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/02/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Operational Environment: Windows 10 Enterprise (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 2 with PAA
Windows 10 Pro (x64) running on a Microsoft Surface Pro 3 with PAA
Windows 10 Enterprise (x64) running on a Microsoft Surface 3 with PAA
Windows 10 Enterprise (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Pro (x86) running on a Dell Inspiron 660s without PAA
Windows 10 (x86) running on a Dell Inspiron 660s without PAA
Windows 10 Enterprise (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Pro (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 (x64) running on a Dell XPS 8700 with PAA
Windows 10 Enterprise LTSB (x86) running on a Dell Inspiron without PAA
Windows 10 Enterprise LTSB (x64) running on a HP Compaq Pro 6305 with PAA
Windows 10 Enterprise LTSB (x64) running on a Dell XPS 8700 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3497); HMAC (Cert. #2233); KTS (AES Cert. #3498); PBKDF (vendor affirmed); RSA (Cert. #1784); SHS (Certs. #2871 and #2886)

-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)

Multi-Chip Stand Alone

"The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it."
2599Cleversafe, an IBM Company
222 South Riverside Plaza
Suite 1700
Chicago, Illinois 60606
US

Mark Seaborn
TEL: (312) 423-6640

Jason Resch
TEL: (312) 423-6640

CST Lab: NVLAP 200002-0
Cleversafe FIPS Cryptographic Module
(Software Version: 1.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/01/2016
04/12/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: ClevOS 3.8.0-FIPS-EDITION running on Intel Xeon with PAAClevOS 3.8.0-FIPS-EDITION running on Intel Xeon without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3611 and #3612); CVL (Certs. #630 and #631); DRBG (Certs. #941 and #942); DSA (Certs. #1006 and #1007); ECDSA (Certs. #743 and #744); HMAC (Certs. #2318 and #2319); RSA (Certs. #1858 and #1859); SHS (Certs. #2984 and #2985); Triple-DES (Certs. #2011 and #2012)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG

Multi-Chip Stand Alone

"The Cleversafe® FIPS Object Module is a full featured general purpose cryptographic library that is distributed as a component of Cleversafe's ClevOS™ FIPS Edition, the underlying technology for dsNet® Appliances."
2598Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Harjit Dhillon
TEL: 916-501-1426

Steve Wierenga
TEL: 650-265-3660

CST Lab: NVLAP 100432-0
HPE Enterprise Secure Key Manager
(Hardware Versions: P/Ns C8Z61AA, Versions 4.0 [1] and 4.1 [2]; Firmware Versions: 6.0.0-51 [1] and 6.1.0-14 [2])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/01/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3427 and #3428); CVL (Certs. #517, #518, #519, #520, #521 and #522); DRBG (Certs. #826, #827, #828 and #829); HMAC (Certs. #2179 and #2180); RSA (Certs. #1753 and #1754); SHS (Certs. #2827 and #2828); Triple-DES (Certs. #1932 and #1933)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DES; MD5; RC4; RSA (non-compliant); Triple-DES (non-compliant); HMAC (non-compliant); SHS (non-compliant); SNMPv3 KDF (non-compliant); AES (non-compliant)

Multi-Chip Stand Alone

"HP Enterprise Secure Key Manager (ESKM) provides key generation, retrieval, and management for encryption devices and solutions. ESKM is a hardened security appliance with secure access control, administration, and logging. ESKM supports high availability with automatic multi-site clustering, replication, and failover."
2597Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis
TEL: (669)227-3579
FAX: (866)315-1954

CST Lab: NVLAP 200658-0
Apple OS X CoreCrypto Kernel Module v6.0
(Software Version: 6.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/29/2016Overall Level: 1

-Physical Security: N/A
-Operational Environment: OS X El Capitan v10.11 running on Mac mini with i5 CPU with PAA
OS X El Capitan v10.11 running on Mac mini with i5 CPU without PAA
OS X El Capitan v10.11 running on iMac with i7 CPU with PAA
OS X El Capitan v10.11 running on iMac with i7 CPU without PAA
OS X El Capitan v10.11 running on MacPro with Xeon CPU with PAA
OS X El Capitan v10.11 running on MacPro with Xeon CPU without PAA
OS X El Capitan v10.11 running on MacBook with Core M CPU with PAA
OS X El Capitan v10.11 running on MacBook with Core M CPU without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3781, #3782, #3783, #3784, #3785, #3786, #3787, #3788, #3789, #3790, #3791, #3792, #3793, #3794, #3795 and #3796); DRBG (Certs. #1047, #1048, #1049, #1050, #1051, #1052, #1053, #1054, #1055, #1056, #1057 and #1058); ECDSA (Certs. #816, #817, #818 and #819); HMAC (Certs. #2358, #2359, #2360, #2361, #2362, #2363, #2364, #2365, #2366, #2367, #2368, #2369, #2370, #2371, #2372, #2373, #2475, #2476, #2477 and #2478); KTS (AES Certs. #3781, #3782, #3783, #3784, #3785, #3786, #3787, #3788, #3789, #3790, #3791, #3792, #3793, #3794, #3795 and #3796; key establishment methodology provides between 128 and 160 bits of encryption strength); RSA (Certs. #1949, #1950, #1951 and #1952); SHS (Certs. #3024, #3025, #3026, #3027, #3028, #3029, #3030, #3031, #3032, #3033, #3034, #3035, #3036, #3037, #3038, #3039, #3148, #3149, #3150 and #3151); Triple-DES (Certs. #2102, #2103, #2104 and #2105); PBKDF (vendor affirmed)

-Other algorithms: AES (non-compliant); AES-CMAC (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC; RC2; RC4; RFC6637 KDF; RIPEMD; RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SP800-56C KDF; Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The Apple OS X CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2596McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

James Reardon
TEL: 651-628-5346
FAX: n/a

CST Lab: NVLAP 100432-0
Network Security Platform Sensor NS-9300 P
(Firmware Version: 8.1.17.16)
(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/29/2016
05/03/2016
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3156); CVL (Certs. #409 and #599); DRBG (Cert. #649); HMAC (Cert. #1989); RSA (Certs. #1600 and #1825); SHS (Certs. #2612 and #2923)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); SNMP KDF (non-compliant)

Multi-Chip Stand Alone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2595Chunghwa Telecom Co., Ltd.
No.99, Dianyan Road
Yang-Mei
Taoyuan, Taiwan 326
Republic of China

Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

Char-Shin Miou
TEL: +886 3 424 4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0
HiCOS PKI Native Smart Card Cryptographic Module
(Hardware Version: RS45C; Firmware Versions: HardMask: 2.2 and SoftMask: 1.2)
(No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/29/2016Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Operational Environment: N/A

-FIPS Approved algorithms: CVL (Cert. #614); DRBG (Cert. #927); ECDSA (Cert. #731); RSA (Cert. #1846); SHS (Cert. #2953); Triple-DES (Cert. #1999)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (Certs. #1999, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single Chip

"The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate."
2594Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis
TEL: (669)227-3579
FAX: (866)315-1954

CST Lab: NVLAP 200658-0
Apple iOS CoreCrypto Module v6.0
(Software Version: 6.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/29/2016Overall Level: 1

-Physical Security: N/A
-Operational Environment: iOS 9.0 running on iPhone4S with Apple A5 CPU with AES hardware acceleration
iOS 9.0 running on iPhone4S with Apple A5 CPU without AES hardware acceleration
iOS 9.0 running on iPhone5 with Apple A6 CPU with AES hardware acceleration
iOS 9.0 running on iPhone5 with Apple A6 CPU without AES hardware acceleration
iOS 9.0 running on iPhone5S with Apple A7 CPU
iOS 9.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU
iOS 9.0 running on iPhone6S (iPhone6S and iPhone6S Plus) with Apple A9 CPU
iOS 9.0 running on iPad (3rd generation) with Apple A5X CPU with AES hardware acceleration
iOS 9.0 running on iPad (3rd generation) with Apple A5X CPU without AES hardware acceleration
iOS 9.0 running on iPad (4th generation) with Apple A6X CPU with AES hardware acceleration
iOS 9.0 running on iPad (4th generation) with Apple A6X CPU without AES hardware acceleration
iOS 9.0 running on iPad Air 2 with Apple A8X CPU
iOS 9.1 running on iPad Pro with Apple A9X CPU (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3682, #3683, #3684, #3685, #3686, #3687, #3688, #3689, #3690, #3691, #3692, #3693, #3694, #3695, #3698, #3699, #3700, #3701, #3702, #3703, #3704, #3705, #3706, #3707, #3708, #3709, #3710, #3712, #3713, #3714, #3715, #3716, #3717, #3718, #3719, #3720, #3721, #3722, #3723, #3724, #3725, #3726, #3727, #3728, #3740 and #3750); CVL (Certs. #683, #684, #685, #686, #687, #688, #689, #690, #691, #692, #693, #694, #695 and #698); DRBG (Certs. #989, #990, #991, #992, #993, #994, #995, #996, #997, #999, #1000, #1001, #1002, #1004, #1005, #1006, #1007, #1008, #1009, #1010, #1011, #1012, #1013, #1014, #1015 and #1016); ECDSA (Certs. #777, #778, #779, #780, #781, #782, #783, #784, #785, #786, #787, #788, #789 and #793); HMAC (Certs. #2302, #2304, #2306, #2307, #2309, #2310, #2311, #2312, #2313, #2314, #2315, #2316, #2317, #2428, #2429, #2430, #2431, #2432, #2433, #2434, #2435, #2436, #2437, #2438, #2439, #2440 and #2444); KTS (AES Certs. #3682, #3683, #3684, #3685, #3686, #3687, #3688, #3689, #3690, #3691, #3692, #3693, #3694, #3695, #3698, #3699, #3700, #3701, #3702, #3703, #3704, #3705, #3706, #3707, #3708, #3709, #3710, #3712, #3713, #3714, #3715, #3716, #3717, #3718, #3719, #3720, #3721, #3722, #3723, #3724, #3725, #3726, #3727, #3728, #3740 and #3750; key establishment methodology provides between 128 and 160 bits of encryption strength); RSA (Certs. #1904, #1905, #1906, #1907, #1908, #1909, #1910, #1911, #1912, #1914, #1915, #1916, #1919 and #1920); SHS (Certs. #2968, #2970, #2972, #2973, #2974, #2975, #2976, #2977, #2978, #2979, #2980, #2981, #2982, #2983, #3096, #3097, #3098, #3099, #3100, #3101, #3102, #3103, #3104, #3105, #3106, #3107, #3108 and #3113); Triple-DES (Certs. #2060, #2061, #2062, #2063, #2064, #2065, #2066, #2067, #2068, #2069, #2070, #2071, #2072 and #2078); PBKDF (vendor affirmed)

-Other algorithms: AES (non-compliant); ANSI X9.63 KDF; Blowfish; CAST5; DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (non-compliant); Ed25519; Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves; KBKDF (non-compliant); MD2; MD4; MD5; OMAC (One-Key CBC MAC); RFC6637 KDF; RIPEMD; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2593McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

James Reardon
TEL: 651-628-5346
FAX: n/a

CST Lab: NVLAP 100432-0
Network Security Platform Sensor NS-9300 S
(Firmware Version: 8.1.17.16)
(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/29/2016
05/03/2016
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3156); CVL (Certs. #409 and #599); DRBG (Cert. #649); HMAC (Cert. #1989); RSA (Certs. #1600 and #1825); SHS (Certs. #2612 and #2923)

-Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2592Zebra Technologies Corporation
One Zebra Plaza
Holtsville, NY 11742
USA

Robert Pang
TEL: 631-738-5419
FAX: n/a

Mariya Wright
TEL: 914-574-8189
FAX: 631-738-4656

CST Lab: NVLAP 100432-0
Zebra DCS Cryptographic Library
(Firmware Versions: DAACVS00-001-R00, DAACWS00-001-R00 or DAACUS00-001-R00)
(This validation entry is a non-security relevant modification to Cert. #1467)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware03/25/2016
08/15/2016
Overall Level: 1

-Operational Environment: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: LI3678 with uC/OS-II v2.85
DS3678 and DS8178 with TreadX v6.5
STB3678 with uC/OS-II v2.85
FLB3678 and CR8178 with uC/OS-II v2.85

-FIPS Approved algorithms: AES (Certs. #3856, #3857 and #3858); HMAC (Certs. #2504, #2505 and #2506); SHS (Certs. #3178, #3179 and #3180)

-Other algorithms: N/A

Multi-Chip Stand Alone

"The Zebra DCS Cryptographic Library provides FIPS 140-2 Level 1 certified encryption and security practices to protect data sensitive transmission between the Embedded devices which include cordless scanners, cradles and terminals."
2591McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

James Reardon
TEL: 651-628-5346
FAX: n/a

CST Lab: NVLAP 100432-0
Network Security Platform Sensor NS-9100 and NS-9200
(Firmware Version: 8.1.17.16)
(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/24/2016
05/03/2016
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3156); CVL (Certs. #409 and #599); DRBG (Cert. #649); HMAC (Cert. #1989); RSA (Certs. #1600 and #1825); SHS (Certs. #2612 and #2923)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); SNMP KDF (non-compliant)

Multi-Chip Stand Alone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2590ARX (Algorithmic Research)
10 Nevatim Street
Kiryat Matalon, Petach Tikva 49561
USA

Ezer Farhi
TEL: 972-3-9279529

CST Lab: NVLAP 200002-0
CoSign
(Hardware Version: 7.0; Firmware Version: 7.7)
(When operated in FIPS Mode. This module contains the embedded module eToken 5105 validated to FIPS 140-2 under Cert. #1883 operating in FIPS mode. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/24/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #2074 and #2087); Triple-DES MAC (Triple-DES Cert. #2087, vendor affirmed); SHS (Certs. #3109 and #3122); HMAC (Certs. #2441 and #2453); DRBG (Certs. #1028 and #98); RSA (Cert. #1929); CVL (Certs. #697); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; MD5; Triple-DES (Cert. #2074, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); SHS (non-compliant); HMAC (non-compliant); Triple-DES (non-compliant); RSA-RESTful-TLS (key wrapping; non-compliant)

Multi-Chip Stand Alone

"CoSign is a digital signature appliance that is connected to the organizational network and manages all signature keys and certificates of organization's end-users. End-users will connect securely to CoSign from their PC for the purpose of signing documents and data."
2589Sonus Networks, Inc.
4 Technology Park Drive
Westford, MA 01886
USA

Adam Elshama
TEL: 978-614-8327

CST Lab: NVLAP 200556-0
SBC 7000 Session Border Controller
(Hardware Version: SBC 7000; Firmware Version: 5.0)
(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/24/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3482 and #3483); CVL (Certs. #557, #558 and #559); DRBG (Cert. #860); ECDSA (Cert. #709); HMAC (Certs. #2224 and #2225); RSA (Cert. #1788); SHS (Certs. #2876 and #2877); Triple-DES (Certs. #1963 and #1964)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5

Multi-Chip Stand Alone

"The SBC 7000 Session Border Controller is a high-performance air-cooled, 5U, IP encryption appliances that provide secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP signaling and media traffic), media transcoding, flexible SIP session routing & policy management."
2588Qualcomm Technologies, Inc.
5775 Morehouse Dr
San Diego, CA 92121
USA

Lu Xiao
TEL: 858-651-5477
FAX: 858-845-1523

Yin Ling Liong
TEL: 858-651-7034
FAX: 858-845-1523

CST Lab: NVLAP 200658-0
QTI Inline Crypto Engine (SDCC)
(Hardware Version: 2.1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/22/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3556 and #3558)

-Other algorithms: N/A

Single Chip

"QTI Inline Crypto Engine (SDCC) high throughput storage data encryption and decryption."
2587Hewlett Packard Enterprise Development LP
11445 Compaq Center Dr. W
Houston, TX 77070
USA

Ramesh Narayanan
TEL: +91 80 338 65384

Rituparna Mitra
TEL: +91 80 251 65735

CST Lab: NVLAP 200928-0
HP BladeSystem Onboard Administrator Firmware
(Firmware Version: 4.40)
(When installed, initialized and configured as indicated in the Security Policy in Section 3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware03/21/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: BladeSystem c7000 DDR2 Onboard Administrator with KVM option enclosure
BladeSystem c3000 Tray with Embedded DDR2 Onboard Administrator enclosure
BladeSystem c3000 Dual DDR2 Onboard Administrator enclosure

-FIPS Approved algorithms: AES (Cert. #3333); CVL (Cert. #487); DRBG (Cert. #780); HMAC (Cert. #2124); RSA (Cert. #1712); SHS (Certs. #2766, #2767 and #2768); Triple-DES (Cert. #1903)

-Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-Chip Stand Alone

"The module provides administrative control of HP BladeSystem c-Class enclosures. The cryptographic functions of the module provide security for administrative access via HTTPS and SSH, and to administrative commands for the BladeSystem enclosure."
2586Integral Memory PLC.
Unit 6 Iron Bridge Close
Iron Bridge Business Park
Off Great Central Way
London, Middlesex NW10 0UF
United Kingdom

Patrick Warley
TEL: +44 (0)20 8451 8700
FAX: +44 (0)20 8459 6301

Francesco Rivieccio
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

CST Lab: NVLAP 200996-0
Integral AES 256 Bit Crypto SSD Underlying PCB
(Hardware Version: INSSD32GS25MCR140-2(R); INSSD64GS25MCR140-2(R); INSSD128GS25MCR140-2(R); INSSD256GS25MCR140-2(R); INSSD512GS25MCR140-2(R); INSSD1TS25MCR140-2(R); INIS2564GCR140(R); INIS25128GCR140(R); INIS25256GCR140(R); INIS251TCR140(R); INIS252TCR140(R); INSSD64GS625M7CR140; INSSD128GS625M7CR140; INSSD256GS625M7CR140; INSSD512GS625M7CR140; INSSD1TS625M7CR140; INSSD2TS625M7CR140; INSSD32GS18MCR140-2(R); INSSD64GS18MCR140-2(R); INSSD128GS18MCR140-2(R); INSSD256GS18MCR140-2(R); INSSD512GS18MCR140-2(R); INSSD1TGS18MCR140-2(R); INIS1864GCR140(R); INIS18128GCR140(R); INIS18256GCR140(R); INIS18512GCR140(R); INIS181TGCR140(R); INIS182TGCR140(R); INISHS64GCR140(R); INISHS128GCR140(R); INISHS256GCR140(R); INISHS512GCR140(R); INISHS1TCR140(R); INISHS2TCR140(R); INSSD128GM2M2260C140(R); INSSD256GM2M2260C140(R); INSSD512GM2M2260C140(R); INSSD1TM2M2260C140(R); INIM26064GCR140(R); INIM260128GCR140(R); INIM260256GCR140(R); INIM260512GCR140(R); INIM2601TCR140(R); INIM2602TCR140(R); INSSD64GM2M2280C140(R); INSSD128GM2M2280C140(R); INSSD256GM2M2280C140(R); INSSD1TGM2M2280C140(R); INIM28064GCR140(R); INIM280128GCR140(R); INIM280256GCR140(R); INIM280512GCR140(R); INIM2801TCR140(R); INIM2802TCR140(R); INSSD64GMSA6MCR140(R); INSSD128GMSA6MCR140(R); INSSD256GMSA6MCR140(R); INSSD512GMSA6MCR140(R); INSSD1TMSA6MCR140(R); INIMSA64GCR140(R); INIMSA128GCR140(R); INIMSA256GCR140(R); INIMSA512GCR140(R); INIMSA1TCR140(R); INIMSA2TCR140(R); INIM24264GCR140(R); INIM242128GCR140(R); INIM242256GCR140(R); INIM242512GCR140(R); INIM2421TCR140(R); INIM2422TCR140(R); Firmware Version: S5FDM018)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware03/21/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #2175); DRBG (Cert. #254); HMAC (Cert. #1335); SHS (Cert. #1887)

-Other algorithms: NDRNG

Multi-Chip Stand Alone

"Integral Crypto SSD is the Full Disk Encryption solution for Windows desktops and laptops. Featuring AES 256-bit Hardware Encryption so you can encrypt and protect your sensitive data and get the speed, reliability and power benefits of SSD. It comes in, 32 GB 64 GB 128 GB, 256 GB, 512 GB and 1TB SATA II & III versions. The devices feature an epoxy resin coating around both the circuit components and the printed circuit board (PCB)."
2585EMC Corporation
176 South Street
Hopkinton, MA 01748
USA

Greg Lazar
TEL: 508-249-7822

Tom Dibb
TEL: 508-249-7660

CST Lab: NVLAP 200556-0
VNX 6 Gb/s SAS I/O Module with Encryption from EMC
(Hardware Versions: 1.1.1-303-161-103B-04 and 1.2.1-303-224-000C-03; Firmware Version: 2.09.36)
(When installed, initialized and configured as specified in the Security Policy Section 3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/21/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3502 and #3512); KTS (AES Certs. #3502 and #3512)

-Other algorithms: N/A

Multi-Chip Embedded

"The VNX 6Gb/s SAS I/O Module with Encryption is an optimized solution for native SAS/SATA HBA applications. It is the heart of any VNX storage system, providing the interface to the physical storage media. Its benefits include cost and universal drive support for SAS and SATA disks. The VNX 6Gb/s SAS I/O Module with Encryption is a high-density SAS controller solution that significantly increases total system performance, diagnostics, scalability and manageability. It provides the highest density, lowest power/port SAS controller solution available."
2584Advantech B+B Smartworx
Westlink Commercial Park
Oranmore
Co. Galway
Ireland

Paul Conway
TEL: +353 91 792444
FAX: +353 91 792445

CST Lab: NVLAP 200556-0
Advantech B+B SmartWorx Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/21/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Conel Linux 5 running on a Spectre V3 LTE (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3515 and #3516); CVL (Cert. #587); DRBG (Cert. #877); HMAC (Cert. #2244); RSA (Cert. #1805); SHS (Certs. #2896, #2897 and #2898); Triple-DES (Certs. #1974 and #1975)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); Triple-DES (Cert. #1974, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-Chip Stand Alone

"The Advantech B+B SmartWorx Cryptographic Module is a software module that provides cryptographic services to Advantech B+B SmartWorx products. The module provides a number of FIPS 140 validated cryptographic algorithms for services such as IPsec. The module provides applications with a library interface that enables them to access the various cryptographic algorithm functions supplied by the module."
2583Box, Inc.
900 Jefferson Ave
Redwood City, CA 94063
USA

Crispen Maung
TEL: 877-729-4269

CST Lab: NVLAP 200968-0
Box JCA Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/21/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Scientific Linux 6.4 with JRE 1.6.0 on Vmware vSphere 5.0 running on Intel(R) Xeon(R) X5675 (Dell PowerEdge R610)
Scientific Linux 6.4 with JRE 1.7.0 on Vmware vSphere 5.0 running on Intel(R) Xeon(R) X5675 (Dell PowerEdge R610) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2666); DRBG (Cert. #429); HMAC (Cert. #1657); SHS (Cert. #2239)

-Other algorithms: AES (non-compliant); Blowfish; DES; Triple-DES (non-compliant); RC2; Diffie-Hellman (non-compliant); PBE (non-compliant); ARCFOUR; RSA (non-compliant); HMAC-MD5; PBKDF (non-compliant); DSA (non-compliant); MD2; MD5; PRNG (non-compliant); NDRNG

Multi-Chip Stand Alone

"Box JCA Cryptographic Module is a Java Cryptography Architecture provider that provides encryption, hashing and random number generation utilizing FIPS 140-2 validated algorithms."
2582Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Reznik
TEL: +420 532 294 111
FAX: +420 541 426 177

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux 6.6 Kernel Crypto API Cryptographic Module
(Software Version: 3.1)
(When operated in FIPS mode with Network Security Services (NSS) Module validated to FIPS 140-2 under Cert. #2564 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software03/16/2016
04/12/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA
Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3145, #3146, #3147, #3148, #3149, #3150, #3151, #3152, #3218 and #3219); DRBG (Certs. #639, #640, #641, #642, #643, #644, #645 and #646); DSA (Certs. #892, #893, #894, #895, #909 and #910); HMAC (Certs. #1933, #1934, #1935, #1936, #1985 and #1986); SHS (Certs. #2607 and #2608); Triple-DES (Certs. #1797 and #1798)

-Other algorithms: DES; SHA-256/SHA-512 (SSSE3/AVX/AVX2 implementation; non-compliant); HMAC SHA-256/SHA-512 (SSSE3/AVX/AVX2 implementation; non-compliant)

Multi-Chip Stand Alone

"The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 6.6 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator."
2581FireEye, Inc.
1440 McCarthy Ave.
Milipitas, CA 95035
USA

Peter Kim
TEL: 408-321-6300

CST Lab: NVLAP 201029-0
FireEye HX Series: HX 4400, HX 4400D, HX 4402, HX 9402
(Hardware Versions: HX 4400, HX 4400D, HX 4402, HX 9402; Firmware Version: 3.1.0)
(When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/14/2016Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941)

-Other algorithms: Diffie-Hellman (CVL Cert. #533, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; RC4; HMAC-MD5; NDRNG

Multi-Chip Stand Alone

"The FireEye HX series appliances enable security operations teams to correlate network and endpoint activity. Organizations can automatically investigate alerts generated by FireEye Threat Prevention Platforms, log management, and network security products, apply intelligence from FireEye to continuously validate Indicators of Compromises on the endpoints and identify if a compromise has occurred and assess the potential risk."
2580FireEye, Inc.
1440 McCarthy Ave.
Milipitas, CA 95035
USA

Peter Kim
TEL: 408-321-6300

CST Lab: NVLAP 201029-0
FireEye MX Series: MX 900, MX 8400
(Hardware Versions: MX 900, MX 8400; Firmware Version: 2.0.3)
(When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/14/2016Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941)

-Other algorithms: Diffie-Hellman (CVL Cert. #533, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; DES; RC4; HMAC-MD5; NDRNG

Multi-Chip Stand Alone

"The FireEye MX series appliances are mobile management platforms that work in conjunction with the FireEye MTP App to assimilate and disperse threat information to mobile endpoints, and offer integration with MDM solutions for a true detect to fix solution."
2579Qualcomm Technologies, Inc.
5775 Morehouse Dr
San Diego, CA 92121
USA

Lu Xiao
TEL: 858-651-5477
FAX: 858-845-1523

Yin Ling Liong
TEL: 858-651-7034
FAX: 858-845-1523

CST Lab: NVLAP 200658-0
QTI Inline Crypto Engine (UFS)
(Hardware Version: 2.1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/11/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3555 and #3557)

-Other algorithms: N/A

Single Chip

"QTI Inline Crypto Engine (UFS) provides high throughput storage data encryption and decryption."
2578IBM Security
6303 Barfield Road
Atlanta, GA 30328
USA

Ferrell Moultrie
TEL: 404-348-9293
FAX: N/A

CST Lab: NVLAP 200416-0
IBM Security Network Intrusion Prevention System Version 4.6.2
(Hardware Versions: GX4004, GX5008C, GX5008SFP, GX5208C, GX5208SFP, GX7412 and GX7800 with Tamper Evident Label Kit: 00VM255; Firmware Version: 4.6.2)
(When installed, initialized and configured as specified in the Security Policy Section 3. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/07/2016Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3204 and #3210); DRBG (Certs. #679 and #682); ECDSA (Certs. #588 and #591); HMAC (Certs. #2018 and #2023); RSA (Certs. #1633 and #1635); SHS (Certs. #2651 and #2657); Triple-DES (Certs. #1825 and #1827)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The Network Intrusion Prevention System (NIPS) automatically blocks malicious attacks while preserving network bandwidth and availability. The appliances are purpose-built, Layer 2 network security appliances that you can deploy either at the gateway or the network to block intrusion attempts, denial of service (DoS) attacks, malicious code, backdoors, spyware, peer-to-peer applications, and a growing list of threats without requiring extensive network reconfiguration."
2577Aruba, a Hewlett Packard Enterprise company
1344 Crossman Ave.
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 512-319-2480
FAX: n/a

CST Lab: NVLAP 201029-0
Aruba Linux Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/02/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755


-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG, Dual EC DRBG

Multi-Chip Stand Alone

"The Aruba Linux Cryptographic Module implements full and approved cryptographic algorithm support, including Suite B algorithm compliance, for Aruba products. It provides secure key management, data integrity, data at rest encryption, and secure communications."
2576Zinc Inc.
55 New Montgomery Street, Ste. 888
San Francisco, CA 94105
USA

Evan Owen
TEL: 877-586-5682

CST Lab: NVLAP 201029-0
Zinc Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/02/2016
08/08/2016
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus
iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3
iOS 7 running on a iPad 3

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG; Dual EC DRBG

Multi-Chip Stand Alone

"The Zinc Cryptographic Module provides cryptographic functions for Zinc Inc.’s mobile applications."
2575Cellcrypt
6121 Lincolnia Rd
Suite 100
Alexandria, VA 22312
USA

Richard Chen
TEL: 571-243-9445

CST Lab: NVLAP 100432-0
Cellcrypt Secure Core 3 FIPS 140-2 Module
(Software Version: 2.0.10)
(When operated in FIPS mode and built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/02/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1)Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00)Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64)Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2)Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without NEON (gcc Compiler Version 4.7.3)Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3)Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3)Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3)FreeBSD 10.0 running on Xeon E5- 2430L (x86) with PAA (clang Compiler Version 3.3)Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 5.1)Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 5.1)iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56)iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)iOS 8.1 32-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56)iOS 8.1 32-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56)Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9)Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9)Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9)
Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9) (single user mode)

-FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929, #3090 and #3264); CVL (Certs. #10, #12, #24, #36, #49, #53, #71, #85, #260, #331, #372 and #472); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540, #607 and #723); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870, #896 and #933); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528, #558 and #620); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856, #1937 and #2063); RSA (Certs. #1086, #1145, #1205, #1273, #1477, #1535, #1581 and #1664); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465, #2553 and #2702); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742, #1780 and #1853)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG

Multi-Chip Stand Alone

"Cellcrypt Secure Core 3 FIPS 140-2 Module Version 2.0.10 is a cryptographic software library providing privacy, authentication and integrity services. There are three major protocol groups supported:- Offline or store-and-forward based protocols- File storage and message attachments- Online or session-based protocols"
2574Hewlett Packard Enterprise Development LP
11445 Compaq Center Dr. W
Houston, TX 77070
USA

Luis Luciani
TEL: 1-281-518-6762

CST Lab: NVLAP 200928-0
iLO 4 Cryptographic Module
(Hardware Versions: GLP-4: 531510-004 [1], GLP-3: 531510-003 [2] and Sabine: 610107-002 [3]; Flash Memory: (820595-001 [1,2,3]); NVRAM: (820597-001 [1]), (820596-001 [2,3]); DDR3 SDRAM: (820594-001 [1,2,3]); Firmware Version: 2.11)
(When installed, initialized and configured as specified in the Security Policy Section 3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/02/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3398, #3399, #3400 and #3401); CVL (Cert. #502); DRBG (Cert. #814); DSA (Cert. #959); ECDSA (Cert. #676); HMAC (Cert. #2169); RSA (Cert. #1740); SHS (Cert. #2814); Triple-DES (Cert. #1924)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; MD5

Multi-Chip Embedded

"The HP Integrated Lights-Out 4 (HP iLO 4) built into HP ProLiant Gen8 and Gen9 servers is an autonomous secure management component embedded directly on the server motherboard. iLO helps simplify initial server setup, power and thermal optimization, remote server administration, and provides server health monitoring with the HP Active Health System (AHS)."
2573Aruba, a Hewlett Packard Enterprise company
1344 Crossman Ave.
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 512-319-2480
FAX: n/a

CST Lab: NVLAP 100432-0
Aruba Common Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/01/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Windows 7 Enterprise 32-bit User Mode running on an IBM ThinkPad Lenovo
Windows 7 Enterprise 64-bit User Mode running on an IBM ThinkPad Lenovo
Android 4.0 running on a Droid 3 Smartphone
Red Hat Enterprise Linux 6 with Linux 2.6 Kernel (32-bit) running on a Dell Dimension 9200 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2744 and #2746); CVL (Certs. #265 and #266); DRBG (Certs. #496 and #498); ECDSA (Certs. #499 and #500); HMAC (Certs. #1721 and #1722); RSA (Certs. #1483 and #1484); SHS (Certs. #2316 and #2317); Triple-DES (Certs. #1652 and #1653)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX; AES XCBC; AES MAC (non-compliant); RSAES-OAEP

Multi-Chip Stand Alone

"The Aruba Common Cryptographic Module Version 1.0 is a software shared library that provides cryptographic services required by Aruba software applications."
2572McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

James Reardon
TEL: 651-628-5346
FAX: n/a

CST Lab: NVLAP 100432-0
Network Security Platform Sensor M-8000 S
(Firmware Version: 8.1.15.14)
(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/25/2016
05/03/2016
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3155); CVL (Certs. #407 and #598); DRBG (Cert. #648); HMAC (Cert. #1988); RSA (Certs. #1598 and #1824); SHS (Certs. #2610 and #2922)

-Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant)

Multi-Chip Stand Alone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2571Canon U.S.A., Inc.
One Canon Park
Melville, NY 11747
USA

Jiuyuan Ge
TEL: 631-330-5774

CST Lab: NVLAP 200427-0
Canon imageRUNNER Crypto Module 2.1.1.1 for MEAP
(Software Version: 2.1.1.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/25/2016Overall Level: 1

-Physical Security: N/A
-Operational Environment: MontaVista Linux running on a Canon imageRUNNER with MEAP SDK 4.60 SP4 and CDC 1.1 Foundation Profile 1.1 with optional JCE provider package (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3442); CVL (Cert. #528); DRBG (Cert. #840); DSA (Cert. #969); ECDSA (Cert. #694); HMAC (Cert. #2191); KBKDF (Cert. #60); KTS (AES Cert. #3442); RSA (Cert. #1763); SHS (Cert. #2842); Triple-DES (Cert. #1939)

-Other algorithms: DES; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); ECIES; HMAC-MD5; MD4; MD5; NDRNG; PBE; RC2; RC4; RNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP; Triple-DES (Cert. #1939, key wrapping; key establishment methodology provides 112 bits of encryption strength);

Multi-Chip Stand Alone

"Canon imageRUNNER Crypto Module for MEAP security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements"
2570Certicom Corp.
4701 Tahoe Blvd.,
Building A
Mississauga, Ontario L4W 0B5
Canada

Certicom Support
TEL: 905-507-4220
FAX: n/a

Certicom Sales
TEL: 905-507-4220
FAX: n/a

CST Lab: NVLAP 200928-0
Security Builder® Linux Kernel Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Appendix A)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/23/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: CentOS 7 64-bit running on a Kontron NSN2U IP Network Server with PAA
CentOS 7 64-bit running on a Kontron NSN2U IP Network Server without PAA
Android 5.1 64-bit running on a Qualcomm Snapdragon MSM8992 development device (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3464); DRBG (Cert. #850); HMAC (Cert. #2209); SHS (Cert. #2859); Triple-DES (Cert. #1953)

-Other algorithms: AES GCM (Cert. #3464; non-compliant); AES LRW; DES; RNG

Multi-Chip Stand Alone

"Certicom Security Builder® Linux Kernel Cryptographic Module is a software-only external Linux Kernel module that provides general-purpose cryptographic services to the remainder of the kernel."
2569Hiddn Security AS
Nedre Slottgate 25
Oslo 0157
Norway

Atle Haga
TEL: +47 92452750
FAX: +47 38104499

Terje Leira
TEL: +47 91112899
FAX: +47 38104499

CST Lab: NVLAP 100432-0
CM1+
(Hardware Versions: PCBA P/N HGD-59400200 with PCB P/N HGD-59300039, Rev C; Firmware Versions: CM1+ HW v1.8.7.4, CM1+ FW v1.8.7.5)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/22/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3362)

-Other algorithms: AES (Cert. #3362, key wrapping; key establishment methodology provides 192 bits of encryption strength)

Multi-Chip Embedded

"The CM1+ is a 256-bit AES hardware encryption engine for protection of data at rest. The unit operates on the SATA protocol independent of the storage device, which allows encryption of disk drives of various storage capacities."
2568Security First Corp.
29811 Santa Margarita Parkway
Suite 600
Rancho Santa Margarita, CA 92688
USA

Rick Orsini
TEL: 949-858-7525
FAX: 949-858-7092

CST Lab: NVLAP 100432-0
SecureParser®
(Software Version: 4.7.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/22/2016Overall Level: 1

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Operational Environment: Microsoft Windows 8 64-bit running on a Lenovo ThinkPad X140e with PAA
Microsoft Windows 8 64-bit running on a Lenovo ThinkPad X140e without PAA
Microsoft Windows 7 64-bit running on a Dell Inspiron 660 with PAA
Microsoft Windows 7 64-bit running on a Dell Inspiron 660 without PAA
Android 4.4 running on a Samsung Galaxy S5
Android 5.0 running on a Samsung Galaxy Note 3
Android 4.4 running on Samsung Galaxy Note 4 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3365); DRBG (Cert. #793); ECDSA (Cert. #668); HMAC (Cert. #2145); RSA (Cert. #1729); SHS (Cert. #2790)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #3365, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Multi-Chip Stand Alone

"The SecureParser® is a security and high data availability architecture delivered in the form of a software toolkit that provides cryptographic data splitting (data encryption, random or deterministic distribution to multiple shares including additional fault tolerant bits, key splitting, authentication, integrity, share reassembly, key restoration and decryption) of arbitrary data. During the split process, additional redundant data may be optionally written to each share enabling the capability of restoring the original data when all shares are not available."
2567IBM Security
6303 Barfield Road
Atlanta, GA 30328
USA

Ferrell Moultrie
TEL: (404) 348-9293
FAX: N/A

CST Lab: NVLAP 200416-0
IBM Security XGS 3100, XGS 4100, XGS 5100, and XGS 7100
(Hardware Versions: XGS 3100, XGS 4100, XGS 5100 and XGS 7100; FIPS-LABELS: FIPS 140 tamper evidence labels P/N 00VM255; Firmware Version: 5.3.1)
(When installed, initialized and configured as specified in the Security Policy Section 3. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/19/2016Overall Level: 2

-Operational Environment: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3280, #3282, #3283, #3284, #3307, #3308, #3309 and #3310); CVL (Certs. #463, #465, #466 and #467); DRBG (Certs. #738, #740, #741, #742, #756, #757, #758 and #759); DSA (Certs. #937, #939, #940 and #941); ECDSA (Certs. #633, #635, #636, #637, #640, #641, #642 and #643); HMAC (Certs. #2077, #2079, #2080, #2081, #2099, #2100, #2101 and #2102); RSA (Certs. #1677, #1679, #1680, #1681, #1691, #1692, #1693 and #1694); SHS (Certs. #2718, #2720, #2721, #2722, #2740, #2741, #2742 and #2743); Triple-DES (Certs. #1867, #1869, #1870, #1871, #1883, #1884, #1885 and #1886)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The Network Intrusion Prevention System (IPS) automatically blocks malicious attacks while preserving network bandwidth and availability. The appliances are purpose-built, Layer 2 network security appliances that you can deploy either at the gateway or the network to block intrusion attempts, denial of service (DoS) attacks, malicious code, backdoors, spyware, peer-to-peer applications, and a growing list of threats without requiring extensive network reconfiguration. The XGS 3100, XGS 4100, XGS 5100, and XGS 7100 can be securely managed via SiteProtector, which is a central management console"
2566Skyhigh Networks
900 E. Hamilton Ave.
Suite 400
Campbell, CA 95008
USA

Skyhigh Networks

CST Lab: NVLAP 201029-0
Java Crypto Module
(Hardware Version: N/A; Firmware Version: N/A; Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/18/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with Windows Server 2012 with Java Runtime Environment (JRE) v1.7.0_17 running on OEM PowerEdge R420 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3192); DRBG (Cert. #668); DSA (Cert. #914); ECDSA (Cert. #583); HMAC (Cert. #2011); RSA (Cert. #1622); SHS (Cert. #2637); Triple-DES (Cert. #1818)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); RNG (non-compliant); Blowfish; Camellia; CAST5; CAST6; ChaCha; DES; Triple-DES (non-compliant); ElGamal; GOST28147; GOST3411; Grain128; Grainv1; HC128; HC256; IDEA; IES; ISAAC; MD2; MD4; MD5; Naccache Stern; Noekeon; Password-Based-Encryption (PBE); RC2; RC2 Key Wrapping; RC4; RC532; RC564; RC6; RFC3211 Wrapping; RFC3394 Wrapping; Rijndael; Ripe MD128; Ripe MD160; Ripe MD256; Ripe MD320; RSA Encryption; Salsa 20; SEED; SEED Wrapping; Serpent; Shacal2; SHA-3 (non-compliant); SHA-512/t (non-compliant); Skein-256-*; Skein-512-*; Skein-1024-*; Skipjack; DRBG (non-compliant); TEA; Threefish; Tiger; TLS v1.0 KDF (non-compliant); Twofish; VMPC; Whirlpool; XSalsa20; XTEAEngine

Multi-Chip Stand Alone

"The Java Crypto Module provides cryptographic functions for Skyhigh Networks cloud visibility and enablement products."
2565Hiddn Security AS
Nedre Slottgate 25
Oslo 0157
Norway

Atle Haga
TEL: +47 92452750
FAX: +47 38104499

Terje Leira
TEL: +47 91112899
FAX: +47 38104499

CST Lab: NVLAP 100432-0
coCrypt CM1+
(Hardware Versions: PCBA P/N HGD-59401600 with PCB P/N HGD-59300063, Rev G; Firmware Versions: coCrypt CM1+ HW v1.8.8.4, CM1+ FW v1.8.7.5, Host Controller FW v1.0.5.8)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/18/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3362)

-Other algorithms: AES (Cert. #3362, key wrapping; key establishment methodology provides 192 bits of encryption strength)

Multi-Chip Embedded

"The coCrypt CM1+ is a 256-bit AES hardware encryption engine which encrypts data either to a replacable microSD storage card or an USB flash drive. The unit allows the user to expand the storage capacity whenever needed."
2564Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Reznik
TEL: +420 532 294 111
FAX: +420 541 426 177

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux 6.6 NSS Module
(Software Version: 3.14.3-22)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software02/17/2016Overall Level: 2

-Physical Security: N/A
-Operational Environment: Red Hat Enterprise Linux 6.6 running on ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 6.6 running on ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 6.6 running on System x3500 M4 with PAA
Red Hat Enterprise Linux 6.6 running on System x3500 M4 without PAA

-FIPS Approved algorithms: AES (Certs. #3076, #3077, #3078, #3079, #3080, #3081, #3082, #3083, #3084, #3085, #3086 and #3087); CVL (Certs. #368, #369, #370 and #371); DRBG (Certs. #603, #604, #605 and #606); DSA (Certs. #892, #893, #894 and #895); ECDSA (Certs. #554, #555, #556 and #557); HMAC (Certs. #1933, #1934, #1935 and #1936); RSA (Certs. #1577, #1578, #1579 and #1580); SHS (Certs. #2549, #2550, #2551 and #2552); Triple-DES (Certs. #1776, #1777, #1778 and #1779)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; MD2; RC2; Camellia; J-PAKE; DES; SEED; Triple-DES (Certs. #1776, #1777, #1778 and #1779, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Certs. #3076, #3077, #3078, #3079, #3080, #3081, #3082, #3083, #3084, #3085, #3086 and #3087, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); CTS block chaining mode

Multi-Chip Stand Alone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/"
2563IBM Security
6303 Barfield Road
Atlanta, GA 30328
USA

Ferrell Moultrie
TEL: (404) 348-9293
FAX: N/A

CST Lab: NVLAP 200416-0
IBM Security SiteProtector System Cryptographic Module
(Software Version: 3.1.1)
(When installed, initialized and configured as specified in the Security Policy Section 3. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/17/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Operational Environment: Microsoft Windows Server 2012 R2 Standard running on IBM Security SP 4001 with Intel Core i7-2600 @ 3.4GHz (1-CPU / 4-core) processor (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3279); CVL (Cert. #462); DRBG (Cert. #737); ECDSA (Cert. #632); HMAC (Cert. #2076); RSA (Cert. #1676); SHS (Cert. #2717); Triple-DES (Cert. #1866)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #462, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength)

Multi-Chip Stand Alone

"SiteProtector is a centralized management system that unifies management and analysis for network, server, and desktop protection agents and small networks or appliances. The SiteProtector is used as the central controlling point for IBM ISS appliances deployed on the network."
2562Senetas Corporation Ltd. and SafeNet Inc.
312 Kings Way
South Melbourne, Victoria 3205
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Laurie Mack
TEL: 613-221-5065
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CN6000 Series Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B (AC), A6041B (DC) and A6042B (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B (AC), A6101B (DC) and A6102B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B (AC), A6041B (DC) and A6042B (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B (AC), A6101B (DC) and A6102B (AC/DC); Firmware Version: 2.6.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware02/17/2016Overall Level: 3

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3337, #3346, #3347 and #3348); CVL (Cert. #491); DRBG (Cert. #779); ECDSA (Cert. #661); HMAC (Cert. #2128); KAS (Cert. #58); RSA (Cert. #1727); SHS (Cert. #2772); Triple-DES (Cert. #1907)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The CN6000 Series is a high-speed hardware encryption platform that secures data over optical and twisted-pair Ethernet and Fibre Channel networks. Models validated are the CN6100 10G Ethernet operating at a line rate of 10Gb/s and the CN6040, Ethernet and FC selectable model operating at data rates up to 4Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is available on the CN6040 for applications that also demand authentication. Additionally TRANSEC (also known as Traffic Flow Security or TFS) transmission security capability can be used to remove patterns from"
2561Medtronic Care Management Services, LLC
7980 Century Blvd
Chanhassen, MN 55317
USA

Brian Golden
TEL: 888-243-8881

Ben Lange
TEL: 888-243-8881

CST Lab: NVLAP 100432-0
CC FM TLS/SRTP
(Software Version: 1.0.2)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/16/2016
03/22/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Windows Server 2008 R2 (x64) running on Intel Xeon E5620 (Dell PowerEdge R710), Android 4.0.4 running on ARM TI OMAP 4430 (Samsung Galaxy Tab 2) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3349); CVL (Certs. #494 and #495); DRBG (Certs. #794 and #795); HMAC (Cert. #2132); RSA (Cert. #1716); SHS (Cert. #2776)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SRTP-KDF (non-compliant); NDRNG

Multi-Chip Stand Alone

"CC FM TLS/SRTP facilitates secure communication for the TLS and SRTP protocols."
2560Unisys Corporation
801 Lakeview Drive
Suite 100
Blue Bell, PA 19422
USA

Ralph Farina
TEL: 610-648-3460

Timothy McCaffrey
TEL: 610-648-4477

CST Lab: NVLAP 200928-0
Unisys Linux Kernel Cryptographic API Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 11)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/12/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Ubuntu 12.04 LTS distribution running on a Dell PowerEdge R220 without PAA and with PCLMULQDQ and SSSE 3
Ubuntu 12.04 LTS distribution running on a Dell PowerEdge R220 without PAA
Ubuntu 12.04 LTS distribution running on a Dell PowerEdge R630 with PAA and with PCLMULQDQ
Ubuntu 12.04 LTS distribution running on a Dell PowerEdge R630 with PAA and with PCLMULQDQ and SSSE3
Ubuntu 12.04 LTS distribution with Vmware ESXi 5.5 running on a Dell PowerEdge R820 with PAA and with PCLMULQDQ
and Ubuntu 12.04 LTS distribution with Vmware ESXi 5.5 running on a Dell PowerEdge R820 with PAA and with PCLMULQDQ and SSSE3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3513 and #3519); HMAC (Certs. #2246 and #2247); SHS (Certs. #2900 and #2901)

-Other algorithms: N/A

Multi-Chip Stand Alone

"The Unisys Linux Kernel Cryptographic API Module is a software-only cryptographic module that comprises a set of Linux kernel modules. It provides general purpose cryptographic services to the remainder of the Linux kernel."
2559VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

Gary Sturdivant
TEL: 1-650-427-4429

Eric Betts
TEL: 1-650-427-1902

CST Lab: NVLAP 200928-0
VMware Horizon JCE (Java Cryptographic Extension) Module
(Software Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/12/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Horizon 6, version 6.2 with Sun JRE 1.8 on Windows Server 2012R2 Datacenter hosted on VMware vSphere Hypervisor (ESXi) 6.0 running on Dell PowerEdge R630
Horizon 6, version 6.2 with Sun JRE 1.8 on Windows 7 SP1 Enterprise (32 bit) hosted on VMware vSphere Hypervisor (ESXi) 6.0 running on Dell PowerEdge R630 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3554); DRBG (Cert. #905); DSA (Cert. #992); HMAC (Cert. #2268); RSA (Cert. #1830); SHS (Cert. #2929); Triple-DES (Cert. #1987)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less then 112 bits of encryption strength); AES (Cert. #3554, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1987, key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant); RC2; RC4; TWOFISH; IES; ECIES; DES; MD2; MD5; RIPEMD; TIGER; ISO9797 Alg3 MAC

Multi-Chip Stand Alone

"The VMware Horizon JCE (Java Cryptographic Extension) Module is a versatile software library that implements FIPS-140-2 approved cryptographic services for VMware products and platforms."
2558McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

James Reardon
TEL: 651-628-5346
FAX: n/a

CST Lab: NVLAP 100432-0
Network Security Platform Sensor M-8000 P
(Firmware Version: 8.1.15.14)
(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/11/2016
05/03/2016
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3155); CVL (Certs. #407 and #598); DRBG (Cert. #648); HMAC (Cert. #1988); RSA (Certs. #1598 and #1824); SHS (Certs. #2610 and #2922)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); SNMP KDF (non-compliant)

Multi-Chip Stand Alone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2557Senetas Corporation Ltd. and SafeNet Inc.
312 Kings Way
South Melbourne, Victoria 3205
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Laurie Mack
TEL: 613-221-5065
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CN Series Ethernet Encryptors
(Firmware Versions: 2.6.1 and 2.6.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware02/11/2016
04/11/2016
Overall Level: 3

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3335, #3342 and #3343); CVL (Cert. #489); DRBG (Cert. #777); ECDSA (Cert. #659); HMAC (Cert. #2126); KAS (Cert. #56); RSA (Cert. #1725); SHS (Cert. #2770); Triple-DES (Cert. #1905)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The CN4010 and CN6010 are high-speed hardware encryption modules that secure data over twisted-pair Ethernet and optical networks. The modules support data rates to 1Gb/s and 100Mb/s and 10Mb/s modes. The CN6010 is additionally equipped with pluggable SFPs to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES CFB and CTR algorithms as well as GCM for applications that demand authentication. Additional transmission security is provided via TRANSEC capability which can be used to remove patterns in network traffic and prevent traffic analysis."
2556Infineon Technologies AG
Am Campeon 1-12
Neubiberg, Bavaria 85579
Germany

Roland Ebrecht
TEL: +49-821-2585168
FAX: +49-821-2585130

Thomas Hoffmann
TEL: +49-821-2585124
FAX: +49-821-2585130

CST Lab: NVLAP 100432-0
Trusted Platform Module 1.2 SLB 9660/SLB 9665/SLB 9670
(Hardware Versions: P/Ns SLB 9660, SLB 9665 and SLB 9670; Firmware Version: 4.80.0411.02 or 6.80.0113.02)
(When operated in FIPS mode as specified in Security Policy Sections 1.1 and 8.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware02/09/2016Overall Level: 1

-EMI/EMC: Level 3
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3523 and #3524); RSA (Certs. #1809 and #1810); SHS (Certs. #2905 and #2906); DRBG (Certs. #882 and #883); HMAC (Certs. #2251 and #2252); KBKDF (Certs. #70 and #71); CVL (Certs. #579, #580, #581, #582, #583 and #584); KTS (AES Certs. #3523 and #3524 and HMAC Certs. #2251 and #2252; key establishment methodology provides 128 bits of encryption strength); RSAEP (SP 800-56B, vendor affirmed)

-Other algorithms: NDRNG; RSA (CVL Certs. #580 and #583, key wrapping provides 112 bits of encryption strength)

Single Chip

"The TPM is a single chip module that provides computer manufacturers with the core components of a subsystem used to assure authenticity, integrity and confidentiality in e-commerce and internet communications within a Trusted Computing Platform. The TPM is a complete solution implementing the TCG specifications Version 1.2, Revision 116, 1 March 2011. See www.trustedcomputinggroup.org for further information on TCG and TPM."
2555McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

James Reardon
TEL: 651-628-5346
FAX: n/a

CST Lab: NVLAP 100432-0
Network Security Platform Sensor M-1250, M-1450, M-2750, M-2850, M-2950, M-3050, M-4050 and M-6050
(Firmware Version: 8.1.15.14)
(When operated with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/09/2016
05/03/2016
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3155); CVL (Certs. #407 and #598); DRBG (Cert. #648); HMAC (Cert. #1988); RSA (Certs. #1598 and #1824); SHS (Certs. #2610 and #2922)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; RC4; DES; AES (non-compliant); HMAC (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); SNMP KDF (non-compliant)

Multi-Chip Stand Alone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2554IBM® Corporation
12 - 14 Marine Parade
Seabank Centre
Southport, QLD 4215
Australia

Sandra Hernandez
TEL: 512-286-5624

Marie Fraser
TEL: +353 21 7306043

CST Lab: NVLAP 200416-0
IBM(R) Security QRadar(R) Cryptographic Security Kernel
(Software Version: 7.2)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software02/02/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Red Hat Enterprise Linux (RHEL) v6.5 running on a IBM System X3650 M4 BD (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3131); CVL (Cert. #397); DRBG (Cert. #753); HMAC (Cert. #1981); RSA (Cert. #1686); SHS (Cert. #2600); Triple-DES (Cert. #1794)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 202 bits of encryption strength); MD5; HMAC MD5; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)

Multi-Chip Stand Alone

"The IBM(R) Security QRadar(R) Cryptographic Security Kernel is multi-algorithm library providing general-purpose cryptographic services. The purpose of the module is to provide a single API for cryptographic functionality that can provide centralized control over FIPS-Approved mode status, provide availability of only FIPS-Approved algorithms or vendor-affirmed implementations of non FIPS-Approved algorithms, and provide for centralized logging and reporting of the cryptographic engine."
2553ZOLL Medical Corporation
269 Mill Road
Chelmsford, MA 01824-4105
USA

Bryan Newman
TEL: 978-421-9843
FAX: n/a

Navid Shaidani
TEL: 978-421-9843
FAX: n/a

CST Lab: NVLAP 100432-0
R Series Data Comm II
(Hardware Version: 9214-00207 Rev A; Firmware Version: 03.02.007.1322)
(When operated in FIPS mode. This module contains the embedded module OpenSSL FIPS Object Module validated to FIPS 140-2 under Cert. #1747 operating in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/02/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3276); CVL (Cert. #458); DRBG (Cert. #734); DSA (Cert. #935); ECDSA (Cert. #631); HMAC (Cert. #2074); RSA (Cert. #1688); SHS (Certs. #2714 and #2715); Triple-DES (Cert. #1864); KTS (AES Cert. #3276 and HMAC Cert. #2074; key establishment methodology provides 256 bits of encryption strength)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC4; AES CCM (non-compliant)

Multi-Chip Stand Alone

"The ZOLL R Series Data Comm II module allows data to be wirelessly transmitted."
2552Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352
FAX: n/a

CST Lab: NVLAP 100432-0
Motorola Solutions Astro Subscriber uMACE - Level 3
(Hardware Version: AT8358Z04; Firmware Versions: R01.06.57 and [R01.00.02 or (R01.00.02 and R01.00.03)])
(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/02/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3414 and #3415); DRBG (Cert. #820); ECDSA (Cert. #684); HMAC (Cert. #2174); RSA (Cert. #1747); SHS (Certs. #2821 and #2822)

-Other algorithms: AES MAC (AES Cert. #3415, vendor affirmed; P25 AES OTAR); LFSR; NDRNG

Single Chip

"The uMACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
2551

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/04/2016Overall Level: 2

Multi-Chip Embedded
2550Intel Corporation
2200 Mission College Blvd.
Santa Clara, CA 95054-1549
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Linux Cryptographic Module
(Software Version: 1.0.1)
(When installed, initialized and configured as indicated in the Security Policy in Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/29/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: McAfee Linux 2.2.3 running on an Intel SR1530SH
McAfee Linux 2.2.3 running on an Intel SR2625URLX
McAfee Linux 2.2.3 on VMware ESXi 5.0 running on an Intel SR2625URLX (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3116 and #3117); CVL (Certs. #378 and #379); DRBG (Certs. #627 and #628); DSA (Certs. #900 and #901); HMAC (Certs. #1953 and #1954); RSA (Certs. #1587 and #1588); SHS (Certs. #2572 and #2573); Triple-DES (Certs. #1787 and #1788)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The McAfee Linux Cryptographic Module provides cryptographic services for McAfee Linux and security appliance products built upon this platform. McAfee Linux is an operating system built with a focus on the needs of security appliances."
2549SUSE, LLC
10 Canal Park, Suite 200
Cambridge, Massachusetts 02141
USA

Thomas Biege
TEL: +49 911 74053 500

Michael Hager
TEL: +49 911 74053 80

CST Lab: NVLAP 200658-0
SUSE Linux Enterprise Server 12 - Kernel Crypto API Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module v2.0 validated to FIPS 140-2 under Cert. #2435 operating in FIPS mode and with module SUSE Linux Enterprise Server 12 - StrongSwan Cryptographic Module version 1.0 validated to FIPS 140-2 under Cert. #2484 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software01/29/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: SUSE Linux Enterprise Server 12 operating on HP ProLiant DL320e Generation 8 with PAA
SUSE Linux Enterprise Server 12 operating on HP ProLiant DL320e Generation 8 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3286, #3287, #3288, #3297 and #3298); DRBG (Certs. #744, #745, #746 and #747); HMAC (Certs. #2083, #2084, #2085 and #2086); RSA (Cert. #1687); SHS (Certs. #2724, #2725, #2726 and #2727); Triple-DES (Cert. #1873)

-Other algorithms: Anubis; ARC4; Blowfish; Camellia; CAST5; CAST6; DES; Fcrypt; Khazad; Salsa20; SEED; Serpent; TEA; XTEA; XETA; Twofish; Two key Triple-DES (non-compliant); LRW mode; Fcrypt-PCBC; MD4; MD5; Michael Mic; RIPEMD; Tiger; Whirlpool

Multi-Chip Stand Alone

"SUSE Kernel Crypto API module provides cryptographic services to the Linux operating system kernel."
2548Redpine Signals, Inc.
2107 N. First Street #680
San Jose, CA 95131-2019
USA

Mallik Reddy
TEL: 408-748-3385 Ext. 202
FAX: 408-705-2019

CST Lab: NVLAP 200802-0
RS9113
(Hardware Version: 6.0; Firmware Version: RS9113.N00.WC.FIPS.OSI.1.2.6 with Bootloader version 1.7)
(When operated in FIPS mode. When initialized and configured as specified in Section 5.2 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/28/2016Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3299 and #3300); KTS (AES Cert. #3299; key establishment methodology provides 112 bits of encryption strength); SHS (Cert. #2628); HMAC (Cert. #2003); RSA (Cert. #1689); DRBG (Cert. #907); KBKDF (Cert. #50); CVL (Cert. #474)

-Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5; RC4; DES; HMAC-MD4

Multi-Chip Embedded

"The RS9113 modules' family is based on Redpine Signals' RS9113 ultra-low-power Convergence SoC. These modules offer dual-band 1x1 802.11n, dual-mode Bluetooth 4.0 and Zigbee 802.15.4 in a single device. They are high performance, long range and ultra-low power modules. The modules provide guaranteed availability of connectivity at all locations within the defined zones, availability at all times, devices' mobility, security of data collection and transmission to backend database, low power for battery operated devices and bandwidth needs."
2547Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352
FAX: n/a

CST Lab: NVLAP 100432-0
Motorola Solutions Astro Subscriber uMACE - Level 2
(Hardware Version: AT8358Z04; Firmware Versions: R01.06.57 and [R01.00.02 or (R01.00.02 and R01.00.03)])
(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/28/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Operational Environment: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3414 and #3415); DRBG (Cert. #820); ECDSA (Cert. #684); HMAC (Cert. #2174); RSA (Cert. #1747); SHS (Certs. #2821 and #2822)

-Other algorithms: AES MAC (AES Cert. #3415, vendor affirmed; P25 AES OTAR); LFSR; NDRNG

Single Chip

"The uMACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
2546Senetas Corporation Ltd. and SafeNet Inc.
312 Kings Way
South Melbourne, Victoria 3205
Australia

John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

Laurie Mack
TEL: 613-221-5065
FAX: 613-723-5079

CST Lab: NVLAP 200996-0
CN1000/CN3000 Series Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN1000 Series: A5141B (AC); CN3000 Series: A5203B (AC) and A5204B (DC); Senetas Corp. Ltd. & SafeNet Inc. CN1000 Series: A5141B (AC); CN3000 Series: A5203B (AC) and A5204B (DC); Firmware Version: 4.6.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/26/2016Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3336, #3344 and #3345); CVL (Cert. #490); DRBG (Cert. #778); ECDSA (Cert. #660); HMAC (Cert. #2127); KAS (Cert. #57); RSA (Cert. #1726); SHS (Cert. #2771); Triple-DES (Cert. #1906)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The CN1000/CN3000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet networks. The CN1000 Series supports line rates of 10/100/1000 Mbps while the CN3000 extends the CN Series line rate capability to 10Gbps.SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such."
2545HID Global and Oberthur Technologies
611 Center Ridge Drive
Austin, TX 78753
USA

Jean-Luc Azou
TEL: 510-574-1738
FAX: 510-574-0101

Christophe Goyet
TEL: 703-322-8951

CST Lab: NVLAP 100432-0
HID Global ActivID Applet Suite v2.7.3 on Oberthur Technologies Cosmo V8
(Hardware Version: Oberthur Technologies '0F'; Firmware Versions: Oberthur Technologies '5601' and HID Global ActivID Applet Suite 2.7.3)
(When operated with module ID-One PIV-C on Cosmo V8 validated to FIPS 140-2 under Cert. #2303 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/26/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2910 and #2911); CVL (Cert. #336); DRBG (Cert. #537); ECDSA (Cert. #526); KAS (Cert. #48); KBKDF (Cert. #33); RSA (Cert. #1532); SHS (Cert. #2449); Triple-DES (Cert. #1727)

-Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength)

Single Chip

"HID Global ActivID Applet v2.7.3 is a Java Card applet suite that uses the Oberthur Technologies Cosmo v8 operating system. The product can be used over contact and contactless interface and can be configured for support of GSC-IS v2.1 and PIV standards (NIST SP 800-73-4 and SP 800-78-4) in a PIV commercial (CIV) configuration."
2544HID Global and Giesecke & Devrient
611 Center Ridge Drive
Austin, TX 78753
USA

Jean-Luc Azou
TEL: 510-574-1738
FAX: 510-574-0101

Jatin Deshpande
TEL: 650-336-4066
FAX: 703-480-2124

CST Lab: NVLAP 100432-0
HID Global ActivID Applet Suite v2.7.3 on Giesecke & Devrient Sm@rtCafé Expert 7.0
(Hardware Version: SLE78CLFX4000P(M) M7892; Firmware Versions: Sm@rtCafé Expert 7.0 and HID Global ActivID Applet Suite 2.7.3)
(When operated with module Sm@rtCafé Expert 7.0 validated to FIPS 140-2 under Cert. #2327 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/26/2016Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Operational Environment: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2720 and #2721); CVL (Cert. #177); DRBG (Cert. #455); ECDSA (Cert. #476); KBKDF (Cert. #18); RSA (Cert. #1507); SHS (Certs. #2289 and #2290); Triple-DES (Cert. #1637)

-Other algorithms: NDRNG; AES (Cert. #2721, key wrapping; key establishment methodology provides 128 bits of encryption strength); EC Diffie-Hellman (non-compliant)

Single Chip

"HID Global ActivID Applet v2.7.3 is a Java Card applet suite that uses the Sm@rtCafé Expert 7.0 operating system. The product can be used over contact and contactless interface and can be configured for support of GSC-IS v2.1 and PIV standards (NIST SP 800-73-4 and SP 800-78-4) in a PIV commercial (CIV) configuration."
2543Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381
FAX: 613-225-2951

CST Lab: NVLAP 200996-0
FortiClient 5.0 VPN Client
(Software Versions: FortiClient 5.0, build0367, 151201)
(When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/2016Overall Level: 2

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Windows 7 Enterprise Edition running on a Dell Optiplex 755 with the Fortinet entropy token (part number FTR-ENT-1) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2912 and #2924); CVL (Cert. #329); DRBG (Cert. #538); HMAC (Certs. #1842 and #1851); PBKDF (vendor affirmed); RSA (Cert. #1533); SHS (Certs. #2451 and #2460); Triple-DES (Certs. #1728 and #1737)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 144 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The FortiClient VPN client provides a FIPS 140-2 validated, IPSec and SSL VPN client for Windows platforms."
2542Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381
FAX: 613-225-2951

CST Lab: NVLAP 200996-0
FortiClient 5.0 VPN Client
(Software Versions: FortiClient 5.0, build0367, 151201)
(When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Windows 7 Enterprise Edition running on a Dell Optiplex 755 with the Fortinet entropy token (part number FTR-ENT-1) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2912 and #2924); CVL (Cert. #329); DRBG (Cert. #538); HMAC (Certs. #1842 and #1851); PBKDF (vendor affirmed); RSA (Cert. #1533); SHS (Certs. #2451 and #2460); Triple-DES (Certs. #1728 and #1737)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 144 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The FortiClient VPN client provides a FIPS 140-2 validated, IPSec and SSL VPN client for Windows platforms."
2541Relocation Management Worldwide
6077 Primacy Parkway
Suite 223
Memphis, TN 38119
USA

Rob Gerwing
TEL: 303-716-5939
FAX: (303) 974-1108

CST Lab: NVLAP 200416-0
VERN (TM) RMW Crypto Library
(Software Version: 1.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/26/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Microsoft Windows Server 2012 running on a Dell Power Edge 2950 Server (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3275); HMAC (Cert. #2240); SHS (Cert. #2713)

-Other algorithms: N/A

Multi-Chip Stand Alone

"The VERN RMW Crypto Library version 1.2 is a software cryptographic library that provides cryptographic services to the overall VERN Web application. The software contains implementations of approved cryptographic algorithms."
2540Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381
FAX: 613-225-2951

CST Lab: NVLAP 200996-0
FortiMail-1000D and FortiMail-3000D
(Hardware Versions: Fortimail-1000D: C1AA85 with Disk Trays P/N: SP-D2000 and Power Supplies P/N: SP-FXX1000D-PS, FortiMail-3000D: C1AA63 with Disk Trays P/N: SP-D2TC and Power Supplies P/N: D750E-S1, Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: FortiMailOS 5.2, build0460,150922)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/25/2016Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3500); CVL (Cert. #574); DRBG (Cert. #873); HMAC (Cert. #2239); RSA (Cert. #1801); SHS (Cert. #2892); Triple-DES (Cert. #1971)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-Chip Stand Alone

"The FortiMail family of email security appliances provide an effective barrier against the ever-rising volume of sophisticated spam and malware and includes features designed to facilitate regulatory compliance. FortiMail 5.2 offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, malware emulation both locally and via integration with FortiSandbox, data leak prevention, identity based encryption and extensive quarantine and archiving capabilities."
2539Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381
FAX: 613-225-2951

CST Lab: NVLAP 200996-0
FortiMail 5.2
(Firmware Versions: FortiMailOS 5.2, build0460,150922)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware01/25/2016Overall Level: 1

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: FortiMail-3000D with the Fortinet entropy token (part number FTR-ENT-1)

-FIPS Approved algorithms: AES (Cert. #3500); CVL (Cert. #574); DRBG (Cert. #873); HMAC (Cert. #2239); RSA (Cert. #1801); SHS (Cert. #2892); Triple-DES (Cert. #1971)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-Chip Stand Alone

"The FortiMail family of email security appliances provide an effective barrier against the ever-rising volume of sophisticated spam and malware and includes features designed to facilitate regulatory compliance. FortiMail 5.2 offers both inbound and outbound scanning, advanced antispam and antivirus filtering capabilities, malware emulation both locally and via integration with FortiSandbox, data leak prevention, identity based encryption and extensive quarantine and archiving capabilities."
2538Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade(R) 7840 Extension Switch
(Hardware Version: {7840 Extension Switch (P/N 80-1008000-01)} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.4.0 (P/N 51-1001672-01))
(When operated in FIPS mode and when tamper evident labels are installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/19/2016
07/19/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1723); AES (Certs. #2892, #3130 and #3132); SHS (Certs. #2435 and #2571); HMAC (Certs. #1828 and #1952); DRBG (Certs. #635 and #672); RSA (Cert. #1522); ECDSA (Cert. #522); CVL (Certs. #318, #319, and #396);

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SNMPv3 KDF (non-compliant); HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5; HMAC-MD5-96; DES; DES3; DESX; RC2; RC4; NDRNG; MD2; MD4; MD5; ARCFOUR; BF; CAST; RIPEMD160; UMAC-64; EC Diffie-Hellman (CVL Certs. #311, #318 and #320, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); AES (non-compliant); IKEv2 KDF (non-compliant); SHA-1 (non-compliant); SHA-256 (non-compliant); HMAC-SHA-512 (non-compliant)

Multi-Chip Stand Alone

"The Brocade 7840 Extension Switch provides fast, reliable WN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
2537

CST Lab: NVLAP 200802-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/15/2016Overall Level: 2

Multi-Chip Stand Alone
2536

CST Lab: NVLAP 200802-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/15/2016Overall Level: 2

Multi-Chip Stand Alone
2535

CST Lab: NVLAP 200802-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/15/2016Overall Level: 1

Multi-Chip Stand Alone
2534Kodiak Networks, Inc.
1501 10th Street
Suite 130
Plano, TX 75074
USA

Terry Boland
TEL: 972-665-3381
FAX: 972-665-0198

Sanjay Kulkarni
TEL: 972-665-3222
FAX: 972-665-0198

CST Lab: NVLAP 100432-0
Push To Talk Client Crypto Module
(Software Version: 3.6.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/14/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: iOS 8.1 running on iPhone™ 6 and Android 4.4 running on Samsung Galaxy S5 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3330 and #3417); DRBG (Certs. #775 and #821); HMAC (Certs. #2121 and #2175); RSA (Certs. #1710 and #1749); SHS (Certs. #2763 and #2823); Triple-DES (Certs. #1901 and #1928)

-Other algorithms: RSA (non-compliant); Diffie-Hellman; EC Diffie-Hellman; MD5; AES GCM (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5

Multi-Chip Embedded

"Kodiak Push-to-Talk is a carrier-integrated Broadband Push-to-Talk service platform. It sets a new standard for instant communications by providing PTT service over 4G LTE, 4G HSPA+, Wi-Fi, and 3G."
2533Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0840
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade(R) MLXe(R) NetIron(R) Ethernet Routers
(Hardware Versions: {[BR-MLXE-4-MR2-M-AC (80-1006870-01), BR-MLXE-4-MR2-M-DC (80-1006872-01), BR-MLXE-8-MR2-M-AC (80-1007225-01), BR-MLXE-8-MR2-M-DC (80-1007226-01), BR-MLXE-16-MR2-M-AC (80-1006827-02), BR-MLXE-16-MR2-M-DC (80-1006828-02), BR-MLXE-4-MR2-X-AC (80-1006874-03), BR-MLXE-4-MR2-X-DC (80-1006875-03), BR-MLXE-8-MR2-X-AC (80-1007227-03), BR-MLXE-8-MR2-X-DC (80-1007228-03), BR-MLXE-16-MR2-X-AC (80-1006829-04), BR-MLXE-16-MR2-X-DC (80-1006834-04)] with Component P/Ns 80-1005643-01, 80-1003891-02, 80-1002983-01, 80-1003971-01, 80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01, 80-1004113-01, 80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, 80-1005644-03, 80-1007878-02, 80-1007911-02, 80-1007879-02} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.8.00a)
(When operated in FIPS mode with the tamper evident labels installed as specified in Annex A and configured as specified in Tables 8, 12 and 16 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/12/2016Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1648, #2154, #2717, #2946, #3030 and #3144); KTS (AES Cert. #2946, key wrapping; key establishment methodology provides 112 bits of encryption strength); KTS (AES Cert. #2717 and HMAC Cert. #1696; key establishment methodology provides 112 bits of encryption strength); SHS (Certs. #934 and #2282); RSA (Cert. #1413); HMAC (Certs. #538 and #1696); DRBG (Certs. #454 and #684); CVL (Certs. #175, #393, #404, #436 and #437); KBKDF (Cert. #35); ECDSA (Certs. #546 and #593)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-SHA1-96; HMAC-MD5; MD5; DES; Triple-DES (non-compliant); EC Diffie-Hellman (CVL Certs. #436 and #437, key agreement; key establishment methodology provides between 128 or 192 bits of encryption strength)

Multi-Chip Stand Alone

"Brocade MLXe Series routers feature industry-leading 100 Gigabit Ethernet (GbE), 10 GbE, and 1 GbE wire-speed density; rich IPv4, IPv6, Multi-VRF, MPLS, and Carrier Ethernet capabilities without compromising performance; and advanced Layer 2 switching. This release introduces a new interface card BR-MLX-10GX4-IPSEC-M, which has built-in capability to negotiate IKEv2 sessions and establish IPSec tunnels to allow Virtual Private Networks to be created within the network. In addition, BR-MLX-10GX4-IPSEC-M has PHY level support for MACSec protocol."
2532

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/13/2016Overall Level: 2

Multi-Chip Embedded
2531Intel Corporation
2200 Mission College Blvd.
Santa Clara, CA 95054-1549
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Web Gateway WG5000 and WG5500 Appliances
(Hardware Versions: 5000 with EWG-5000-FIPS-KIT and 5500 with EWG-5500-FIPS-KIT; Firmware Version: 7.3.2.3.4)
(When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/11/2016Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3116); CVL (Cert. #378); DRBG (Cert. #627); DSA (Cert. #900); HMAC (Cert. #1953); RSA (Cert. #1587); SHS (Cert. #2572); Triple-DES (Cert. #1787)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today's most demanding enterprises. McAfee Web Gateway WG5000 and WG5500 Appliances deliver scalable deployment flexibility and performance. McAfee Web Gateway WG5000 and WG5500 Appliances deliver comprehensive security for all aspects of Web 2.0 traffic."
2530Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade(R) FCX 624/648, ICX (TM) 6610, ICX 6450, ICX 7750, ICX 7450 and SX 800/1600 Series
(Hardware Versions: {[FCX624S (80-1002388-08), FCX624S-HPOE-ADV (80-1002715-08), FCX624S-F-ADV (80-1002727-07), FCX648S (80-1002392-08), FCX648S-HPOE (80-1002391-10), FCX648S-HPOE-ADV (80-1002716-10), FCX-2XG (80-1002399-01)], [ICX 6610-24F-I (80-1005350-04), ICX 6610-24F-E (80-1005345-04), ICX 6610-24-I (80-1005348-05), ICX 6610-24-E (80-1005343-05), ICX 6610-24P-I (80-1005349-06), ICX 6610-24P-E (80-1005344-06), ICX 6610-48-I (80-1005351-05), ICX 6610-48-E (80-1005346-05), ICX 6610-48P-I (80-1005352-06), ICX 6610-48P-E (80-1005347-06)], [ICX 6450-24P (80-1005996-04), ICX 6450-24 (80-1005997-03), ICX 6450-48P (80-1005998-04), ICX 6450-48 (80-1005999-04), ICX 6450-C12-PD (80-1007578-01)], [ICX7750-48F (80-1007607-01), ICX7750-48C (80-1007608-01), ICX7750-26Q (80-1007609-01), with Components (80-1007871-01; 80-1007870-01; 80-1007872-01; 80-1007873-01; 80-1007738-01; 80-1007737-01; 80-1007761-01; 80-1007760-01; 80-1007632-01)], [ICX-7450-24 (80-1008060-01), ICX-7450-24P (80-1008061-01), ICX-7450-48 (80-1008062-01), ICX-7450-48P (80-1008063-01), ICX-7450-48F (80-1008064-01), with Components (123400000829A-R01; 123400000830A-R01; 123400000833A-R01; 80-1008334-01; 80-1008333-01; 80-1008332-01; 80-1008331-01; 80-1005261-04; 80-1005259-04; 80-1005262-03; 80-1005260-03; 80-1007165-03; 80-1007166-03; 80-1008308-01; 80-1008309-01)], [FI-SX800-S (80-1003050-03; 80-1007143-03), FI-SX1600-AC (80-1002764-02; 80-1007137-02), FI-SX1600-DC (80-1003005-02; 80-1007138-02), with Components (80-1002957-03; 80-1006486-02; 80-1007350-02; 80-1006607-01; 80-1007349-01; 80-1003883-02; 80-1003886-02; 11456-005; 11457-006; 18072-004)]} with FIPS Kit XBR-000195 (80-1002006-02); Firmware Version: IronWare R08.0.20a)
(When operated in FIPS mode with tamper evident labels installed and with the configurations in Tables 4, 7, 12 and 13 as defined in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/11/2016Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1613, #1614, #1615, #1617 and #1764); AES (Certs. #1197, #1276, #2687, #2688, #2690, #2697, #2981, #2984, #3008, #3133, #3139, #3140, #3141 and #3142); KTS (AES Cert. #2984, key wrapping; key establishment methodology provides 112 bits of encryption strength); SHS (Certs. #2258, #2259, #2260, #2265 and #2505); HMAC (Certs. #1674, #1675, #1676, #1679 and #1890); DRBG (Certs. #437, #438, #439, #442 and #569); DSA (Certs. #816, #817, #818, #819 and #887); RSA (Certs. #1387, #1388, #1391, #1396 and #1565); CVL (Certs. #155, #156, #159, #161, #362, #386, #387, #388, #389, #390, #391, #392, #398, #399 and #400); KBKDF (Cert. #36)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; HMAC-MD5; DES; Base64; Triple-DES (non-compliant); AES (non-compliant); SHA-1 (non-compliant); DSA (non-compliant)

Multi-Chip Stand Alone

"The FastIron SX series chassis devices are modular switches that provide the enterprise network with a complete end-to-end Enterprise LAN solution. The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. Brocade ICX 6450 switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks, and the Brocade ICX 7750 is a 10/40 GbE Ethernet switch. The Brocade ICX 7450 Switch delivers the performance, flexibility, and scalability required for enterprise Gigabit Ethernet ("
2529Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiAnalyzer-200D
(Hardware Version: C4FA20-01AA-0000 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version: v5.2.4-build0738 150923 (GA))
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/11/2016Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3595); CVL (Cert. #617); DRBG (Cert. #930); HMAC (Cert. #2292); RSA (Cert. #1849); SHS (Cert. #2957); Triple-DES (Cert. #2002)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-Chip Stand Alone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data."
2528Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiAnalyzer-3000D
(Hardware Version: C1AA61-03AA-0000 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version: v5.2.4-build0738 150923(GA))
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/10/2016Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3595); CVL (Cert. #617); DRBG (Cert. #930); HMAC (Cert. #2292); RSA (Cert. #1849); SHS (Cert. #2957); Triple-DES (Cert. #2002)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-Chip Stand Alone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data."
2527Francotyp-Postalia GmbH
Prenzlauer Promenade 28
Berlin 13089
Germany

Dirk Rosenau
TEL: +49-30220-660-616
FAX: +49-30220-660-494

Hasbi Kabacaoglu
TEL: +49-30220-660-616
FAX: +49-30220-660-494

CST Lab: NVLAP 200983-0
Postal mRevenector US 2014
(Hardware Version: Hardware P/N: 580036020300/01; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Softwareloader: 90.0036.0206.00/2011485001; US Application: 90.0036.0216.00/2014472001)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/05/2016Overall Level: 3

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); ECDSA (Cert. #559); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG

Multi-Chip Embedded

"Francotyp-Postalia (FP) is one of the leading global suppliers of mail center solutions. A major component of the business of FP is the development, manufacture and support of postal franking machines (postage meters). These postal franking machines incorporate a postal security device (PSD) that performs all postage meter cryptographic and postal security functions and which protects both Critical Security Parameters (CSPs) and Postal Relevant Data Items (PRDIs) from unauthorized access. The Postal mRevenector US 2014 is FP’s latest generation of PSD.The cryptographic module neither relie"
2526Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiAnalyzer 5.2
(Firmware Version: v5.2.4-build0738 150923(GA))
(When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Firmware01/05/2016Overall Level: 1

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: FortiAnalyzer-200D with the Fortinet entropy token (part number FTR-ENT-1)

-FIPS Approved algorithms: AES (Cert. #3595); CVL (Cert. #617); DRBG (Cert. #930); HMAC (Cert. #2292); RSA (Cert. #1849); SHS (Cert. #2957); Triple-DES (Cert. #2002)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-Chip Stand Alone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data."
2525CounterTack, Inc.
100 Fifth Ave.,
First Floor
Waltham, MA 02451-1208
USA

Aaron Ruby
TEL: 855-893-5428
FAX: 703-224-3049

Stan Eramia
TEL: 855-893-5428
FAX: 703-224-3049

CST Lab: NVLAP 100432-0
CounterTack Sentinel Endpoint Module
(Software Version: 3.6.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software01/05/2016Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Windows 7 (64-bit) running on a Sony Vaio Pro (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3508); DRBG (Cert. #875); HMAC (Cert. #2241); RSA (Cert. #1803); SHS (Cert. #2893); Triple-DES (Cert. #1972)

-Other algorithms: RSA (non-compliant); Diffie-Hellman; EC Diffie-Hellman; MD5; AES GCM (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5

Multi-Chip Stand Alone

"The Sentinel Endpoint Module installs on target servers and workstations to provide cryptographic functionality for real-time threat detection and response capabilities. Deployed as part of CounterTack's Sentinel platform, the sensor communicates behavioral data to a central cluster, which provides real-time analysis, correlation with external threat intelligence and rapid-response containment that scales even the largest enterprises."
2524HyTrust, Inc.
1975 W El Camino Real, Suite 203
Mountain View, CA 94040
USA

Bill Hackenberger
TEL: 650-681-8120
FAX: 650-681-8101

CST Lab: NVLAP 200802-0
HyTrust KeyControl (TM) Cryptographic Module
(Software Version: 1.0)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software01/05/2016Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: FreeBSD 9.2 on VMware vSphere Hypervisor (ESXi) 5.5.0u2 on Dell Inc. PowerEdge R220, Intel Xeon CPU E3-1241v3 @ 3.50GHz (single user mode)

-FIPS Approved algorithms: AES (Certs. #3397, #3431 and #3432); DRBG (Cert. #813); HMAC (Cert. #2168); SHS (Cert. #2813)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"HyTrust KeyControl is a key management system that is available in three different formats (ISO, OVA and AMI) and can be run on physical x86 based hardware as a virtual machine and on one of a number of different hypervisor platforms or as a combination of both when running in clustered mode."
2523Intel Corporation
2200 Mission College Blvd.
Santa Clara, CA 95054-1549
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Web Gateway WBG-5000-C and WBG-5500-C Appliances
(Hardware Versions: WBG-5000-C and WBG-5500-C; Firmware Version: 7.3.2.3.4)
(When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/05/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3116); CVL (Cert. #378); DRBG (Cert. #627); DSA (Cert. #900); HMAC (Cert. #1953); RSA (Cert. #1587); SHS (Cert. #2572); Triple-DES (Cert. #1787)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today's most demanding enterprises. McAfee Web Gateway WBG-5000-C and WBG-5500-C Appliances deliver scalable deployment flexibility and performance. McAfee Web Gateway WBG-5000-C and WBG-5500-C Appliances deliver comprehensive security for all aspects of Web 2.0 traffic."
2522Intel Corporation
2200 Mission College Blvd.
Santa Clara, CA 95054-1549
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Web Gateway Virtual Appliance
(Software Version: 7.3.2.3.4)
(When installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/05/2016Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: MLOS v2.2.3 on VMware vSphere Hypervisor 5.0 running on an Intel SR2625URLX (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3117); CVL (Cert. #379); DRBG (Cert. #628); DSA (Cert. #901); HMAC (Cert. #1954); RSA (Cert. #1588); SHS (Cert. #2573); Triple-DES (Cert. #1788)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The McAfee Web Gateway is a high-performance, enterprise-strength proxy security appliance family that provides the caching, authentication, administration, authorization controls and deep-level content security filtering required by today's most demanding enterprises. The McAfee Web Gateway Virtual Appliance delivers scalable deployment flexibility and performance. The McAfee Web Gateway Virtual Appliance delivers comprehensive security for all aspects of Web 2.0 traffic."
2521Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo, Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX04S model) Type A
(Hardware Versions: A0 with PX04SVQ080B[1], A0 with PX04SVQ160B[1], A0 with PX04SRQ384B[2]; Firmware Versions: ZZ00[1], NA00[1][2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/05/2016
02/12/2016
05/03/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879)

-Other algorithms: NDRNG

Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2520Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo, Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX04S model) Type B
(Hardware Versions: A0 with PX04SVQ080B[1], A0 with PX04SVQ160B[1], A0 with PX04SVQ048B[2], A0 with PX04SVQ096B[2], A0 with PX04SVQ192B[2], A2 with PX04SVQ040B[3], A2 with PX04SVQ080B[3], A2 with PX04SVQ160B[3], A2 with PX04SRQ192B[3]; Firmware Versions: ZW00[1], 0501[1][2], MS00[1], MD04[3])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/05/2016
02/25/2016
05/03/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3485, #3486 and #3487); DRBG (Cert. #867); HMAC (Cert. #2231); RSA (Cert. #1795); SHS (Cert. #2879)

-Other algorithms: NDRNG

Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2519Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Bob Pittman
TEL: 978-264-5211
FAX: 978-264-5522

CST Lab: NVLAP 200427-0
HP FlexFabric 5900CP and 12910 Switch Series
(Hardware Versions: HP 12910 and [HP 5900CP with JG719A] with FIPS Kit: JG585A or JG586A; Firmware Version: 7.1.045)
(When operated in FIPS mode with opacity shield and tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/05/2016
01/08/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2945, #2985, #2988 and #2989); CVL (Certs. #343 and #364); DRBG (Certs. #548 and #571); DSA (Certs. #877 and #888); HMAC (Certs. #1868, #1891, #1894 and #1895); RSA (Certs. #1548 and #1566); SHS (Certs. #2481, #2506, #2509 and #2510)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"The HP FlexFabric 5900CP Switch Series provides a converged, top-of-rack, data center switch architecture that offers wire once for FCoE converged environments. With 48 converged ports that support 1/10GbE and 4/8 FC, the FlexFabric 5900CP delivers versatile convergence for connecting FC, iSCSI and FC SANs. The HP FlexFabric 12910 Switch is a next-generation modular data center core switch designed to support virtualized data centers and the evolving needs of private and public cloud deployments. The FlexFabric 12910 switch delivers unprecedented levels of performance, buffering, scale, and av"
2518Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiManager-4000D
(Hardware Version: C1AA62-01AA-0000 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version: v5.2.4-build0738 150923 (GA))
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/05/2016Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3594); CVL (Cert. #616); DRBG (Cert. #929); HMAC (Cert. #2291); RSA (Cert. #1848); SHS (Cert. #2956); Triple-DES (Cert. #2001)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-Chip Stand Alone

"The FortiManager OS is a firmware operating system that runs exclusively on Fortinet's FortiManager product family. FortiManager units are PC-based, purpose built appliances."
2517Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiManager-1000D
(Hardware Version: C1AA82-01AA-0000 with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Version: v5.2.4-build0738 150923 (GA))
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/05/2016Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3594); CVL (Cert. #616); DRBG (Cert. #929); HMAC (Cert. #2291); RSA (Cert. #1848); SHS (Cert. #2956); Triple-DES (Cert. #2001)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-Chip Stand Alone

"FortiManager Network Security Management Appliances were designed to providesecurity management for large enterprise organizations and service providers. Theyenable you to centrally manage any number of Fortinet devices, including FortiManager,FortiWiFi, and FortiCarrier™. FortiManager provides the high performance and scalabilityyou need to efficiently apply policies and distribute content security/firmware updates,regardless of the size of your network."
2515Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiManager 5.2
(Firmware Version: v5.2.4-build0738 150923 (GA))
(When operated in FIPS mode and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Firmware12/29/2015Overall Level: 1

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: FortiManager-4000D with the Fortinet entropy token (part number FTR-ENT-1 )

-FIPS Approved algorithms: AES (Cert. #3594); CVL (Cert. #616); DRBG (Cert. #929); HMAC (Cert. #2291); RSA (Cert. #1848); SHS (Cert. #2956); Triple-DES (Cert. #2001)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-Chip Stand Alone

"The FortiManager OS is a firmware operating system that runs exclusively on Fortinet's FortiManager product family. FortiManager units are PC-based, purpose built appliances."
2514Aruba a Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0
Aruba AP-204 and AP-205 Wireless Access Points
(Hardware Versions: AP-204-F1 and AP-205-F1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/24/2015
01/15/2016
07/06/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3176 and #3177); CVL (Cert. #423); DRBG (Cert. #660); ECDSA (Certs. #580 and #581); HMAC (Certs. #2004 and #2005); RSA (Certs. #1613, #1614 and #1615); SHS (Certs. #2629, #2630 and #2631); Triple-DES (Certs. #1812 and #1813)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG

Multi-Chip Stand Alone

"Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, the AP 204 & 205 support encrypted management and WPA2 tunneled pass through to Aruba Mobility Controllers. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2511Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200928-0
Cisco Integrated Services Router (ISR) 4351 and 4331 (with SM-ES3X-16-P, SM-ES3X-24-P, SM-D-ES3X-48-P, PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) and Cisco Integrated Services Router (ISR) 4321 (with PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256)
(Hardware Versions: ISR 4351 [1], ISR 4331 [2] and ISR 4321 [3] with SM-ES3X-16-P [1,2], SM-ES3X-24-P [1,2], SM-D-ES3X-48-P [1,2], PVDM4-32 [1,2,3], PVDM4-64 [1,2,3], PVDM4-128 [1,2,3] and PVDM4-256 [1,2,3]; Firmware Version: IOS-XE 3.13.2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/24/2015Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Cert. #1764); RSA (Cert. #1471); SHS (Cert. #2361); Triple-DES (Certs. #1671 and #1688)

-Other algorithms: AES (non-compliant); DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); KBKDF (non-compliant);

Multi-Chip Stand Alone

"The Integrated Services Router (ISR) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
2510Athena SCS, Inc.
16615 Lark Ave.
Suite 202
San Jose, CA 95032
USA

Stephanie Motre
TEL: 408-884-8316
FAX: 408-884-8320

CST Lab: NVLAP 100432-0
iEngine SSID Applet on Athena SCS IDProtect Duo for SLE78
(Hardware Version: Infineon SLE78CLFX4000P P-MCC8-2-6 package; Firmware Version: Athena IDProtect 0302.0306.0004 with iEngine SSID Applet V1.0.2)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/23/2015Overall Level: 3

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3435); DRBG (Cert. #836); ECDSA (Cert. #690); KBKDF (Cert. #59); SHS (Cert. #2835)

-Other algorithms: NDRNG

Single Chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smartcard operating system with 404KB of Flash. IDProtect is compliant with the latest Java Card 3.0.4 and Global Platform 2.2.1 specifications. IDProtect supports FIPS approved DRBG, SHA-2, AES, ECDSA and ECC key generation. The SSID Java Card applet of iEngine is an applet supporting the latest version of the SSID standard for high-performance government application."
2509Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Nagesh Kuriyavar
TEL: 402-885-2812
FAX: 402-758-7332

Paul Rozeboom
TEL: 402-885-2698
FAX: 402-758-7332

CST Lab: NVLAP 200658-0
HP OpenCall HLR Cryptographic Module
(Software Version: I-HSS 01.08.01)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software12/22/2015Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: HP NonStop v J06.18 running on Integrity NonStop BladeSystem NB54000c (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3503); DRBG (Cert. #872); HMAC (Cert. #2237); SHS (Cert. #2890)

-Other algorithms: N/A

Multi-Chip Stand Alone

"The HP OpenCall HLR Cryptographic Module provides cryptographic services that allows the HP OpenCall HLR to protect sensitive application and subscriber data at rest and during transit"
2508Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku
Tokyo, Tokyo 105-8001
Japan

Tohru Iwamoto
TEL: +81-45-776-4488

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive (AL14SEQ model)
(Hardware Versions: A0 with AL14SEQ18EPB, AL14SEQ12EPB, AL14SEQ09EPB, AL14SEQ18EQB, AL14SEQ12EQB, AL14SEQ09EQB; Firmware Version: 0101)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/22/2015Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3537 and #3538); DRBG (Cert. #895); RSA (Cert. #1818); SHS (Cert. #2916)

-Other algorithms: NDRNG

Multi-Chip Embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive is used for hard disk drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2507Samsung Electronics Co., Ltd.
R5 416, Maetan 3-dong Yeongton-gu
Suwon-si, Gyeonggi 443-742
Korea

Bumhan Kim
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0
Samsung Flash Memory Protector V1.0
(Hardware Version: 3.0; Software Version: 1.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software-Hybrid12/21/2015Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: Android Lollipop 5.1.1 running on Samsung Galaxy S6 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3332); HMAC (Cert. #2123); SHS (Cert. #2765)

-Other algorithms: N/A

Multi-Chip Stand Alone

"The driver for the on-the-fly Hardware encryption module to flash memory for Disk/File Encryption solution. The Harware module supports AES with CBC mode and XTS-AES cryptographic services."
2506Hewlett Packard Enterprise Development LP
11445 Compaq Center Drive West
Houston, TX 77070
USA

Catherine Schwartz

CST Lab: NVLAP 200556-0
HP P-Class Smart Array Gen9 RAID Controllers
(Hardware Versions: P244br, P246br, P440, P441, and P741m; Firmware Version: 2.52)
(When installed, initialized and configured as specified in the Security Policy Section 3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware12/21/2015Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2902 and #2903); DRBG (Certs. #529 and #530); HMAC (Certs. #1837 and #1838); PBKDF (vendor affirmed); SHS (Certs. #2442 and #2443)

-Other algorithms: AES (Certs. #2902 and #2903, key wrapping); NDRNG

Multi-Chip Embedded

"The HP P-Class Smart Array RAID Controllers make up a family of serial-attached SCSI host bus adapters that provide intelligent control for storage array. The controllers can be card-based or embedded within an HP server, and provide a high speed data path, on-board storage cache, remote management, and encryption of data at rest, for the controlled storage arrays."
2505Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200928-0
Cisco FIPS Object Module
(Software Version: 6.0)
(When installed, initialized and configured as specified in the Security Policy Section 4.2 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/21/2015Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Linux 2.6 running on an Octeon Evaluation Board CN5645 on a Cisco WLC 5508 without Octeon
Linux 2.6 running on an Octeon Evaluation Board CN5645 on a Cisco WLC 5508 with Octeon
Linux 2.6 running on an Intel Xeon on a Cisco UCS C22 M3
Android v4.4 running on a Qualcomm Snapdragon Pro APQ8064 ARMv7 on a Google Nexus 4
Windows 8.1 running on an Intel Core i7 on a Gateway FX6860 without PAA
Windows 8.1 running on an Intel Core i7 on a Gateway FX6860 with PAA
FreeBSD 9.2 running on an Intel Xeon on a Cisco UCS C200 M2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3404 and #3405); CVL (Certs. #504, #505, #506 and #507); DRBG (Certs. #817 and #818); DSA (Certs. #961 and #962); ECDSA (Certs. #678 and #679); HMAC (Certs. #2172 and #2173); KBKDF (Certs. #52 and #53); RSA (Certs. #1743 and #1744); SHS (Certs. #2817 and #2818); Triple-DES (Certs. #1926 and #1927)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols."
2504Certicom Corp.
5520 Explorer Drive
Fourth Floor
Mississauga, Ontario L4W 5L1
Canada

Mike Harvey
TEL: 905-507-4220
FAX: 905-507-4230

Worldwide Sales & Marketing Headquarters
TEL: 703-234-2357
FAX: 703-234-2356

CST Lab: NVLAP 200556-0
Security Builder FIPS Java Module
(Software Versions: 2.8 [1], 2.8.7 [2], 2.8.8 [3])
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/18/2015
01/22/2016
Overall Level: 1

-Physical Security: N/A
-Operational Environment: Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10 32-bit [1, 2]
Solaris 10 64-bit [1, 2]
Red Hat Linux AS 5.5 32-bit [1, 2]
Red Hat Linux AS 5.5 64-bit [1, 2]
Windows Vista 32-bit [1, 2]
Windows Vista 64-bit [1, 2]
Windows 2008 Server 64-bit [1, 2]
CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 (single-user mode) [3]

-FIPS Approved algorithms: Triple-DES (Certs. #964 and #1954); AES (Certs. #1411 and #3465); SHS (Certs. #1281 and #2860); HMAC (Certs. #832 and #2210); DSA (Certs. #455 and #978); ECDSA (Certs. #179 and #702); RSA (Certs. #687 and #1776); DRBG (Certs. #52 and #852); KAS (Certs. #8, #61 and #62)

-Other algorithms: RNG; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The Security Builder FIPS Java Module is a standards-based cryptographic toolkit written in Java. It supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into Java-based applications. The Security Builder FIPS Java Module is intended for use by developers who want government level security and can also be used in conjunction with other Certicom developer toolkits including Security Builder PKI and Security Builder SSL."
2503Harris Corporation
1680 University Avenue
Rochester, NY, NY 14610
USA

Michael Vickers
FAX: 434-455-6851

CST Lab: NVLAP 200996-0
Harris AES Load Module
(Firmware Version: R06A02)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware12/18/2015Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: Blackfin BF707 DSP with Harris BIOS kernel v1

-FIPS Approved algorithms: AES (Cert. #3338); KTS (AES Cert. #3338)

Multi-Chip Stand Alone

"The Harris AES Load Module is a firmware module which support to secure voice and data communications by providing Advanced Encryption Standard (AES) algorithm encryption/decryption as specified in FIPS 197. It interacts with a Digital Signal Processor (DSP) application executing on the Harris XL family of radios and other terminal products in order to provide its services to those terminals."
2502BlackBerry Limited
2200 University Avenue East
Waterloo, Ontario N2K OA7
Canada

Security Certifications Team
TEL: 519-888-7465 ext.72921
FAX: 905-507-4230

CST Lab: NVLAP 200556-0
BlackBerry Cryptographic Java Module
(Software Versions: 2.8 [1], 2.8.7 [2], 2.8.8 [3])
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software12/18/2015
01/22/2016
Overall Level: 1

-Physical Security: N/A
-Operational Environment: Sun Java Runtime Environments (JRE) 1.5.0 and 1.6.0 running on Solaris 10 32-bit [1, 2]
Solaris 10 64-bit [1, 2]
Red Hat Linux AS 5.5 32-bit [1, 2]
Red Hat Linux AS 5.5 64-bit [1, 2]
Windows Vista 32-bit [1, 2]
Windows Vista 64-bit [1, 2]
Windows 2008 Server 64-bit [1, 2]
CentOS 7.0 with Java JRE 1.8.0 running on a Dell PowerEdge 2950 (single-user mode) [3]

-FIPS Approved algorithms: Triple-DES (Certs. #964 and #1954); AES (Certs. #1411 and #3465); SHS (Certs. #1281 and #2860); HMAC (Certs. #832 and #2210); DSA (Certs. #455 and #978); ECDSA (Certs. #179 and #702); RSA (Certs. #687 and #1776); DRBG (Certs. #52 and #852); KAS (Certs. #8, #61 and #62)

-Other algorithms: RNG; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; DES; DESX; ECIES; ECQV; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG;

Multi-Chip Stand Alone

"BlackBerry is the leading wireless enterprise solution that allows users to stay connected with secure, wireless access to email, corporate data, phone, web and organizer features. BlackBerry is a totally integrated package that includes hardware, software and service, providing a complete end-to-end solution. The BlackBerry Cryptographic Java Module is a software module that provides cryptographic services to BlackBerryproducts such as the BlackBerry PlayBook Administration Service, and other BlackBerry products."
2501Hewlett Packard Enterprise Development LP
11445 Compaq Center Drive West
Houston, TX 77070
USA

Julie Ritter
TEL: 1-281-514-4087

Fred Bertram
TEL: 1-832-502-5916

CST Lab: NVLAP 200928-0
HP BladeSystem c-Class Virtual Connect Module
(Firmware Version: 4.41)
(When installed, initialized and configured as specified in Section 3.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware12/18/2015Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A
-Operational Environment: HP Virtual Connect Flex-10/10D Blade
HP Virtual Connect Flex-10 10Gb Ethernet Blade
HP Virtual Connect FlexFabric 10Gb/24-Port Blade
HP Virtual Connect FlexFabric 20/40 F8 Blade

-FIPS Approved algorithms: AES (Cert. #3334); CVL (Cert. #488); DRBG (Cert. #776); HMAC (Cert. #2125); PBKDF (vendor affirmed); RSA (Cert. #1713); SHS (Cert. #2769); Triple-DES (Cert. #1904)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; OpenSSL md_rand

Multi-Chip Embedded

"Virtual Connect implements server edge virtualization between the server and data center infrastructure allowing networks to communicate with individual servers or pools of HP BladeSystem server blades. Virtual Connect simplifies the setup and administration of server LAN and SAN connections."
2500SafeNet Assured Technologies, LLC
Suite D, 3465 Box Hill Corporate Center Drive
Abingdon, Maryland 21009
USA

Shawn Campbell
TEL: 443-484-7075

Bill Becker
TEL: 443-484-7075

CST Lab: NVLAP 200556-0
Luna® G5 Cryptographic Module
(Hardware Versions: LTK-03, Version Code 0102; Firmware Versions: 6.10.7 and 6.10.9)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/18/2015Overall Level: 3

-Operational Environment: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

""Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface."
2499

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/18/2015Overall Level: 2

Multi-Chip Stand Alone
2498Aruba a Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 830-580-1544

CST Lab: NVLAP 200427-0
Aruba AP-214, AP-215, AP-274, AP-275 and AP-277 Wireless Access Points
(Hardware Versions: AP-214-F1, AP-215-F1, AP-274-F1, AP-275-F1 and AP-277-F1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/17/2015
01/15/2016
07/06/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1648, #1649, #2884 and #2900); CVL (Certs. #314 and #326); DRBG (Cert. #528); ECDSA (Certs. #519 and #524); HMAC (Certs. #538, #967, #1818 and #1835); KBKDF (Cert. #32); RSA (Certs. #1517, #1518 and #1528); SHS (Certs. #934, #1446, #2424, #2425 and #2440); Triple-DES (Certs. #758, #1075, #1720 and #1726)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG

Multi-Chip Stand Alone

"Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2497Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Systems 2504, 7500, 8510 Wireless LAN Controllers and Cisco Catalyst 6807-XL Switch with Wireless Services Module-2 (WiSM2)
(Hardware Versions: (2504, 7500, 8510 with CN56XX) and (6807-XL with WiSM2, CN56XX and one Supervisor Blade: [VS-S2T-10G, VS-S2T-10G-XL, VS-S720-10G-3C or VS-S720-10G-3CXL]); Firmware Version: 8.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/16/2015Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1348, #2894, #2895 and #2906); CVL (Cert. #322); DRBG (Cert. #526); HMAC (Certs. #787, #1830, #1831 and #1840); KBKDF (Cert. #31); RSA (Cert. #1524); SHS (Certs. #1230, #2437 and #2438)

-Other algorithms: AES (Cert. #2894, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The Cisco Flex 7500 and the 8500 Series Controllers are highly scalable branch controllers for enterprise, service provider and multisite wireless deployments. The Cisco 2500 Series Wireless Controller are used in small to medium-sized enterprises and branch offices.The Cisco Wireless Service Module-2 (WiSM2) Controller for Cisco Catalyst 6800 Series Switches, is a highly scalable and flexible platform that enables systemwide services for mission-critical wireless networking in medium-sized to large enterprises and campus environments."
2496Dell, Inc.
5450 Great America Parkway
Santa Clara, CA 95054
USA

Srihari Mandava
TEL: 408-571-3522

Jeff Yin
TEL: 408-571-3689

CST Lab: NVLAP 200002-0
Dell OpenSSL Cryptographic Library
(Software Versions: 2.3 [1] and 2.4 [2])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software12/16/2015
08/22/2016
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: [1] Dell Networking OS 9.8(0.0) running on a Dell Networking S3048, Dell Networking S4048, Dell Networking S4810, Dell Networking S4820T, Dell Networking S5000, Dell Networking S6000, Dell Networking Z9500, Dell Networking MXL, Dell PowerEdge M I/O Aggregator, and Dell PowerEdge FN I/O Aggregator [2] Dell Networking OS 9.10(0.1) running on a Dell Networking S3048, Dell Networking S4048, Dell Networking S4810, Dell Networking S4820T, Dell Networking S5000, Dell Networking S6000, Dell Networking Z9500, Dell Networking MXL, Dell PowerEdge M I/O Aggregator, Dell PowerEdge FN I/O Aggregator, Dell Networking S3100, Dell Networking S6100, Dell Networking Z9100, Dell Networking C9010, Dell Networking S4048T, and Dell Networking S6010 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3440 and #4043); DRBG (Certs. #839 and #1210); DSA (Certs. #968 and #1094); HMAC (Certs. #2189 and #2638); RSA (Certs. #1761 and #2075); SHS (Certs. #2840 and #3332); Triple-DES (Certs. #1938 and #2210)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); ECDSA (non-compliant); Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); ANSI X9.31 RNG (non-compliant); Triple-DES CMAC (non-compliant); AES CMAC (non-compliant); AES GCM (non-compliant); AES XTS (non-compliant)

Multi-Chip Stand Alone

"Dell OpenSSL Cryptographic Library v2.3 and v2.4 is used within various Dell Networking products, including the S and Z-Series. Dell Networking S and Z-Series are high performance 10/40GbE ToR and Core Fabric switching products designed for highly virtualized Data Centers. These switches are built on top of Dell’s Data Center hardened OS, Dell Networking OS."
2495Cavium Inc.
2315 N 1st Street
San Jose, CA 95131
USA

Phanikumar Kancharla
TEL: 408-943-7496
FAX: n/a

Tejinder Singh
TEL: 408-943-7403
FAX: n/a

CST Lab: NVLAP 100432-0
NITROXIII CNN35XX-NFBE HSM Family
(Hardware Versions: P/Ns CNL3560P-NFBE-G, CNL3560-NFBE-G, CNL3530-NFBE-G, CNL3510-NFBE-G, CNL3510P-NFBE-G, CNN3560P-NFBE-G, CNN3560-NFBE-G, CNN3530-NFBE-G and CNN3510-NFBE-G; Firmware Versions: CNN35XX-NFBE-FW-1.0 build 35, CNN35XX-NFBE-FW-1.0 build 38, CNN35XX-NFBE-FW-1.0 build 39, CNN35XX-NFBE-FW-1.0 build 44 or CNN35XX-NFBE-FW-1.0 build 48)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/15/2015
02/23/2016
06/03/2016
08/19/2016
Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2033, #2034, #2035, #3205 and #3206); CVL (Certs. #167 and #563); DRBG (Cert. #680); DSA (Cert. #916); ECDSA (Cert. #589); HMAC (Certs. #1233 and #2019); KAS (Cert. #53); KAS (SP 800-56B, vendor affirmed); KBKDF (Cert. #65); RSA (Cert. #1634); SHS (Certs. #1780 and #2652); Triple-DES (Cert. #1311); KTS (AES Cert. #3206)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); MD5; RC4; PBE

Multi-Chip Embedded

"CNN35XX-NFBE HSM Family is a high performance purpose built solution for key management and crypto acceleration compliance to FIPS 140-2. The module supports flexible key store that can be partitioned up to 32 individually managed and isolated partitions. This is a SRIOV capable PCIe adapter and can be used in virtualization environment to extend services like virtual key management, crypto and TLS offloads to VMs in dedicated I/O channels. This product is suitable for PKI vendors, SSL servers/load balancers."
2494FireEye, Inc.
1440 McCarthy Ave.
Milipitas, CA 95035
USA

CST Lab: NVLAP 201029-0
FireEye NX Series: NX-900, NX-1400, NX-2400, NX-4400, NX-4420, NX-7400, NX-7420, NX-7500, NX-10000, NX-9450, NX-10450
(Hardware Versions: NX-900, NX-1400, NX-2400, NX-4400, NX-4420, NX-7400, NX-7420, NX-7500, NX-10000, NX-9450, NX-10450; Firmware Version: 7.6)
(When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/16/2015Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)

Multi-Chip Stand Alone

"The FireEye Network Threat Prevention Platform identifies and blocks zero-day Web exploits, droppers (binaries), and multi-protocol callbacks to help organizations scale their advanced threat defenses across a range of deployments, from the multi-gigabit headquarters down to remote, branch, and mobile offices. FireEye Network with Intrusion Prevention System (IPS) technology further optimizes spend, substantially reduces false positives, and enables compliance while driving security across known and unknown threats."
2493FireEye, Inc.
1440 McCarthy Ave.
Milipitas, CA 95035
USA

CST Lab: NVLAP 201029-0
FireEye FX Series: FX-5400, FX-8400
(Hardware Versions: FX-5400, FX-8400; Firmware Version: 7.6)
(When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/16/2015Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); MD5; DES; RC4; HMAC MD5

Multi-Chip Stand Alone

"The FireEye FX series is a group of threat prevention platforms that protect content against attacks originating in a wide range of file types. Web mail, online file transfer tools, the cloud, and portable file storage devices can introduce malware that can spread to file shares and content repositories. The FireEye FX platform analyzes network file shares and enterprise content management stores to detect and quarantine malware brought in by employees and others that bypass next-generation firewalls, IPS, AV, and gateways."
2492FireEye, Inc.
1440 McCarthy Ave.
Milipitas, CA 95035
USA

CST Lab: NVLAP 201029-0
FireEye EX Series: EX-3400, EX-5400, EX-8400, EX-8420
(Hardware Versions: EX-3400, EX-5400, EX-8400, EX-8420; Firmware Version: 7.6)
(When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/16/2015Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); MD5; DES; RC4; HMAC MD5

Multi-Chip Stand Alone

"The FireEye EX series secures against advanced email attacks. As part of the FireEye Threat Prevention Platform, the FireEye EX uses signature-less technology to analyze every email attachment and successfully quarantine spear-phishing emails used in advanced targeted attacks."
2491FireEye, Inc.
1440 McCarthy Ave.
Milipitas, CA 95035
USA

CST Lab: NVLAP 201029-0
FireEye CM Series: CM-4400, CM-7400, CM-9400
(Hardware Versions: CM-4400, CM-7400, CM-9400; Firmware Version: 7.6)
(When operated in FIPS mode. When installed, initialized and configured as specified in Section 3 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/16/2015Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3447); CVL (Cert. #533); DRBG (Cert. #843); ECDSA (Cert. #696); HMAC (Cert. #2195); RSA (Certs. #1758 and #1759); SHS (Certs. #2836 and #2837); Triple-DES (Cert. #1941)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDH (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); MD5; DES; RC4; HMAC-MD5; NDRNG

Multi-Chip Stand Alone

"The FireEye CM series is a group of management platforms that consolidates the administration, reporting, and data sharing of the FireEye NX, EX, FX and AX series in one easy-to-deploy, network-based platform. Within the FireEye deployment, the FireEye CM enables real-time sharing of the auto-generated threat intelligence to identify and block advanced attacks targeting the organization. It also enables centralized configuration, management, and reporting of FireEye platforms."
2490Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Catalyst 6506, 6506-E, 6509, 6509-E Switches with Wireless Services Module-2 (WiSM2)
(Hardware Versions: (6506, 6506-E, 6509 and 6509-E) with WiSM2, CN56XX, WS-X6K-SLOT-CVR-E, WS-SVCWISM2FIPKIT= , [CVPN6500FIPS/KIT=, version D0] and one Supervisor Blade: (VS-S2T-10G, VS-S2T-10G-XL, VS-S720-10G-3C or VS-S720-10G-3CXL); Firmware Version: 8.0)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/15/2015Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1348, #2894, #2895 and #2906); CVL (Cert. #322); DRBG (Cert. #526); HMAC (Certs. #787, #1830, #1831 and #1840); KBKDF (Cert. #31); RSA (Cert. #1524); SHS (Certs. #1230, #2437 and #2438)

-Other algorithms: AES (Cert. #2894, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; Triple-DES (non-compliant)

Multi-Chip Stand Alone

"The Cisco Wireless Service Module 2 (WiSM2) Controller for Cisco Catalyst 6500 Series Switches, is a highly scalable and flexible platform that enables systemwide services for mission-critical wireless networking in medium-sized to large enterprises and campus environments."
2489SafeNet Assured Technologies, LLC
Suite D, 3465 Box Hill Corporate Center Drive
Abingdon, Maryland 21009
USA

Shawn Campbell
TEL: 443-484-7075

Bill Becker
TEL: 443-484-7075

CST Lab: NVLAP 200556-0
Luna® PCI-E Cryptographic Module and Luna® PCI-E Cryptographic Module for Luna® SA
(Hardware Versions: VBD-05, Version Code 0100, VBD-05, Version Code 0101, VBD-05, Version Code 0103; Firmware Versions: 6.10.7 and 6.10.9)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/15/2015Overall Level: 3

-Operational Environment: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1756, #2664 and #2667); Triple-DES (Certs. #1137, #1598 and #1599); Triple-DES MAC (Triple-DES Certs. #1137, #1598 and #1599, vendor affirmed); DSA (Certs. #804, #806 and #807); SHS (Certs. #2237 and #2240); RSA (Certs. #1369 and #1371); HMAC (Certs. #1655 and #1658); DRBG (Cert. #428); ECDSA (Certs. #461, #462 and #463); KAS (Cert. #43); KBKDF (Cert. #14)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2667; non-compliant); AES (Certs. #2664 and #2667, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1599, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

""The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card.""
2488SafeNet Assured Technologies, LLC
Suite D, 3465 Box Hill Corporate Center Drive
Abingdon, Maryland 21009
USA

Shawn Campbell
TEL: 443-484-7075

Bill Becker
TEL: 443-484-7075

CST Lab: NVLAP 200556-0
Luna® PCI-E Cryptographic Module and Luna® PCI-E Cryptographic Module for Luna® SA
(Hardware Versions: VBD-05, Version Code 0100, VBD-05, Version Code 0101, VBD-05, Version Code 0103; Firmware Versions: 6.10.7 and 6.10.9)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/15/2015Overall Level: 2

-Physical Security: Level 3
-Operational Environment: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1756, #2664 and #2667); Triple-DES (Certs. #1137, #1598 and #1599); Triple-DES MAC (Triple-DES Certs. #1137, #1598 and #1599, vendor affirmed); DSA (Certs. #804, #806 and #807); SHS (Certs. #2237 and #2240); RSA (Certs. #1369 and #1371); HMAC (Certs. #1655 and #1658); DRBG (Cert. #428); ECDSA (Certs. #461, #462 and #463); KAS (Cert. #43); KBKDF (Cert. #14)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2667; non-compliant); AES (Certs. #2664 and #2667, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1599, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

""The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card.""
2487SafeNet Assured Technologies, LLC
Suite D, 3465 Box Hill Corporate Center Drive
Abingdon, Maryland 21009
USA

Shawn Campbell
TEL: 443-484-7075

Bill Becker
TEL: 443-484-7075

CST Lab: NVLAP 200556-0
Luna® G5 Cryptographic Module
(Hardware Versions: LTK-03, Version Code 0102; Firmware Versions: 6.10.7 and 6.10.9)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/15/2015Overall Level: 2

-Physical Security: Level 3
-Operational Environment: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface."
2486SafeNet Assured Technologies, LLC
Suite D, 3465 Box Hill Corporate Center Drive
Abingdon, Maryland 21009
USA

Shawn Campbell
TEL: 443-484-7075

Bill Becker
TEL: 443-484-7075

CST Lab: NVLAP 200556-0
Luna® Backup HSM Cryptographic Module
(Hardware Versions: LTK-03, Version Code 0102; Firmware Versions: 6.10.7 and 6.10.9)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/15/2015Overall Level: 3

-Operational Environment: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Stand Alone

"The Luna® Backup HSM Hardware Security Module (HSM) provides the same level of security as the Luna® SA and Luna® PCI-E HSMs in a convenient, small, low-cost form factor. The Luna Backup HSM ensures that sensitive cryptographic material remains strongly protected in hardware even when not being used. One can easily back up and duplicate keys securely to the Luna Backup HSM for safekeeping in case of emergency, failure or disaster."
2485Chunghwa Telecom Co., Ltd.
No.99, Dianyan Road
Yang-Mei
Taoyuan, Taiwan 326
Republic of China

Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

Char-Shin Miou
TEL: +886 3 424 4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0
HiKey PKI Token
(Hardware Version: HiKey3.0-BK; Firmware Version: HiKey COS V3.0)
(With tamper evident seals and security devices installed as indicated in the Security Policy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/14/2015
01/22/2016
Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Operational Environment: N/A

-FIPS Approved algorithms: DRBG (Cert. #608); RSA (Cert. #1585); SHS (Cert. #2557); Triple-DES (Cert. #1783)

-Other algorithms: NDRNG; Triple-DES (Cert. #1783, key wrapping methodology provides 112-bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength).

Multi-Chip Stand Alone

"The HiKey token modules are multi-chip standalone implementations of a cryptographic module. The Hikey token modules are USB tokens that adhere to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards."
2484SUSE, LLC
10 Canal Park, Suite 200
Cambridge, Massachusetts 02141
USA

Thomas Biege
TEL: +49 911 74053 500

Michael Hager
TEL: +49 911 74053 80

CST Lab: NVLAP 200658-0
SUSE Linux Enterprise Server 12 - StrongSwan Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module validated to FIPS 140-2 under Cert. #2435 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software12/14/2015Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with PAA
SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 without PAA (single-user mode)

-FIPS Approved algorithms: CVL (Cert. #486)

-Other algorithms: N/A

Multi-Chip Stand Alone

"SUSE StrongSwan is a complete Ipsec implementation for Linux kernel."
2483SafeLogic Inc.
459 Hamilton Ave
Suite 306
Palo Alto, CA 94301
USA

SafeLogic Inside Sales

CST Lab: NVLAP 201029-0
CryptoComplyTM | Java
(Software Version: 2.2-fips)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software12/11/2015
01/25/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with Windows Server 2012 with Java Runtime Environment (JRE) v1.7.0_17 running on OEM PowerEdge R420 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3192); DRBG (Cert. #668); DSA (Cert. #914); ECDSA (Cert. #583); HMAC (Cert. #2011); RSA (Cert. #1622); SHS (Cert. #2637); Triple-DES (Cert. #1818)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); RNG (non-compliant); Blowfish; Camellia; CAST5; CAST6; ChaCha; DES; Triple-DES (non-compliant); ElGamal; GOST28147; GOST3411; Grain128; Grainv1; HC128; HC256; IDEA; IES; ISAAC; MD2; MD4; MD5; Naccache Stern; Noekeon; Password-Based-Encryption (PBE); RC2; RC2 Key Wrapping; RC4; RC532; RC564; RC6; RFC3211 Wrapping; RFC3394 Wrapping; Rijndael; Ripe MD128; Ripe MD160; Ripe MD256; Ripe MD320; RSA Encryption; Salsa 20; SEED; SEED Wrapping; Serpent; Shacal2; SHA-3 (non-compliant); SHA-512/t (non-compliant); Skein-256-*; Skein-512-*; Skein-1024-*; Skipjack; DRBG (non-compliant); TEA; Threefish; Tiger; TLS v1.0 KDF (non-compliant); Twofish; VMPC; Whirlpool; XSalsa20; XTEAEngine

Multi-Chip Stand Alone

"CryptoComplyTM | Java is a standards-based "Drop-in Compliance" solution for native Java environments. The module features robust algorithm support, including Suite B algorithm compliance. CryptoComply offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation."
2482Draeger Medical Systems Inc.
6 Tech Drive
Andover, MA 01923
USA

Michael Robinson
TEL: +1 978 379 8000
FAX: +1 978 379 8538

CST Lab: NVLAP 200802-0
DRAEGER WCM9113 802.11ABGN VG2
(Hardware Version: MS32018 Rev. 02; Firmware Version: VG2 with Bootloader version 1.7)
(When operated in FIPS mode. When initialized and configured as specified in Section 5.2 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/07/2015Overall Level: 1

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2058 and #3223); KTS (AES Cert. #3223; key establishment methodology provides 112 bits of encryption strength); SHS (Cert. #2661); HMAC (Cert. #2026); RSA (Cert. #1639); DRBG (Cert. #908); KBKDF (Cert. #45); CVL (Cert. #440)

-Other algorithms: NDRNG; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; DES; HMAC-MD4; HMAC-MD5

Multi-Chip Embedded

"The DRAEGER WCM9113 802.11ABGN VG2 is a dual band 802.11n Wireless Communications Module used in a variety of Draeger products for wireless communications."
2481SafeNet, Inc.
20 Colonnade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Security and Certifications Team

CST Lab: NVLAP 200556-0
Luna® PCI-e Cryptographic Module
(Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Versions: 6.2.1 and 6.2.5)
(This validation entry is a non-security relevant modification to Cert. #1694)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/02/2015Overall Level: 3

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KBKDF (SP 800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Certs. #1130, #1134 and #1137, vendor-affirmed)

-Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

"The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
2480SafeNet, Inc.
20 Colonnade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Security and Certifications Team

CST Lab: NVLAP 200556-0
Luna® PCI-e Cryptographic Module
(Hardware Versions: VBD-05-0100, VBD-05-0101 and VBD-05-0103; Firmware Versions: 6.2.1 and 6.2.5)
(This validation entry is a non-security relevant modification to Cert. #1693.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/02/2015Overall Level: 2

-Physical Security: Level 3
-Operational Environment: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1743, #1750 and #1756); DRBG (Cert. #114); DSA (Certs. #545, #546 and #548); ECDSA (Certs. #230, #231 and #233); HMAC (Certs. #1021 and #1027); KAS (Cert. #23); RSA (Certs. #865 and #870); SHS (Certs. #1531 and #1537); KBKDF (SP800-108, vendor affirmed); Triple-DES (Certs. #1130, #1134 and #1137); Triple-DES MAC (Certs. #1130, #1134 and #1137, vendor-affirmed)

-Other algorithms: ARIA; AES (Certs. #1743, #1750 and #1756, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (Cert. #1750; non-compliant); CAST5; CAST5-MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC4; RC5; RC5-MAC; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1130, #1134 and #1137, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-Chip Embedded

"The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
2479EMC Corporation
176 South Street
Hopkinton, MA 01748
USA

Kerry Bellefontaine

CST Lab: NVLAP 200556-0
VMAX 6 Gb/s SAS I/O Module with Encryption from EMC
(Hardware Version: 303-161-101B-05; Firmware Version: 2.13.39.00)
(When installed, initialized and configured as specified in the Security Policy Section 3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/01/2015Overall Level: 1

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3255); KTS (AES Cert. #3255); HMAC (Cert. #2053); SHS (Cert. #2692)

-Other algorithms: N/A

Multi-Chip Embedded

"Data at Rest Encryption provides hardware-based, back-end encryption in EMC storage systems. Back-end encryption protects information from unauthorized access when drives are physically removed from an EMC storage system. It also supports rapid array decommissioning. EMC VMAX 6Gb/s SAS I/O modules implement AES-XTS 256-bit encryption to encrypt/decrypt data as it is written to and read from all drives in a system. Thus the drives need not be self-encrypting as EMC's I/O modules handle all encryption-related I/O tasks. Additionally all drive types and capacities are supported."
2478KONA I Co., Ltd.
KONA I, 6F, 30, Eunhaeng-Ro
Yeongdeungpo-Gu
Seoul 150-872
South Korea (ROK)

Irene Namkung
TEL: +82 (0)2 2168 7586
FAX: +82 (0)2 3440 4405

CST Lab: NVLAP 100432-0
KONA N41M0
(Hardware Version: Infineon SLE97CNFX1M00PEA22; Firmware Versions: KONA N41M0 v2.01 and PKI Applet v1.3.3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/25/2015Overall Level: 3

-Operational Environment: N/A

-FIPS Approved algorithms: DRBG (Cert. #884); Triple-DES (Cert. #1979); Triple-DES MAC (Triple-DES Cert. #1979, vendor affirmed); AES (Cert. #3525); HMAC (Cert. #2253); SHS (Cert. #2907); RSA (Certs. #1811 and #1812); ECDSA (Cert. #718)

-Other algorithms: NDRNG; AES (Cert. #3525, key wrapping); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)

Single Chip

"The KONA N41M0 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. KONA N41M0 serves as highly portable physical forms which enhances the security of network access and ensures secure electronic communications. KONA N41M0 supports on-card Triple DES, AES, ECC and 2048-bit RSA algorithms with on-card key generation. The KONA N41M0 smart card is Java-based smart cards for physical and logical access, e-transactions and other applications, which is compliant to Java Card v3.0.4 and GlobalPlatform 2.2."
2476KONA I Co., Ltd.
KONA I, 6F, 30, Eunhaeng-Ro
Yeongdeungpo-Gu
Seoul 150-872
South Korea (ROK)

Irene Namkung
TEL: +82 (0)2 2168 7586
FAX: +82 (0)2 3440 4405

CST Lab: NVLAP 100432-0
KONA N41M0
(Hardware Version: Infineon SLE97CNFX1M00PEA22; Firmware Versions: KONA N41M0 v2.01 and Demonstration Applet v1.2.4)
(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/20/2015Overall Level: 3

-Operational Environment: N/A

-FIPS Approved algorithms: DRBG (Cert. #884); Triple-DES (Cert. #1979); Triple-DES MAC (Triple-DES Cert. #1979, vendor affirmed); AES (Cert. #3525); HMAC (Cert. #2253); SHS (Cert. #2907); RSA (Certs. #1811 and #1812); ECDSA (Cert. #718)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #3525, key wrapping); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)

Single Chip

"The KONA N41M0 smart card can be employed in solutions which provide secure PKI (public key infrastructure) and digital signature technology. KONA N41M0 serves as highly portable physical forms which enhances the security of network access and ensures secure electronic communications. KONA N41M0 supports on-card Triple DES, AES, ECC and 2048-bit RSA algorithms with on-card key generation. The KONA N41M0 smart card is Java-based smart cards for physical and logical access, e-transactions and other applications, which is compliant to Java Card v3.0.4 and GlobalPlatform 2.2."
2475Red Cocoa II L.L.C.
8200 Cody Drive
Suite G-2
Lincoln, NE 68512
USA

Andy Lenhart
TEL: 402-467-1086
FAX: n/a

Mark Nispel
TEL: 402-467-1086
FAX: n/a

CST Lab: NVLAP 100432-0
C-ACE
(Hardware Version: STM32F405OG; Firmware Version: Bootloader: 0.0.1; Application: 1.0.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/16/2015Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3137); DSA (Cert. #908); SHS (Cert. #2605)

-Other algorithms: NDRNG; AES MAC (AES Cert. #3137, vendor affirmed; P25 AES OTAR); AES (Cert. #3137, key wrapping)

Single Chip

"The C-ACE module is a single-chip cryptographic engine designed to be implemented in a radio compliant with the APCO Project 25 Over-The-Air Rekeying (OTAR) protocol."
2474Samsung Electronics Co., Ltd.
129
Samsung-ro
Yeongtong-gu
Suwon-si, Gyeonggi-do 16677
South Korea

Changsup Ahn
TEL: +82-2-6147-7088
FAX: N/A

Jisoon Park
TEL: +82-2-6147-7095
FAX: N/A

CST Lab: NVLAP 200658-0
Samsung CryptoCore Module
(Software Version: 0.2.9)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/16/2015
03/22/2016
03/24/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Ubuntu 14.04 running on Lenovo T540p with Intel i7
Tizen 2.3 running on Samsung UN55JU6700 with Samsung Hawk-MU (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3459 and #3460); CVL (Certs. #530 and #537); DRBG (Certs. #847 and #848); DSA (Certs. #976 and #977); ECDSA (Certs. #700 and #701); HMAC (Certs. #2205 and #2206); RSA (Certs. #1774 and #1775); SHS (Certs. #2855 and #2856); Triple-DES (Certs. #1950 and #1951)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #530 and #537, key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; IBS; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SNOW2; NDRNG; RNG

Multi-Chip Stand Alone

"A multipurpose cryptographic library which provides symmetric/asymmetric cipher, message digest, key agreement, and PRNG services."
2473OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD 21710
USA

Steve Marquess
TEL: 800-673-6775

CST Lab: NVLAP 100432-0
OpenSSL FIPS Object Module RE
(Software Version: 2.0.9 or 2.0.10)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software11/13/2015
01/25/2016
04/28/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)
iOS 8.1 64-bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56)
iOS 8.1 64-bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)
VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3)
iOS 8.1 32-bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56)
iOS 8.1 32-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56)
Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9)
Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9)
Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9)
Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9)
FreeBSD 10.2 running on Intel Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.4.1)
FreeBSD 10.2 running on Intel Xeon E5-2430L (x86) with PAA (clang Compiler Version 3.4.1) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3090 and #3264); CVL (Certs. #372 and #472); DRBG (Certs. #607 and #723); DSA (Certs. #896 and #933); ECDSA (Certs. #558 and #620); HMAC (Certs. #1937 and #2063); RSA (Certs. #1581 and #1664); SHS (Certs. #2553 and #2702); Triple-DES (Certs. #1780 and #1853)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG

Multi-Chip Stand Alone

"The OpenSSL FIPS Object Module RE is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications."
2472SUSE, LLC
10 Canal Park, Suite 200
Cambridge, Massachusetts 02141
USA

Thomas Biege
TEL: +49 911 74053 500

Michael Hager
TEL: +49 911 74053 80

CST Lab: NVLAP 200658-0
SUSE Linux Enterprise Server 12 - OpenSSH Client Module
(Software Version: 1.0)
(When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module validated to FIPS 140-2 under Cert. #2435 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software11/13/2015Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with Intel Xeon CPU with PAA
SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with Intel Xeon CPU without PAA (single-user mode)

-FIPS Approved algorithms: CVL (Cert. #483)

-Other algorithms: ChaCha20; Poly1305; UMAC; Curve25519-based ECDH; Ed25519

Multi-Chip Stand Alone

"SUSE client software that provides encrypted network communication using the SSH protocol."
2471SUSE, LLC
10 Canal Park, Suite 200
Cambridge, Massachusetts 02141
USA

Thomas Biege
TEL: +49 911 74053 500

Michael Hager
TEL: +49 911 74053 80

CST Lab: NVLAP 200658-0
SUSE Linux Enterprise Server 12 - OpenSSH Server Module
(Software Version: 1.0)
(When operated in FIPS mode with module SUSE Linux Enterprise Server 12 - OpenSSL Module validated to FIPS 140-2 under Cert. #2435 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software11/13/2015Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with Intel Xeon CPU with PAA
SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with Intel Xeon CPU without PAA (single-user mode)

-FIPS Approved algorithms: CVL (Cert. #483)

-Other algorithms: ChaCha20; Poly1305; UMAC; Curve25519-based ECDH; Ed25519

Multi-Chip Stand Alone

"SUSE server software that provides encrypted network communication using the SSH protocol."
2470Feitian Technologies Co., Ltd.
Floor 17th, Tower B, Huizhi Mansion, No.9 Xueqing Road
Haidian District, Beijing, Beijing 100085
China

Peng Jie
TEL: +86-010-62304466
FAX: +86-010-62304477

Tibi Zhang
TEL: +(86)010-62304466
FAX: +(86)010-62304477

CST Lab: NVLAP 100432-0
FT-JCOS (Feitian Java Card Platform)
(Hardware Versions: P/Ns SLE78CLFX4000PM [1], SLE77CLFX2400PM [2] and SLE78CLUFX5000PHM [3]; Firmware Versions: 1.0.0 [1], 1.0.1 [2] and 1.0.2 [3])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware11/05/2015Overall Level: 3

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2357, #2358, #3182, #3183, #3184 and #3185); DRBG (Certs. #300, #664 and #665); KBKDF (Certs. #9, #42 and #43); RSA (Certs. #1216, #1617 and #1623); SHS (Cert. #2030); Triple-DES (Certs. #1474, #1814 and #1815); Triple-DES MAC (Triple-DES Certs. #1474, #1814 and #1815, vendor affirmed)

-Other algorithms: NDRNG; AES (Certs. #2357, #3182 and #3183, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Single Chip

"The FT-JCOS (Feitian Java Card Platform) cryptographic module, validated to FIPS 140-2 overall Level 3, is a single chip smartcard module implementing the JavaCard and Global Platform operational environment, with Card Manager also considered as Issuer Security Domain (ISD), a demonstration Applet used to demonstrate the cryptographic functions of the module, and a supplementary security domain that is also considered as Applet Provider Security Domain (APSD).The FT-JCOS exposes PKI and MoC APIs and is designed for high performance Government, Enterprise and Financial smartcard applications."
2469RSA, the Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200997-0
RSA BSAFE(R) Crypto-J JSAFE and JCE Software Module
(Software Version: 6.2)
(When operated in FIPS Mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/30/2015
04/12/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Operational Environment: Oracle(R) JRE 8.0 on Microsoft(R) Windows 8.1 (64-bit) running on an HP ENVY 15
Google Dalvik(tm) JRE 6.0 on Google(tm) Android(tm) 4.1.2 ARMv7 (32-bit) running on Google Nexus 7(tm) (Wi-Fi, 2012)
OpenJDK 8.0 on CentOS 6.7 (64-bit) running on a Dell(TM) PowerEdge(TM) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3263); CVL (Cert. #471); DRBG (Cert. #722); DSA (Cert. #932); ECDSA (Cert. #619); HMAC (Cert. #2062); KTS (AES Cert. #3263); PBKDF (vendor affirmed); RSA (Cert. #1663); SHS (Cert. #2701); Triple-DES (Cert. #1852)

-Other algorithms: AES (non-compliant); DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; RNG (non-compliant); HMAC-MD5; MD2; MD5; PKCS#5; PKCS#12; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (non-compliant); RIPEMD160; scrypt; Shamir Secret Sharing; Triple-DES (non-compliant)

Multi-Chip Stand Alone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
2468RSA, the Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200997-0
RSA BSAFE(R) Crypto-J JSAFE and JCE Software Module
(Software Version: 6.2)
(When operated in FIPS Mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/30/2015
04/12/2016
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Operational Environment: Oracle(R) JRE 8.0 on Microsoft(R) Windows 8.1 (64-bit) running on an HP ENVY 15
Google Dalvik(tm) JRE 6.0 on Google(tm) Android(tm) 4.1.2 ARMv7 (32-bit) running on Google Nexus 7(tm) (Wi-Fi, 2012)
OpenJDK 8.0 on CentOS 6.7 (64-bit) running on a Dell(TM) PowerEdge(TM) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3263); CVL (Cert. #471); DRBG (Cert. #722); DSA (Cert. #932); ECDSA (Cert. #619); HMAC (Cert. #2062); KTS (Cert. #3263); PBKDF (vendor affirmed); RSA (Cert. #1663); SHS (Cert. #2701); Triple-DES (Cert. #1852)

-Other algorithms: AES (non-compliant); DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; RNG (non-compliant); HMAC-MD5; MD2; MD5; PKCS#5; PKCS#12; RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (non-compliant); RIPEMD160; scrypt; Shamir Secret Sharing; Triple-DES (non-compliant)

Multi-Chip Stand Alone

"RSA BSAFE Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
2467Pure Storage, Inc.
650 Castro Street, Suite 400
Mountain View, CA 94041
USA

Marco Sanvido
TEL: 800-379-7873
FAX: 650-625-9667

Ethan Miller
TEL: 800-379-7873
FAX: 650-625-9667

CST Lab: NVLAP 100432-0
Purity Encryption Module
(Hardware Version: Intel Xeon x64 CPU E5-2670 v2; Software Version: 1.1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software-Hybrid10/30/2015Overall Level: 1

-Design Assurance: Level 2
-Operational Environment: Purity Operating Environment 4 running on a Dell PowerEdge R620 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3488); DRBG (Cert. #862); HMAC (Cert. #2227); KTS (Cert. #3488); SHS (Cert. #2881)

-Other algorithms: NDRNG

Multi-Chip Stand Alone

"Purity Encryption Module is a standalone cryptographic module for the Purity Operating Environment (POE). POE powers Pure Storage's FlashArray family of products witch provide economical all-flash storage. Purity Encryption Module enables FlashArray to support always-on, inline encryption of data with an internal key management scheme that requires no user intervention."
2466ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009-1699
USA

Savitha Naik
TEL: 760-476-7416
FAX: 760-929-3941

David Suksumrit
TEL: 760-476-2306
FAX: 760-929-3941

CST Lab: NVLAP 100432-0
Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module
(Firmware Version: 02.07.02)
(The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware10/30/2015
12/14/2015
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #3448, #3449 and #3450); CVL (Certs. #454 and #455); DRBG (Cert. #844); ECDSA (Cert. #697); HMAC (Cert. #2196); KAS (Cert. #60); KTS (AES Cert. #3448; key establishment methodology provides 192 or 256 bits of encryption strength); SHS (Certs. #2689, #2690 and #2846)

-Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant); DSA (non-compliant); RSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); PBKDF (non-compliant); HMAC MD5; MD5; DES

Multi-Chip Embedded

"The Enhanced Bandwidth Efficient Modem (EBEM) is the only commercially-available bandwith efficient modem certified to MIL-STD-188-165B and compliant with STANAG 4486 ed. 3. The MD-1366 defines a new military standard in FDMA for high-speed satellite communications. Using military and commercial satellites at X-, C-, Ku-, and Ka-band frequencies, the MD-1366 delivers much-needed capacity for the military's high speed broadband and multimedia transmissions."
2465Silent Circle
174 Waterfront Street
Suite 500
National Harbor, MD 20745
USA

Ian Kanski

Allen Stone

CST Lab: NVLAP 201029-0
Mobile Application Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1938. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/30/2015
02/11/2016
06/20/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus
iOS 5.1 running on a iPad 3
iOS 6 running on a iPad 3
iOS 7 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); CVL (Certs. #28 and #29); DRBG (Certs. #233 and #234); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); HMAC (Certs. #1296 and #1297); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-Chip Stand Alone

"The Silent Circle Mobile Application Cryptographic Module provides cryptographic functions for Silent Circle mobile applications, including Silent Phone Silent Text, Silent World, Silent VPN, and Silent Manager."
2464SUSE, LLC
10 Canal Park, Suite 200
Cambridge, Massachusetts 02141
USA

Thomas Biege
TEL: +49 911 74053 500

Michael Hager
TEL: +49 911 74053 80

CST Lab: NVLAP 200658-0
SUSE Linux Enterprise Server 12 libgcrypt Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software10/30/2015Overall Level: 1

-Physical Security: N/A
-Operational Environment: SUSE Linux Enterprise Server 12 running on HP Proliant DL320e Gen8 with PAA
SUSE Linux Enterprise Server 12 running on HP Proliant DL320e Gen8 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3433 and #3434); DRBG (Certs. #831, #832, #833 and #834); DSA (Cert. #967); ECDSA (Cert. #689); HMAC (Certs. #2183, #2184, #2185 and #2186); RSA (Cert. #1757); SHS (Certs. #2831, #2832, #2833 and #2834); Triple-DES (Cert. #1936)

-Other algorithms: AES (Certs. #3433 and #3434, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM (non-compliant); ARC4; Blowfish; Camellia; CAST5; CRC32; DES; EC-Gost; EdDSA; ElGamal; Gost; IDEA; MD4; MD5; OpenPGP S2K Salted and Iterated/salted; RC2; RIPE-MD 160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Salsa20; SEED; Serpent; Scrypt; Tiger; Twofish; Whirlpool

Multi-Chip Stand Alone

"SUSE Libgcrypt is a general purpose cryptographic library based on the code from GnuPG."
2463Accellion, Inc.
1804 Embarcadero Road,
Suite 200
Palo Alto, CA 94303
USA

Prateek Jain
TEL: +65-6244-5670
FAX: +65-6244-5678

CST Lab: NVLAP 100432-0
Accellion Cryptographic Module
(Software Version: FTALIB_4_0_1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/30/2015Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A
-Operational Environment: Red Hat Enterprise Linux 5 on VMware ESXi 5.1.0 running on a Dell Inc. PowerEdge R320 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2317, #2318, and #3326); CVL (Certs. #481 and #482); DRBG (Cert. #772); ECDSA (Cert. #655); HMAC (Certs. #2117 and #2118); RSA (Cert. #1707); SHS (Certs. #2758 and #2759); Triple-DES (Cert. #1898)

-Other algorithms: NDRNG; AES (Cert. #3326, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); DRBG (non-compliant); DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); PKCS #3 Diffie-Hellman; adler32; Blowfish; CAMELLIA; CAST5; crc32; crc32b; DES; DESX; fnv132; fnv164; gost; haval; IDEA; joaat; MDC2; MD2; MD4; MD5; RC2; RC4; RC4-HMAC-MD5; RIPEMD; SEED; snefru; snefru256; SSLeay; Tiger; Whirlpool; rand(); mtrand()

Multi-Chip Stand Alone

"Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use."
2462Hitachi, Ltd.
322-2 Nakazato, Odawara-shi
Kanagawa-ken 250-0872
Japan

Hajime Sato
TEL: +81-465-59-5954
FAX: +81-465-49-4822

CST Lab: NVLAP 200835-0
Hitachi Virtual Storage Platform (VSP) Encryption Module
(Hardware Versions: P/N: 3289094-A(BS12GE) Version: B/D4, B/D5, B/D4a, B/D5a, B/D6; Firmware Versions: 03.07.49.00, 03.07.54.00, 03.07.56.00)
(The tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/29/2015
02/25/2016
04/07/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #3305); HMAC (Cert. #2097); KTS (AES Cert. #3305); SHS (Cert. #2738)

-Other algorithms: N/A

Multi-Chip Embedded

"The Hitachi Virtual Storage Platform (VSP) Encryption Module provides high speed data at rest encryption for Hitachi storage."
2461Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0
Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 3
(Hardware Versions: P/Ns 5185912Y01, 5185912Y03, 5185912Y05 and 5185912T05; Firmware Versions: R01.07.25 and [R01.00.00 or (R01.00.00 and R02.00.00)])
(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/27/2015Overall Level: 3

-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #819 and #1295); DRBG (Cert. #505); HMAC (Cert. #1796); RSA (Cert. #396); SHS (Certs. #817 and #2399)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR; NDRNG

Single Chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
2460Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0
Astro Subscriber Motorola Advanced Crypto Engine (MACE) - Security Level 2
(Hardware Versions: P/Ns 5185912Y01, 5185912Y03, 5185912Y05 and 5185912T05; Firmware Versions: R01.07.25 and [R01.00.00 or (R01.00.00 and R02.00.00)])
(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/27/2015Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #819 and #1295); DRBG (Cert. #505); HMAC (Cert. #1796); RSA (Cert. #396); SHS (Certs. #817 and #2399)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR; NDRNG

Single Chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
2459

CST Lab: NVLAP 200802-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/27/2015Overall Level: 2

Multi-chip standalone
2458Barracuda Networks
3175 Winchester Boulevard
Campbell, CA 95008
USA

Andrea Cannon
TEL: 703-743-9068
FAX: 408-342-1061

CST Lab: NVLAP 200423-0
Barracuda Cryptographic Software Module
(Software Version: 1.0.1.8)
(No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software10/22/2015Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: Tested as meeting Level 1 with Barracuda OS v2.3.4 running on a BNHW003 without PAA
Barracuda OS v2.3.4 running on a BNHW003 with PAA
Barracuda OS v2.3.4 running on a BNHW002 without PAA
Barracuda OS v2.3.4 running on a BNHW008 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3165); CVL (Cert. #414); DRBG (Cert. #651); DSA (Cert. #911); ECDSA (Cert. #576); HMAC (Cert. #1993); RSA (Certs. #1603 and #1690); SHS (Cert. #2618); Triple-DES (Cert. #1803)

-Other algorithms: EC Diffie-Hellman (shared secret computation); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)

Multi-Chip Stand Alone

"The Barracuda Cryptographic Software Module is a cryptographic software library that provides fundamental cryptographic functions for applications in Barracuda security products that use Barracuda OS v2.3.4 and require FIPS 140-2 approved cryptographic functions."
2457Aruba a Hewlett Packard Enterprise Company
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

Steve Weingart
TEL: 408-227-4500

CST Lab: NVLAP 200427-0
Aruba 7XXX Series Controllers with ArubaOS FIPS Firmware
(Hardware Versions: Aruba 7005-F1, Aruba 7005-USF1, Aruba 7010-F1, Aruba 7010-USF1, Aruba 7024-F1, Aruba 7024-USF1, Aruba 7030-F1, Aruba 7030-USF1, Aruba 7205-F1 and Aruba 7205-USF1 with FIPS kit 4011570-01; Firmware Versions: ArubaOS 6.4.4-FIPS and ArubaOS 6.5.0-FIPS)
(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/22/2015
01/14/2016
07/06/2016
Overall Level: 2

-Mitigation of Other Attacks: N/A

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2477, #2884, #2900 and #3014); CVL (Certs. #314 and #326); DRBG (Cert. #528); ECDSA (Certs. #519 and #524); HMAC (Certs. #1520, #1818, #1835 and #1906); KBKDF (Cert. #32); RSA (Certs. #1266, #1517, #1518, #1528 and #1573); SHS (Certs. #2096, #2424, #2425, #2440 and #2522); Triple-DES (Certs. #1516, #1720, #1726 and #1770)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-Chip Stand Alone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2456Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Nikhil Suares
TEL: (781) 538-7568

CST Lab: NVLAP 200928-0
Acme Packet 3820 and Acme Packet 4500
(Hardware Version: A1; Firmware Versions: ECx6.4.1 and ECx6.4.1M1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/21/2015Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #928 and #1555); CVL (Certs. #480 and #498); DRBG (Certs. #762 and #791); HMAC (Certs. #519, #907, #2107 and #2143); RSA (Certs. #1697 and #1724); SHS (Certs. #912, #1378, #2748 and #2788); Triple-DES (Certs. #745 and #1019)

-Other algorithms: DES; ARC4; HMAC-MD5; SNMP KDF (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-Chip Stand Alone

"The Acme Packet 3820 and 4500 are one rack unit (1U) platforms that feature Oracle's purpose-built hardware design tightly integrated with Acme Packet OS, to provide the critical controls for delivering trusted, real-time communications - voice, video, and application data sessions - across Internet Protocol (IP) network borders."
2455SiCore Technologies Inc.
200 Finn Court
Farmingdale, NY 11735
USA

Godfrey Vassallo
TEL: 631-327-2019

CST Lab: NVLAP 100432-0
SHIELD Secure Coprocessor
(Hardware Version: SHIELD Secure CoProcessor V1.0; Firmware Versions: MFF V1.0, FPGA V1.0, SC V1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware10/14/2015Overall Level: 3

-Design Assurance: Level 4

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Cert. #2195); RSA (Cert. #1131); SHS (Cert. #1901)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength)

Multi-Chip Embedded

"A secure co-processor with a PCI Express Interface"
2454LogRhythm
4780 Pearl East Circle
Boulder, CO 80301
USA

Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0
LogRhythm FIPS Object Module
(Software Version: 6.3.4)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/30/2015
05/05/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with Android 2.2 running on Qualcomm QSD8250 (ARMv7) without NEON (gcc Compiler Version 4.4.0)
Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0)
Microsoft Windows 7 (32 bit) running on Intel Celeron (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)
uCLinux 0.9.29 running on ARM 922T (ARMv4) (gcc Compiler Version 4.2.1)
Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1)
HP-UX 11i (32 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)
HP-UX 11i (64 bit) running on Intel Itanium 2 (HP C/aC++ B3910B)
Ubuntu 10.04 running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)
Ubuntu 10.04 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)
Ubuntu 10.04 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.1.3)
Android 3.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.0)
Linux 2.6.27 running on PowerPC e300c3 (gcc Compiler Version 4.2.4)
Microsoft Windows 7 (64 bit) running on Intel Pentium 4 (Microsoft C/C++ Optimizing Compiler Version 16.00)
Ubuntu 10.04 running on Intel Core i5 with PAA (32 bit) (gcc Compiler Version 4.1.3)
Linux 2.6.33 running on PowerPC32 e300 (gcc Compiler Version 4.1.0)
Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0)
VxWorks 6.8 running on TI TNETV1050 (MIPS) (gcc Compiler Version 4.1.2)
Linux 2.6 running on Broadcom BCM11107 (ARMv6) (gcc Compiler Version 4.3.2)
Linux 2.6 running on TI TMS320DM6446 (ARMv4) (gcc Compiler Version 4.3.2)
Linux 2.6.32 running on TI AM3703CBP (ARMv7) (gcc Compiler Version 4.3.2)
Oracle Solaris 10 (32 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version3.4.3)
Oracle Solaris 10 (64 bit) running on SPARC-T3 (SPARCv9) (gcc Compiler Version 3.4.3)
Oracle Solaris 11 (32 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)
Oracle Solaris 11 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.5.2)
Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (32 bit) (gcc Compiler Version 4.5.2)
Oracle Solaris 11 running on Intel Xeon 5675 with AESNI (64 bit) (gcc Compiler Version 4.5.2)
Oracle Linux 5 (64 bit) running on Intel Xeon 5675 (gcc Compiler Version 4.1.2)
CascadeOS 6.1 (32 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)
CascadeOS 6.1 (64 bit) running on Intel Pentium T4200 (gcc Compiler Version 4.4.5)
Oracle Linux 5 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.1.2)
Oracle Linux 6 running on Intel Xeon 5675 without PAA (gcc Compiler Version 4.4.6)
Oracle Linux 6 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.4.6)
Oracle Solaris 11 (32 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)
Oracle Solaris 11 (64 bit) running on SPARC-T3 (SPARCv9) (Sun C Version 5.12)
Android 4.0 running on NVIDIA Tegra 250 T20 (ARMv7) (gcc Compiler Version 4.4.3)
Apple iOS 5.1 running on ARMv7 (gcc Compiler Version 4.2.1)
Microsoft Windows CE 6.0 running on ARMv5TEJ (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM)
Microsoft Windows CE 5.0 running on ARMv7 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM)
Linux 2.6 running on Freescale PowerPCe500 (gcc Compiler Version 4.1.0)
DSP Media Framework 1.4 running on TI C64x+ (TMS320C6x C/C++ Compiler v6.0.13)
Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3)
NetBSD 5.1 running on PowerPCe500 (gcc Compiler Version 4.1.3)
NetBSD 5.1 running on Intel Xeon 5500 (gcc Compiler Version 4.1.3)
Microsoft Windows 7 running on Intel Core i5- 2430M (64-bit) with PAA (Microsoft ® C/C++ Optimizing Compiler Version 16.00 for x64)
Android 4.1 running on TI DM3730 (ARMv7) without NEON (gcc Compiler Version 4.6)
Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6)
Android 4.2 running on Nvidia Tegra 3 (ARMv7) without NEON (gcc Compiler Version 4.6)
Android 4.2 running on Nvidia Tegra 3 (ARMv7) with NEON (gcc Compiler Version 4.6)
Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)
Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)
Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3)
Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2)
Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1)
OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3)
QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)
Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1)
eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2)
Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1)
Vmware Horizon Workspace 1.5 under Vmware ESXi 5.0 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)1
Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) without NEON (gcc Compiler Version 4.7.3)
Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3)
Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3)
Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)
Linux 3.4 under Citrix XenServer 6.2 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)
Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)
Linux 3.4 under Vmware ESXi 5.1 running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)
Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L without PAA (gcc Compiler Version 4.8.0)
Linux 3.4 under Microsoft Windows 2012 Hyper-V running on Intel Xeon E5-2430L with PAA (gcc Compiler Version 4.8.0)2
iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without NEON (gcc Compiler Version 4.2.1)
iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with NEON (gcc Compiler Version 4.2.1)
PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L without PAA (gcc Compiler Version 4.6.3)
PexOS 1.0 under vSphere ESXi 5.1 running on Intel Xeon E52430L with PAA (gcc Compiler Version 4.6.3)3
Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1)
AcanOS 1.0 running on Intel Core i7-3612QE (x86) without PAA (gcc Compiler Version 4.6.2)
AcanOS 1.0 running on Intel Core i7-3612QE (x86) with PAA (gcc Compiler Version 4.6.2)
AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3)
FreeBSD 8.4 running on Intel Xeon E5440 (x86) without AESNI (gcc Compiler Version 4.2.1)
FreeBSD 9.1 running on Xeon E5-2430L (x86) without AESNI (gcc Compiler Version 4.2.1)
FreeBSD 9.1 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1)
ArbOS 5.3 running on Xeon E5645 (x86) without PAA (gcc Compiler Version 4.1.2)
Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5)
Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5)
ArbOS 5.3 running on Xeon E5645 (x86) with PAA (gcc Compiler Version 4.1.2)
FreeBSD 9.2 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1)
FreeBSD 9.2 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1)
FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3)
FreeBSD 10.0 running on Xeon E5- 2430L (x86) with PAA (clang Compiler Version 3.3)
FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1)
Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1)
Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with PAA (gcc Compiler Version 4.5.1)
QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)
Apple iOS 7.1 64- bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 5.1)
Apple iOS 7.1 64-bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 5.1)
Microsoft Windows Server 2008 R2 running on an Intel Xeon E5-2420 (x64) (Microsoft 32-bit C/C++ Optimizing Compiler Version 16.00.40219.01 for 80x86) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929, #3090 and #3363); CVL (Certs. #10, #12, #24, #36, #49, #53, #71, #85, #260, #331, #372 and #497); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540, #607 and #790); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870, #896 and #953); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528, #558 and #666); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856, #1937 and #2142); RSA (Certs. #960, #1086, #1145, #1205, #1237, #1273, #1477, #1535, #1581 and #1723); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465, #2553 and #2787); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742, #1780 and #1913)

-Other algorithms: EC Diffie-Hellman; RNG; RSA (encrypt/decrypt)

Multi-chip standalone

"The LogRhythm FIPS Object Module 6.3.4 is a general purpose cryptographic module. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modification."
2453Palo Alto Networks
4401 Great America Pkwy
Santa Clara, CA 95054
USA

Richard Bishop
TEL: 408-753-4000

Jake Bajic
TEL: 408-753-4000

CST Lab: NVLAP 100432-0
Panorama M-100
(Hardware Versions: P/Ns 910-000030 Version 00D, 910-000092 Version 00D, FIPS Kit P/N 920-000140 Version 00A; Firmware Version: 6.1.3)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/30/2015
04/21/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #3180); RSA (Cert. #1616); HMAC (Cert. #2006); SHS (Cert. #2632); DRBG (Cert. #662); CVL (Cert. #425)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES

Multi-chip standalone

"Panorama on the M-100 provides centralized management and visibilty of multiple Palo Alto Networks next-generation firewalls and supports distributed management and logging functions. It allows you to oversee all applications, users, and content traversing the network and then create application enablement policies that protect and control the entire network. Using Panorama for policy and device management increases operational effeciency in managing and maintaining distributed network of firewalls."
2452Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Theresa Conejero
TEL: 650-265-3634
FAX: n/a

CST Lab: NVLAP 100432-0
Atalla Cryptographic Subsystem (ACS)
(Hardware Version: P/N AJ558-2102A; Firmware Versions: Loader Version 0.67, PSMCU Version 2.13)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/30/2015
01/25/2016
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #3234); DRBG (Cert. #695); RSA (Cert. #1644); SHS (Cert. #2674)

-Other algorithms: NDRNG

Multi-chip embedded

"The Atalla Cryptographic Subsystem (ACS) is a multi-chip embedded cryptographic module that provides secure cryptographic processing, key management, and storage capabilities."
2451Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089
USA

Su-Chen Lin
TEL: 408-839-9840

Seyed Safaish
TEL: 408-745-8158

CST Lab: NVLAP 100432-0
Juniper Networks RE1800 and RE2600 Routing Engines Cryptographic Modules
(Hardware Versions: P/Ns RE-S-1800X2-XXG, RE-S-1800X4-XXG, RE-S-EX9200-1800X4-XXG, RE-DUO-C1800-16G, RE-B-1800X1-4G, RE-A-1800X2-XXG, RE-DUO-C2600-16G, 520-052564; Firmware Version: Junos 14.1R4 with Junos FIPS mode utilities 14.1R4)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/30/2015Overall Level: 1

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1879 and #1880); AES (Cert. #3296); SHS (Certs. #2734, #2735 and #2736); HMAC (Certs. #2092 and #2094); ECDSA (Cert. #639); RSA (Cert. #1685); CVL (Cert. #470); DRBG (Cert. #752)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of strength); HMAC-SHA-1-96 (HMAC Certs. #2092 and #2094); NDRNG

Multi-chip embedded

"The Juniper Networks RE1800 and RE2600 Routing Engines, are multi-chip embedded cryptographic modules that control a router or switch's interfaces, system management, and user access to the device. The RE runs Junos 14.1R4 with the FIPS mode package. The RE is compatible with the Juniper Networks MX Series 3D Universal Edge Routers, EX Series Switches, T Series Routers, M Series Multiservice Edge Routers, and PTX Series Packet Transport Routers. These devices provide dedicated high-performance flow processing and integrate advanced security capabilities."
2450Samsung Electronics Co., Ltd.
275-18, Samsung 1-ro
Hwaseong-si, Gyeonggi-do 445-330
Korea

Jisoo Kim
TEL: 82-31-3096-2832
FAX: 82-31-8000-8000(+62832)

CST Lab: NVLAP 200802-0
Samsung SAS 12G TCG Enterprise SSC SEDs PM163x Series
(Hardware Versions: MZILS920HCHP-000H9 [1, 2], MZILS960HCHP-000H9 [1, 2], MZILS1T9HCHP-000H9 [1, 2], MZILS3T8HCJM-000H9 [1, 2], MZILS400HCGR-000C6 [3], MZILS800HCHP-000C6 [3], MZILS1T6HCHP-000C6 [3] and MZILS3T2HCJM-000C6 [3]; Firmware Versions: 3P00 [1], 3P02 [2] and EXP2 [3])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/23/2015
03/21/2016
Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #3213); ECDSA (Cert. #595); SHS (Cert. #2660); DRBG (Cert. #121)

-Other algorithms: NDRNG

Multi-chip standalone
2449Cobham TCS Limited
The Cobham Centre - Solent Fusion 2
1100 Parkway Solent Business Park
Whiteley, Hampshire PO15 7AB
United Kingdom

Graham Foord
TEL: +44 (0) 1489 566750
FAX: +44 (0) 1489 880538

Neil McSparron
TEL: +44 (0) 1489 566750
FAX: +44 (0) 1489 880538

CST Lab: NVLAP 200928-0
Cobham AES Cryptographic Firmware-Hybrid Module
(Hardware Version: Freescale ColdFire MCF54453; Firmware Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware-Hybrid09/23/2015Overall Level: 1

-Mitigation of Other Attacks: N/A

-Tested: Cobham D1705D TX with FreeRTOS Operating System version 6.0.5

-FIPS Approved algorithms: AES (Cert. #3211); SHS (Cert. #2658); HMAC (Cert. #2024)

-Other algorithms: DES; CRC32

Multi-chip standalone

"The Cobham AES Cryptographic Firmware-Hybrid Module is used in Cobham’s products to provide secure AES Encryption such as in the NETNode IP Mesh radio to protect data transmitted over the NETNode high capacity ad-hoc multi-radio mesh network."
2448Vectra Networks
550 South Winchester Blvd,
Suite 200
Bin 007
San Jose, CA 95128
USA

Jason Kehl

CST Lab: NVLAP 201029-0
Vectra Networks Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software09/17/2015
02/10/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755
CentOS 6.3 on a Dell OptiPlex 755
Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-chip standalone

"The Vectra Networks Cryptographic Module provides cryptographic functions for the Vectra X-Series platforms software, which delivers a new class of advanced persistent threat (APT) defense delivering real-time detection and analysis of active network breaches."
2447Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Reznik
TEL: +420 532 294 111
FAX: +420 541 426 177

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux 6.6 OpenSSH Client Cryptographic Module
(Software Version: 3.1)
(When operated in FIPS mode with module Red Hat Enterprise Linux 6.6 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software09/16/2015
04/28/2016
Overall Level: 1

-Physical Security: N/A


-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA
Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA (single-user mode)

-FIPS Approved algorithms: CVL (Certs. #526 and #527)

-Other algorithms: N/A

Multi-chip standalone

"The OpenSSH Client cryptographic module provides the client-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.6. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
2446Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

Jaroslav Reznik
TEL: +420 532 294 111
FAX: +420 541 426 177

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux 6.6 OpenSSH Server Cryptographic Module
(Software Version: 3.1)
(When operated in FIPS mode with module Red Hat Enterprise Linux 6.6 OpenSSL Module validated to FIPS 140-2 under Cert. #2441 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software09/16/2015
04/28/2016
Overall Level: 1

-Physical Security: N/A


-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA
Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA (single-user mode)

-FIPS Approved algorithms: CVL (Certs. #526 and #527)

-Other algorithms: N/A

Multi-chip standalone

"The OpenSSH Server cryptographic module provides the server-side component for an SSH protocol version 2 protected communication channel. OpenSSH is the standard SSH implementation and shipped with RHEL 6.6. Its cryptographic mechanisms use the OpenSSL library in FIPS 140-2 mode."
2445Accellion, Inc.
1804 Embarcadero Road
Suite 200
Palo Alto, CA 94303
USA

Prateek Jain
TEL: +65-6244-5670
FAX: +65-6244-5678

CST Lab: NVLAP 100432-0
Accellion kiteworks Cryptographic Module
(Software Version: KWLIB_2_0_2)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software09/15/2015Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with CentOS 6.4 on VMware ESXi 5.1.0 running on a Dell Inc. PowerEdge R320 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3212); CVL (Certs. #434 and #435); DRBG (Cert. #683); ECDSA (Cert. #592); HMAC (Certs. #1791 and #2025); RSA (Cert. #1636); SHS (Certs. #2393 and #2659); Triple-DES (Cert. #1828)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; AES (non-compliant); DRBG (non-compliant); DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); Diffie-Hellman; adler32; Blowfish; CAMELLIA; CAST5; crc32; crc32b; DES; DESX; fnv132; fnv164; gost; haval; IDEA; joaat; MDC2; MD2; MD4; MD5; RC2; RC4; RC4-HMAC-MD5; RIPEMD; SEED; snefru; snefru256; SSLeay; Tiger; Whirlpool; rand(); mtrand()

Multi-chip standalone

"Accellion kiteworks Cryptographic Module is a key component of Accellion's kiteworks product that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use."
2444Lexmark International, Inc.
740 W. New Circle Road
Lexington, KY 40550
USA

Sean Gibbons
TEL: 859-232-2000

CST Lab: NVLAP 200416-0
Lexmark™ Crypto Module
(Firmware Version: 2.10)
(No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware09/14/2015Overall Level: 1

-Mitigation of Other Attacks: N/A

-Tested: Lexmark MX811de with Lexmark(TM) Linux version 3.0.0

-FIPS Approved algorithms: SHS (Certs. #2049 and #2050); HMAC (Certs. #1479 and #1480); AES (Cert. #2380)

-Other algorithms: N/A

Multi-chip standalone

"The Lexmark™ Crypto Module is a firmware option for Lexmark™ and Dell® Multi-Function Printers that permit the transfer, storage and printing of encrypted print jobs. Using the Lexmark™ Crypto Module, a printer is capable of encrypting and decrypting data input to and output from the module crypto kernel using the AES (FIPS 197) encryption algorithm."
2443Pitney Bowes, Inc.
37 Executive Drive
Danbury, CT 06810
USA

Dave Riley
TEL: 203-796-3208
FAX: 203-617-6060

CST Lab: NVLAP 200983-0
Pitney Bowes MS1 X4 Postal Security Device (PSD)
(Hardware Version: Part # 4W84001 Rev AAA; MAX32590 Secure Microcontroller Revision B4; Firmware Version: Device Abstraction Layer (DAL) Version 01.01.00F4; PB Bootloader Version 00.00.0016; PSD Application Version 21.04.807E)
(When operated in FIPS Mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/09/2015Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: DSA (Cert. #871); ECDSA (Cert. #529); CVL (Cert. #254); SHS (Cert. #2369); AES (Certs. #2826); DRBG (Cert. #487); HMAC (Cert. #1769); KAS (Cert. #49); Triple-DES (Cert. #1690); RSA (Cert. #1539); KTS (AES Cert. #2936); Triple-DES MAC (Cert. #1690, Vendor affirmed)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); TRNG

Single-chip

"The MS1 X4 PSD is a single chip cryptographic module using the Maxim MAX32590 hardware that provides security services to support the creation of digital postage evidence in the form of an indicium."
2442Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0
Kanguru Defender Elite300
(Hardware Versions: P/Ns KDFE300-4G-Green [1, 2], KDFE300-4G-Black [1, 2], KDFE300-4G-Red [1, 2], KDFE300-4G-Silver [1, 2], KDFE300-8G-Green [1, 2], KDFE300-8G-Black [1, 2], KDFE300-8G-Red [1, 2], KDFE300-8G-Silver [1, 2], KDFE300-16G-Green [1, 2], KDFE300-16G-Black [1, 2], KDFE300-16G-Red [1, 2], KDFE300-16G-Silver [1, 2], KDFE300-32G-Green [1, 2], KDFE300-32G-Black [1, 2], KDFE300-32G-Red [1, 2], KDFE300-32G-Silver [1, 2], KDFE300-64G-Green [1, 2], KDFE300-64G-Black [1, 2], KDFE300-64G-Red [1, 2], KDFE300-64G-Silver [1, 2], KDFE300-128G-Green [1, 2], KDFE300-128G-Black [1, 2], KDFE300-128G-Red [1, 2], KDFE300-128G-Silver [1, 2], KDFE300-8G-PRO-Green [2], KDFE300-8G-PRO-Black [2], KDFE300-8G-PRO-Red [2], KDFE300-8G-PRO-Silver [2], Version 1.0; Firmware Versions: 2.10.10 [1] and 2.11.10 [2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware09/09/2015
06/21/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: HMAC (Cert. #1878); AES (Cert. #2962); SHS (Cert. #2491); RSA (Cert. #1557); DRBG (Cert. #560); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Kanguru Defender Elite300 Cryptographic Module is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device."
2441Red Hat®, Inc.
100 East Davie Street
Raleigh, NC 27601
USA

Ann Marie Rubin
TEL: 978-392-1000
FAX: 978-392-1001

Steve Grubb
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0
Red Hat Enterprise Linux 6.6 OpenSSL Module, Red Hat Enterprise Linux 7.1 OpenSSL Module
(Software Versions: 3.0, 4.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software09/08/2015
01/27/2016
02/16/2016
Overall Level: 1

-Physical Security: N/A


-Operational Environment: Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA
Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA
Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA
Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA
Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380 Gen8 with PAA
Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380 Gen8 without PAA
Red Hat Enterprise Linux 7.1 running on IBM POWER8 Little Endian 8286-41A
Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3104, #3105, #3106, #3107, #3108, #3109, #3110, #3111, #3112, #3113, #3114, #3119, #3634, #3635, #3636, #3637, #3638, #3639, #3640, #3641, #3642, #3651 and #3696); Triple-DES (Certs. #1784, #1785, #1786, #1790, #2027, #2028, #2029, #2044 and #2059); RSA (Certs. #1583, #1584, #1586, #1590, #1875, #1876, #1877, #1878, #1886 and #1902); DSA (Certs. #897, #898, #899, #903, #1013, #1014, #1015, #1016, #1023 and #1038); ECDSA (Certs. #560, #561, #562, #564, #755, #756, #757, #759 and #775); DRBG (Certs. #610, #611, #612, #613, #614, #615, #616, #617, #618, #619, #620, #621, #622, #623, #624, #625, #626, #629, #630, #631, #957, #958, #959, #960, #961, #962, #963, #964, #965, #966, #967, #968, #969, #970, #971, #982 and #1003); SHS (Certs. #2547, #2563, #2564, #2565, #2566, #2567, #2568, #2569, #2570, #2574, #2575, #2577, #3052, #3053, #3054, #3055, #3056, #3057, #3058, #3059, #3060, #3061, #3069 and #3095); HMAC (Certs. #1931, #1944, #1945, #1946, #1947, #1948, #1949, #1950, #1951, #1955, #1956, #1958, #2385, #2386, #2388, #2389, #2390, #2391, #2392, #2393, #2394, #2401 and #2427); CVL (Certs. #374, #375, #376, #377, #380, #381, #654, #655, #656, #657, #658, #661 and #662)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #655, #657 and #661, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #655, #657 and #661, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RNG; Camellia; CAST; DES; IDEA; J-PAKE; MD2; MD4; MDC2; RC2; RC4; RC5; RIPEMD; Whirlpool

Multi-chip standalone

"The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of theOpenSSL library."
2440Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Joshua Brickman
TEL: 781-442-0451
FAX: 781-442-0451

Tyrone Stodart
TEL: +44-1189-240402
FAX: +44-1189-240402

CST Lab: NVLAP 200636-0
Java Card Platform for Infineon on SLE 78 (SLJ 52GxxyyyzR)
(Hardware Version: M7892 B11; Firmware Version: 1.0f)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/03/2015Overall Level: 3

-FIPS Approved algorithms: AES (Cert. #2941); Triple-DES (Cert. #1747); Triple-DES MAC (Triple DES Cert. #1747; vendor affirmed); DSA (Cert. #873); RSA (Cert. #1544); ECDSA (Cert. #532); SHS (Cert. #2477); DRBG (Cert. #544)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength)

Single-chip

"The cryptographic module consists of M7892B11 security controller by Infineon Technologies together with embedded software providing a secure execution environment consisting of a Java Card Runtime, Java Card Virtual Machine, Java Card API and Global Platform Card Manager along with native cryptographic library calls made available to applets through Java Card APIs. It is compliant with Java Card specifications version 3.0.1 Classic Edition and the Global Platform card specification version 2.2. In particular, it implements the GlobalPlatform ID Configuration 1.0."
2438Alcatel-Lucent
600 March Road
Ottawa, ON K2K 2E6
Canada

Naren V. Patel
TEL: 978-952-7274

CST Lab: NVLAP 200556-0
Alcatel-Lucent 1830 Photonic Service Switch (PSS)
(Hardware Versions: WOCUATAUAB / 3KC12841AA 02 [1], WOM3P00CRC / 8DG59859AA 03 [2], WOMNW00ERB / 8DG59319AA 02 [3], EC PSS-4 (3KC-12828-ABAC) [1], E4PFDCAK [1], 11QPEN4 [1-3], 10G MR XFP [1-3], 10GBASE-SR XFP [1-3], 1AB396080001 [1-3], X8FCLC-L [1-3], X8FCSN-I [1-3], XL-64TU XFP [1-3], EC PSS-16/PSS-32 (8DG59241AD) [2,3], PF (-48V DC) PSS-16, 20A [2], 8DG-59418-AA [1-3], PF (-48V DC) PSS-32, 20A [3], 8DG-61258-GAAA-TSZZA [3], with FIPS Kits 3KC-13452-AAAA [1], 3KC-13453-AAAA [1], 8DG-62678-AAAA [2] and 8DG-62677-AAAA [3]; Firmware Version: 1.3.1)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to Section 3.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware09/03/2015Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2828, #2829 and #2830); CVL (Certs. #255 and #256); SHS (Certs. #2370 and #2371)

-Other algorithms: MD5; AES (Certs. #2829 and #2830, key wrapping)

Multi-chip standalone

"The 1830 PSS is a scalable, next-generation Dense Wave Division Multipexer (DWDM) platform that supports data center aggregation for Ethernet, Fiber Channel (FC) and other protocols. Multiprotocol services can then be dynamically and flexibly transported over metro and long-haul spans, using Tunable and Reconfigurable Optical Add-Drop Multiplexers (T-ROADMs) for optical wavelengths. The 1830 PSS enables transparent L2 Ethernet or FC and L3 IP services over the optical link."
2435SUSE, LLC
10 Canal Park, Suite 200
Cambridge, Massachusetts 02141
USA

Thomas Biege
TEL: +49 911 74053 500

Michael Hager
TEL: +49 911 74053 80

CST Lab: NVLAP 200658-0
SUSE Linux Enterprise Server 12 - OpenSSL Module
(Software Version: 2.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software08/20/2015Overall Level: 1

-Physical Security: N/A


-Operational Environment: Tested as meeting Level 1 with SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 with PAA
SUSE Linux Enterprise Server 12 running on HP ProLiant DL320e Gen8 without PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3197, #3198 and #3199); Triple-DES (Cert. #1823); DSA (Cert. #915); RSA (Cert. #1628); ECDSA (Cert. #586); SHS (Certs. #2645, #2646 and #2648); HMAC (Certs. #2014, #2015 and #2016); DRBG (Certs. #674, #675 and #676); CVL (Certs. #430 and #431)

-Other algorithms: Diffie-Hellman (CVL Cert. #431, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #431, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ANSI X9.31 RNG (non-compliant); MD2; MD4; MD5; MDC-2; HMAC-MD5; Blowfish; Camellia; CAST; DES; IDEA; JPAKE; RC2; RC4; RC5; RIPEMD160; SEED; TLS-SRP; Whirlpool

Multi-chip standalone

"OpenSSL is an open-source library of various cryptographic algorithms written mainly in C."
2434SafeNet, Inc.
20 Colonnade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Security and Certifications Team

CST Lab: NVLAP 200556-0
ProtectServer Internal Express 2 (PSI-E2)
(Hardware Versions: VBD-05, Version Code 0200; Firmware Version: 5.00.02)
(When operated in FIPS mode and installed, initialized and configured as specified in the Security Policy Section 3)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/20/2015
11/24/2015
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1756, #2664 and #3118); DRBG (Cert. #428); DSA (Cert. #902); ECDSA (Cert. #563); HMAC (Cert. #1957); KAS (Cert. #51); RSA (Cert. #1589); SHS (Cert. #2576); Triple-DES (Certs. #1137 and #1789); Triple-DES MAC (Triple-DES Cert. #1789, vendor affirmed)

-Other algorithms: AES (Cert. #3118, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1789, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG

Multi-chip embedded

"The SafeNet PSI-E 2 is a high-end intelligent PCI adapter card, used either standalone or in the SafeNet PSE 2 appliance, that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. The module provides key management (e.g., generation, storage, deletion, and backup), an extensive suite of cryptographic mechanisms, and process management including separation between operators. The PSI-E 2 also features non-volatile tamper protected memory for key storage, a hardware random number generator, and an RTC."
2433Forcepoint
10240 Sorrento Valley Road
San Diego, CA 92121
USA

Matt Sturm
TEL: 858-320-9444

Paul Lee
TEL: 858-320-9369

CST Lab: NVLAP 100432-0
Websense Java Crypto Module
(Software Version: 2.0.1)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/19/2015
04/11/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Windows Server 2012 with Java Runtime Environment (JRE) v1.7.0_17 running on OEM PowerEdge R420 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3192); DSA (Cert. #914); ECDSA (Cert. #583); RSA (Cert. #1622); HMAC (Cert. #2011); SHS (Cert. #2637); DRBG (Cert. #668); Triple-DES (Cert. #1818)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (non-compliant); RNG (non-compliant); Blowfish; Camellia; CAST5; CAST6; ChaCha; DES; Triple-DES (non-compliant); ElGamal; GOST28147; GOST3411; Grain128; Grainv1; HC128; HC256; IDEA; IES; ISAAC; MD2; MD4; MD5; Naccache Stern; Noekeon; Password-Based-Encryption (PBE); RC2; RC2 Key Wrapping; RC4; RC532; RC564; RC6; RFC3211 Wrapping; RFC3394 Wrapping; Rijndael; Ripe MD128; Ripe MD160; Ripe MD256; Ripe MD320; RSA Encryption; Salsa 20; SEED; SEED Wrapping; Serpent; Shacal2; SHA-3 (non-compliant); SHA-512/t (non-compliant); Skein-256-*; Skein-512-*; Skein-1024-*; Skipjack; DRBG (non-compliant); TEA; Threefish; Tiger; TLS v1.0 KDF (non-compliant); Twofish; VMPC; Whirlpool; XSalsa20; XTEAEngine

Multi-chip standalone

"The Websense Java Crypto Module provides cryptographic functions for a variety of security solutions from Forcepoint."
2432VASCO Data Security International, Inc.
Koningin Astridlaan 164
Wemmel 1780
Belgium

Frederik Mennes
TEL: +32 2 609 97 00
FAX: +32 2 609 97 09

CST Lab: NVLAP 100432-0
DIGIPASS GO-7
(Hardware Version: DIGIPASS GO-7 FIPS 140-2; Firmware Version: 0355)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/19/2015Overall Level: 2

-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #3216 and #3217); KBKDF (Cert. #44)

-Other algorithms: N/A

Multi-chip standalone

"DIGIPASS GO-7 is a 'one-button' strong authentication hardware device, based on VASCO's proven DIGIPASS technology. With a single press of a button, DIGIPASS GO-7 generates and displays a dynamic one-time password every time the user wants to log onto an application, website or network."
2431iStorage Limited
iStorage House
13 Alperton Lane
Perivale, Middlesex UB6 8DH
England

John Michael
TEL: +44 (0)20 8991 6260
FAX: +44 (0)20 8991 6277

CST Lab: NVLAP 200802-0
iStorage datAshur SSD 3.0 Cryptographic Module
(Hardware Version: RevD; Firmware Version: 6.5)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/19/2015Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911)

-Other algorithms: NDRNG

Multi-chip standalone

"iStorage datAshur SSD 3.0 Cryptographic Module"
2430Samsung Electronics Co., Ltd.
R5 416, Maetan 3-dong Yeongton-gu
Suwon-si, Gyeonggi 443-742
Korea

Bumhan Kim
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0
Samsung Kernel Cryptographic Module
(Software Version: SKC1.6)
(When operated in FIPS mode. The module generates random strings whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software08/14/2015
09/04/2015
Overall Level: 1

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Android Lollipop 5.0.2 running on Samsung Galaxy S6
Android Lollipop 5.1 running on Samsung Galaxy Tab S2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3292 and #3461); SHS (Certs. #2731 and #2857); Triple-DES (Certs. #1877 and #1952); HMAC (Certs. #2090 and #2207); DRBG (Certs. #750 and #849)

-Other algorithms: DES; Twofish; MD5; ansi_cprng; krng; ANSI X9.31 RNG; ARC4; Pcompress; CRC32c; Deflate; LZO; AES-GCM (non-compliant); RFC4106-AES-GCM (non-compliant); RFC4543-AES-GCM (non-compliant); AES-CTR (non-compliant); Triple-DES-CTR (non-compliant); GHASH; GF128MUL; 2-key Triple-DES

Multi-chip standalone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
2429SafeNet, Inc.
20 Colonnade Road
Ottawa, ON K2E 7M6
Canada

Security and Certifications Team

CST Lab: NVLAP 200556-0
Luna® Backup HSM Cryptographic Module
(Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/11/2015
09/04/2015
10/26/2015
01/14/2016
01/22/2016
05/12/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Luna® Backup HSM Hardware Security Module (HSM) provides the same level of security as the Luna® SA and Luna® PCI-E HSMs in a convenient, small, low-cost form factor. The Luna Backup HSM ensures that sensitive cryptographic material remains strongly protected in hardware even when not being used. One can easily back up and duplicate keys securely to the Luna Backup HSM for safekeeping in case of emergency, failure or disaster."
2428SafeNet, Inc.
20 Colonnade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Security and Certifications Team

CST Lab: NVLAP 200556-0
Luna® PCI-E Cryptographic Module and Luna® PCI-E Cryptographic Module for Luna® SA
(Hardware Versions: VBD-05, Version Code 0100, VBD-05, Version Code 0101, VBD-05, Version Code 0102, VBD-05, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/11/2015
09/18/2015
10/26/2015
12/15/2015
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #1756, #2664 and #2667); Triple-DES (Certs. #1137, #1598 and #1599); Triple-DES MAC (Triple-DES Certs. #1137, #1598 and #1599, vendor affirmed); DSA (Certs. #804, #806 and #807); SHS (Certs. #2237 and #2240); RSA (Certs. #1369 and #1371); HMAC (Certs. #1655 and #1658); DRBG (Cert. #428); ECDSA (Certs. #461, #462 and #463); KAS (Cert. #43); KBKDF (Cert. #14)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2667; non-compliant); AES (Certs. #2664 and #2667, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1599, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
2427SafeNet, Inc.
20 Colonnade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Security and Certifications Team

CST Lab: NVLAP 200556-0
Luna® PCI-E Cryptographic Module and Luna® PCI-E Cryptographic Module for Luna® SA
(Hardware Versions: VBD-05, Version Code 0100, VBD-05, Version Code 0101, VBD-05, Version Code 0102, VBD-05, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/11/2015
09/30/2015
10/26/2015
12/15/2015
Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1756, #2664 and #2667); Triple-DES (Certs. #1137, #1598 and #1599); Triple-DES MAC (Triple-DES Certs. #1137, #1598 and #1599, vendor affirmed); DSA (Certs. #804, #806 and #807); SHS (Certs. #2237 and #2240); RSA (Certs. #1369 and #1371); HMAC (Certs. #1655 and #1658); DRBG (Cert. #428); ECDSA (Certs. #461, #462 and #463); KAS (Cert. #43); KBKDF (Cert. #14)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2667; non-compliant); AES (Certs. #2664 and #2667, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1599, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Luna PCI-e cryptographic module is a multi-chip embedded hardware cryptographic module in the form of a PCI-Express card that typically resides within a custom computing or secure communications appliance. The cryptographic module is contained in its own secure enclosure that provides physical resistance to tampering. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-e card."
2426SafeNet, Inc.
20 Colonnade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Security and Certifications Team

CST Lab: NVLAP 200556-0
Luna® G5 Cryptographic Module
(Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9)
(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/11/2015
09/04/2015
10/26/2015
01/14/2016
01/22/2016
05/12/2016
Overall Level: 3

-FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface."
2425wolfSSL Inc.
10016 Edmonds Way Suite C-300
Edmonds, WA 98020
USA

Todd Ouska
TEL: 503-679-1859

Larry Stefonic
TEL: 206-369-4800

CST Lab: NVLAP 100432-0
wolfCrypt
(Software Versions: 3.6.0, 3.6.1 and 3.6.6)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/11/2015
09/15/2015
09/30/2015
11/18/2015
06/23/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Linux 3.13.0 (Ubuntu) running on a HP EliteBook
iOS 8.1 running on an iPhone 6
Android 4.4 running on a Samsung Galaxy S5
FreeRTOS 7.6 running on uTrust TS Reader
Windows 7 (64-bit) running on Sony Vaio Pro
Linux 3.0 (SLES 11 SP4, 64-bit) running on Imprivata OneSign
Linux 3.0 (SLES 11 SP4, 64-bit) on Microsoft Hyper-V 2012R2 Core running on Dell® PowerEdge™ r630
Linux 3.0 (SLES 11 SP4, 64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge r630™
Windows 7 (64-bit) on VMWare ESXi 5.5.0 running on Dell® PowerEdge™ r630 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3157, #3330, #3417, #3490 and #3508); DRBG (Certs. #650, #775, #821, #863 and #875); HMAC (Certs. #1990, #2121, #2175, #2228 and #2241); RSA (Certs. #1602, #1710, #1749, #1791 and #1803); SHS (Certs. #2614, #2763, #2823, #2882 and #2893); Triple-DES (Certs. #1800, #1901, #1928, #1966 and #1972)

-Other algorithms: RSA (non-compliant); Diffie-Hellman; EC Diffie-Hellman; MD5; AES GCM (non-compliant); DES; RC4; RIPEMD-160; HMAC-MD5

Multi-chip standalone

"wolfCrypt module is a comprehensive suite of FIPS Approved algorithms. All key sizes and modes have been implemented to allow flexibility and efficiency."
2423Qualcomm Technologies, Inc.
5775 Morehouse Dr
San Diego, CA 92121
USA

Lu Xiao
TEL: 858-651-5477

CST Lab: NVLAP 200658-0
QTI Cryptographic Module on Crypto 5 Core
(Hardware Version: Snapdragon 810; Software Version: 5.f3-64)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid08/11/2015
12/03/2015
Overall Level: 1

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Android 5.0 running on Snapdragon 810 (single-user mode)

-FIPS Approved algorithms: DRBG (Cert. #655); Triple-DES (Cert. #1802); HMAC (Cert. #1992); AES (Cert. #3164); SHS (Cert. #2617)

-Other algorithms: HWRNG; DES; AEAD; kasumi; snow-3g

Multi-chip standalone

"This cryptographic module implements block ciphers including AES, Triple-DES, hash functions SHA-1 and SHA-256, Message Authentication Code functions HMAC and CMAC and DRBG 800-90A."
2422Nimble Storage Inc.
211 River Oaks Parkway
San Jose, CA 95134
USA

Kent Peacock
TEL: 408-514-3452

CST Lab: NVLAP 200427-0
Nimble Storage FIPS Object Module
(Software Version: 2.0.9)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module. This validation entry is a non-security relevant modification to Cert. #1747)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/11/2015
03/01/2016
06/07/2016
07/25/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Linux 2.6 running on a Nimble Storage CS300 with PAA
Linux 2.6 running on a Nimble Storage CS500 with PAA
Linux 2.6 running on a Nimble Storage CS700 with PAA
Linux 3.4 64-bit under Citrix XenServer running on Intel Xeon E5-2430L (x86) without PAA
Linux 2.6 running on a Nimble Storage AF3000 with PAA
Linux 2.6 running on a Nimble Storage AF5000 with PAA
Linux 2.6 running on a Nimble Storage AF7000 with PAA
Linux 2.6 running on a Nimble Storage AF9000 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2484 and #3351); CVL (Certs. #85 and #496); DRBG (Certs. #342 and #784); DSA (Certs. #764 and #950); ECDSA (Certs. #413 and #664); HMAC (Certs. #1526 and #2134); RSA (Certs. #1273 and #1718); SHS (Certs. #2102 and #2778); Triple-DES (Certs. #1522 and #1912)

-Other algorithms: EC Diffie-Hellman; PRNG; RSA (encrypt/decrypt)

Multi-chip standalone

"The Nimble Storage FIPS Object Module 2.0.9 is a general purpose cryptographic module built from the OpenSSL FIPS Object Module 2.0.9 source code, which is validated under certificate #1747. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit."
2421Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Aironet 1142, 1262, 1532e/i, 1552e/i, 1572, 1602e/i, 1702, 2602e/i, 2702e/i, 3502e/i, 3602e/i/p and 3702e/i/p Wireless LAN Access Points
(Hardware Versions: {1142[2], 1262[3], 1532e[6], 1532i[6], 1552e[3], 1552i[3], 1572[5], 1602e[4], 1602i[4], 1702[5], 2602e[5], 2602i[5], 2702e[5], 2702i[5], 3502e[3], 3502i[3], 3602e[1,5], 3602i[1,5], 3602p[1,5], 3702e[1,5], 3702i[1,5] and 3702p[1,5] with AIR-RM3000M[1], Marvell 88W8363P[2], Marvell 88W8364[3], Marvell 88W8763C[4], Marvell 88W8764C[5] and Qualcomm Atheros AES-128w10i[6]} with FIPS Kit: AIRLAP-FIPSKIT=, VERSION B0; Firmware Version: 8.0 with IC2M v2.0)
(The tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/06/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2334, #2335, #2336, #2450, #2817, #2846 and #2901); CVL (Certs. #253 and #536); DRBG (Certs. #481 and #534); HMAC (Certs. #1764 and #1836); RSA (Certs. #1471 and #1529); SHS (Certs. #2361 and #2441)

-Other algorithms: AES (Certs. #2817 and #2901, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SHA-512 (non-compliant)

Multi-chip standalone

"Cisco Aironet Series Wireless Access Points provide highly secure and reliable wireless connections for both indoor and outdoor environments."
2420IBM® Corporation
12 - 14 Marine Parade
Seabank Centre
Southport, QLD 4215
Australia

Alex Hennekam
TEL: +61 7-5552-4045
FAX: +61 7-5571-0420

Peter Waltenburg
TEL: +61 7- 5552-4016
FAX: +61 7-5571-0420

CST Lab: NVLAP 200658-0
IBM® Crypto for C
(Software Version: 8.4.1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software08/05/2015Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008® 64-bit running on S2600CP with PAA
Microsoft Windows Server 2008® 64-bit running on S2600CP without PAA
AIX® 7.1 64-bit running on an IBM 8286-42A POWER8 with PAA
AIX® 7.1 64-bit running on an IBM 8286-42A POWER8 without PAA
Solaris® 11 64-bit running on Netra SPARC T4-1 Server with PAA
Solaris® 11 64-bit running on Netra SPARC T4-1 Server without PAA
Red Hat Linux Enterprise Server 7.0 64-bit running on S2600CP with PAA
Red Hat Linux Enterprise Server 7.0 64-bit running on S2600CP without PAA
Ubuntu 14.04 LE 64-bit running on IBM 8247-22L POWER8 with PAA
Ubuntu 14.04 LE 64-bit running on IBM 8247-22L POWER8 without PAA
Red Hat Linux Enterprise Server 7.0 BE 64-bit running on an IBM 8286-42A POWER8 with PAA
Red Hat Linux Enterprise Server 7.0 BE 64-bit running on an IBM 8286-42A POWER8 without PAA
SLES 11 64-bit running on an IBM zSeries z196 type 2817 model M32 with CPACF
SLES 11 64-bit running on an IBM zSeries z196 type 2817 model M32 without CPACF (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3226, #3227, #3228, #3229, #3230, #3231, #3232, #3233, #3235, #3236, #3237, #3238, #3239, #3240, #3241, #3242, #3243, #3244, #3245, #3246, #3247, #3248, #3249, #3250, #3251 and #3252); Triple-DES (Certs. #1832, #1833, #1834, #1835, #1836, #1837, #1838, #1839, #1840, #1841, #1842, #1843 and #1844); DSA (Certs. #919, #920, #921, #922, #923, #924, #925, #926, #927, #928, #929, #930 and #931); RSA (Certs. #1640, #1641, #1642, #1643, #1645, #1646, #1647, #1648, #1649, #1650, #1651, #1652, #1653, #1654 and #1655); ECDSA (Certs. #596, #597, #598, #599, #600, #601, #602, #603, #604, #605, #606, #607, #608, #609 and #610); SHS (Certs. #2666, #2667, #2668, #2669, #2670, #2671, #2672, #2673, #2675, #2676, #2677, #2678, #2679, #2680, #2681, #2682, #2683, #2684, #2685, #2686, #2687 and #2688); DRBG (Certs. #687, #688, #689, #690, #691, #692, #693, #694, #696, #697, #698, #699, #700, #701, #702, #703, #704, #705, #706, #707, #708, #709, #710, #711, #712 and #713); HMAC (Certs. #2030, #2031, #2032, #2033, #2034, #2035, #2036, #2037, #2038, #2039, #2040, #2041, #2042, #2043, #2044, #2045, #2046, #2047, #2048, #2049, #2050 and #2051); CVL (Cert. #441, #442, #443, #444, #445, #446, #447, #448, #449, #450, #451, #452 and #453)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #441, #442, #443, #444, #445, #446, #447, #448, #449, #450, #451, #452 and #453, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; MDC2; RIPEMD; HMAC-MD5; DES; CAST; Camellia; Blowfish; Password based encryption; RC4; RC2; TRNG; KBKDF (non-compliant); DSA (non-compliant)

Multi-chip standalone

"The IBM Crypto for C v8.4.0.0 (ICC) cryptographic module is implemented in the Cprogramming language. It is packaged as dynamic (shared) libraries usable byapplications written in a language that supports C language linking conventions (e.g. C,C++, Java, Assembler, etc.) for use on commercially available operating systems. TheICC allows these applications to access cryptographic functions using an ApplicationProgramming Interface (API) provided through an ICC import library and based on theAPI defined by the OpenSSL group."
2419Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Paul Tucker
TEL: 512-432-2626

Freddy Mercado
TEL: 512-432-2947

CST Lab: NVLAP 200427-0
TippingPoint Intrusion Prevention System
(Hardware Versions: 2600NX, 5200NX, 6200NX, 7100NX, and 7500NX with HP FIPS Security Enclosure: Part# JC856A; Firmware Version: 3.8.2)
(When operated in FIPS mode with pick-resistant locks and opaque cover installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/05/2015
08/14/2015
12/09/2015
01/06/2016
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #3624); CVL (Cert. #644); DRBG (Cert. #952); HMAC (Cert. #2376); RSA (Cert. #1867); SHS (Cert. #3042); Triple-DES (Cert. #2019)

-Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
2417McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise Control Center
(Hardware Versions: FWE-C1015 with FIPS Kit: FWE-CC-FIPS-KIT1, FWE-C2050 with FIPS Kit: FWE-CC-FIPS-KIT2, FWE-C3000 with FIPS Kit: FWE-CC-FIPS-KIT2; Firmware Version: 5.3.2 Patch 6)
(When installed, initialized and configured as specified in the Security Policy Section Secure Operation.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/30/2015
07/31/2015
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2972 and #3116); Triple-DES (Certs. #1761 and #1787); SHS (Certs. #2498 and #2572); HMAC (Certs. #1884 and #1953); DRBG (Cert. #566); DRBG (Cert. #627); RSA (Certs. #1561 and #1587); DSA (Certs. #885 and #900); CVL (Cert. #378)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); DRBG (non-compliant); MD5

Multi-chip standalone

"McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
2416McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0
McAfee Firewall Enterprise Control Center Virtual Appliance
(Software Version: 5.3.2 Patch 6)
(When installed, initialized and configured as specified in the Security Policy in Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/30/2015Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with MLOS v2.2.3 on VMware vSphere 5.0 running on a Intel SR2625URLX (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2973 and #3117); Triple-DES (Certs. #1762 and #1788); SHS (Certs. #2499 and #2573); HMAC (Certs. #1885 and #1954); DRBG (Cert. #567); DRBG (Cert. #628); RSA (Certs. #1562 and #1588); DSA (Certs. #886 and #901); CVL (Cert. #379)

-Other algorithms: Diffie-Hellman (key wrapping; key establishment methodology provides 112 bitsof encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); DRBG (non-compliant); MD5

Multi-chip standalone

"McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
2415Morpho
18 avenue chaussée Jules César
Osny 95520
France

Omar Derrouazi
TEL: +33158116971
FAX: +33158113566

CST Lab: NVLAP 200901-0
IDeal Citiz™ v2.0 Open
(Hardware Versions: SLE78CFX3000P, SLE78CLFX3000P, SLE78CLFX3000PM, SLE78CFX4000P, SLE78CLFX4000P, SLE78CLFX4000PM; Firmware Version: 2.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/28/2015Overall Level: 3

-FIPS Approved algorithms: Triple-DES (Cert. #1689); Triple-DES MAC (Cert. #1689, vendor affirmed); AES (Cert. #2818); RSA (Cert. #1472); SHS (Cert. #2362); KBKDF (Cert. #62)

-Other algorithms: AES (Cert. #2818, key wrapping, key establishment methodology provides 128 - 256 bits of encryption strength); Triple-DES (Cert. #1689, key wrapping, key establishment methodology provides 112 bits of encryption strength); TRNG

Single-chip

"The IDeal Citiz™ v2.0 Open is a single chip cryptographic module, which combines an implementation of the Sun Java Card Version 3.0.2 Classic Edition and GlobalPlatform Version 2.1.1 specifications on a dual interface chip (ISO 7816 contact and ISO 14443 contactless interface communication protocols).The module aims to host applets written in Java programming language and relying on cryptographic services and biometric features available at platform level. In particular, Ideal Citiz™ v2.0 Open allows third party developers to implement the biometric "Match On Card" user authentication."
2414Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352
FAX: n/a

CST Lab: NVLAP 100432-0
Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Versions: P/Ns 5185912Y01, 5185912Y03 and 5185912Y05; Firmware Versions: R01.05.12 and [R01.00.00 or (R01.00.00 and R02.00.00)])
(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/23/2015Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #819 and #1295); DRBG (Cert. #505); HMAC (Cert. #1796); RSA (Cert. #396); SHS (Certs. #817 and #2399)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR; NDRNG

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
2413Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Paul Tucker
TEL: 512-432-2626

Freddy Mercado
TEL: 512-432-2947

CST Lab: NVLAP 200427-0
TippingPoint Intrusion Prevention System
(Hardware Versions: S660N and S1400N; Firmware Version: 3.8.2)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/23/2015
08/14/2015
12/09/2015
01/06/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #3624); CVL (Cert. #644); DRBG (Cert. #952); HMAC (Cert. #2376); RSA (Cert. #1867); SHS (Cert. #3042); Triple-DES (Cert. #2019)

-Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength).

Multi-chip standalone

"Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
2411Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis
TEL: (669) 227-3579
FAX: (866) 315-1954

CST Lab: NVLAP 200658-0
Apple OS X CoreCrypto Kernel Module v5.0
(Software Version: 5.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/22/2015Overall Level: 1

-Physical Security: N/A


-Operational Environment: Tested as meeting Level 1 with OS X 10.10 running on Mac mini with i5 CPU with PAA
OS X 10.10 running on Mac mini with i5 CPU without PAA
OS X 10.10 running on iMac with i7 CPU with PAA
OS X 10.10 running on iMac with i7 CPU without PAA
OS X 10.10 running on MacPro with Xeon CPU with PAA
OS X 10.10 running on MacPro with Xeon CPU without PAA
OS X 10.10 running on MacBook with Core M CPU with PAA
OS X 10.10 running on MacBook with Core M CPU without PAA (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1895, #1896, #1897 and #1921); AES (Certs. #3066, #3067, #3068, #3069, #3070, #3071, #3072, #3073, #3102, #3323, #3324, #3325, #3382, #3383, #3384 and #3385); RSA (Certs. #1704, #1705, #1706 and #1737); SHS (Certs. #2543, #2544, #2545, #2546, #2579, #2580, #2581, #2582, #2583, #2584, #2585, #2586, #2755, #2756, #2757, #2800, #2801, #2802, #2803 and #2804); ECDSA (Certs. #652, #653, #654 and #673); HMAC (Certs. #1927, #1928, #1929, #1930, #1960, #1961, #1962, #1963, #1964, #1965, #1966, #1967, #2114, #2115, #2116, #2155, #2156, #2157, #2158 and #2159); DRBG (Certs. #598, #599, #600, #601, #602, #609, #769, #770, #771, #805, #806 and #816); PBKDF (vendor affirmed)

-Other algorithms: AES (non-compliant); AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDSA (non-compliant); DES; Triple-DES (non-compliant); ANSI X9.63 KDF; RFC6637 KDF; KBKDF (non-Compliant); SP800-56C KDF; MD2; MD4; MD5; RIPEMD; ed25519; CAST5; Blowfish; RC2; RC4; OMAC; HMAC-DRBG (non-compliant); Hash-DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves

Multi-chip standalone

"The Apple OS X CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2410Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku, Tokyo 105-8001
Japan

Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model NA02)
(Hardware Versions: A0 with PX02SMU020, PX02SMU040, PX02SMU080 or PX02SMQ160; Firmware Version: NA02)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/22/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2598); HMAC (Cert. #1611); SHS (Cert. #2183); RSA (Cert. #1331); DRBG (Cert. #397)

-Other algorithms: NDRNG

Multi-chip embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2409Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 201029-0
Cisco ASR 1001, 1001-X, 1002, 1002-X, 1004, 1006 and 1013
(Hardware Versions: ASR1001, ASR1001-X, ASR1002, ASR1002-X, ASR1004, ASR1006 and ASR1013; Embedded Services Processors: ASR1000-ESP5, ASR1000-ESP10, ASR1000-ESP20, ASR1000-ESP40, ASR1000-ESP100 and ASR1000-ESP200; Route Processors: ASR-1000-RP1 and ASR-1000-RP2; Linecards: ASR1000-6TGE and ASR1000-2T+20X1GE; Firmware Version: IOS XE 3.13)
(When operated in FIPS mode. When installed, initialized and configured as specified in Section 9 of the Security Policy and with the configurations in Table 1 as defined in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/22/2015Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #333, #2346, #2783 and #2817); CVL (Cert. #253); DRBG (Cert. #481); HMAC (Cert. #137, #1455 and #1764); RSA (Cert. #1471); SHS (Certs. #408, #2023, #2338 and #2361); Triple-DES (Certs. #397, #1469, #1670, #1671 and #1688)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); SHA-1 (non-compliant)

Multi-chip standalone

"The ASR 1000 Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services, and reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating environments."
2408Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis
TEL: (669) 227-3579
FAX: (866) 315-1954

CST Lab: NVLAP 200658-0
Apple OS X CoreCrypto Module, v5.0
(Software Version: 5.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/22/2015Overall Level: 1

-Physical Security: N/A


-Operational Environment: Tested as meeting Level 1 with OS X 10.10 running on Mac mini with i5 CPU with PAA
OS X 10.10 running on Mac mini with i5 CPU without PAA
OS X 10.10 running on iMac with i7 CPU with PAA
OS X 10.10 running on iMac with i7 CPU without PAA
OS X 10.10 running on MacPro with Xeon CPU with PAA
OS X 10.10 running on MacPro with Xeon CPU without PAA
OS X 10.10 running on MacBook with Core M CPU with PAA
OS X 10.10 running on MacBook with Core M CPU without PAA (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1847, #1848, #1849, #1850, #1851, #1855, #1922 and #1923); AES (Certs. #3042, #3043, #3044, #3045, #3046, #3047, #3048, #3049, #3051, #3052, #3053, #3054, #3055, #3056, #3057, #3058, #3059, #3060, #3061, #3062, #3063, #3064, #3065, #3121, #3257, #3259, #3260, #3261, #3262, #3266, #3386, #3387, #3388, #3389, #3390, #3391, #3392, #3393, #3394 and #3395); RSA (Certs. #1658, #1659, #1660, #1661, #1662, #1666, #1738 and #1739); SHS (Certs. #2535, #2536, #2537, #2538, #2539, #2540, #2541, #2542, #2588, #2589, #2590, #2591, #2592, #2593, #2594, #2595, #2596, #2597, #2695, #2697, #2698, #2699, #2700, #2704, #2805,# 2806, #2807, #2808, #2809, #2810, #2811 and #2812); ECDSA (Certs. #614, #615, #616, #617, #618, #622, #674 and #675); HMAC (Certs. #1919, #1920, #1921, #1922, #1923, #1924, #1925, #1926, #1969, #1970, #1971, #1972, #1973, #1974, #1975, #1976, #1977, #1978, #2056, #2058, #2059, #2060, #2061, #2065, #2160, #2161, #2162, #2163, #2164, #2165, #2166 and #2167); DRBG (Certs. #586, #587, #588, #589, #590, #591, #592, #593, #594, #595, #596, #597, #716, #718, #719, #720, #721, #725, #807, #808, #809, #810, #811 and #812); PBKDF (vendor affirmed)

-Other algorithms: AES (non-compliant); AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); Integrated Encryption Scheme on elliptic curves; DES; TDES (non-compliant); MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; RC2; RC4; HMAC-DRBG (non-compliant); Hash-DRBG (non-compliant); OMAC (One-Key CBC MAC); KBKDF (non-compliant); ed25519; RFC6637 KDF; ANSI X9.63 KDF

Multi-chip standalone

"The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2407Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

Shawn Geddis
TEL: (669)227-3579
FAX: (866)315-1954

CST Lab: NVLAP 200658-0
Apple iOS CoreCrypto Kernel Module v5.0
(Software Version: 5.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/22/2015Overall Level: 1

-Physical Security: N/A


-Operational Environment: Tested as meeting Level 1 with iOS 8.0 running on iPhone4S with Apple A5 CPU
iOS 8.0 running on iPhone5 with Apple A6 CPU
iOS 8.0 running on iPad (3rd generation) with Apple A5X CPU
iOS 8.0 running on iPad (4th generation) with Apple A6X CPU
iOS 8.0 running on iPhone5S with Apple A7 CPU
iOS 8.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU
iOS 8.0 running on iPad Air 2 with Apple A8X CPU (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1889, #1890, #1891, #1892, #1893, #1894 and #1919); AES (Certs. #3096, #3097, #3098, #3099, #3100, #3101, #3317, #3318, #3319, #3320, #3321, #3322, #3371 and #3380); RSA (Certs. #1698, #1699, #1700, #1701, #1702, #1703 and #1735); SHS (Certs. #2558, #2559, #2560, #2561, #2562, #2587, #2749, #2750, #2751, #2752, #2753, #2754, #2795 and #2798); ECDSA (Certs. #646, #647, #648, #649, #650, #651 and #671); HMAC (Certs. #1939, #1940, #1941, #1942, #1943, #1968, #2108, #2109, #2110, #2111, #2112, #2113, #2150 and #2153); DRBG (Certs. #763, #764, #765, #766, #767, #768 and #803); PBKDF (vendor affirmed)

-Other algorithms: AES (non-compliant); ECDSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 128 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Triple-DES (non-compliant); MD2; MD4; MD5; RIPEMD; Ed25519; CAST5; ANSI X9.63 KDF; RFC6637 KDF; KBKDF (non-compliant); SP800-56C KDF; Blowfish; RC2; RC4; CMAC AES 128; OMAC; HMAC DRBG (non-compliant); Hash DRBG (non-compliant); Integrated Encryption Scheme on elliptic curves

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2405

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware07/08/2015
02/03/2016
Overall Level: 2

Multi-Chip Stand Alone
2404Digital Defence Ltd
400 Pavilion Drive
Northampton Business Park
Northampton NN4 7PA
United Kingdom

Ben Earl
TEL: +44-1604-521-108

Heinrich Van Der Westhuizen
TEL: +44-1604-521-108

CST Lab: NVLAP 200636-0
Secure Mobile
(Software Version: 11.1.0.0)
(When operated with the Microsoft Windows CE, Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #560 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software07/06/2015Overall Level: 1

-Physical Security: N/A


-Operational Environment: Tested as meeting Level 1 with Windows Mobile 6.5 running on Motorola MC65 (Single-user mode)

-FIPS Approved algorithms: AES (Certs. #2851 and #2852); HMAC (Certs. #1792 and #1793); KBKDF (Cert. #26); SHS (Certs. #2394 and #2395)

-Other algorithms: N/A

Multi-chip standalone

"Secure Mobile Cryptographic Module provides core cryptographic functionality in a Windows Embedded Handheld environment. It supports XTS-AES-128 cipher mode for storage encryption, KDF acc. to NIST SP 800-108 to derive the storage encryption key, and HMAC-SHA-256 for integrity protection of its binaries and settings. For generation of XTS tweak values a validated RNG (Cert. #286) contained in "Windows CE and Windows Mobile Enhanced Cryptographic Provider (RSAENH)" , which is a FIPS 140-2 certified cryptographic software module contained in the platform."
2403SafeNet, Inc.
20 Colonnade Road, Suite 200
Ottawa, ON K2E 7M6
Canada

Security and Certifications Team

CST Lab: NVLAP 200556-0
Luna® G5 Cryptographic Module
(Hardware Versions: LTK-03, Version Code 0102; LTK-03, Version Code 0103; Firmware Versions: 6.10.4, 6.10.7 and 6.10.9)
(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware08/11/2015
09/04/2015
10/26/2015
01/14/2016
01/22/2016
05/12/2016
Overall Level: 2

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2664 and #2668); Triple-DES (Certs. #1598 and #1600); Triple-DES MAC (Triple-DES Certs. #1598 and #1600, vendor affirmed); DSA (Certs. #804 and #808); SHS (Certs. #2237 and #2241); RSA (Certs. #1369 and #1372); HMAC (Certs. #1655 and #1659); DRBG (Cert. #428); ECDSA (Certs. #461 and #464); KAS (Cert. #44); KBKDF (Cert. #15)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2668; non-compliant); AES (Certs. #2664 and #2668, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1598 and #1600, key wrapping; key establishment methodology provides 112 bits of encryption strength); GENERIC-SECRET generation (non-compliant); SSL PRE-MASTER generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface."
2402BlackBerry Limited
2200 University Avenue East
Waterloo, Ontario N2K OA7
Canada

Security Certifications Team
TEL: 519-888-7465 x72921
FAX: 905-507-4230

CST Lab: NVLAP 200928-0
BlackBerry Cryptographic Tool Kit
(Software Versions: 6.0, 6.0.2 and 6.0.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software07/01/2015
03/16/2016
06/03/2016
Overall Level: 1

-Physical Security: N/A


-Operational Environment: QNX Neutrino 6.6
QNX Neutrino 6.5
Red Hat Linux AS 5.6
Windows 7 Enterprise 64 bit
Windows Phone 8.0
Android 4.4.2
Android 4.0.4
iOS version 6.1.4
Android 5.0.1
iOS 8.0
Windows 7 Enterprise 32 bit
CentOS Linux Release 7.1 64-bit
Mac OS X Yosemite 10.10.4
Mac OS X El Capitan 10.11.4 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1159, #1773 and #2164); AES (Certs. #1789, #3029 and 3946); SHS (Certs. #1571, #2530 and #3256); HMAC (Certs. #1054, #1914 and #2571); DRBG (Certs. #127, #579 and #1151); DSA (Certs. #563, #891 and #1076); ECDSA (Certs. #242, #553 and #866); RSA (Certs. #894, #1574 and #2017); KAS (Certs. #25, #50 and #79); CVL (Certs. #7, #367 and #789)

-Other algorithms: DES; DESX; AES CCM* (non-compliant); AES-XCBC-MAC (non-compliant); AES EAX (non-compliant); AES MMO (non-compliant); ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; ECNR; ECQV; ECPVS; ECIES; ECSPEKE; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112-bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides less than 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The BlackBerry Cryptographic Tool Kit is a standards-based cryptographic toolkit that supports optimized Elliptic Curve Cryptography and provides application developers with sophisticated tools to flexibly integrate encryption, digital signatures and other security mechanisms into both mobile and server-based applications. The BlackBerry Cryptographic Tool Kit, part of the suite of BlackBerry cryptographic modules, provides application developers with a means to expand the secure capabilities and features BlackBerry is known for, to devices running operating systems other than BlackBerry OS."
2401Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0
Kanguru Defender 3000
(Hardware Versions: P/Ns KDF3000-4G [1, 2], KDF3000-8G [1, 2], KDF3000-16G [1, 2], KDF3000-32G [1, 2], KDF3000-64G [1, 2], KDF3000-128G [1, 2], KDF3000-8G-PRO [2], Version 1.0; Firmware Versions: 2.10.10 [1] and 2.11.10 [2])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/30/2015
06/21/2016
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: HMAC (Cert. #1878); AES (Cert. #2962); SHS (Cert. #2491); RSA (Cert. #1557); DRBG (Cert. #560); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Kanguru Defender 3000 is a 256-bit AES hardware encrypted USB flash drive used primarily to secure data at rest. The device can also be used as a secure platform for remote access and virtualized applications run directly from the drive. The Kanguru Defender line of secure USB solutions is remotely manageable through the Kanguru Remote Management Console (KRMC)."
2400Dell Software, Inc.
5455 Great America Parkway
Santa Clara, CA 95054
USA

Lawrence Wagner
TEL: 408-752-7886

CST Lab: NVLAP 100432-0
Dell SonicWALL NSA Series SM 9600, SM 9400, SM 9200, NSA 6600
(Hardware Versions: P/Ns 101-500380-71, Rev. A (SM 9600), 101-500361-70, Rev. A (SM 9400), 101-500363-70, Rev. A (SM 9200), 101-500364-66, Rev. A (NSA 6600); Firmware Version: SonicOS v6.2.0.10-15n)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/29/2015
03/22/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2756); CVL (Cert. #226); DRBG (Cert. #466); DSA (Cert. #843); HMAC (Cert. #1727); RSA (Cert. #1444); SHS (Cert. #2322); Triple-DES (Cert. #1657)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4; RNG

Multi-chip standalone

"The Dell™ SonicWALL™ SuperMassive™ 9000 Series Next-Generation Firewall (NGFW) is designed to deliver deep security to your enterprise at multi-gigbit speeds. Offering the ultimate in security with enterprise class performance, the SuperMassive 9000 Series detects and blocks the most sophisticated threats before they can enter your network with minimal latency for every connnection on the network. Its multicore design can gracefully handle traffic spikes without impacting network performance."
2398OpenSSL Software Foundation
1829 Mount Ephraim Road
Adamstown, MD 21710
USA

Steve Marquess
TEL: 800-673-6775

CST Lab: NVLAP 100432-0
OpenSSL FIPS Object Module SE
(Software Versions: 2.0.9, 2.0.10, 2.0.11, 2.0.12 or 2.0.13)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/24/2015
12/17/2015
02/08/2016
08/15/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: TS-Linux 2.4 running on Arm920Tid (ARMv4) (gcc Compiler Version 4.3.2)
iOS 8.1 64­bit running on Apple A7 (ARMv8) without NEON and Crypto Extensions (clang Compiler Version 600.0.56)
iOS 8.1 64­bit running on Apple A7 (ARMv8) with NEON and Crypto Extensions (clang Compiler Version 600.0.56)
VxWorks 6.9 running on Freescale P2020 (PPC) (gcc Compiler Version 4.3.3)
iOS 8.1 32­bit running on Apple A7 (ARMv8) without NEON (clang Compiler Version 600.0.56)
iOS 8.1 32­bit running on Apple A7 (ARMv8) with NEON (clang Compiler Version 600.0.56)
Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) without NEON (gcc Compiler Version 4.9)
Android 5.0 32-bit running on Qualcomm APQ8084 (ARMv7) with NEON (gcc Compiler Version 4.9)
Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) without NEON and Crypto Extensions (gcc Compiler Version 4.9)
Android 5.0 64-bit running on SAMSUNG Exynos7420 (ARMv8) with NEON and Crypto Extensions (gcc Compiler Version 4.9)
VxWorks 6.7 running on Intel Core 2 Duo (x86) (gcc Compiler Version 4.1.2)
AIX 6.1 32-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)
AIX 6.1 64-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)
AIX 7.1 32-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)
AIX 7.1 64-bit running on IBM POWER 7 (PPC) (IBM XL C/C++ for AIX Compiler Version V13.1)
DataGravity Discovery Series OS V2.0 running on Intel Xeon E5-2420 (x86) without AES-NI (gcc Compiler Version 4.7.2)
DataGravity Discovery Series OS V2.0 running on Intel Xeon E5-2420 (x86) with AES-NI (gcc Compiler Version 4.7.2)
AIX 6.1 32-bit running on IBM POWER 7 (PPC) with optimizations (IBM XL C/C++ for AIX Compiler Version V10.1)
AIX 6.1 64-bit running on IBM POWER 7 (PPC) with optimizations (IBM XL C/C++ for AIX Compiler Version V10.1)
Ubuntu 12.04 running on Intel Xeon E5-2430L (x86) without AES-NI (gcc Compiler Version 4.6.3)
Ubuntu 12.04 running on Intel Xeon E5-2430L (x86) with AES-NI (gcc Compiler Version 4.6.3)
Linux 3.10 32-bit running on Intel Atom E3845 (x86) without AES-NI (gcc Compiler Version 4.8.1)
Linux 3.10 32-bit running on Intel Atom E3845 (x86) with AES-NI (gcc Compiler Version 4.8.1)
AIX 7.1 32-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1)
AIX 7.1 32-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1)
AIX 7.1 64-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1)
AIX 7.1 64-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1)
AIX 7.2 32-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1)
AIX 7.2 32-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1)
AIX 7.2 64-bit running on IBM Power8 (PPC) without PAA (IBM XL Compiler V13.1)
AIX 7.2 64-bit running on IBM Power8 (PPC) with PAA (IBM XL Compiler V13.1)
AIX 7.2 32-bit running on IBM Power7 (PPC) without PAA (IBM XL Compiler V13.1)
AIX 7.2 64-bit running on IBM Power7 (PPC) without PAA (IBM XL Compiler V13.1) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #3090, #3264, #3451, #3751 and #3990); CVL (Certs. #372, #472, #534, #699 and #814); DRBG (Certs. #1027, #607, #723, #845 and #1182); DSA (Certs. #1040, #896, #933, #970 and #1085); ECDSA (Certs. #558, #620, #698, #801 and #886); HMAC (Certs. #1937, #2063, #2197, #2452 and #2605); RSA (Certs. #1581, #1664, #1766, #1928 and #2048); SHS (Certs. #2553, #2702, #2847, #3121 and #3294); Triple-DES (Certs. #1780, #1853, #1942, #2086 and #2190)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG

Multi-chip standalone

"The OpenSSL FIPS Object Module SE is a general purpose cryptographic module delivered as open source code. It is designed for ease of use with the popular OpenSSL cryptographic library and toolkit and is available for use without charge for a wide variety of platforms. The basic validation can also be extended quickly and affordably to accommodate new platforms and many types of modifications."
2397WatchData Technologies Pte Ltd
7F QiMing International Building
101 Lize Middle Park
Chaoyang District
Beijing, Beijing 100102
People's Republic of China

Fan Nannan
TEL: +86-180-01226917
FAX: +86-010-64365760

Wang Xuelin
TEL: +86-180-01226735
FAX: +86-010-64365760

CST Lab: NVLAP 200658-0
WatchKey ProX USB Token Cryptographic Module
(Hardware Versions: Smart Card Chip AS518 and K023314A; Firmware Version: 36410101)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/23/2015Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: SHS (Cert. #2647); Triple-DES (Cert. #1822); AES (Cert. #3196); RSA (Cert. #1630); DRBG (Cert. #673); ECDSA (Cert. #585)

-Other algorithms: HW RNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The WatchKey ProX USB Token is a USB-based PKI, two-factor authentication token device. It provides digital signature generation/verification for online authentications and data encryption/decryption for online transactions. The user’s private and public key pairs can be generated and stored on the embedded chip."
2396Apple Inc.
1 Infinite Loop
Cupertino, CA 95014
USA

Shawn Geddis
TEL: (669) 227-3579
FAX: (866) 315-1954

CST Lab: NVLAP 200658-0
Apple iOS CoreCrypto Module v5.0
(Software Version: 5.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/23/2015Overall Level: 1

-Physical Security: N/A


-Operational Environment: Tested as meeting Level 1 with iOS 8.0 running on iPhone4S with Apple A5 CPU with AES hardware accelaration
iOS 8.0 running on iPhone4S with Apple A5 CPU without AES hardware accelaration
iOS 8.0 running on iPhone5 with Apple A6 CPU with AES hardware accelaration
iOS 8.0 running on iPhone5 with Apple A6 CPU without AES hardware accelaration
iOS 8.0 running on iPad (3rd generation) with Apple A5X CPU with AES hardware accelaration
iOS 8.0 running on iPad (3rd generation) with Apple A5X CPU without AES hardware accelaration
iOS 8.0 running on iPad (4th generation) with Apple A6X CPU with AES hardware accelaration
iOS 8.0 running on iPad (4th generation) with Apple A6X CPU without AES hardware accelaration
iOS 8.0 running on iPhone5S with Apple A7 CPU
iOS 8.0 running on iPhone6 (iPhone6 and iPhone6 Plus) with Apple A8 CPU
iOS 8.0 running on iPad Air 2 with Apple A8X CPU (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1856, #1857, #1858, #1859, #1860, #1861, #1862, #1863, #1910 and #1920); AES (Certs. #3015, #3016, #3017, #3018, #3019, #3020, #3021, #3022, #3023, #3024, #3025, #3034, #3035, #3036, #3037, #3038, #3039, #3040, #3074, #3075, #3267, #3268, #3269, #3270, #3271, #3272, #3273, #3274, #3355, #3376, #3377, #3378, #3379 and #3381); RSA (Certs. #1667, #1668, #1669, #1670, #1671, #1672, #1673, #1674, #1734 and #1736); ECDSA (Certs. #623, #624, #625, #626, #627, #628, #629, #630, #670 and #672); SHS (Certs. #2523, #2524, #2525, #2526, #2527, #2532, #2533, #2534, #2705, #2706, #2707, #2708, #2709, #2710, #2711,#2712, #2781, #2796, #2797 and #2799); HMAC (Certs. #1907, #1908, #1909, #1910, #1911, #1916, #1917, #1918, #2066, #2067, #2068, #2069, #2070, #2071, #2072, #2073, #2137, #2151, #2152 and #2154); DRBG (Certs. #575, #576, #577, #581, #582, #583, #584, #585, #726, #727, #728, #729, #730, #731, #732, #733, #800, #801, #802 and #804); PBKDF (vendor affirmed)

-Other algorithms: AES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); Integrated Encryption Scheme on elliptic curves; Ed25519; AES (key wrapping; key establishment methodology provides between 128 and 160 bits of encryption strength); KBKDF (non-compliant); ANSI X9.63 KDF; RFC6637 KDF; DES; TDES (non-compliant); CAST5; RC2; RC4; MD2; MD4; MD5; RIPEMD; Blowfish; OMAC (One-Key CBC MAC); Hash-DRBG (non-compliant); HMAC-DRBG (non-compliant); RSA (non-compliant)

Multi-chip standalone

"The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2395Syn-Tech Systems, Inc.
100 Four Points Way
Tallahassee, FL 32305
USA

Brian Pietrodangelo
TEL: 850-878-2558
FAX: 850-877-9327

CST Lab: NVLAP 100432-0
ProFLEX01-R2
(Hardware Versions: 450-0139 and 450-0140; Firmware Version: 4.20)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/23/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #3126, #3127, #3128 and #3129); KTS (AES Certs. #3127 and #3129)

-Other algorithms: N/A

Multi-chip embedded

"Syntech's custom designed ProFLEX01-R2 encryption module is embedded into the foundation of the FuelMaster line of AIM Titanium products. This technology propels FuelMaster to the forefront in secure, automated fleet and fuel management systems. Trusting in NIST-Validated encryption for data-in-transit and data-at-rest, Information Assurance Managers can depend on knowing their data is protected to the highest standards of the US Government."
2394Hewlett-Packard TippingPoint
14231 Tandem Blvd.
Austin, TX 78728
USA

Freddy Mercado
TEL: 512-432-2947

Russ Meyers
TEL: 512-432-2948

CST Lab: NVLAP 200427-0
HP TippingPoint Crypto Core NSS
(Software Version: 3.12.9.1)
(When operated in FIPS mode and when obtained, installed, and initialized as specified in Section 5 of the provided Security Policy. For Red Hat Linux 6.2, Section 5 also specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. For CentOS 5.6 the module is compiled from source available from Mozilla. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/15/2015Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system
Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system without PAA
Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system with PAA
CentOS 5.6 64-bit running on an Intel Xeon E5-2620v3
CentOS 5.6 64-bit running on an Intel Xeon E5-2690v3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1908 and #3285); DRBG (Certs. #165 and #743); DSA (Certs. #602 and #942); HMAC (Certs. #1145 and #2082); RSA (Certs. #979 and #1682); SHS (Certs. #1675 and #2723); Triple-DES (Certs. #1240 and #1872)

-Other algorithms: AES (Certs. #1908 and #3285, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HKDF; J-PAKE; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Certs. #1240 and #1872, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The HP TippingPoint Crypto Core NSS is a software library which provides FIPS 140-2 approved cryptographic algorithms and services for HP TippingPoint security products."
2393Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Integrated Services Router (ISR) 4451-X (with SM-ES3X-16-P, SM-ES3X-24-P, SM-D-ES3X-48-P, PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256) and Integrated Services Router (ISR) 4431 (with PVDM4-32, PVDM4-64, PVDM4-128 and PVDM4-256)
(Hardware Versions: ISR 4451-X [1] and ISR 4431 [2] with SM-ES3X-16-P [1], SM-ES3X-24-P [1], SM-D-ES3X-48-P [1], PVDM4-32 [1,2], PVDM4-64 [1,2], PVDM4-128 [1,2] and PVDM4-256 [1,2]; Firmware Version: IOS-XE 3.13)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/15/2015Overall Level: 1

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1275, #2345 and #2817); CVL (Cert. #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Certs. #1454 and #1764); RSA (Cert. #1471); SHS (Certs. #2022 and #2361); Triple-DES (Certs. #1468, #1670 and #1688)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)

Multi-chip standalone

"The Cisco Integrated Services Router are a highly scalable WAN and Internet Edge router platform that delivers embedded hardware acceleration for multiple Cisco IOS XE Software services without the need for separate service blades. The Routers are designed for business-class resiliency, featuring redundant Route and Embedded Services Processors, as well as software-based redundancy."
2392Oberthur Technologies
4250 Pleasant Valley Rd
Chantilly, VA 20151
USA

Christophe Goyet
TEL: 703-322-8951
FAX: n/a

Said Boukyoud
TEL: +33-1-78-14-72-58
FAX: +33-1-78-14-70-20

CST Lab: NVLAP 100432-0
ID-One PIV on Cosmo V8
(Hardware Version: '0F'; Firmware Version: '5601'; Firmware Extension: '082371' with ID-One PIV Applet Suite 2.3.5)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware06/15/2015Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2910 and #2911); CVL (Cert. #336); DRBG (Cert. #537); ECDSA (Cert. #526); KAS (Cert. #48); KBKDF (Cert. #33); RSA (Certs. #1531 and #1532); SHS (Certs. #2449 and #2450); Triple-DES (Cert. #1727)

-Other algorithms: TRNG; AES (Cert. #2910, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"ID-One PIV on Cosmo V8 is the next generation of FIPS 201-2 compliant Smart card. Performances have been optimized to allow a FICAM authentication in less than a second."
2391Hewlett Packard®, Enterprise
153 Taylor Street
Littleton, MA 01460
USA

Paul Tucker
TEL: 512-432-2626

Freddy Mercado
TEL: 512-432-2947

CST Lab: NVLAP 200427-0
TippingPoint Crypto Core OpenSSL
(Software Version: 2.0.8)
(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/11/2015
12/24/2015
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Android 2.2 (gcc Compiler Version 4.4.0)
Android 2.2 running on Qualcomm QSD8250 (ARMv7) with NEON (gcc Compiler Version 4.4.0)
Microsoft Windows 7 (32 bit) (Microsoft 32 bit C/C++ Optimizing Compiler Version 16.00)
uCLinux 0.9.29 (gcc Compiler Version 4.2.1)
Fedora 14 running on Intel Core i5 with PAA (gcc Compiler Version 4.5.1)
HP-UX 11i (32 bit) (HP C/aC++ B3910B)
HP-UX 11i (64 bit) (HP C/aC++ B3910B)
Ubuntu 10.04 (32 bit) (gcc Compiler Version 4.1.3)
Ubuntu 10.04 (64 bit) (gcc Compiler Version 4.1.3)
Android 3.0 (gcc Compiler Version 4.4.0)
Linux 2.6.27 (gcc Compiler Version 4.2.4)
Microsoft Windows 7 (64 bit) (Microsoft C/C++ Optimizing Compiler Version 16.00)
Ubuntu 10.04 running on Intel Core i5 with PAA (32 bit) (gcc Compiler Version 4.1.3)
Linux 2.6.33 (gcc Compiler Version 4.1.0)
Android 2.2 running on OMAP 3530 (ARMv7) with NEON (gcc Compiler Version 4.1.0)
VxWorks 6.8 (gcc Compiler Version 4.1.2)
Linux 2.6 (gcc Compiler Version 4.3.2)
Linux 2.6.32 (gcc Compiler Version 4.3.2)
Oracle Solaris 10 (32 bit) (gcc Compiler Version 3.4.3)
Oracle Solaris 10 (64 bit) (gcc Compiler Version 3.4.3)
Oracle Solaris 11(32 bit) (gcc Compiler Version 4.5.2)
Oracle Solaris 11 (64 bit) (gcc Compiler Version 4.5.2)
Oracle Solaris 11 running on Intel Xeon 5675 with PAA (32 bit) (gcc Compiler Version 4.5.2)
Oracle Solaris 11 running on Intel Xeon 5675 with PAA (64 bit) (gcc Compiler Version 4.5.2)
Oracle Linux 5 (64 bit) (gcc Compiler Version 4.1.2)
CascadeOS 6.1 (32 bit) (gcc Compiler Version 4.4.5)
CascadeOS 6.1 (64 bit) (gcc Compiler Version 4.4.5)
Oracle Linux 5 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.1.2)
Oracle Linux 6 (gcc Compiler Version 4.4.6)
Oracle Linux 6 running on Intel Xeon 5675 with PAA (gcc Compiler Version 4.4.6)
Oracle Solaris 11 (32 bit) (Sun C Version 5.12)
Oracle Solaris 11 (64 bit) (Sun C Version 5.12)
Android 4.0 (gcc Compiler Version 4.4.3)
Apple iOS 5.1 (gcc Compiler Version 4.2.1)
Microsoft Windows CE 6.0 (Microsoft C/C++ Optimizing Compiler Version 15.00 for ARM)
Microsoft Windows CE 5.0 (Microsoft C/C++ Optimizing Compiler Version 13.10 for ARM)
Linux 2.6 (gcc Compiler Version 4.1.0)
DSP Media Framework 1.4 (TMS320C6x C/C++ Compiler v6.0.13)
Android 4.0 running on TI OMAP 3 (ARMv7) with NEON (gcc Compiler Version 4.4.3)
NetBSD 5.1 (gcc Compiler Version 4.1.3)
Microsoft Windows 7 running on Intel Core i5-2430M (64-bit) with PAA (Microsoft « C/C++ Optimizing Compiler Version 16.00 for x64)
Android 4.1 running on TI DM3730 (ARMv7) (gcc Compiler Version 4.6)
Android 4.1 running on TI DM3730 (ARMv7) with NEON (gcc Complier Version 4.6)
Android 4.2 running on Nvidia Tegra 3 (ARMv7) (gcc Compiler Version 4.6)
Android 4.2 running on Nvidia Tegra 3 (ARMv7) with Neon (gcc Compiler Version 4.6)
Windows Embedded Compact 7 running on Freescale i.MX53xA (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)
Windows Embedded Compact 7 running on Freescale i.MX53xD (ARMv7) with NEON (Microsoft C/C++ Optimizing Compiler Version 15.00.20720)
Android 4.0 running on Qualcomm Snapdragon APQ8060 (ARMv7) with NEON (gcc compiler Version 4.4.3)
Apple OS X 10.7 running on Intel Core i7-3615QM (Apple LLVM version 4.2)
Apple iOS 5.0 running on ARM Cortex A8 (ARMv7) with NEON (gcc Compiler Version 4.2.1)
OpenWRT 2.6 running on MIPS 24Kc (gcc Compiler Version 4.6.3)
QNX 6.4 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)
Apple iOS 6.1 running on Apple A6X SoC (ARMv7s) (gcc Compiler Version 4.2.1)
eCos 3 running on Freescale i.MX27 926ejs (ARMv5TEJ) (gcc Compiler Version 4.3.2)
Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) (gcc Compiler Version 4.7.3)
Ubuntu 13.04 running on AM335x Cortex-A8 (ARMv7) with NEON (gcc Compiler Version 4.7.3)
Linux 3.8 running on ARM926 (ARMv5TEJ) (gcc Compiler Version 4.7.3)
iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) without NEON (gcc Compiler Version 4.2.1)
iOS 6.0 running on Apple A5 / ARM Cortex-A9 (ARMv7) with NEON (gcc Compiler Version 4.2.1)
Linux 2.6 running on Freescale e500v2 (PPC) (gcc Compiler Version 4.4.1)
AcanOS 1.0 running on Intel Core i7-3612QE (x86) without PAA (gcc Compiler Version 4.6.2)
AcanOS 1.0 running on Intel Core i7-3612QE (x86) with PAA (gcc Compiler Version 4.6.2)
AcanOS 1.0 running on Feroceon 88FR131 (ARMv5) (gcc Compiler Version 4.5.3)
FreeBSD 8.4 running on Intel Xeon E5440 (x86) without PAA (gcc Compiler Version 4.2.1)
FreeBSD 9.1 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1)
FreeBSD 9.1 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1)
ArbOS 5.3 running on Xeon E5645 (x86) without PAA (gcc Compiler Version 4.1.2)
Linux ORACLESP 2.6 running on ASPEED AST-Series (ARMv5) (gcc Compiler Version 4.4.5)
Linux ORACLESP 2.6 running on Emulex PILOT3 (ARMv5) (gcc Compiler Version 4.4.5)
ArbOS 5.3 running on Xeon E5645 (x86) with PAA (gcc Compiler Version 4.1.2)
FreeBSD 9.2 running on Xeon E5-2430L (x86) without PAA (gcc Compiler Version 4.2.1)
FreeBSD 9.2 running on Xeon E5-2430L (x86) with PAA (gcc Compiler Version 4.2.1)
FreeBSD 10.0 running on Xeon E5-2430L (x86) without PAA (clang Compiler Version 3.3)
FreeBSD 10.0 running on Xeon E5-2430L (x86) with PAA (clang Compiler Version 3.3)
FreeBSD 8.4 running on Intel Xeon E5440 (x86) 32-bit (gcc Compiler Version 4.2.1)
Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) without PAA (gcc Compiler Version 4.5.1)
Vmware Horizon Workspace 2.1 under vSphere ESXi 5.5 running on Intel Xeon E3-1220 (x86) with AESNI (gcc Compiler Version 4.5.1)
QNX 6.5 running on Freescale i.MX25 (ARMv4) (gcc Compiler Version 4.3.3)
CentOS 5.6 64-bit running on Intel Xeon E5-2620v3 (gcc Compiler Version 4.1.2)
CentOS 5.6 64-bit running on Intel Xeon E5-2690v3 (gcc Compiler Version 4.1.2) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1884, #2116, #2234, #2342, #2394, #2484, #2824, #2929 and #3281); CVL (Certs. #10, #12, #24, #260, #331, #36, #464, #49, #53, #71 and #85); DRBG (Certs. #157, #229, #264, #292, #316, #342, #485, #540 and #739); DSA (Certs. #589, #661, #693, #734, #748, #764, #853, #870 and #938); ECDSA (Certs. #264, #270, #315, #347, #378, #383, #394, #413, #496, #528 and #634); HMAC (Certs. #1126, #1288, #1363, #1451, #1485, #1526, #1768, #1856 and #2078); RSA (Certs. #1086, #1145, #1205, #1237, #1273, #1477, #1535, #1678 and #960); SHS (Certs. #1655, #1840, #1923, #2019, #2056, #2102, #2368, #2465 and #2719); Triple-DES (Certs. #1223, #1346, #1398, #1465, #1492, #1522, #1695, #1742 and #1868)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt); RNG

Multi-chip standalone

"The TippingPoint Crypto Core OpenSSL is a software library which provides FIPS 140-2 approved cryptographic algorithms and services for TippingPoint security products."
2390SPYRUS, Inc.
1860 Hartog Drive
San Jose, CA 95131
USA

William Sandberg-Maitland
TEL: 613-298-3416
FAX: 408-392-0319

CST Lab: NVLAP 200802-0
SPYCOS® 3.0 QFN
(Hardware Version: 742100004F; Firmware Version: 3.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware06/19/2015
12/09/2015
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1772); AES (Cert. #3028); KTS (Cert. #3115; key establishment methodology provides between 128 and 256 bits of encryption strength); ECDSA (Cert. #578); RSA (Cert. #1611); HMAC (Cert. #1913); SHS (Cert. #2529); CVL (Cert. #419); KAS (Cert. #52); DRBG (Cert. #658)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Single-chip

"SPYCOS® 3.0 is a hardware encryption engine in QFN form factor supporting Suite B functionality that is ideal for embedded and secure flash storage applications."
2389INSIDE Secure
Eerikinkatu 28
Helsinki 00180
Finland

Serge Haumont
TEL: +358 40 5808548

Marko Nippula
TEL: +358 40 762 9394

CST Lab: NVLAP 200427-0
SafeZone FIPS Cryptographic Module
(Software Version: 1.1.0)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software06/02/2015Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Linux kernel 3.10 running on a Raspberry Pi
<
t-base 300 running on an Arndale
Android 4.4 running on a Samsung Galaxy Note 3
Android 4.2 running on a Samsung Galaxy Tab 3 10.1
iOS 7.1 running on a iPad Mini with Retina Display (32-bit)
iOS 7.1 running on a iPad Mini with Retina Display (64-bit)
Linux kernel 3.13 running on an ASUS Transformer (x86) with PAA
Linux kernel 3.13 running on an ASUS Transformer (x64) without PAA
Linux kernel 3.13 running on an ASUS Transformer (x64) with PAA (single-user mode)

-FIPS Approved algorithms: AES (Cert. #3123); CVL (Certs. #384 and #385); DRBG (Certs. #634 and #637); DSA (Cert. #905); ECDSA (Cert. #567); HMAC (Cert. #1980); KBKDF (Certs. #37, #38, #39 and #40); KTS (AES Cert. #3123, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Cert. #1593); SHS (Cert. #2599); Triple-DES (Cert. #1793)

-Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength)

Multi-chip standalone

"SafeZone FIPS Cryptographic Module is a FIPS 140-2 Security Level 1 validated software cryptographic module from INSIDE Secure. The module is a toolkit which provides the most commonly needed cryptographic primitives for a large variety of applications, including but not limited to, primitives needed for DAR, DRM, TLS, and VPN on mobile devices."
2388Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 201029-0
IOS Common Cryptographic Module (IC2M) Rel5
(Firmware Version: Rel 5)
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware05/28/2015Overall Level: 1

-Mitigation of Other Attacks: N/A

-Tested: Cisco ASR1K RP2 with processor Intel Xeon on IOS XE3.13
Cisco ASR1K RP1 with processor Freescale SC8548H on IOS XE3.13
Cisco ISR 2951 with processor Freescale 8752E on IOS 15.4
Cisco ISR 1921 with processor Cavium CN5020 on IOS 15.4
Cisco ISR 2921 with processor Cavium CN5220 on IOS 15.4
Cisco ISR 891 with processor MPC8358E on IOS 15.4
ESR 5940 with processor MPC8572C on IOS 15.4

-FIPS Approved algorithms: AES (Certs. #2783, #2817 and #3278); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Cert. #1764); KBKDF (cert. #49); RSA (Cert. #1471); SHS (Certs. #2338 and #2361); Triple-DES (Certs. #1670, #1671 and #1688)

-Other algorithms: DES; Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength; non-compliant less than 128 bits of encryption strength); KTS (AES cert. #3278; key establishment methodology provides 128 and 256 bits of strength); HMAC-MD5; MD2; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEAL

Multi-chip standalone

"The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols."
2387Hewlett Packard Enterprise Company
3000 Hanover St
Palo Alto, CA 94304-1185
USA

Mondher Razouane
TEL: +1(916)785-1894
FAX: +1(916)209-9495

Kris Meert
TEL: +34-960-022029
FAX: +1(916)209-9495

CST Lab: NVLAP 200835-0
HP XP7 Encryption Ready Disk Adapter (eDKA) Level1
(Hardware Version: R800L1; Firmware Versions: 02.09.28.00, 02.09.32.00 and 02.09.37.00)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/22/2015
01/28/2016
02/18/2016
02/23/2016
03/07/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #3341); HMAC (Cert. #2131); SHS (Cert. #2775)

-Other algorithms: AES (Cert. #3341, key wrapping)

Multi-chip embedded

"The HP XP7 Encryption Ready Disk Adapter (eDKA) Level1 provides high speed data at rest encryption for HP storage."
2386Hitachi, Ltd.
322-2 Nakazato, Odawara-shi
Kanagawa-ken 250-0872
Japan

Hajime Sato
TEL: +81-465-59-5954
FAX: +81-465-49-4822

CST Lab: NVLAP 200835-0
Hitachi Virtual Storage Platform (VSP) Encryption Engine
(Hardware Version: R800L1; Firmware Versions: 02.09.28.00, 02.09.32.00 and 02.09.37.00)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/22/2015
01/28/2016
02/18/2016
Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2787); HMAC (Certs. #1748 and #1889); SHS (Certs. #2344 and #2504)

-Other algorithms: AES (Cert. #2787, key wrapping)

Multi-chip embedded

"The Hitachi Virtual Storage Platform (VSP) Encryption Engine provides high speed data at rest encryption for Hitachi storage."
2385Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0
µMACE
(Hardware Version: P/N AT58Z04; Firmware Version: R01.07.01)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/22/2015Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1876, #2146 and #3089); SHS (Cert. #1619); HMAC (Cert. #1313); KAS (Cert. #28); ECDSA (Cert. #263)

-Other algorithms: AES MAC (AES Cert. #1876, vendor affirmed; P25 AES OTAR); AES (Cert. #1876, key wrapping); NDRNG

Single-chip

"The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products."
2382HGST, a Western Digital company
3403 Yerba Buena Road
San Jose, CA 95135
USA

Chung-chih Lin
TEL: 408-717-7689
FAX: 408-717-9494

Michael Williamson
TEL: 408-717-8458
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar 7K6000 TCG Enterprise HDDs
(Hardware Versions: P/Ns HUS726020AL4215 (0001) [1, 2, 4]; HUS726020AL5215 (0001) [1, 2, 4]; HUS726020ALS215 (0001) [3, 4]; HUS726030AL4215 (0001) [1, 2, 4]; HUS726030AL5215 (0001) [1, 2, 4]; HUS726030ALS215 (0001) [3, 4]; HUS726040AL4215 (0001) [1, 2, 4]; HUS726040AL5215 (0001) [1, 2, 4]; HUS726040ALS215 (0001) [3, 4 ,5]; HUS726050AL4215 (0001) [1, 2, 4]; HUS726050AL5215 (0001) [1, 2, 4]; HUS726060AL4215 (0001) [1, 2, 4, 5] HUS726060AL5215 (0001) [1, 2, 4, 5]; Firmware Versions: R519 [1], R7J0 [2], R7J7 [3], R907 [4] and R9E0 [5])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/21/2015
07/23/2015
10/14/2015
05/11/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); DRBG (Cert. #302); HMAC (Cert. #1468); PBKDF (vendor affirmed); RSA (Cert. #1220); SHS (Cert. #2037)

-Other algorithms: NDRNG

Multi-Chip Embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications and meet or exceed the most demanding performance and security requirements. HGST Ultrastar 7K6000 drives are 12 Gbs SAS, 7,200 RPM, 3.5 inch form factor, TCG Enterprise HDDs."
2381Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0840
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® MLXe®, Brocade® NetIron® CER 2000 Ethernet Routers and Brocade CES 2000 Routers and Switches
(Hardware Versions: {[BR-MLXE-4-MR-M-AC (P/N: 80-1006853-01), BR-MLXE-4-MR-M-DC (P/N: 80-1006854-01), BR-MLXE-8-MR-M-AC (P/N: 80-1004809-04), BR-MLXE-8-MR-M-DC (P/N: 80-1004811-04), BR-MLXE-16-MR-M-AC (P/N: 80-1006820-02), BR-MLXE-16-MR-M-DC (P/N: 80-1006822-02), BR-MLXE-4-MR2-M-AC (P/N: 80-1006870-01), BR-MLXE-4-MR2-M-DC (P/N: 80-1006872-01), BR-MLXE-8-MR2-M-AC (P/N: 80-1007225-01), BR-MLXE-8-MR2-M-DC (P/N: 80-1007226-01), BR-MLXE-16-MR2-M-AC (P/N: 80-1006827-02), BR-MLXE-16-MR2-M-DC (P/N: 80-1006828-02)] with Component P/Ns 80-1006778-01, 80-1005643-01, 80-1003891-02, 80-1002983-01,80-1003971-01,80-1003972-01, 80-1003811-02, 80-1002756-03, 80-1004114-01,80-1004113-01,80-1004112-01, 80-1004760-02, 80-1006511-02, 80-1004757-02, 80-1003009-01, 80-1003052-01, 80-1003053-01, NI-CER-2048F-ADVPREM-AC (P/N: 80-1003769-07), NI-CER-2048F-ADVPREM-DC (P/N: 80-1003770-08), NI-CER-2048FX-ADVPREM-AC (P/N: 80-1003771-07), NI-CER-2048FX-ADVPREM-DC (P/N: 80-1003772-08), NI-CER-2024F-ADVPREM-AC (P/N: 80-1006902-02), NI-CER-2024F-ADVPREM-DC (P/N: 80-1006904-02), NI-CER-2024C-ADVPREM-AC (P/N: 80-1007032-02), NI-CER-2024C-ADVPREM-DC (P/N: 80-1007034-02), NI-CER-2048C-ADVPREM-AC (P/N: 80-1007039-02), NI-CER-2048C-ADVPREM-DC (P/N: 80-1007040-02), NI-CER-2048CX-ADVPREM-AC (P/N: 80-1007041-02), NI-CER-2048CX-ADVPREM-DC (P/N: 80-1007042-02), BR-CER-2024F-4X-RT-DC (P/N: 80-1007212-01), BR-CER-2024C-4X-RT-DC (P/N: 80-1007213-01), BR-CER-2024F-4X-RT-AC (P/N: 80-1006529-01), BR-CER-2024C-4X-RT-AC (P/N: 80-1006530-01), NI-CER-2024C-2X10G (P/N: 80-1003719-03), BR-CES-2024C-4X-AC (P/N: 80-1000077-01), BR-CES-2024C-4X-DC (P/N: 80-1007215-01), BR-CES-2024F-4X-AC (P/N: 80-1000037-01), BR-CES-2024F-4X-DC (P/N: 80-1007214-01), RPS9 (P/N: 80-1003868-01) and RPS9DC (P/N: 80-1003869-02)} with FIPS Kit XBR-000195; Firmware Version: Multi-Service IronWare R05.7.00)
(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8, 13 and 17 in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/21/2015Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1632, #1633 and #1634); AES (Certs. #2715, #2716 and #2717); DSA (Certs. #832, #833 and #834); SHS (Certs. #2280, #2281 and #2282); RSA (Certs. #1411, #1412 and #1413); HMAC (Certs. #1694, #1695 and #1696); DRBG (Certs. #452, #453 and #454); CVL (Certs. #173, #174 and #175)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SNMPv3 KDF (non-compliant); NDRNG; HMAC-MD5; MD5; RC2; RC4; DES; MD2

Multi-chip standalone

"The Brocade NetIron CER 2000 Series is a family of compact routers that are purpose-built for high-performance Ethernet edge routing and MPLS applications. The Brocade NetIron CES 2000 Series of switches provides IP routing and advanced Carrier Ethernet capabilities in a compact form factor. The Brocade MLXe Series routers feature industry-leading 100 Gigabit Ethernet (GbE), 10 GbE, and 1 GbE wire-speed density."
2380Samsung Electronics Co., Ltd.
275-18, Samsung 1-ro
Hwaseong-si, Gyeonggi-do 445-701
Korea

Jisoo Kim
TEL: 82-31-3096-2832
FAX: 82-31-8000-8000(+62832)

CST Lab: NVLAP 200802-0
Samsung UFS (Universal Flash Storage) Shark SED
(Hardware Versions: KLUAG2G1BD-B0B2, KLUBG4G1BD-B0B1, KLUCG8G1BD-B0B1; Firmware Version: 0102)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/21/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2966); ECDSA (Cert. #544); SHS (Cert. #2494); DRBG (Cert. #563)

-Other algorithms: NDRNG

Single-chip

"Samsung UFS Shark SED is a high-performance embedded storage that provides on-the-fly encryption/decryption of user data without performance loss and supports SSP (Secure Storage Protocol) v1.0. It implements AES256-XTS for user data encryption, ECDSA P-224 for FW authentication, and Hash_DRBG for key generation."
2379Ciena® Corporation
1201 Winterson Road
Linthicum, MD 21090
USA

Patrick Scully
TEL: 613-670-3207

CST Lab: NVLAP 200928-0
Ciena 6500 Packet-Optical Platform 4x10G
(Hardware Version: 1.0; Firmware Version: 1.10)
(When installed, initialized and configured as specified in Section 3.1 of the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/21/2015Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2963 and #2964); Triple-DES (Cert. #1759); SHS (Cert. #2493); HMAC (Cert. #1880); DRBG (Cert. #562); RSA (Cert. #1559); ECDSA (Cert. #543); CVL (Cert. #357)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); TRNG

Multi-chip embedded

"The 6500 Packet Optical Platform 4x10G OTR with encryption card offers an integrated and protocol agnostic transport encryption solution in a high density form factor. With 4 independent AES-256 10G encryption engines, this ultra-low latency wirespeed encryption solution is designed for deployments within enterprises of all sizes, government agencies and datacenters, whether as standalone encryption solution or as part of a service provider managed service offering."
2377Symantec Corporation
350 Ellis St.
Mountain View, CA 94043
USA

Kathryn Kriese
TEL: 650-527-8000

CST Lab: NVLAP 200802-0
Symantec PGP Cryptographic Engine
(Software Version: 4.3)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/21/2015
07/06/2015
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Apple Mac OS X 10.7 with PAA running on Apple MacBook Pro
Apple Mac OS X 10.7 without PAA running on Apple MacBook Pro
Microsoft Windows 7 32-bit with PAA running on Dell M6600
Microsoft Windows 7 32-bit without PAA running on Dell M6400
Microsoft Windows 7 64-bit with PAA running on Dell M6600
Microsoft Windows 7 64-bit without PAA running on Dell M6400
Red Hat Enterprise Linux (RHEL) 6.2 32-bit with PAA running on Dell M6600
Red Hat Enterprise Linux (RHEL) 6.2 32-bit without PAA running on Dell M6400
Red Hat Enterprise Linux (RHEL) 6.2 64-bit with PAA running on Dell M6600
Red Hat Enterprise Linux (RHEL) 6.2 64-bit without PAA running on Dell M6400 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1675, #1676, #1683, #1684, #1711, #1712, #1713, #1714, #1715 and #1716); AES (Certs. #2766, #2786, #2799, #2805, #2866, #2867, #2868, #2869, #2870 and #2871); SHS (Certs. #2342, #2343, #2351, #2353, #2408, #2409, #2410, #2411, #2412 and #2413); HMAC (Certs. #1746, #1747, #1755, #1756, #1805, #1806, #1807, #1808, #1809 and #1810); RSA (Certs. #1459, #1465, #1466, #1468, #1503, #1504, #1505, #1508, #1509 and #1510); DSA (Certs. #846, #847, #848, #849, #859, #860, #861, #862, #863 and #864); ECDSA (Certs. #487, #488, #489, #490, #509, #510, #511, #512, #513 and #514); CVL (Certs. #240, #241, #248, #249, #302, #303, #304, #305, #306 and #307); DRBG (Certs. #473, #474, #478, #479, #510, #511, #512, #513, #514 and #515)

-Other algorithms: AES EME2 (non-compliant); AES PlumbCFB (non-compliant); AESMixCBC (non-compliant); MD5; RIPEMD160; MD2; KECCEK; RC2; ARC4; IDEA; CAST5; TwoFish; BlowFish; El Gamal; PBKDF2 (non-compliant); KBKDF (non-compliant); OpenPGP S2K Iterated salted; NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Symantec PGP Cryptographic Engine is a FIPS 140-2 validated software only cryptographic module. The module implements the cryptographic functions for Symantec Encryption products. It includes a wide range of field-tested and standards-based encryption, digital signature, and encoding algorithms as well as a variety of secure network protocol implementations."
2376Apricorn Inc.
12191 Kirkham Road
Poway, CA 92064
USA

Robert Davidson
TEL: 858-513-4430
FAX: 858-513-4404

CST Lab: NVLAP 200802-0
Aegis Secure Key 3.0 Cryptographic Module
(Hardware Version: RevD; Firmware Versions: 6.5 and 6.5.1)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/21/2015
02/02/2016
06/01/2016
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911)

-Other algorithms: NDRNG

Multi-chip standalone

"The Aegis Secure Key 3.0 is a USB 3.0 portable encrypted memory key. Completely contained within a small footprint/boundary, the module is designed to allow simple, software free integration into various secure storage systems requiring a FIPS 140-2 validated encryption boundary."
2375Hewlett-Packard Development Company, L.P.
11445 Compaq Center Drive West
Houston, TX 77070
USA

Catherine Schwartz

CST Lab: NVLAP 200556-0
HP P-Class Smart Array RAID Controllers
(Hardware Versions: P230i, P430, P431, P731m, P830, and P830i; Firmware Version: 1.66)
(When installed, initialized and configured as specified in the Security Policy Section Secure Operation)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/20/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2902, #2903 and #2904); DRBG (Certs. #529, #530 and #531); HMAC (Certs. #1837, #1838 and #1839); SHS (Certs. #2442, #2443 and #2444); PBKDF (vendor affirmed)

-Other algorithms: AES (Cert. #2902, key wrapping); NDRNG

Multi-chip embedded

"The HP P-Class Smart Array RAID Controllers are a family of serial-attached SCSI host bus adapters that provide intelligent storage array control. The controllers can be card-based or embedded within an HP server, and provide a high speed data path, on-board storage cache, remote management, and encryption of data at rest."
2374Avaya, Inc.
211 Mt. Airy Road
Basking Ridge, NJ 07920
USA

Edwin Wong
TEL: 408-496-3517
FAX: 408-496-3481

CST Lab: NVLAP 100432-0
Avaya WLAN 9100 Access Points
(Hardware Versions: P/Ns WAO912200-E6GS [1], WAP913200-E6GS [2], WAP913300-E6GS [2], WAP917300-E6GS [2]; Enclosure (Form Factor): WAO912200-E6GS [1], WAB910003-E6 [2]; SKU WLB910001-E6; Firmware Version: AOS-7.1 or AOS-7.2.6)
(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/08/2015
08/07/2015
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450 and #2833); CVL (Certs. #257 and #258); DRBG (Cert. #490); HMAC (Cert. #1774); KBKDF (Cert. #24); RSA (Cert. #1475); SHS (Cert. #2374); Triple-DES (Cert. #1693)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; Blowfish; Camellia; CAST; IDEA; RC4; SEED; MD5

Multi-chip standalone

"Wireless LAN 9100 Access Points"
2373Neopost Technologies, S.A.
113 Rue Jean Marin Naudin
Bagneux 92220
France

Nathalie TORTELLIER
TEL: +33 1 45 36 30 72
FAX: +33 1 45 36 30 10

CST Lab: NVLAP 200983-0
Neopost Postal Security Device (PSD)
(Hardware Versions: A0014227-B, A0014227-C; Firmware Version: a30.00; P/N: A0038091-A)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/05/2015
06/21/2016
Overall Level: 3

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: ECDSA (Cert. #517); AES (Certs. #2874 and #2875); SHS (Cert. #2416); CVL (Cert. #310); RSA (Cert. #1513); DRBG (Cert. #518); HMAC (Cert. #1813)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength, non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); Hardware RNG

Multi-chip embedded

"The Neopost Postal Security Device (PSD) is a cryptographic module embedded within postal franking machines. The PSD performs all franking machine’s cryptographic and postal security functions and protects the Critical Security Parameters (CSPs) and Postal Relevant Data from unauthorized access."
2372Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-5140B Chassis with FortiGate/FortiSwitch 5000 Series Blades
(Hardware Versions: Chassis: P09297-01; Blades: P4CJ36-04, P4EV74, C4LG17 and P4EX84; AMC Component: P4FC12; Air Filter: PN P10938-01; Front Filler Panel: PN P10945-01: ten; Rear Filler Panel: PN P10946-01: fourteen; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Versions: FortiOS 5.0, build0305, 141216)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/05/2015Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #3166, #3167, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1994, #1995, #1996, #1997 and #1999); SHS (Certs. #2619, #2620, #2621, #2622 and #2624); Triple-DES (Certs. #1804, #1805, #1806, #1807 and #1808); RSA (Certs. #1604, #1605, #1606, and #1607); CVL (Certs. #415 and #416)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2371Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-3600C and FortiGate-3950B
(Hardware Versions: C4MH12, [C4DE23 with P06698-02] with Tamper Evident Seal Kits: FIPS-SEAL-RED; Firmware Versions: FortiOS 5.0, build0305,141216)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/04/2015Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #3167, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1995, #1996, #1997 and #1999); SHS (Certs. #2620, #2621, #2622 and #2624); Triple-DES (Certs. #1805, #1806, #1807 and #1808); RSA (Certs. #1605, #1606, and #1607); CVL (Certs. #415 and #416)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2370Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiOS™ 5.0
(Firmware Versions: 5.0, build0305, 141216)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Firmware05/04/2015Overall Level: 1

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: FortiGate-300C with the Fortinet entropy token (part number FTR-ENT-1)

-FIPS Approved algorithms: AES (Certs. #3169 and #3171); DRBG (Cert.#652); HMAC (Certs. #1997 and #1999); SHS (Certs. #2622 and #2624); Triple-DES (Certs. #1807 and #1808); RSA (Cert. #1607); CVL (Certs. #415 and #416)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
2369Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-1500D and 3700D
(Hardware Versions: C1AA64 [1] and C1AA92 [2] with Tamper Evident Seal Kits: FIPS-SEAL-RED [1,2]; Firmware Versions: FortiOS 5.0, build0305,141216)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/04/2015Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #3167, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1995, #1996, #1997 and #1999); SHS (Certs. #2620, #2621, #2622 and #2624); Triple-DES (Certs. #1805, #1806, #1807 and #1808); RSA (Certs. #1605, #1606, and #1607); CVL (Certs. #415 and #416)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2368Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-1000C, FortiGate-1240B, FortiGate-3140B and FortiGate-3240C
(Hardware Versions: C4HR40 [1], C4CN43 [2], C4XC55 [3] and C4KC75 [4] with Tamper Evident Seal Kits: FIPS-SEAL-RED [1,3,4] or FIPS-SEAL-BLUE [2]; Firmware Versions: FortiOS 5.0, build0305,141216)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/04/2015Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #3167, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1995, #1996, #1997 and #1999); SHS (Certs. #2620, #2621, #2622 and #2624); Triple-DES (Certs. #1805, #1806, #1807 and #1808); RSA (Certs. #1605, #1606, and #1607); CVL (Certs. #415 and #416)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2367Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-100D, FortiGate-200B, FortiGate-200D, FortiGate-300C, FortiGate-600C and FortiGate-800C
(Hardware Versions: C4LL40 [1], C4CD24 [2], C4KV72 [3], C4HY50 [4], C4HZ51 [5] and C4LH81 [6] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [2] or FIPS-SEAL-RED [1,3,4,5,6]; Firmware Versions: 5.0, build0305,141216)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/04/2015Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #3166, #3168, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1994, #1996, #1997 and #1999); SHS (Certs. #2619, #2621, #2622 and #2624); Triple-DES (Certs. #1804, #1806, #1807 and #1808); RSA (Certs. #1604, #1606, and #1607); CVL (Certs. #415 and #416)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2366Fortinet, Inc.
326 Moodie Drive
Ottawa, ON K2H 8G3
Canada

Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0
FortiGate-60C/60D/80C and FortiWiFi-60C/60D
(Hardware Versions: C4DM93 [1], C1AB28 [2], C4BC61[3], C4DM95 [4], and C1AB32 [5] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [3] or FIPS-SEAL-RED [1,2,4,5]; Firmware Versions: 5.0, build0305, 141216)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy and configured according to the Entropy Token Section of the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy. There is no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware05/04/2015Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #3166, #3167, #3169 and #3171); DRBG (Cert. #652); HMAC (Certs. #1994, #1995, #1997 and #1999); SHS (Certs. #2619, #2620, #2622 and #2624); Triple-DES (Certs. #1804, #1805, #1807 and #1808); RSA (Certs. #1604, #1605, and #1607); CVL (Certs. #415 and #416)

-Other algorithms: AES-CCM (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 132 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2365Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Systems 5508 Wireless LAN Controller
(Hardware Versions: 5508 with 5508 FIPS kit (AIR-CT5508FIPSKIT=) and CN56XX; Firmware Versions: 8.0 with SNMP Stack v15.3, OPENSSL-0.9.8g-8.0.0, QUICKSEC-2.0-8.0 and FP-CRYPTO-7.0.0)
(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/04/2015
09/04/2015
Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1348, #2894, #2895 and #2906 ); CVL (Cert. #322); DRBG (Cert. #526); HMAC (Certs. #787, #1830, #1831 and #1840); KBKDF (Cert. #31); RSA (Cert. #1524); SHS (Certs. #1230, #2437 and #2438)

-Other algorithms: AES (Cert. #2894, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; Triple-DES (non-compliant)

Multi-chip standalone

"The Cisco 5500 Series Wireless Controller, is a highly scalable and flexible platform that enables system-wide services for mission-critical wireless networking in medium-sized to large enterprises and campus environments."
2364Dell, Inc.
5450 Great America Parkway
Santa Clara, CA 95054
USA

Srihari Mandava
TEL: 408-571-3522

Jeff Yin
TEL: 408-571-3689

CST Lab: NVLAP 200002-0
Dell OpenSSL Cryptographic Library
(Software Version: 2.1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software04/28/2015Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Dell Networking OS 9.6(0.0) running on a Dell Networking S4810, Dell Networking S4820T, Dell Networking S5000, Dell Networking S6000, Dell Networking Z9500, Dell Networking Z9000 , Dell Networking MXL, Dell PowerEdge M I/O Aggregator, and Dell PowerEdge FN I/O Aggregator (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2971); DRBG (Cert. #565); DSA (Cert. #884); HMAC (Cert. #1883); RSA (Cert. #1560); SHS (Cert. #2497); Triple-DES (Cert. #1760)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); ECDSA (non-compliant); Hash_DRBG (non-compliant); HMAC_DRBG (non-compliant); ANSI X9.31 RNG (non-compliant); Triple-DES CMAC (non-compliant); AES CMAC (non-compliant); AES GCM (non-compliant); AES XTS (non-compliant)

Multi-chip standalone

"Dell OpenSSL Cryptographic Library v2.1 is used within various Dell Networking products, including the S and Z-Series. Dell Networking S and Z-Series are high performance 10/40GbE ToR and Core Fabric switching products designed for highly virtualized Data Centers. These switches are built on top of Dell’s Data Center hardened OS, Dell Networking OS."
2363Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Systems 5760 Wireless LAN Controller
(Hardware Version: Cisco Systems 5760 Wireless LAN Controller; Firmware Version: IOS XE 03.06.00aE)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/27/2015Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2685, #2817 and #2879); CVL (Cert. #253); DRBG (Certs. #435 and #481); HMAC (Certs. #1672, #1764 and #1815); KBKDF (Cert. #28); RSA (Cert. #1471); SHS (Certs. #2256, #2361 and #2420); Triple-DES (Cert. #1688)

-Other algorithms: AES (Cert. #2817, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 5760 Wireless Controller is an industry-leading platform designed for 802.11ac networks with maximum performance and services at scale, combined with high availability for mission-critical wireless networks."
2362Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Diana Robinson
TEL: 845-454-6397

Nick Goble
TEL: 978-318-7544

CST Lab: NVLAP 200928-0
SSL Visibility Appliance
(Hardware Versions: SV1800-C [1], SV1800-F [2] and SV2800 [3]; 090-03061 [1], 080-03560 [1], 090-03062 [2], 080-03561 [2], 090-03063 [3] and 080-03562 [3] with FIPS Kit: FIPS-LABELS-SV; Firmware Versions: 3.8.2F build 227 and 3.8.4FC)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/23/2015
09/04/2015
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #3195 and #3496); Triple-DES (Certs. #1821 and #1968); RSA (Certs. #1625, #1238 and #1794); SHS (Certs. #2642 and #2885); HMAC (Certs. #2013 and #2230); ECDSA (Certs. #584 and #711); DRBG (Certs. #669 and #866); PBKDF (vendor affirmed); CVL (Certs. #429 and #562)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); TRNG; NDRNG; MD5; RC4; HMAC-MD5; Camelia; DES; ChaCha20-Poly1305

Multi-chip standalone

"The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic."
2361Blue Coat® Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

Diana Robinson
TEL: 845-454-6397

Nick Goble
TEL: 978-318-7544

CST Lab: NVLAP 200928-0
SSL Visibility Appliance
(Hardware Versions: SV3800; 090-03064 and 080-03563 with FIPS Kit: FIPS-LABELS-SV; Firmware Versions: 3.8.2F build 227 and 3.8.4FC)
(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/23/2015
09/04/2015
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #3195 and #3496); Triple-DES (Certs. #1821 and #1968); RSA (Certs. #1625, #1238 and #1794); SHS (Certs. #2642 and #2885); HMAC (Certs. #2013 and #2230); ECDSA (Certs. #584 and #711); DRBG (Certs. #669 and #866); PBKDF (vendor affirmed); CVL (Certs. #429 and #562)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); TRNG; NDRNG; MD5; RC4; HMAC-MD5; Camelia; DES; ChaCha20-Poly1305

Multi-chip standalone

"The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic."
2360Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0
IPCryptR2
(Hardware Version: BLN1306A; Firmware Version: R06.01.00)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/13/2015Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1424 and #1425); SHS (Certs. #1292 and #2381); ECDSA (Cert. #498); CVL (Certs. #262 and #263); HMAC (Cert. #1780)

-Other algorithms: AES MAC (AES Cert. #1424, vendor affirmed; P25 AES OTAR); AES (Cert. #1424, key wrapping; key establishment provides 256 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 192 bits of encryption strength); NDRNG

Multi-chip standalone

"The IPCryptR2 provides secure key management and data encryption in Astro, Dimetra and Broadband Systems."
2358Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

Tom Nguyen
TEL: 847-576-2352
FAX: n/a

CST Lab: NVLAP 100432-0
Astro Subscriber Motorola Advanced Crypto Engine (MACE)
(Hardware Versions: P/Ns 5185912Y01, 5185912Y03 and 5185912Y05; Firmware Versions: R01.05.12 and [R01.00.00 or (R01.00.00 and R02.00.00)])
(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/13/2015Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #819 and #1295); DRBG (Cert. #505); HMAC (Cert. #1796); RSA (Cert. #396); SHS (Certs. #817 and #2399)

-Other algorithms: AES MAC (AES Cert. #819, vendor affirmed; P25 AES OTAR); LFSR; NDRNG

Single-chip

"The MACE cryptographic processor is used in security modules embedded in Motorola's Astro family of radio systems products. It provides secure voice and data capabilities as well as APCO Over-The-Air-Rekeying and advanced key management."
2357Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series
(Software Versions: 6.3.9600 and 6.3.9600.17031)
(When operated in FIPS mode with modules Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2356 operating in FIPS mode, and Code Integrity (ci.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2355 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/30/2015
05/29/2015
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro
Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA
Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2832); CVL (Cert. #323); DRBG (Certs. #489 and #523); DSA (Cert. #855); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Multi-chip standalone

"The Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography."
2356Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series
(Software Versions: 6.3.9600 and 6.3.9600.17042)
(When operated in FIPS mode with modules Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode, and BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2352 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software05/19/2015
05/29/2015
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro
Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA
Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2832); CVL (Cert. #323); DRBG (Certs. #489 and #523); ECDSA (Cert. #505); HMAC (Cert. #1773); KAS (Cert. #47); KBKDF (Cert. #30); PBKDF (vendor affirmed); RSA (Certs. #1487, #1493 and #1519); SHS (Cert. #2373); Triple-DES (Cert. #1692)

-Other algorithms: AES (Cert. #2832, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)

Multi-chip standalone

"Kernel Mode Cryptographic Primitives Library (cng.sys) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet)."
2355Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Code Integrity (ci.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series
(Software Versions: 6.3.9600 and 6.3.9600.17031)
(When operated in FIPS mode with modules Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode, and BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2352 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/17/2015
05/18/2015
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro
Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA
Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #1494); SHS (Cert. #2373)

-Other algorithms: MD5

Multi-chip standalone

"Code Integrity (ci.dll) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk."
2354Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Dump Filter (dumpfve.sys) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro,Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series
(Software Versions: 6.3.9600 and 6.3.9600.17031)
(When installed, initialized and configured as specified in the Security Policy Section 2 with modules Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode, BitLocker(R) Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2352 operating in FIPS mode, and Code Integrity (ci.dll) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry, Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2355 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/23/2015
05/29/2015
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro
Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA
Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2832)

-Other algorithms: N/A

Multi-chip standalone

"The BitLocker® Dump Filter (dumpfve.sys) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file."
2353Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0
BitLocker® Windows Resume (winresume) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series
(Software Versions: 6.3.9600 and 6.3.9600.17031)
(When operated in FIPS mode with module Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/23/2015
05/18/2015
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro
Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA
Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Certs. #2373 and #2396)

-Other algorithms: MD5

Multi-chip standalone

"BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state."
2352Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
BitLocker® Windows OS Loader (winload) in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series
(Software Versions: 6.3.9600 and 6.3.9600.17031)
(When operated in FIPS mode with module Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3; Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series validated to FIPS 140-2 under Cert. #2351 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software04/10/2015
05/18/2015
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro
Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA
Microsoft Windows 8.1 Pro (x64) running on an Intel Core i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2832); RSA (Cert. #1494); SHS (Cert. #2396)

-Other algorithms: MD5; NDRNG

Multi-chip standalone

"The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files."
2351Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

Tim Myers
TEL: 800-642-7676

CST Lab: NVLAP 200427-0
Boot Manager in Microsoft Windows 8.1 Enterprise, Windows Server 2012 R2, Windows Storage Server 2012 R2, Surface Pro 3, Surface Pro 2, Surface Pro, Surface 2, Surface, Windows RT 8.1, Windows Phone 8.1, Windows Embedded 8.1 Industry Enterprise, StorSimple 8000 Series
(Software Versions: 6.3.9600 and 6.3.9600.17031)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/12/2015
04/10/2015
Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8.1 Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows 8.1 Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows 8.1 Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on a Microsoft Surface Pro 2 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x86) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Embedded 8.1 Industry Enterprise (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell PowerEdge SC440 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Dimension E521 without PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA
Microsoft Windows Storage Server 2012 R2 (x64) running on a Dell Inspiron 660s without PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an Intel Maho Bay with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows Storage Server 2012 R2 (x64) running on an HP Compaq Pro 6305 with PAA and with PCLMULQDQ and SSSE 3
Microsoft Windows 8.1 Pro (x64) running on an Intel x64 Processor with PAA running on a Microsoft Surface Pro
Microsoft Windows 8.1 Pro (x64) running on an Intel i5 with PAA running on a Microsoft Surface Pro 2
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface RT
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Microsoft Surface 2
Microsoft Windows RT 8.1 (ARMv7 Thumb-2) running on a Qualcomm Tablet
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon S4 running on a Windows Phone 8.1
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 400 running on a Windows Phone 8.1
Microsoft Windows Phone 8.1 (ARMv7 Thumb-2) running on a Qualcomm Snapdragon 800 running on a Windows Phone 8.1
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 without PAA
Microsoft Server 2012 R2 (x64) running on a Microsoft StorSimple 8100 with PAA
Microsoft Windows 8.1 Pro (x64) running on an Intel i7 with PAA and PCLMULQDQ and SSSE 3 running on a Microsoft Surface Pro 3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2832); HMAC (Cert. #1773); PBKDF (vendor affirmed); RSA (Cert. #1494); SHS (Certs. #2373 and #2396)

-Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)

Multi-chip standalone

"The Windows system boot manager is called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it."
2350Canon Inc.
30-2
Shimomaruko 3-chome
Ohta-ku, Tokyo 146-8501
Japan

Yoichi Toyokura
TEL: +81-3-3758-2111
FAX: +81-3-3758-1160

CST Lab: NVLAP 200822-0
Canon MFP Security Chip
(Hardware Versions: FK4-1731A, FK4-1731B; Firmware Version: 2.10)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate
JCMVP Cert. #J0021

Security Policy
Hardware04/20/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2907); SHS (Cert. #2601); DRBG (Cert. #638)

-Other algorithms: NDRNG

Multi-chip embedded

"The Canon MFP Security Chip handles cryptography for the storage device of the Canon MFP/printer. The Canon MFP Security Chip realizes high-speed data encryption/decryption through a serial ATA interface, using AES CBC mode. This allows the Canon MFP/printer's storage device to be protected against the risk of information leakage, without compromising objectives such as extensibility, flexibility, usability, and high performance."
2349

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware05/15/2015
04/14/2016
Overall Level: 2

Multi-chip standalone
2348HGST, a Western Digital company
3403 Yerba Buena Road
San Jose, CA 95135
USA

Michael Williamson
TEL: 408-717-8458
FAX: 408-717-9494

Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar He8 TCG Enterprise HDDs
(Hardware Versions: HUH728080AL5205 (0001) [1, 2, 3, 4], HUH728060AL5205 (0001) [1, 2, 3, 4], HUH728080AL4205 (0001) [1, 2, 3, 4, 5, 6, 7, 8] and HUH728060AL4205 (0001) [1, 2, 3, 4]; Firmware Versions: R515 [1], R55B [2], R7J0 [3], R907 [4], R920 [5], R9D0 [6], R9E2 [7] or R9L0 [8])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware04/17/2015
05/08/2015
07/23/2015
04/28/2016
06/24/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: DRBG (Cert. #302); AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); PBKDF (vendor affirmed)

-Other algorithms: NDRNG

Multi-chip embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications and meet or exceed the most demanding performance and security requirements. HGST Ultrastar He8 drives are 12 Gbs SAS, 7,200 RPM, 3.5 inch form factor, TCG Enterprise HDDs."
2343Vormetric, Inc.
2545 N. 1st Street
San Jose, CA 95131-1003
USA

Peter Tsai
TEL: (408) 433-6000
FAX: (408) 844-8638

Peter Henschied
TEL: (408) 433-6000
FAX: (408) 844-8638

CST Lab: NVLAP 200002-0
Vormetric Encryption Expert Cryptographic Module
(Software Version: 5.1.3)
(When operated in FIPS mode. When operating on Windows 8 R2, requires module Windows Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1355 operating in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software03/24/2015Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Windows 2008 R2 64-bit running on a Lenovo Thinkpad T61
HPUX 11i v3 64-bit running on an HP Server rx7620
AIX 6.1 64 bit running on an AIX IBM P7 8233 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1168 and #2807); Triple-DES (Certs. #846 and #1685); SHS (Certs. #2355 and #2390); HMAC (Certs. #1758 and #1788)

-Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services."
2342Vormetric, Inc.
2545 N. 1st Street
San Jose, CA 95131-1003
USA

Peter Tsai
TEL: (408) 433-6000
FAX: (408) 844-8638

Peter Henschied
TEL: (408) 433-6000
FAX: (408) 844-8638

CST Lab: NVLAP 200002-0
Vormetric Encryption Expert Cryptographic Module
(Hardware Version: E5-2670; Software Version: 5.1.3)
(When operated in FIPS mode.)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software-Hybrid03/24/2015Overall Level: 1

-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.3 running on a Supermicro X9DR7, SUSE Linux Enterprise Server 11 SP 2 running on a Supermicro X9DR7 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2807); Triple-DES (Cert. #1685); SHS (Cert. #2355); HMAC (Cert. #1758)

-Other algorithms: ARIA; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Vormetric Encryption Expert Cryptographic Module is a loadable kernel module also known as "SECFS" (SECure File System). This module is a file system layer that enforces an access and encryption policy upon selected data on end-user systems. The policy specifies a key to be used when writing data to disk and while reading data from disk. This module contains the Vormetric Encryption Expert Cryptographic Library, which provides all cryptographic services."
2341Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
Cisco Catalyst 3850 Series Switches and Cisco Catalyst 3650 Series Switches
(Hardware Versions: Cisco Catalyst 3650 Series Switches, Cisco Catalyst 3850 Series Switches [1] and Cisco Field Replaceable Uplink Network Modules [1]; Firmware Version: IOS XE 03.06.00aE)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/20/2015Overall Level: 1

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2685, #2817 and #2879); CVL (Cert. #253); DRBG (Certs. #435 and #481); HMAC (Certs. #1672, #1764 and #1815); KBKDF (Cert. #28); RSA (Cert. #1471); SHS (Certs. #2256, #2361 and #2420); Triple-DES (Cert. #1688)

-Other algorithms: AES (Cert. #2817, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5, MD5, RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Catalyst 3650 and 3850 Series family is the next generation of enterprise-class standalone and stackable access/aggregation layer switches that provide full convergence between wired and wireless on a single platform."
2340Veritas Technologies LLC
500 East Middlefield Road
Mountain View, CA 94043
USA

Mohit Goyal
TEL: 612- 310-8283

CST Lab: NVLAP 100432-0
Veritas NetBackup Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software03/20/2015
02/11/2016
04/22/2016
04/27/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 on a Dell OptiPlex 755
Red Hat Enterprise Linux 6.3 on a Dell Optiplex 755
CentOS 6.3 on a Dell Optiplex 755
SUSE Linux Enterprise 11SP2 on a Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); CVL (Cert. #44); DRBG (Cert. #281); DSA (Cert. #709); ECDSA (Cert. #368); HMAC (Cert. #1391); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RNG

Multi-chip standalone

"The Veritas NetBackup Cryptographic Module provides cryptographic functions for Veritas NetBackup."
2338Chunghwa Telecom Co., Ltd.
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei
Taoyuan, Taiwan 326
Republic of China

Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

Char-Shin Miou
TEL: +886 3 424 4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0
HiCOS Combi PKI Native Smart Card
(Hardware Versions: RS46X and RS47X; Firmware Versions: HardMask: 2.3 and SoftMask: 3.5)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/16/2015Overall Level: 2

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1616); SHS (Cert. #2262); RSA (Cert. #1393); DRBG (Cert. #441)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (Cert. #1616, key establishment methodology provides 112-bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Single-chip

"The HiCOS Combi PKI native smart card module is a single chip implementation of a cryptographic module that supports ISO-7816 contact interface and ISO-14443 contactless interface. The HiCOS Combi PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, the contactless faceplate, and the electronic connectors between the chip and contact pad/antenna, all contained within an epoxy substrate."
23363e Technologies International, Inc.
9715 Key West Ave,
Suite 500
Rockville, MD 20850
USA

Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6779



CST Lab: NVLAP 200002-0
3e-636M-HSE CyberFence Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 5.0)
(When installed, initialized and configured as specified in the Security Policy Section 9 and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/11/2015
03/29/2016
05/27/2016
Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A
-Operational Environment: N/A

-FIPS Approved algorithms: AES (Certs. #2060 and #2078); CVL (Cert. #285); DRBG (Cert. #822); ECDSA (Cert. #303); HMAC (Certs. #1253 and #1259); KTS (AES Cert. #2060 and HMAC Cert. #1253; key establishment methodology provides between 128 and 256 bits of encryption strength); RSA (Cert. #1491); SHS (Certs. #1801 and #1807)

-Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength); SNMPv3 KDF (non-compliant)

Multi-Chip Embedded

"3e-636-HSE module provides high speed low latency dedicated Layer 2 data encryption for enhanced network security and performance. It supports multiple VLANs with bypass mode. Each VLAN uses its own data encryption key for data privacy and per data packet integrity."
2333Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku, Tokyo 105-8001
Japan

Osamu Kawashima
TEL: +81-90-6171-0253
FAX: +81-45-890-2492

CST Lab: NVLAP 200822-0
Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive
(Hardware Versions: A0 with AL13SXQ300NB, AL13SXQ450NB or AL13SXQ600NB; Firmware Version: 0101)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware03/03/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2877); SHS (Cert. #2418); RSA (Cert. #1515); DRBG (Cert. #519)

-Other algorithms: NDRNG

Multi-chip embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Hard Disk Drive is used for hard disk drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2330Protegrity USA Inc.
5 High Ridge Park 2nd Fl.
Stamford, Connecticut 06905
USA

Yigal Rozenberg
TEL: 203-428-4526
FAX: 203-348-1251

Raul Ortega
TEL: 203-428-4713
FAX: 203-569-4013

CST Lab: NVLAP 200658-0
Protegrity Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS Mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software03/03/2015Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Linux SLES 11 64-bit running on IBM x3550 model 7978
IBM z/OS 2.1 running on IBM zEC12
Microsoft Windows Server 2008 64-bit running on IBM x3550 model 7978 (single user mode)

-FIPS Approved algorithms: AES (Certs. #2922, #2923 and #2926); Triple-DES (Certs. #1735, #1736 and #1739); HMAC (Certs. #1849, #1850 and #1853); SHS (Certs. #2458, #2459 and #2462)

-Other algorithms: DTP2-AES; DTP2-TDES; DTP2-HMAC-SHA1; CUSP-AES; CUSP-TDES; MD5; HMAC-MD5

Multi-chip standalone

"The Protegrity Cryptographic Module is a software module that provides FIPS validated cryptographic services for Protegrity Data Security products."
2329

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/12/2015Overall Level: 3

Multi-chip standalone
2328Zebra Technologies Corporation
475 Half Day Road, Suite 500
Lincolnshire, IL 60069
USA

Erv Comer
TEL: 480-628-7901

Tom McKinney
TEL: 631-738-3586

CST Lab: NVLAP 100432-0
Fusion Wireless LAN Cryptographic Module for WM/CE
(Hardware Versions: P/Ns WL1283CYFVR (Rev C), WL1273LYFVR, WL1273BYFVR, WL1271BYFVR, WL1270BYFVR; Firmware Version: 1.01; Software Version: X_2.02.0.0.4)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software-Hybrid02/10/2015
02/19/2016
Overall Level: 1

-Mitigation of Other Attacks: N/A


-Operational Environment: Windows Mobile 6.5 running on MC67
Windows CE7.0 running on WT41
Windows CE7 running on MC18
Windows Mobile 6.5 running on MC55N0
Windows CE6 running on MC2180
Windows CE6 running on SB1
Windows CE 6.0 running on 7528x
Windows Embedded Handheld 6.5 running on 7528x (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2997, #2998, #2999, #3000 and #3001); HMAC (Cert. #1898); SHS (Cert. #2512)

-Other algorithms: N/A

Multi-chip standalone

"The Fusion module secures the WLAN radio for numerous deviceson the Windows Mobile and CE operating systems. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
2327Giesecke & Devrient
Prinzregentenstrasse 159
P.O. Box 80 07 29
Munich D-81677
Germany

Katharina Wallhäußer
TEL: +49 (89) 4119-1397
FAX: +49 89 4119 2819

CST Lab: NVLAP 100432-0
Sm@rtCafé Expert 7.0
(Hardware Version: SLE78CLFX4000P(M) M7892; Firmware Versions: Sm@rtCafé Expert 7.0, Demonstration Applet V1.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/10/2015Overall Level: 3

-FIPS Approved algorithms: DRBG (Cert. #455); Triple-DES (Cert. #1637); Triple-DES MAC (Triple-DES Cert. #1637, vendor affirmed); AES (Certs. #2720 and #2721); SHS (Certs. #2288, #2289 and #2890); RSA (Certs. #1506 and #1507); DSA (Cert. #837); ECDSA (Cert. #476); KBKDF (Cert. #18); CVL (Cert. #177)

-Other algorithms: AES (Cert. #2721, key wrapping; key wrapping establishment methodology provides 128 to 256 bits of encryption strength); TRNG

Single-chip

"Sm@rtCafé Expert 7.0 is a Smart Card based on Java Card and GlobalPlatform Technology. Sm@rtCafé Expert 7.0 conforms to Java Card Classic Platform Specification 3.0.4 and GlobalPlatform Card Specification Version 2.2.1 supporting Secure Channel Protocol 03, Card Specification V2.2 Amendment D. The product is suitable for government and corporate identification, payment and banking, health care, and authentication"
2326HGST, Inc.
5601 Great Oaks Parkway
San Jose, CA 95119
USA

Michael Good
TEL: 408-717-6261
FAX: 408-717-9494

Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0
HGST Ultrastar C10K1800 TCG Enterprise HDDs
(Hardware Versions: HUC101818CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101818CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8. 9, 10, 11,12, 13, 14, 15, 16, 17, 18, 19, 20],HUC101818CS4205 (3), [1, 2, 3, 4, 5, 6, 7, 8. 9, 10, 11,12, 13, 14, 15, 16, 17, 18, 19, 20] HUC101812CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101812CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20], HUC101812CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20], HUC101890CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101890CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16, 17, 18, 19, 20], HUC101890CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 16, 17, 18, 19, 20], HUC101860CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101860CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20], HUC101860CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20], HUC101845CS4205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101845CS4205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18 ,19, 20],HUC101845CS4205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18 ,19, 20], HUC101812CSS205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101812CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20], HUC101812CSS205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20], HUC101890CSS205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101890CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20], HUC101890CSS205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20],HUC101860CSS205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101860CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20], HUC101860CSS205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20], HUC101830CSS205 (1) [1, 2, 3, 4, 5, 6, 7, 8], HUC101830CSS205 (2) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20], HUC101830CSS205 (3) [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17, 18, 19, 20]; Firmware Versions: R1A0 [1], R3B0 [2], R3F0 [3], R3R0 [4], R3R2 [5], R3T0 [6], R3X0 [7], R3X2 [8], R703 [9], R770 [10], R7R1 [11], NA00 [12], NE00 [13], R801 [14], NE02 [15], R7G2 [16], R904 [17], R920 [18], R940 [19] or R990 [20])

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/10/2015
03/13/2015
07/23/2015
11/19/2015
11/27/2015
01/28/2016
04/19/2016
Overall Level: 2

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; AES (Cert. #2365, key wrapping)

Multi-chip embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C10K1800 series are 12Gbs SAS, TCG Enterprise HDDs."
2322Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
VDX 6710, VDX 6720, VDX 6730, VDX 6740, VDX 6740T and VDX 8770 Switches
(Hardware Versions: [BR-VDX8770-4-BND-AC, BR-VDX8770-4-BND-DC, BR-VDX8770-8-BND-AC, BR-VDX8770-8-BND-DC] w/ Field Replaceable Units (80-1006540-01, 80-1006539-02, 80-1006430-01, 80-1006080-01, 80-1006295-01, 80-1006294-02, 80-1006049-02, 80-1006293-02, 80-1006048-02, 80-1006431-01 & 80-1006429-01) BR-VDX6710-54-F, BR-VDX6710-54-R, BR-VDX6720-16-F (80-1004566-07 & 80-1006701-02) BR-VDX6720-16-R (80-1004567-07 & 80-1006702-02) BR-VDX6720-24-F (80-1004564-07 & 80-1006699-02) BR-VDX6720-24-R (80-1004565-07 & 80-1006700-02) BR-VDX6720-40-F (80-1004570-07 & 80-1006305-02) BR-VDX6720-40-R (80-1004571-07 & 80-1006306-02) BR-VDX6720-60-F (80-1004568-07 & 80-1006303-02) BR-VDX6720-60-R (80-1004569-07 & 80-1006304-02) BR-VDX6730-16-F (80-1005649-03 & 80-1006709-02) BR-VDX6730-16-R (80-1005651-03 & 80-1006711-02) BR-VDX6730-24-F (80-1005648-03 & 80-1006708-02) BR-VDX6730-24-R (80-1005650-03 & 80-1006710-02) BR-VDX6730-32-FCOE-F (BR-VDX6730-24-F w/ BR-VDX6730-24VCS-01 & BR-VDX6730-24FCOE-01 Lic) BR-VDX6730-32-FCOE-R (BR-VDX6730-24-R w/ BR-VDX6730-24VCS-01 & BR-VDX6730-24FCOE-01 Lic) BR-VDX6730-40-F (80-1005680-03 & 80-1006719-02) BR-VDX6730-40-R (80-1005681-03 & 80-1006720-02) BR-VDX6730-60-F (80-1005679-03 & 80-1006718-02) BR-VDX6730-60-R (80-1005678-03 & 80-1006717-02) BR-VDX6730-76-FCOE-F (BR-VDX6730-60-F w/ BR-VDX6730-60VCS-01 & BR-VDX6730-60FCOE-01 Lic) BR-VDX6730-76-FCOE-R (BR-VDX6730-60-R w/ BR-VDX6730-60VCS-01 & BR-VDX6730-60FCOE-01 Lic) BR-VDX6740-24-F, BR-VDX6740-24-R, BR-VDX6740-48-F, BR-VDX6740-48-R, BR-VDX6740-64-ALLSW-F, BR-VDX6740-64-ALLSW-R, BR-VDX6740T-24-F, BR-VDX6740T-24-R, BR-VDX6740T-48-F, BR-VDX-6740T-48-R, BR-VDX6740T-64-ALLSW-F & BR-VDX6740T-64-ALLSW-R w/ FIPS Kit P/N Brocade XBR-000195; Firmware Version: Network OS (NOS) v4.0.0 (P/N 63-1001271-01))
(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 2, 3, 4, 5, 6 and 7 as defined in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware02/02/2015Overall Level: 2

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: SHS (Certs. #1965 and #1966); RSA (Certs. #1174, #1175, #1280 and #1282)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); SNMPv3 KDF (non-compliant); HMAC-MD5; TLSv1.0 KDF (non-compliant); SSHv2 KDF (non-compliant); MD5; RADIUS PEAP MS-CHAP V2; NDRNG; Triple-DES (non-compliant); AES (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); BF; CAST; CAST5; DES; DES3; DESX; RC2; RC4; MD2; MD4; RMD160; 3DES; BLOWFISH-CBC; CAST128; ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA-1-96 (non-compliant); HMAC-MD5-96

Multi-chip standalone

"The Brocade VDX 8770 Switch is designed to scale out Brocade VCS fabrics and support complex environments with dense virtualization and dynamic automation requirements. The VDX 6710, VDX 6720, VDX 6730 are Gigabit Ethernet routing switches that provides secure network services and network management. The Brocade VDX 6740 and VDX 6740T are a next generation fixed form factor VCS enabled 10 Gb/40 Gb Ethernet fabric switch for ToR fabric deployments."
2319McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

Klaus Majewski
TEL: +358-40-824-7908

Jorma Levomäki
TEL: +358-9-476711

CST Lab: NVLAP 200658-0
McAfee NGFW Cryptographic Library
(Software Version: 2.0)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Software01/28/2015Overall Level: 1

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Debian GNU/Linux 6.0-based distribution running on McAfee MIL-320
Debian GNU/Linux 6.0-based distribution running on McAfee 5206 with PAA
Debian GNU/Linux 6.0-based distribution running on McAfee 3206 with PAA
Debian GNU/Linux 6.0-based distribution running on McAfee 3206 without PAA
Debian GNU/Linux 6.0-based distribution running on McAfee 3202 with PAA
Debian GNU/Linux 6.0-based distribution running on McAfee 3202 without PAA
Debian GNU/Linux 6.0-based distribution running on McAfee 1402 with PAA
Debian GNU/Linux 6.0-based distribution running on McAfee 1065 with PAA
Debian GNU/Linux 6.0-based distribution running on McAfee 1035 with PAA (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2948, #2949, #2950, #2951, #2952, #2953, #2954 and #2955); Triple-DES (Certs. #1752, #1753, #1754, #1755, #1756 and #1757); DSA (Certs. #878, #879, #880, #881, #882 and #883); RSA (Certs. #1549, #1550, #1551, #1552, #1553 and #1554); ECDSA (Certs. #537, #538, #539, #540, #541 and #542); DRBG (Certs. #549, #550, #551, #552, #553, #554, #555 and #556); SHS (Certs. #2482, #2483, #2484, #2485, #2486 and #2487); HMAC (Certs. #1869, #1870, #1871, #1872, #1873 and #1874); CVL (Certs. #344, #345, #346, #347, #348, #349, #350, #351, #352, #353, #354 and #355)

-Other algorithms: Diffie-Hellman (CVL Certs. #344, #346, #348, #350, #352 and #354, key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #344, #345, #346, #347, #348, #349, #350, #351, #352, #353, #354 and #355, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); AES (Certs. #2948, #2949, #2950, #2951, #2952, #2953, #2954 and #2955, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Multi-chip standalone

"The McAfee NGFW Cryptographic Library is a software module thatprovides cryptographic services required by the McAfee NGFW product."
2318Symantec Corporation
303 2nd Street 1000N
San Francisco, CA 94107
USA

Rajesh Devadasan

CST Lab: NVLAP 200556-0
Symantec DLP Cryptographic Module
(Software Version: 1.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/28/2015
06/28/2016
Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 on a Dell OptiPlex 755
Microsoft Windows Server 2008 R2 on a Dell OptiPlex 755
Apple Mac OS X 10.7 (64-bit) on a MacBook Air
Apple Mac OS X 10.7 (32-bit) on a MacBook Air (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1495); AES (Cert. #2397); DSA (Cert. #749); ECDSA (Cert. #395); RSA (Cert. #1240); SHS (Cert. #2060); DRBG (Cert. #318); HMAC (Cert. #1490)

-Other algorithms: PRNG; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Dual_EC_DRBG; RSA (key wrapping; key establishment provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"The module, the Symantec DLP Cryptographic Module Version 1.0, is a software shared library that provides cryptographic services required by the Symantec Data Loss Prevention solution."
2317Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0
Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module
(Hardware Versions: ST6000NM0114 [1,2,3,4,5,6,7,8], ST4000NM0114 [1,2,3,4,5,6,7,8], ST2000NM0114 [1,2,3,4,5,6,7,8], ST6000NM0104 [9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26], ST4000NM0104 [9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26], ST2000NM0104 [9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26], ST6000NM0094 [27], ST4000NM0094 [27], ST2000NM0094 [27], ST6000NM0084 [28,29], ST4000NM0084 [28,29], ST2000NM0084 [28,29], ST8000NM0125 [30,31,32,33,34,35,36,37], ST8000NM0135 [38,39,40,41,42,43,44], ST8000NM0145 [45,46], ST8000NM0155 [47,48], ST4000NM0135 [49,50,51], ST3000NM0045 [52,53,54], ST6000NM0285 [55,56,57], ST4000NM0235 [58,59,60], ST6000NM0265 [61,62], ST4000NM0105 [63], ST3000NM0055 [64], ST6000NM0275 [65,66], ST4000NM0225 [67], ST600MP0025 [68,69,70,71,72,73,74,75,76,77,78], ST450MP0025 [68,69,70,71,72,73,74,75,76,77,78], ST300MP0025 [68,69,70,71,72,73,74,75,76,77,78], ST600MP0085 [79,80], ST450MP0085 [79,80], ST300MP0085 [79,80], ST600MP0055 [81,82], ST450MP0055 [81,82], ST300MP0055 [81,82], ST600MX0102 [83,84,85,86], ST600MX0072 [87,88], ST1800MM0048 [89,90,91,92,93,94], ST1200MM0048 [89,90,91,92,93,94], ST900MM0048 [89,90,91,92,93,94], ST600MM0048 [89,90,91,92,93,94], ST1800MM0078 [95,96,97,98,99,100,101,102,103], ST1200MM0078 [95,96,97,98,99,100,101,102,103], ST900MM0078 [95,96,97,98,99,100,101,102,103], ST600MM0078 [95,96,97,98,99,100,101,102,103], ST1200MM00108 [104,105,106,107,108,109,110,111,112,113,114], ST600MM00108 [104,105,106,107,108,109,110,111,112,113,114], ST1800MM0118 [115,116,117], ST1200MM0118 [115,116,117], ST900MM0118 [115,116,117], ST600MM0118 [115,116,117], ST1800MM0158 [118,119], ST1200MM0158 [118,119], ST900MM0158 [118,119], ST600MM0158 [118,119], ST2000NX0333 [120,121,122,123,124], ST2000NX0353 [125,126,127,128,129,130], ST2000NX0453 [131] and ST1000NX0483 [132]; Firmware Versions: KF01[1], MT13[2], MF14[3], MF15[4], ETB1[5], MF17[6], KF05[7], MF18[8], EF01[9], MEE4[10], HP00[11], MEE5[12], MEE6[13], MEE8[14], NE01[15], MSE1[16], MEE9[17], NE02[18], 3P00[19, 41], 3P01[20], 3P02[21], NA00[22], EF05[23], MEEA[24], 3P03[25], NA01[26], NF05[27], ZZZZ[28], SF05[29], KFF1[30], PF11[31], PF12[32], UJ80[33], KF02[34, 89, 115, 120], UV01[35], UJ81[36], PF13[37], EFF1[38], PSE1[39], EF02[40, 66, 67, 95, 118, 125], PSE3[42], FC70[43], NE03[44], NF01[45], NF02[46, 51, 54, 62, 104], SF01[47, 61, 65], SF02[48], DSF1[49, 52], FK80[50,53], DEE2[55, 58], DEE3[56,59], FC80[57,60], TF02[63,64], NF03[68, 109], VSC4[69], VEC3[70], VEC4[71], VEC5[72], VSC5[73], VEC7[74], VEC8[75], VEC9[76], NF04[77, 114], VSC6[78], KF03[79, 83, 124], KF04[80, 86, 94, 117], EF03[81, 87, 129], ED04[82], VT13[84], VT14[85], EF04[88, 103, 119], TF12[90], TF13[91], TF16[92], 4201[93], TEE3[96], TEE4[97], TEE5[98], TEE8[99], TSE1[100], TEE9[101], TEEA[102], TSC4[105], TEC3[106], TEC4[107], TEC5[108], TSC5[110], TEC7[111], TEC8[112], TEC9[113], TT13[116], NT17[121], NF13[122], NF14[123], NEE3[126], NEE4[127], NEE5[128], FD30[130], NSF1[131, 132])
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/21/2015
02/13/2015
03/13/2015
05/08/2015
06/09/2015
07/23/2015
09/30/2015
12/22/2015
01/04/2016
04/19/2016
06/03/2016
07/27/2016
Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1343, #2803, #2841, #2842 and #2947); DRBG (Cert. #62); HMAC (Cert. #1597); PBKDF (vendor affirmed); RSA (Cert. #1021); SHS (Certs. #1225, #2352 and #2383)

-Other algorithms: NDRNG

Multi-chip embedded

"The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module is embodied in Seagate Enterprise Capacity® HDD v4 Self-Encrypting Drives model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
2316Cavium Networks
2315 N First Street
San Jose, CA 95131
USA

Phanikumar Kancharla
TEL: 408-943-7496

Tasha Castaneda
TEL: 408-943-7380

CST Lab: NVLAP 100432-0
NITROX XL 1600-NFBE HSM Family
(Hardware Versions: P/Ns CN1610-NFBE1-3.0-FW-2.2-G, CN1620-NFBE1-3.0-FW-2.2-G, CN1620-NFBE3-3.0-FW-2.2-G, CN1610-NFBE1-2.0-FW-2.2-G, CN1620-NFBE1-2.0-FW-2.2-G, CN1620-NFBE3-2.0-FW-2.2-G and FN1620‐NFBE2‐G; Firmware Versions: CN16XX-NFBE-FW-2.2-130013 and CN16XX-NFBE-FW-2.2-130014)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/21/2015
07/23/2015
12/04/2015
06/10/2016
06/24/2016
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1265, #1266 and #2899); CVL (Cert. #166); DRBG (Cert. #32); DSA (Cert. #474); ECDSA (Certs. #150 and #188); HMAC (Certs. #443, #736 and #1677); KAS (Cert. #5); RSA (Certs. #607 and #742); SHS (Certs. #801, #1166 and #1379); Triple-DES (Cert. #898)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE

Multi-chip embedded

"The NITROX XL 1600-NFBE HSM adapter family delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 9000 RSA 2k-bit operations per second and 5 Gbps of bulk crypto."
2315Software House, a brand of Tyco Security Products
6 Technology Park Drive
Westford, MA 01886
USA

Lou Mikitarian
TEL: 978-577-4125

Rick Focke
TEL: 978-577-4266

CST Lab: NVLAP 200928-0
iSTAR Ultra Door Controller
(Hardware Versions: USTAR008, USTAR016 and USTAR-GCM-2U with FIPS Tamper Labels: STAR-FIPS-LBLS; Firmware Version: 6.1)
(The tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/15/2015Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #2856); DRBG (Cert. #506); SHS (Cert. #2400); HMAC (Cert. #1797); ECDSA (Cert. #506); CVL (Certs. #292 and #293)

-Other algorithms: EC Diffie-Hellman (key agreement); MD5; NDRNG

Multi-chip standalone

"The iSTAR Ultra door controller is a powerful IP-edge access control device that provides a strong feature set for securing doors. The iSTAR Ultra controls up to 32 doors. The iSTAR Ultra records, encrypts, and stores all granted access events as well as alarm events of any unauthorized entry. The iSTAR Ultra can be deployed individually or in clusters. The iSTAR Ultra features strong 256-bit AES network encryption between the controller and host, and between controllers within a cluster."
2313Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Nikhil Suares
TEL: (781) 538-7568

CST Lab: NVLAP 200416-0
Acme Packet 4500
(Hardware Version: A1; Firmware Version: C6.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/09/2015Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #745 and #1019); AES (Certs. #928 and #1555); SHS (Certs. #912, #1373 and #1378); HMAC (Certs. #519, #900 and #907); RSA (Cert. #753); DRBG (Cert. #68)

-Other algorithms: DES; ARC4; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HWRNG

Multi-chip standalone

"The Acme Packet 4500 is a one rack unit (1U) platform that feature Oracle’s purpose-built hardware design tightly integrated with Acme Packet OS, to provide the critical controls for delivering trusted, real-time communications -- voice, video, and application data sessions -- across Internet Protocol (IP) network borders."
2312Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

Nikhil Suares
TEL: (781) 538-7568

CST Lab: NVLAP 200416-0
Acme Packet 3820
(Hardware Version: A1; Firmware Version: C6.3)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/09/2015Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #745 and #1019); AES (Certs. #928 and #1555); SHS (Certs. #912, #1372 and #1378); HMAC (Certs. #519, #899 and #907); RSA (Cert. #754); DRBG (Cert. #67)

-Other algorithms: DES; ARC4; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); HWRNG

Multi-chip standalone

"The Acme Packet 3820 is a one rack unit (1U) platform that feature Oracle’s purpose-built hardware design tightly integrated with Acme Packet OS, to provide the critical controls for delivering trusted, real-time communications -- voice, video, and application data sessions -- across Internet Protocol (IP) network borders."
2311SecuTech Solutions PTY LTD
Suite 514, 32 Delhi Road
North Ryde, NSW 2113
Australia

Fujimi Bentley
TEL: 00612-98886185
FAX: 00612-98886185

Joseph Sciuto
TEL: 00612-98886185
FAX: 00612-98886185

CST Lab: NVLAP 200658-0
UniMate USB/TRRS PKI Token
(Hardware Version: 2.11; Firmware Version: 5.1.6)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/09/2015Overall Level: 2

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2836); Triple-DES (Cert. #1696); RSA (Cert. #1478); SHS (Cert. #2377); DRBG (Cert. #492); HMAC (Cert. #1777)

-Other algorithms: HW RNG

Multi-chip standalone

"The UniMate USB/TRRS (Audio Port) PKI token is a hardware cryptographic module. It provides digital signature generation/verification for online authentications and data encryption/decryption for online transactions. The user's private and public key pairs can be generated and stored on the embedded chip within the UniMate cryptographic module. The private key can never be exported. UniMate provides the USB interface and audio port (TRRS) that can connect the module to a computer and smart mobile device. The UniMate implements type A USB 1.1 specifications and USB CCID protocol."
2310Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0
Brocade® FCX 624/648, ICX ™ 6610, ICX 6450, ICX 6650, ICX 7750 and SX 800/1600 Series
(Hardware Versions: [FCX624S (P/N 80-1002388-08), FCX624S-HPOE-ADV (P/N 80-1002715-08), FCX624S-F-ADV (P/N 80-1002727-07), FCX648S (P/N 80-1002392-08), FCX648S-HPOE (P/N 80-1002391-10), FCX648S-HPOE-ADV (P/N 80-1002716-10), FCX-2XG (P/N 80-1002399-01), ICX 6610-24F-I (P/N 80-1005350-04), ICX 6610-24F-E (P/N 80-1005345-04), ICX 6610-24-I (P/N 80-1005348-05), ICX 6610-24-E (P/N 80-1005343-05), ICX 6610-24P-I (P/N 80-1005349-06), ICX 6610-24P-E (P/N 80-1005344-06), ICX 6610-48-I (P/N 80-1005351-05), ICX 6610-48-E (P/N 80-1005346-05), ICX 6610-48P-I (P/N 80-1005352-06), ICX 6610-48P-E (P/N 80-1005347-06), ICX 6450-24P (P/N 80-1005996-04), ICX 6450-24 (P/N 80-1005997-03), ICX 6450-48P (P/N 80-1005998-04), ICX 6450-48 (P/N 80-1005999-04), ICX 6450-C12-PD (P/N 80-1007578-01), FI-SX800-S (P/N 80-1003050-03; 80-1007143-03), FI-SX1600-AC (P/N 80-1002764-02; 80-1007137-02), FI-SX1600-DC (P/N 80-1003005-02; 80-1007138-02), SX-FISF (P/N 80-1002957-03), SX-FI-ZMR-XL (P/N 80-1006486-02), SX-FI-ZMR-XL-PREM6 (P/N 80-1007350-02), SX-FI-2XGMR-XL (P/N 80-1006607-01), SX-FI-2XGMR-XL-PREM6 (P/N 80-1007349-01), Filler Panels (P/N 11456-005; 11457-006; 18072-004), ICX6650-32-E-ADV (P/N 80-1007115-02), ICX6650-32-I-ADV (P/N 80-1007116-02), ICX6650-40-E-ADV (P/N 80-1007179-03), ICX6650-40-I-ADV (P/N 80-1007181-03), ICX6650-48-E-ADV (P/N 80-1007180-03), ICX6650-48-I-ADV (P/N 80-1007182-03), ICX6650-56-E-ADV (P/N 80-1007117-03), ICX6650-56-I-ADV (P/N 80-1007118-03), ICX6650-80-E-ADV (P/N 80-1007119-03), ICX6650-80-I-ADV (P/N 80-1007120-03), ICX7750-48F (P/N 80-1007607-01), ICX7750-48C (P/N 80-1007608-01) and ICX7750-26Q (P/N 80-1007609-01)] with FIPS Kit XBR-000195; Firmware Version: IronWare R08.0.10)
(When operated in FIPS mode with tamper evident labels installed and with the configurations in Tables 4, 12 and 13 as defined in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/08/2015Overall Level: 2

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1612, #1613, #1614, #1615 and #1617), AES (Certs. #2686, #2687, #2688, #2690 and #2697); SHS (Certs. #2257, #2258, #2259, #2260 and #2265); HMAC (Certs. #1673, #1674, #1675, #1676 and #1679); DRBG (Certs. #436, #437, #438, #439 and #442); RSA (Certs. #1386, #1387, #1388, #1391 and #1396); CVL (Certs. #154, #155, #156, #159 and #161)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); SNMPv3 KDF (non-compliant); MD5; DES; NDRNG; HMAC-MD5; DSA (non-compliant)

Multi-chip standalone

"The FastIron SX series chassis devices are modular switches that provide the enterprise network with a complete end-to-end Enterprise LAN solution. The ICX 6610 series is an access layer Gigabit Ethernet switch designed from the ground up for the enterprise data center environment. Brocade ICX 6450 switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks. The Brocade ICX 6650 Switch is a compact Ethernet switch that delivers industry-leading 10/40 GbE density, and the Brocade ICX 7750 is a 10/40 GbE Ethernet switch."
2309Software House, a brand of Tyco Security Products
6 Technology Park Drive
Westford, MA 01886
USA

Lou Mikitarian
TEL: 978-577-4125

Rick Focke
TEL: 978-577-4266

CST Lab: NVLAP 200928-0
iSTAR Edge Door Controller
(Hardware Versions: ESTAR001, ESTAR001-POE1, ESTAR002, ESTAR002-POE1, ESTAR004 with FIPS Tamper Labels: STAR-FIPS-LBLS; Firmware Version: 6.1)
(The tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy

Vendor Product Link
Hardware01/13/2015Overall Level: 2

-FIPS Approved algorithms: AES (Cert. #2856); DRBG (Cert. #506); SHS (Cert. #2400); HMAC (Cert. #1797); ECDSA (Cert. #506); CVL (Certs. #292 and #293)

-Other algorithms: EC Diffie-Hellman (key agreement); MD5; NDRNG

Multi-chip standalone

"The iSTAR Edge door controller is a powerful IP-edge access control device that provides a strong feature set for securing doors. The iSTAR Edge controls up to four doors. The iSTAR Edge records, encrypts, and stores all granted access events as well as alarm events of any unauthorized entry. The iSTAR Edge can be deployed individually or in clusters. The iSTAR Edge features strong 256-bit AES network encryption between the controller and host, and between controllers within a cluster."
2308SAP AG
Albert-Einstein-Allee 3
Bensheim 64625
Germany

Stephan André
TEL: +49-6251-708-1730
FAX: +49-6227-78-55975

Thomas Rothe
TEL: +49-6251-708-2339
FAX: +49-6227-78-55989

CST Lab: NVLAP 200636-0
SAP NW SSO 2.0 Secure Login Library Crypto Kernel
(Software Version: 2.0.0.1.32)
(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software01/06/2015Overall Level: 1

-Physical Security: N/A
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with AIX 5.1 64-bit running on a Fujitsu Esprimo P5925
AIX 5.2 64-bit running on a IBM eServer pSeries 630 Model 6C4
AIX 6.1 64-bit on Vmware ESX 4.1.0 running on a IBM Power 770
HP-UX 11.00 64-bit running on a HP 9000 L3000
HP-UX 11.11 64-bit running on a HP 9000 rp5470
HP-UX 11.23 64-bit running on a HP Integrity rx5670
HP-UX 11.31 64-bit running on a HP 9000 rp3440
HP-UX 11.31 64-bit running on a HP Integrity rx6600
Linux 2.4.18 running on a IBM eServer xSeries 235
Linux 2.4.19 running on a HP Integrity rx2600
Linux 2.4.21 running on a Fujitsu Primergy TX300
Linux 2.6.16 on Vmware ESX 4.1.0 running on a IBM Power 595
Linux 2.6.16 running on a HP ProLiant DL385 G2
Linux 2.6.27 on Vmware ESX 4.1.0 running on a IBM eServer xSeries 235
Linux 2.6.32 on Vmware ESX 5.0.0 running on a IBM Power 770
Linux 2.6.32 running on a Fujitsu Esprimo P9900 E-Star5 with PAA
Linux 2.6.32 running on a IBM eServer xSeries 3655 without PAA
Linux 2.6.5 on Vmware ESX 4.1.0 running on a IBM S/390
Linux 2.6.5 on Vmware ESX 5.0.0 running on a IBM System p5 595
Linux 2.6.5 running on a HP Integrity rx5670
Linux 2.6.5 running on a IBM System x3755
Linux 2.6.5 running on a IBM eServer xSeries 250
Mac OS X 10.7 64-bit running on a MacPro
Solaris 5.10 64-bit running on a Fujitsu PrimePower 650
Solaris 5.10 64-bit running on a Sun Fire X4150
Solaris 5.8 64-bit running on a Fujitsu GP7000F400R
Solaris 5.9 64-bit running on a Sun Fire V880
Tru64 Unix 5.1 running on a Compaq AlphaServer ES40
Windows 7 Enterprise SP1 64-bit running on a Lenovo ThinkCentre M90P with PAA
Windows Server 2008 R2 on Vmware ESX 4.1.0 running on a IBM System x3755 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2370, #2371 and #2372); Triple-DES (Certs. #1481, #1482 and #1483); DSA (Certs. #741, #742 and #743); RSA (Certs. #1225, #1226 and #1227); HMAC (Certs. #1472, #1473 and #1474); DRBG (Certs. #306, #307 and #308); SHS (Certs. #2042, #2043 and #2044)

-Other algorithms: IDEA; RC2; RC5-32; RC4; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ElGamal; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; RIPEMD-128; RIPEMD-160

Multi-chip standalone

"SAP NW SSO 2.0 Secure Login Library Crypto Kernel v2.0.0.1.32 is a shared library, i.e. it consists of software only. SAP NW SSO 2.0 Secure Login Library Crypto Kernel provides an API in terms of C++ methods for key management and operation of cryptographic functions."
2307Kingston Technology Company, Inc.
17600 Newhope Street
Fountain Valley, CA 92708
USA

Jason J. Chen
TEL: 714-445-3449
FAX: 714-438-2765

Joel Tang
TEL: 714-445-3433
FAX: 714-438-2765

CST Lab: NVLAP 100432-0
DataTraveler DT4000 G2 Series USB Flash Drive
(Hardware Versions: DT4000 Version 1.0 [4GB, 8GB, 16GB, 32GB, 64GB, 128GB or 256GB]; Firmware Version: 3.05)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/06/2015
11/20/2015
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2838); DRBG (Cert. #494); HMAC (Cert. #1779); RSA (Cert. #1480); SHS (Cert. #2379); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"Kingston's DataTraveler DT4000 G2 Series USB Flash Drive is assembled in the US for organizations that require a secure way to store and transfer portable data. The stored data is secured by hardware-based AES-256 encryption to guard sensitive information in case the drive is lost or stolen."
23063e Technologies International, Inc.
9715 Key West Ave,
Suite 500
Rockville, MD 20850
USA

Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6779

CST Lab: NVLAP 200002-0
3e-945 AirGuard iMesh Wireless Gateway Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 1.0)
(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/06/2015
06/03/2016
Overall Level: 2

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1611 and #2060); SHS (Cert. #1801); RSA (Cert. #1491); ECDSA (Cert. #303); DRBG (Cert. #822); CVL (Cert. #285)

-Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Multi-chip embedded

"3e-945 AirGuard iMesh Wireless Gateway Cryptographic Module provides secured ISA 100.11a wireless communication services. Acting as industrial access point, it enables connectivity between remote field devices to securely relay process monitoring, automation, and network data securely back to the network."
2304Accellion, Inc.
1804 Embarcadero Road
Suite 200
Palo Alto, CA 94303
USA

Prateek Jain
TEL: +65-6244-5670
FAX: +65-6244-5678

CST Lab: NVLAP 100432-0
Accellion kiteworks Cryptographic Module
(Software Version: KWLIB_1_0_1)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/24/2014Overall Level: 1

-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A


-Operational Environment: Tested as meeting Level 1 with CentOS 6.4 on VMware ESXi 5.1.0 running on a Dell Inc. PowerEdge R320 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2850); CVL (Cert. #286); DRBG (Cert. #503); HMAC (Certs. #1790 and #1791); RSA (Cert. #1492); SHS (Certs. #2392 and #2393); Triple-DES (Cert. #1703)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; AES (non-compliant); DRBG (non-compliant); DSA (non-compliant); ECDSA (non-compliant); HMAC (non-compliant); RNG (non-compliant); RSA (non-compliant); SHS (non-compliant); Triple-DES (non-compliant); Diffie-Hellman; adler32; Blowfish; CAMELLIA; CAST5; crc32; crc32b; DES; DESX; fnv132; fnv164; gost; haval; IDEA; joaat; MDC2; MD2; MD4; MD5; RC2; RC4; RC4-HMAC-MD5; RIPEMD; SEED; snefru; snefru256; SSLeay; Tiger; Whirlpool; rand(); mtrand()

Multi-chip standalone

"Accellion kiteworks Cryptographic Module is a key component of Accellion's kiteworks product that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use."
2303Oberthur Technologies
402 rue d'Estienne d'Orves
Colombes 92700
France

Christophe Goyet
TEL: 703-322-8951
FAX: n/a

Said Boukyoud
TEL: +33-1-78-14-72-58
FAX: +33-1-78-14-70-20

CST Lab: NVLAP 100432-0
ID-One PIV-C on Cosmo V8
(Hardware Version: '0F'; Firmware Version: '5601'; Firmware Extension: '082371' with ID-One PIV Applet Suite 2.3.5)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware12/24/2014Overall Level: 3

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Certs. #2910 and #2911); CVL (Cert. #336); DRBG (Cert. #537); ECDSA (Cert. #526); KAS (Cert. #48); KBKDF (Cert. #33); RSA (Certs. #1531 and #1532); SHS (Certs. #2449 and #2450); Triple-DES (Cert. #1727)

-Other algorithms: TRNG; AES (Cert. #2910, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"ID-One Cosmo V8 is a dual interface (ISO 7816 & ISO 14443) smartcard hardware platform compliant with Javacard 3.0.1 and GlobalPlatform 2.2.1 chip with Built-in PIV application, Opacity Secure messaging and fingerprint On-Card-Comparison (OCC)."
2302SecureMetric Technology Sdn. Bhd.
2-2, Incubator 2, Technology Park Malaysia,
Lebuhraya Sg. Besi - Puchong, Bukit Jalil
Kuala Lumpur 57000
Malaysia

Nioo Yu Siong
TEL: +603-8996 8225
FAX: +603-8996 7225

Edward Law
TEL: +603-8996 8225
FAX: +603-8996 7225

CST Lab: NVLAP 100432-0
ST3 ACE Token
(Hardware Version: 1.0.0)
(When operated in FIPS mode)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Hardware01/09/2015
05/08/2015
Overall Level: 3

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"ST3 ACE Token is a USB token containing SECUREMETRIC¦s own SECUREMETRIC-FIPS-COS cryptographic operating system. The SECUREMETRIC -FIPS-COS is embedded in an ST23YT66 Integrated Circuit (IC) chip and has been developed to support SECUREMETRIC¦s USB token. ST3 ACE Token is a secure microprocessor smart chip based USB token that work as a miniature cryptography computer designed for strong 2-Factor Authentication (2FA) and identification to support network login, secure online transaction, digital signatures and sensitive data protection."
2301Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

Global Certification Team

CST Lab: NVLAP 200427-0
IOS Common Cryptographic Module (IC2M)
(Firmware Version: Rel 3(1.5.2))
(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Firmware12/18/2014
06/12/2015
Overall Level: 1

-Mitigation of Other Attacks: N/A

-Tested: Cisco ASR1K 1NG, Cisco ISR 4451-X, Cisco ISR 4441, Cisco ASR1K RP2 and Cisco ASR1K 2KP (kingpin) with processor Intel Xeon on IOS XE3.10
Cisco ISR 3925E and Cisco ISR 3945E with processor Intel Xeon on IOS 15.3
Cisco ASR1K RP1 with processor Freescale SC8548H on IOS XE3.10
Cisco ISR c2951, Cisco ISR c3925 and Cisco ISR c3945 with processor Freescale 8752E on IOS 15.3
Cisco ISR 1921 with processor Cavium CN5020 on IOS 15.3
Cisco ISR 1941 and Cisco ISR 2900 with processor Cavium CN5220 on IOS 15.3
Cisco Catalyst 4K with processor MPC8572C on IOS XE 3.6
Cisco Catalyst 3750x and Cisco Catalyst 3560x with processor Power-PC 405 on IOS 15.2
Cisco Catalyst 3650 with processor AMCC PowerPC 405EX on IOS XE3.6
Cisco Catalyst 2960 with processor Cavium CN5230 on IOS 15.2

-FIPS Approved algorithms: AES (Certs. #2783 and #2817); CVL (Certs. #252 and #253); DRBG (Cert. #481); ECDSA (Cert. #493); HMAC (Cert. #1764); RSA (Cert. #1471); SHS (Certs. #2338 and #2361); Triple-DES (Certs. #1670, #1671 and #1688)

-Other algorithms: DES; Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #252, key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD2; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); SEAL

Multi-chip standalone

"The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols."
2300RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

Rohit Mathur
TEL: +61 7 3032 5220

CST Lab: NVLAP 200427-0
RSA BSAFE® Crypto-C Micro Edition
(Software Versions: 4.1 [1], 4.1.0.1 [2] and 4.1.2 [3])
(When operated in FIPS mode. When entropy is externally loaded, no assurance of the minimum strength of generated keys)

Validated to FIPS 140-2
Consolidated Validation Certificate

Security Policy
Software12/16/2014
12/21/2015
01/19/2016
01/22/2016
02/12/2016
Overall Level: 1

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3


-Operational Environment: Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1]
Windows Server 2003 Enterprise R2 running on an Intel Mahobay with PAA [1]
Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without PAA [1]
Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with PAA [1]
Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without PAA [1]
Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with PAA [1]
Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1]
Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with PAA [1]
Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without PAA [1]
Windows Server 2008 Enterprise R2 running on an Intel Mahobay with PAA [1]
Windows 7 Enterprise SP1 running on an Intel Mahobay without PAA [1]
Windows 7 Enterprise SP1 running on an Intel Mahobay with PAA [1]
Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1]
Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1][3]
Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1]
Windows Server 2003 Enterprise R2 on ESX 5.1 running on a Dell M610 with PAA [1]
Windows Server 2008 Enterprise SP2 running on an Intel Mahobay without PAA [1]
Windows Server 2008 Enterprise SP2 running on an Intel Mahobay with PAA [1]
Windows 7 Enterprise SP1 running on a Compaq Pro 6305 without PAA [1]
Windows 7 Enterprise SP1 running on a Compaq Pro 6305 with PAA [1]
Windows Server 2003 Enterprise R2 running on a Dell Dimension E521 without PAA [1]
Windows Server 2003 Enterprise R2 running on an Apple Mac Pro 1.1 with PAA [1]
Windows Server 2008 Enterprise R2 running on a Dell Dimension E521 without PAA [1]
Windows Server 2008 Enterprise R2 running on an Intel Mahobay with PAA [1]
Windows 7 Enterprise SP1 running on an Intel Mahobay without PAA [1]
Windows 7 Enterprise SP1 running on an Intel Mahobay with PAA [1]
Windows Server 2012 R2 Standard running on a Compaq Pro 6305 without PAA [1]
Windows Server 2012 R2 Standard running on a Compaq Pro 6305 with PAA [1]
Windows 8.1 Enterprise running on an Intel Mahobay without PAA [1]
Windows 8.1 Enterprise running on an Intel Mahobay with PAA [1]
Windows Server 2003 Enterprise R2 running on a HP Integrity RX2620 [1]
Windows Server 2008 Enterprise R2 running on a HP Integrity RX2620 [1]
Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without PAA [1]
Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with PAA [1]
Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 without PAA [1]
Red Hat Enterprise Linux 5.5 on ESX 4.0 running on a Dell M610 with PAA [1]
Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without PAA [1]
Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with PAA [1]
SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 without PAA [1]
SUSE Linux Enterprise Server 11 on ESX 4.0 running on a Dell M610 with PAA [1]
Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 without PAA [1]
Red Hat Enterprise Linux 6.1 on ESXi 4.1 running on a Dell M610 with PAA [1]
SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 without PAA [1]
SUSE Linux Enterprise Server 11 on ESXi 4.1 running on a Dell M610 with PAA [1]
Red Hat Enterprise Linux 5.5 running on a Server HP RX 2620 [1]
Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1]
SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1]
Red Hat Enterprise Linux 5.3 running on a IBM Power 710 8231 - E2B [1]
SUSE Linux Enterprise Server 11 running on a IBM Power 710 8231 - E2B [1]
FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 without PAA [1]
FreeBSD 8.3 on ESXi 5.0 running on a Dell M610 with PAA [1]
Mac OS X 10.8 running on an Apple MacBook6,1 without PAA [1]
Mac OS X 10.8 running on an Apple Mac Pro 5.1 with PAA [1]
Solaris 10 running on a Oracle SPARC T4-2 [1][3]
Solaris 11 running on a Oracle SPARC T4-2 [1][3]
Solaris 11 running on a Oracle SPARC Enterprise T5120 [1][3]
Solaris 11 running on a Oracle SPARC T4-2 without T4 accelerator [1][3]
Solaris 11 running on a Oracle SPARC T4-2 with T4 accelerator [1][3]
Solaris 10 on ESXi 4.1 running on a Dell M610 without PAA [1]
Solaris 10 on ESXi 4.1 running on a Dell M610 with PAA [1]
Solaris 10 running on a Oracle Sun Fire X2100 without PAA [1]
Solaris 10 running on a Oracle Sun Fire X2100 with PAA [1]
HPUX 11.31 running on a HP 9000/800/RP3410 [1][3]
HPUX 11.31 running on a HP 9000/800/RP3410 [1][3]
HPUX 11.31 running on a HP RX2620 [1][3]
HPUX 11.31 running on a HP RX2620 [1][3]
AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3]
AIX 6.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E2B [1][3]
AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3]
AIX 7.1 on Virtual I/O Server 2.2.2.1 running on a IBM Power 710 8231 - E1C [1][3]
Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1]
Red Hat Enterprise Linux 5.8 on z/VM 6.2 running on a IBM s390x [1]
Ubuntu 12.04 LTS running on a Beagle dev board [1][3]
Fedora Core 17 running on a Beagle dev board [1]
Android 4.0.3 running on a Motorola RAZR I [1]
Android 2.3.6 running on a Samsung Galaxy S2 [1]
Android 4.1.2 running on a Google Nexus 7
iOS 7.1 running on an Apple iPad 3 [1]
iOS 7.1 running on an Apple iPad 4 [1]
VxWorks 6.4 running on a MVME6100 [1][3]
VxWorks 6.7 running on a MVME6100 [1][3]
VxWorks 6.8 running on a MX31 Lite Kit [1][3]
Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3]
Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3]
Windows Server 2008 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3]
Windows 7 Enterprise on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3]
Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server without PAA [3]
Windows Server 2008 Enterprise R2 on vCenter SUSE 11 running on a Cisco UCS C220 M3 Rack Server with PAA [3]
Windows Server 2012 Standard R2 on vCenter SUSE 1