CMVP Main Page

Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules
1995-1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014,
All

Last Update: 10/1/2014

It is important to note that the items on this list are cryptographic modules. A module may either be an embedded component of a product or application, or a complete product in-and-of-itself. If the cryptographic module is a component of a larger product or application, one should contact the product or application vendor in order to determine how the product utilizes the embedded validated cryptographic module. There may be a larger number of security products or applications available which use an embedded validated cryptographic module, than the number of modules which are found in this list. In addition, other vendors, who are not found in this list, may incorporate a validated cryptographic module from this list embedded into their own products.

When selecting a module from a vendor, verify that the module is either the product or application itself (e.g. VPN, SmartCard, USB memory token, etc.) or the module is embedded in a larger product or application (e.g. toolkit, etc.). If the module is embedded in a product or application, ask the product or application vendor to provide a signed letter or statement affirming that the unmodified validated cryptographic module is integrated in the solution; the module provides all the cryptographic services in the solution; and provide reference to the modules validation certificate number from this listing.

NOTE1: Module descriptions are provided by the module vendors and have not been verified for accuracy by the CMVP. The descriptions do not imply endorsement by the U.S. or Canadian Governments or NIST. Additionally, the descriptions may not necessarily reflect the capabilities of the modules when operated in the FIPS-Approved mode. The algorithms, protocols, and cryptographic functions listed as "other algorithms" (e.g. allowed or non-FIPS-Approved algorithms) have not been tested through the CMVP.

NOTE2: The operator of a cryptographic module is responsible for ensuring that the algorithms and key lengths are in compliance with the requirements of NIST SP 800-131A.

NOTE3: All questions regarding the implementation and/or use of any module located on the CMVP module validation lists should first be directed to the appropriate vendor point-of-contact (listed for each entry).

Please contact the CMVP if any errors are discovered or comments with suggestions for improvement of the validation listings.

Cert# Vendor / CST Lab Cryptographic Module
Module
Type
Val.
Date
Level / Description
2262 Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku, Tokyo 105-8001
Japan

-Akihiro Kimura
TEL: +81-45-890-2856
FAX: +81-45-890-2593

CST Lab: NVLAP 200822-0

Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive (PX model)
(Hardware Versions: A0 with PX02SMU020, PX02SMU040, PX02SMU080 or PX02SMQ160; Firmware Version: NA00)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/01/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2598); HMAC (Cert. #1611); SHS (Cert. #2183); RSA (Cert. #1331); DRBG (Cert. #397)

-Other algorithms: NDRNG

Multi-chip embedded

"The Toshiba TCG Enterprise SSC Self-Encrypting Solid State Drive is used for solid state drive data security. This Cryptographic Module (CM) provides various cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA bands, and FW download."
2261 CipherCloud, Inc.
99 Almaden Blvd., Suite 500
San Jose, CA 95113
USA

-Varun Badhwar
TEL: 415-683-0062

CST Lab: NVLAP 200968-0

Cryptographic Module for CipherCloud Gateway
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/01/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with CentOS 6.3 with Java JRE 1.6.0 running on IBM 3620 M3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2339); SHS (Cert. #2017); HMAC (Cert. #1449); DRBG (Cert. #303); PBKDF (vendor affirmed)

-Other algorithms: AES-PCBC (non-compliant); AES-CTR (non-compliant); AES-CTS (non-compliant); AES-OFB (non-compliant); AES-OFB8 (non-compliant); AES-OFB128 (non-compliant); ARC4; Blowfish; DES; Diffie-Hellman (non-compliant); DSA (non-compliant); RC2; RSA (encrypt/decrypt); Triple-DES (non-compliant); PBEWithMD5AndDES; PBEWithMD5AndTripleDES; PBEWithSHA1AndDESede; PBEWithSHA1AndRC2_40; MD2; MD5; SHA-384 (non-compliant); HMAC-MD5; HMAC SHA-384 (non-compliant); HMAC SHA-512 (non-compliant)

Multi-chip standalone

"The Cryptographic Module enables all cryptographic operations performed by the CipherCloud Gateway. The CipherCloud Gateway is a software solution that organizations deploy within their network boundaries or delegate operation to a trusted third party. CipherCloud interfaces with clients (e.g., web browsers, mobile applications, APIs, etc.), and leverages format and operations preserving encryption technology to secure sensitive information in real time, before it's sent to cloud applications (e.g. web servers, API services, databases, etc.), without impacting usability or performance."
2260 Motorola Solutions, Inc.
One Motorola Plaza
Holtsville, NY 11742
USA

-Erv Comer
TEL: 480-628-7901

-Tom McKinney
TEL: 631-738-3586

CST Lab: NVLAP 100432-0

Fusion Wireless LAN Cryptographic Module for Android
(Hardware Version: WL1283CYFVR (Rev C); Software Version: 1.02; Firmware Version: 1.01)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 09/30/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Android Jelly Bean 4.1.1 running on a MC40N0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2812); HMAC (Cert. #1763) SHS (Cert. #2360)

-Other algorithms: N/A

Multi-chip standalone

"The Fusion WLAN cryptomodule secures the WLAN radio for the Android based MC40, MC67, MC32, and ET1 Wireless Mobile Computing devices. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government."
2259 Cavium Networks
2315 N First Street
San Jose, CA 95131
USA

-Albert Harnois
TEL: 408-943-7641
FAX: 408-557-1992

-Tony Tran
TEL: 408-943-7128
FAX: 408-577-1992

CST Lab: NVLAP 100432-0

NITROX XL 1600-NFBE HSM Family
(Hardware Version: P/N FN1620-NFBE2-G; Firmware Version: CN16XX-NFBE-FW-2.1-110018)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/26/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1265 and #1266); Triple-DES (Cert. #898); RSA (Certs. #607 and #742); ECDSA (Certs. #150 and #188); SHS (Certs. #801, #1166 and #1379); HMAC (Certs. #443, #736 and #1677); KAS (Cert. #5); RNG (Cert. #707); DRBG (Cert. #32); DSA (Cert. #474); CVL (Cert. #166)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE

Multi-chip embedded

"The FN1620-NFBE2-G HSM adapter delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0 via an SFF-8639 connector. The adapter offers up to 30,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets."
2258 Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0

CS Series Encryptors
(Hardware Versions: CS10 Ethernet Encryptor: A4201B [O] and A4201B [Y]; CS100 Ethernet Encryptor: A4203B [O] and A4203B [Y]; Firmware Version: 2.3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/23/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2585 and #2588); Triple-DES (Cert. #1561); RSA (Cert. #1323); SHS (Cert. #2176); HMAC (Cert. #1600); DRBG (Cert. #390); CVL (Cert. #114)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CS Series is a high performance encryption platform designed to secure data transmitted over 10 and 100Mbps Ethernet networks. The CS10 is a cost-effective, small form factor, encryptor for branch or remote office applications. The CS100 is a 19' rack mounted device suitable for point to point or multipoint connections and is ideally suited for central office operations. SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such."
2257 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845-454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

ProxySG S500-10 [1] and S500-20 [2]
(Hardware Versions: 080-03549 [1], 080-03551 [1], 090-02998 [1], 080-03552 [1], 090-02999 [1], 080-03553 [2], 080-03555 [2], 090-03000 [2], 080-03556 [2], 090-03001 [2] with FIPS Security Kit (Part Number: 085-02870); Firmware Version: 6.5.2.9 build 144008)

(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/22/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2931); Triple-DES (Cert. #1744); DRBG (Cert. #541); HMAC (Certs. #1700 and #1857); SHS (Certs. #2291 and #2467); RSA (Cert. #1536); CVL (Certs. #181 and #332)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2256 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845 454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

ProxySG S400-20 [1], S400-30 [2] and S400-40 [3]
(Hardware Versions: 080-03568 [1], 080-03570 [1], 090-03075 [1], 080-03571 [1], 090-03076 [1], 080-03572 [2], 080-03574 [2], 090-03079 [2], 080-03575 [2], 090-03080 [2], 080-03576 [3], 080-03578 [3], 090-03083 [3], 080-03579 [3], 090-03084 [3] with FIPS Security Kit (Part Number: 085-02891); Firmware Version: 6.5.2.9 build 144008)

(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/22/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2931); Triple-DES (Cert. #1744); DRBG (Cert. #541); HMAC (Certs. #1700 and #1857); SHS (Certs. #2291 and #2467); RSA (Cert. #1536); CVL (Certs. #181 and #332)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG; NDRNG

Multi-chip standalone

"Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2255 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845 454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

Secure Web Gateway Virtual Appliance-V100
(Software Version: 6.5.2.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 09/22/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with SGOS v6.5.2.50 on Vmware ESXi 5.1 running on a Dell PowerEdge R720 with AES-NI; SGOS v6.5.2.50 on Vmware ESXi 5.1 running on a Dell PowerEdge R720 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2737); Triple-DES (Cert. #1648); DRBG (Cert. #458); HMAC (Certs. #1715 and #1716); SHS (Certs. #2306 and #2307); RSA (Cert. #1427); CVL (Certs. #182 and #328)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; PRNG; NDRNG; ANSI X9.31 PRNG (non-compliant); CAST-128; DES; RC2; RC4; Camellia; MD2; HMAC-MD5; RIPE-MD-160

Multi-chip standalone

"Blue Coat ProxySG physical and virtual appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2254 Oracle Corporation
500 Eldorado Blvd., Bldg 5
Broomfield, CO 80021
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0

Oracle StorageTek T10000D Tape Drive
(Hardware Version: P/N 7042136; Firmware Version: 4.07.107)

(When operated in FIPS mode. The protocol SSH shall not be used when operated in the FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/22/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2760, #2761, #2762, #2763 and #2764); DRBG (Cert. #467); HMAC (Certs. #1729 and #1730); SHS (Certs. #2324 and #2325); RSA (Cert. #1445); CVL (Cert. #230)

-Other algorithms: AES (Cert. #2763, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG; SSH KDF (non-compliant); AES (non-compliant); SHS (non-compliant); HMAC (non-compliant); RSA (non-compliant); DRBG (non-compliant)

Multi-chip standalone

"The Oracle StorageTek T10000D Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000D Tape Drive delivers the world's fastest write speeds up to 8.5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution."
2253 Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200928-0

Nexus 7000 Series Switches
(Hardware Versions: Chassis: N7K-C7004, N7K-C7009, N7K-C7010 and N7K-C7018; Supervisor Cards: N7K-SUP1, N7K-SUP2 and N7K-SUP2E; Fabric Cards: N7K-C7009-FAB-2, N7K-C7010-FAB-1, N7K-C7010-FAB-2, N7K-C7018-FAB-1 and N7K-C7018-FAB-2; Line Cards: N7K-M148GS-11L, N7K-M148GT-11L, N7K-M108X2-12L, N7K-M132XP-12, N7K-F132XP-15, N7K-M202CF-22L, N7K-M206FQ-23L, N7K-M224XP-23L, N7K-F248XP-25E and N7K-F248XT-25E; Firmware Version: 6.2.2a)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/22/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1197, #1275, #1276, #1426, #1427, #2710 and #2736); Triple-DES (Cert. #1627); DSA (Cert #827); RSA (Cert. #1406); SHS (Cert. #2275); RNG (Cert. #1258); HMAC (Cert. #1689); CVL (Cert. #287)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); DES; RC4; MD5; HMAC-MD5; Non-Approved RNG; NDRNG

Multi-chip standalone

"The Cisco Nexus 7000 is a highly scalable in the Data Center end-to-end 10 Gigabit Ethernet switch for mission-critical data center operations. The fabric architecture scales beyond 15 terabits per second (Tbps), with support for 40-Gbps and 100-Gbps Ethernet. Powered by Cisco NX-OS, a state of the art modular operating system, the platform is designed for exceptional scalability, continuous system operation, serviceability, and transport flexibility."
2252 Cisco Systems, Inc.
170 W Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200928-0

Nexus 7700 Series Switches
(Hardware Versions: Chassis: N7K-C7710 and N7K-C7718; Supervisor Card: N77-SUP2E; Fabric Cards: N77-C7710-FAB-2 and N77-C7718-FAB-2; Line Card: N77-F248XP-23E; Firmware Version: 6.2.2a)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/22/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1197, #1275, #1276, #1426, #1427, #2710 and #2736); Triple-DES (Cert. #1627); DSA (Cert #827); RSA (Cert. #1406); SHS (Cert. #2275); RNG (Cert. #1258); HMAC (Cert. #1689); CVL (Cert. #287)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of equivalent strength); DES; RC4; MD5; HMAC-MD5; Non-Approved RNG; NDRNG

Multi-chip standalone

"The Cisco Nexus 7700 Switches are the latest extension to the Cisco Nexus 7700 Series modular switches. With more than 83 terabits per second (Tbps) of overall switching capacity, the Cisco Nexus 7700 Switches delivers the highest-capacity 10, 40, and 100 Gigabit Ethernet ports in the industry, with up to 768 native 10-Gbps ports, 384 40-Gbps ports, or 192 100-Gbps ports. This high system capacity is designed to meet the scalability requirements of the largest cloud environments."
2251 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 4000 PIKE2
(Hardware Version: P/N 51009397004; Firmware Version: R02.03.07)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/22/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); DRBG (Cert. #159)

-Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP; NDRNG

Single-chip

"The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
2250 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

Key Variable Loader (KVL) 4000 PIKE2
(Hardware Version: P/N 51009397004; Firmware Version: R02.03.07)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/22/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1491 and #1492); ECDSA (Cert. #183); SHS (Cert. #1345); DRBG (Cert. #159)

-Other algorithms: AES MAC (AES Cert. #1492, vendor affirmed; P25 AES OTAR); AES (AES Cert. #1492, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; DES-XL; DVP-XL; DVI-XL; ADP; NDRNG

Single-chip

"The KVL 4000 PIKE2 provides security services for the KVL 4000. The KVL 4000 is a portable key distribution device that consists of a Personal Digital Assistant (PDA) and Security Adapter that connects to the PDA."
2249 Comtech Mobile Datacom Corporation
20430 Century Boulevard
Germantown, MD 20874
USA

-Lajuana Johnson
TEL: 240-686-3300

CST Lab: NVLAP 200427-0

Comtech Mobile Datacom Corporation Cryptographic Library (libcmscrypto)
(Software Version: 1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/22/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.3 on qemu-kvm-0.12.1.2-2 on Red Hat Enterprise Linux 6 running on a Dell R900 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2355); HMAC (Cert. #1461); SHS (Cert. #2029); Triple-DES (Cert. #1473)

-Other algorithms: DES

Multi-chip standalone

"libcmscrypto is a library implemented in the Comtech Mobile Datacom Corp. products and provides the basic cryptographic functionality that includes Advanced Encryption Standard (AES) algorithm, SHA1 message digest, HMAC SHA-1 Keyed-Hash message authentication code, and Triple-DES."
2248 Accellion, Inc.
1804 Embarcadero Road,
Suite 200
Palo Alto, CA 94303
USA

-Prateek Jain
TEL: 65-6244-5670
FAX: 65-6244-5678

CST Lab: NVLAP 100432-0

Accellion Cryptographic Module
(Software Version: FTALIB_3_0_1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/19/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5 running on a HP ProLiant DL 380 G7 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2317, #2318, and #2844); CVL (Cert. #268); HMAC (Certs. #1436 and #1783); RSA (Cert. #1485); SHS (Certs. #2004 and #2385); Triple-DES (Cert. #1700)

-Other algorithms: AES (Cert. #2844, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1700, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5

Multi-chip standalone

"Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use."
2247 NXP Semiconductors
Stresemannallee 101
Hamburg, D-22529
Germany

-Hans-Gerd Albertsen
TEL: +49-40-5613-2548
FAX: +49-40-5613-62548

-Markus Moesenbacher
TEL: +43-3124-299-652
FAX: +43-3124-299-270

CST Lab: NVLAP 100432-0

NXP JCOP 2.4.2 R3
(Hardware Versions: P/Ns P5CC081 V1A, P5CD081 V1A, P5CD081 V1D, P5CC145 V0B and P5CD145 V0B; Firmware Version: JCOP 2.4.2 R3 Mask ID 64 and patchID 1 with Demonstration Applet v1.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/15/2014 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Certs. #2561, #2564, #2596 and #2597); CVL (Cert. #26); ECDSA (Cert. #317); RNG (Cert. #1229); RSA (Certs. #1090 and #1091); SHS (Cert. #1553); Triple-DES (Certs. #1552 and #1553); Triple-DES MAC (Triple-DES Cert. #1552, vendor affirmed)

-Other algorithms: NDRNG; AES (Certs. #2561 and #2596, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1552, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"Single Chip Module with NXP Secure Smart Card Controller of P5CD081 Family. P5CD081 Family comprises: P5CD145 V0A, P5CC145 V0A, P5CN145 V0A, P5CD128 V0A, P5CC128 V0A, P5CD081 V1A, P5CC081 V1A, P5CN081 V1A, P5CD051 V1A, P5CD041 V1A, P5CD021 V1A, P5CD016 V1A, P5CD145 V0B, P5CC145 V0B, and P5CD081 V1D."
2246 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco ASA Service Module (SM)
(Hardware Version: WS-SVC-ASA-SM1-K9; Firmware Version: 9.1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/12/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2050, #2444 and #2482); DRBG (Certs. #332 and #341); ECDSA (Cert. #411); HMAC (Certs. #1247 and #1524); RSA (Certs. #1066 and #1271); SHS (Certs. #1794 and #2100); Triple-DES (Certs. #1321 and #1520)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA Service Module (SM) Adaptive Security Appliance provides comprehensive security, performance, and reliability for network environments of all sizes."
2245 EFJohnson Technologies
1440 Corporate Drive
Irving, TX 75038
USA

-Marshall Schiring
TEL: 402-479-8375
FAX: 402-479-8472

-Josh Johnson
TEL: 402-479-8459
FAX: 402-479-8472

CST Lab: NVLAP 100432-0

Subscriber Encryption Module
(Hardware Version: R023-5000-980; Firmware Version: 5.28)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/10/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2640); DRBG (Cert. #411); HMAC (Cert. #1632); RSA (Cert. #1351); SHS (Cert. #2213)

-Other algorithms: AES (Cert. #2640, key wrapping; key establishment methodology provides 128 bits of encryption strength); AES MAC (AES Cert. 2640, vendor affirmed; P25 AES OTAR); DES; NDRNG

Multi-chip embedded

"The EFJohnson Subscriber Encryption Module (SEM) is a cryptographic module meeting FIPS 140-2, Level 1 requirements. The SEM provides Subscriber Equipment, such as the EFJohnson Technology VP600 series radio with secure encrypted voice communication. The SEM supports AES, RSA, HMAC, DRBG and SHA-256 FIPS Approved algorithms for voice communication and protection of its firmware. The SEM can be implemented into any Subscriber Equipment requiring FIPS 140-2, Level 1 security."
2244 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 5921 Embedded Services Router (ESR)
(Software Version: 15.2(4)GC)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/10/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with CentOS Linux 6.4 running on an Intel Desktop Board D2500CC (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2785); CVL (Cert. #237); DRBG (Cert. #472); ECDSA (Cert. #486); HMAC (Cert. #1744); RSA (Cert. #1457); SHS (Cert. #2340); Triple-DES (Cert. #1673)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Cisco ESR 5921 Embedded Services Router is a software product that runs IOS 15.2(4)GC in an x86-based Linux host environment. The binary is a Router application which allows Linux software connections with virtual and physical Linux interfaces on the host hardware. The Cisco 5921 Embedded Services Router provides a secure, manageable device which meets FIPS 140-2 Level 1 requirements."
2243 WideBand Corporation
401 W. Grand St.
Gallatin, MO 64640
USA

-GoldKey Sales & Customer Service
TEL: 816-220-3000
FAX: 419-301-3208

-Jon Thomas
TEL: 567-270-3830
FAX: 419-301-3208

CST Lab: NVLAP 200658-0

GoldKey Security Token Cryptographic Module
(Hardware Version: IC USB-CONTROLLER-2LF; Firmware Version: 7.13)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/10/2014 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2347); SHS (Cert. #2024); DRBG (Cert. #297); Triple-DES (Cert. #1470); RSA (Cert. #1210); ECDSA (Cert. #384); CVL (Certs. #54, #234 and #235)

-Other algorithms: N/A

Single-chip

"Provides cryptographic algorithm implementation for GoldKey Products"
2242 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

X-ES XPedite5205 with Cisco IOS
(Hardware Versions: X-ES XPedite5205 air-cooled card and X-ES XPedite5205 conduction-cooled card; Firmware Version: 15.2(4)GC)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/10/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2784); CVL (Cert. #236); DRBG (Cert. #471); ECDSA (Cert. #485); HMAC (Certs. #537 and #1743); RSA (Cert. #1456); SHS (Certs. #933 and #2339); Triple-DES (Certs. #757 and #1672)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The X-ES XPedite5205 is a high-performance, ruggedized router. With onboard hardware encryption, the XPedite5205 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The XPedite5205 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The XPedite5205 Router Card uses industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology."
2241 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 5915 and 5940 Embedded Services Routers
(Hardware Versions: Cisco 5915 ESR air-cooled card, Cisco 5915 ESR conduction-cooled card, Cisco 5940 ESR air-cooled card and Cisco 5940 ESR conduction-cooled card; Firmware Version: 15.2(4)GC)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/10/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2784); CVL (Cert. #236); DRBG (Cert. #471); ECDSA (Cert. #485); HMAC (Certs. #537 and #1743); RSA (Cert. #1456); SHS (Certs. #933 and #2339); Triple-DES (Certs. #757 and #1672)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Cisco 5915, 5940 are high-performance, ruggedized routers. With onboard hardware encryption, the Cisco 5915, 5940 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The Cisco 5915, 5940 Embedded Services Routers provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 1 requirements. The Cisco 5915, 5940 Router Cards use industrial-grade components and is optimized for harsh environments that require Cisco IOS Software routing technology."
2240 Palo Alto Networks
4301 Great America Parkway
Santa Clara, CA 95054
USA

-Jake Bajic
TEL: 408-753-3901
FAX: 408-753-4001

-Richard Bishop
TEL: 408-753-4061
FAX: 408-753-4001

CST Lab: NVLAP 100432-0

PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series and PA-5000 Series Firewalls
(Hardware Versions: PA-200 P/N 910-000015-00E Rev. E [1], PA-500 P/N 910-000006-00O Rev. O [2], PA-500-2GB P/N 910-000094-00O Rev. O [2], PA-2020 P/N 910-000004-00Z Rev. Z [3], PA-2050 P/N 910-000003-00Z Rev. Z [3], PA-3020 P/N 910-000017-00J Rev. J [4], PA-3050 P/N 910-000016-00J Rev. J [4], PA-4020 P/N 910-000002-00AB Rev. AB [5], PA-4050 P/N 910-000001-00AB Rev. AB [5], PA-4060 P/N 910-000005-00S Rev. S [5], PA-5020 P/N 910-000010-00F Rev. F [6], PA-5050 P/N 910-000009-00F Rev. F [6] and PA-5060 P/N 910-000008-00F Rev. F [6]; FIPS Kit P/Ns: 920-000084-00A Rev. A [1], 920-000005-00A Rev. A [2], 920-000004-00A Rev. A [3], 920-000081-00A Rev. A [4], 920-000003-00A Rev. A [5] and 920-000037-00A Rev. A [6]; Firmware Version: 5.0.11)

(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/08/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2728); CVL (Cert. #227); HMAC (Cert. #1707); RNG (Cert. #1263); RSA (Cert. #1420); SHS (Cert. #2298)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES

Multi-chip standalone

"The Palo Alto Networks PA-200, PA-500, PA-2000 Series, PA-3000 Series, PA-4000 Series, and PA-5000 Series next-generation firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique identification technologies: App-ID, User-ID, and Content-ID. This unique ability empowers customers to safely enable applications, make informed decisions on network access, and strengthen network security."
2238 McAfee, Inc.
2821 Mission College Boulevard
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Virtual Appliance for VMware
(Software Version: 8.3.2 with patch number 8.3.2E14)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/08/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with McAfee SecureOS v8.3 on VMware ESXi 5.0 running on a McAfee S7032 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1963, #2712 and #2714); Triple-DES (Certs. #1275, #1629 and #1631); RSA (Certs. #1408 and #1410); DSA (Certs. #829 and #831); ECDSA (Certs. #473 and #475); SHS (Certs. #1722, #2277 and #2279); HMAC (Certs. #1184, #1691 and #1693); RNG (Cert. #1032); DRBG (Certs. #449 and #451); CVL (Certs. #170 and #172)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2237 McAfee, Inc.
2821 Mission College Boulevard
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032
(Hardware Versions: (FEW-S1104, FEW-S2008, FEW-S3008, FEW-S4016, FEW-S5032 and FEW-S6032) with FRU-686-0089-00; Firmware Version: 8.3.2 with patch number 8.3.2E14)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/08/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1833, #2711 and #2713); Triple-DES (Certs. #1185, #1628 and #1630); RSA (Certs. #1407 and #1409); DSA (Certs. #828 and #830); ECDSA (Certs. #472 and #474); SHS (Certs. #1612, #2276 and #2278); HMAC (Certs. #1086, #1690 and #1692); RNG (Cert. #964); DRBG (Certs. #448 and #450); CVL (Certs. #168 and #171)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2236 McAfee, Inc.
2821 Mission College Boulevard
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100F, 2150F and 4150F
(Hardware Versions: (NSA-1100-FWEX-F, NSA-2150-FWEX-F and NSA-4150-FWEX-F) with FRU-686-0089-00; Firmware Version: 8.3.2 with patch number 8.3.2E14)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section Secure Operation. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/08/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1833, #2711 and #2713); Triple-DES (Certs. #1185, #1628 and #1630); RSA (Certs. #1407 and #1409); DSA (Certs. #828 and #830); ECDSA (Certs. #472 and #474); SHS (Certs. #1612, #2276 and #2278); HMAC (Certs. #1086, #1690 and #1692); RNG (Cert. #964); DRBG (Certs. #448 and #450); CVL (Certs. #168 and #171)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2234 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2706

CST Lab: NVLAP 200416-0

McAfee Email Gateway L2
(Hardware Versions: EMG-5500-C and EMG-5000-C; Firmware Version: 7.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/05/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2013, #2106 and #2281); Triple-DES (Certs. #1299, #1341 and #1429); DSA (Certs. #639, #656 and #711); RSA (Certs. #1042, #1080 and #1172); SHS (Certs. #1763, #1829 and #1963); RNG (Certs. #1055, #1081 and #1134); HMAC (Certs. #1218 and #1280)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES-CBC3-MD5; DES-CBC-MD5; DES-CBC-SHA; EDH-DSS-DES-CBC-SHA; EDH-RSA-DES-CBC-SHA; EXP-DES-CBC-SHA; EXP-EDH-DSS-DES-CBC-SHA; EXP-EDH-RSA-DES-CBC-SHA; EXP-RC2-CBC-MD5; EXP-RC4-MD5; IDEA-CBC-MD5; IDEA-CBC-SHA; RC2-CBC-MD5; RC4-MD5; RC4-SHA; BLOWFISH; CAMELLIA128; CAMELLIA192; CAMELLIA256; CAST5; MD5; RIPEMD160; TWOFISH; DES; MD2; HMAC MD5; DES40; RC2; RC4; RC5; ECAES; RSA PKCS#1 V.2.0 (SHA256 - OAEP; non-compliant)

Multi-chip standalone

"McAfee Email Gateway integrates comprehensive inbound threat protection with outbound data loss prevention, advanced compliance, performance reporting, and simplified administration. By combining local network information with global reputation intelligence from McAfee Global Threat Intelligence, it provides the most complete protection available against inbound threats, spam and malware. Its sophisticated content scanning technologies, multiple encryption techniques, and granular, policy-based message handling prevent outbound data loss and simplify compliance."
2233 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2706

CST Lab: NVLAP 200416-0

McAfee Email Gateway L1
(Hardware Versions: EMG-5500-B, EMG-5000-B, EMG-4500-B, EMG-4000-B, EWS-3400-B, EWS-3300-B, EWS-3200-B, EWS-3100-B and HP Proliant BL460c Gen6 Blade Server (Model: 595729-L21); Firmware Version: 7.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/05/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2013, #2106 and #2281); Triple-DES (Certs. #1299, #1341 and #1429); DSA (Certs. #639, #656 and #711); RSA (Certs. #1042, #1080 and #1172); SHS (Certs. #1763, #1829 and #1963); RNG (Certs. #1055, #1081 and #1134); HMAC (Certs. #1218 and #1280)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES-CBC3-MD5; DES-CBC-MD5; DES-CBC-SHA; EDH-DSS-DES-CBC-SHA; EDH-RSA-DES-CBC-SHA; EXP-DES-CBC-SHA; EXP-EDH-DSS-DES-CBC-SHA; EXP-EDH-RSA-DES-CBC-SHA; EXP-RC2-CBC-MD5; EXP-RC4-MD5; IDEA-CBC-MD5; IDEA-CBC-SHA; RC2-CBC-MD5; RC4-MD5; RC4-SHA; BLOWFISH; CAMELLIA128; CAMELLIA192; CAMELLIA256; CAST5; MD5; RIPEMD160; TWOFISH; DES; MD2; HMAC MD5; DES40; RC2; RC4; RC5; ECAES; RSA PKCS#1 V.2.0 (SHA256 - OAEP; non-compliant)

Multi-chip standalone

"McAfee Email Gateway integrates comprehensive inbound threat protection with outbound data loss prevention, advanced compliance, performance reporting, and simplified administration. By combining local network information with global reputation intelligence from McAfee Global Threat Intelligence, it provides the most complete protection available against inbound threats, spam and malware. Its sophisticated content scanning technologies, multiple encryption techniques, and granular, policy-based message handling prevent outbound data loss and simplify compliance."
2232 Hitachi, Ltd.
322-2 Nakazato, Odawara-shi
Kanagawa-ken, 250-0872
Japan

-Hajime Sato
TEL: +81-465-59-5954
FAX: +81-465-49-4822

CST Lab: NVLAP 200835-0

Hitachi Unified Storage Encryption Module
(Hardware Version: DW-F700-BS6GE; Firmware Version: 02.09.22.00)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/05/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2787); HMAC (Cert. #1748); SHS (Cert. #2344)

-Other algorithms: AES (Cert. #2787, key wrapping; key establishment methodology provides 256 bits of encryption strength); SHS (non-compliant); HMAC (non-compliant)

Multi-chip embedded

"The Hitachi Unified Storage Encryption Module provides high speed data at rest encryption for Hitachi storage."
2231 Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0

CN6000 Series Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B [O] (AC), A6041B [O] (DC) and A6042B [O] (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B [O] (AC), A6101B [O] (DC) and A6102B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B [Y] (AC), A6041B [Y] (DC) and A6042B [Y] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B [Y] (AC), A6101B [Y] (DC) and A6102B [Y] (AC/DC); Firmware Version: 2.4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/28/2014 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2789, #2790, #2791 and #2793); Triple-DES (Cert. #1677); RSA (Cert. #1460); SHS (Cert. #2345); HMAC (Cert. #1749); DRBG (Cert. #475); CVL (Cert. #242)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN6000 Series is a high-speed hardware encryption platform that secures data over optical and twisted-pair Ethernet and Fibre Channel networks. Models validated are the CN6100 10G Ethernet operating at a line rate of 10Gb/s and the CN6040, Ethernet and FC selectable model operating at data rates up to 4Gb/s. Data privacy is provided by FIPS approved AES CFB and CTR algorithms. GCM is available on the CN6040 for applications that also demand authentication. Additionally TRANSEC transmission security capability can be used to remove patterns from network traffic to prevent traffic analysis."
2230 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba RAP-155 and RAP-155P Wireless Access Points
(Hardware Version: RAP-155-F1, RAP-155-USF1, RAP-155P-F1 and RAP-155P-USF1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/28/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2229 Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

-Hasbi Kabacaoglu
TEL: +49-3303-525-616
FAX: +49-3303-525-609

CST Lab: NVLAP 200983-0

Postal mRevenector GB 2013
(Hardware Version: Hardware P/N: 580036020300/01 and 580036020300/02; Firmware Version: Bootloader: 90.0036.0201.00/2011485001; Softwareloader: 90.0036.0206.00/2011485001; GB Application:90.0036.0215.00/2013463001)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/28/2014;
09/19/2014
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG; Triple-DES (Cert. #1122, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"Francotyp-Postalia (FP) is one of the leading global suppliers of mail center solutions. A major component of the business of FP is the development, manufacture and support of postal franking machines (postage meters). These postal franking machines incorporate a postal security device (PSD) that performs all postage meter cryptographic and postal security functions and which protects both Critical Security Parameters (CSPs) and Postal Relevant Data Items (PRDIs) from unauthorized access. The Postal mRevenector GB 2013 is FP’s latest generation of PSD"
2228 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba RAP-5WN Remote Access Point
(Hardware Version: RAP-5WN-F1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/28/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #861, #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #478, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #856, #2246, #2249 and #2250); Triple-DES (Certs. #708, #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs

Multi-chip standalone

"Aruba's RAP-5WN access point aggregates wired and wireless user traffic and forwards it to an Aruba Mobility Controller through a secure IPsec tunnel, using the public Internet or an optional 3G/4G WWAN service for backhaul. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 standard along with optional Suite B cryptography for high-assurance applications. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
2227 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba AP-92, AP-93, AP-104, AP-105 and AP-175 Wireless Access Points
(Hardware Versions: AP-92-F1, AP-93-F1, AP-104-F1, AP-105-F1, AP-175P-F1, AP-175AC-F1 and AP-175DC-F1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/26/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
2226 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba AP-134 and AP-135 Wireless Access Points
(Hardware Versions: AP-134-F1 and AP-135-F1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/26/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
2225 Axway Inc.
2600 Bridge Parkway
Suite 201
Redwood City, CA 94065
USA

-Tom Donahoe
TEL: 480 627 1800
FAX: 480 627 1801

-Hristo Todorov
TEL: 480 627 2644
FAX: 480 627 1801

CST Lab: NVLAP 100432-0

Axway Security Kernel
(Software Version: 3.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/14/2014;
09/12/2014
Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 2012 64-bit running on Dell PowerEdge R620 Server; RHEL 6.3 64-bit running on Dell PowerEdge R620 Server; Solaris 10 64-bit running on Sun Blade T6300 Server (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2446); Triple-DES (Cert. #1511); SHS (Cert. #2080); HMAC (Cert. #1510); DSA (Cert. #760); ECDSA (Cert. #402); RNG (Cert. #1196); RSA (Cert. #1257); CVL (Cert. #76)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; Blowfish; Camellia; Cast; DES; des_old; DTLS1; ec; krb5_asn; KSSL; MD4; MD5; MDC2; RC2; RC4; RIPEMD; Seed; Whirlpool

Multi-chip standalone

"The Axway Security Kernel is a software module that provides all security functionalities for several Axway products including the Axway Validation Authority Suite which is a collection of products that provide flexible and robust OCSP/SCVP certificate validation solution for standard and custom desktop and server applications. The suite supports established security standards and technologies and can be used together or integrated with existing solutions."
2224 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba 3000 and 6000/M3 Mobility Controllers with ArubaOS FIPS Firmware
(Hardware Versions: Aruba 3200-F1, Aruba 3200-USF1, Aruba 3400-F1, Aruba 3400-USF1, Aruba 3600-F1, Aruba 3600-USF1 and [(Aruba 6000-400-F1 or Aruba 6000-400-USF1) with M3mk1-S-F1, HW-PSU-200 or HW-PSU-400, LC-2G-1, LC-2G24F-1 or LC-2G24FP-1] with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400")

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/12/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #762, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #417, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #769, #2246, #2249 and #2250); Triple-DES (Certs. #667, #1605 and #1607)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNGs; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2223 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2706

CST Lab: NVLAP 100432-0

McAfee Core Cryptographic Module (kernel)
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/12/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows XP 32-bit running on a Dell E5510 without AES-NI; Windows 7 64-bit running on a Dell E5510 without AES-NI; Windows 7 64-bit running on a Lenovo Yoga with AES-NI; Windows 8 64-bit running on a Lenovo Yoga with AES-NI; Windows 8 32-bit running on a Dell Latitude 10 without AES-NI; MacOS X Lion v10.7 running on a MacBook without AES-NI; MacOS X Mountain Lion v10.8 running on a MacPro without AES-NI; MacOS X Mountain Lion v10.8 running on a MacBook Air with AES-NI; MacOS X Lion v10.7 running on a Mac Mini with AES-NI; MacOS X Mountain Lion v10.8 running on a MacBook Pro with AES-NI; Windows Vista 32-bit running on a Dell E6320 with AES-NI; Windows Vista 64-bit running on a Dell E6410 with AES-NI; Windows 7 32-bit running on a Dell E6320 with AES-NI; Windows 8 32-bit running on a Lenovo W530 with AES-NI; Windows 8 64-bit running on a Lenovo W530 with AES-NI; Windows 8 64-bit running on an Intel UBHB2SISQ with AES-NI; Windows 8 32-bit running on a Lenovo Thinkpad 2 without AES-NI; Windows 8 running in 64-bit UEFI mode running on an Intel UBHB2SISQ with AES-NI; Windows 8 running in 32-bit UEFI mode running on a Lenovo Thinkpad 2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2592 and #2755); HMAC (Cert. #1605); SHS (Cert. #2287)

-Other algorithms: N/A

Multi-chip standalone

"The McAfee Core Cryptographic Module provides cryptographic functionality for McAfee's Endpoint Encryption product range."
2222 Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0

CN1000/CN3000 Series Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN1000 Series: A5165B [O] (AC), A5141B [O] (AC) and A5175B [O] (AC); CN3000 Series: A5203B [O] (AC), A5204B [O] (DC), A5213B [O] (AC) and A5214B [O] (DC); Senetas Corp. Ltd. & SafeNet Inc. CN1000 Series: A5165B [Y] (AC), A5141B [Y] (AC) and A5175B [Y] (AC); CN3000 Series: A5203B [Y] (AC), A5204B [Y] (DC), A5213B [Y] (AC) and A5214B [Y] (DC); Firmware Version: 4.4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 08/12/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Cert. #1682); AES (Certs. #2577, #2579, #2581, #2798, #2815 and #2816); RSA (Cert. #1464); SHS (Cert. #2350); HMAC (Cert. #1754); DRBG (Cert. #477); CVL (Cert. #247)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN1000/CN3000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet, Fibre Channel or SONET/SDH networks. The CN1000 Series supports line rates up to 4.25Gbps while the CN3000 extends the CN Series line rate capability to 10Gbps. SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such."
2221 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba 620 and 650 Mobility Controllers with ArubaOS FIPS Firmware
(Hardware Versions: Aruba 620-F1, Aruba 620-USF1, Aruba 650-F1 and Aruba 650-USF1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/07/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #779, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #426, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #781, #2246, #2249 and #2250); Triple-DES (Certs. #673, #1605 and #1607)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNGs; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2220 Guidance Software, Inc.
215 North Marengo Avenue, Suite 250
Pasadena, CA 91101
USA

-Emily Woodman
TEL: 626-768-4615
FAX: 626-229-9199

CST Lab: NVLAP 200556-0

Guidance Software EnCase Cryptographic Engine
(Software Version: 1.0)

(When operated with module Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1337 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/28/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 running on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2682 and #2683), HMAC (Certs. #1669 and #1670), RSA (Certs. #1382 and #1383), SHS (Certs. #2253 and #2254)

-Other algorithms: N/A

Multi-chip standalone

"The module is the Guidance Software EnCase Cryptographic Engine, version 1.0, which is a software shared library that provides cryptographic services required by Guidance Software host applications."
2219 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-Rose Quijano-Nguyen

CST Lab: NVLAP 200556-0

Symantec Cryptographic Module
(Software Version: 1.1)

(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/07/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.4 (64-bit) on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2646); DRBG (Cert. #413); DSA (Cert. #797); HMAC (Cert. #1637); RSA (Cert. #1355); SHS (Cert. #2219); Triple-DES (Cert. #1587)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Symantec Cryptographic Module is a software module with a multi-chip standalone embodiment. The overall security level of the module is 1. SymCrypt is implemented in the C programming language and consists of a shared library that is linked with SSIM application components. It is designed to execute on a host system with a General Purpose Computer (GPC) hardware platform."
2218 Tripwire, Inc.
101 SW Main St.
Suite 1500
Portland, OR 97204
USA

TEL: 503-276-7500
FAX: 503-223-0182

CST Lab: NVLAP 200802-0

Tripwire Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 08/07/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Java SE Runtime Environment (build 1.6.0_33-b05) [JavaHotSpot 64-bit Server VM (build 20.8-b03 mixed mode)] on Windows 2008 Server R2 with SP1 (64-bit) running on a Dell Optiplex 960; Java SE Runtime Environment (build 1.6.0_33-b05) [JavaHotSpot 64-bit Server VM (build 20.8-b03 mixed mode)] on Windows 2008 Server R2 with SP1 (64-bit) running on a Dell Optiplex 9010 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2719); RSA (Cert. #1414); RNG (Cert. #1260); HMAC (Cert. #1698); SHS (Cert. #2284); DSA (Cert. #835); CVL (Cert. #176)

-Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Tripwire Cryptographic Module supports many FIPS approved cryptographic operations, providing other Tripwire products and Java-based applications access to these algorithms via the standard Java Cryptographic Extension (JCE) framework."
2217 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Hardware Version: SPARC T4 P/N 527-1437-01; Software Version: 4.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 09/08/2014 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Solaris 10 running on SPARC T4-2 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RNG (Cert. #1057); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2216 Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

-Noelle Carroll
TEL: 408-826-3246

CST Lab: NVLAP 100432-0

Motorola Network Router (MNR) S6000
(Hardware Version: Base Unit P/N CLN1780L Rev E with Encryption Module P/N CLN8261D Rev N; Firmware Version: GS-16.6.0.69 or PS-16.6.0.69)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/31/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #173 and #2395); DRBG (Cert. #399); HMAC (Certs. #39 and #1486); RSA (Cert. #1239); SHS (Certs. #258 and #2057); Triple-DES (Certs. #275 and #1493); CVL (Certs. #99, #122 and #315)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); RNG (non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"MNR S6000 routers are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, S6000 routers perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal routing functions, the MNR S6000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2215 Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

-Noelle Carroll
TEL: 408-826-3246

CST Lab: NVLAP 100432-0

Motorola GGM 8000 Gateway
(Hardware Version: Base Unit P/N CLN1841E Rev A with FIPS Kit P/N CLN8787A Rev B and Power Supply [P/N CLN1850A Rev G (AC) or P/N CLN1849A Rev H (DC)]; Firmware Version: XS-16.6.0.69, GS-16.6.0.69 or KS-16.6.0.69)

(When operated in FIPS mode with tamper labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/31/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962 and #2395); DRBG (Cert. #399); HMAC (Certs. #1486 and #1487); RSA (Cert. #1239); SHS (Certs. #933 and #2057); Triple-DES (Certs. #757 and #1493); CVL (Certs. #99, #122 and #315)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; DSA (non-compliant); RNG (non-compliant); MD5; HMAC-MD5

Multi-chip standalone

"GGM 8000 devices are versatile, secure-capable devices that can ensure timely delivery of delay-sensitive traffic. Supporting secure integrated voice and data applications as well as high-speed site-to-site WAN connections, GGM 8000 perform simultaneous functions - including compression and data prioritization - without compromising their ability to accomplish additional packet-handling functions as needed. In addition to the normal packet forwarding functions, the GGM 8000 supports data encryption and authentication over Ethernet and Frame Relay links using the IPSec and FRF.17 protocols."
2214 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0

Samsung Kernel Cryptographic Module
(Software Version: SKC 1.4.1.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 07/31/2014;
08/29/2014
Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Android KitKat 4.4.2 running on Samsung Galaxy S5; Tizen 2.2.1 running on Samsung Z (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2809, #2810, #2938 and #2939); SHS (Certs. #2357, #2358, #2474 and #2475); RNG (Certs. #1275, #1276, #1297 and #1298); Triple-DES (Certs. #1687 and #1746); HMAC (Certs. #1760, #1761, #1862 and #1863)

-Other algorithms: DES; Twofish; MD4; MD5; ansi_cprng; ARC4; Pcompress; AES-XCBC (non-compliant); CRC32c; Deflate; LZO

Multi-chip standalone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
2213 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81 50 3140 9888
FAX: +81 50 3809 1421

-Shigeki Yamamoto
TEL: +81 50 3140 9131
FAX: +81 50 3809 1421

CST Lab: NVLAP 100432-0

Aspen
(Hardware Version: 2.0.0; Firmware Versions: 1.2.1 and 1.2.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/23/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1539, #2695 and #2699); SHS (Certs. #1364, #1365, #2263 and #2264); HMAC (Certs. #902 and #1678); RSA (Certs. #1394 and #1395); RNG (Certs. #828, #829, #830 and #1279); CVL (Cert. #160)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5

Multi-chip embedded

"Aspen is a hardware security module that provides decryption, decoding/encoding of audio/video data for the digital cinema projector system."
2212 United States Special Operations Command (USSOCOM)
7701 Tampa Point Boulevard
MacDill Air Force Base, FL 33621-5323
USA

-William W. Burnham
TEL: (813) 826-2282

CST Lab: NVLAP 200416-0

Suite B Cryptographic Module
(Software Version: 2.3.1)

(When operated in FIPS mode with module Microsoft Windows Server 2008 R2 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1335 operating in FIPS mode or BlackBerry Cryptographic Kernel validated to FIPS 140-2 under Cert. #1669 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/23/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Intel Xeon E5530 w/Microsoft Windows Server 2008; Qualcomm Snapdragon S2 MSM8655 w/BlackBerry OS Version 7.0.0 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2603); SHS (Cert. #2187); HMAC (Cert. #1610); ECDSA (Cert. #448); CVL (Certs. #98 and #259)

-Other algorithms: N/A

Multi-chip standalone

"KEYW, in coordination with the United States Special Operations Command (USSOCOM), has developed a Suite B-compliant, standards based, AES/GCM-256 layer of encrypted communications between a BlackBerry Enterprise Server (BES) and a BlackBerry Mobile Set (MS) with Elliptic Curve (EC) key exchange used to negotiate symmetric keys."
2211

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/11/2014 Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

2210 3e Technologies International, Inc.
9715 Key West Ave,
Suite 500
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6779

CST Lab: NVLAP 200002-0

3e-636M CyberFence Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 5.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/11/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1327 and #1329); AES (Certs. #2060, #2078 and #2105); SHS (Certs. #1801 and #1807); RSA (Certs. #1072 and #1278); HMAC (Certs. #1253 and #1259); ECDSA (Certs. #303 and #415); RNG (Cert. #1076); CVL (Certs. #22, #87 and #169)

-Other algorithms: MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1327, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #169, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #87, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength)

Multi-chip embedded

"3e-636M CyberFence module is a high speed information assurance device that combines together a number of different capabilities to create a tailored cyber defense. Acting as an IPsec client or gateway, the module authenticates the IPsec peer using IKEv2 negotiation. It provides further data integrity and confidentiality using the ESP mode of the IPsec. AES with 128/192/256 bits key is used for network data encryption while SHS, CCM or GCM is used for data integrity. The module also implements access control, 802.1X port authentication and deep data packet inspection functions."
2209 Western Digital Corporation
3355 Michelson, Suite 100
Irvine, CA 92612
USA

-Danny Ybarra
TEL: 949-672-9929

CST Lab: NVLAP 100432-0

Verdi Self Encrypting Drive (SED)
(Hardware Version: WD4001FYUG-01UVZ; Firmware Version: VR08)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/11/2014 Overall Level: 2 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1669 and #1678); HMAC (Cert. #1062); RNG (Cert. #951); RSA (Cert. #901); SHS (Cert. #1580)

-Other algorithms: NDRNG

Multi-chip embedded

"A WDC Verdi product is a storage device that supports the Trusted Computing Group security protocol as defined by the TCG Enterprise SSC ( a set of security features that manage self encrypting drive functionality)."
2208 Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0

CN Series Ethernet Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN4010 Series: A4010B [O] (DC); Senetas Corp. Ltd. CN6010 Series: A6010B [O] (AC), A6011B [O] (DC) and A6012B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN4010 Series: A4010B [Y] (DC); Senetas Corp. Ltd. & SafeNet Inc. CN6010 Series: A6010B [Y] (AC), A6011B [Y] (DC) and A6012B [Y] (AC/DC); Firmware Version: 2.4.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/11/2014 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #1678); AES (Certs. #2788, #2792 and #2794); RSA (Cert. #1461); SHS (Cert. #2346); HMAC (Cert. #1750); DRBG (Cert. #476); CVL (Cert. #243)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN4010 and CN6010 are high-speed hardware encryption modules that secure data over twisted-pair Ethernet and optical networks. The modules support data rates to 1Gb/s and 100Mb/s and 10Mb/s modes. The CN6010 is additionally equipped with pluggable SFPs to support a variety of optical network interfaces. Data privacy is provided by FIPS approved AES CFB and CTR algorithms as well as GCM for applications that demand authentication. Additional transmission security is provided via TRANSEC capability which can be used to remove patterns in network traffic and prevent traffic analysis."
2207 Gemalto
Avenue du Jujubier
Z.I Athelia IV
La Ciotat, 13705
France

-Florence DEFRANCE
TEL: +33 (0) 442366734
FAX: +33 (0) 442365792

-Anthony VELLA
TEL: +33 (0) 442366138
FAX: +33 (0) 442365236

CST Lab: NVLAP 100432-0

MultiApp V3 Platform
(Hardware Versions: M7820 SLE78CLX1600P (Contact-only) and M7820 SLE78CLX1600P (Contactless-only); Firmware Version: MultiApp V3.0, Demonstration Applet V1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/09/2014 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #2261); CVL (Cert. #41); ECDSA (Cert. #363); RNG (Cert. #1128); RSA (Certs. #1287 and #1288); SHS (Cert. #1946); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant); Triple-DES (Cert. #1413, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #2261, key wrapping; key establishment methodology provides 128 bits of encryption strength)

Single-chip

"MultiApp V3.0 is a highly secured smartcard platform from Gemalto complying with Javacard 2.2.2 and GP 2.1.1 standards and operated on the SLE78 chip from Infineon. This field-proven OS has the largest number of references in national ID programs. Its cryptographic library implements TDES, AES, SHA, RSA, RSA CRT, ECDSA, ECC CDH and RNG ANSX9.31 algorithms. This modular and flexible platform serves various needs, enabling ePassport, secure data storage, identification, authentication and digital signature with biometry control."
2206 Aviat Networks, Inc.
5200 Great America Parkway
Santa Clara, CA 95054
USA

-Ruth French
TEL: +44 7771 978599
FAX: +44 1698 717204

-Martin Howard
TEL: +64 4 577 8735
FAX: +64 4 577 8822

CST Lab: NVLAP 100432-0

Aviat Networks Eclipse Cryptographic Module
(Hardware Versions: INUe 2RU Chassis (P/N EXE-002), Fan Card (P/N EXF-101), Node Controller Card (P/N EXN-004), FIPS Installation Kit (P/N 179-530153-001), Replacement Labels (P/N 007-600331-001), at least one of: [RAC 6X (P/N EXR-600-001), RAC 6XE (P/N EXR-600-002), RAC 60 (P/N EXR-660-001), or RAC 60E (P/N EXR-660-002)] and all remaining slots filled by one of the following: P/N 131-501768-001, EXA-001, EXD-040-001, EXD-152-001, EXD-153-001, EXD-156-001, EXD-160-001, EXD-161-001, EXD-171-001, EXD-180-002, EXD-180-005, EXD-180-102, EXD-181-001, EXD-181-002, EXD-252-001, EXD-331-001, EXD-400-002, EXP-024, EXR-910-001, EXR-999-003, EXS-001, EXS-002 or EXX-001; Firmware Versions: 07.07.10, 08.00.55 and 08.00.70)

(When operated in FIPS mode. Installation of components shall be configured per Section 2.2.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/09/2014;
07/24/2014;
08/29/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: HMAC (Cert. #1503); SHS (Cert. #2075); RSA (Cert. #1250); DRBG (Cert. #323); AES (Certs #2260 and #2418); Triple-DES (Cert. #1506); CVL (Cert. #73)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); DES

Multi-chip standalone

"This cryptographic module performs encryption of data carried over a microwave radio link."
2205 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

-Sunil Chitnis
TEL: 408-333-2444
FAX: 408-333-4887

CST Lab: NVLAP 200427-0

Brocade® MLXe® and Brocade NetIron® CER 2000 Series Ethernet Routers
(Hardware Versions: BR-MLXE-4-MR-M-AC, BR-MLXE-4-MR-M-DC, BR-MLXE-8-MR-M-AC, BR-MLXE-8-MR-M-DC, BR-MLXE-16-MR-M-AC, BR-MLXE-16-MR-M-DC, BR-MLXE-4-MR2-M-AC, BR-MLXE-4-MR2-M-DC, BR-MLXE-8-MR2-M-AC, BR-MLXE-8-MR2-M-DC, BR-MLXE-16-MR2-M-AC, BR-MLXE-16-MR2-M-DC, NI-CER-2048F-ADVPREM-AC, NI-CER-2048F-ADVPREM-DC, NI-CER-2048FX-ADVPREM-AC, NI-CER-2048FX-ADVPREM-DC, NI-CER-2024F-ADVPREM-AC, NI-CER-2024F-ADVPREM-DC, NI-CER-2024C-ADVPREM-AC, NI-CER-2024C-ADVPREM-DC, NI-CER-2048C-ADVPREM-AC, NI-CER-2048C-ADVPREM-DC, NI-CER-2048CX-ADVPREM-AC and NI-CER-2048CX-ADVPREM-DC with FIPS Kit (P/N Brocade XBR-000195) and NI-MLX-MR and BR-MLX-MR2-M Management Modules; Firmware Version: IronWare Release R05.3.00ea or IronWare Release R05.4.00cb)

(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8 and 12 as defined in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/09/2014 Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2359); DRBG (Cert. #301); DSA (Cert. #737); HMAC (Cert. #1462); RSA (Cert. #1217); SHS (Cert. #2031); Triple-DES (Cert. #1475)

-Other algorithms: DES; Diffie-Hellman (non-compliant); HMAC-MD5; HMAC-SHA-1-96; MD2; MD5; NDRNG; RC2; RC4; RSA (non-compliant); SNMPv3 KDF; SSH KDF; TLS KDF

Multi-chip standalone

"The Brocade MLXe series of core routers support IPv4, IPv6, MPLS and advanced Layer 2 switching. Ideally suited for service provider backbones, Metro Ethernet networks, ISPs, CDNs, IXPs, data centers, and distributed enterprises. The NetIron CER 2000 series 1 Gigabit Ethernet (GbE) routers support copper and hybrid fiber configurations with two optional 10 GbE uplink ports. All the ports support forwarding IP and MPLS packets at wire speed without oversubscription. The routers support standard IPv4, IPv6 routing protocols, RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-IS for IPv6, and BGP/BGP-MP for IPv6."
2204 Feitian Technologies Co., Ltd.
Floor 17th, Tower B, Huizhi Mansion
No.9 Xueqing Road
Haidan District Beijing, 100085
People's Republic of China

-Tibi Zhang
TEL: 86-010-62304466 x821
FAX: 86-010-62304416

-Xiaozhi Zheng
TEL: 86-010-62304466 x531
FAX: 86-010-62304416

CST Lab: NVLAP 200427-0

ePass Token
(Hardware Version: 1.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/07/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The ePass Token, is a USB token containing FEITIAN's own FEITIAN-FIPS-COS cryptographic operating system. The FEITIAN-FIPS-COS is embedded in an ST23YT66 Integrated Circuit (IC) chip and has been developed to support FEITIAN's ePass USB token. The ePass token is designed to provide strong authentication and identification and to support network login, secure online transactions, digital signatures, and sensitive data protection. FEITIAN's ePass token guarantees safety of its cryptographic IC chip and other components with its hard, semi-transparent, polycarbonate shell."
2203 Pitney Bowes, Inc.
37 Executive Drive
Danbury, CT 06810
USA

-Dave Riley
TEL: 203-796-3208
FAX: 203-617-6060

-Thomas J. Niglio
TEL: 203-922-5239
FAX: 203-617-6060

CST Lab: NVLAP 200983-0

Pitney Bowes iButton Postal Security Device (PSD)
(Hardware Version: MAXQ1959B-F50#; Firmware Version: 09.02.00; Indicia Type: 0, 1, 2, 5, 7 and 8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/09/2014 Overall Level: 3 

-Physical Security: Level 3 +EFP
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: SHS (Cert. #2286); RNG (Cert. #1261); Triple-DES (Cert. #1636); DSA (Cert. #836); HMAC (Cert. #1699)

-Other algorithms: Triple-DES MAC (Non-Compliant)

Multi-chip standalone

"The Pitney Bowes iButton Postal Security Device (PSD) has been designed in compliance with the United States Postal Service (USPS), Information-Based Indicia Program (IBIP), Royal Mail Mailmark and other international postal authorities' specification. It employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes global digital metering products. The PSD has been designed to support international postal markets and their rapidly evolving requirements for digital indicia."
2202 Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Ciotat, 13705
France

-Arnaud Lotigier
TEL: +33 4.42.36.60.74
FAX: +33 4.42.36.55.45

CST Lab: NVLAP 100432-0

IDPrime MD 830 with OATH & MPCOS applets
(Hardware Version: SLE78CFX3009P; Firmware Version: IDCore 30 Build 1.17, IDPrime MD Applet version V4.1.2.F with MSPNP Applet V1.0, OATH Applet V2.11 and MPCOS Applet V3.8)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/07/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: RNG (Cert. #1128); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed); AES (Cert. #2261); RSA (Certs. #1158 and #1163); ECDSA (Cert. #363); CVL (Cert. #41); SHS (Cert. #1946)

-Other algorithms: AES (Cert. #2261, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1413, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (Key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (Key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"IDPrime MD 830 is a Minidriver enabled PKI smartcard, offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure. In addition, OATH applet offers One Time Password based strong authentication while MPCOS offers e-purse and data management services."
2201 IBM® Corporation
9032 South Rita Road
Tucson, AZ 85744
USA

-Christine Knibloe
TEL: 520-799-5719

-Said Ahmad
TEL: 520-799-5538

CST Lab: NVLAP 200427-0

IBM System Storage TS1140 Tape Drive - Machine Type 3592, Model E07
(Hardware Version: EC Level: M11776, P/N: 00V6759; Firmware Version: EC Level: M11776, P/N: 35P2401)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/07/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2384, #2385 and #2387); DRBG (Cert. #314); RSA (Cert. #1234); SHS (Cert. #2051)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG

Multi-chip embedded

"The TS1140 / 3592 E07 Tape Drive provides full line speed, fully validated, hardware implemented, AES 256-bit encryption and compression of customer data recorded to tape. It ensures data confidentiality in the event of a lost tape while also supporting additional cryptographic functions for authentication and secure transfer of key material."
2200 JVC KENWOOD Corporation
1-16-2, Hakusan, Midori-ku
Yokohama-shi, Kanagawa 226-8525
Japan

-Tamaki Shimamura
TEL: +81 45 939 6254
FAX: +81 45 939 7093

-Joe Watts
TEL: (678) 474-4700
FAX: (678) 474-4730

CST Lab: NVLAP 100432-0

Secure Cryptographic Module (SCM)
(Hardware Version: P/N KWD-AE30, Version 2.0.0; Firmware Version: A3.0.1 and A3.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2014;
09/12/2014
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2696); SHS (Cert. #2285)

-Other algorithms: DES; DES MAC; LFSR; AES MAC (AES Cert. #2696, vendor affirmed; P25 AES OTAR); AES (non-compliant)

Multi-chip embedded

"The Secure Cryptographic Module (SCM) meets overall FIPS 140-2 Level 1 requirements providing KENWOOD radios secure and encrypted digital communication. The SCM supports 256 bit key AES encryption as well as DES encryption."
2199 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba AP-224 and AP-225 Wireless Access Points
(Hardware Versions: AP-224-F1 and AP-225-F1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1648, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #538, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #934, #2246, #2249 and #2250); Triple-DES (Certs. #758, #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs

Multi-chip standalone

"Aruba's 802.11ac Wi-Fi access points operate at gigabit speeds, offering extreme performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2198 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-127

CST Lab: NVLAP 200427-0

Seagate Secure® TCG Enterprise SSC 1200 SSD Self-Encrypting Drive FIPS 140 Module
(Hardware Version: ST800FM0063; Firmware Version: 0002)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2014 Overall Level: 2 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1343 and #2663); DRBG (Cert. #62); HMAC (Cert. #1597); RSA (Cert. #1021); SHS (Cert. #1225)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure® TCG Enterprise SSC Self-Encrypting Drive FIPS 140 Module is embodied in Seagate 1200 SSD SED model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
2197 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845 454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

ProxySG SG9000-20 [1], SG9000-20B [2], SG9000-30 [3] and SG9000-40 [4]
(Hardware Versions: 090-02840 [1], 090-02839 [1], 090-02984 [2], 090-02985 [2], 090-02841 [3], 090-02842 [3], 090-02845 [4] and 090-02846 [4] with FIPS kit 085-02718; Firmware Version: 6.5.1.103)

(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/27/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1265 and #2560); Triple-DES (Certs. #898 and #1549); RSA (Certs. #607, #742 and #1312); SHS (Cert. #2159); HMAC (Certs. #736 and #1580); DRBG (Cert. #386)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2196 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845 454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

ProxySG SG600-10 [1], SG600-20 [2] and SG600-35 [3]
(Hardware Versions: 090-02911 [1], 090-02912 [1], 090-02913 [2], 090-02914 [2], 090-02915 [3] and 090-02916 [3] with FIPS kit 085-02762; Firmware Version: 6.5.1.103)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/27/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #105 and #2560); Triple-DES (Cert. #217 and #1549); RSA (Cert. #1312); SHS (Cert. #2159); HMAC (Cert. #1580); DRBG (Cert. #386)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2195 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845 454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

ProxySG SG900-10B [1], SG900-20 [2], SG900-30 [3], SG900-45 [4] and SG900-55 [5]
(Hardware Versions: 090-02988 [1], 090-02989 [1], 090-02902 [2], 090-02903 [2], 090-02904 [3], 090-02905 [3], 09002908 [4], 090-02909 [4], 090-02979 [5] and 090-02980 [5] with FIPS kit 085-02742; Firmware Version: 6.5.1.103)

(When operated in FIPS mode with the tamper evident seals and the opacity baffle installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/27/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1265 and #2560); Triple-DES (Certs. #898 and #1549); RSA (Certs. #607, #742 and #1312); SHS (Cert. #2159); HMAC (Certs. #736 and #1580); DRBG (Cert. #386)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"Blue Coat ProxySG appliances are the core of the Blue Coat’s Unified Security and Optimization solutions for business assurance. The appliances offer complete security and control of web traffic, providing rich policy constructs for threat protection, SSL traffic, authentication, filtering, data loss prevention and logging capabilities. The appliances also optimize web and internal application traffic through caching, bandwidth management, stream splitting, and protocol optimization for data, video, cloud and web applications."
2194 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: 845-454-6397

-Tammy Green
TEL: 801-999-2973

CST Lab: NVLAP 200928-0

Blue Coat® Systems SSL Visibility Appliance
(Hardware Versions: Model: SV2800; 090-03063 and 080-03562 with FIPS Label Kit: FIPS-LABELS-SV; Firmware Version: 3.5.2 build 961)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/27/2014 Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2642); Triple-DES (Cert. #1585); RSA (Certs. #1238 and #1352); SHS (Cert. #2215); HMAC (Cert. #1634); RNG (Cert. #1246); PBKDF (vendor affirmed); CVL (Cert. #123)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); TRNG; NDRNG; MD5; RC4; HMAC-MD5; Camelia; DES

Multi-chip standalone

"The SSL Visibility Appliance is designed to detect SSL traffic and then under policy control to "inspect" the traffic. Inspection involves decrypting and re-encrypting the traffic to gain access to the clear text then passing this data to one or more associated security appliance(s) that need to see decrypted traffic."
2193 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 250M and NSA 250MW
(Hardware Versions: P/N 101-500343-58, Rev. A (NSA 250M) and P/N 101-500326-61, Rev. A (NSA 250MW); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA Series: The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2192 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E10000 Series
(Hardware Versions: P/N 101-500340-50, Rev. A (E10100), P/N 101-500336-50, Rev. A (E10200), P/N 101-500337-50, Rev. A (E10400) and P/N 101-500280-50, Rev. A (E10800); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2191 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E8500 and NSA E8510
(Hardware Versions: P/N 101-500308-57, Rev. A (NSA E8500) and P/N 101-500344-57, Rev. A (NSA E8510); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2190 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

TZ 105, TZ 105W, TZ 205, TZ 205W, TZ 210, TZ 210W, TZ 215 and TZ 215W
(Hardware Versions: P/Ns 101-500356-56, Rev. A (TZ 105); 101-500357-57, Rev. A (TZ 105W); 101-500358-59, Rev. A (TZ 205); 101-500359-59, Rev. A (TZ 205W); 101-500244-50, Rev. A (TZ 210); 101-500214-65, Rev. A (TZ 210W); 101-500354-56, Rev. A (TZ 215); 101-500355-57, Rev. A (TZ 215W); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"SonicWALL's TZ Series is a high performance security platform that combines anti-virus, anti-spyware, intrusion prevention, content filtering, 3G connectivity and redundancy with 802.11 b/g/n wireless for an ultimate SMB security package. These solutions allow remote and branch offices to easily implement network protection from a wide spectrum of emerging threats."
2189 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 4500 and NSA E5500
(Hardware Versions: P/Ns 101-500249-63, Rev. B (NSA 4500) and 101-500228-65, Rev. A (NSA E5500); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA Series: The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2188 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 3500
(Hardware Version: P/N 101-500248-63, Rev. B; Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA Series: The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2187 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 220, NSA 220W and NSA 240
(Hardware Versions: P/Ns 101-500347-62 Rev. A (NSA 220), 101-500342-50 Rev. B (NSA 220W) and 101-500193-62 Rev. A (NSA 240); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2186 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA 2400 and NSA 2400MX
(Hardware Versions: P/N 101-500171-75, Rev. A (NSA 2400) and P/N 101-500270-50, Rev. A (NSA 2400MX); Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"The SonicWALL Network Security Appliance (NSA) Series is a high performance platform utilizing a unique multi-core architecture to provide high speed anti-virus, anti-spyware, intrusion prevention, content filtering, application inspection and protection and for the SMBs and large businesses."
2185 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E6500
(Hardware Version: P/N 101-500227-64, Rev. A; Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Managment (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2184 Sonus Networks, Inc.
4 Technology Park Drive
Westford, MA 01886
USA

-Sandeep Kaushik

CST Lab: NVLAP 200556-0

SBC 5110 and 5210 Session Border Controllers
(Hardware Versions: SBC 5110 and SBC 5210; Firmware Version: 4.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2643 and #2644); CVL (Certs. #124 and #125); DRBG (Cert. #412); HMAC (Certs. #1635 and #1636); RSA (Certs. #1353 and #1354); SHS (Certs. #2216, #2217 and #2218); Triple-DES (Cert. #1586)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5

Multi-chip standalone

"The SBC 5110 and 5210 Session Border Controllers are high-performance air-cooled, 2U, IP encryption appliances that provide secure SIP-based communications with robust security, reduced latency, real-time encryption (VOIP signaling and media traffic), media transcoding, flexible SIP session routing & policy management."
2183 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Laurence Hamid
TEL: 819-595-3069

CST Lab: NVLAP 100432-0

IronKey Workspace W700
(Hardware Versions: P/Ns WGHC0B032G0001FIPS, WGHC0B032G0001FIPS (Rev 1), WGHC0B064G0001FIPS, WGHC0B064G0001FIPS (Rev 1), WGHC0B128G0001FIPS, WGHC0B128G0001FIPS (Rev 1), WGHB0B008G0010 and WGHB0B008G0010 (Rev 1); Firmware Version: 3.0.3)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/25/2014;
09/26/2014
Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1412 and #2559); SHS (Certs. #1282 and #2158); HMAC (Certs. #1577 and #1579); RSA (Certs. #688 and #1311); Triple-DES (Cert. #965); RNG (Cert. #774); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"IronKey Workspace W700 is a Secure USB 3.0 drive with 256-bit AES hardware encryption and PKI operations combined with strong, built-in password protection capabilities and a tamper-resistant metal housing to help you control user access to desktops, sensitive data and critical applications. IronKey Workspace W700 allows enterprise class device management features like policy updates, password recovery and remote kill features."
2182 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba RAP-3WN, RAP-3WNP, RAP-108, RAP-109, AP-114 and AP-115 Wireless Access Points
(Hardware Versions: RAP-3WN-F1, RAP-3WN-USF1, RAP-3WNP-F1, RAP-3WNP-USF1, RAP-108-F1, RAP-108-USF1, RAP-109-F1, RAP-109-USF1, AP-114-F1 and AP-115-F1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/20/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2450, #2677, #2680 and #2689); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1376, #1379 and #1380); SHS (Certs. #2246, #2249 and #2250); Triple-DES (Certs. #1605 and #1607)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 192 bits of encryption strength); MD5; NDRNGs

Multi-chip standalone

"Aruba's 802.11n wired and wireless access points offer the highest performance for mobile devices. In FIPS 140-2 mode, Aruba APs in conjunction with a Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also support wireless intrusion detection/prevention services and wireless mesh topologies."
2181 VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

-Eric Betts
TEL: 650-427-1902

CST Lab: NVLAP 200928-0

VMware Java JCE (Java Cryptographic Extension) Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/20/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a vShield Manager OS with Sun JRE 6.0 on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1623); AES (Cert. #2704); SHS (Cert. #2271); HMAC (Cert. #1685); DRBG (Cert. #446); DSA (Cert. #825); RSA (Cert. #1402)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less then 112 bits of encryption strength); AES (Cert. #2704, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1623, key wrapping; key establishment methodology provides 112 bits of encryption strength); Triple-DES (non-compliant); RC2; RC4; TWOFISH; IES; ECIES; DES; MD2; MD5; RIPEMD; TIGER; ISO9797 Alg3 MAC

Multi-chip standalone

"The VMware Java JCE (Java Cryptographic Extension) module is a versatile software library that implements FIPS-140-2 approved cryptographic services for VMware products and platforms."
2180 VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

-Eric Betts
TEL: 1.650.427.1902

CST Lab: NVLAP 200928-0

VMware Kernel Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode with VMware NSS Cryptographic Module validated to FIPS 140-2 under Cert. #2155 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/20/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server with AES-NI; VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1635); AES (Cert. #2718); SHS (Cert. #2283); HMAC (Cert. #1697); RNG (Cert. #1259)

-Other algorithms: DES; Triple-DES (non-compliant); AES-GCM (non-compliant); AES-CCM (non-compliant); AES-XTS (192 bit key; non-compliant); SHA-[384 and 512] (non-compliant); HMAC-SHA-[384 and 512] (non-compliant); RNG (X9.31 with stdrng; non-compliant)

Multi-chip standalone

"The VMware Kernel Cryptographic Module is a flexible software library providing FIPS-140-2 approved cryptographic operations for VMware products and platforms."
2179 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiOS 4.0 MR3
(Firmware Version: FortiOS v4.0, build3830, 131223)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 06/20/2014;
07/24/2014
Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-Tested: FortiGate 3950B with FortiOS v4.0, build3767, 130920

-FIPS Approved algorithms: AES (Certs. #2607 and #2608); Triple-DES (Certs. #1572 and #1573); HMAC (Certs. #1615 and #1616); SHS (Certs. #2191 and #2192); RSA (Cert. #1334); RNG (Cert. #1234)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"The FortiOS is a firmware based operating system that runs exclusively on Fortinet's FortiGate/FortiWiFi product family. The FortiOS provides integrated firewall, VPN, antivirus, antispam, intrusion prevention, content filtering and traffic shaping and HA capabilities."
2178 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Stanley Mesceda
TEL: 443-327-1582
FAX: 410-931-7524

CST Lab: NVLAP 200928-0

Model 650 SafeNet Encryptor
(Hardware Versions: 904-000028-001, 904-000029-001, 904-000036-001, 904-53260-007, 904-53260-207, 943-53270-007, 943-53270-207, 904-53261-007, 904-53361-201, 943-53271-007 and 943-53371-201; Firmware Version: 4.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/18/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2616, 2617 and 2619); Triple-DES (Cert. #1574); RSA (Cert. #1337); SHS (Cert. #2196); DRBG (Cert. #400); HMAC (Cert. #1620); CVL (Cert. #101)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less then 112 bits of encryption); Diffie-Hellman (non-compliant); NDRNG

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH networks or 10G Ethernet networks. It employs federally endorsed AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in a SONET OC-192 network or 10G Ethernet network."
2177 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Stanley Mesceda
TEL: 443-327-1582
FAX: 410-931-7524

CST Lab: NVLAP 200928-0

Model 600 SafeNet Encryptor
(Hardware Versions: 904-000019-001, 904-000021-001, 904-000020-001, 904-000022-001, 904-000024-001, 904-000023-001, 904-000025-001, 904-000027-001, 904-000026-001, 943-000031-001, 943-000032-001, 943-000033-001, 943-000035-001, 943-000034-001, 904-30013-001, 904-30013-007, 904-30013-207, 904-10014-001, 904-10014-007, 904-10014-207, 904-25005-001, 904-25005-007, 904-25005-207, 904-51100-001, 904-51100-007, 904-51100-207, 904-51120-001, 904-51120-007, 904-51120-207, 904-51140-001, 904-51140-007, 904-51140-207, 943-51130-001, 943-51130-007, 943-51130-207, 943-51150-001, 943-51150-007, 943-51150-207, 904-51101-001, 904-51101-007, 904-51101-207, 904-51121-001, 904-51121-007, 904-51121-207, 904-51141-001, 904-51141-007, 904-51141-207, 943-51131-001, 943-51131-007, 943-51131-207, 943-51151-001, 943-51151-007 and 943-51151-207; Firmware Version: 4.3)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 06/18/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2615, 2618 and 2619); Triple-DES (Cert. #1574); RSA (Cert. #1337); SHS (Cert. #2196); DRBG (Cert. #400); HMAC (Cert. #1620); CVL (Cert. #101)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant); NDRNG

Multi-chip standalone

"The SafeNet Encryptor provides data privacy and access control for connections between vulnerable public and private SONET/SDH or Ethernet networks. It employs FIPS approved AES and Triple-DES algorithms and, with the flexibility to choose the desired interface module, can be deployed in SONET 155 MB (OC-3), 622 MB (OC-12), 1.0 GB, and 2.4 GB (OC-48) networks or 200MB and 1GB Ethernet networks."
2176 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco ASA 5505, ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances
(Hardware Versions: 5505 [1, 2], 5510 [1], 5520 [1], 5540 [1], 5550 [1], 5580-20 [3], 5580-40 [3], 5512-X [1], 5515-X [1], 5525-X [1], 5545-X [1], 5555-X[1], 5585-X SSP-10 [4], 5585-X SSP-20 [4], 5585-X SSP-40 [4], 5585-X SSP-60 [4] with [FIPS Kit (DS-FIPS-KIT= Rev -BO)] [1], [ASA 5505 FIPS Kit (ASA5505-FIPS-KIT Rev-A0)] [2], [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT)] [3], or [ASA 5585 FIPS Kit (ASA5585-X-FIPS-KIT)] [4]; Firmware Version: 9.1.5)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/18/2014;
08/29/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #105, #1407, #2049, #2050, #2444, #2472, #2480, #2482 and #2483); DRBG (Certs. #332, #336, #339 and #341); ECDSA (Certs. #411 and #412); HMAC (Certs. #125, #301, #1246, #1247, #1514, #1524 and #1525); RNG (Certs. #1201 and #1210); RSA (Certs. #106, #261, #1066, #1260, #1269, #1271 and #1272); SHS (Certs. #196, #630, #1793, #1794, #2091, #2100 and #2101); Triple-DES (Certs. #217, #559, #960, #1321, #1513, #1520 and #1521)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes."
2175

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/17/2014 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

2174 Hewlett-Packard Development Company, L.P.
11445 Compaq Center Dr. W
Houston, TX 77070
USA

-Julie Ritter
TEL: 281-514-4087

-Tim McDonough
TEL: 281-518-7531

CST Lab: NVLAP 200928-0

HP BladeSystem Onboard Administrator Firmware
(Firmware Version: 3.71)

(When installed, initialized and configured as indicated in the Security Policy in Section 3 and operated in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 06/17/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Tested: BladeSystem c7000 DDR2 Onboard Administrator with KVM option enclosure; BladeSystem c3000 Tray with Embedded DDR2 Onboard Administrator enclosure; BladeSystem c3000 Dual DDR2 Onboard Administrator enclosure

-FIPS Approved algorithms: AES (Cert. #2289); Triple-DES (Cert. #1439); RSA (Cert. #1178); SHS (Certs. #1972 and #1973); HMAC (Cert. #1406); RNG (Cert. #1140)

-Other algorithms: NDRNG; DSA; RC4; HMAC-SHA1-96; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The module provides administrative control of HP BladeSystem c-Class enclosures. The cryptographic functions of the module provide security for administrative access via HTTPS and SSH, and to administrative commands for the BladeSystem enclosure."
2173 Hewlett-Packard Development Company, L.P.
11445 Compaq Center Dr. W
Houston, TX 77070
USA

-Julie Ritter
TEL: 281-514-4087

-Luis Luciani
TEL: 281-518-6762

CST Lab: NVLAP 200928-0

iLO 3 Cryptographic Module
(Hardware Versions:GLP: 531510-003 [1] and GXE: 438893-503 [2]; Flash Memory: (41050DL00-233-G [1,2]); NVRAM: (420102C00-244-G [1,2]); DDR3 SDRAM: (42020BJ00-216-G [1]); DDR2 SDRAM: (459715-002 [2]); Firmware Version: 1.50)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/17/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2294, #2295, #2296, #2297 and #2298); Triple-DES (Certs. #1443, #1444 and #1445); DSA (Cert. #720); RSA (Certs. #1182 and #1183); SHS (Certs. #1977, #1978 and #1979); HMAC (Cert. #1410)

-Other algorithms: RC2; RC4; HMAC-MD5; DES; MD5; RSA (non-compliant); DSA (non-compliant); RNG (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112-bits of encryption strength); TLSv1.0 KDF; TLSv1.1 KDF

Multi-chip embedded

"HP Integrated Lights-Out (iLO) management built into BladeSystem blade servers and storage blades is an autonomous management subsystem embedded directly on the server. iLO monitors each server’s overall "health", reports issues, and provides a means for setup and managing of power and thermal settings."
2172 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-James Reardon
TEL: 651-628-5346
FAX: 651-628-2701

CST Lab: NVLAP 100432-0

NSM Application Cryptographic Module
(Software Version: 7.1.15.1.11)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/17/2014 Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 running on a GIGABYTE GA-EP45-UD3P

-FIPS Approved algorithms: AES (Cert. #2469); HMAC (Cert. #1513); RNG (Cert. #1198); RSA (Cert. #1259); SHS (Cert. #2083); CVL (Cert. #78)

-Other algorithms: RSA (key wrapping; non-compliant); MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"McAfee Network Security Manager (NSM) is a simple, centralized management software for distributed McAfee Network Security Platform intrusion prevention system (IPS) sensors. The NSM console with its intuitive graphical interface gives administrators complete control and real-time data, so that they can manage, configure, administer, and monitor all IPS appliances across widely distributed, mission-critical deployments. The NSM Application Crypto Module provides cryptographic services for the Network Security Manager application."
2171 HGST, Inc.
5601 Great Oaks Parkway
Building 50-3/C-346
San Jose, CA 95119
USA

-Rajesh Kukreja
TEL: 408-717-6261
FAX: 408-717-9494

-Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0

HGST Ultrastar C15K600 TCG Enterprise HDDs
(Hardware Versions: HUC156060CS4205 [1], HUC156045CS4205 [1], HUC156030CS4205 [1], HUC156060CSS205 [1], HUC156045CSS205 [1], HUC156030CSS205 [1]; Firmware Version: R12E)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/17/2014;
07/17/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; AES (Cert. #2365, key wrapping)

Multi-chip embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar C15K600 series are 12Gbs SAS, TCG Enterprise HDDs."
2170 DragonWave Inc.
600-411 Legget Drive
Ottawa, Ontario K2K 3C9
Canada

-Erik McLaughlin
TEL: 613-599-9991

-Greg Friesen
TEL: 613-599-9991

CST Lab: NVLAP 200928-0

DragonWave® Secure Cryptographic Module
(Hardware Versions: Horizon® Quantum (PN: 74-000320) and Horizon® Compact+ (PN: 74-000320) with Tamper Evident Seal (PN: 65-000185-01-01); Firmware Versions: 1.2.5 (Compact+) and 1.3 (Quantum))

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware-Hybrid 06/12/2014 Overall Level: 1 

-Tested: Horizon Quantum (PN 60-000471-03) and Horizon Compact+ (PN CP-HP-18-B1-S-X-010-N-00-R1) with QNX Neutrino Real-Time Operating System Version 6.4.1

-FIPS Approved algorithms: AES (Certs. #2706, #2707, #2708 and #2709); Triple-DES (Certs. #1625 and #1626); RSA (Certs. #1404 and #1405); SHS (Certs. #2273 and #2274); RNG (Certs. #1256 and #1257); HMAC (Certs. #1687 and #1688); CVL (Certs. #164 and #165)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength); DSA (non compliant); MD5; SHA-[224, 384 and 512] (non-compliant); HMAC-SHA-[224, 256, 384 and 512] (non-compliant); RSA (non-compliant); AES (non-compliant); Triple-DES (non-compliant)

Multi-chip standalone

"The DragonWave® Secure Cryptographic Module is a hybrid cryptographic module consisting of firmware and hardware. The hardware portion of the module provides AES for bulk data encryption between two Horizon Compact+ or Horizon Quantum peer devices in a radio link, while the firmware provides cryptographic state management as well as secure peer-to-peer management communications over a protected TLS tunnel."
2169 IBM® Corporation
9032 S Rita Road
Tucson, AZ 85744
USA

-Christine Knibloe
TEL: 520-799-2486

CST Lab: NVLAP 200427-0

IBM LTO Generation 6 Encrypting Tape Drive
(Hardware Versions: 00V7133 EC Level M12977 [1], 00V7137 EC Level M12977 [2], 00V7135 EC Level M12977 [3] and 00V7139 EC Level M12977 [4]; Firmware Versions: LTO6_DA86.fcp_fh_f.fmrz [1], LTO6_DA86.fcp_hh_f.fmrz [2], LTO6_DA86.sas_fh_f.fmrz [3] and LTO6_DA86.sas_hh_f.fmrz [4])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/11/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2692, #2693 and #2694); DRBG (Cert. #440); RSA (Cert. #1392); SHS (Cert. #2261)

-Other algorithms: AES (Cert. #2694, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The IBM LTO Generation 6 Encrypting Tape Drive provides AES-GCM encryption of customer data recorded to tape. Both encryption and compression are implemented in the hardware for optimum performance. Four different host interface types of the LTO Generation 6 "brick" unit are FIPS certified as a multi-chip, standalone cryptographic module. In customer operation the "brick" unit may be embedded in bridge box or in a canister package for operation in a library."
2168 Tendyron Corporation
Room 1908, Shougang International Building
No. 60 Xizhimen North Street
Haidian District
Beijing, 100082
People's Republic of China

-Mr. Blair Liang
TEL: +86-10-5667566 ext. 1006
FAX: +86-10-56675667

-Mr. Yang Liu
TEL: +86-10-56675666 ext. 3301
FAX: +86-10-56675667

CST Lab: NVLAP 100414-0

OnKey193 USB Token
(Hardware Version: 122.V102; Firmware Version: DBFips-V0.1.12-120313-C000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/11/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #889); RNG (Cert. #509); RSA (Certs. #430 and #1138); SHS (Certs. #879 and #1735); Triple-DES (Cert. #725)

-Other algorithms: AES (Cert. #889, key wrapping); RSA (Cert. #430, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #725, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The OnKey193 USB Token provides RSA, TDES, AES, RNG cryptographic service for government and corporate identification, payment, banking and Web applications."
2167 Neopost Technologies, S.A.
113 Rue Jean Marin Naudin
Bagneux, 92220
France

-Nathalie TORTELLIER
TEL: +33 1 45 36 30 72
FAX: +33 1 45 36 30 10

CST Lab: NVLAP 200983-0

Neopost Postal Security Device (PSD)
(Hardware Version: A0014227-B; Firmware Versions: a22.17.01, a22.17.02, a23.08.01, a23.08.03, a28.02.01, a28.02.04, a28.05)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/11/2014;
08/29/2014
Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Certs. #2565 and #2566); ECDSA (Cert. #441); HMAC (Certs. #1583 and #1603); CVL (Cert. #92); RNG (Cert. #1217); RSA (Cert. #1314); SHS (Cert. #2162)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength, non-compliant less than 112 bits of encryption strength); Diffie-Hellman (non-compliant)

Multi-chip embedded

"The Neopost Postal Security Device (PSD) is a cryptographic module embedded within postal franking machines. The PSD performs all franking machine’s cryptographic and postal security functions and protects the Critical Security Parameters (CSPs) and Postal Relevant Data from unauthorized access."
2166 Marvell Semiconductor, Inc.
5488 Marvell Lane
Santa Clara, CA 95054
USA

-Minda Zhang
TEL: 508-573-3255
FAX: 508-573-3311

CST Lab: NVLAP 200968-0

Armada Mobile Processor
(Hardware Versions: Armada PXA-2128[1] and Armada PXA-610[2]; Firmware Version: 2128-1.1[1] and 610-1.1[2])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/09/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1982 and #2133); Triple-DES (Certs. #1285 and #1357); SHS (Certs. #1737 and #1857); HMAC (Certs. #1195 and #1303); RSA (Certs. #1028 and #1102); ECDSA (Certs. #287 and #323); DRBG (Certs. #182 and #238)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 256 bits of encryption strength); AES (Certs. #1982 and #2133, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength)

Single-chip

"Marvell’s ARMADA PXA2128 and ARMADA PXA610 are application processors (PXA2128 is multicore) ideally suited for smartphones and tablets that enable a seamless connected lifestyle. Designed in low-power 40-nanometer (nm) process and featuring the Marvell Hybrid Symmetric Multi-Processing (hSMP) technology, they provide new levels of secure internet and multimedia performance, while achieving industry-leading battery life. Featuring Marvell optimized ARMv7 dual high-performance mobile processors with hSMP running at up to 1.2GHz, the ARMADA PXA2128 and PXA610 provide robust 3D graphics, video,"
2165 Ultra Electronics 3eTI
Suite 500
9715 Key West Ave
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6779

CST Lab: NVLAP 200002-0

3e-543 AirGuard iField Wireless Sensor Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/09/2014 Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1611 and #2251); SHS (Cert. #1939); HMAC (Cert. #1379); ECDSA (Cert. #359)

-Other algorithms: N/A

Multi-chip embedded

"3eTI 543 Wireless Sensor Cryptographic Module provides network authentication and data encryption for IEEE 15.4 radio. This module enables the secured transportation of sensor data using AES_CCM over ISA 100.11a or WirelessHard wireless links."
2164 CoCo Communications
800 5th Avenue Suite 3700
Seattle, WA 98104
USA

-David Weidenkopf
TEL: 206-812-5783
FAX: 206-770-6461

-A. Riley Eller
TEL: 206-812-5726
FAX: 206-770-6461

CST Lab: NVLAP 200658-0

CoCo OpenSSL Cryptographic Module 2.1
(Software Version: 2.1)

(When operated in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/05/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6 32-bit running on oMG 2000; Vyatta 6.4 32-bit running on Dell PowerEdge R210 with AES-NI; Vyatta 6.4 32-bit running on Dell PowerEdge R210 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2366, #2367 and #2381); Triple-DES (Certs. #1479 and #1480); DSA (Certs. #739 and #740); RSA (Certs. #1222 and #1223); ECDSA (Certs. 389 and #390); CVL (Certs. #62 and #63); SHS (Certs. #2039 and #2040); HMAC (Certs. #1470 and #1471); RNG (Certs. #1176, #1177 and #1182); DRBG (Certs. #304, #305 and #313);

-Other algorithms: Diffie-Hellman; DRBG (DUAL-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CoCo OpenSSL Cryptographic Module 2.1 is an OpenSSL cryptographic library that provides cryptographic services to its calling applications."
2163 MikroM GmbH
Dovestrasse 3
Berlin, Berlin 10587
Germany

-Holger Krahn
TEL: +49 30 398839 0
FAX: +49 30 398839 29

-Michael Hagemeister
TEL: +49 30 398839 0
FAX: +49 30 398839 29

CST Lab: NVLAP 100432-0

MVC201
(Hardware Versions: MVC201-IS1 rev.1.1, MVC201-IF1 rev.1.1, MVC201-MS1 rev.1.1, MVC201-MF1 rev.1.1, MVC201-RS1 rev.1.1 and MVC201-RS2 rev.1.1; Firmware Versions: 1.10.65.18189, 1.10.68.18200 and 1.20.98.19460; Bootloader Versions: 1.3.5.17849, 1.3.7.18217 and 1.3.7.17798)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/05/2014;
07/24/2014
Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: RSA (Cert. #1034); AES (Certs. #1994, #1995, #1996, #1997 and #2898); RNG (Cert. #1047); HMAC (Certs. #1206, #1207 and #1833); SHS (Certs. #1748, #1749 and #1750)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TLS KDF; HW NDRNG; EC Diffie-Hellman; MD5; TI S-Box

Multi-chip embedded

"MVC201 - Digital Cinema Image Media Block for integration into a TI Series 2 DLP Cinema projector"
2162 Encryptics
5566 West Main Street
Suite 207
Frisco, TX 75033
USA

-Chris McCarthy
TEL: 214-453-3518

-Brian Kelly
TEL: 214-453-3518

CST Lab: NVLAP 200002-0

Encryptics® Cryptographic Library
(Software Version: 1.0.3.0)

(When operated with module Windows Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Certs. #989, #1002, #1330, and #1337 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 05/28/2014;
07/03/2014
Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 with .NET Framework 3.5 running on a Dell SC430; Microsoft Windows Vista SP1 (x64 version) with .NET Framework 3.5 running on a Dell SC430; Microsoft Windows 7 SP1 (x64 version) with .NET Framework 3.5 running on a HP Compaq dc7600; Microsoft Windows Server 2008 R2 SP1 (x64 version) with .NET Framework 4.0 running on a HP Compaq dc7600 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #739, #781, and #1168); RSA (Certs. #353, #354, #371, #557, #559 and #568); HMAC (Certs. #407, #428, #673, and #687); SHS (Certs. #753, #783, and #1081); RNG (Cert. #477); DRBG (vendor-affirmed and Cert. #23)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Encryptics Cryptographic Library underpins Encryptics technology and offers protection by industry-standard, government approved algorithms to ensure that only authorized users and authorized devices are allowed to access private information stored within the .SAFE package. Encryptics for Email and Encryptics Data Protection API both leverage the Encryptics .SAFE Library to ensure use of FIPS 140-2 validated cryptography."
2161 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100F, 2150F and 4150F
(Hardware Versions: (NSA-1100-FWEX-F, NSA-2150-FWEX-F, and NSA-4150-FWEX-F) with FRU-686-0089-00; Firmware Version: 8.3.1)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/27/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1833, #2303 and #2305); Triple-DES (Certs. #1185, #1451 and #1453); SHS (Certs. #1612, #1988 and #1990); HMAC (Certs. #1086, #1418 and #1420); RNG (Certs. #964, #1146 and #1148); RSA (Certs. #1187 and #1189); DSA (Certs. #722 and #724)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2160 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 819G-4G-A-K9, 819G-4G-V-K9, 819H-K9, 819G-S-K9, 819HG-4G-G-K9, 891, 881, 1905, 1921 and 1941 Integrated Services Routers (ISRs)
(Hardware Versions: 819G-4G-A-K9 , 819G-4G-V-K9 , 819H-K9 , 819G-S-K9, 819HG-4G-G-K9, 881, 891, 1905 [1], 1921 [1], 1941 and FIPS-SHIELD-1900= [1] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/27/2014;
08/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1115, #1535, #1648 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #537, #538, #627 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #933, #934, #1038, #2182 and #2208); Triple-DES (Certs. #757, #758, #812 and #1566)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 800 and 1900 Series Integrated Services Routers are routers that provide collaborative business solutions for data communication to small businesses and enterprise teleworkers. They offer Metro Ethernet and multiple DSL technologies to provide business continuity. The routers provide the performance required for concurrent services, including firewall, intrusion prevention, content filtering, and encryption for VPNs for optimizing voice and video applications."
2159 Comtech EF Data Corporation
2114 West 7th Street
Tempe, AZ 85281
USA

-Wallace Davis
TEL: 480-333-2189

CST Lab: NVLAP 200928-0

Unified Crypto Module
(Hardware Version: PL-0000235-2; Firmware Version: 2.1.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/27/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1538, #2026 and #2417); Triple-DES (Cert. #1505); RNG (Certs. #1173 and #1193); SHS (Cert. #2074); HMAC (Cert. #1502); RSA (Cert. #1249); DSA (Cert. #755); ECDSA (Cert. #397)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip embedded

"The Comtech Unified Crypto Module features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via Comtech Satellite Modems, as well as firmware to provide the cryptographic functions needed to act as a endpoint for secure TLS- and SSH-based management and control traffic."
2158 INSIDE Secure
41 Parc Club du Golf
Aix-en-Provence, 13856
France

-Jerome Ducros
TEL: +33 (0)413758653

CST Lab: NVLAP 100432-0

VaultIC405™, VaultIC421™, VaultIC441™
(Hardware Versions: P/Ns: ATVaultIC405, ATVaultIC421 and ATVaultIC441; Platforms: ATVaultIC405M Silicon Rev C, ATVaultIC421M Silicon Rev C and ATVaultIC441M Silicon Rev C; Firmware Version: 1.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/20/2014 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Cert. #2119); DRBG (Cert. #231); DSA (Cert. #663); ECDSA (Cert. #316); HMAC (Cert. #1291); RSA (Cert. #1089); SHS (Cert. #1843); Triple-DES (Cert. #1348)

-Other algorithms: NDRNG; AES (Cert. #2119, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; DES MAC; Triple-DES (ISO9797; non-compliant); Triple-DES MAC (ISO9797; non-compliant); HOTP; RSA (encrypt/decrypt)

Single-chip

"The VaultIC405™, VaultIC421™ and VaultIC441™ is an Application Specific Standard Product (ASSP) designed to secure various systems against counterfeiting, cloning or identity theft. It is a hardware security module that can be used in many applications such as IP protection, access control or hardware protection."
2157 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-Mocana Sales
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Hybrid Module
(Hardware Version: Freescale P2020 SEC 3.1; Software Version: 5.5fi)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 05/20/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with VxWorks 6.8 running on a XPedite5500 with a Freescale P2020 SEC3.1 processor (Single-user mode)

-FIPS Approved algorithms: AES (Certs. #2290 and #2291); DRBG (Cert. #284); DSA (Cert. #717); ECDSA (Cert. #372); HMAC (Cert. #1407); RNG (Cert. #1141); RSA (Cert. #1179); SHS (Cert. #1974); Triple-DES (Cert. #1440)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt)

Multi-chip standalone

"The Mocana Cryptographic Suite B Hybrid Module (Software Version 5.5fi) is a hybrid, multi-chip standalone cryptographic module that runs on a general purpose computer. The primary purpose of this module is to provide FIPS Approved cryptographic routines to consuming applications via an Application Programming Interface."
2156 Dell, Inc.
2300 West Plano Parkway
Plano, TX 75075
USA

-Chris Burchett
TEL: 512-723-8065
FAX: 972-577-4375

-Mike Phillips
TEL: 512-723-8420
FAX: 972-577-4375

CST Lab: NVLAP 200002-0

Dell-CREDANT Cryptographic Kernel (Windows Kernel Mode) [1] and Dell-CREDANT Cryptographic Kernel (Windows User Mode) [2]
(Software Version: 1.8 [1,2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/15/2014 Overall Level: 2 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 2 with Windows 7 Enterprise (32-bit) running on Dell Optiplex 755 [1]; Windows 7 Enterprise x64 Edition (64-bit) running on Dell Optiplex 755 [1]; Windows 7 Enterprise (32-bit) running on Dell Optiplex 755 [2]; Windows 7 Enterprise x64 Edition (64-bit) running on Dell Optiplex 755 [2]

-FIPS Approved algorithms: AES (Certs. #2130 and #2131); Triple-DES (Certs. #1353 and #1354); SHS (Certs. #1854 and #1855); HMAC (Certs. #1300 and #1301); DRBG (Certs. #235 and #236)

-Other algorithms: Rijndael; RNG (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant)

Multi-chip standalone

"CREDANT CmgCryptoLib (also known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library implementing AES, DRBG SP 800-90A [CTR], SHA-2 [256, 384, 512], HMAC [SHA-1 & SHA-2], and Triple-DES. CmgCryptoLib is used by commercial products including CREDANT Mobile Guardian (CMG) and Dell Data Protection Encryption (DDPE). CREDANT provides a centrally managed data protection platform for authentication, encryption, access controls and data recovery for laptops, desktops, removable media, smart phones, servers, network shares, cloud storage and applications."
2155 VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

-Eric Betts
TEL: 650-427-1902

CST Lab: NVLAP 200928-0

VMware NSS Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/14/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server with AES-NI; VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1619); AES (Cert. #2700); SHS (Cert. #2267); HMAC (Cert. #1681); DRBG (Cert. #443); DSA (Cert. #821); RSA (Cert. #1398)

-Other algorithms: RC2; RC4; DES; SEED; CAMELLIA; MD2; MD5; Triple-DES (non-compliant); ECDSA (non-compliant); HKDF (non-compliant); J-PAKE; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The VMware NSS Cryptographic Module is a software cryptographic library that provides FIPS 140-2 validated network security services to VMware products."
2154 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100E, 2150E and 4150E
(Hardware Versions: NSA-1100-FWEX-E, NSA-2150-FWEX-E, NSA-4150-FWEX-E with FRU-686-0089-00; Firmware Version: 8.3.1)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/14/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1833, #2303 and #2305); Triple-DES (Certs. #1185, #1451 and #1453); SHS (Certs. #1612, #1988 and #1990); HMAC (Certs. #1086, #1418 and #1420); RNG (Certs. #964, #1146 and #1148); RSA (Certs. #1187 and #1189); DSA (Certs. #722 and #724)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength).

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2153 McAfee, Inc.
2821 Mission College Boulevard
Santa Clara, CA 95054
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Virtual Appliance for Crossbeam
(Software Version: 8.3.1)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/13/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with McAfee SecureOS v8.3 on Crossbeam XOS v9.9.0 running on a Crossbeam X80-S AC (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1963, #2304 and #2306); Triple-DES (Certs. #1275, #1452 and #1454); SHS (Certs. #1722, #1989 and #1991); HMAC (Certs. #1184, #1419 and #1421); RNG (Certs. #1032, #1147 and #1149); RSA (Certs. #1188 and #1190); DSA (Certs. #723 and #725): CVL (Certs. #127 and #129)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2152 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 2901, 2911, 2921, 2951, 3925, 3925E, 3945, 3945E and VG350 Integrated Services Routers (ISRs)
(Hardware Versions: 2901 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, A], 2911 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, B], 2921 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, C], 2951 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, D], [3925, 3925E, 3945, 3945E and VG350] [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, E], PVDM2-8 [1], PVDM2-16 [2], PVDM2-32 [3], PVDM2-48 [4], PVDM2-64 [5], PVDM3-16 [6], PVDM3-32 [7], PVDM3-64 [8], PVDM3-128 [9], PVDM3-192 [10], PVDM3-256 [11], FIPS-SHIELD-2901= [A], FIPS-SHIELD-2911= [B], FIPS-SHIELD-2921= [C], FIPS-SHIELD-2951= [D] and FIPS-SHIELD-3900= [E] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/13/2014;
08/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #803, #963, #1115, #1536 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #443, #538, #627 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #801, #934, #1038, #2182 and #2208); Triple-DES (Certs. #758, #812, #1037 and #1566)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options."
2151 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Papi Menon
TEL: 650-261-2413
FAX: 650-261-2401

CST Lab: NVLAP 200928-0

ProtectV StartGuard
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 05/13/2014 Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2012 (x64) on VMware ESXi 5.0 running on Dell PowerEdge R610 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2550); HMAC (Cert. #1571); SHS (Cert. #2151)

-Other algorithms: N/A

Multi-chip standalone

"ProtectV StartGuard authorizes whether or not a virtual machine instance secured by SafeNet ProtectV can be launched. StartGuard enables a challenge response authentication mechanism to be inserted in the boot transition process when ProtectV is being started up, during the transition between the first to second phase of the boot process. StartGuard is configurable to suit customers’ security and privacy requirements."
2150 Dell, Inc.
2300 West Plano Parkway
Plano, TX 75075
USA

-Chris Burchett
TEL: 512-723-8065
FAX: 972-577-4375

-Mike Phillips
TEL: 512-723-8420
FAX: 972-577-4375

CST Lab: NVLAP 200002-0

Dell-CREDANT Cryptographic Kernel (Mac Kernel Mode) [1], Dell-CREDANT Cryptographic Kernel (Mac User Mode) [2] and Dell-CREDANT Cryptographic Kernel (Linux User Mode) [3]
(Software Version: 1.8 [1,2,3])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/13/2014 Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Mac OS X Lion 10.7.3 (32-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [1]; Mac OS X Lion 10.7.3 (64-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [1]; Mac OS X Lion 10.7.3 (32-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [2]; Mac OS X Lion 10.7.3 (64-bit) running on a mid-2010 MacBook Pro (MacBookPro6,2) [2]; Ubuntu Linux 11.04 (32-bit) running on a Dell Optiplex 755 [3]; Ubuntu Linux 11.04 (64-bit) running on a Dell Optiplex 755 [3] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2130 and #2131); Triple-DES (Certs. #1353 and #1354); SHS (Certs. #1854 and #1855); HMAC (Certs. #1300 and #1301); DRBG (Certs. #235 and #236)

-Other algorithms: Rijndael; RNG (non-compliant); AES (non-compliant); Triple-DES (non-compliant); SHS (non-compliant)

Multi-chip standalone

"CREDANT CmgCryptoLib (also known as CREDANT Cryptographic Kernel) is a FIPS 140-2 validated, software based cryptography library implementing AES, DRBG SP 800-90A [CTR], SHA-2 [256, 384, 512], HMAC [SHA-1 & SHA-2], and Triple-DES. CmgCryptoLib is used by commercial products including CREDANT Mobile Guardian (CMG) and Dell Data Protection Encryption (DDPE). CREDANT provides a centrally managed data protection platform for authentication, encryption, access controls and data recovery for laptops, desktops, removable media, smart phones, servers, network shares, cloud storage and applications."
2149 Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0

nShield F3 10+ [1], nShield F3 500+ [2], nShield F3 6000+ [3], nShield F3 500+ for nShield Connect+ [4], nShield F3 1500+ for nShield Connect+ [5] and nShield F3 6000+ for nShield Connect+ [6]
(Hardware Versions: nC4033E-010 [1], nC4433E-500 [2], nC4433E-6K0 [3], nC4433E-500N [4], nC4433E-1K5N [5] and nC4433E-6K0N [6], Build Standard N; Firmware Version: 2.51.10-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/13/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Certs. #181 and #318); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
2148 Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0

nShield F3 10+ [1], nShield F3 500+ [2], nShield F3 6000+ [3], nShield F3 500+ for nShield Connect+ [4], nShield F3 1500+ for nShield Connect+ [5] and nShield F3 6000+ for nShield Connect+ [6]
(Hardware Versions: nC4033E-010 [1], nC4433E-500 [2], nC4433E-6K0 [3], nC4433E-500N [4], nC4433E-1K5N [5] and nC4433E-6K0N [6], Build Standard N; Firmware Version: 2.51.10-3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/13/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Certs. #181 and #318); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F3 10+, nShield F3 500+, nShield F3 6000+, nShield F3 500+ for nShield Connect+, nShield F3 1500+ for nShield Connect+ and nShield F3 6000+ for nShield Connect+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 3 embedded devices. The units are identical in operation and only vary in the processing speed."
2147 SafeNet, Inc.
20 Colonnade Road, Suite 200
Ottawa, Ontario K2L1A1
Canada

-Paul Hampton
TEL: +44 (0) 1276 608057
FAX: +44 (0) 1276 608080

CST Lab: NVLAP 200427-0

SafeNet LUNA® EFT
(Hardware Version: GRK-15, Version Code 0100; Firmware Version: MAL1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/13/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2629); RNG (Cert. #1242); RSA (Cert. #1350); SHS (Cert. #2212); Triple-DES (Cert. #1578)

-Other algorithms: N/A

Multi-chip standalone

"SafeNet LUNA® EFT is designed for Electronic Funds Transfer (EFT) and payment system processing environments, providing powerful end-to-end security for online banking transactions and applications for credit, debit, and chip cards."
2146 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 881W, 881GW, 1941W, 891W, C819HGW+7-A-A-K9, C819HGW-V-A-K9, C819HGW-S-A-K9, and C819HWD-A-K9 Integrated Services Routers (ISRs)
(Hardware Versions: Cisco 881W, 881GW, 891W, C819HGW+7-A-A-K9, C819HGW-V-A-K9, C819HGW-S-A-K9, C819HWD-A-K9 and 1941W with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: Router Firmware Version: IOS 15.2(4)M6A and AP Firmware Version: 15.2.2-JB)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/13/2014;
08/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1115, #1535, #1648, #1791, #2611 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #537, #538, #627, #1606 and #1618); RNG (Cert. #1236); RSA (Certs. #1338 and #1347); SHS (Certs. #933, #934, #1038, #2194, #2182 and #2208); Triple-DES (Certs. #757, #758, #812 and #1566)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 800 Series Integrated Services Routers are fixed-configuration routers that provide collaborative business solutions for data communication to small businesses and enterprise teleworkers. They offer wireless, Metro Ethernet, and multiple DSL technologies to provide business continuity. The routers provide the performance required for concurrent services, including firewall, intrusion prevention, content filtering, and encryption for VPNs for optimizing voice and video applications."
2145 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 1941, 2901, 2911, 2921, 2951, 3925, 3945 Integrated Services Routers (ISRs) and ISM
(Hardware Versions: 1941 [12], 2901 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, A], 2911 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11,13, B], 2921 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, C], 2951 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, D], [3925, 3945] [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 14, E], PVDM2-8 [1], PVDM2-16 [2], PVDM2-32 [3], PVDM2-48 [4], PVDM2-64 [5], PVDM3-16 [6], PVDM3-32 [7], PVDM3-64 [8], PVDM3-128 [9], PVDM3-192 [10], PVDM3-256 [11], ISM-VPN-19 [12], ISM-VPN-29 [13], ISM-VPN-39 [14], FIPS-SHIELD-2901= [A], FIPS-SHIELD-2911= [B], FIPS-SHIELD-2921= [C], FIPS-SHIELD-2951= [D] and FIPS-SHIELD-3900= [E] with [FIPS Kit (CISCO-FIPS-KIT=), Revision -B0]; Firmware Version: IOS 15.2(4)M6A)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/13/2014;
08/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #963, #1115, #1536, #2343 and #2620); CVL (Cert. #231); DRBG (Cert. #401); ECDSA (Cert. #450); HMAC (Certs. #538, #627, #1452 and #1606); RSA (Certs. #1338 and #1347); SHS (Certs. #934, #1038, #2020, #2182 and #2208); Triple-DES (Certs. #758, #812, #1466 and #1566)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 128 and 192 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco Integrated Services Routers (ISRs) are routing platforms that provide comprehensive security services including VPN for small businesses, enterprise small branch and teleworkers. The platforms are architected to enable the next phase of branch-office evolution, providing rich media collaboration and virtualization to the branch while offering a wide-range of connectivity options. The VPN ISM is a module for the ISRs that provides the capability to considerably increase performance for VPN encrypted traffic,"
2144 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiGate-3950B/3951B
(Hardware Versions: FortiGate-3950B and FortiGate-3951B with SKU-FIPS-SEAL-RED; Firmware Version: FortiOS v4.0, build3830, 131223)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/06/2014;
07/24/2014
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2278, #2607 and #2608); Triple-DES (Certs. #1425, #1572 and #1573); HMAC (Certs. #1396, #1615 and #1616); SHS (Certs. #1959, #2191 and #2192); RSA (Cert. #1169 and #1334); RNG (Cert. #1234)

-Other algorithms: DES; MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
2143 Dell, Inc.
1925 Isaac Newton Square East
Suite 440
Reston, VA 20190
USA

-Joe Leslie
TEL: 949-754-1263
FAX: 949-754-8999

-Jason Raymond
TEL: 617-261-6968

CST Lab: NVLAP 200002-0

Dell AppAssure Crypto Library
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/06/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows 2008 R2 64-bit running on Dell PowerEdge T610 with AES-NI; Windows 2008 R2 64-bit running on Dell PowerEdge T610 without AES-NI; Windows 2012 64-bit running on Dell PowerEdge R720 with AES-NI; Windows 2012 64-bit running on Dell PowerEdge R720 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2601); RSA (Cert. #1329); SHS (Cert. #2185)

-Other algorithms: N/A

Multi-chip standalone

"The Dell AppAssure Crypto Module provides data encryption functionality. The Module is a software component used by other software products to encrypt and decrypt data. The Module implements AES (Rijndael) CBC mode functions. Physically, the Module is a DLL file delivered with a file containing the DLL's digital signature."
2142 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Version: 3.0.0.17)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/06/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Physical Security: N/A

-Operational Environment: Tested as meeting Level 1 with Timesys Linux 2.6.28-rt16 running on a Konica Minolta A5C1H020 with PowerPC (32-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2248); DRBG (Cert. #272); DSA (Cert. #700); ECDSA (Certs. #356 and #358); HMAC (Cert. #1377); RNG (Cert. #1122); RSA (Cert. #1153); SHS (Cert. #1937); Triple-DES (Cert. #1407)

-Other algorithms: DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES; ECIES; Entropy RNG; HMAC MD5; MD2; MD5; OTP RNG; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA Security, Inc.'s cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2141 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200427-0

Brocade® FCX L2/L3 Switch and Brocade FastIron® SX Series L2/L3 Switch
(Hardware Versions: FI-SX800-S, FI-SX1600-AC, FI-SX1600-DC, FCX624S, FCX624S-HPOE-ADV, FCX624S-F-ADV, FCX648S, FCX648S-HPOE and FCX648S-HPOE-ADV with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: IronWare Release R07.3.00c)

(When operated in FIPS mode and with the tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/06/2014;
06/05/2014
Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2150); DRBG (Cert. #239); DSA (Cert. #668); HMAC (Cert. #1317); RSA (Cert. #1106); SHS (Cert. #1871); Triple-DES (Cert. #1363)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (non-compliant); RSA (key wrapping; non-compliant)

Multi-chip standalone

"The 24-port and 48-port models of the Brocade FCX Series of switches support Power over Ethernet (PoE) and non-PoE applications. They are designed to meet today's enterprise campus and data center network wire-speed and non-blocking performance requirement. The FastIron SX Series extends control from the network edge to the core with intelligent network services, such as Quality of Service (QoS). The FastIron SX Series provides a scalable, secure, low-latency, and fault-tolerant IP services solution for 1 and 10 Gigabit Ethernet (GbE) enterprise deployments."
2140 Uplogix, Inc.
7600B N. Capital of Texas Hwy., Suite 220
Austin, TX 78731
USA

-Martta Howard
TEL: 512-857-7043

CST Lab: NVLAP 200427-0

Uplogix 430 [1, a], 3200 [2, a], 500 [3, a, b] and 5000 [4, a b]
(Hardware Version: 43-1102-50 [1], 37-0326-04 [2], 61-5050-33 [3] and 61-5500-33 [4] with Tamper Evident Labels Part No. (61-0001-00); Firmware Version: 4.6.4.22900g [a] and 4.6.4.24340g [b])

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/30/2014;
05/20/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2293); CVL (Certs. #46, #47 and #48); DRBG (Cert. #285); DSA (Cert. #719); HMAC (Cert. #1409); RSA (Cert. #1181); SHS (Cert. #1976); Triple-DES (Cert. #1442)

-Other algorithms: AES (non-compliant); DES; DSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits); HMAC (non-compliant); HMAC-MD5-96; HMAC-SHA-96 (non-compliant); IKE KDF; MD5; PBKDF2-SHA-256; RC4; RNG (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); SHS (non-compliant); Triple-DES (non-compliant)

Multi-chip standalone

"Uplogix is a network independent management platform that locates with - and directly connects to - managed devices. Standing alone or augmenting existing centralized management tools, Uplogix provides configuration, performance and security management actions that are best performed locally. Local Management reduces operational costs, speeds problem resolution, and improves security and compliance versus centralized-only management. Our local focus on network device automation enables the transition to more network sensitive cloud and virtual infrastructure technologies."
2139 IBM® Corporation
1701 North Street, Building 256-3
Endicott, NY 13760
USA

-Brian W. Hugenbruch
TEL: 607-429-3660
FAX: 607-429-5920

-William F Penny
TEL: 845-435-3010
FAX: 845-433-7510

CST Lab: NVLAP 200658-0

IBM® z/VM® Version 6 Release 3 System SSL Cryptographic Module
(Hardware Version: z10 CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863; Software Version: 5735FAL00: z/VM Version 6 Release 3 plus APAR PM95516)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 04/30/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with z/VM Version 6 Release 3 running on IBM System z10 (TM) Enterprise Class (z10 EC) with CP Assist for Cryptographic Functions DES/TDES Enablement Feature 3863 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #976 and #2627); Triple-DES (Certs. #769 and #1577); DSA (Cert. #792); RSA (Cert. #1344); SHS (Certs. #946 and #2203); HMAC (Cert. #1624); RNG (Cert. #1241); CVL (Cert. #110)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); HMAC-MD5

Multi-chip standalone

"Module Description: z/VM System SSL provides cryptographic functions which allows z/VM to protect data using the SSL/TLS protocols. z/VM System SSL also enables administrators to create and manage X.509 V3 certificates and keys within key database files."
2138 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-Shirley Stahl
TEL: 424-750-7424

CST Lab: NVLAP 200556-0

Symantec Java Cryptographic Module
(Software Version: 1.2)

(This module contains the embedded module RSA BSAFE® Crypto-J Software Module validated to FIPS 140-2 under Cert. #1786 operating in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/29/2014 Overall Level: 1 

-Physical Security: N/A

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 (64-Bit) with Sun JRE 6.0 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1911); DSA (Cert. #604); ECDSA (Cert. #271); DRBG (Cert. #160); HMAC (Cert. #1148); PBKDF (vendor affirmed); RNG (Cert. #1004); RSA (Cert. #981); SHS (Cert. #1678); Triple-DES (Cert. #1243)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; DESX; ECIES; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA Keypair Generation MultiPrime (non-compliant); HMAC-MD5

Multi-chip standalone

"The Symantec Java Cryptographic Module provides a comprehensive set of cryptographic services for Symantec products including, but not limited to, the Symantec Data Loss Prevention Suite."
2137 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Chela Diaz de Villegas
TEL: 651-628-1642

CST Lab: NVLAP 200416-0

McAfee Vulnerability Manager Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/29/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 64-bit running an Intel Xeon on a McAfee® Firewall Enterprise Control Center (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2176); Triple-DES (Cert. #1378); HMAC (Cert. #1332); SHS (Cert. #1888); RSA (Cert. #1122); RNG (Cert. #1102)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (non-compliant)

Multi-chip standalone

"The McAfee Vulnerability Manager Cryptographic Module scans specified targets for vulnerabilities and misconfiguration. It provides a management interface to configure the system and generate reports regarding the results of the scans."
2136 Aruba Networks, Inc.
1344 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500
FAX: 408-227-4550

CST Lab: NVLAP 200427-0

Aruba 7200 Series Controllers with ArubaOS FIPS Firmware
(Hardware Versions: Aruba 7210-F1, Aruba 7210-USF1, Aruba 7220-F1, Aruba 7220-USF1, Aruba 7240-F1, Aruba 7240-USF1 with FIPS kit 4010061-01; Firmware Version: ArubaOS 6.3.1.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/09/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2479, #2677 and #2680); CVL (Certs. #150 and #152); DRBG (Cert. #433); ECDSA (Certs. #466 and #469); HMAC (Certs. #1522, #1663 and #1666); KBKDF (Cert. #16); RNG (Cert. #1250); RSA (Certs. #1268, #1376, #1379 and #1380); SHS (Certs. #2098, #2246, #2249 and #2250); Triple-DES (Certs. #1518, #1605 and #1607)

-Other algorithms: DES; Diffie-Hellman (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides 128 or 192 bits of encryption strength); HMAC-MD5; MD5; NDRNGs; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services."
2135 AFORE Solutions Inc.
2680 Queensview Drive
Suite 150
Ottawa, Ontario K2B 8J9
Canada

-Tim Bramble
TEL: 613-224-5995 x232
FAX: 613-224-5410

CST Lab: NVLAP 200928-0

CloudLink Crypto Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 9 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 04/24/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Ubuntu 12.04 on VMWare ESXi 5.1.0 running on a Dell PowerEdge R520 with AES-NI; Ubuntu 12.04 on VMWare ESXi 5.1.0 running on a Dell PowerEdge R520 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2545); Triple-DES (Cert. #1540); SHS (Cert. #2146); HMAC (Cert. #1566); RNG (Cert. #1220); DRBG (Cert. #378); RSA (Cert. #1300); DSA (Cert. #778); CVL (Cert. #104)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECC CDH (non-compliant); ECDSA (non-compliant); Dual-EC DRBG (non-compliant)

Multi-chip standalone

"The CloudLink Crypto Module is a general purpose cryptographic library which provides cryptographic services for all CloudLink application modules."
2134 Harris Corporation
RF Communications Division
1680 University Avenue
Rochester, NY 14610
USA

-James White
TEL: 585-242-3917

-Elias Theodorou
TEL: 585-720-8790

CST Lab: NVLAP 200928-0

RF-7800W Broadband Ethernet Radio
(Hardware Versions: RF-7800W-OU50x, OU47x and OU49x; Firmware Version: 2.00)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/24/2014 Overall Level: 2 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2606); Triple-DES (Cert. #1571); DRBG (Certs. #398); SHS (Cert. #2190); HMAC (Cert. #1614); RSA (Cert. #1333); DSA (Cert. #791); KAS (Cert. #41); CVL (Cert. #100)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"The RF-7800W(-OU47x,-OU49x,-OU50x) Broadband Ethernet Radio(BER) is designed for High Capacity Line of Sight (HCLOS) networks with broadband Ethernet requirements. The radio can be mounted on a mast for quick deployment or on a tower system and is designed for long haul backbone systems. The BER operates in the 4.4 - 5.8 GHz frequency band. The BER is an ideal wireless networking solution for public safety, first responders, training and simulation networks and long haul/short haul battlefield communications. The RF-7800W operates in Point-to-Point and Point to Multipoint in the same platform."
2133 SecureAgent® Software Inc.
2448 E. 81st Street
Tulsa, OK 74137
USA

-Steve Soodsmas
TEL: 918-971-1600
FAX: 918-971-1623

CST Lab: NVLAP 200416-0

SecureAgent® Software Cryptographic Module
(Software Version: 2.2.006)

(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/25/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Sun Solaris 10 running on an IDG 9074 Secure Communications Controller (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2044); SHS (Cert. #1790); HMAC (Cert. #1243); RNG (Cert. #1067)

-Other algorithms: NDRNG; AES (non-compliant); RSA (non-compliant); DSA (non-compliant); SHA-1 (non-compliant); SHA-224 (non-compliant); SHA-256 (non-compliant); SHA-384 (non-compliant); SHA-512 (non-compliant); ANSI X9.31 RNG (non-compliant); PBKDF (non-compliant); TDES (non-compliant); ARCFOUR; BLOWFISH; CAMELLIA; CAST5; DES; RC2; SEED; SERPENT; TWOFISH; Elgamal; HAVAL; MD2; MD4; MD5; RMD160; TIGER; TIGER1; TIGER2; WHIRLPOOL; SIMPLE_S2K; SALTED_S2K; ITERSALTED_S2K

Multi-chip standalone

"The SecureAgent® Software Cryptographic Module provides the core cryptographic services for several secure communications and controller systems designed and manufactured by SecureAgent® Software."
2132 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-3463

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-8000 S
(Hardware Version: P/N M-8000 S, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 7.1.15.4)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/30/2014 Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971); CVL (Certs. #57 and #58)

-Other algorithms: Diffie- Hellman (non-compliant); MD5; NDRNG

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2131 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Sakthikumar Subramanian
TEL: 408-346-3249
FAX: 408-346-3463

CST Lab: NVLAP 100432-0

Network Security Platform Sensor M-8000 P
(Hardware Version: P/N M-8000 P, Version 1.40; FIPS Kit P/N IAC-FIPS-KT8; Firmware Version: 7.1.15.4)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/30/2014 Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #880); Triple-DES (Cert. #781); RSA (Certs. #425 and #830); DSA (Cert. #345); SHS (Certs. #871 and #970); RNG (Cert. #505); HMAC (Cert. #971); CVL (Certs. #57 and #58)

-Other algorithms: NDRNG; RSA (non-compliant); Diffie-Hellman (non-compliant); MD5

Multi-chip standalone

"Network Security Platform products (formerly known as IntruShield) are Intrusion Prevention Systems (IPS) that protect network infrastructures and endpoints from intrusions such as zero-day, DoS, spyware, VoIP, botnet, malware, phishing, and encrypted attacks with highly accurate, enterprise-class risk-aware intrusion prevention. The Network Security Management system manages the sensor deployments and permits the customer to receive real-time network status updates and alerts, implement customized security policies and incident response plans, and perform forensic analysis of attacks."
2130 Northrop Grumman M5 Network Security
Canberra, Australia Level 1 218 Northbourne Ave Braddon, ACT 2612
Level 1 / 218 Northbourne Ave
Braddon, ACT 2612
Australia

-Warwick Hoyle
TEL: +611300656019
FAX: +611300365893

-Kristian Howard
TEL: +611300656019
FAX: +611300365893

CST Lab: NVLAP 200900-0

SCS Linux Kernel Cryptographic Services module
(Software Version: kernel-PAE-2.6.32.14-127.scs.fips.fc12.i686)

(When operated in FIPS mode with module OpenSSL FIPS Object Module V2 validated to FIPS 140-2 under Cert. #1747 operating in FIPS mode. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/06/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Fedora 12 (Linux 2.6.32 kernel) running on M5 Network Security model SCS-100; Fedora 12 (Linux 2.6.32 kernel) running on M5 Network Security model SCS-200 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2604); Triple-DES (Cert. #1569); RNG (Cert. #1232); SHS (Cert. #2188); HMAC (Certs. #1126 and #1612)

-Other algorithms: DES; Triple-DES CTR (non-compliant); AES GCM (non-compliant)

Multi-chip standalone

"A FIPS module that provides a C-language application program interface (API) for use by other processes that require cryptographic functionality within the SCS 100 and 200 hardware platforms."
2129 Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

-Udayan Borkar
TEL: 408-528-2361
FAX: 408-528-2540

-Colin Cooper
TEL: 408-528-2871
FAX: 408-528-2540

CST Lab: NVLAP 100432-0

RFS7000 SERIES Wireless Controller
(Hardware Versions: RFS-7010 and RFS-7010 GR; Firmware Version: 5.4.10.0-050GR)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/25/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #762 and #2625); HMAC (Cert. #1623); CVL (Certs. #106, #107, #108 and #109); RNG (Cert. #1240); RSA (Cert. #1342); SHS (Certs. #769 and #2201); Triple DES (Certs. #667 and #1576)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5

Multi-chip standalone

"The RFS-7000 wireless switch is a highly scalable management platform for managing large multi-site distributed and campus wireless networks. The RFS-7000 can manage networks of AP-7131N, AP-7161 and AP-7181 access points. Additionally, it provides functionality like centralized captive portal, centralized security (firewall, VPN) and high availability."
2128 Gigamon Inc.
598 Gibraltar Drive
Milpitas, CA 95035
USA

-Mike Valladao
TEL: 408-831-4000

CST Lab: NVLAP 200556-0

Gigamon Linux-Based Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode and when the module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/20/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with CentOS 6.3 on a GigaVUE-TA1(single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert. #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength);

Multi-chip standalone

"The Gigamon Linux-Based Cryptographic Module provides cryptographic functions for Gigamon products and solutions."
2127 Athena Smartcard, Inc.
16615 Lark Avenue
Suite 202
Los Gatos, CA 95032
USA

-Ste´phanie Motre´
TEL: 408-786-1028
FAX: 408-608-1818

CST Lab: NVLAP 100432-0

IDProtect Duo with LASER PKI
(Hardware Version: STMicroelectronics ST23YR80 Rev. G; Firmware Version: Athena IDProtect 0204.0355.0702 with LASER PKI Applet 3.0)

(When operated in FIPS mode. No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/09/2014;
05/28/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1830); RSA (Cert. #919); Triple-DES (Cert. #1183); Triple-DES MAC (Triple-DES Cert. #1183, vendor affirmed); DRBG (Cert. #144); SHS (Cert. #1609); ECDSA (Cert. # 253); CVL (Cert. #8)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman (CVL Cert. #8, key agreement; key establishment methodology provides 128 bits of encryption strength); AES (Cert. #1830, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"IDProtect is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. IDProtect is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. IDProtect supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. IDProtect exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
2126 Integral Memory PLC.
Unit 6 Iron Bridge Close
Iron Bridge Business Park
Off Great Central Way
London, Middlesex NW10 0UF
United Kingdom

-Patrick Warley
TEL: +44 (0)20 8451 8700
FAX: +44 (0)20 8459 6301

-Francesco Rivieccio
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

CST Lab: NVLAP 200996-0

Integral AES 256 Bit Crypto SSD Underlying PCB
(Hardware Versions: INSSD32GS25MCR140-2(R); INSSD64GS25MCR140-2(R); INSSD128GS25MCR140-2(R); INSSD256GS25MCR140-2(R); INSSD512GS25MCR140-2(R); INSSD1TS25MCR140-2(R); INSSD32GS18MCR140-2(R); INSSD64GS18MCR140-2(R); INSSD128GS18MCR140-2(R); INSSD256GS18MCR140-2(R); INSSD512GS18MCR140-2(R); INSSD1TGS18MCR140-2(R); Firmware Version: S5FDM018)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/09/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2175); SHS (Cert. #1887); HMAC (Cert. #1335); DRBG (Cert. #254)

-Other algorithms: N/A

Multi-chip standalone

"Integral Crypto SSD is the Full Disk Encryption solution for Windows desktops and laptops. Featuring AES 256-bit Hardware Encryption so you can encrypt and protect your sensitive data and get the speed, reliability and power benefits of SSD. It comes in, 32 GB 64 GB 128 GB, 256 GB, 512 GB and 1TB SATA II & III versions. The devices feature an epoxy resin coating around both the circuit components and the printed circuit board (PCB)."
2125 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

ACT2Lite Module
(Hardware Version: 15-14497-02(NX315) or 15-14497-02(AT90S072); Firmware Version: 1.5)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/09/2014 Overall Level: 1 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2556 and #2742); DRBG (Certs. #384 and #461); ECDSA (Certs. #439 and #480); HMAC (Certs. #1576 and #1719); RSA (Certs. #1309 and #1438); SHS (Certs. #2156 and #2314)

-Other algorithms: NDRNG

Single-chip

"ACT2-Lite (Anti-Counterfeit Technology 2 Lite) is the ACT family (ACT 1T, Quack 1 and 2) next generation. It is an ancillary security device containing product identity information and assertion functionality to support product identity for various usages including anti-counterfeit functionality as well as other security functionality to be used across many different hardware platforms."
2124 Vidyo, Inc.
433 Hackensack Ave, 6th Floor
Hackensack, NJ 07601
USA

CST Lab: NVLAP 200556-0

Cryptographic Security Kernel
(Software Version: 2)

(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/09/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on a HP ProLiant GL380 without AES-NI; Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on a Dell PowerEdge R210 II with AES-NI; Mac OS X 10.6.8 32-bit running on a Mac Mini without AES-NI; Mac OS X 10.6.8 64-bit running on a Macbook Pro without AES-NI; Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on a Macbook Pro with AES-NI; Mac OS X 10.7.3 32-bit running on a Mac Mini without AES-NI; Mac OS X 10.7.3 64-bit running on a Macbook Air without AES-NI; Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on a Macbook Air with AES-NI; Windows XP with SP3 32 bit running on a IBM Thinkpad T60 without AES-NI; Windows XP with SP3 32 bit running on a Vidyo HD50 Room System with AES-NI; Windows 7 with SP1 32 bit running on a Mac Mini without AES-NI; Windows 7 with SP1 64 bit running on a Dell Precision M4300 without AES-NI; Windows 7 with SP1 32 bit running on a Vidyo HD40 Room System with AES-NI; Windows 7 with SP1 64 bit running on a Macbook Air with AES-NI; iOS 6.1 running on a Apple iPad 4; iOS 6.1 running on a Apple iPhone 5; Android 4.1.1 running on a Samsung Galaxy Tab 2 10.1; Android 4.1.1 running on a ASUS Transformer Prime; Android 4.1.2 running on a Samsung Galaxy Nexus S; Android 4.2.2 running on a Google Nexus 7; Android 4.0.4 running on a Samsung Galaxy SII; Android 4.1.2 running on a Samsung Galaxy SIII; Kindle Fire OS 8.4.3 running on a Amazon Kindle Fire HD 8.9 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2027, #2028 and #2576); DRBG (Certs. #194, #195 and #389); HMAC (Certs. #1229, #1230 and #1599); SHS (Certs. #1776, #1777 and #2175)

-Other algorithms: N/A

Multi-chip standalone

"The Vidyo Cryptographic Security Kernel (CSK) is a subset of the Vidyo Technology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications."
2123 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Virtual Appliance for VMware
(Software Version: 8.3.1)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 3.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/09/2014 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with McAfee SecureOS v8.3 on VMware ESXi 5.0 running on a McAfee S7032 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1963, #2304 and #2306); Triple-DES (Certs. #1275, #1452 and #1454); SHS (Certs. #1722, #1989 and #1991); HMAC (Certs. #1184, #1419 and #1421); RNG (Certs. #1032, #1147 and #1149); RSA (Certs. #1188 and #1190); DSA (Certs. #723 and #725)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2122 VMware, Inc.
3401 Hillview Ave
Palo Alto, CA 94304
USA

-Eric Betts
TEL: 650-427-1902

CST Lab: NVLAP 200928-0

VMware Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/04/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with VMware vCloud Networking and Security 5.5.0a Edge OS on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server; VMware vCloud Networking and Security 5.5.0a vShield Manager OS (VMware vCloud Networking and Security 5.5.0a App Firewall OS) on VMware vSphere Hypervisor (ESXi) 5.5 running on HP ProLiant DL380e Gen8 Server (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1620); AES (Cert. #2701); SHS (Cert. #2268); HMAC (Cert. #1682); RNG (Cert. #1255); DSA (Cert. #822); RSA (Cert. #1399)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECDSA (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The VMware Cryptographic Module is a software library providing FIPS 140-2 -approved cryptographic algorithms and services for protecting data-in-transit and data-at-rest on VMware products and platforms."
2121 Thales e-Security Inc.
900 South Pine Island Road
Suite 710
Plantation, FL 33324
USA

-sales@thalesesec.com
TEL: 888-744-4976

CST Lab: NVLAP 200996-0

nShield F2 500+ [1], nShield F2 1500+ [2] and nShield F2 6000+ [3]
(Hardware Versions: nC3423E-500 [1], nC3423E-1K5 [2] and nC3423E-6K0 [3], Build Standard N; Firmware Version: 2.51.10-2)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 04/03/2014;
06/05/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2122); Triple-DES (Cert. #1349); HMAC (Cert. #1292); Triple-DES MAC (Triple-DES Cert. #1349, vendor affirmed); SHS (Cert. #1844); DSA (Certs. #664 and #777); ECDSA (Cert. #181); RSA (Certs. #1092 and #1299); DRBG (Cert. #232); CVL (Certs. #27 and #90)

-Other algorithms: ARC4; Aria; Camellia; CAST-6; DES; MD5; SEED; HMAC-MD5; HMAC-Tiger; HMAC-RIPEMD160; RIPEMD-160; Tiger; El-Gamal; KCDSA; HAS-160; AES (Cert. #2122, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1349, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #27 and #90, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The nShield modules: nShield F2 500+, nShield F2 1500+ and nShield F2 6000+ family of secure e-commerce HSMs are multi-tasking hardware modules that are optimized for performing modular arithmetic on very large integers. The nShield modules are FIPS 140-2 level 2 embedded devices. The units are identical in operation and only vary in the processing speed."
2120 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0

Samsung OpenSSL Cryptographic Module
(Software Version: SecOpenSSL2.0.3)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/28/2014 Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Android Jelly Bean 4.1 running on Samsung Galaxy Note II; Android Jelly Bean 4.2 running on Samsung Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2351 and #2411); HMAC (Certs. #1458 and #1496); SHS (Certs. #2026 and #2069); Triple-DES (Certs. #1471 and #1501); RSA (Certs. #1212 and #1245); DSA (Certs. #735 and #753); ECDSA (Certs. #386 and #396); RNG (Certs. #1171 and #1190); DRBG (Certs. #299 and #321); CVL (Certs #56 and #72)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; Triple-DES-CTR (non-compliant); AES-CTR (non-compliant); MD4; MD5; MDC-2; RC2; RC4; RIPEMD-160; Diffie-Hellman; md_rand.c; DRBG (Certs. #299 and #321; DUAL-EC; non-compliant)

Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
2119 Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

-Monty Forehand
TEL: 720-684-2835
FAX: 720-684-2733

-Harshad Thakar
TEL: 720-684-2580
FAX: 720-684-2733

CST Lab: NVLAP 100432-0

Seagate Secure® TCG Opal SSC Self-Encrypting Drive FIPS 140-2 Module
(Hardware Version: 1G1162 and 1G1164; Firmware Version: SM72, SM73, DM72, DM73, DM82, DM83, HM72, HM73, HM82, HM83, LM72 and LM73)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/28/2014;
05/21/2014;
06/27/2014
Overall Level: 2 

-EMI/EMC: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1343 and #1974); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225); HMAC (Cert. #1597)

-Other algorithms: NDRNG

Multi-chip embedded

"The cryptographic module (CM) in the Seagate Secure® TCG Opal SSC Self-Encrypting Drive provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
2118 Hewlett-Packard Development Company, L.P.
3000 Hanover Street
Palo Alto, CA 94394
USA

-Mihai Damian
TEL: 650-236-5870

-Sameer Popli
TEL: 650-258-3374

CST Lab: NVLAP 200002-0

NonStop Volume Level Encryption (NSVLE)
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/03/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Debian Linux HPTE Version 5.0.0 running on an HP ProLiant DL380 Gen8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2375 and #2376); Triple-DES (Cert. #1486); SHS (Cert. #2047); DRBG (Cert. #311); HMAC (Cert. #1477); RSA (Cert. #1230); CVL (Cert. #228)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); MD5

Multi-chip standalone

"HP NonStop Volume Level Encryption, or NSVLE, is a fully integrated encryption solution using FIPS Approved algorithms to protect data from threats such as theft and unauthorized disclosure."
2117 Juniper Networks, Inc.
1194 North Matilda Ave
Sunnyvale, CA 94089
USA

-Sue Lin
TEL: 408-936-8447
FAX: 408-936-1801

CST Lab: NVLAP 200697-0

Juniper Networks EX3300, EX4200, EX4500 Ethernet Switches
(Hardware Version: EX3300-24P, EX3300-24T, EX3300-24T-DC, EX3300-48T, EX3300-48T-BF, EX3300-48P, EX4200-24P, EX4200-24PX, EX4200-24T, EX4200-24F, EX4200-48P, EX4200-48PX, EX4200-48T, EX4500-40-FB and EX4500-40-BF with Tamper Evident Labels: 520-052564; Firmware Version: JUNOS 12.1R6.6)

(When operated in FIPS Mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 03/28/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1494, #1507, #1508 and #1514); AES (Certs. #2396, #2419, #2420 and #2475); DSA (Cert. #762); SHS (Certs. #2058, #2059, #2076, #2077 and #2094); RNG (Cert. #1187); RSA (Certs. #1251, #1252 and #1264); HMAC (Certs. #1488, #1489, #1504, #1505 and #1518); DRBG (Certs. #324, #325 and #338); CVL (Certs. #81)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); NDRNG

Multi-chip standalone

"EX Series Ethernet switches deliver access, aggregation, and core layer switching services in branch, campus, and data center networks to ensure fast, secure, reliable delivery of data and applications. All EX Series Ethernet Switches run the same Junos operating system as other Juniper switches, routers, and security solutions, ensuring consistent, predictable behavior across the entire network infrastructure."
2116 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst 4507R-E, Catalyst 4507R+E, Catalyst 4510R-E, Catalyst 4510R+E, Catalyst C4500X-16SFP+, Catalyst C4500X-F-16SFP+, Catalyst C4500X-32SFP+, Catalyst C4500X-F-32SFP+, Catalyst C4500X-24X-ES, Catalyst C4500X-40X-ES, Catalyst C4500X-24X-IPB with Supervisor Cards (WS-X45-SUP7-E, WS-X45-Sup7L-E) and Line Cards (WS-X4640-CSFP-E, WS-X4712-SFP+E, WS-X4748-NGPOE+E, WS-X4748-RJ45-E and WS-X4748-RJ45V+E)
(Hardware Version: Catalyst 4503-E [1, 3, 4, 5, 6, 8, A], Catalyst 4503-E [2, 5, 7, 8, A], Catalyst 4506-E [1, 3, 4, 5, 6, 7, 8, B], Catalyst 4506-E [2, 3, 4, 5, 6, 7, 8, B], Catalyst 4507R-E [1, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R-E [2, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R+E [1, 3, 4, 5, 6, 7, 8, C], Catalyst 4507R+E [2, 3, 4, 5, 6, 7, 8, C], Catalyst 4510R-E [1, 3, 4, 5, 6, 7, 8, D], Catalyst 4510R+E [1, 3, 4, 5, 6, 7, 8, D], Catalyst C4500X-16SFP+ [E], Catalyst C4500X-F-16SFP+ [E], Catalyst C4500X-32SFP+ [E], Catalyst C4500X-F-32SFP+ [E], Catalyst C4500X-24X-ES [E], Catalyst C4500X-40X-ES [E], Catalyst C4500X-24X-IPB [E], Supervisor Card WS-X45-SUP7-E [1], Supervisor Card WS-X45-SUP7L-E [2], Line Card WS-X4748-RJ45V+E [3], Line Card WS-X4712-SFP+E [4], Line Card WS-X4640-CSFP-E [5], Line Card WS-X4748-NGPOE+E [6], Line Card WS-X4748-RJ45-E [7], Filler Plate (C4K-SLOT-CVR-E) [8] and FIPS kit packaging (WS-C4503-FIPS-KIT= [A], WS-C4506-FIPS-KIT= [B], WS-C4507-FIPS-KIT= [C], WS-C4510-FIPS-KIT= [D] and CVPN4500FIPS/KIT= [E]); Firmware Version: IOS-XE 3.5.2E)

(When operated in FIPS mode with tamper evident labels and security devices installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/26/2014;
04/16/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1589, #2057 and #2624); CVL (Cert. #105); DRBG (Cert. #403); HMAC (Cert. #1622); RSA (Certs. #1339 and #1341); SHS (Certs. #2198 and #2200); Triple-DES (Cert. #1575)

-Other algorithms: Diffie-Hellman (CVL Cert. #105, key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD4; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev."
2115 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiAnalyzer-4000B
(Hardware Version: 4000-B with SKU-FIPS-SEAL-RED; Firmware Version: v4.0, build3059, 130918)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 03/26/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: Triple-DES (Certs. #1608 and #1609); AES (Cert. #2681); SHS (Certs. #2251 and #2252); RNG (Cert. #1251); RSA (Cert. #1030); HMAC (Certs. #1667 and #1668)

-Other algorithms: Diffie-Hellman (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data."
2114 Proofpoint Incorporated
892 Ross Drive
Sunnyvale, CA 94107
USA

-Jun Wang
TEL: 408-338-6680
FAX: 408-517-4710

CST Lab: NVLAP 200427-0

Proofpoint Security Library
(Software Version: 2.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/26/2014 Overall Level: 1 

-Physical Security: N/A

-Operational Environment: Tested as meeting Level 1 with Dell Latitude E6400 w/ Cent OS 5 running JRE 1.6 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1814); ECDSA (Cert. #250); RNG (Cert. #956); RSA (Cert. #909); SHS (Cert. #1591)

-Other algorithms: AES RNG; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSA (non-compliant); Extended Secure Remote Password; Secure Remote Password; RC2; Triple-DES (non-compliant)

Multi-chip standalone

"The module is a Java language cryptographic component to be used by the various Proofpoint security products. The module is designed to meet Level 1 requirements of FIPS 140-2 standard. The module is a cryptographic library that provides variety of cryptographic services (both approved as well as non-approved). The module can be executed on any general-purpose PC and operating system capable of running JRE 1.6 or later."
2113 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiGate-VM Virtual Appliances
(Software Version: 4.0 MR3)

(When operated in FIPS mode and when installed, initialized and configured as specified in Section FIPS 140-2 Compliant Operation of the provided Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/25/2014 Overall Level: 1 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: N/A
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with FortiOS 4.0 MR3 on VMWare ESXi 5.0.0 Update 1 running on a Dell PowerEdge R410

-FIPS Approved algorithms: Triple-DES (Certs. #1503 and #1504); AES (Certs. #2414 and #2415); SHS (Certs. #2071 and #2072); HMAC (Certs. #1500 and #1501); RSA (Cert. #1248); RNG (Cert. #1192)

-Other algorithms: DES; MD5; HMAC MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 188 bits of encryption strength; non-compliant less than 112-bits of encryption strength); RSA (key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-chip standalone

"FortiGate virtual appliances allow you to mitigate blind spots by implementing critical security controls within your virtual infrastructure. They also allow you to rapidly provision security infrastructure whenever and wherever it is needed. FortiGate virtual appliances feature all of the security and networking services common to traditional hardware-based FortiGate appliances. With the addition of virtual appliances from Fortinet, you can deploy a mix of hardware and virtual appliances, operating together and managed from a common centralized management platform."
2112 AT&T Services, Inc.
530 McCullough, 2B60
San Antonio, TX 78215
USA

-Jody Hagemann
TEL: 732-457-1891

CST Lab: NVLAP 200928-0

AT&T Toggle Cryptographic Security Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/25/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110; Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110; Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2; Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2; iOS v5 running on a iPad3; iOS v6 running on a iPhone5; Android v4.1 running on a Samsung Galaxy SIII (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2489); Triple-DES (Cert. #1526); SHS (Cert. #2107); HMAC (Cert. #1531); RNG (Cert. #1206); DRBG (Cert. #347); RSA (Cert. #1283); DSA (Cert. #768); ECDSA (Cert. #417); CVL (Cert. #88)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"The AT&T Toggle Cryptographic Security Module (TCSM) 1.0 provides cryptographic services for the Toggle. The TCSM modules provide low level Encryption and MAC Hashing routines, for protecting and securing mobile devices. The TCSM provides a highly secure encrypted container for enterprise-managed mobile applications, content and data to enable a highly secure mobile workspace that separates corporate information from personal information on the same mobile device. Toggle provides application level security, an automated application wrapping process and dynamic app-based security policy cont"
2111 Christie Digital Systems Canada, Inc.
809 Wellington St. N.
Kitchener, Ontario N2G 4Y7
Canada

-Kevin Draper
TEL: 519-741-3741
FAX: 519-741-3912

CST Lab: NVLAP 200802-0

Christie IMB-S2 4K Integrated Media Block (IMB)
(Hardware Version: 000-102675-01; Firmware Versions: 1.0.1-2641, 1.0.3-3047, 1.1.0-3271, 1.2.0-3400, 1.2.1-3546, 1.3.0-3704, 1.3.2-3709 or 1.5.0-3848)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/21/2014;
06/05/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2042 and #2043); SHS (Certs. #1788 and #1789); HMAC (Certs. #1241 and #1242); RNG (Certs. #1066 and #1230); RSA (Cert. #1062); CVL (Cert. #97)

-Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TI ECDH; TI S-box

Multi-chip embedded

"The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material."
2110 BlackBerry Ltd.
295 Phillip Street
Waterloo, Ontario N2L 3W8
Canada

-Security Certifications Team
TEL: 519-888-7465 x72921
FAX: 905-507-4230

CST Lab: NVLAP 200928-0

BlackBerry Cryptographic Library for Secure Work Space
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section A.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/21/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110; Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110; Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2; Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2; iOS v5 running on a iPad3; iOS v6 running on a iPhone5; Android v4.1 running on a Samsung Galaxy SIII (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2544); Triple-DES (Cert. #1539); SHS (Cert. #2145); HMAC (Cert. #1565); RNG (Cert. #1209); DRBG (Cert. #377); RSA (Cert. #1298); DSA (Cert. #776); ECDSA (Cert. #436); CVL (Cert. #89)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"BlackBerry® provides a suite of hardware, software, and services, which allow customers to utilize a single end-to-end Mobile Device Management (MDM) solution. The BlackBerry Cryptographic Library for Secure Work Space is a software module that provides cryptographic services required for secure operation of non-BlackBerry® devices running supported operating systems, when used in conjunction with BlackBerry® MDM solutions."
2109 Juniper Networks, Inc
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 200697-0

Odyssey Security Component Kernel Mode
(Software Version: 2.50)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/21/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 2
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows 7 SP1 64-bit on Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1990); Triple-DES (Cert. #1291); SHS (Cert. #1745); HMAC (Cert. #1203); DSA (Cert. #636); RSA (Cert. #1032); RNG (Cert. #1045)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112-bits of encryption strength); AES (Cert. #1990, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"The Odyssey Security Component (OSC) is a general purpose cryptographic library. OSC Kernel Mode is a kernel-mode binary module for the Windows operating system."
2108 OpenPeak, Inc.
1750 Clint Moore Road
Boca Raton, FL 33487
USA

-Eric Jen
TEL: 561-289-0214

-Howard A. Kwon
TEL: 561-893-7930
FAX: 561-208-8026

CST Lab: NVLAP 200928-0

OpenPeak Cryptographic Security Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3.1.1 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/19/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with Ubuntu 12.04 running on a Dell PowerEdge T110; Ubuntu 12.04 on ESXi 5.1 running on a Dell PowerEdge T110; Ubuntu 12.04 running on a SuperMicro AS-1011S-mR2; Ubuntu 12.04 on ESXi 5.1 running on a SuperMicro AS-1011S-mR2; iOS v5 running on a iPad3; iOS v6 running on a iPhone5; Android v4.1 running on a Samsung Galaxy SIII (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2489); Triple-DES (Cert. #1526); SHS (Cert. #2107); HMAC (Cert. #1531); RNG (Cert. #1206); DRBG (Cert. #347); RSA (Cert. #1283); DSA (Cert. #768); ECDSA (Cert. #417); CVL (Cert. #88)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"The OpenPeak Cryptographic Security Module (OCSM) 1.0 provides underlying cryptography primitives for OpenPeak’s ADAM platform, an advanced device and application management suite that provides comprehensive Mobile Enterprise Management as a cloud-hosted service. The OCSM provides a secure encrypted container for enterprise-managed applications, content and data to enable a highly secure mobile workspace that separates corporate information from personal information on the same mobile device."
2107 Vocera Communications, Inc.
525 Race Street
San Jose, CA 95126
USA

-Thirumalai T. Bhattar
TEL: 408-882-5841
FAX: 408-882-5101

-Ken Peters
TEL: 408-882-5858
FAX: 408-882-5101

CST Lab: NVLAP 200996-0

Vocera Cryptographic Module
(Hardware Version: 88W8688; Software Version: 2.1; Firmware Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 03/19/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Vocera Embedded Linux Version 1.1 running on a Vocera B3000 badge (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2224 and #2225); HMAC (Cert. #1353); SHS (Cert. #1914); RSA (Cert. #1139); DRBG (Cert. #261)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"Vocera B3000 Badge is a wearable hands-free voice-controlled device that provides easy-to-use and instantaneous communication on a wireless LAN network. The Vocera Cryptographic Module, embedded in the B3000 Badge, ensures protected communications using industry-standard secure wireless communication protocols."
2106 DTECH LABS, Inc.
22876 Shaw Road
Sterling, VA 20166
USA

-Brian K. Everhart
TEL: 703-547-0638

-Patrick Higdon
TEL: 703-563-0633

CST Lab: NVLAP 200427-0

M3-SE-RTR2 and TXC3
(Hardware Versions: M3-SE-RTR2-FIPS and TXC3-FIPS with DT-FIPS-TEL; Firmware Version: 15.2(2)GC)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/19/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2031); DRBG (Cert. #196); HMAC (Certs. #537 and #1232); RSA (Cert. #1055); SHS (Certs. #933 and #1779); Triple-DES (Certs. #757 and #1310)

-Other algorithms: DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength); HMAC MD4; HMAC MD5; MD4; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The M3-SE-RTR2 and TXC3 are high-performance, ruggedized routers utilizing the Cisco 5915 ESR. With onboard hardware encryption, the Cisco 5915 offloads encryption processing from the router to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks. The M3-SE-RTR2 and TXC3 provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
2105 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200556-0

FortiAnalyzer 4.0 MR3
(Firmware Version: v4.0, build3059, 130918)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 03/19/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Tested: FortiAnalyzer 4000-B with FortiAnalyzer v4.0, build3059, 130918

-FIPS Approved algorithms: Triple-DES (Certs. #1608 and #1609); AES (Cert. #2681); SHS (Certs. #2251 and #2252); RNG (Cert. #1251); RSA (Cert. #1030); HMAC (Certs. #1667 and #1668)

-Other algorithms: Diffie-Hellman (non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5

Multi-chip standalone

"The FortiAnalyzer family of logging, analyzing, and reporting appliances securely aggregate log data from Fortinet devices and other syslog-compatible devices. Using a comprehensive suite of customizable reports, users can filter and review records, including traffic, event, virus, attack, Web content, and email data."
2104 Dell SonicWALL
2001 Logic Drive
San Jose, CA 95124
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: 408-745-9300

CST Lab: NVLAP 100432-0

NSA E7500
(Hardware Version: P/N 101-500226-54, Rev. A; Firmware Version: SonicOS v5.9.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/18/2014 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2015); CVL (Cert. #86); DRBG (Cert. #189); DSA (Cert. #640); HMAC (Cert. #1219); RNG (Cert. #1156); RSA (Cert. #1044); SHS (Cert. #1765); Triple-DES (Cert. #1300)

-Other algorithms: MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Multi-chip standalone

"NSA E-Class: The SonicWALL E-Class Network Security Appliance (NSA) Series is engineered to provide high performance Unified Threat Management (UTM) threat prevention and application inspection to meet the needs of expanding enterprise networks."
2103 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2L1A1
Canada

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200427-0

ProtectServer Gold (PSG)
(Hardware Versions: B2, B3, B4 and PSG-01-0101; Firmware Version: 3.20.01)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/14/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2605); DSA (Cert. #790); ECDSA (Cert. #449); HMAC (Cert. #1613); RNG (Cert. #1233); RSA (Cert. #1332); SHS (Cert. #2189); Triple-DES (Cert. #1570); Triple-DES MAC (Triple-DES Cert. #1570, vendor affirmed)

-Other algorithms: AES (Cert. #2605, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); AES MAC (AES Cert. #2605, non-compliant); ARIA; CAST 128; CAST MAC; DES; DES MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112-bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112-bits of encryption strength); ECIES; IDEA 128; IDEA MAC; MD2; MD5; MD5 HMAC; RC2; RC2 MAC; RC4; RIPEMD-128; RIPEMD-160; RMD128 HMAC; RMD160 HMAC; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112-bits of encryption strength); SEED 128; SEED MAC; Triple-DES (Cert. #1570, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112-bits of encryption strength)

Multi-chip embedded

"The SafeNet PSG Adapter is a high-end intelligent PCI adapter card that provides a wide range of cryptographic functions using firmware and dedicated hardware processors. Access to the PSG is provided via a comprehensive PKCS#11 API, allowing extremely flexible use of the module in a multitude of applications."
2102 Juniper Networks, Inc.
1194 North Matilda Ave
Sunnyvale, CA 94089
USA

-Sue Lin
TEL: 408-936-8447
FAX: 408-936-1801

CST Lab: NVLAP 200697-0

Juniper Networks EX6200 and EX8200 Ethernet Switches Routing Engines
(Hardware Versions: EX6200-SRE64-4XS, EX8208-SRE320 and EX8216-RE320 with Tamper Evident Labels: 520-052564; Firmware Version: JUNOS 12.1R6.6)

(When operated in FIPS Mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 03/11/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #1494, #1507, #1508 and #1514 ); AES (Certs. #2396, #2419, #2420 and #2475); DSA (Cert. #762); SHS (Certs. #2058, #2059, #2076, #2077 and #2094); RNG (Cert. #1187); RSA (Certs. #1251, #1252 and #1264); HMAC (Certs. #1488, #1489, #1504, #1505 and #1518); DRBG (Certs. #324, #325 and #338); CVL (Certs. #81)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); NDRNG

Multi-chip standalone

"EX Series Ethernet switches deliver access, aggregation, and core layer switching services in branch, campus, and data center networks to ensure fast, secure, reliable delivery of data and applications. All EX Series Ethernet Switches run the same Junos operating system as other Juniper switches, routers, and security solutions, ensuring consistent, predictable behavior across the entire network infrastructure."
2101 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 100432-0

Symantec App Center Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/14/2014;
04/03/2014
Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3; iOS 7 running on a iPad 3; Android 4.0 running on a Galaxy Nexus (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Symantec App Center Server Cryptographic Module Version 1.0 provides cryptographic functions for Symantec App Center, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices."
2100 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200928-0

Cisco FIPS Object Module
(Software Version: 4.1)

(When installed, initialized and configured as specified in the Security Policy Section 3.2 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/07/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Linux 2.6 running on an Octeon Evaluation Board EBH5200 without Octeon; Linux 2.6 running on an Octeon Evaluation Board EBH5200 with Octeon; Linux 2.6 running on a Cisco ASR1002; Android v4.0 running on a Samsung Galaxy S II; Windows 7 running on a Cisco UCS C200 M2 without AES-NI; Windows 7 running on a Cisco UCS C210 M2 with AES-NI; FreeBSD 9.0 running on a Cisco UCS C210 M2 without-AES-NI; Linux 2.6 running on a Cisco UCS C22 M3 with AES-NI; Linux 2.6 running an Intel Xeon on a Cisco UCS C200 M2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2678 and #2685); Triple-DES (Certs. #1606 and #1611); SHS (Certs. #2247 and #2256); HMAC (Certs. #1664 and #1672); DRBG (Certs. #431 and #435); RSA (Certs. #1377 and #1385); DSA (Certs. #812 and #814); ECDSA (Certs. #467 and #471); CVL (Certs. #151 and #153)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less then 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less then 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less then 112 bits of encryption strength)

Multi-chip standalone

"The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols."
2099 Riverbed Technology, Inc.
199 Fremont Street
San Francisco, CA 94105
USA

-Joe Tomasello
TEL: 415-344-5756

-Andy Pang
TEL: 415-247-7341

CST Lab: NVLAP 200928-0

Riverbed Cryptographic Security Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 4 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/07/2014;
04/16/2014;
09/25/2014
Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with RiOS 8.0 x86 32-bit running on Riverbed Steelhead Appliance; RiOS 8.0 x86 64-bit running on Riverbed Steelhead Appliance; RiOS 8.0 x86 64-bit on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; RiOS 8.0 x86 64-bit on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; Stingray Traffic Manager Virtual Appliance x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; Stingray Traffic Manager Virtual Appliance x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; RiOS 8.0 x86 64-bit running on Riverbed Steelhead Appliance with AES-NI; Granite OS 2.0 running on Riverbed Granite Core Appliance; Granite OS 2.0 x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; Granite OS 2.0 x86 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; Whitewater OS 3.0 running on Whitewater Appliance without AES-NI; Whitewater OS 3.0 running on Whitewater Appliance with AES-NI; Whitewater OS 3.0 on VMware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; Whitewater OS 3.0 on VMware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; Interceptor OS 4.5 running on Riverbed Interceptor Appliance; RiOS 8.6 32-bit running on Riverbed Steelhead Appliance; RiOS 8.6 64-bit running on Riverbed Steelhead Appliance; RiOS 8.6 64-bit on Vmware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; RiOS 8.6 64-bit on Vmware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI; RiOS 8.6 64-bit running on Riverbed Steelhead Appliance with AES-NI; Steelhead Mobile Controller 4.6 running on SMC without AES-NI; Steelhead Mobile Controller 4.6 running on SMC with AES NI; Steelhead Mobile Controller 4.6 on Vmware ESXi 5.1 running on Dell PowerEdge R210II without AES-NI; Steelhead Mobile Controller 4.6 on Vmware ESXi 5.1 running on Dell PowerEdge R210II with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2374); Triple-DES (Cert. #1485); SHS (Cert. #2046); HMAC (Cert. #1476); RNG (Cert. #1179); DRBG (Cert. #310); RSA (Cert. #1229); DSA (Cert. #745); ECDSA (Cert. #392); CVL (Cert. #65)

-Other algorithms: RSA (encrypt/decrypt); EC Diffie-Hellman

Multi-chip standalone

"The Riverbed Cryptographic Security Module provides the cryptographic functionality for a variety of Riverbed's platforms including Steelhead and Granite appliances. These network appliances deliver a scalable Wide Area Data Services (WDS) solution, transparently and securely optimizing performance across an enterprise network, and the Stingray software family is used to optimize, secure, and accelerate performance of online applications."
2098 Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Ciotat, 13705
France

-Arnaud Lotigier
TEL: +33 4 42 36 60 74
FAX: +33 4.42.36.55.45

CST Lab: NVLAP 100432-0

IDPrime MD 830
(Hardware Version: SLE78CFX3009P; Firmware Version: IDCore30 Build 1.17, IDPrime MD Applet version V4.1.2.F and MSPNP Applet V1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/05/2014 Overall Level: 3 

-FIPS Approved algorithms: RNG (Cert. #1128); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed); AES (Cert. #2261); RSA (Certs. #1158 and #1163); ECDSA (Cert. #363); CVL (Cert. #41); SHS (Cert. #1946)

-Other algorithms: AES (Cert. #2261, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1413, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength)

Single-chip

"IDPrime MD 830 is a Minidriver enabled PKI smartcard, offering all the necessary services (with either RSA or Elliptic curves algorithms) to secure an IT Security and ID access infrastructure."
2097 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Version: 4.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/05/2014 Overall Level: 1 

-Physical Security: N/A
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 32-bit); Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 64-bit); Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit); Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with AES-NI (x86 32-bit); Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit); Red Hat Enterprise Linux 5.5 running on a HP rx2600 (Itanium2 64-bit); Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit); Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit); Red Hat Enterprise Linux 6.0 running on a Intel Maho Bay with AES-NI (x86 64-bit); Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8 32-bit); Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8+ 32-bit); Oracle Solaris 10 running on a Sun Fire V240 (SPARC v9 64-bit); Oracle Solaris 10 running on a Dell Poweredge SC420 (x86 32-bit); Oracle Solaris 10 running on a Intel Sugar Bay with AES-NI (x86 32-bit); Oracle Solaris 10 running on a Dell Dimension E521 (x86 64-bit); Oracle Solaris 10 running on a Intel Sugar Bay with AES-NI (x86 64-bit); Microsoft Windows XP Professional SP3 running on a Dell Poweredge SC420 (x86 32-bit); Microsoft Windows XP Professional SP3 running on a Dell Precision M6500 with AES-NI (x86 32-bit); Microsoft Windows XP Professional SP2 running on a Indus Technologies Idex 410 (x86 64-bit); Microsoft Windows 7 SP1 running on a Dell Precision M6500 with AES-NI (x86 64-bit); Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 32-bit); Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 64-bit); Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit); Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit); IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 32-bit); IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 64-bit); IBM AIX v6.1 running on a IBM 9110-51A (PPC 32-bit); IBM AIX v6.1 running on a IBM 9110-51A (PPC 64-bit); IBM AIX v7.1 running on a IBM 8231-E2B (PPC 32-bit); IBM AIX v7.1 running on a IBM 8231-E2B (PPC 64-bit); HP HP-UX 11.23 running on a HP Visualize C3600 (PA RISC 2.0 32-bit); HP HP-UX 11.23 running on a HP Visualize C3600 (PA-RISC 2.0W 64-bit); HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 32-bit); HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 64-bit); Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 32-bit); Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RNG (Cert. #1057); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2096 WatchDox, Inc.
299 S California Ave.
Palo Alto, CA 94306
USA

-Adi Ruppin
TEL: 800-209-1688

CST Lab: NVLAP 200427-0

WatchDox® CryptoModule
(Software Version: 1.0)

(When built, installed, protected and initialized as assumed by the Crypto Officer role and as specified in the provided Security Policy. Appendix A of the provided Security Policy specifies the actual distribution tar file containing the source code of this module. There shall be no additions, deletions or alterations to the tar file contents as used during module build. The distribution tar file shall be verified as specified in Appendix A of the provided Security Policy. Installation and protection shall be completed as specified in Appendix A of the provided Security Policy. Initialization shall be invoked as per Section 4 of the provided Security Policy. Any deviation from specified verification, protection, installation and initialization procedures will result in a non FIPS 140-2 compliant module.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/05/2014 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Physical Security: N/A
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6 running on a Dell Poweredge SC1420 without AES-NI (gcc Compiler Version 4.4.4); Windows 7 32-bit running on an Intel Core (x64) with AES-NI running on an Intel Client Desktop (gcc Compiler Version 4.7.3); Apple iOS 6.1 running on an ARMv7 with NEON on an iPhone 5 (gcc Compiler Version 4.2.1); Android 4.1 running on an ARM Cortex A9 with NEON on a Samsung Galaxy S3 Mini (gcc Compiler Version 4.6.3) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2623); ECDSA (Cert. #451); HMAC (Cert. #1621); RNG (Cert. #1239); RSA (Cert. #1340); SHS (Cert. #2199)

-Other algorithms: CVL (non-compliant); DRBG (non-compliant); DSA (non-compliant); EC Diffie-Hellman; RSA (encrypt/decrypt); Triple-DES (non-compliant)

Multi-chip standalone

"The WatchDox Crypto Module provides the services necessary to support the cryptographic features and functions of the WatchDox Secure File Sharing services and products."
2095 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 100432-0

App Center Server Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/28/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with CentOS 6.3 on a Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"App Center Server Cryptogrpahic Module provides cryptographic functions for the Server component of Symantec App Center, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices."
2094 Securonix, Inc.
5777 W. Century Blvd.
Suite #838
Los Angeles, CA 90045
USA

-Chris Bell
TEL: 415-380-0806

CST Lab: NVLAP 100432-0

Intelligence Platform Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/28/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with CentOS 6.3 on a Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Intelligence Platform Cryptographic Module provides cryptographic functions for the Intelligence Platform products from Securonix."
2093 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst 3560-C [1], 3560-X [2] and 3750-X [3] Switches
(Hardware Versions: [3560CG-8PC-S, 3560CG-8TC-S and 3560CPD-8PT-S] [1] [B], [(WS-C3560X-24P-L and WS-C3560X-48T-L) [2] and (WS- C3750X-12S, WS-C3750X-24S, WS-C3750X-24T, WS-C3750X-48P and WS-C3750X-48T) [3]] with [C3KX-SM-10G, C3KX-NM-1G, C3KX-NM-10G, C3KX-NM-BLANK and C3KX-NM-10GT] [A] with FIPS kit packaging [C3KX-FIPS-KIT 700-34443-01] [A] and [C3KX-FIPS-KIT 47-25129-01] [B]; Firmware Version: 15.0(2)SE4)

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/27/2014;
03/12/2014
Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1024, #1269, #1275 and #2134); DRBG (Cert. #237); HMAC (Cert. #1304); RSA (Cert. #1100); SHS (Cert. #1858); Triple-DES (Cert. #1358)

-Other algorithms: AES (Cert. #2134, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Cisco Catalyst Switches provide enterprise-class access for campus and branch applications. Designed for operational simplicity to lower total cost of ownership, they enable scalable, secure and energy-efficient business operations with intelligent services and a range of advanced Cisco IOS Software features. The Catalyst Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules."
2092 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0

Samsung FIPS BC for Mobile Phone and Tablet
(Software Versions: SBC1.45_2.0 and SBC1.45_2.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/26/2014 Overall Level: 1 

-Physical Security: N/A
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Android Jelly Bean 4.1 running on Samsung Galaxy Note II; Android Jelly Bean 4.2 running on Samsung Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2353 and #2409); SHS (Certs. #2027 and #2067); RNG (Certs. #1172 and #1189); Triple-DES (Certs. #1472 and #1499); HMAC (Certs. #1459 and #1494); RSA (Certs. #1213 and #1243); DSA (Certs. #736 and #751)

-Other algorithms: Blowfish; Camellia; Camellia Light; CAST5; CAST6; DES; GOST28147-89; IDEA; IES; Rijndal; RC2; RC4; RC5; RC6; SEED; Serpent; TEA; Twofish; XTEA; Grain218; GrainV1; HC128; HC256; ISAAC; Salsa20; VMPC; Elgamal; Naccache-Stern; MD2; MD4; MD5; RIPEMD-128; RIPEMD-160; RIPEMD-256; RIPEMD-320; Tiger; Whirlpool; GOST3411; ISO9797; HMAC based on RFC 2104; VMPC-MAC; SRP6; ECMQV; Digest random generator; VMPC random number generator; Thread-based seed generator; Reverse window generator; AES light (non-compliant); ECDSA (non-compliant); AES-CMAC (non-compliant); Triple-DES-CMAC (non-compliant); Skipjack (non-compliant); Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); RSA (non-compliant); DSA (non-compliant)

Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
2091 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Optical Networking Solution (ONS) 15454 Multiservice Transport Platforms (MSTPs)
(Hardware Versions: [15454-M2-SA, 15454-M6-SA, 15454-M-TNC-K9, 15454-M-TSC-K9, 15454-M-TNCE-K9, 15454-M-TSCE-K9 and 15454-M-WSE-K9] with FIPS Kit: CISCO-FIPS-KIT=; Firmware Version: 9.8)

(When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/26/2014 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2352, #2369, #2546 and #2548); DRBG (Certs. #379 and #381); HMAC (Certs. #1567 and #1569); KBKDF (Cert. #12); RSA (Certs. #1301 and #1303); SHS (Certs. #2147 and #2149); Triple-DES (Cert. #1541)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4

Multi-chip standalone

"The Cisco ONS 15454 Multiservice Transport Platform (MSTP) is the most deployed metropolitan-area (metro) and regional dense wavelength division multiplexing (DWDM) solution in the world featuring two- through eight-degree reconfigurable optical add/drop multiplexer (ROADM) technology that enables wavelength provisioning across entire networks and eliminates the need for optical-to-electrical-to-optical (OEO) transponder conversions."
2090 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco ASR 1001 [1][K1], ASR 1002 [2][K2][E1 or E2], ASR1002-X [3][K2], ASR 1004 [4][K3][R1 or R2][E2, E3 or E4], ASR 1006 [5][K4][single or dual E2, E3, E4 or E5][dual R1 or R2] and ASR 1013 [6][K5][E4 or E5][R2]
(Hardware Versions: ASR1001 [1], ASR1002 [2], ASR1002-X [3], ASR1004 [4], ASR1006 [5] and ASR1013 [6]; FIPS KITs: ASR1001-FIPS-Kit [K1], ASR1002- FIPS-Kit [K2], ASR1004-FIPS-Kit [K3], ASR1006-FIPS-Kit [K4] and ASR1013-FIPS-Kit [K5]; Embedded Services Processors: ASR1000-ESP5 [E1], ASR1000-ESP10 [E2], ASR1000-ESP20 [E3], ASR1000-ESP40 [E4] and ASR1000-ESP100 [E5]; Route Processors: ASR-1000-RP1 [R1] and ASR-1000-RP2 [R2]; Firmware Version: 3.7.2tS)

(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/26/2014 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #333, #2346 and #2549); DRBG (Cert. #382); HMAC (Certs. #137, #1455 and #1570); RNG (Certs. #154 and #1170); RSA (Cert. #1304); SHS (Certs. #408, #2023 and #2150); Triple-DES (Certs. #397, #1469 and #1543)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; IKE KDF; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-1 (non-compliant); SNMPv3 KDF; SSH KDF; TLS KDF

Multi-chip standalone

"The ASR 1000 Routers accelerate services by offering performance and resiliency with optimized, intelligent services; establishing a benchmark for price-to-performance offerings in the enterprise routing, service provider edge, and broadband aggregation segments; facilitating significant network innovations in areas such as secure WAN aggregation, managed customer-premises-equipment services, and service provider edge services, and reducing operating expenses and capital expenditures by facilitating managed or hosted services over identical architectures and operating environments."
2089 HGST, Inc.
5601 Great Oaks Parkway
Building 50-3/C-346
San Jose, CA 95119
USA

-Rajesh Kukreja
TEL: 408-717-6261
FAX: 408-717-9494

-Jithendra Bethur
TEL: 408-717-5951
FAX: 408-717-9494

CST Lab: NVLAP 100432-0

HGST Ultrastar SSD800/1000 TCG Enterprise SSDs
(Hardware Versions: P/Ns HUSMH8080ASS205 [0001], HUSMH8040ASS205 [0001], HUSMH8020ASS205 [0001], HUSMM8080ASS205 [0001], HUSMM8040ASS205 [0001], HUSMM8020ASS205 [0001], HUSMR1010ASS205 [0001], HUSMR1050ASS205 [0001] and HUSMR1025ASS205 [0001]; Firmware Version: R210, R230 or R232)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/25/2014;
04/03/2014;
04/11/2014;
07/17/2014;
09/12/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2067 and #2365); RSA (Cert. #1220); SHS (Cert. #2037); HMAC (Cert. #1468); DRBG (Cert. #302); PBKDF (vendor affirmed);

-Other algorithms: AES (Cert. #2365, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG

Multi-chip embedded

"HGST Self-Encrypting Drives implement TCG Storage specifications, and meet or exceed the most demanding performance and security requirements. The Ultrastar SSD800/1000 series are 12Gbs SAS, TCG Enterprise SSDs."
2088 McAfee, Inc.
2821 Mission College Blvd.
Suite 100
Santa Clara, CA 95054
USA

-James Reardon
TEL: 651-628-5346

CST Lab: NVLAP 200928-0

McAfee Database Security Sensor Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode and when installed, initialized and configured as specified in the Security Policy Section 4)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/25/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 64-bit with VMWare ESXi 4.0 running on a HP Proliant DL185 GS; Windows Server 2008 64-bit with VMWare ESXi 5.0 running on a HP Proliant DL380 GS; AIX 5.3 on a IBM 9115-305; HP-UX 11.23 running on a HP RX2600 Server; Red Hat Enterprise Linux 5.9 with VMWare ESXi 5.0 running on a Dell PowerEdge R510; CentOS 5.5 with VMWare ESXi 5.0 running on a Dell PowerEdge R510; SUSE 11 patch 2 with VMWare ESXi 5.0 running on a Dell PowerEdge R510; Solaris 9 running on a Sun UltraSPARC C-III (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1557); AES (Cert. #2571); SHS (Cert. #2166); HMAC (Cert. #1587); RNG (Cert. #1223); DSA (Cert. #786); RSA (Cert. #1318)

-Other algorithms: Diffie-Hellman; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The McAfee Database Security Sensor Cryptographic Module Version 1.0, is a software shared library that provides cryptographic services required by the McAfee Database Security Sensor."
2087 Fixmo Inc.
22375 Broderick Dr.
Suite 227
Sterling, VA USA

-Daniel Ford
TEL: 443-380-3673

CST Lab: NVLAP 200556-0

Server Crypto Module
(Software Version: 1.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/24/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755; CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Fixmo Server Crypto Module provides cryptographic functions for Fixmo products and solutions."
2086 Oracle Corporation
500 Eldorado Blvd., Bldg 5
Broomfield, CO 80021
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0

StorageTek T10000C Tape Drive
(Hardware Version: P/N 7054185; Firmware Version: 1.57.308)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/22/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1568, #1570, #2404, #2405, #2406, #2407 and #2412); DRBG (Cert. #322); HMAC (Certs. #1497 and #1498); SHS (Certs. #2065 and #2066); RSA (Cert. #1246); CVL (Cert. #82)

-Other algorithms: AES (Cert. #2406, key wrapping; key establishment methodology provides 256 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); MD5; NDRNG

Multi-chip standalone

"The Oracle StorageTek T10000C Tape Drive blends the highest capacity, performance, reliability, and data security to support demanding, 24/7 data center operations. The StorageTek T10000C Tape Drive delivers the world’s fastest write speeds to a native 5 TB of magnetic tape storage; making it ideal for data center operations with growing volumes. Designed for maximum performance, the drive allows the use of multiple keys per tape with a cache memory to minimize the overhead of key transmission. Works seamlessly with the Oracle Key Manager to provide a secure end-to-end management solution."
2085 Curtiss-Wright Controls Defense Solutions
333 Palladium Drive
Kanata, Ontario K2V 1A6
Canada

-Aaron Frank
TEL: 613-599-9199 ext 5242
FAX: 613-599-7777

-Johan A Koppernaes
TEL: 613-599-9199 ext 5817
FAX: 613-599-7777

CST Lab: NVLAP 200996-0

VPX3-685 Secure Routers
(Hardware Versions: Air-Cooled Chassis: VPX3-685-A13014-FC and VPX3-685-A13020-FC; Conduction-Cooled Chassis: VPX3-685-C23014-FC and VPX3-685-C23020-FC; Firmware Version: 2.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/22/2014;
05/22/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #963); Triple-DES (Cert. #758); SHS (Certs. #934 and #1907); HMAC (Cert. #538); RSA (Cert. #1135); DSA (Cert. #713); RNG (Cert. #1111)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The VPX3-685 Secure Routers are used for strong security in the embedded defense and aerospace industries. They support industry standard encryption algorithms used in IPSec/VPN/IKE/PKI and other networking standards. Including H/W accelerated AES bulk encryption."
2084 GOTrust Technology Inc.
10F-1, No.306, Sec. 1, Wenxin Rd., Nantun Dist.
Taichung, Taiwan 408
Republic of China

-Sean Huang
TEL: +886-4-23202525
FAX: +886-4-23202580

CST Lab: NVLAP 200824-0

GO-Trust SDencrypter
(Hardware Versions: GT-3001 with GT-0330; Firmware Versions: 4.1.0.8 with 80023802-33860406 and 80023802-33860506)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 02/22/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1664); HMAC (Cert. #1426); KDF (Cert. #7); RNG (Cert. #999); RSA (Cert. #976); SHS (Cert. #1672); Triple-DES (Cert. #1237)

-Other algorithms: AES (Cert. #1664, key wrapping; key establishment methodology provides 256 bits of encryption strength); AESKW (SP 800-38F, vendor affirmed);

Multi-chip embedded

"SDencrypter is a hardware security module embedded into one microSD. The entire encryption, decryption, key generation process is completed inside the module. Fast íºin-chipí¿ processing, using a high-performance smart card chip, supports streaming voice and media operations. High-assurance protection is provided to keys and sensitive data which are encrypted and stored inside the chip."
2083 FiberLogic Communications, Inc.
5F-3, No.9 Prosperity Road One, Science-Park
Hsinchu, Taiwan 30078
Republic of China

-Jun Tseng
TEL: +886-3-5638889
FAX: +886-3-5638899

CST Lab: NVLAP 200824-0

TS-250
(Hardware Version: 1.0; Firmware Version: 1.0.0.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/22/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #1903); DSA (Cert. #601); HMAC (Cert. #1143); RNG (Certs. #997 and #1000); SHS (Cert. #1673)

-Other algorithms: AES (Cert. #1903, key wrapping); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); HRNG

Multi-chip standalone

"The TS-250 can encrypt the high speed network traffic passed through. The module can be configured to encrypt different layer of network traffic, e.g., from Ethernet frame payload or from IP packet payload."
2082 Toshiba Corporation
1-1, Shibaura 1-chome
Minato-ku, Tokyo 105-8001
Japan

-Hiroshi Ito
TEL: +81-45-776-5624
FAX: +81-45-776-5624

CST Lab: NVLAP 200822-0

Toshiba Secure TCG Opal SSC and Wipe technology Self-Encrypting Drive (MQ01ABU050BW, MQ01ABU032BW and MQ01ABU025BW)
(Hardware Version: AA; Firmware Version: FN001S)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/13/2014;
04/23/2014
Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2447 and #2448); HMAC (Cert. #1511); SHA (Cert. #2081); DRBG (Cert. #334);

-Other algorithms: NDRNG

Multi-chip embedded

"The Toshiba Secure TCG Opal SSC and Wipe Technology Self-Encrypting Drive is used for hard disk drive data security. This cryptographic module provides various cryptographic services using FIPS approved algorithms. Services are provided through an industry-standard TCG Opal SSC and the Toshiba Wipe Technology. Services include hardware-based data encryption, cryptographic erase, independently protected user data LBA ranges, host device authentication and secure automatic data invalidation. The last two services are provided by the Toshiba Wipe Technology."
2081 Dispersive Solutions, Inc.
4501 Singer Court
Suite 220
Chantilly, VA 20151
USA

-Carolyn O¦Neill Griffin
TEL: 703-209-7458

CST Lab: NVLAP 200556-0

V2VNet Common Crypto Module
(Software Version: 1.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/22/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755; CentOS 6.3 on a Dell OptiPlex 755; Mac OS X 10.8 on a MacBook Air (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"V2VNet Common Crypto Module provides cryptographic functions for Dispersive Solutions V2VNet Server Edition, a scalable solution allowing clients to communicate directly with other clients, and securely route voice, video and data communications."
2080 Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0

CN6000 Series Encryptors
(Hardware Versions: CN6040 Series: A6040B [O] (AC), A6040B [Y] (AC), A6041B [O] (DC), A6041B [Y] (DC), A6042B [O] (AC/DC) and A6042B [Y] (AC/DC); CN6100 Series: A6100B [O] (AC), A6100B [Y] (AC), A6101B [O] (DC), A6101B [Y] (DC), A6102B [O] (AC/DC) and A6102B [Y] (AC/DC); Firmware Version: 2.3.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 02/10/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2582, #2583, #2584 and #2586); Triple-DES (Cert. #1562); RSA (Cert. #1324); SHS (Cert. #2177); HMAC (Cert. #1601); DRBG (Cert. #391); CVL (Cert. #113)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN6000 Series Encryptor is a high-speed standards based hardware encryption platform designed to secure data transmitted over optical and twisted-pair Ethernet and optical Fibre Channel networks. Two models are validated: the CN6100 10G Ethernet Encryptor operating at a line rate of 10Gb/s and the CN6040, a protocol selectable model operating at data rates up to 4Gb/s. Configured in Ethernet mode the CN6040 model supports rates of 10Mb/s, 100Mb/s & 1Gb/s and in Fibre Channel mode supports rates of 1.0625, 2.125 & 4.25Gb/s. Data privacy is provided by FIPS approved AES algorithms."
2079 Hewlett Packard Development Company, L.P.
Survey No.192, Whitefield Road,
Mahadevapura Post
Bangalore, Karnataka 560 048
India

-Rahul Philip Mampallil
TEL: +91 80 33841568

-Karthik Bhagawan
TEL: +91 80 25166873
FAX: +91 80 28533522

CST Lab: NVLAP 200928-0

HP-UX Kernel Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode; The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/07/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with HP-UX 11i v3 running on an HP Integrity BL860c i2 server blade (single user mode)

-FIPS Approved algorithms: AES (Cert. #2488); SHS (Cert. #2106); HMAC (Cert. #1530); DRBG (Cert. #346); RSA (Cert. #1277)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"HP-UX Kernel Crypto Module (HP-UX KCM) is a kernel-space crypto engine in the HP-UX operating system containing core cryptographic algorithms and operations in a single shared library. It implements asymmetric, symmetric, and digest operations that are used by HP-UX security solutions. HP-UX KCM is available on HP-UX 11i v3 operating system on the HP Integrity Platform (IA-64)."
2078 Dolby Laboratories, Inc.
100 Potrero Ave.
San Francisco, CA 94103
USA

-Marvin Pribadi
TEL: 415-645-5185
FAX: 415-645-4000

CST Lab: NVLAP 100432-0

CAT904 Dolby® JPEG 2000/MPEG-2 Processor
(Hardware Versions: P/N CAT904Z Revisions FIPS_1.0, FIPS_1.0.1, FIPS_1.0.2 and FIPS_1.1; Firmware Version: 1.3.4.21)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/06/2014 Overall Level: 3 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #519, #520 and #1067); HMAC (Certs. #270 and #676); RNG (Certs. #296 and #650); RSA (Cert. #233); SHS (Certs. #592 and #1086)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TLS KDF

Multi-chip embedded

"The CAT904 Dolby® JPEG 2000/MPEG-2 Processor performs all the cryptography, license management, and video decoding functions for the DSP100 Dolby Show Player, which forms the nucleus of the Dolby Digital Cinema system. The system offers superb picture quality, outstanding reliability, and the highest level of security in the business. It includes support for JPEG 2000 playback, as specified by DCI, and MPEG-2 for compatibility with alternative content such as preshow advertising. The system also meets other key DCI specifications for security, data rate, and storage capacity."
2077 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0

Oracle Solaris Userland Cryptographic Framework
(Software Versions: 1.0 and 1.1)

(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/06/2014 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Oracle Solaris 11.1 running on a M3000 Enterprise Server; Oracle Solaris 11.1 running on a Sun Server X3-2 with AES-NI; Oracle Solaris 11.1 running on a Sun Server X3-2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2308 and #2569); Triple-DES (Certs. #1455 and #1556); RSA (Certs. #1191 and #1317); DSA (Certs. #726 and #785); ECDSA (Certs. #373 and #443); SHS (Certs. #1992 and #2165); HMAC (Certs. #1422 and #1586); RNG (Certs. #1150 and #1221)

-Other algorithms: AES-XCBC-MAC (non-compliant); SHA-512/224 (non-compliant); SHA-512/256 (non-compliant); MD4; MD5; RC4; DES; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Oracle Solaris OS utilizes the Oracle Solaris Userland Cryptographic Framework module for cryptographic functionality for any applications running in user space. It exposes PKCS#11 APIs, uCrypto APIs, and libmd public interfaces to provide cryptography to any application designed to utilize them."
2076 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200928-0

Oracle Solaris Userland Cryptographic Framework with SPARC T4 and SPARC T5
(Hardware Versions: 527-1437-01 and 7043165; Software Versions: 1.0 and 1.1)

(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 02/06/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Oracle Solaris 11.1 running on a SPARC T4-1 Server; Oracle Solaris 11.1 running on a SPARC T5-2 Server (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2310 and #2572); Triple-DES (Cert. #1457 and #1558); RSA (Cert. #1193 and #1319); DSA (Cert. #727 and #787); ECDSA (Cert. #375 and #444); SHS (Cert. #1994); HMAC (Cert. #1424 and #1594); RNG (Cert. #1153 and #1224)

-Other algorithms: AES-XCBC-MAC (non-compliant); SHA-512/224 (non-compliant); SHA-512/256 (non-compliant); MD4; MD5; RC4; DES; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Oracle Solaris OS utilizes two cryptographic modules; one in the Userland space and the second in the Kernel space. The OS uses the Oracle Solaris Userland Cryptographic Framework module for cryptographic functionality for any applications running in user space. It exposes PKCS#11 APIs, uCrypto APIs, and libmd public interfaces to provide cryptography to any application designed to utilize them. The module includes the SPARC T4 and SPARC T5 processor special instruction sets for hardware-accelerated cryptography."
2075 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL, WS-SUP720-3B, VS-S720-10G-3C or VS-S720-10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K9=, WS-SVC-WISM2-5-K9=, WS-SVC-WISM2-3-K9=, WS-SVC-WISM2-1-K9=, WS-SVC-WISM2-5-K9, WS-SVC-WISM2-3-K9 or WS-SVC-WISM2-1-K9]; Firmware Version: Supervisor Blade: Cisco IOS Release 12.2.33SXJ, Cisco IOS Release 12.2.33SXJ1 or Cisco IOS Release 12.2.33SXJ2; WiSM2: 7.0.240.0 or 7.0.250.0)

(When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/29/2014;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1347, #1348 and #2330); HMAC (Certs. #785, #786 and #787); RNG (Cert. #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1230 and #2014); Triple-DES (Cert. #935); DRBG (Cert. #289)

-Other algorithms: AES (Cert. #2330, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); FIPS 186-2 RNG (Cert. #741); NDRNG; RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
2074 ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009
USA

-David Schmolke
TEL: 760-476-2461
FAX: 760-476-4110

-Richard Quintana
TEL: 760-476-2481
FAX: 760-476-4110

CST Lab: NVLAP 100432-0

Embeddable Security System (ES-1200)
(Hardware Version: P/N 1174941, Rev. 001; Firmware Version: 1.0.7)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/22/2014;
03/12/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #2633, #2634 and #2635); DRBG (Cert. #406); SHS (Cert. #2207)

-Other algorithms: NDRNG

Multi-chip embedded

"The ES-1200 is a low cost, size, weight & power multichip programmable embedded cryptographic module. It provides encryption and decryption services, plaintext bypass, key management, and PIN-based access control. The ES-1200 is intended for use in environments where FIPS 140-2 Level 2 cryptographic products are required. Typical applications are military Transmission Security (TRANSEC), Communications Security (COMSEC), and Data-At-Rest (DAR) using Suite B cryptography."
2073 GoldKey Security Corporation
26900 E Pink Hill Road
Independence, MO 64057
USA

-GoldKey Sales & Customer Service
TEL: 816-220-3000
FAX: 419-301-3208

-Jon Thomas
TEL: 567-270-3830
FAX: 419-301-3208

CST Lab: NVLAP 200658-0

GoldKey Security Token Cryptographic Module
(Hardware Version: IC USB-CONTROLLER-2LF; Firmware Version: 7.12)

(When operated in FIPS mode with Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/29/2014 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2347); SHS (Cert. #2024); DRBG (Cert. #297); Triple-DES (Cert. #1470); EC Diffie-Hellman (CVL Cert. #54, key agreement); RSA (Cert. #1210); RSA (CVL Cert. #54, signature primitive); ECDSA (Cert. #384)

-Other algorithms: N/A

Single-chip

"Provides cryptographic algorithm implementation for GoldKey Products"
2072 Chunghwa Telecom Co., Ltd.
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei, Taoyuan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886 3 424 4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0

HiCOS PKI Native Smart Card Cryptographic Module
(Hardware Version: RS45C; Firmware Version: HardMask: 2.2 and SoftMask: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/29/2014 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1419); Triple-DES MAC (Triple-DES Cert. #1419, vendor affirmed); SHS (Cert. #1953); RSA (Cert. #1165); DRBG (Cert. #280)

-Other algorithms: NDRNG; Triple-DES (Cert. #1419, key wrapping; key establishment methodology provides 112-bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate."
2071 Fujitsu limited
4-1-1 Kamikodanaka
Nakahara-ku
Kawasaki, Kanagawa 211-8588
Japan

-Eugene Owens
TEL: 408-746-6486
FAX: 408-746-8016

-Hiroyuki Miura

CST Lab: NVLAP 200822-0

ETERNUS DX400/DX8000 Controller Module
(Firmware Version: V20L80-1000)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Firmware 01/24/2014 Overall Level: 1 

-Mitigation of Other Attacks: N/A

-Tested: ETERNUS DX410 with VxWorks 6.3; ETERNUS DX8400 with VxWorks 6.3

-FIPS Approved algorithms: AES (Cert. #2542); RNG (Cert. #1207); SHS (Cert. #2142)

-Other algorithms: Fujitsu Original Encryption (Encryption/Decryption); AES (Cert. #2542, key wrapping)

Multi-chip embedded

"ETERNUS DX400/DX8000 Controller Module is a module which manages the whole disk storage system. In order to prevent a data leakage by removal of disks, the disk encryption mechanism encrypts data on the disks. This encryption function is valid if the Disk Encryption mechanism is activated through GUI."
2070 API Technologies Corp.
4705 S. Apopka Vineland Road
Suite 210
Orlando, FL 32819
USA

-Henry Gold
TEL: 855-294-3800

CST Lab: NVLAP 200556-0

Common Crypto Module for PRIISMS, PRIISMS RD, SA5600-IA and NetGard MFD
(Software Version: 1.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/24/2014;
04/23/2014
Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755; CentOS 6.3 on a Dell OptiPlex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Common Crypto Module for PRIISMS, PRIISMS RD, SA5600-IA, and NetGard MFD is a standards-based cryptographic engine for servers and appliances. The module delivers core cryptographic functions and features robust algorithm support, including Suite B algorithms."
2069 Hewlett-Packard Company
8000 Foothills Blvd
Roseville, CA 95747
USA

-Sunil Amanna
TEL: 916-785-1183
FAX: 916-785-1103

-Harjit Dhillon
TEL: 916-785-0341
FAX: 916-785-1103

CST Lab: NVLAP 200002-0

HP Networking 3800 Switch Series
(Hardware Versions: Switches: (3800-24G-PoE+-2SFP+ Switch (J9573A) [1]; 3800-48G-PoE+-4SPF+ Switch (J9574A) [2]; 3800-24G-2SFP+ Switch (J9575A) [3]; 3800-48G-4SFP+ Switch (J9576A) [4]; 3800-24G-2XG Switch (J9585A) [5]; 3800-48G-4XG Switch (J9586A) [6]; 3800-24G-PoE+-2XG Switch (J9587A) [7]; 3800-48G-PoE+-4XG Switch (J9588A) [8] and 3800-24SFP-2SFP+ Switch (J9584A) [9]); Power Supplies: (J9580A [1,2,7,8] and J9581A [3,4,5,6,9]) with Tamper Evident Seal Kit: J9740A; Firmware Version: KA.15.10.0015)

(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/24/2013 Overall Level: 2 

-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Cert. #2051); Triple-DES (Cert. #1322); HMAC (Cert. #1248); SHS (Certs. #1795 and 1796); RSA (Certs. #1067 and #1068); DSA (Cert. #649); RNG (Cert. #1071)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; MD5-96; SHA-1-96 (non-compliant); RNG (Cert. #544; non-compliant); NDRNG

Multi-chip standalone

"The HP Networking 3800 Switch Series cryptographic modules are a family of next-generation gigabit Layer 2/3 enterprise-class access layer switches. The 3800 Switch Series, which is designed with a custom HP ProVision ASIC, delivers unmatched performance and scalability to meet the needs of the most demanding enterprise networks. The HP Networking 3800 Switch Series modules integrate 10 Gb connectivity for high-performance links to the network aggregation and core; allowing for increased throughput and network link redundancy."
2068 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Andy Nissen

CST Lab: NVLAP 200556-0

McAfee SIEM Cryptographic Module
(Software Version: 1.0)

(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/24/2013 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with McAfee Nitro OS 9.1 running on McAfee SIEM Appliance (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2229 and #2230); CVL (Certs. #33 and #34); DSA (Certs. #690 and #691); ECDSA (Certs. #343 and #344); HMAC (Certs. #1357 and #1358); RNG (Certs. #1115 and #1116); RSA (Certs. #1141 and #1142); SHS (Certs. #1917 and #1918); Triple-DES (Certs. #1395 and #1396)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The McAfee SIEM Cryptographic Module provides cryptographic services required by the McAfee SIEM environments."
2067 McAfee, Inc.
2821 Mission College Blvd.
Santa Clara, CA 95054
USA

-Andy Nissen

CST Lab: NVLAP 200556-0

McAfee Virtual SIEM Cryptographic Module
(Software Version: 1.0)

(The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/24/2013 Overall Level: 1 

-Physical Security: N/A
-Mitigation of Other Attacks: N/A

-Operational Environment: Tested as meeting Level 1 with McAfee Nitro OS 9.1 on VMWare ESXi 5.0 running on a McAfee SIEM appliance

-FIPS Approved algorithms: AES (Certs. #2228 and #2231); CVL (Certs. #32 and #35); DSA (Certs. #689 and #692); ECDSA (Certs. #342 and #345); HMAC (Certs. #1356 and #1359); RNG (Certs. #1114 and #1117); RSA (Certs. #1140 and #1143); SHS (Certs. #1916 and #1919); Triple-DES (Certs. #1394 and #1397)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The McAfee Virtual SIEM Cryptographic Module provides cryptographic services required by the McAfee SIEM virtual environments."
2066 Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0

Kanguru Defender Elite 200™
(Hardware Version: 1.0 (P/Ns KDFE200-4G-Red, KDFE200-4G-Green, KDFE200-4G-Blue, KDFE200-4G-Yellow, KDFE200-4GBrown, KDFE200-4G-Gray, KDFE200-4G-Silver, KDFE200-8G-Red, KDFE200-8G-Green, KDFE200-8G-Blue, KDFE200- 8G-Yellow, KDFE200-8G-Brown, KDFE200-8G-Gray, KDFE200-8G-Silver, KDFE200-16G-Red, KDFE200-16G-Green, KDFE200-16G-Blue, KDFE200-16G-Yellow, KDFE200-16G-Brown, KDFE200-16G-Gray, KDFE200-16G-Silver, KDFE200- 32G-Red, KDFE200-32G-Green, KDFE200-32G-Blue, KDFE200-32G-Yellow, KDFE200-32G-Brown, KDFE200-32G-Gray, KDFE200-32G-Silver, KDFE200-64G-Red, KDFE200-64G-Green, KDFE200-64G-Blue, KDFE200-64G-Yellow, KDFE200-64G-Brown, KDFE200-64G-Gray, KDFE200-64G-Silver, KDFE200-128G-Red, KDFE200-128G-Green, KDFE200-128G-Blue, KDFE200-128G-Yellow, KDFE200-128G-Brown, KDFE200-128G-Gray, KDFE200-128G-Silver); Firmware Version: 2.03.10 and 2.05.10))

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/24/2013;
02/28/2014;
06/05/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Kanguru Defender Elite 200™ is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device. It can also be used as a secure platform for remote access and virtualized applications run directly from the device. The device supports onboard hardware random number generation, RSA, HMAC and algorithms."
2065 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco 5508 Wireless LAN Controller
(Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Versions: 7.0.240.0 or 7.0.250.0)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/24/2013;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3
-Mitigation of Other Attacks: N/A

-FIPS Approved algorithms: AES (Certs. #1347, #1348 and #2330); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #2014, #1228 and #1230); Triple-DES (Cert. #935); DRBG (Cert. #289)

-Other algorithms: AES (Cert. #2330, key wrapping; key establishment methodology provides 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
2064

CST Lab: NVLAP 200002-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/23/2013 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

2063 Neopost Technologies, S. A.
113 Rue Jean-Marin Naudin
Bagneux, 92220
France

-Nathalie TORTELLIER
TEL: 33 01 45 36 30 72
FAX: 33 01 45 36 30 10

CST Lab: NVLAP 200983-0

PSD MODEL 145, 146, 147, 148
(Hardware Version: 4150859LB; Firmware Version: P/N A0015972B, Version 28.02)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/18/2013 Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: RSA (Cert. #260); AES (Cert. #563); HMAC (Cert. #300); SHS (Cert. #629); ECDSA (Cert. #385); RNG (Cert. #328); CVL (Cert. #96)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Neopost PSD (Postal Security Device) for low range Postage Evidencing Systems (PES)."
2062 Cubic Global Tracking Solutions
2560 Mission College Blvd.
Suite 130
Santa Clara, CA 95054-1217
USA

-Paul Berenberg
TEL: 650-887-0805

-Brenda Perrow
TEL: 858-505-2355

CST Lab: NVLAP 200802-0

Cubic Managed Asset Tag (MAT) Cryptographic Module and Cubic SINK Cryptographic Module
(Hardware Version: 380270-1 Rev. -; Firmware Version: mat_v2_1_0 or sink_v2_1_0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/17/2013;
01/24/2014
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #1863); DRBG (Cert. #150)

-Other algorithms: NDRNG

Single-chip

"The Cubic Managed Asset Tag Cryptographic Module and Cubic SINK Cryptographic Module securely sends and receives information collected from peripheral sensors to/from an external Cubic Gateway in support of Cubic Mist® mesh networking solutions."
2061 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Joshua Brickman
TEL: 781-442-0451
FAX: 1-781-442-0451

-Linda Gallops
TEL: 1-781-442-0451
FAX: 1-781-442-0451

CST Lab: NVLAP 200928-0

Oracle Solaris Kernel Cryptographic Framework
(Software Versions: 1.0 and 1.1)

(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/13/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Oracle Solaris 11.1 running on a M3000 Enterprise Server without AES-NI; Oracle Solaris 11.1 running on a Sun Server X3-2 with AES-NI; Oracle Solaris 11.1 running on a Sun Server X3-2 without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2309 and #2573); Triple-DES (Certs. #1456 and #1559); RSA (Certs. #1192 and #1320); ECDSA (Certs. #374 and #445); SHS (Certs. #1993 and #2173); HMAC (Certs. #1423 and #1595); RNG (Certs. #1151 and #1225)

-Other algorithms: AES-CTS (non-compliant); AES-XCBC-MAC (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Oracle Solaris OS utilizes the Oracle Solaris Kernel Cryptographic Framework module to provide cryptographic functionality for any kernel-level processes that require it, via Oracle-proprietary APIs."
2060 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Joshua Brickman
TEL: 781-442-0451
FAX: 1-781-442-0451

-Linda Gallops
TEL: 1-781-442-0451
FAX: 1-781-442-0451

CST Lab: NVLAP 200928-0

Oracle Solaris Kernel Cryptographic Framework with SPARC T4 and SPARC T5
(Hardware Versions: 527-1437-01 and 7043165; Software Versions: 1.0 and 1.1)

(When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 12/13/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Oracle Solaris 11.1 running on a SPARC T4-1 Server; Oracle Solaris 11.1 running on a SPARC T5-2 Server (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2311 and #2574); Triple-DES (Certs. #1458 and #1560); RSA (Certs. #1194 and #1321); ECDSA (Certs. #376 and #446); SHS (Cert. #1994); HMAC (Certs. #1425 and #1596); RNG (Certs. #1152, #1154, #1222 and #1226)

-Other algorithms: AES-CTS (non-compliant); AES-XCBC-MAC (non-compliant); MD4; MD5; HMAC-MD5; RC4; DES; Blowfish; Triple-DES (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Oracle Solaris OS utilizes the Oracle Solaris Kernel Cryptographic Framework module to provide cryptographic functionality for any kernel-level processes that require it, via Oracle-proprietary APIs. The module includes the SPARC T4 processor special instruction sets for hardware-accelerated cryptography."
2059 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81 46 202 8074
FAX: +81 46 202 6304

CST Lab: NVLAP 100432-0

Gemini
(Hardware Version: 1.0.0; Firmware Version: 2.0.0 and 2.1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/13/2013;
05/22/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); SHS (Certs. #1364, #1365, #1366 and #1367); HMAC (Certs. #901 and #902); RSA (Certs. #750 and #751); RNG (Certs. #828, #829 and #830); CVL (Cert. #115)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5

Multi-chip embedded

"The primary purpose of the Gemini is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
2058 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 6.1 or 6.1.1.0.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/13/2013;
07/03/2014
Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Oracle® JRE 7.0 on Microsoft® Windows 7™ (64-bit) running on Dell™ Dimension C521; JRE 6.0 on Android 2.2 ARM (32-bit) running on Lenovo® Thinkpad® T61 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2249); DRBG (Cert. #273); DSA (Cert. #701); ECDSA (Cert. #357); HMAC (Cert. #1378); PBKDF (vendor affirmed); RNG (Cert. #1123); RSA (Cert. #1154); SHS (Cert. #1938); Triple-DES (Cert. #1408); CVL (Cert. #39)

-Other algorithms: BPS; DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime; Shamir's Secret Sharing

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
2057 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-J JSAFE and JCE Software Module
(Software Version: 6.1or 6.1.1.0.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/13/2013;
07/03/2014
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Oracle® JRE 7.0 on Microsoft® Windows 7™ (64-bit) running on Dell™ Dimension C521; JRE 6.0 on Android 2.2 ARM (32-bit) running on Lenovo® Thinkpad® T61 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2249); DRBG (Cert. #273); DSA (Cert. #701); ECDSA (Cert. #357); HMAC (Cert. #1378); PBKDF (vendor affirmed); RNG (Cert. #1123); RSA (Cert. #1154); SHS (Cert. #1938); Triple-DES (Cert. #1408); CVL (Cert. #39)

-Other algorithms: BPS; DES; DESX; Diffie-Hellman; EC Diffie-Hellman; ECIES; HMAC-MD5; MD2; MD4; MD5; RC2; RC4; RC5; RIPEMD160; RSA (encrypt/decrypt); RSA Keypair Generation MultiPrime; Shamir's Secret Sharing

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
2056 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Version: 4.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/05/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 32-bit); Red Hat Enterprise Linux 5.0 running on a IBM 7044-170 (PPC 64-bit); Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 32-bit); Red Hat Enterprise Linux 5.5 running on a Intel Maho Bay with AES-NI (x86 32-bit); Red Hat Enterprise Linux 5.5 running on a Dell Dimension E521 (x86 64-bit); Red Hat Enterprise Linux 5.5 running on a HP rx2600 (Itanium2 64-bit); Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 32-bit); Red Hat Enterprise Linux 6.0 running on a Dell Dimension E521 (x86 64-bit); Red Hat Enterprise Linux 6.0 running on a Intel Maho Bay with AES-NI (x86 64-bit); Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8 32-bit); Oracle Solaris 10 running on a Sun Sunblade 100 (SPARC v8+ 32-bit); Oracle Solaris 10 running on a Sun Fire V240 (SPARC v9 64-bit); Oracle Solaris 10 running on a Dell Poweredge SC420 (x86 32-bit); Oracle Solaris 10 running on a Intel Sugar Bay with AES-NI (x86 32-bit); Oracle Solaris 10 running on a Dell Dimension E521 (x86 64-bit); Oracle Solaris 10 running on a Intel Sugar Bay with AES-NI (x86 64-bit); Microsoft Windows XP Professional SP3 running on a Dell Poweredge SC420 (x86 32-bit); Microsoft Windows XP Professional SP3 running on a Dell Precision M6500 with AES-NI (x86 32-bit); Microsoft Windows XP Professional SP2 running on a Indus Technologies Idex 410 (x86 64-bit); Microsoft Windows 7 SP1 running on a Dell Precision M6500 with AES-NI (x86 64-bit); Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 32-bit); Microsoft Windows Server 2003 running on a Dell Dimension E521 (x86 64-bit); Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit); Microsoft Windows Server 2003 running on a HP rx2620 (Itanium2 64-bit); IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 32-bit); IBM AIX 5L v5.3 running on a IBM 9110-51A (PPC 64-bit); IBM AIX v6.1 running on a IBM 9110-51A (PPC 32-bit); IBM AIX v6.1 running on a IBM 9110-51A (PPC 64-bit); IBM AIX v7.1 running on a IBM 8231-E2B (PPC 32-bit); IBM AIX v7.1 running on a IBM 8231-E2B (PPC 64-bit); HP HP-UX 11.23 running on a HP Visualize C3600 (PA RISC 2.0 32-bit); HP HP-UX 11.23 running on a HP Visualize C3600 (PA-RISC 2.0W 64-bit); HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 32-bit); HP HP-UX 11.31 running on a HP Workstation zx2000 (Itanium2 64-bit); Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 32-bit); Apple Mac OS X 10.6 Snow Leopard running on a Apple Macbook (x86 64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RNG (Cert. #1057); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2055 ActivIdentity
6623 Dumbarton Circle
Fremont, CA 94555
USA

-Stephane Ardiley
TEL: 510-745-6288
FAX: 510-574-0101

CST Lab: NVLAP 200427-0

ActivIdentity Digital Identity Applet v2 on Gemalto IDCore 3020 (v2)
(Hardware Version: A1023378; Firmware Version: Build#11 - M1005011+ Softmask V03, Applet Version: Digital Identity Applet Suite 2.7)

(PIV Card Application: Cert. #34)

(When operated with module TOP DL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/05/2013;
02/06/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1363); ECDSA (Cert. #172); RNG (Cert. #749); RSA (Cert. #664); SHS (Cert. #1243); Triple-DES (Cert. #938); Triple-DES MAC (Triple-DES Cert. #938, vendor affirmed); CVL (Certs. #217 and #224)

-Other algorithms: N/A

Single-chip

"This module is based on a Java Card platform (IDCore 3020 v2) with 128K EEPROM memory and the ActivIdentity Digital Identity Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
2054 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0

Datacryptor® 100M Ethernet
(Hardware Version: 1600x439, Rev. 01 and 1600x439, Rev. 02; Firmware Version: 5.0)

(When configured with the Multi-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/05/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2014, #2030 and #2065); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34, key agreement; key establishment methodology provides 192 bits of encryption strength)

-Other algorithms: AES (Cert. #2014, key wrapping); HWRBG

Multi-chip standalone

"The Datacryptor® 100 Mbps Ethernet Layer 2 is a rack-mountable multi-chip standalone cryptographic module designed to secure data in transmissions across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Elliptic Curve Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM. Management of the Datacryptor® is performed via a remote management interface."
2053 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0

Datacryptor® 100M Ethernet
(Hardware Version: 1600x439, Rev. 01 and 1600x439, Rev. 02; Firmware Version: 5.0)

(When configured with the Point-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/05/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2014, #2030 and #2062); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1)

-Other algorithms: HWRBG

Multi-chip standalone

"The Datacryptor® 100 Mbps Ethernet Layer 2 is rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public Ethernet Layer 2 networks. The Datacryptor® uses 100BaseT ports to connect the host and public sides of the network. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks. Management of the Datacryptor® is performed via a remote management interface."
2052 Juniper Networks, Inc
1194 North Mathilda Ave
Sunnyvale, CA 94089
USA

-Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 200697-0

MX Series 3D Universal Edge Routers with the Multiservices DPC
(Hardware Version: [(MX240 with one to two 750-024064), (MX480 and MX960 with one to four 750-024064)] with (750-021524 and RE-S-2000-4096-S) and JNPR-FIPS-TAMPER-LBL; Firmware Version: JUNOS-FIPS 10.4R11)

(The tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/05/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #762, #2218, #2221 and #2222); Triple-DES (Certs. #667, #1388, #1390 and #1391); SHS (Certs. #769, #1908, #1909, #1912 and #1913); HMAC (Certs. #417, #1348, #1349, #1351 and #1352); RNG (Cert. #1112); DSA (Cert. #688); RSA (Cert. #1137)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant); SSH KDF (non-compliant); IKEv1 KDF (non-compliant); NDRNG; ANSI X9.62 RNG (non-compliant)

Multi-chip standalone

"MX Series 3D Universal Edge Routers is a family of Ethernet routers designed to meet very large scale and medium-to-small size applications. It is capable of supporting business, mobile, and residential, services in even the fastest-growing networks and markets. With the Multiservices DPC (the MX Series) provides dedicated high-performance processing for flows and sessions, and integrates advanced security capabilities that protect the network infrastructure as well as user data."
2051 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

µMACE
(Hardware Version: P/N AT58Z04; Firmware Versions: R01.03.11, R01.03.12, or R01.03.13)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/03/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1876 and #2146); ECDSA (Cert. #263); KAS (Cert. #28); SHS (Cert. #1619); HMAC (Cert. #1313)

-Other algorithms: AES (Cert. #1876, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (Cert. #1876, vendor affirmed; P25 AES OTAR); AES (Cert. #2146; non-compliant); NDRNG

Single-chip

"The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products."
2050 Brocade Communications Systems, Inc
130 Holger Way,
San Jose, CA 95134
USA

-Chris Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

Brocade ICX 6430 and ICX 6450 Series Stackable Switch with FastIron 7.4.00a Firmware
(Hardware Versions: ICX-6430-24 P/N 80-1006002-02, ICX-6430-24P P/N 80-1006000-02, ICX-6430-48 P/N 80-1006003-02, ICX-6430-48P P/N 80-1006001-02, ICX-6450-24 P/N 80-1005997-02, ICX-6450-24P P/N 80-1005996-02, ICX-6450-48 P/N 80-1005999-03 and ICX-6450-48P P/N 80-1005998-02 with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: FastIron v7.4.00a)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/03/2013;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1403); AES (Cert. #2243); SHS (Cert. #1933); HMAC (Cert. #1373); DRBG (Cert. #268); DSA (Cert. #696); RSA (Cert. #1149); ECDSA (Cert. #352)

-Other algorithms: RSA (key wrapping: key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC-MD5; SNMPv3 KDF; SSHv2 KDF; TLSv1.0 KDF; Proprietary two way encryption; DES

Multi-chip standalone

"The Brocade ICX 6430 and 6450 Switches provide enterprise-class stackable LAN switching solutions to meet the growing demands of campus networks. Brocade ICX 6430 and 6450 are available in 24- and 48- port 10/100/1000/ Mbps models and 1 Gigabit Ethernet (GbE) or 10 GbE dual-purpose uplink/stacking ports, with or without IEEE 802.3af Power over Ethernet (PoE) and 802.3at Power over Ethernet Plus (PoE+ - to support enterprise edge networking, wireless mobility, and IP communications."
2049 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200928-0

SafeNet Software Cryptographic Library
(Software Version: 1.0)

(When operated in FIPS mode and when installed, initialized and configured as specified in Section 4 of the provided Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy; No assurance of the minimum strength of generated keys.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/27/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008R2 64-bit running on Dell PowerEdge R210II with AES-NI; Windows Server 2008 64-bit running on Dell PowerEdge R210II; Windows 7 64-bit running on a Acer Aspire AS5750 with AES-NI; Windows 7 32-bit running on a Acer Aspire AS5750; NetBSD 4.0 32-bit on Vmware ESX running on Dell PowerEdge R210II with AES-NI; Android 4.0 running on Beagleboard xM with AES-NI; RHEL 6.2 64-bit running on a Dell PowerEdge R210II with AES-NI; CentOS 5.6 32-bit running on a Dell PowerEdge 860 (Single User Mode)

-FIPS Approved algorithms: AES (Cert. #2286); Triple-DES (Cert. #1434); SHS (Cert. #1967); HMAC (Cert. #1402); RNG (Cert. #1137); DRBG (Cert. #283); RSA (Cert. #1176); DSA (Cert. #714); ECDSA (Cert. #370); CVL (Cert. #45)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The SafeNet Software Cryptographic Library is SafeNet's cryptographic service provider that provides extended high performance cryptographic services for SafeNet's broad range of Data Protection products."
2048 Allegro Software Development Corporation
1740 Massachusetts Avenue
Boxborough, MA 01719
USA

-Larry LaCasse
TEL: 978-264-6600

CST Lab: NVLAP 200928-0

Allegro Cryptographic Engine
(Software Version: 1.1.8)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/27/2013;
02/20/2014
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows 7 Ultimate running on a Dell Optiplex 755

-FIPS Approved algorithms: AES (Cert. #2671); Triple-DES (Cert. #1602); RSA (Cert. #1374); DSA (Cert. #810); ECDSA (Cert. #465); SHS (Cert. #2243); HMAC (Cert. #1661); DRBG (Cert. #430); CVL (Cert. #148); PBKDF2 (vendor affirmed)

-Other algorithms: MD5; AES (Cert. #2671, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (CVL Cert. #148, key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Cert. #148, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength); NDRNG

Multi-chip standalone

"Allegro’s suite of Embedded Device Security toolkits makes embedding standards-based security protocols into resource sensitive embedded systems and consumer electronics fast, easy and reliable. The Allegro Cryptographic Engine (ACE) is a cryptographic library module specifically engineered for embedded devices. The module provides embedded systems developers with an easily understood software interface to enable bulk encryption and decryption, message digests, digital signature creation and validation and key generation and exchange. For full details see www.allegrosoft.com/ace."
2047 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Damon Hopley
TEL: 781-515-6355

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Hardware Version: SPARC T4; Software Version: 4.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 11/25/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Solaris 10 running on SPARC T4-2 (single user mode)

-FIPS Approved algorithms: AES (Cert. #2017); DRBG (Cert. #191); DSA (Cert. #642); ECDSA (Cert. #292); HMAC (Cert. #1221); RNG (Cert. #1057); RSA (Cert. #1046); SHS (Cert. #1767); Triple-DES (Cert. #1302)

-Other algorithms: Camellia; DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; Entropy RNG; HMAC MD5; MD2; MD4; MD5; OTP RNG; PBKDF1 SHA-1 (non-compliant); PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
2046 WatchGuard Technologies, Inc.
505 Fifth Avenue South, Suite 500
Seattle, WA 98104
USA

-Peter Eng
TEL: 206-613-6600

CST Lab: NVLAP 200556-0

XTM 515, XTM 525, XTM 535 and XTM 545
(Hardware Versions: NC2AE8 (XTM 515, XTM 525, XTM 535 and XTM 545) with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.5.5)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/18/2013 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #1079 and #1380); AES (Certs. #1659 and #2180); SHS (Certs. #1453 and #1890); HMAC (Certs. #974 and #1334); RSA (Cert. #1124); ECDSA (Cert. #339); RNG (Cert. #1103); DSA (Cert. #684)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5; TKIP; AES-CCM (non-compliant); Password Based Key Derivation Function (for 128 bit AES key; non-compliant)

Multi-chip standalone

"WatchGuard Fireware XTM extensible threat management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need."
2045 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Version: 5.5fs)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/18/2013;
01/03/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Integrity O/S 5.0 running on Freescale MPC8544ADS Development System; iOS-5 running on Apple iPad 2; iOS-6 running on Apple iPad 2 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2356 and #2096); Triple-DES (Cert. #1333); SHS (Cert. #1820); HMAC (Cert. #1271); RSA (Cert. #1075); DSA (Cert. #655); ECDSA (Cert. #307); RNG (Cert. #1078); DRBG (Cert. #221)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
2044 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0

Samsung Key Management Module
(Software Versions: KM1.1 and KM1.3)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/18/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 running on Galaxy S2 and Galaxy S3; Android Jelly Bean 4.1 running on Galaxy Note II; Android Jelly Bean 4.2 running on Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2048, #2098, #2142, #2143, #2257 and #2393); SHS (Certs. #1792, #1822, #1864, #1865, #1944 and #2055); RNG (Certs. #1069, #1080, #1097, #1098, #1127 and #1185); HMAC (Certs. #1245, #1273, #1309, #1310, #1384 and #1484); PBKDF (vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Provides general purpose key management services to user-space applications on the mobile platform."
2043 Hewlett-Packard Company
Longdown Avenue
Stoke Grifford, Bristol BS34 8QZ
United Kingdom

-Laura Loredo
TEL: 44 117 3162462

CST Lab: NVLAP 100432-0

HP LTO-6 Tape Drive
(Hardware Version: AQ278A #912 [1], AQ278C #704 [2], AQ288D #103 [3], and AQ298C #103 [4]; Firmware Version: J2AW [1], J2AS [2], 32AW [3], and 22CW [4])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/15/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1442, #2189 and #2190); HMAC (Cert. #1342); DRBG (Cert. #256); RSA (Certs. #1128 and #1129); SHS (Certs. #1897 and #1898); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: MD5; AES (AES Cert. #2189, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption."
2042 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0

Datacryptor® SONET/SDH OC-3/12/48/192C
(Hardware Version: 1600x435, Rev. 02 and 1600x427, Rev. 02; Firmware Version: 5.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/15/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2014, #2030, #2061 and #2063); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1)

-Other algorithms: HWRBG

Multi-chip standalone

"The Datacryptor® SONET/SDH OC-3/12/48/192C are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public SONET or SDH backbone networks. The devices use standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks."
2041 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0

Datacryptor® Gig Ethernet and 10 Gig Ethernet
(Hardware Version: 1600x433, Rev. 02 and 1600x437, Rev. 02; Firmware Version: 5.0)

(When configured with the Multi-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/15/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2014, #2030, #2064 and #2066); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34)

-Other algorithms: AES (Cert. #2014, key wrapping); HWRBG

Multi-chip standalone

"The Datacryptor® Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules designed to secure data transmissions across public Ethernet Layer 2 networks. The Gig Ethernet uses an SFP transceiver and the 10 Gig Ethernet uses a higher-speed XFP transceiver. The Datacryptor® employs an automatic key generation and exchange mechanism using X.509 v3 certificates and the Elliptic Curve Diffie-Hellman key agreement scheme. The algorithm used for securing data transmission is AES-256 GCM."
2040 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise S1104, S2008, S3008, S4016, S5032 and S6032
(Hardware Versions: (FWE-S1104, FWE-S2008, FWE-S3008, FWE-S4016, FWE-S5032 and FWE-S6032) with FRU-686-0089-00; Firmware Version: 8.3.1)

(When installed, initialized and configured as indicated in the Security Policy in Section 3. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/15/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1833, #2303 and #2305); Triple-DES (Certs. #1185, #1451 and #1453); SHS (Certs. #1612, #1988 and #1990); HMAC (Certs. #1086, #1418 and #1420); RNG (Certs. #964, #1146 and #1148); RSA (Certs. #1187 and #1189); DSA (Certs. #722 and #724)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
2039 Thales e-Security
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

-Joe Warren
TEL: 321-264-2928

CST Lab: NVLAP 200416-0

Datacryptor® Gig Ethernet and 10 Gig Ethernet
(Hardware Version: 1600x433, Rev. 02 and 1600x437, Rev. 02; Firmware Version: 5.0)

(When configured with the Point-Point license as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/15/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2014, #2030, #2061 and #2063); ECDSA (Certs. #289 and #304); SHS (Certs. #1764 and #1808); DRBG (Cert. #188); KAS (Cert. #34); KBKDF (Cert. #1)

-Other algorithms: HWRBG

Multi-chip standalone

"The Datacryptor® 1 Gig Ethernet and 10 Gig Ethernet are rack-mountable multi-chip standalone cryptographic modules which facilitate secure data transmission across public Ethernet Layer 2 networks. The 1 Gig and 10 Gig units use an standard SFP/XFP optical transceivers for their host and network connections. The Datacryptor® offers user verification services via ECDSA enabled X.509 v.3 certificates, key management based on a Elliptic Curve Diffie-Hellman key agreement scheme, and AES encryption of data passing over public networks."
2038 SafeLogic, Inc.
530 Lytton Avenue
Suite 200
Palo Alto, CA USA

-SafeLogic Inside Sales

CST Lab: NVLAP 200556-0

CryptoComply™ | Server
(Software Version: 2.1)

(The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/15/2013;
01/23/2014;
02/20/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 on a Dell OptiPlex 755; SUSE Linux Enterprise 11 SP2 on a Dell OptiPlex 755; CentOS 6.3 on a Dell OptiPlex 755; Mac OS X 10.8 on a MacBook Air; Red Hat Enterprise Linux 6.3 on a Dell OptiPlex 755; CentOS 6.3 on a GigaVUE-TA1 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2273); HMAC (Cert. #1391); DSA (Cert. #709); ECDSA (Cert. #368); RSA (Cert. #1166); SHS (Cert. #1954); Triple-DES (Cert. #1420); DRBG (Cert. #281); CVL (Cert. #44); RNG (Cert #1132)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"CryptoComply™ | Server is a standards-based "Drop-in Compliance" solution for servers and appliances. The module features robust algorithm support, including Suite B algorithm compliance. CryptoComply offloads secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation."
2037 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Christopher Marks
TEL: 408-333-0480
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones; 6510 FC Switch; 6520 FC Switch; and 7800 Extension Switch
(Hardware Versions: {[DCX Backbone P/Ns 80-1001064-10, 80-1006751-01, 80-1004920-04 and 80-1006752-01; DCX 8510-8 Backbone P/Ns 80-1004917-04 and 80-1007025-01; DCX-4S Backbone P/Ns 80-1002071-10, 80-1006773-01, 80-1002066-10 and 80-1006772-01; DCX 8510-4 Backbone P/Ns 80-1004697-04, 80-1006963-01, 80-1005158-04 and 80-1006964-01)] with Blade P/Ns 80-1001070-07, 80-1006794-01, 80-1004897-01, 80-1004898-01, 80-1002000-02, 80-1006771-01, 80-1001071-02, 80-1006750-01 80-1000696-01, 80-1005166-02, 80-1005187-02, 80-1001066-01, 80-1006936-01, 80-1001067-01, 80-1006779-01, 80-1001453-01, 80-1006823-01, 80-1003887-01, 80-1007000-01, 80-1002762-04, 80-1006991-01, 80-1000233-10, 80-1002839-03, 80-1007017-01, 49-1000016-04, 49-1000064-02 and 49-1000294-05; 6510 FC Switch P/Ns 80-1005232-03, 80-1005267-03, 80-1005268-03, 80-1005269-03, 80-1005271-03 and 80-1005272-03; 6520 FC Switch P/Ns 80-1007245-01, 80-1007246-01, 80-1007242-01, 80-1007244-01 and 80-1007257-01; 7800 Extension Switch P/Ns 80-1002607-07, 80-1006977-02, 80-1002608-07, 80-1006980-02, 80-1002609-07 and 80-1006979-02} with FIPS Kit P/N Brocade XBR-000195; Firmware Version: Fabric OS v7.1.0 (P/N 63-1001187-01))

(When operated in FIPS mode and when tamper evident labels are installed on the initially built configuration as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/13/2013 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #652 and #1043); AES (Certs. #731, #1595 and #1596); SHS (Certs. #749, #1407 and #1408); HMAC (Certs. #397, #933 and #934); RNG (Certs. #426 and #854); RSA (Certs. #1048 and #1049)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bit of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96; SSHv2 KDF; TLSv1.0 KDF

Multi-chip standalone

"The Brocade DCX, DCX 8510-8, DCX-4S and DCX 8510-4 Backbones and the 6510 and 6520 Switch provide a reliable, scalable Fibre Channel switching infrastructure with market-leading 16 Gbps technology and capabilities that support demanding, enterprise-class private cloud storage and highly virtualized environments. The Brocade 7800 Extension Switch provides fast, reliable WAN/MAN connectivity for remote data replication, backup, and migration with Fibre Channel and advanced Fibre Channel over IP (FCIP) technology."
2036 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200928-0

Luna® PCI-E Cryptographic Module
(Hardware Version: VBD-05, Version Code 0103; Firmware Version: 6.3.1)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/13/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1756, #2262 and #2282); DSA (Certs. #548, #704 and #712); ECDSA (Certs. #233, #364 and #369); KAS (Cert. #38), RSA (Certs. #1159 and #1173); SHS (Certs. #1947 and #1964); HMAC (Certs. #1386 and #1398); Triple-DES MAC (Triple-DES Certs. #1137, #1414 and #1430, vendor-affirmed); Triple-DES (Certs. #1137, #1414 and #1430); KBKDF (Cert. #6); DRBG (Cert. #277)

-Other algorithms: ARIA; AES MAC (Cert. #2282; non-compliant); CAST5; CAST5-MAC; CAST5-ECB; CAST5-CBC; DES; DES MAC; DES-ECB; DES-CBC; GENERIC-SECRET; HAS-160; KCDSA; MD2; MD5; RC2; RC2-MAC; RC2-ECB; RC2-CBC; RC4; RC5; RC5-MAC; RC5-ECB; RC5-CBC; RSA (X-509; non-compliant); SEED; SSL3-MD5-MAC; SSL3-SHA1-MAC; SSL PRE-MASTER; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Certs. #1756, #2262 and #2282, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1137, #1414 and #1430, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip embedded

"The Luna® PCI-E for Luna® IS cryptographic module features powerful cryptographic processing and hardware key management for applications where performance and security are the priority. The multi-chip embedded hardware cryptographic module offers hardware-based key management and cryptographic operations to protect sensitive keys. The cryptographic boundary of the module is defined to encompass all components inside the secure enclosure on the PCI-E card."
2035 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Chris Marks
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

Brocade ICX 6610 Series Stackable Switch with FastIron 7.3.00c Firmware
(Hardware Versions: ICX 6610-24F-I (P/N: 80-1005350-03), ICX 6610-24F-E (P/N: 80-1005345-03), ICX 6610-24-I (P/N: 80-1005348-04), ICX 6610-24-E (P/N: 80-1005343-04), ICX 6610-24P-I (P/N: 80-1005349-05, ICX 6610-24P-E (P/N: 80-1005344-05), ICX 6610-48-I (P/N: 80-1005351-04, ICX 6610-48-E (P/N: 80-1005346-04, ICX 6610-48P-I (P/N: 80-1005352-05) and ICX 6610-48P-E (P/N: 80-1005347-05); with FIPS kit XBR-0000195; Firmware Version: FastIron (FI) v7.3.00c)

(When operated in FIPS mode with tamper evident seals and opacity baffles installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/13/2013 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #2150); Triple-DES (Cert. #1363); SHS (Cert. #1871); HMAC (Cert. #1317); DRBG (Cert. #239); DSA (Cert. #668); ECDSA (Cert. #324); RSA (Cert. #1106)

-Other algorithms: RSA (key wrapping: key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); MD5; HMAC-MD5; SNMPv3 KDF; SSHv2 KDF; TLSv1.0 KDF; proprietary two way encryption; DES

Multi-chip standalone

"The Brocade ICX 6610 delivers wire-speed, non-blocking performance across all ports to support latency-sensitive applications such as real-time voice and video streaming and VDI. Brocade ICX 6610 Switches can be stacked to provide an unprecedented 320 Gbps of backplane stacking bandwidth. Additionally, each switch can provide up to eight 10 Gigabit Ethernet (GbE) ports."
2034 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco FIPS Object Module
(Software Versions: 3.0 and 3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/13/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Tested as meeting Level 1 with Microsoft Windows 7 (32-bit) running on HP Pro 3130 Microtower with AES-NI; Mac OS X 10.7 running on Apple Mac Mini 5,2 with AES-NI; Free BSD 9.0 running Cisco UCS C200 M2 without AES-NI; Linux 2.6 running on Cisco UCS C210 M2 with AES-NI ; Linux 2.6 running on Cavium CN5200-EVP-MB4-Y without AES-NI; Android 4.0 running on Samsung SGH-T989 without AES-NI; Linux 2.6 running on Cisco ASR1K without AES-NI; Apple iOS 5.1 running on Apple iPad (MC705LL) without AES-NI; Android 4.0 running on Samsung Galaxy S II without AES-NI; Linux 2.6 running on a Cisco ASR1K without AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2255 and #2558); CVL (Certs. #40 and #95); DRBG (Certs. #275 and #385); DSA (Certs. #703 and #783); ECDSA (Certs. #362 and #440); HMAC (Certs. #1382 and #1578); RNG (Certs. #1125 and #1215); RSA (Certs. #1156 and #1310); SHS (Certs. #1942 and #2157); Triple-DES (Certs. #1410 and #1548)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco FIPS Object Module (FOM) is a software library that provides cryptographic services to a vast array of Cisco's networking and collaboration products. The module provides FIPS 140 validated cryptographic algorithms for services such as IPSEC, SRTP, SSH, TLS, 802.1x, etc. The module does not directly implement any of these protocols, instead it provides the cryptographic primitives and functions to allow a developer to implement the various protocols."
2033 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200900-0

RSA BSAFE Crypto-J Software Module
(Software Version: 4.1)

(When operated in FIPS mode. This validation entry is a non-security relevant modification to Cert. #1291)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/13/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux 2.6 with Sun JRE 5.0 running on Samsung MFP with PowerPC (32bit); Linux 2.6 with Sun JRE 6.0 running on Samsung MFP with ARM9 (32bit) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1109 and #2602); DRBG (Certs. #15 and #396); DSA (Certs. #357 and #789); ECDSA (Certs. #130 and #447); HMAC (Certs. #621 and #1609); RNG (Certs. #616 and #1231); RSA (Certs. #522 and #1330); SHS (Certs. #1032 and #2186); Triple-DES (Certs. #806 and #1568)

-Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random

Multi-chip standalone

"RSA BSAFE® Crypto-J security software is designed to help protect sensitive data as it is stored using strong encryption techniques to provide a persistent level of protection. It supports a wide range of industry standard encryption algorithms offering Java developers the flexibility to choose the option most appropriate to meet their requirements."
2032 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Greg Farris
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

VDX 6710, VDX 6720, VDX 6730 and VDX 8770 with Network OS (NOS) v3.0.1 Firmware
(Hardware Versions: VDX6710-54-F (P/N 80-1004843-04), VDX6710-54-R (P/N 80-1004702-04), VDX6720-16-F (P/N 80-1004566-07, 80-1006701-02), VDX6720-16-R (P/N 80-1004567-07, 80-1006702-02), VDX6720-24-F (P/N 80-1004564-07, 80-1006699-02), VDX6720-24-R (P/N 80-1004564-07, 80-1006700-02), VDX6720-40-F (P/N 80-1004565-07, 80-1006305-02), VDX6720-40-R (P/N 80-1004571-07, 80-1006306-2), VDX6720-60-F (P/N 80-1004568-07, 80-1006303-02), VDX6720-60-R (P/N 80-1004569-07, 80-1006304-02), VDX6730-16-F (P/N 80-1005469-03, 80-1006709-02), VDX6730-16-R (P/N 80-1005651-03, 80-1006711-02), VDX6730-24-F (P/N 80-1005648-03, 80-1006708-02), VDX6730-24-R (P/N 80-1005650-03, 80-1006710-02), VDX6730-40-F (P/N 80-1005680-03, 80-1006719-02), VDX6730-40-R (P/N 80-1005681-03, 80-1006720-02), VDX6730-60-F (P/N 80-1005679-03, 80-1006718-02), VDX6740-60-R (P/N 80-1005678-03, 80-1006717-02), VDX8770-4 (P/N 80-1005850-02, 80-1006532-02) and VDX8770-8 (P/N 80-1005905-02, 80-1006533-02) with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: Network OS (NOS) v3.0.1)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/13/2013 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #1431 and #1432); AES (Certs. #2283 and #2285); SHS (Certs. #1965 and #1966); HMAC (Certs. #1399 and #1400); RNG (Certs. #1135 and #1136); RSA (Certs. #1174 and #1175)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96; SSHv2 KDF (non-compliant); TLS KDF (non-compliant)

Multi-chip standalone

2031 Stonesoft Corporation
Itälahdenkatu 22A
Helsinki, FI-00210
Finland

-Klaus Majewski
TEL: +358-40-824-7908

-Jorma Levomäki
TEL: +358-9-476711

CST Lab: NVLAP 200658-0

Stonesoft Cryptographic Library
(Software Version: 1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/13/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-315; Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-1301 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2240 and #2241); Triple-DES (Certs. #1401 and #1402); DSA (Certs. #694 and #695); RSA (Certs. #1147 and #1148); ECDSA (Certs. #349 and #350); SHS (Certs. #1929 and #1930); DRBG (Certs. #266 and #267); HMAC (Certs. #1370 and #1371); CVL (Certs. #37 and #38)

-Other algorithms: Diffie-Hellman (CVL Certs. #37 and #38, key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #37 and #38, key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); AES (Certs. #2240 and #2241, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength)

Multi-chip standalone

"Stonesoft Cryptographic Library is a software module that provides cryptographic services for Stonesoft network security products."
2030 Sony Corporation
1-7-1 Konan
Minato-ku, Tokyo 108-0075
Japan

-Hirotaka Kondo
TEL: +81 46 202 8074
FAX: +81 46 202 6304

CST Lab: NVLAP 100432-0

Aspen
(Hardware Versions: 1.0.0 and 1.1.0; Firmware Versions: 1.0.0, 1.0.1, 1.1.0, 1.2.0, 1.2.1 and 1.2.2)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/13/2013;
11/22/2013;
01/23/2014;
08/29/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1539, #1540 and #1541); SHS (Certs. #1364, #1365, #1366 and #1367); HMAC (Certs. #901 and #902); RSA (Certs. #750 and #751); RNG (Certs. #828, #829, #830, #1279); CVL (Cert. #115)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; HMAC-MD5;

Multi-chip embedded

"The primary purpose of the Aspen is to provide decryption, decoding/encoding of audio/video data for the digital cinema projector system in which it is being employed."
2029 Atos Worldline
Haachtsesteenweg 1442, B-1130
Brussels, Belgium

-Filip Demaertelaere
TEL: +32 2 727 61 67

CST Lab: NVLAP 200556-0

Atos Worldline Adyton Cryptographic Module
(Hardware Version: 9071000001; Firmware Version: 1.2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/13/2013 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Cert. #1810); DRBG (Cert. #138); HMAC (Cert. #1068); KBKDF (Cert. #2); RSA (Cert. #907); SHS (Cert. #1589)

-Other algorithms: NDRNG; AES (Cert. #1810, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip embedded

"Atos Worldline’s Adyton is an innovative high-performance Hardware Security Module (HSM) platform. The design of the Adyton is based on high security, reliability and robustness, user friendliness, and conformance to international security standards. Adyton has an integrated color display, full HEX capacitive keyboard, chip card reader, fingerprint reader, and a USB Host connection."
2028

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/12/2013 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip embedded

2027

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/12/2013 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip embedded

2026 McAfee, Inc.
2821 Mission College Blvd.
Suite 100
Santa Clara, CA 95054
USA

-James Reardon
TEL: 651-628-5346

CST Lab: NVLAP 200928-0

McAfee Database Security Server Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 4 and operated in FIPS140_MODE)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/12/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows XP SP3 with Sun JRE 5.0; Microsoft Windows XP SP3 with Sun JRE 6.0 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1465 and #1766); DRBG (Certs. #57 and #117); DSA (Certs. #464 and #552); ECDSA (Certs. #182 and #236); HMAC (Certs. #863 and #1036); RNG (Certs. #802 and #940); RSA (Certs. #717, #881 and FIPS 186-3, vendor affirmed); SHS (Certs. #1328 and #1549); Triple-DES (Certs. #988 and #1143)

-Other algorithms: ANSI X9.31 RNG (non-compliant); DES; DESX; Diffie-Hellman; ECAES (non-compliant); EC Diffie-Hellman; EC Diffie-Hellman with Cofactor; ECIES; HMAC-MD5; MD2; MD5; MD5Random; PBE; PBE with SHA1 and Triple-DES; RC2; RC4; RC5; RIPEMD160; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA Keypair Generation MultiPrime; RSA OAEP; SHA1Random

Multi-chip standalone

"McAfee Database Security Server Cryptographic Module provides FIPS 140-2 validated services to the server component of the McAfee Database Security product line."
2025 Blue Coat Systems, Inc.
420 N. Mary Avenue
Sunnyvale, CA 94085
USA

-Diana Robinson
TEL: (845) 454-6397
FAX: (801) 999-2973

-Tammy Green
TEL: (845) 454-6397

CST Lab: NVLAP 200928-0

Blue Coat Systems, Software Cryptographic Module
(Software Version: 1.0)

(When installed, initialized and configured as specified in the Security Policy Section 3 and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/12/2013;
05/20/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Solera Operating Environment v6.5.0 running on a Dell Poweredge model R720; Solera Operating Environment v6.5.0 on Vmware ESXi v5.0 running on Dell Poweredge model R720; Solera Operating Environment v6.6.9 on Vmware ESX 5.5 running on Dell Poweredge model R720; Solera Operating Environment v6.6.9 running on Dell Poweredge model R720 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1364); AES (Cert. #2153); SHS (Cert. #1873); HMAC (Cert. #1318); RNG (Cert. #1101); DSA (Cert. #669); RSA (Cert. #1108)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman; AES-CFB1 (non-compliant); ECDSA (non-compliant); EC Diffie-Hellman

Multi-chip standalone

"The Blue Coat Systems, Software Cryptographic Module is a software multi-chip standalone module, providing cryptographic services for Solera DeepSee Software. Solera DeepSee is a solution for security intelligence and analytics that creates a complete record of network traffic. The module is a shared library that links to Solera DeepSee components."
2024 Coco Communications
800 5th Avenue Suite 3700
Seattle, WA 98104
USA

-David Weidenkopf
TEL: 206-812-5783
FAX: 206-770-6461

-A. Riley Eller
TEL: 206-812-5726
FAX: 206-770-6461

CST Lab: NVLAP 200658-0

CoCo Cryptographic Module 2.0
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/12/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux 2.6 32-bit running on oMG 2000; Vyatta 6.4 32-bit running on Dell PowerEdge R210 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2299 and #2300); Triple-DES (Certs. #1446 and #1447); SHS (Certs. #1980, #1981, #1982 and #1983); HMAC (Certs. #1411, #1412, #1413 and #1414)

-Other algorithms: N/A

Multi-chip standalone

"The CoCo Cryptographic Module is a Linux loadable kernel module that provides cryptographic services in the Linux kernel. It provides an API that can be used by other kernel services."
2023 Nuvoton Technology Corporation
8 Hasadnaot Street
Herzlia, 46130
Israel

-Rachel Menda-Shabat
TEL: (972) 9-9702219

-Oren Tanami
TEL: (972)9-9702219

CST Lab: NVLAP 200556-0

Nuvoton TPM 1.2
(Hardware Version: FD5C37; Firmware Version: 4.1.5)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/08/2013 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #2354); RSA (Cert. #1215); SHS (Cert. #2028); HMAC (Cert. #1460); RNG (Cert. #1174); CVL (Cert. #59)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG

Single-chip

"Nuvoton Trusted Platform Module is a hardware cryptographic module, a member of the Nuvoton SafeKepper family, which implements advanced cryptographic algorithms, including symmetric and asymmetric cryptography, as well as key generation and random number generation as defined by the Trusted Computing Group (TCG) version 1.2 specification for PC-Client TPM."
2022

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/08/2013 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

2021 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple iOS CoreCrypto Kernel Module, v4.0
(Software Version: 4.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/07/2013;
11/22/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with iOS 7.0 running on an iPhone4 with Apple A4 CPU; iOS 7.0 running on an iPhone4S with Apple A5 CPU; iOS 7.0 running on an iPhone5 with Apple A6 CPU; iOS 7.0 running on iPad (3rd generation) with Apple A5 CPU; iOS 7.0 running on an iPhone5S with Apple A7 CPU (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1527, #1528, #1529 and #1595); AES (Certs. #2493, #2494, #2495, #2496, #2497, #2498, #2655 and #2656); SHS (Certs. #2113, #2114, #2115, #2167, #2169, #2171, #2228 and #2229); ECDSA (Certs. #425, #426, #427 and #458); HMAC (Certs. #1535, #1536, #1537, #1588, #1590, #1592, #1646 and #1647); DRBG (Certs. #350, #351, #352 and #422); PBKDF (vendor affirmed)

-Other algorithms: ECDSA (non-compliant); RSA (non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2020 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple iOS CoreCrypto Module, v4.0
(Hardware Version: A4, A5, A6 and A7; Software Version: 4.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 11/07/2013;
11/22/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with iOS 7.0 running on an iPhone4 with Apple A4 CPU; iOS 7.0 running on an iPhone4S with Apple A5 CPU; iOS 7.0 running on an iPhone5 with Apple A6 CPU; iOS 7.0 running on iPad (3rd generation) with Apple A5 CPU; iOS 7.0 running on an iPhone5 with Apple A7 CPU (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1530, #1531, #1542, #1596 and #1597); AES (Certs. #2499, #2500, #2501, #2502, #2503, #2504, #2505, #2506, #2507, #2508, #2509, #2547, #2657, #2658, #2659, #2660, #2661 and #2662); RSA (Certs. #1289, #1290, #1302, #1367 and #1368); SHS (Certs. #2119, #2120, #2148, #2168, #2170, #2172, #2230, #2231, #2232 and #2233); ECDSA (Certs. #428, #429, #437, #459 and #460); HMAC (Certs. #1541, #1542, #1568, #1589, #1591, #1593, #1648, #1649, #1650 and #1651); DRBG (Certs. #353, #354, #355, #356, #357, #380, #423, #424, #425 and #426); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); RSA (non-compliant); ECDSA (non-compliant); DES; MD2; MD4; MD5; RIPEMD; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC

Multi-chip standalone

"The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2019 Hewlett-Packard Company
Longdown Avenue
Stoke Grifford, Bristol BS34 8QZ
United Kingdom

-Laura Loredo
TEL: 44 117 3162462

CST Lab: NVLAP 100432-0

HP LTO-6 Tape Drive
(Hardware Versions: AQ278A #912 [1], AQ278B #901 [2], AQ278C #704 [3], AQ288D #103 [4], AQ298C #103 [5], and AQ298A #900 [6]; Firmware Version: J2AW [1], J2AZ [2], J2AS [3], 32AW [4], 22CW [5], and 22CZ [6])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/07/2013 Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #1442, #2189 and #2190); HMAC (Cert. #1342); DRBG (Cert. #256); RSA (Certs. #1128 and #1129); SHS (Certs. #1897 and #1898); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: MD5; AES (AES Cert. #2189, key wrapping); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"HP LTO-6 tape drives help to keep pace with data growth with up to 6.25TB compressed data storage per cartridge and capable of compressed data transfer rates of up to 400MB/sec. Ground breaking LTFS technology makes LTO-6 tapes as easy to use as disk and enables easy file access, reliable long term archive retrieval and simpler transportability between systems. LTO-6 tape drives also provide easy-to-enable security to protect the most sensitive data and prevent unauthorized access of tape cartridges with AES 256-bit hardware data encryption."
2018 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Laurence Hamid
TEL: 819-595-3069
FAX: 819-595-3343

CST Lab: NVLAP 100432-0

Imation S250/D250
(Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Versions: 4.0.4 and 4.0.5)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/07/2013;
02/20/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
2017 Motorola Solutions, Inc.
6480 Via Del Oro
San Jose, CA 95119
USA

-Udayan Borkar
TEL: 408-528-2361
FAX: 408-528-2540

-Colin Cooper
TEL: 408-528-2871
FAX: 408-528-2540

CST Lab: NVLAP 100432-0

AP 71xx Series Wireless Access Points - AP 7131N, AP 7131N-GR, AP 7161, AP 7181
(Hardware Versions: AP7131N, AP7131N-GR, AP7161, AP7181; Firmware Version: 5.4.10.0-050GR)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/07/2013;
12/20/2013
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #861, #1114, #2377 and #2378); HMAC (Cert. #1478); KDF (Cert. #10); CVL (Certs. #66, #67, #68 and #69); RNG (Cert. #1180); RSA (Cert. #1231); SHS (Certs. #1037 and #2048); Triple-DES (Cert. #1487).

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); NDRNG; MD5

Multi-chip standalone

"The AP-71xx Series 802.11n Wireless Access Points deliver the high throughput, coverage, and resiliency required to build an all-wireless enterprise. The dual and tri-radio options provide simultaneous support for high-speed wireless voice and data services, self-healing mesh networking and wireless intrusion detection/prevention services."
2016 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple OS X CoreCrypto Kernel Module, v4.0
(Software Version: 4.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/07/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with OS X 10.9 running on Mac mini with i5 CPU with AES-NI; OS X 10.9 running on Mac mini with i5 CPU without AES-NI; OS X 10.9 running on iMac with i7 CPU with AES-NI; OS X 10.9 running on iMac with i7 CPU without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1532 and #1533); AES (Certs. #2511, #2512, #2513, #2514, #2515, #2516, #2517 and #2518); SHS (Certs. #2124, #2125, #2126, #2127, #2128 and #2129); ECDSA (Certs. #430 and #431); HMAC (Certs. #1546, #1547, #1548, #1549, #1550 and #1551); DRBG (Certs. #358, #359, #360, #361, #362 and #363); PBKDF (vendor affirmed)

-Other algorithms: RSA (non-compliant); ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2015 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple OS X CoreCrypto Module, v4.0
(Software Version: 4.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/07/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with OS X 10.9 running on Mac mini with i5 CPU with AES-NI; OS X 10.9 running on Mac mini with i5 CPU without AES-NI; OS X 10.9 running on iMac with i7 CPU with AES-NI; OS X 10.9 running on iMac with i7 CPU without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1534, #1535, #1536 and #1537); AES (Certs. #2519, #2520, #2521, #2523, #2524, #2027, #2528, #2529, #2530, #2531, #2532, #2533, #2534, #2535, #2536, #2537, #2538, #2539, #2540 and #2541); RSA (Certs. #1293, #1294, #1295 and #1296); SHS (Certs. #2130, #2131, #2132, #2133, #2134, #2135, #2136, #2137, #2138, #2139, #2140 and #2141); ECDSA (Certs. #432, #433, #434 and #435); HMAC (Certs. #1552, #1553, #1554, #1555, #1556, #1557, #1558, #1559, #1560, #1561, #1562 and #1563); DRBG (Certs. #364, #365, #366, #367, #368, #369, #370, #371, #372, #373, #374 and #375); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (P-192, P-224 and P-521; non-compliant); RSA (non-compliant); DES; MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC

Multi-chip standalone

"The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
2014 Atmel Corporation
1150 E. Cheyenne Mountain Blvd.
Colorado Springs, CO 80906
USA

-Jim Hallman
TEL: 919-846-3391

-Todd Slack
TEL: (719) 540-3021

CST Lab: NVLAP 200002-0

Atmel Trusted Platform Module
(Hardware Versions: AT97SC3204-X4 [1], AT97SC3204-U4 [1], AT97SC3204-G4 [1], AT97SC3204-H4 [1], AT97SC3205-X3 [2], AT97SC3205-U3 [2], AT97SC3205-G3 [2], AT97SC3205-H3 [2], AT97SC3205T-X3 [3], AT97SC3205T-U3 [3], AT97SC3205T-G3 [3] and AT97SC3205T-H3 [3]; Firmware Versions: 1.2.29.01 [1], 1.2.42.05 [2] and 1.2.42.06 [3])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2013;
04/11/2014;
05/20/2014
Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #2333 and #2806); SHS (Certs. #2015 and #2354); HMAC (Certs. #1445 and #1757); RSA (Certs. #1203 and #1469); RNG (Certs. #1163 and #1273); CVL (Cert. #250)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MGF1; NDRNG

Single-chip

"The AT97SC3204 and AT97SC3205 are single chip cryptographic modules used for cryptographic key generation, key storage and key management as well as generation and secure storage for digital certificates."
2013 Dispersive Solutions, Inc.
4501 Singer Court
Suite 220
Chantilly, VA 20151
USA

-Carolyn O’Neill Griffin
TEL: 703-209-7458

CST Lab: NVLAP 200556-0

DSI V2VNet Mobile Crypto Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/05/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus; iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"V2VNet Mobile Crypto Module provides cryptographic functions for Dispersive Solutions V2VNet Mobile Edition, a scalable solution allowing clients to communicate directly with other clients, and securely route voice, video and data communications."
2012 Juniper Networks, Inc.
1194 N. Mathilda Ave
Sunnyvale, CA 94089
USA

-Claudio Baserga
TEL: 408-936-0961

CST Lab: NVLAP 100432-0

Juniper Networks Pulse Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/05/2013;
12/11/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with IVE OS 1.1 (32-bit) running on a Juniper MAG4610; IVE OS 1.1 (32-bit) on Vmware ESX running on an HP ProLiant BL2x220c G6 Blade Server; IVE OS 1.1 (32-bit) on Vmware ESXi running on an IBM HS22 Blade Server without AES-NI; IVE OS 1.1 (32-bit) on Vmware ESXi running on an IBM HS22 Blade Server with AES-NI; Microsoft Windows 7 (32-bit) running on a Dell Poweredge 860 without AES-NI; Microsoft Windows 7 (32-bit) running on an Acer Aspire with AES-NI; Microsoft Windows 7 (64-bit) running on a Dell Poweredge 850 without AES-NI; Microsoft Windows 7 (64-bit) running on an Acer Aspire with AES-NI; OS X 10.8 (64-bit) running on a Macbook Pro without AES-NI; OS X 10.8 (64-bit) running on a Macbook Pro with AES-NI (single-user mode)

-FIPS Approved algorithms: RNG (Certs. #985 and #1212); DRBG (Certs. #157 and #383); Triple-DES (Certs. #1223 and #1545); AES (Certs. #1884 and #2553); SHS (Certs. #1655 and #2153); HMAC (Certs. #1126 and #1573); RSA (Certs. #960 and #1306); DSA (Certs. #589 and #780); ECDSA (Certs. #270 and #438); CVL (Certs. #12 and #91)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"Juniper Networks Junos Pulse delivers secure, remote and local network access. It includes the Junos Pulse client, Junos Pulse Secure Access Service (SSL-VPN), and Junos Pulse Access Control Service (UAC) - available on the MAG Series Junos Pulse Gateways or as virtual appliances. Junos Pulse grants authorized users granular, policy-driven secure, remote and LAN-based network access based on their role, identity, device and location. It supports broad coverage across mobile and non-mobile devices, with built-in device integrity checks to further enable secure BYOD initiatives."
2011 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0

FortiGate-200B [1], FortiGate-300C [2], FortiGate-310B [3], FortiGate-600C [4] and FortiGate-620B [5]
(Hardware Version: C4CD24 [1], C4HY50 [2], C4ZF35 [3], C4HR40 [4] and C4AK26 [5] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [1, 3, 5] or FIPS-SEAL-RED [2,4]; Firmware Version: FortiOS 4.0, build3830, 131223)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/05/2013;
06/27/2014
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2277, #2279, #2607 and #2608); Triple-DES (Certs. #1424, #1426, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1958, #1960, #2191 and #2194); HMAC (Certs. #1395, #1397, #1615 and #1616); RSA (Certs. #1168, #1170 and #1334)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2010 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0

FortiGate-5140 Chassis with FortiGate 5000 Series Blades
(Hardware Version: Chassis: C4GL51; Blades: P4CF76, P4CJ36-02, P4CJ36-04 and P4EV74; AMC Components: P4FC12 and AMC4F9; Shelf Manager: PN 21594 346; Alarm Panel: PN 21594 159; Air Filter: PN P10938-01; Front Filler Panel: PN P10945-01: ten; Rear Filler Panel: PN P10946-01: fourteen; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build3830, 131223)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/05/2013;
06/27/2014
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs.#2276, #2277, #2278, #2607 and #2608); Triple-DES (Certs. #1423, #1424, #1425, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1957, #1958, #1959, #2191 and #2192); HMAC (Certs. #1394, #1395, #1396, #1615 and #1616); RSA (Certs. #1168, #1169 and #1334)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
2009 Stanley Security Solutions, Inc.
6161 E 75th Street
PO Box 50444
Indianapolis, IN 46250
USA

-Mr. Robert Strong
TEL: 317-806-3288

-Mr. Thomas Schuster
TEL: 317-806-3150

CST Lab: NVLAP 100414-0

Wi-Q Communication Server Cryptographic Module
(Software Version: 3.0.27)

(When operated in FIPS mode with Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1010 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/05/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 with SP2 running on a Lenovo Thinkpad T410 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #739); DRBG (vendor affirmed); HMAC (Cert. #408); RSA (Certs. #353 and #355); SHS (Cert. #753); Triple-DES (Cert. #656)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Communication Server Cryptographic Module (CSCM) is a software solution that provides secure key retrieval and key transfer functions within the Stanley Wi-Q Wireless Access Control System."
2008 Hewlett-Packard TippingPoint
7501N. Capital of Texas Highway
Austin, TX 78731
USA

-Dinesh Vakharia
TEL: 512-681-8271

-Freddie Jimenez Jr.
TEL: 512-681-8305

CST Lab: NVLAP 200427-0

HP TippingPoint Intrusion Prevention System
(Hardware Versions: 5200NX and 7100NX; Firmware Version: 3.5)

(When operated in FIPS mode with pick-resistant locks and opaque cover installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/25/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #2183); HMAC (Cert. #1337); RNG (Cert. #1105); RSA (Cert. #1126); SHS (Cert. #1892); Triple-DES (Cert. #1383)

-Other algorithms: Blowfish; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; NDRNG; RC2; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"Inserted transparently into the network, the HP TippingPoint Intrusion Prevention System (IPS) is an in-line security device that performs high-performance, deep packet inspection to protect customer networks from attack. The IPS blocks malicious and unwanted traffic, while allowing good traffic to pass unimpeded. In fact, the IPS optimizes the performance of good traffic by continually cleansing the network and prioritizing applications that are mission critical."
2007 GDC Technology (USA), LLC
1016 West Magnolia Boulevard
Burbank, CA 91506
USA

-Pranay Kumar
TEL: 852-2507 9565
FAX: (852) 2507 1131

-Peter Lin
TEL: (852) 2507 9557
FAX: (852) 2507 1131

CST Lab: NVLAP 100432-0

Standalone IMB
(Hardware Versions: GDC-IMB-v2, R8 and R9; Firmware Version: 2.0 with Security Manager Firmware Version 1.3.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/25/2013 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2148 and #2149); SHS (Certs. #1869 and #1870); RNG (Cert. #1100); RSA (Cert. #1105); HMAC (Certs. #1315 and #1316)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; S-Box; EC Diffie-Hellman

Multi-chip embedded

"A digital cinema standalone integrated media block that is compliant with DCI specifications and SMPTE digital cinema standards. The supported features include JPEG2000 decoding, AES decryption, key management, and logging."
2006 Bull SAS
Rue Jean Jaurès
B.P.68
Les Clayes sous Bois, 78340
France

-Jean-Luc CHARDON
TEL: +33 1 30 80 79 14
FAX: +33 1 30 80 78 87

-Pierre-Jean AUBOURG
TEL: +33 1 30 80 77 02
FAX: +33 1 30 80 78 87

CST Lab: NVLAP 200928-0

CHR Cryptographic Module
(Hardware Version: 005/A; Firmware Version: V1.04-00L)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/25/2013 Overall Level: 3 

-Physical Security: Level 3 + EFP/EFT

-FIPS Approved algorithms: RSA (Cert. #1107); SHS (Cert. #1872)

-Other algorithms: N/A

Multi-chip standalone

"The BULL CHR is a multi-chip standalone security module providing functionality for the secure loading of applications. The CHR is the corner stone of a range of security products developed and signed by BULL as Application Provider and known as "CRYPT2Protect HR" and "CRYPT2Pay HR" product range available for different domain of applications including Banks and Financial Institutions. Additional products may be developed by Application Providers, based on the CHR."
2005 Lenel Systems International, Inc.
1212 Pittsford-Victor Road
Pittsford, NY 14534
USA

-Rafael Martinez
TEL: 561-998-6100
FAX: 561-994-6572

CST Lab: NVLAP 100432-0

Communication Server
(Software Versions: 6.5.624 or 6.6.287)

(When operated in FIPS mode with [(Windows 7 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1330 operating in FIPS mode) or (Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) validated to FIPS 140-2 under Cert. #1010 operating in FIPS mode)])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/25/2013 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 running on a Dell OptiPlex 755; Microsoft Windows Server 2008 running on a Dell OptiPlex 760 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1650); RNG (Cert. #882)

-Other algorithms: RC2

Multi-chip standalone

"The Communication Server module's primary purpose is to provide secure communications with external access control devices. The module is part of the Lenel's advanced access control and alarm monitoring system. The Lenel advanced access control and alarm monitoring system is built on an open architecture platform, offers unlimited scalability, database segmentation, fault tolerance, and biometrics and smart card support. The Lenel advanced access control and alarm monitoring system is fully customizable, and can be seamlessly integrated into the OnGuard total security solution."
2004 Covia Labs, Inc.
465 Fairchild Dr
Ste 130
Mountain View, CA 94043
USA

-David Kahn
TEL: 650-351-6444 x110
FAX: 650-564-9740

-Dan Illowsky
TEL: 650-351-6444 x111
FAX: 650-564-9740

CST Lab: NVLAP 100432-0

Covia Connector Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy. No assurance of the minimum strength of generated keys)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/30/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5.8 running on an Acer AX1430-UR12P (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1896); ECDSA (Cert. #265); DRBG (Cert. #158); SHS (Cert. #1665); HMAC (Cert. #1136); KAS (Cert. #30)

-Other algorithms: AES (Cert. #1896, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); KBKDF (non-compliant)

Multi-chip standalone

"The Covia Connector Cryptographic Module provides cryptographic services for the Covia Connector. These services include but are not limited to pseudo-random number generation, symmetric and asymmetic key generation, data encryption and decryption, key wrapping, and key unwrapping."
2003 Doremi Labs
1020 Chestnut St.
Burbank, CA 91506
USA

-Jean-Philippe Viollet
TEL: 818-562-1101
FAX: 818-562-1109

-Camille Rizko
TEL: 818-562-1101
FAX: 818-562-1109

CST Lab: NVLAP 200802-0

IMS-SM
(Hardware Versions: (IMS-SM-C1 and IMS-SM-C2) [1] and (IMS-SM-E1 and IMS-SM-E2) [2]; Firmware Versions: (4.0.3-0, 4.0.0-3 and 6.0.3-0) [1] and (4.2.0-4, 4.2.0-3 and 6.0.12-0) [2])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/30/2013;
01/03/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1252, #1383 and #2220); HMAC (Cert. #731); SHS (Cert. #1148); RNG (Certs. #693 and #696); RSA (Certs. #600, #601 and #777)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TRNG; MD5; HMAC-MD5; EC Diffie-Hellman (non-compliant), TI S-box

Multi-chip embedded

2002 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst 6503-E, Catalyst C6504-E, Catalyst 6506-E, Catalyst 6509-E and Catalyst 6513-E Switches with Supervisor Cards (VS-S2T-10G and VS-S2T-10G-XL) and Line Cards (WS-X6908-10G, WS-X6908-10G-2TXL, WS-X6904-40G-2T and WS-X6904-40G-2TXL)
(Hardware Versions: (6503-E -H0, 6504-E -G0, 6506-E -M0, 6509-E -N0 and 6513-E -S0; Supervisor Cards VS-S2T-10G -B0 and VS-S2T-10G-XL -C0; Line Cards WS-X6904-40G-2T -A0, WS-X6904-40G-2TXL -A0, WS-X6908-10G -A0 and WS-X6908-10G-2TXL-B0; Slot Cover SPA-BLANK -G0) with FIPS kit packaging (CVPN6500FIPS/KIT=); Firmware Version: 15.1(1)SY1)

(When operated in FIPS mode with the tamper evident labels and security devices installed on the initially built configurations as indicated in Table 1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/19/2013;
11/01/2013
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1426, #1427, #1589 and #2252); DRBG (Cert. #274); HMAC (Cert. #1380); RSA (Cert. #1155); SHS (Cert. #1940); Triple-DES (Cert. #1409)

-Other algorithms: AES (Cert. #2252, key wrapping; key establishment methodology provides 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; RC4; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Catalyst 6500 series switches offer versatility, integration, and security to branch offices. With numerous network modules and service modules available, the modular architecture of the Cisco switches easily allows interfaces to be upgraded to accommodate network expansion. The Catalyst 6500 series switches provide a scalable, secure, manageable remote access server that meets FIPS 140-2 Level 2 requirements."
2001 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200928-0

SafeNet ProtectDrive Cryptographic Engine
(Software Version: 1.0.1)

(When operated in FIPS mode. For Windows 7: With module Microsoft Windows 7 Kernel Mode Cryptographic Primitives Library (cng.sys) validated to FIPS 140-2 under Cert. #1328 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/17/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows XP SP3 (X86 version) running on Dell E6400; Windows 7 Ultimate Edition SP1 (X86 version) running on Dell E6400; Windows 7 Ultimate Edition SP1 (X64 version) running on Dell E6400 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1998, #1999 and #2000); SHS (Certs. #1751, #1752, #1753 and #1754); RNG (Cert. #1048); HMAC (Certs. #1208, #1209 and #1210); PBKDF2 (vendor affirmed)

-Other algorithms: DES; Triple-DES (non-compliant); IDEA; RSA (non-compliant)

Multi-chip standalone

"SafeNet ProtectDrive Cryptographic Engine 1.0.1 provides cryptographic services and key management for the SafeNet ProtectDrive Disk Encryption product. SafeNet ProtectDrive delivers full disk encryption for general purpose computers, laptops and removable media."
2000 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200928-0

SafeNet ProtectDrive Cryptographic Engine
(Software Version: 1.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/17/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 2 with Dell Optiplex GX620 3.0 GHz Intel Pentium D Processor 830 (1 CPU), running 32-bit WindowsXP version 5.1 SP2

-FIPS Approved algorithms: AES (Certs. #1998, #1999 and #2000); SHS (Certs. #1751, #1752, #1753 and #1754); RNG (Cert. #1048); HMAC (Certs. #1208, #1209 and #1210); PBKDF2 (vendor affirmed)

-Other algorithms: DES; Triple-DES (non-compliant); IDEA; RSA (non-compliant)

Multi-chip standalone

"SafeNet ProtectDrive Cryptographic Engine 1.0.1 provides cryptographic services and key management for the SafeNet ProtectDrive Disk Encryption product. SafeNet ProtectDrive delivers full disk encryption for general purpose computers, laptops and removable media."
1999 Thales Communications, Inc.
22605 Gateway Center Drive
Clarksburg, MD 20871
USA

-Darlo Concepcion
TEL: 240-864-7866
FAX: 240-864-7698

-Jim Kent
TEL: 240-864-7681
FAX: 240-864-7698

CST Lab: NVLAP 200427-0

Liberty™ Cryptographic Module
(Firmware Version: 01.00.05.0018)

(When operated in FIPS Mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 09/17/2013 Overall Level: 1 

-Tested: Thales Liberty Radio PRC7332 with Green Hills INTEGRITY Version 5.0.10

-FIPS Approved algorithms: AES (Cert. #2185); HMAC (Cert. #1338); RNG (Cert. #1106); SHS (Certs. #1893 and #1894)

-Other algorithms: AES (Cert. #2185, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #2185, vendor affirmed; P25 AES OTAR); DES; DES MAC

Multi-chip standalone

"The Liberty™ Cryptographic Module is a firmware stand alone executable module which provides FIPS 140-2 Level 1 certified cryptographic functionality for devices that utilize the APCO project 25 standard. The Liberty™ Cryptographic Module uses Green Hills Integrity™ address space seperation to provide secure isolation of the cryptographic module without requiring a separate cryptographic hardware module."
1998 Motorola Mobility LLC
600 North U.S. Highway 45
Libertyville, IL 60048
USA

-Jose Afonso Pinto
TEL: +55 19-3847-6580
FAX: n/a

-Wesley Ribeiro
TEL: +55 19-3847-6199
FAX: n/a

CST Lab: NVLAP 100432-0

Motorola Mobility Linux Kernel Software Cryptographic Module
(Software Version: 1.0)

(No assurance of the minimum strength of provided entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/17/2013;
01/03/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 4.1.2 running on a Motorola Droid Razr HD/XT926; Android 4.2.2 running on a Motorola Droid Ultra (XT1080); Android 4.3 running on a Motorola Moto G (XT1028); Android 4.4 running on a Motorola Moto X (XT1060) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2287); HMAC (Cert. #1403); RNG (Cert. #1138); SHS (Cert. #1968); Triple-DES (Cert . #1435)

-Other algorithms: N/A

Multi-chip standalone

"Motorola Mobility Linux Kernel Software Cryptographic Module is a software only Linux kernel cryptographic module intended to operate on a multi-chip standalone personal mobile device running Android. It provides general-purpose cryptographic services to the remainder of the Linux kernel. It is designed to operate at FIPS 140-2 overall security level 1."
1997 Check Point Software Technologies Ltd
5 Ha'solelim Street
Tel Aviv, 67897
Israel

-Malcom Levy
TEL: +972-37534561
FAX: 732-416-1370

CST Lab: NVLAP 200427-0

Check Point CryptoCore
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/13/2013 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Check Point Pre-boot environment (16-bit) running on a Dell Latitude E6500 without AES-NI; Check Point Pre-boot environment (16-bit) running on a Apple MacBook Pro with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2181); Triple-DES (Cert. #1381); Triple-DES MAC (Triple-DES Cert. #1381, vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows 7, Mac OS X, and UEFI firmware. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries."
1996 Fixmo, Inc.
15 Toronto Street
Suite 1100
Toronto, Ontario M5C 2E3
Canada

-Daniel Ford
TEL: 443-380-3673

CST Lab: NVLAP 200556-0

Fixmo Client Crypto Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/06/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus; iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Fixmo Client Crypto Module provides cryptographic functions for Fixmo client applications and solutions."
1995 Oracle Corporation
500 Oracle Parkway
Redwood Shores, CA 94065
USA

-Security Evaluations Manager
TEL: 781-442-0451

CST Lab: NVLAP 200427-0

Sun Crypto Accelerator 6000
(Hardware Versions: 375-3424, Revisions -02, -03, -04, -05 and -06; Firmware Versions: Bootstrap version 1.0.1 or 1.0.10, Operational firmware versions 1.1.7, 1.1.8 or 1.1.9)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/11/2013;
12/17/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #397 and #2312); DSA (Cert. #319); ECDSA (Cert. #377); HMAC (Certs. #1427 and #1428); RNG (Cert. #1155); RSA (Certs. #1195 and #1196); SHS (Certs. #1995 and #1996); Triple-DES (Cert. #435)

-Other algorithms: AES (Cert. #2312, key wrapping; key establishment methodology provides between 128 and 160 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; RC2

Multi-chip embedded

"The SCA-6000 is a high performance hardware security module for Sun SPARC, x86, x64 platforms in a low-profile, short PCI-E (X8) card. Supported on Linux and Solaris-10, it provides on-board cryptographic acceleration hardware and key store. It supports remote management with serial and USB ports for local administration. It enhances performance by off-loading compute intensive cryptographic calculations, accelerating IPsec and SSL processing and performs many financial service functions. The SCA6000 performs primary cryptographic functions for the Sun KMS 2.X Key Management System."
1994 IBM® Corporation
12 - 14 Marine Parade
Seabank Centre
Southport, QLD 4215
Australia

-Alex Hennekam
TEL: +61 7-5552-4045
FAX: +61 7 5571 0420

-Peter Waltenburg
TEL: +61 - 5552-4016
FAX: +61 7 5571 0420

CST Lab: NVLAP 200658-0

IBM® Crypto for C
(Software Version: 8.2.2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/27/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008® 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 with AES-NI; Microsoft Windows Server 2008® 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 without AES-NI; Microsoft Windows Server 2008® 32-bit running on an IBM 8835 52X AMD Opteron 246; AIX® 6.1 64-bit running on an IBM RS6000 7037-A50 PowerPC 5 64; Solaris® 10 64-bit running on an SunFire T1000 UltraSPARC T1; Red Hat Linux Enterprise Server 5 32-bit running on an IBM 8835 52X AMD Opteron 246; Red Hat Linux Enterprise Server 5 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 with AES-NI; Red Hat Linux Enterprise Server 5 64-bit running on an ALTECH SH67H3 Intel® Core™ i7-2600 without AES-NI; Red Hat Linux Enterprise Server 5 64-bit running on an IBM System p5 185 7037-A50 IBM PowerPC 970; Red Hat Linux Enterprise Server 5 64-bit running on an IBM zSeries z196 type 2817 model M32 IBM zSeries z196 with CPACF; Red Hat Linux Enterprise Server 5 64-bit running on an IBM zSeries z196 type 2817 model M32 IBM zSeries z196 without CPACF (single user mode)

-FIPS Approved algorithms: AES (Certs. #2155, #2156, #2157, #2158, #2159, #2160, #2161, #2162, #2163, #2164, #2165, #2166, #2167, #2169, #2170, #2171, #2172, #2179, #2213, #2214, #2421, #2422, #2423, #2424, #2425, #2426, #2427, #2428, #2429, #2430, #2431, #2432, #2433, #2434, #2435, #2436, #2437, #2438, #2439, #2440, #2441 and #2443); Triple-DES (Certs. #1365, #1366, #1367, #1368, #1369, #1370, #1371, #1372, #1373, #1374, #1375, #1376, #1377 and #1379); DSA (Certs. #670, #671, #672, #673, #674, #675, #676, #677, #678, #679, #680, #681, #682, #683, #756 and #757); RSA (Certs. #1109, #1110, #1111, #1112, #1113, #1114, #1115, #1116, #1117, #1118, #1119, #1120, #1121, #1123, #1253 and #1254); ECDSA (Certs. #325, #326, #327, #328, #329, #330, #331, #332, #333, #334, #335, #336, #337, #338, #398 and #399); SHS (Certs. #1874, #1875, #1876, #1877, #1878, #1879, #1880, #1881, #1882, #1883, #1884, #1885, #1886, #1889, #1904 and #1905); DRBG (Certs. #240, #241, #242, #243, #244, #245, #246, #247, #248, #249, #250, #251, #252, #253, #326, #327, #328, #329, #330 and #331); HMAC (Certs. #1319, #1320, #1321, #1322, #1323, #1324, #1325, #1326, #1327, #1328, #1329, #1330, #1331, #1333, #1506 and #1507)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; MDC2; RIPEMD; HMAC MD5; DES; CAST; Camellia; Blowfish; RC4; RC2; KBKDF (non-compliant)

Multi-chip standalone

"The IBM Crypto for C v8.2.2.0 (ICC) cryptographic module is implemented in the C programming language. It is packaged as dynamic (shared) libraries usable by applications written in a language that supports C language linking conventions (e.g. C, C++, Java, Assembler, etc.) for use on commercially available operating systems. The ICC allows these applications to access cryptographic functions using an Application Programming Interface (API) provided through an ICC import library and based on the API defined by the OpenSSL group."
1993 IBM® Corporation
11400 Burnet Road
Austin, TX 78758
USA

-Tom Benjamin
TEL: 512-286-5319
FAX: 512-436-8009

CST Lab: NVLAP 200427-0

IBM® Java JCE FIPS 140-2 Cryptographic Module
(Software Version: 1.7)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/27/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with IBM AIX 7.1 on IBM JVM 1.6 running on IBM 9117-570, Windows 7 32-bit on IBM JVM 1.6 running on Dell Optiplex 755, Solaris 11.0 on IBM JVM 1.6 running on Dell Optiplex 755 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2107); DRBG (Cert. #228); DSA (Cert. #657); ECDSA (Cert. #314); HMAC (Cert. #1281); RNG (Cert. #1082); RSA (Cert. #1081); SHS (Cert. #1830); Triple-DES (Cert. #1342)

-Other algorithms: AES (non-compliant); Auth HMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DSAforSSL (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 270 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSAforSSL (non-compliant); Triple-DES (non-compliant)

Multi-chip standalone

"The IBM Java JCE (Java Cryptographic Extension) FIPS provider (IBMJCEFIPS) for Multi-platforms is a scalable, multipurpose cryptographic module that supports many FIPS approved cryptographic operations. This gives Java applications access to the FIPS algorithms via the standard JCE framework that is part of all JVM's at the 1.6 level and higher."
1992 TecSec Incorporated
12950 Worldgate Drive
Suite 100
Herndon, VA 20170
USA

-Roger Butler
TEL: 571-331-6130
FAX: 571-299-4101

-Ron Parsons
TEL: 571-299-4127
FAX: 571-299-4101

CST Lab: NVLAP 100432-0

TecSec Armored Card - Contact Cryptographic Module
(Hardware Version: P/N Inside Secure AT90SC320288RCT Revision E; Firmware Versions: P/Ns Athena IDProtect Version 0108.0264.0001, TecSec SSD Applet Version 1.001, TecSec PIV Applet Version 1.007, TecSec BOCC Applet Version 1.001, TecSec CKM Attribute Container Applet Version 1.002, TecSec CKM Info Applet Version 1.000)

(PIV Card Application: Cert. #35)

(When operated with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 9. No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/19/2013;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1654 and #2226); CVL (Cert. #2); DRBG (Cert. #98); ECDSA (Cert. #214); HMAC (Cert. #1354); KBKDF (Cert. #4); RSA (Cert. #824); SHS (Cert. #1465); Triple-DES (Cert. #1087); 02/06/14: (Certs. #218 and #222)

-Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-CMAC (non-compliant)

Single-chip

"The TecSec Armored Card is a cryptographic module which provides enterprise personnel identification, persistent data security for data in transit and at rest, with additional support for physical/logical/functional/content authorization. The Chip is part of a dual-chip PIV smart card that is fully compliant with the end-point service specified in SP800-73-1. This Contact Chip Provides 368k eprom memory leveraging a common robust identity process and additionally providing a federation platform for multiple applications from multiple owners enforced by cryptographic separation."
1991 Stonesoft Corporation
Itälahdenkatu 22A
Helsinki, FI-00210
Finland

-Klaus Majewski
TEL: +358-40-824-7908

-Jorma Levomäki
TEL: +358-9-476711

CST Lab: NVLAP 200658-0

Stonesoft Cryptographic Kernel Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/13/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-315; Debian GNU/Linux 6.0 based distribution running on Stonesoft FW-1301 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2238 and #2239); Triple-DES (Certs. #1399 and #1400); SHS (Certs. #1927 and #1928); HMAC (Certs. #1368 and #1369)

-Other algorithms: N/A

Multi-chip standalone

"Provides general cryptographic services intended to protect data in transit and at rest."
1990 Ultra Stereo Labs, Inc.
181 Bonetti Drive
San Luis Obispo, CA 93401
USA

-Larry McCrigler
TEL: 805-549-0161
FAX: 805-549-0163

CST Lab: NVLAP 100432-0

IMB-1000 HFR and IMB-1200 HFR Secure Media Blocks
(Hardware Version: Rev. 14; Firmware Version: 02272013)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/13/2013 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1459, #1460 and #1964); HMAC (Certs. #856 and #857); SHS (Certs. #1320 and #1321); RNG (Certs. #798 and #1165); RSA (Cert. #712); CVL (Cert. #52)

-Other algorithms: RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; TI S-BOX; EC Diffie-Hellman

Multi-chip embedded

"The Image Media Block is a type of Secure Processing Block that contains a Security Manager, Image, Audio and Subtitle Media Decryptors, Image decoder, Image and Audio Forensic Marking (FM) and optional Link Encoder. It is used for playback of encrypted movie content in commercial cinemas."
1989 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Kevin Michelizzi
TEL: 425-707-1227
FAX: 425-936-7329

-Chien-Her Chin
TEL: 425-706-5116
FAX: 425-936-7329

CST Lab: NVLAP 200427-0

Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll)
(Software Version: 7.00.1687)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/13/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Embedded Compact 7 running on a Sigma Designs Vantage 8654 Development Kit with a Sigma Designs SMP8654 (MIPSII_FP) CPU; Windows Embedded Compact 7 running on a Sigma Designs Vantage 8654 Development Kit with a Sigma Designs SMP8654 (MIPSII) CPU; Windows Embedded Compact 7 running on a TI OMAP TMDSEVM3530 with Texas Instruments EVM3530 CPU; Windows Embedded Compact 7 running on a Samsung SMDK6410 Development Kit with Samsung SMDK6410 CPU; Windows Embedded Compact 7 running on a Freescale i.MX27 Development Kit with Freescale i.MX27 CPU; Windows Embedded Compact 7 running on an eBox-330-A with MSTI PDX-600 CPU (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2023); DRBG (Cert. #193); DSA (Cert. #645); ECDSA (Cert. #295); HMAC (Cert. #1364); RSA (Cert. #1051); SHS (Cert. #1773); Triple-DES (Cert. #1307)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Dual-EC DRBG (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RSA key transport (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Microsoft Windows Cryptographic Primitives Library is a general purpose, software-based, cryptographic module. The primitive provider functionality is offered through one cryptographic module, BCRYPT.DLL (version 7.00.1687), subject to FIPS-140-2 validation. BCRYPT.DLL provides cryptographic services, through its documented interfaces, to Windows Embedded Compact 7 components and applications running on Windows Embedded Compact 7."
1988 Senetas Corporation Ltd. and SafeNet Inc.
Level 1, 11 Queens Road
Melbourne, Victoria 3004
Australia

-John Weston
TEL: +61 3 9868 4555
FAX: +61 3 9821 4899

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200996-0

CN6000 Series Encryptors
(Hardware Versions: Senetas Corp. Ltd. CN6040 Series: A6040B [O] (AC), A6041B [O] (DC) and A6042B [O] (AC/DC); Senetas Corp. Ltd. CN6100 Series: A6100B [O] (AC), A6101B [O] (DC) and A6102B [O] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6040 Series: A6040B [Y] (AC), A6041B [Y] (DC) and A6042B [Y] (AC/DC); Senetas Corp. Ltd. & SafeNet Inc. CN6100 Series: A6100B [Y] (AC), A6101B [Y] (DC) and A6102B [Y] (AC/DC); Firmware Version: 2.2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/13/2013;
09/16/2013;
02/20/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2258, #2259, #2264 and #2265); Triple-DES (Cert. #1412); RSA (Cert. #1157); SHS (Cert. #1945); HMAC (Cert. #1385); DRBG (Cert. #276)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The CN6000 Series is a high-speed hardware encryption platform designed to secure data transmitted over Ethernet and Fibre Channel networks. The CN6040 is protocol selectable operating at line rates up to 4Gb/s. Configured in Ethernet mode the CN6040 supports optical and twisted-pair link rates of 10Mb/s, 100Mb/s & 1Gb/s whilst in Fibre Channel mode supports rates of 1.0625, 2.125 & 4.25Gb/s. The CN6100 is an Ethernet model that operates at a line rate of 10Gb/s. SafeNet, Inc. makes Senetas products available globally under a master distribution agreement and are co-branded as such."
1987 Stanley Security Solutions, Inc.
6161 E 75th Street
PO Box 50444
Indianapolis, IN 46250
USA

-Mr. Robert Strong
TEL: 317-806-3288

-Mr. Thomas Schuster
TEL: 317-806-3150

CST Lab: NVLAP 100414-0

Wi-Q Portal Gateway
(Hardware Version: 12562C; Firmware Version: 3.017.156)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/13/2013 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #1802); Triple-DES (Cert. #1356); SHS (Certs. #1583 and #1845); RSA (Cert. #1096)

-Other algorithms: AES (Cert. #1802, key wrapping); Triple-DES (Cert. #1356, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Stanley Wi-Q Portal Gateway Cryptographic Module is a wireless gateway device that communicates via wired network to the Stanley Wi-Q Communications Server and communicates via proprietary 802.15.4 protocol to wireless Stanley Wi-Q Controller modules. The Stanley Wi-Q Portal Gateway provides secure key retrieval and key transfer functions within the Stanley Wi-Q Wireless Access Control System."
1986 TecSec Incorporated
12950 Worldgate Drive
Suite 100
Herndon, VA 20170
USA

-Roger Butler
TEL: 571-331-6130

-Ron Parsons
TEL: 571-299-4127
FAX: 571-299-4101

CST Lab: NVLAP 100432-0

TecSec Armored Card - Contactless Cryptographic Module
(Hardware Version: P/N Inside Secure AT90SC28880RCFV Revision G; Firmware Versions: P/Ns Athena IDProtect Duo Version 010E.0264.0001, TecSec SSD Applet Version 1.001, TecSec PIV Applet Version 1.007, TecSec BOCC Applet Version 1.001, TecSec CKM Attribute Container Applet Version 1.002, TecSec CKM Info Applet Version 1.000)

(PIV Card Application: Cert. #35)

(When operated with the fingerprint authentication mechanism parameters configured as indicated in the Security Policy Section 9. No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 08/09/2013;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1655 and #2226); CVL (Cert. #2); DRBG (Cert. #98); ECDSA (Cert. #214); HMAC (Cert. #1354); KBKDF (Cert. #4); RSA (Cert. #824); SHS (Cert. #1465); Triple-DES (Cert. #1088); CVL (Certs. #218 and #222)

-Other algorithms: NDRNG; EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); AES-CMAC (non-compliant)

Single-chip

"The TecSec Armored Card is a cryptographic module which provides enterprise personnel identification, persistent data security for data in transit and at rest, with additional support for physical/logical/functional/content authorization. The Chip is part of a dual-chip PIV smart card that is fully compliant with the end-point service specified in SP800-73-1. This Chip provides the contactless functionality leveraging a common robust identity process in support of the federation platform capabilities of the overall card."
1985 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Kyunghee Lee
TEL: +82-10-9397-1589

CST Lab: NVLAP 200658-0

Samsung FIPS BC for Mobile Phone and Tablet
(Software Version: SBC1.45_1.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 07/23/2013 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Ice-cream Sandwich 4.0 on Galaxy S3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2124); SHS (Cert. #1848); RNG (Cert. #1090); Triple-DES (Cert. #1350); HMAC (Cert. #1295); RSA (Cert. #1093); DSA (Cert. #665)

-Other algorithms: MD2; MD4; MD5; DES; Diffie-Hellman (non-compliant); EC Diffie-Hellman (non-compliant); IES; ISSAC; SKIPJACK (non-compliant); Blowfish; Twofish; RC2; RC4; RC5; RC6; SALSA20; HC128; HC256; VMPC; SERPENT; RIJNDAEL; CAST5; CAST6; GOST28147; GOST3411; TEA; XTEA; ELGAMAL; IDEA; Tiger; RIPEMD; WHIRPOOL; ISO9797AG3MAC; GOST28147MAC; GOST3410; VPMCMAC; ECGOST3410; Grain; Camelia; Noekeon; SEED; Direct random generator; Thread-based generator; Reverse window generator; ECDSA (non-compliant); RSA (encrypt/decrypt); AES-CMAC (non-compliant); Triple-DES-CMAC (non-compliant)

Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
1984 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Andrew Young
TEL: 443-327-1183
FAX: 410-931-7524

CST Lab: NVLAP 100432-0

eToken
(Hardware Version: Inside Secure AT90SC25672RCT-USB; Firmware Version: Athena IDProtect 0106.0113.2109 with SafeNet eToken Applet Suite 1.2.9)

(No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/23/2013 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"SafeNet eToken is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business resources."
1983 A10 Networks, Inc.
3 West Plumeria Drive
San Jose, CA 95134
USA

-John Chiong
TEL: 408-325-8668
FAX: 408-325-8666

CST Lab: NVLAP 200968-0

AX Series Advanced Traffic Manager AX2500, AX2600-GCF, AX3000-11-GCF, AX5100, AX5200-11, AX1030, AX3030, AX3400, AX3200-12, AX3530 and AX5630, and Thunder Series Application Delivery Controller TH1030S, TH3030S, TH5430S, and TH6430S
(Hardware Versions: AX2500[1,2], AX2600-GCF[1,2], AX3000-11-GCF[1,2], AX5100[1,2], AX5200-11[1,2], AX1030[2], AX3030[2], AX3400[2], AX3200-12[2], AX3530[2], AX5630[2], TH1030S[3], TH3030S[3], TH5430S[3], and TH6430S[3]; Firmware Versions: R261-GR1-P7[1], R270-P2[2] and R271-P2[3])

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/23/2013;
12/20/2013
Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #1092, #1124, #1128, #1129 and #1463); AES (Certs. #1693, #1739, #1740 and #2329); SHS (Certs. #1480, #1519, #1524, #1525 and #2013); HMAC (Certs. #985, #1011, #1016, #1017 and #1444); RSA (Certs. #829, #858, #862, #863 and #1202); RNG (Certs. #900 and #1088)

-Other algorithms: MD5; HMAC-MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The AX Series Advanced Traffic Manager is designed to meet the growing demands of Web sites, carriers and enterprises. The AX offers intelligent Layer 4-7 application processing capabilities with industry-leading performance and scalability to meet critical business requirements at competitive prices. AX Series standard redundant components and high availability design ensure organizations non-stop service availability for all types of applications."
1982 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst 4503-E, Catalyst 4506-E, Catalyst 4507R-E, Catalyst 4507R+E, Catalyst 4510R-E, Catalyst 4510R+E with Supervisor Cards (WS-X45-SUP7-E and WS-X45-Sup7L-E) and Line Cards (WS-X4748-RJ45V+E, WS-X4712-SFP+E, WS-X4640-CSFP-E, WS-X4748-NGPOE+E, and WS-X4748-RJ45-E)
(Hardware Versions: Catalyst 4503-E [1, 3, 4, 5, 6, A], Catalyst 4503-E [2, 5, 7, A], Catalyst 4506-E [1, 3, 4, 5, 6, 7, B], Catalyst 4506-E [2, 3, 4, 5, 6, 7, B], Catalyst 4507R-E [1, 3, 4, 5, 6, 7, C], Catalyst 4507R-E [2, 3, 4, 5, 6, 7, C], Catalyst 4507R+E [1, 3, 4, 5, 6, 7, C], Catalyst 4507R+E [2, 3, 4, 5, 6, 7, C], Catalyst 4510R-E [1, 3, 4, 5, 6, 7, D], Catalyst 4510R+E [1, 3, 4, 5, 6, 7, D], Supervisor Card WS-X45-SUP7-E [1], Supervisor Card WS-X45-SUP7L-E [2], Line Card WS-X4748-RJ45V+E [3], Line Card WS-X4712-SFP+E [4], Line Card WS-X4640-CSFP-E [5], Line Card WS-X4748-NGPOE+E [6], Line Card WS-X4748-RJ45-E [7], FIPS kit packaging (WS-C4503-FIPS-KIT= [A], WS-C4506-FIPS-KIT= [B], WS-C4507-FIPS-KIT= [C] and WS-C4510-FIPS-KIT= [D]) and Filler Plate (C4K-SLOT-CVR-E); Firmware Version: 3.3.1SG)

(When operated in FIPS mode with tamper evident labels and security devices installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/17/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1977 and #2057); DRBG (Cert. #179); HMAC (Cert. #1190); RNG (Cert. #1072); RSA (Certs. #1023 and #1024); SHS (Certs. #1730 and #1731); Triple-DES (Cert. #1282)

-Other algorithms: MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1977, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Multi-chip standalone

"Catalyst 4500 Series switches are Cisco`s leading modular switches for borderless access and price/performance distribution deployments. They offer best-in-class investment protection with forward and backward compatibility and deep application visibility with Flexible NetFlow. The Catalyst 4500 Series Switches meet FIPS 140-2 overall Level 2 requirements as multi-chip standalone modules. The switches include cryptographic algorithms implemented in IOS software as well as hardware ASICs. The module provides 802.1X-rev."
1981 Kanguru Solutions
1360 Main Street
Millis, MA 02054
USA

-Nate Cote
TEL: 508-376-4245
FAX: 508-376-4462

CST Lab: NVLAP 200802-0

Kanguru Defender 2000™ Cryptographic Module
(Hardware Versions: P/Ns KVD-SMCF-32G, KVD-SMCF-16G, KDF2000-32G, KDF2000-64G, KDF2000-128G, KDF2000-16G, KDF2000-8G, KDF2000-4G, KDF2000-S16G, KDF2000-S2G, KDF2000-S4G and KDF2000-S8G, Version 1.0; Firmware Version: 2.03.10)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 07/17/2013 Overall Level: 3 

-FIPS Approved algorithms: HMAC (Cert. #954); AES (Cert. #1623); SHS (Cert. #1432); RSA (Cert. #801); DRBG (Cert. #86); PBKDF (vendor affirmed)

-Other algorithms: NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Kanguru Defender 2000 Cryptographic Module is a 256-bit AES hardware encrypted USB flash drive. It is used to securely store sensitive data housed on the device."
1980 Cocoon Data Holdings Limited
Level 4
152-156 Clarence St
Sydney, NSW 2000
Australia

-Simon Wild
TEL: +61 2 8412 8200
FAX: +61 2 8412 8202

-Jim Ivers
TEL: +1 703 657 5260
FAX: +1 703 657 5285

CST Lab: NVLAP 200900-0

Cocoon Data Secure Objects C++ Cryptographic Module Version 1.8
(Software Version: 1.8)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/17/2013;
08/07/2013
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 32-bit with MSVC2010 redistributable running on Dell Vostro 1520; Microsoft Windows XP 32-bit with SP and MSVC2010 redistributable running on Dell Vostro 1520; Microsoft Windows 7 64-bit with MSVC2010 redistributable running on Dell Vostro 3500; Microsoft Windows 7 32-bit with MSVC2012 redistributable running on Dell Vostro 1520; Microsoft Windows XP 32-bit with SP3 and MSVC2012 redistributable running on Dell Vostro 1520; Microsoft Windows 7 64-bit with MSVC2012 redistributable running on Dell Vostro 3500; Ubuntu 12.04 LTS 64-bit running on Dell PowerEdge 1950; Ubuntu 12.04 LTS 64-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel core i7; Ubuntu 12.04 LTS 32-bit running on Dell PowerEdge 1950; Ubuntu 12.04 LTS 32-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7; Redhat Enterprise Linux Server 6.3 64-bit running on Dell PowerEdge 1950; Redhat Enterprise Linux Server 6.3 64-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7; Redhat Enterprise Linux Server 6.3 32-bit running on Dell PowerEdge 1950; Redhat Enterprise Linux Server 6.3 32-bit on VMWare Fusion 4.1.3 on OSX 10.8 running on a Macbook Pro Intel Core i7; Mac OSX 10.8 running on Macbook Pro Intel Core i7 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2192); Triple-DES (Cert. #1385); SHS (Cert. #1900); HMAC (Cert. #1344); DRBG (Cert. #257)

-Other algorithms: N/A

Multi-chip standalone

"The Cocoon Data Secure Objects C++ Cryptographic Module Version 1.8 has been implemented as part of the Cocoon Data Secure Objects solution, an encryption-based access control system for protecting the confidentiality and integrity of electronic files. Coccon Data Holdings Limited is the parent company of all Covata entities."
1979 Check Point Software Technologies, Ltd.
9900 Belward Campus Dr.
Suite 250
Rockville, MD 20850
USA

-David Abrose
TEL: +972 37534561

-Malcolm Levy
TEL: +972 37534561

CST Lab: NVLAP 200002-0

Provider-1
(Firmware Version: R71 with R7x hotfix)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 07/17/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Check Point Smart-1 50 with Check Point SecurePlatform Operating System Version R7x

-FIPS Approved algorithms: AES (Cert. #1836); Triple-DES (Certs. #1188 and #1189); DRBG (Cert. #146); RSA (Cert. #925); HMAC (Certs. #1089 and #1090); SHS (Certs. #1615 and #1616)

-Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1188, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1836, key wrapping)

Multi-chip standalone

"Check Point Provider 1 technology provides virtualized security management, segmenting your security management into multiple virtual domains. Businesses of all sizes can easily create virtual domains based on geography, business unit or security function to strengthen security and simplify management."
1978 Check Point Software Technologies, Ltd.
9900 Belward Campus Dr.
Suite 250
Rockville, MD 20850
USA

-David Abrose
TEL: +972 37534561

-Malcolm Levy
TEL: +972 37534561

CST Lab: NVLAP 200002-0

Security Management
(Firmware Version: R71 with R7x hotfix)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 07/17/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Check Point Smart-1 50 with Check Point SecurePlatform Operating System Version R7x

-FIPS Approved algorithms: AES (Cert. #1835); Triple-DES (Certs. #1186 and #1187); DRBG (Cert. #145); RSA (Cert. #924); HMAC (Certs. #1087 and #1088); SHS (Certs. #1613 and #1614)

-Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1186, key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1835, key wrapping)

Multi-chip standalone

"Check Point Security Management technology provides security management. Businesses of all sizes can easily create domains based on geography, business unit or security function to strengthen security and simplify management."
1977 Check Point Software Technologies, Ltd.
9900 Belward Campus Dr.
Suite 250
Rockville, MD 20850
USA

-David Abrose
TEL: +972 37534561

-Malcolm Levy
TEL: +972 37534561

CST Lab: NVLAP 200002-0

Security Gateway
(Firmware Version: R70.1 with R7x hotfix)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 07/17/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Power-1 9070 with Check Point SecurePlatform Operating System Version R70.1

-FIPS Approved algorithms: AES (Cert. #2037); Triple-DES (Certs. #1313 and #1314); DRBG (Cert. #199); RSA (Cert. #1057); HMAC (Certs. #1235 and #1236); SHS (Certs. #1782 and #1783)

-Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1313, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"Check Point VPN-1 Security Gateway allows enterprises and managed service providers to provide firewall, VPN, and intrusion prevention functionality on a single hardware platform."
1976 Check Point Software Technologies, Ltd.
9900 Belward Campus Dr.
Suite 250
Rockville, MD 20850
USA

-David Abrose
TEL: +972 37534561

-Malcolm Levy
TEL: +972 37534561

CST Lab: NVLAP 200002-0

VSX
(Firmware Version: R67.10 with R7x hotfix)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 07/17/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-Design Assurance: Level 3

-Tested: Check Point Power-1 9070 with Check Point SecurePlatform Operating System Version NGX R67

-FIPS Approved algorithms: AES (Cert. #1837); Triple-DES (Certs. #1190 and #1191); DRBG (Cert. #147); RSA (Cert. #926); HMAC (Certs. #1091 and #1092); SHS (Certs. #1617 and #1618)

-Other algorithms: CAST 40; CAST 128; HMAC-MD5; MD5; DES; AES-CMAC (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 or 150 bits of encryption strength); Triple-DES (Cert. #1191, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"Check Point VPN-1 Power VSX is a virtualized security gateway that allows virtualized enterprises and managed service providers to create up to 250 virtual systems (firewall, VPN, and intrusion prevention functionality within a virtual network environment) on a single, highly scalable hardware platform."
1975 Accellion, Inc.
1804 Embarcadero Road
Suite 200
Palo Alto, CA 94303
USA

-Prateek Jain
TEL: +65-6244-5670
FAX: +65-6244-5678

CST Lab: NVLAP 100432-0

Accellion Cryptographic Module
(Software Version: FTALIB_2_0_1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/17/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 5 running on a HP ProLiant DL 380 G7 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2316, #2317 and #2318); CVL (Cert. #55); HMAC (Certs. #1436 and #1457); RSA (Cert. #1214); SHS (Certs. #2003 and #2004); Triple-DES (Cert. #1460)

-Other algorithms: AES (Cert. #2316, key wrapping; key establishment methodology provides 128 bits of encryption strength); Triple-DES (Cert. #1460, key wrapping; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"Accellion Cryptographic Module is a key component of Accellion's secure collaboration solution that enables enterprises to securely share and transfer files. Extensive tracking and reporting tools allow compliance with SOX, HIPAA, FDA and GLB regulations while providing enterprise grade security and ease of use."
1974

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/29/2013 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Single-chip

1973 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Virtual Appliance for Crossbeam XOS
(Software Version: 8.2.1)

(When installed, initialized and configured as specified in the Security Policy Section 3.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 07/10/2013 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with McAfee Secure OS v8.2 on Crossbeam XOS v9.6.0 running on a Crossbeam X-60; McAfee Secure OS v8.2 on Crossbeam XOS v9.9.0 running on a Crossbeam X-60 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1961, #1962 and #1963); Triple-DES (Certs. #1273, #1274 and #1275); SHS (Certs. #1720, #1721 and #1722); HMAC (Certs. #1182, #1183 and #1184); RNG (Certs. #1030, #1031 and #1032); RSA (Certs. #1015 and #1016); DSA (Certs. #626 and #627)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1972 Chunghwa Telecom Laboratories
12, Lane 551, Min-Tsu Road SEC.5,
Yang-Mei, Taoyuan, Taiwan 326
Republic of China

-Yu-Ling Cheng
TEL: 886 3 424-5883
FAX: 886 3 424-4167

-Ming-Hsin Chang
TEL: 886-3-4245885
FAX: 886 3 424-4167

CST Lab: NVLAP 200928-0

HiPKI SafGuard 1200 HSM
(Hardware Version: HSM-HW-20; Firmware Version: HSM-SW-20)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/05/2013 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #1296); Triple-DES MAC (Triple-DES Cert. #1296, vendor affirmed); AES (Cert. #2010); SHS (Cert. #1760); ECDSA (Cert. #290); RSA (Certs. #1039 and #1043); DRBG (Cert. #187); HMAC (Cert. #1215)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"HiPKI SafGuard 1200 HSM is a multi-chip standalone cryptographic module that is used to provide highly-secure cryptographic services and key storage for PKI applications. (e.g., secure private key storage, high-speed accelerator for 1024-4096 bit RSA and ECDSA signatures, and hashing). The HiPKI SafGuard 1200 HSM provides secure identity-based authentication using smart cards and data encryption using FIPS approved Triple-DES and AES encryption."
1971 3e Technologies International, Inc.
9715 Key West Ave
Suite 500
Rockville, MD 20850
USA

-Harinder Sood
TEL: 301-944-1325
FAX: 301-670-6989

-Chris Guo
TEL: 301-944-1294
FAX: 301-670-6989

CST Lab: NVLAP 200427-0

3e-520 Secure Access Point Cryptographic Module
(Hardware Version: 1.0; Firmware Version: 5.0)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/03/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2060, #2078 and #2105); CVL (Cert. #22); ECDSA (Cert. #303); HMAC (Certs. #1253 and #1259); RNG (Cert. #1076); RSA (Cert. #1072); SHS (Certs. #1801 and #1807); Triple-DES (Certs. #1327 and #1329)

-Other algorithms: AES (non-compliant); AES (Cert. #2060, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD5; RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The 3e-520 Secure Access Point acts as an access point for the universal wireless family of devices from 3eTI. The 520 board is installed inside the wireless devices and provides the cryptographic functionality for the device. The access point allows for wireless clients or wireless bridges to securely connect wirelessly with the module and send encrypted data."
1970 iStorage Limited
Research House, Fraser Road
Greenford, Middx, UB6-7AQ
England

-John Michael
TEL: +44 (0) 20 8537-3435
FAX: +44 (0) 20 8537-3438

CST Lab: NVLAP 200802-0

iStorage FIPS Module 140-2
(Hardware Version: REV. A; Firmware Version: 4.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 07/02/2013 Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911)

-Other algorithms: NDRNG

Multi-chip embedded

"The iStorage FIPS 140-2 Module is a flexible FIPS module with the ability to interface to multiple types of authentication or hardware. Completely contained within a small footprint/boundary, the module is designed to allow simple integration into various secure storage systems requiring a FIPS validated encryption boundary and does not require software."
1969 Thales e-Security Ltd.
2200 North Commerce Parkway
Suite 200
Weston, FL 33326
USA

TEL: 888-744-4976

CST Lab: NVLAP 100432-0

Authentication Token
(Hardware Version: Inside Secure AT90SC28872RCU Revision G; Firmware Version: Athena IDProtect 010B.0333.0004 with Authentication Token Applet 1.0)

(No assurance of Secure Channel Protocol (SCP) message integrity)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/26/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); DRBG (Cert. #98); SHS (Cert. #1465); CVL (Cert. #2)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides 256 bits of encryption strength); AES (Cert. #1654, key wrapping; key establishment methodology provides 256 bits of encryption strength)

Single-chip

"Authentication Token is a Cryptographic Module containing Thales' authenticated Java applets. Authentication Token is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 3. Authentication Token supports FIPS-Approved: DRBG; SHA-1 and all SHA-2; TDES; AES; ECDSA and ECC CDC; and, RSA and ECC key generation. Authentication Token is designed to provide users of Thales' hardware security modules with high-performance smart card capabilities in support of their government and enterprise applications."
1968 Francotyp-Postalia GmbH
Triftweg 21-26
Birkenwerder, D-16547
Germany

-Dirk Rosenau
TEL: +49-3303-525-616
FAX: +49-3303-525-609

-Hasbi Kabacaoglu
TEL: +49-3303-525-656
FAX: +49-3303-525-609

CST Lab: NVLAP 100432-0

Postal mRevenector CA 2012
(Hardware Version: 580036020300/01; Firmware Versions: 90.0036.0201.00/2011485001 (Bootloader), 90.0036.0206.00/2011485001 (Software-Loader) and 90.0036.0211.00/2013032001 (CA Application))

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/26/2013 Overall Level: 3 

-Physical Security: Level 3 +EFP/EFT

-FIPS Approved algorithms: AES (Cert. #1493); DRBG (Cert. #61); DSA (Cert. #522); ECDSA (Cert. #185); HMAC (Cert. #878); KAS (Cert. #16); RSA (Certs. #732 and #785); SHS (Cert. #1346); Triple-DES (Cert. #1122)

-Other algorithms: NDRNG; Triple-DES (Cert. #1122, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip embedded

"The Francotyp-Postalia Postal mRevenector CA 2012 employs strong encryption, decryption, and digital signature techniques for the protection of customer revenues in Francotyp-Postalia's mail handlers. The Postal mRevenector CA 2012 has been designed in compliance with the Canadian Postal Specification."
1967 Telephonics Sweden AB
Vattenkraftsvagen 8
Stockholm, SE-135 70
Sweden

-Ingi Bjornsson
TEL: +46 8 7980933
FAX: +46 8 7988433

-Magnus Eriksson
TEL: +46 8 7980902
FAX: +46 8 7988433

CST Lab: NVLAP 100432-0

TruLink Control Logic Module CL6882-M1
(Hardware Version: P/N 010.6882-01 Rev. B2; Firmware Version: Boot: SW7158 v2.4 and Application: SW7151 v2.11.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/26/2013;
07/26/2013
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #2114); HMAC (Cert. #1286); SHS (Cert. #1838)

-Other algorithms: N/A

Multi-chip embedded

"TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio."
1966 Gemalto
Avenue du Jujubier, Z.I Athelia IV
La Ciotat, 13705
France

-Arnaud Lotigier
TEL: +33 4.42.36.60.74
FAX: +33 4.42.36.55.45

CST Lab: NVLAP 100432-0

IDCore 30
(Hardware Version: SLE78CFX3009P; Firmware Version: IDCore 30 Build 1.17, Demonstration Applet version V1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/21/2013;
07/05/2013
Overall Level: 3 

-FIPS Approved algorithms: RNG (Cert. #1128); Triple-DES (Cert. #1413); Triple-DES MAC (Triple-DES Cert. #1413, vendor affirmed); AES (Cert. #2261); RSA (Certs. #1158 and #1163); ECDSA (Cert. #363); CVL (Cert. #41); SHS (Cert. #1946)

-Other algorithms: EC Diffie-Hellman (SP 800-56A; non-compliant)

Single-chip

"The IDCore 30 is a part of Gemalto's IDCore family of Java Cards and offers a comprehensive array of features and options for logical and physical access control applications. IDCore 30 is a highly secure platform for private and public sector smart card deployments implementing Java Card 2.2.2 and Global Platform 2.1.1 / 2.2 Amdt D specifications. IDCore 30 is ideally suited for markets such as Identity or Security/Access, including one-time password authentication, Public Key Infrastructure (PKI) services, digital transactions and physical access control."
1965 Apricorn Inc.
12191 Kirkham Road
Poway, CA 92064
USA

-Mike McCandless
TEL: 858-513-4481
FAX: 858-513-4413

CST Lab: NVLAP 200802-0

Apricorn FIPS Module 140-2
(Hardware Version: REV. A [A,B] or REV. A with CAN 1A [A,B]; Firmware Version: 4.0 [A] or 4.1[B])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/14/2013;
04/16/2014;
06/27/2014
Overall Level: 2 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #2235); DRBG (Cert. #260); SHS (Cert. #1911)

-Other algorithms: NDRNG

Multi-chip embedded

"The Apricorn FIPS 140-2 Module is a flexible FIPS module with the ability to interface to multiple types of authentication or hardware. Completely contained within a small footprint/boundary, the module is designed to allow simple integration into various secure storage systems requiring a FIPS validated encryption boundary and does not require software. The Apricorn FIPS 140-2 Module is used in the Aegis Fortress, Padlock DT FIPS, and the Padlock SSD families."
1964 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple OS X CoreCrypto Module, v3.0
(Software Version: 3.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/14/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with OS X 10.8 running on Mac mini with i5 CPU with AES-NI; OS X 10.8 running on Mac mini with i5 CPU without AES-NI; OS X 10.8 running on iMac with i7 CPU with AES-NI; OS X 10.8 running on iMac with i7 CPU without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1339 and #1340); AES (Certs. #2088, #2089, #2090, #2091, #2092, #2093, #2094, #2095, #2103 and #2104); RSA (Certs. #1078 and #1079); SHS (Certs. #1816, #1817, #1818, #1819, #1827 and #1828); ECDSA (Certs. #312 and #313); HMAC (Certs. #1267, #1268, #1269, #1270, #1278 and #1279); DRBG (Certs. #217, #218, #219, #220, #226 and #227); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits of encryption strength); ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD2; MD4; MD5; CAST5; RIPEMD; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC (non-compliant)

Multi-chip standalone

"The Apple OS X CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
1963 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple iOS CoreCrypto Module, v3.0
(Hardware Version: A4 and A5; Software Version: 3.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software-Hybrid 06/14/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with iOS 6.0 running on an iPhone4; iOS 6.0 running on an iPhone4S; iOS 6.0 running on an iPad (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1336 and #1338); AES (Certs. #2072, #2073, #2074, #2075, #2076, #2077, #2100 and #2102); RSA (Certs. #1076 and #1077); SHS (Certs. #1805, #1806, #1824 and #1826); ECDSA (Certs. #309 and #311); HMAC (Certs. #1257, #1258, #1275 and #1277); DRBG (Certs. #209, #210, #223 and #225); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 160 bits of encryption strength); ECDSA (Curves P-192, P-224 and P-521; non-compliant); DES; MD2; MD4; MD5; RIPEMD; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC2; RC4; OMAC (non-compliant)

Multi-chip standalone

"The Apple iOS CoreCrypto Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
1962 ACES
H. No. 156, St 5, F11-1
Islamabad, Islamabad 44000
Pakistan

-Dr Mehreen Afzal
TEL: +923009878534
FAX: +92512224453

-Dr. Mureed Hussain
TEL: +923238556816
FAX: +92512224453

CST Lab: NVLAP 200856-0

Tahir Pak Crypto Library
(Software Version: 2.1.1)

(When installed, initialized and configured as specified in the Security Policy Section 6.1. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/14/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 2 with Red Hat Enterprise Linux 5.3 running on DELL PowerEdge T110 II 11th

-FIPS Approved algorithms: AES (Cert. #2341); DRBG (Cert. #291); DSA (Cert. #733); SHS (Cert. #2018); HMAC (Cert. #1450)

-Other algorithms: N/A

Multi-chip standalone

"TPCL (Tahir Pak Crypto Library) is a software cryptographic module which provides FIPS approved Cryptographic functions to consuming applications via an Application Programming Interface (API)."
1961 Telephonics Sweden AB
Vattenkraftsvagen 8
Stockholm, SE-135 70
Sweden

-Ingi Bjornsson
TEL: +46 8 7980933
FAX: +46 8 7988433

-Magnus Eriksson
TEL: +46 8 7980902
FAX: +46 8 7988433

CST Lab: NVLAP 100432-0

TruLink Control Logic Module CL6792-M1
(Hardware Version: P/N 010.6792-01 Rev. H3; Firmware Version: Boot: SW7098 v2.5 and Application: SW7099 v9.13.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/14/2013;
07/26/2013
Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #2113); HMAC (Cert. #1285); SHS (Cert. #1837)

-Other algorithms: N/A

Multi-chip embedded

"TruLink is a wireless intercom system for use in military and harsh industrial environments. It provides fully duplex wireless communication. TruLink users can converse among themselves without pressing a Push to Talk button or waiting for another user to finish their transmission. The system supports 50 channels. Up to 31 users can be logged on to a channel. Each channel is an independent network. TruLink employs a unique noise cancellation system that automatically adjusts its VOX switching level to match the ambient noise level and subtracts this noise from the user's transmitted audio."
1960 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Virtual Appliance for VMware ESXi 4.1
(Software Version: 8.2.1)

(When installed, initialized and configured as specified in the Security Policy Section 3.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/12/2013 Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with McAfee Secure OS v8.2 on VMware ESXi v4.1 running on a McAfee 7032 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1961, #1962 and #1963); Triple-DES (Certs. #1273, #1274 and #1275); SHS (Certs. #1720, #1721 and #1722); HMAC (Certs. #1182, #1183 and #1184); RNG (Certs. #1030, #1031 and #1032); RSA (Certs. #1015 and #1016); DSA (Certs. #626 and #627)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1959 Check Point Software Technologies Ltd
5 Ha'solelim Street
Tel Aviv, 67897
Israel

-Malcom Levy
TEL: +972-37534561
FAX: 732-416-1370

CST Lab: NVLAP 200427-0

Check Point CryptoCore
(Software Version: 2.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/12/2013 Overall Level: 1 

-EMI/EMC: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 without AES-NI (User Space); Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 without AES-NI (Kernel Space); Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 with AES-NI (User Space); Microsoft Windows 7 (32-bit) running on a Dell OptiPlex 755 with AES-NI (Kernel Space); Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 without AES-NI (User Space); Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 without AES-NI (Kernel Space); Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 with AES-NI (User Space); Microsoft Windows 7 (64-bit) running on a Dell OptiPlex 745 with AES-NI (Kernel Space); Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro without AES-NI (User Space); Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro without AES-NI (Kernel Space); Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro with AES-NI (User Space); Mac OS X 10.7 (32-bit) running on a Apple MacBook Pro with AES-NI (Kernel Space); Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro without AES-NI (User Space); Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro without AES-NI (Kernel Space); Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro with AES-NI (User Space); Mac OS X 10.7 (64-bit) running on a Apple MacBook Pro with AES-NI (Kernel Space); UEFI Pre-boot (64-bit) running on a Apple MacBook Pro without AES-NI; UEFI Pre-boot (64-bit) running on a Apple MacBook Pro with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2182); DRBG (Cert. #255); HMAC (Cert. #1336); RNG (Cert. #1104); RSA (Cert. #1125); SHS (Cert. #1891); Triple-DES (Cert. #1382); Triple-DES MAC (Triple-DES Cert. #1382, vendor affirmed)

-Other algorithms: AES (Cert. #2182, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Blowfish; CAST-128; CAST-256; DES; MD5; PKCS#5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (non-compliant);

Multi-chip standalone

"Check Point Crypto Core is a 140-2 Level 1 cryptographic module for Windows 7, Mac OS X, and UEFI firmware. The module provides cryptographic services accessible in pre-boot mode, kernel mode and user mode on the respective platforms through implementation of platform specific binaries."
1958 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® G5 Cryptographic Module
(Hardware Version: LTK-03, Version Code 0102; Firmware Version: 6.2.3)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/11/2013 Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2262 and #2263); Triple-DES (Certs. #1414 and #1415); Triple-DES MAC (Triple-DES Certs. #1414 and #1415, vendor affirmed); DSA (Certs. #704 and 705); SHS (Certs. #1947 and #1948); RSA (Certs. #1159 and #1160); HMAC (Certs. #1386 and #1387); DRBG (Cert. #277); ECDSA (Certs. #364 and #365); KAS (Cert. #37); KBKDF (Cert. #5)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2263; non-compliant); AES (Certs. #2262 and #2263, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1414 and #1415, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface."
1957 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® G5 Cryptographic Module
(Hardware Version: LTK-03, Version Code 0102; Firmware Version: 6.2.3)

(When operated in FIPS mode and initialized to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 06/11/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #2262 and #2263); Triple-DES (Certs. #1414 and #1415); Triple-DES MAC (Triple-DES Certs. #1414 and #1415, vendor affirmed); DSA (Certs. #704 and 705); SHS (Certs. #1947 and #1948); RSA (Certs. #1159 and #1160); HMAC (Certs. #1386 and #1387); DRBG (Cert. #277); ECDSA (Certs. #364 and #365); KAS (Cert. #37); KBKDF (Cert. #5)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; SEED; ARIA; MD2; MD5; HAS-160; DES-MAC; RC2-MAC; RC5-MAC; CAST5-MAC; SSL3-MD5-MAC; SSL3-SHA1-MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES MAC (AES Cert. #2263; non-compliant); AES (Certs. #2262 and #2263, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #1414 and #1415, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant); RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Luna® G5 delivers key management in a portable appliance. All key materials are maintained exclusively within the confines of the hardware. The small form-factor and on-board key storage sets the product apart, making it especially attractive to customers who need to physically remove and store the small appliance holding PKI root keys. The appliance directly connects the HSM to the application server via a USB interface."
1956 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple OS X CoreCrypto Kernel Module, v3.0
(Software Version: 3.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/07/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with OS X 10.8 running on Mac mini with i5 CPU with AES-NI; OS X 10.8 running on Mac mini with i5 CPU without AES-NI; OS X 10.8 running on iMac with i7 CPU with AES-NI; OS X 10.8 running on iMac with i7 CPU without AES-NI (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1331 and #1332); AES (Certs. #2080, #2081, #2082, #2083, #2084, #2085, #2086 and #2087); SHS (Certs. #1810, #1811, #1812, #1813, #1814 and #1815); ECDSA (Certs. #305 and #306); HMAC (Certs. #1261, #1262, #1263, #1264, #1265 and #1266); DRBG (Certs. #211, #212, #213, #214, #215 and #216); PBKDF (vendor affirmed)

-Other algorithms: ECDSA (P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC (non-compliant)

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
1955 Kony, Inc.
7380 West Sand Lake Road #390
Orlando, FL 32819
USA

-Matthew Terry
TEL: 407-730-5669
FAX: 407-404-3738

CST Lab: NVLAP 100432-0

Kony Cryptographic Library
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 06/03/2013;
08/23/2013;
09/16/2013
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with Android 2.2 running on HTC Desire without NEON; Android 2.2 running on HTC Desire with NEON; Android 3.0 running on Nook BNRV200 without NEON; Android 3.0 running on Nook BNRV200 with NEON; Android 4.0 running on Beagleboard-XM without NEON; Android 4.0 running on Beagleboard-XM with NEON; Apple iOS 5.0 running on iPhone 4 without NEON; Apple iOS 5.0 running on iPhone 4 with NEON; Apple iOS 6.0 running on iPhone 4 without NEON; Apple iOS 6.0 running on iPhone 4 with NEON (single user mode)

-FIPS Approved algorithms: AES (Cert. #2338); DRBG (Cert. #290); DSA (Cert. #732); HMAC (Cert. #1448); RNG (Cert. #1164); RSA (Cert. #1204); SHS (Cert. #2016); Triple-DES (Cert. #1464); ECDSA (Cert. #382); CVL (Cert. #51)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"The Kony Cryptographic Library is a full featured cryptographic module used in Kony mobile and multi-channel application platforms and the KonyOne™ Platform."
1954 ViaSat, Inc.
6155 El Camino Real
Carlsbad, CA 92009
USA

-Ben Davis
TEL: 760-476-2200
FAX: 760-929-3941

CST Lab: NVLAP 100432-0

Enhanced Bandwidth Efficient Modem (EBEM) Cryptographic Module
(Hardware Versions: P/Ns 1010162 Version 1, 1010162 with ESEM Version 1, 1091549 Version 1, 1075559 Version 1, 1075559 with ESEM Version 1, 1091551 Version 1, 1010163 Version 1, 1010163 with ESEM Version 1, 1091550 Version 1, 1075560 Version 1, 1075560 with ESEM Version 1 and 1091552 Version 1; Firmware Version: 02.03.02)

(The tamper evident seal installed as indicated in the Security Policy for the optional ESEM feature)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/30/2013 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1203, #1204 and #2242); SHS (Certs. #1931 and #1932); HMAC (Cert. #1372); ECDSA (Cert. #351); RNG (Cert. #1121)

-Other algorithms: EC Diffie-Hellman (key agreement; key establishment methodology provides 128 or 256 bits of encryption strength)

Multi-chip standalone

"The Enhanced Bandwidth Efficient Modem (EBEM) is a high-performance multi-input/multi-output SCPC satellite modulator/demodulator that converts multiple baseband digital input signals into multiple waveform intermediate frequencies (IF) and vice-versa.The EBEM provides extensive backwards compatibility with fielded modem and crypto technology, while adding high-order terminal modulation and Turbo coding to further enhance bandwidth efficiency."
1953 NXP Semiconductors
Mikronweg 1
Gratkorn, 8101
Austria

-Markus Moesenbacher
TEL: +43 3124 299 652
FAX: +43 3124 299 270

CST Lab: NVLAP 100432-0

NXP JCOP 2.4.2 R2
(Hardware Versions: P5CC081 V1A, P5CD081 V1A, P5CD081 V1D, P5CC145 V0B and P5CD145 V0B; Firmware Versions: JCOP 2.4.2 R2 Mask ID 59 and patchID 3 with Demonstration Applet v1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/23/2013 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: RNG (Cert. #942); Triple-DES (Certs. #1144 and #1145); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); AES (Certs. #2120, #2121, #2151 and #2152); SHS (Cert. #1553); RSA (Certs. #1090 and #1091); ECDSA (Cert. #317); CVL (Cert. #26)

-Other algorithms: HW RNG; RSA (non-compliant); Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of security strength); AES (Certs. #2120 or #2151, key wrapping; key establishment methodology provides 128 bits of security strength)

Single-chip

"NXP J3D081, J2D081, J3D145, J2D145 Secure Smart Card Controller Revision 2"
1952 3S Group Incorporated
125 Church Street, N.E., Suite 204
Vienna, VA 22180
USA

-Satpal Sahni
TEL: 703-281-5015
FAX: 703-281-7816

CST Lab: NVLAP 200002-0

3S Group Cryptographic Module (3SGX)
(Hardware Version: 1.0; Firmware Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/23/2013 Overall Level: 3 

-FIPS Approved algorithms: Triple-DES (Cert. #1315); AES (Cert. #2038); DSA (Cert. #646); RSA (Cert. #1058); SHS (Cert. #1784); DRBG (Cert. #200); ECDSA (Cert. #297); HMAC (Cert. #1237); Skipjack (Cert. #19); KAS (Cert. #35); KTS (vendor affirmed); CVL (Cert. #25)

-Other algorithms: Diffie-Hellman (key agreement); Diffie-Hellman (CVL Cert. #25; key agreement); EC Diffie-Hellman (CVL Cert. #25; key agreement); KEA; RSA (key wrapping); AES (Cert. #2038, key wrapping); Triple-DES (Cert. #1315, key wrapping)

Multi-chip embedded

"3SGX is a high performance embedded PCIe cryptographic module that provides complete cryptographic support to hundreds of concurrent users and/or applications. Each user/application is authenticated twice before accessing its own symmetric and asymmetric keys and certificates. All cryptographic and key management operations are performed within the Hardware Security Module (HSM). 3SGX HSM is the core of 3S Group's hardware security appliances. Available in a range of models and configurations and high-level APIs, it is ideal for enterprise key management, virtualization and cloud server soluti"
1951 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0

FortiGate-80C [1], FortiGate-110C [2], FortiGate-60C [3] and FortiWiFi-60C [4]
(Hardware Version: C4BC61 [1], C4HA15 [2], C4DM93 [3] and C4DM95 [4] with Tamper Evident Seal Kits: FIPS-SEAL-BLUE [1,2] or FIPS-SEAL-RED [3,4]; Firmware Version: (FortiOS 4.0, build3830, 131223))

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/23/2013;
11/08/2013;
06/27/2014
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2277, #2607 and #2608); Triple-DES (Certs. #1424, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1958, #2191 and #2192); HMAC (Certs. #1395, #1615 and #1616); RSA (Certs. #1168 and #1334)

-Other algorithms: AES-CCM (non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1950 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381 x7416
FAX: 613-225-2951

CST Lab: NVLAP 200928-0

FortiGate-1000C [1], FortiGate-1240B [2] and FortiGate-3140B [3]
(Hardware Versions: C4HR40 [1], C4CN43 [2] and C4XC55 [3] with Tamper Evident Seal Kits: FIPS-SEAL-RED [1,3] or FIPS-SEAL-BLUE [2]; Firmware Versions: (FortiOS 4.0, build3767, 130923) [1] and (FortiOS 4.0, build3830, 131223) [2,3])

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 05/23/2013;
11/08/2013;
06/27/2014
Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2278, #2279, #2607 and #2608); Triple-DES (Certs. #1425, #1426, #1572 and #1573); RNG (Cert. #1234); SHS (Certs. #1959, #1960, #2191 and #2192); HMAC (Certs. #1396, #1397, #1615 and #1616); RSA (Certs. #1169, #1170 and #1334)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; MD5; HMAC-MD5; NDRNG

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1949 Harris Corporation
1680 University Avenue
Rochester, NY, NY 14610
USA

-Michael Vickers
FAX: 434-455-6851

CST Lab: NVLAP 200996-0

Harris AES Software Load Module
(Software Version: R04A01)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/16/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Texas Instruments DSP/BIOS Software Kernel Version 5.33.03 running on a Texas Instruments TMS320C55x (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1482 and #2320)

-Other algorithms: AES (Cert. #1482, key wrapping)

Multi-chip standalone

"The Harris AES Software Load Module is a single software component which provides cryptographic services directly to a Digital Signal Processor (DSP) application on Harris terminals."
1948 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Ross Choi
TEL: 972-761-7628

-Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0

Samsung OpenSSL Cryptographic Module
(Software Version: SFOpenSSL1.0.0e-1.1)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 05/16/2013 Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Ice-cream Sandwich 4.0 on Galaxy S3 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2108); HMAC (Cert. #1282); SHS (Cert. #1831); Triple-DES (Cert. #1343); RSA (Cert. #1082); DSA (Cert. #658); RNG (Cert. #1083)

-Other algorithms: Blowfish; Triple-DES-CTR (non compliant); AES-CTR (non compliant); MD5; IDEA; RC2; RC4; Diffie-Hellman; md_rand.c

Multi-chip standalone

"Provides general purpose cryptographic services to user-space applications on the mobile platform for the protection of data in transit."
1947 TrellisWare Technologies Inc.
16516 Via Esprillo
Suite 300
San Diego, CA 92127
USA

-Jeffery Thomas
TEL: 858-753-1617
FAX: 858-753-1641

-James Morse
TEL: 858-753-1646
FAX: 858-753-1640

CST Lab: NVLAP 100432-0

TW-230 (CheetahNet II)
(Hardware Version: ASY0560001 rev X2; Firmware Version: 4c-beta2-FIPS)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/16/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1980); RSA (Cert. #1026); SHS (Cert. #1734)

-Other algorithms: AES (Cert. #1980, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES (non-compliant)

Multi-chip standalone

"The TW-230 combines the high data rate capability of TrellisWare's Tactical Scalable MANET-Enhanced (TSM-E) waveform with narrowband VHF/UHF AM/FM voice. TW-230 provides a robust highly scalable self-forming, self-healing wideband networked waveform transparent to the operator. The TW-230 supports multi-channel push to talk (PTT) voice, IP data, position location information (PLI) tracking, and remote operation of live streaming video. The TW-230 can also be operated in plaintext narrowband voice modes that allow it to interoperate with most other standard AM/FM PTT radios."
1946 TrellisWare Technologies Inc.
16516 Via Esprillo
Suite 300
San Diego, CA 92127
USA

-Jeffery Thomas
TEL: 858-753-1617
FAX: 858-753-1641

-James Morse
TEL: 858-753-1646
FAX: 858-753-1640

CST Lab: NVLAP 100432-0

TW-400 (CUB)
(Hardware Version: ASY0540250 rev X1; Firmware Version: 4c-beta2-FIPS)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/14/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1980); RSA (Cert. #1026); SHS (Cert. #1734)

-Other algorithms: AES (Cert. #1980, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES (non-compliant)

Multi-chip standalone

"The TW-400 is a small form factor software defined radio that employs an enhanced version of TrellisWare's Tactical Scalable MANET waveform (TSM-E) and is capable of robust operation at high data rate modes. The TW-400 supports multi-channel push to talk (PTT) voice, IP data, network level position location information (PLI) tracking, sleep functions for long term sensing applications, IP gateway features and remote operation of live streaming video sources for networked sensing missions."
1945

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/10/2013 Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Single-chip

1944 Apple Inc.
1 Infinite Loop
Cupertino, CA 95041
USA

-Shawn Geddis

CST Lab: NVLAP 200658-0

Apple iOS CoreCrypto Kernel Module, v3.0
(Software Version: 3.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 05/03/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with iOS 6.0 running on an iPhone4; iOS 6.0 running on an iPhone4S; iOS 6.0 running on an iPad (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1335 and #1337); AES (Certs. #2070, #2071, #2099 and #2101); SHS (Certs. #1803, #1804, #1823 and #1825); ECDSA (Certs. #308 and #310); HMAC (Certs. #1255, #1256, #1274 and #1276); DRBG (Certs. #222 and #224); PBKDF (vendor affirmed)

-Other algorithms: ECDSA (Curves P-192, P-224 and P-521; non-compliant); DES; MD5; CAST5; Blowfish; BitGen1; BitGen2; BitGen3; RC4; OMAC (non-compliant)

Multi-chip standalone

"The Apple iOS CoreCrypto Kernel Module is a software cryptographic module running on a multi-chip standalone mobile device and provides services intended to protect data in transit and at rest."
1943 VT iDirect, Inc.
13865 Sunrise Valley Drive
Suite 100
Herndon, VA 20171
USA

-Paul Harr
TEL: 703-648-8225
FAX: 703-648-8088

CST Lab: NVLAP 200556-0

Evolution e8350™ - Satellite Router [1], iConnex e800™ - Satellite Router Board [2], iConnex e850MP™ Satellite Router Board [3], iConnex e850MP™ - IND Satellite Router Board [4], iConnex e850MP™ - IND with Heat Sink Satellite Router Board [5], Evolution eM1D1™ Line Card [6] and Evolution eM0DM™
(Hardware Versions: Part #E0000051-0003 [1]; Part #E0001340-0002 [2]; Part #E0000731-0001 [3]; E0000731-0002 [4]; Part #E0000731-0003 [5]; Part #E0000080-0002 [6]; Part #E0000080-0005 [7]; Firmware Version: iDX version 2.3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/02/2013 Overall Level: 1 

-FIPS Approved algorithms: AES (Certs. #1944 and #1945); SHS (Cert. #1709); RNG (Cert. #1024); RSA (Cert. #1007); HMAC (Cert. #1173)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RNG; PBKDF (non-compliant)

Multi-chip embedded

"iDirect's AES-based bidirectional TRANSEC, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical"
1942 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Catalyst C4500X-32SFP+ and Catalyst C4500X-F-32SFP+
(Hardware Versions: Catalyst C4500X-32SFP+ and Catalyst C4500X-F-32SFP+; FIPS kit packaging (CVPN4500FIPS/KIT=); Firmware Version: 3.3.1SG)

(When operated in FIPS mode and when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/02/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1977); DRBG (Cert. #179); HMAC (Cert. #1190); RNG (Cert. #1072); RSA (Certs. #1023 and #1024); SHS (Certs. #1730 and #1731); Triple-DES (Cert. #1282)

-Other algorithms: MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The fixed-aggregation Cisco Catalyst 4500-X Series Switches deliver best-in-class scalability, simplified network virtualization, and integrated network services for space-constrained environments in campus networks. The Catalyst 4500-X switches provide a secure and manageable platform that meets FIPS 140-2 Level 2 requirements."
1941 IBM Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, GA 30328
USA

-Scott Sinsel
TEL: 404-236-2722
FAX: 404-236-2632

CST Lab: NVLAP 200416-0

Proventia GX Series Security Appliances
(Hardware Versions: GX7800 and GX7412; with FIPS-LABELS: FIPS 140 tamper evidence labels; Firmware Version: 4.3)

(When operated in FIPS mode when installed with Firmware v4.3 and with the tamper evidence seals installed as indicated in the Security Policy. No assurance of module integrity when operating in non-FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/30/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #2006); HMAC (Cert. #1211); RNG (Cert. #1049); RSA (Cert. #1035); SHS (Cert. #1756)

-Other algorithms: RSA (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"The IBM Proventia Network Intrusion Prevention System (IPS) stops Internet threats before they impact your business and delivers protection to all three layers of the network: core, perimeter and remote segments. Preemptive protection, or protection that works ahead of the threat, is available from IBM Internet Security Systems through its proprietary combination of line-speed performance, security intelligence and a modular protection engine that enables security convergence."
1940 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

IOS Common Cryptographic Module (IC2M)
(Firmware Versions: Rel 1(1.0.0), Rel 1(1.0.1) and Rel 1(1.0.2))

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 04/30/2013 Overall Level: 1 

-Tested: Cisco Catalyst 2960 with IOS 15.0SE; Cisco 3925 ISR with IOS 15.2; Cisco 2811 ISR with IOS 15.2

-FIPS Approved algorithms: AES (Certs. #2134 and #2136); CVL (Cert. #30); DRBG (Cert. #237); ECDSA (Cert. #322); HMAC (Cert. #1304); RSA (Cert. #1100); SHS (Certs. #1858 and #1859); Triple-DES (Certs. #1358, #1359 and #1360)

-Other algorithms: DES; HMAC-MD5; MD2; MD5; RC2; RC4; SEAL; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The IC2M module provides the FIPS validated cryptographic algorithms for services requiring those algorithms. The module does not implement any protocols directly. Instead, it provides the cryptographic primitives and functions to allow IOS to implement those various protocols."
1939 Chunghwa Telecom Co., Ltd.
12, Lane 551, Min-Tsu Road SEC.5
Yang-Mei
Taoyuan, Taiwan 326
Republic of China

-Yeou-Fuh Kuan
TEL: +886-3-424-4333
FAX: +886-3-424-4129

-Char-Shin Miou
TEL: +886 3 424 4381
FAX: +886-3-424-4129

CST Lab: NVLAP 200928-0

HiCOS PKI Native Smart Card
(Hardware Versions: HD65255C1 and HD65257C1; Firmware Versions: HardMask: 2.1 and SoftMask: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/30/2013 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Cert. #1219); Triple-DES MAC (Triple-DES Cert. #1219, vendor affirmed); SHS (Cert. #1649); RSA (Cert. #957); DRBG (Cert. #155)

-Other algorithms: N/A

Single-chip

"The HiCOS PKI native smart card module is a single chip implementation of a cryptographic module. The HiCOS PKI native smart card module is mounted in an ID-1 class smart card body that adheres to ISO/IEC specifications for Integrated Circuit Chip (ICC) based identification cards. The module consists of the chip (ICC), the contact faceplate, and the electronic connectors between the chip and contact pad, all contained within an epoxy substrate."
1938 SafeLogic, Inc.
530 Lytton Avenue
Suite 200
Palo Alto, CA USA

-SafeLogic Inside Sales

CST Lab: NVLAP 200556-0

CryptoComply™ | Mobile
(Software Version: 2.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 04/30/2013;
11/08/2013;
04/23/2014
Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus; iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3; iOS 7 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"CryptoComply™ | Mobile is a standards-based "Drop-in Compliance" cryptographic engine for mobile devices. The module delivers core cryptographic functions to mobile platforms and features robust algorithm support, including Suite B algorithms. CryptoComply™ | Mobile offloads functions for secure key management, data integrity, data at rest encryption, and secure communications to a trusted implementation."
1937 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 200556-0

Symantec App Center Cryptographic Module
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/30/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android 4.0 running on a Galaxy Nexus; iOS 5.1 running on a iPad 3; iOS 6 running on a iPad 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2125 and #2126); HMAC (Certs. #1296 and #1297); DSA (Certs. #666 and #667); ECDSA (Certs. #319 and #320); RSA (Certs. #1094 and #1095); SHS (Certs. #1849 and #1850); Triple-DES (Certs. #1351 and #1352); DRBG (Certs. #233 and #234); CVL (Certs. #28 and #29); RNG (Certs. #1091 and #1092)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Symantec App Center Cryptographic Module Version 1.0 provides cryptographic functions for Symantec App Center, a scalable solution for deploying and managing native and web apps on corporate-liable and employee-owned mobile devices."
1936 Mxtran Inc.
9F, No.16, Li-Hsin Road, Science Park
Hsin-chu, Taiwan 300
Republic of China

-C.W. Pang
TEL: +886-3-6661778#29300
FAX: +886-3-6662568

CST Lab: NVLAP 200824-0

Mxtran Payeeton Solution
(Hardware Version: MX12E320128E; Firmware Version: Simker v3.20)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/24/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1691); ECDSA (Cert. #340); HMAC (Cert. #1339); RNG (Cert. #1107); RSA (Cert. #1127); SHS (Cert. #1479); Triple-DES (Cert. #1091)

-Other algorithms: Triple-DES (Cert. #1091, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"Mxtran Payeeton Solution of Mxtran Inc. acts as a flexible platform for diversified mobile commerce services, allowing Mxtran clients to support both proximity payment and mobile payment via Short Message Service for prepaid, online paid and post-paid services including e-ticketing, e-coupons, access control, membership management and more. Mxtran leverages extensive integrated circuit expertise to deliver highly customizable, portable applications and payment services in a single handset."
1935 Cisco Systems, Inc.
170 West Tasman Drive,
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 5915 Embedded Services Routers
(Hardware Versions: Cisco 5915 ESR air-cooled card and Cisco 5915 ESR conduction-cooled card; Firmware Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/18/2013 Overall Level: 1 

-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Certs. #962, #1535 and #2031); DRBG (Cert. #196); HMAC (Certs. #537 and #1232); RSA (Cert. #1055); SHS (Certs. #933 and #1779); Triple-DES (Certs. #757 and #1310)

-Other algorithms: DES; DES MAC; HMAC MD4; HMAC MD5; MD4; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); GDOI (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)

Multi-chip embedded

"The Cisco 5915 ESR is a high-performance, ruggedized router designed for use in harsh environments-offering reliable operation in extreme temperatures and under shock and vibration conditions typical for mobile applications in rugged terrain. With onboard hardware encryption, the Cisco 5915 ESR offloads encryption processing from the routing engine to provide highly secure yet scalable video, voice, and data services for mobile and embedded outdoor networks."
1934 VT iDirect, Inc.
13865 Sunrise Valley Drive
Suite 100
Herndon, VA 20171
USA

-Paul Harr
TEL: 703-648-8225
FAX: 703-648-8088

CST Lab: NVLAP 200556-0

Evolution e8350™ - FIPSL2 Satellite Router [1], iConnex e800™ - FIPSL2 Satellite Router Board [2], iConnex e850MP™ - FIPSL2 Satellite Router Board [3], Evolution eM1D1™ - FIPSL2 Line Card [4] and Evolution eM0DM™ - FIPSL2 Line Card [5]
(Hardware Versions: Part #E0000051-0005 [1]; Part #E0001340-0001 [2]; Part #E0000731-0004 [3]; Part #E0001306-0001 [4]; Part #E0001306-0002 [5]; Firmware Version: iDX version 2.3.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/18/2013 Overall Level: 1 

-Physical Security: Level 2

-FIPS Approved algorithms: AES (Certs. #1944 and #1945); SHS (Cert. #1709); RNG (Cert. #1024); RSA (Cert. #1007); HMAC (Cert. #1173)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); PBKDF (non-compliant)

Multi-chip embedded

"iDirect's AES-based bidirectional TRANSEC, combined with other system features such as cutting-edge coding techniques, acceleration and compression provides a fully integrated IP networking solution where security, performance and bandwidth efficiency are critical"
1933 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Ann-Marie Rubin
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 dm-crypt Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode with Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758, Red Hat Enterprise Linux 6.2 Kernel Crypto API Cryptographic Module validated to FIPS 140-2 under Cert. #1901, Red Hat Enterprise Linux 6.2 Libgcrypt Cryptographic Module validated to FIPS 140-2 under Cert. #1757 and NSS Cryptographic Module validated to FIPS 140-2 under Cert. #1837, each module shall be obtained, installed, and initialized as specified in Section 9.1 of the provided Security Policy. Section 1 of the provided Security Policies specifies the precise RPM file containing each module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/15/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 without AES-NI running on HP ProLiant DL585; Red Hat Enterprise Linux 6.2 with AES-NI running on IBM HS22; Red Hat Enterprise Linux 6.2 without AES-NI running on IBM HS22 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1968, #1969, #1970, #1971 and #1972); Triple-DES (Certs. #1278 and #1279); SHS (Certs. #1657, #1658, #1659, #1660, #1661, #1662, #1663, #1664, #1725, #1726, #1741 and #1742); HMAC (Certs. #1128, #1129, #1130, #1131, #1132, #1133, #1134, #1135, #1199 and #1200); RNG (Certs. #988, #991, #992 and #993); DSA (Certs. #628, #629, #634 and #635); PBKDF (vendor affirmed)

-Other algorithms: DES; AES-CTR (non-compliant); AES-XTS (non-compliant); AES-CBC (non-compliant)

Multi-chip standalone

"Device-mapper is an infrastructure in the Linux kernel that provides a generic way to create virtual layers of block devices on top of real block devices. dm-crypt is a device-mapper target that provides transparent encryption of block devices using the Kernel Crypto API shipped with RHEL 6.2. The user can specify one of the symmetric ciphers, a key (of any allowed size), an IV generation mode which allows the user to create a new block device in /dev. Writes to this device will be encrypted and reads decrypted transparent to the user."
1932 Cisco Systems, Inc.
170 West Tasman Dr.
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco ASA 5505, ASA 5510, ASA 5520, ASA 5540, ASA 5550, ASA 5580-20, ASA 5580-40, ASA 5585-X SSP-10, 5585-X SSP-20, 5585-X SSP-40 and 5585-X SSP-60 Security Appliances
(Hardware Versions: 5505 [1, 2], 5510 [1], 5520 [1], 5540 [1], 5550 [1], 5580-20 [3], 5580-40 [3], 5585-X SSP-10 [4], 5585-X SSP-20 [4], 5585-X SSP-40 [4], 5585-X SSP-60 [4] with [FIPS Kit (DS-FIPS-KIT= Rev -BO)] [1], [ASA 5505 FIPS Kit (ASA5505-FIPS-KIT Rev-A0)] [2], [ASA 5580 FIPS Kit (ASA5580-FIPS-KIT)] [3] or [ASA 5585 FIPS Kit (ASA5585-X-FIPS-KIT)] [4]; Firmware Version: 8.4.4.1)

(Validated when tamper evident labels and security devices are installed on the initially built configuration as indicated in the Security Policy and when operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/08/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Certs. #105, #1407, #2047, #2049 and #2050); HMAC (Certs. #125, #301, #1244, #1246 and #1247); RNG (Certs. #144, #329, #772, #1068 and #1070); RSA (Certs. #106, #261, #1064, #1065 and #1066); SHS (Certs. #196, #630, #1791, #1793 and #1794); Triple-DES (Certs. #217, #559, #960, #1320 and #1321)

-Other algorithms: DES; HMAC MD5; MD5; NDRNG; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The market-leading Cisco ASA Security Appliance Series deliver robust user and application policy enforcement, multi-vector attack protection, and secure connectivity services in cost-effective, easy-to-deploy solutions. The ASA 5500 Series Adaptive Security Appliances provide comprehensive security, performance, and reliability for network environments of all sizes"
1931 INSIDE Secure
Eerikinkatu 28
Helsinki, 00180
Finland

-Serge Haumont
TEL: +358 40 5808548

-Marko Nippula
TEL: +358 40 762 9394

CST Lab: NVLAP 200427-0

SafeZone FIPS Cryptographic Module
(Software Version: 1.0.3 and 1.0.3A)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/08/2013;
05/20/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux kernel 2.6 running on a Pandaboard; Android 2.3 running on a Pandaboard; Android 4.0 running on a Pandaboard; Android 4.4 running on a Samsung Galaxy Note 3 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2041 and #2837); CVL (Certs. #21 and #261); CVL (SP 800-135rev1, vendor affirmed); DRBG (Certs. #203 and #493); DSA (Certs. #648 and #854); ECDSA (Certs. #299 and #497); HMAC (Certs. #1240 and #1778); KBKDF (vendor affirmed); KTS (vendor affirmed); PBKDF (vendor affirmed); RSA (Certs. #1061 and #1479); SHS (Certs. #1787 and #2378); Triple-DES (Certs. #1318 and #1697)

-Other algorithms: AES (Certs. #2041 and #2837, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"SafeZone FIPS Cryptographic Module is a FIPS 140-2 Security Level 1 validated software cryptographic module from INSIDE Secure. The module is a toolkit which provides the most commonly needed cryptographic primitives for a large variety of applications, including but not limited to, primitives needed for DAR, DRM, TLS, and VPN on mobile devices."
1930 SUSE Linux Products GmbH
Maxfeldstr. 5
Nuremberg, 90409
Germany

-Roman Drahtmüller
TEL: +49-911-74053127

CST Lab: NVLAP 200658-0

OpenSSL Module
(Software Version: 0.9.8j)

(The module generates cryptographic keys whose strengths are modified by available entropy. When installed, initialized and configured as specified in the security policy section 9.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 04/08/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with SUSE Linux Enterprise Server 11 SP2 32-bit running on HP ProLiant DL380 without AES-NI; SUSE Linux Enterprise Server 11 SP2 32-bit running on HP ProLiant DL380 with AES-NI; SUSE Linux Enterprise Server 11 SP2 64-bit running on HP ProLiant DL380 without AES-NI; SUSE Linux Enterprise Server 11 SP2 64-bit running on HP ProLiant DL380 with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2052, #2053, #2054 and #2055); Triple-DES (Certs. #1323 and #1324); DSA (Certs. #650 and #651); SHS (Certs. #1797 and #1798); RNG (Certs #1073 and #1074); HMAC (Cert #1249 and #1250); RSA (Certs #1069 and #1070)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 160 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; HMAC-MD5

Multi-chip standalone

"The OpenSSL Module is a software library supporting FIPS 140-2 -approved cryptographic algorithms for the purposes of protecting data in transit and at rest on the SUSE Linux platforms."
1929 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124-3452
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: N/A

CST Lab: NVLAP 100432-0

SRA EX9000
(Hardware Version: P/N 101-500352-50 Rev A; Firmware Version: SRA 10.6.1)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/08/2013 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1868, #1869 and #1870); HMAC (Certs. #1113, #1114 and #1115); RNG (Cert. #980); RSA (Certs. #950 and #951); SHS (Certs. #1642, #1643 and #1644); Triple-DES (Certs. #1213, #1214 and #1215)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4

Multi-chip standalone

"Mobile enterprises with hundreds or even thousands of mobile users can enjoy secure, easy-to-manage remote access with the Dell® SonicWALL® Aventail® E-Class Secure Remote Access (SRA) EX9000 appliance. This clientless SSL VPN solution increases user productivity and maximizes IT control by providing authorized access to any application from a broad range of cross-platform devices."
1928 Christie Digital Systems Canada, Inc.
809 Wellington St. N.
Kitchener, Ontario N2G 4Y7
Canada

-Kevin Draper
TEL: 519-741-3741
FAX: 519-741-3912

CST Lab: NVLAP 200802-0

Christie IMB-S2 4K Integrated Media Block (IMB)
(Hardware Version: 000-102675-01; Firmware Versions: 1.0.1-2641 or 1.0.3-3047 or 1.1.0-3271 or 1.2.0-3400 or 1.2.1-3546)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/08/2013;
04/19/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #2042 and #2043); SHS (Certs. #1788 and #1789); HMAC (Certs. #1241 and #1242); RNG (Cert. #1066); RSA (Cert. #1062)

-Other algorithms: NDRNG; MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); TI ECDH; TI S-box

Multi-chip embedded

"The Christie IMB-S2 is a DCI-compliant solution to enable the playback of the video, audio and timed text essence on a 2K or 4K DLP Series-II digital cinema projector. The IMB-S2 utilizes an integrated SMS and permits the playback of alternative content and High Frame Rate (HFR) material."
1927 Feitian Technologies Co., Ltd.
Floor 17th, Tower B, Huizhi Mansion
No.9 Xueqing Road
Haidan District Beijing, 100085
People's Republic of China

-Tibi Zhang
TEL: 86-010-62304466 x821
FAX: 86-010-62304416

-Xiaozhi Zheng
TEL: 86-010-62304466 x531
FAX: 86-010-62304416

CST Lab: NVLAP 200427-0

FEITIAN-FIPS-COS
(Hardware Version: 1.0.0; Firmware Version: 1.0.0)

(When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/08/2013 Overall Level: 2 

-Physical Security: Level 3

-FIPS Approved algorithms: AES (Cert. #1473); DRBG (Cert. #58); RSA (Cert. #720); SHS (Cert. #1332); Triple-DES (Cert. #991)

-Other algorithms: AES MAC (AES Cert. #1473; non-compliant); DES; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"FEITIAN-FIPS-COS, is both an integrated circuit and an operating system, and has been developed to support their ePass series USB1 tokens. These tokens are designed to provide strong authentication and identification and to support network logon, secure online transactions, digital signatures, and sensitive data protection. The FEITIAN-FIPS-COS provides all cryptographic functionality for their ePass line of products. ePass supports dual-factor authentication with an ISO27816-12 USB interface for the PC host connection acting as a smart card reader."
1926

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 04/08/2013;
12/13/2013
Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Single-chip

1925 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Ross Choi
TEL: 972-761-7628

-Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0

Samsung Key Management Module
(Software Version: KM1.1)

(The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 04/04/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 on Galaxy S2 and Galaxy S3; Android Jelly Bean 4.1 on Galaxy Note II (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2048, #2098, #2142, #2143 and #2257); SHS (Certs. #1792, #1822, #1864, #1865 and #1944); RNG (Certs. #1069, #1080, #1097, #1098 and #1127); HMAC (Certs. #1245, #1273, #1309, #1310 and #1384); PBKDF (vendor affirmed)

-Other algorithms: N/A

Multi-chip standalone

"Provides general purpose key management services to user-space applications on the mobile platform."
1924 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

-Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0

HP MSR30/50 Routers with Encryption Accelerator Modules
(Hardware Versions: HP MSR30-10 with JG585A and JG582A, HP MSR30-10 DC with JG585A and JG582A, HP MSR30-40 with JG585A and JG580A, HP MSR30-40 DC with JG585A and JG580A, HP MSR30-60 with JG585A and JG581A, HP MSR30-60 DC with JG585A and JG581A, HP MSR30-20 PoE with JG585A and JG579A, HP MSR30-20 DC with JG585A and JG579A, HP MSR30-60 PoE with JG585A and JG581A, HP MSR50-40 with JG586A and JG583A and HP MSR50-60 with JG586A and JG584A; Software Version: 5.2; Firmware Version: 5.2)

(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/26/2013;
10/25/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Certs. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The HP MSR30/50 provides devices are suitable for a range of uses: core routers on small and medium enterprise networks, access routers for network branches on some large-sized enterprise networks, regional offices, and mid-sized businesses. Each device is based on the Comware 5.2 platform."
1923 Crossbeam Systems, Inc.
80 Central Street
Boxborough, MA 01719
USA

CST Lab: NVLAP 200556-0

X60 and X80-S Platforms
(Hardware Versions: (APM-9600, CPM-9600, NPM-9610 and NPM-9650) with XS-FIPS-LABEL-KIT; Firmware Version: XOS v9.9.0.0)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013 Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Certs. #1877 and #1878); Triple-DES (Certs. #1220 and #1221); RSA (Cert. #958); SHS (Certs. #1650 and #1651); RNG (Certs. #983); DSA (Cert. #587)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 80 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (Cert #961; non-compliant); PRNG (Cert #986; non-compliant); DSA (Cert #590; non-compliant); Blowfish; RC4; CAST128

Multi-chip standalone

"Crossbeam’s X-Series network security platform offers enterprises, service providers and governments an open, high-performance architecture that easily scales multiple security applications to meet changing security threats. Crossbeam intelligently manages risk and protects businesses from evolving threats."
1922 Hewlett-Packard Company
1160 Enterprise Way
Sunnyvale, CA 94089
USA

-Theresa Conejero
TEL: 650-265-3634
FAX: 650-265-5528

CST Lab: NVLAP 100432-0

HP Enterprise Secure Key Manager
(Hardware Versions: P/Ns AJ585A, Version 3.0 [1] and C8Z51AA, Version 3.1 [2]; Firmware Versions: 5.0.0 [1] and 5.1.0 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013;
05/16/2013;
01/01/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #2069); DRBG (Cert. #207); HMAC (Cert. #1254); CVL (Cert. #23); RSA (Cert. #1073); SHS (Cert. #1802); Triple-DES (Cert. #1328)

-Other algorithms: DSA (Cert. #653; non-compliant); NDRNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); DES; MD5; RC4

Multi-chip standalone

"HP Enterprise Secure Key Manager (ESKM) provides key generation, retrieval, and management for encryption devices and solutions. ESKM is a hardened security appliance with secure access control, administration, and logging. ESKM supports high availability with automatic multi-site clustering, replication, and failover."
1921

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013 Overall Level: 2 

-Physical Security: Level 3

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1920

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013 Overall Level: 2 

-Physical Security: Level 3

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1919

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013 Overall Level: 2 

-Physical Security: Level 3

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1918 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco 7600 Series Routers with Supervisor RSP720
(Hardware Versions: (7603-S, 7604, 7606-S, 7609-S, 7613, V02, V07, V13, V14 and -F0) with FIPS kit (Cisco-FIPS-KIT=); Firmware Version: 15.1(3)S3)

(Validated when tamper evident labels are installed as indicated in the Security Policy and when operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Certs. #598 and #2036); DRBG (Cert. #198); HMAC (Certs. #348 and #1234); RSA (Cert. #1056); SHS (Certs. #647 and #1781); Triple-DES (Certs. #569 and #1312)

-Other algorithms: DES; DES MAC; HMAC MD5; MD4; MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 156 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco 7600-S Router is a compact, high-performance router designed in 3, 4, 6, 9 and 13-slot form factor for deployment at the network edge, where robust performance and IP/Multiprotocol Label Switching (MPLS) services are necessary to meet the requirements of both enterprises and service providers."
1917 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Sunil Chitnis
TEL: 408-333-2444
FAX: 408-333-4887

-Bob Colvin
TEL: 408-333-4839
FAX: 408-333-4887

CST Lab: NVLAP 200427-0

Brocade® MLXe® and Brocade NetIron® CER Series Ethernet Routers
(Hardware Versions: BR-MLXE-4-MR-M-AC, BR-MLXE-4-MR-M-DC, BR-MLXE-8-MR-M-AC, BR-MLXE-8-MR-M-DC, BR-MLXE-16-MR-M-AC, BR-MLXE-16-MR-M-DC, NI-CER-2024C-ADVPREM-AC, NI-CER-2024C-ADVPREM-DC, NI-CER-2024F-ADVPREM-AC, NI-CER-2024F-ADVPREM-DC, NI-CER-2048FX-ADVPREM-AC, NI-CER-2048FX-ADVPREM-DC, NI-CER-2048F-ADVPREM-AC, NI-CER-2048F-ADVPREM-DC, NI-CER-2048C-ADVPREM-AC, NI-CER-2048C-ADVPREM-DC, NI-CER-2048CX-ADVPREM-AC and NI-CER-2048CX-ADVPREM-DC with FIPS Kit (P/N Brocade XBR-000195) and NI-MLX-MR Management Module; Firmware Version: IronWare Software R05.1.01a)

(When operated in FIPS mode with the tamper evident labels installed and with the configurations in Tables 8 and 13 as defined in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 05/21/2013 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1615); DRBG (Cert. #84); DSA (Cert. #503); HMAC (Cert. #947); RSA (Cert. #793); SHS (Cert. #1424); Triple-DES (Cert. #1056)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD2; MD5; RC2; RC4; RSA (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The Brocade MLXe series of core routers support IPv4, IPv6, MPLS and advanced Layer 2 switching. Ideally suited for service provider backbones, Metro Ethernet networks, ISPs, CDNs, IXPs, data centers, and distributed enterprises. The NetIron CER 2000 series 1 Gigabit Ethernet (GbE) routers support copper and hybrid fiber configurations with two optional 10 GbE uplink ports. All the ports support forwarding IP and MPLS packets at wire speed without oversubscription. The routers support standard IPv4, IPv6 routing protocols, RIP/RIPng, OSPF/OSPFv3, IS-IS/IS-IS for IPv6, and BGP/BGP-MP for IPv6."
1916

CST Lab: NVLAP 200427-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/22/2013 Overall Level: 1 

-FIPS Approved algorithms:

-Other algorithms:

Single-chip

1915 Samsung Electronics Co., Ltd.
416, Maetan 3-Dong Youngton Gu
Suwon, Gyeonggi 152-848
South Korea

-Ross Choi
TEL: 972-761-7628

-Bumhan Kim
TEL: +82-10-4800-6711

CST Lab: NVLAP 200658-0

Samsung Kernel Cryptographic Module
(Software Versions: SKC1.4.1, SKC 1.4.1.1 and SKC.1.4.1.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 03/20/2013;
05/23/2013;
06/21/2013
Overall Level: 1 

-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Android Ice Cream Sandwich 4.0 running on Galaxy S3; Android Jelly Bean 4.1 running on Note II; Android Jelly Bean 4.2 running on Galaxy S4 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2056, #2097, #2141, #2144, #2256 and #2392); SHS (Certs. #1799, #1821, #1863, #1866, #1943 and #2054); RNG (Certs. #1075, #1079, #1096, #1099, #1126 and #1184); Triple-DES (Certs. #1325, #1334, #1361, #1362, #1411 and #1491); HMAC (Certs. #1251, #1272, #1308, #1311, #1383 and #1483)

-Other algorithms: DES; AES-CTS (non-compliant); Triple-DES (CTR; non-compliant); Twofish; AEAD; MD5; ansi_cprng; ARC4; GHASH (GCM hash)

Multi-chip standalone

"Provides general purpose cryptographic services to services in the Linux kernel and user-space applications, intended to protect data in transit and at rest."
1914 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

-Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0

HP MSR30/50 Routers
(Hardware Versions: HP MSR30-10 with JG585A and JG582A, HP MSR30-20 with JG585A and JG579A, HP MSR30-40 with JG585A and JG580A, HP MSR30-60 with JG585A and JG581A, HP MSR30-20 PoE with JG585A and JG579A, HP MSR 30-40 PoE with JG585A and JG580A, HP MSR30-60 PoE with JG585A and JG581A, HP MSR50-40 with JG586A and JG583A, HP MSR50-60 with JG586A and JG584A, HP MSR50-40 DC with JG586A and JG583A and HP MSR50-60 DC with JG586A and JG584A; Software Version: 5.2; Firmware Version: 5.2)

(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/20/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The HP MSR30/50 provides devices are suitable for a range of uses: core routers on small and medium enterprise networks, access routers for network branches on some large-sized enterprise networks, regional offices, and mid-sized businesses. Each device is based on the Comware 5.2 platform."
1913 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

-Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0

HP A-Series Routers
(Hardware Versions: HP 6602 with JG586A and JG575A, HP 6604 with JG586A and JG578A, HP 6608 with JG586A and JG577A, HP 6616 with JG586A and JG576A, HP 8805 with JG586A and JG570A, HP 8808 with JG586A and JG571A and HP 8812 with JG586A and JG572A; Software Version: 5.2; Firmware Version: 5.2)

(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/20/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The HP A-series provides devices are suitable for a range of uses: in IP backbone networks, IP metropolitan area networks (MANs), or the core or convergence layers of large IP networks. The A-series routers provide a flexible, modular form factor."
1912 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

-Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0

HP Networking Switches
(Hardware Versions: HP 5120-24G EI with JG585A and JG557A, HP 5120-48G EI with JG585A and JG557A, HP 5120-24G-PoE+ EI with JG585A and JG559A, HP 5120-48G-PoE+ EI with JG585A and JG559A, HP 5500-24G EI with JG585A and JG557A, HP 5500-24G-PoE+ EI with JG585A and JG559A, HP 5500-24G-SFP EI with JG585A and JG558A, HP 5500-48G EI with JG585A and JG557A, HP 5500-48G-PoE+ EI with JG585A and JG559A, HP 5800-24G with JG585A and JG563A, HP 5800-24G-PoE+ with JG585A and JG560A, HP 5800-24G-SFP with JG585A and JG562A, HP 5800-48G with JG585A and JG563A, HP 5800-48G-PoE with JG585A and JG560A, HP 5800-48G-2slot with JG585A and JG561A, HP 5820-14XG-SFP with JG585A and JG561A, HP 5820-24XG-SFP with JG585A and JG564A, HP 7510 with JG586A and JG565A, HP 7506 with JG586A and JG566A, HP 7506V with JG586A and JG567A, HP 7503 with JG586A and JG568A, HP 7502 with JG586A and JG569A, HP 7503-S with JG586A and JG569A, HP 9505 with JG586A and JG570A, HP 9508V with JG586A and JG571A, HP 9512 with JG586A and JG572A, HP 12504 with JG586A and JG721A, HP 12508 with JG586A and HP 12518 with JG586A; Software Version: 5.2; Firmware Version: 5.2)

(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 03/20/2013;
07/31/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"HP Networking Box Switches are focused on enterprise access and aggregation application or datacenter application and are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The series includes fixed-port L2/L2+ managed Ethernet switch appliances, fixed-port L3 managed Ethernet switch appliances, and modular Ethernet switches. Each device is based on the Comware 5.2 platform."
1911 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

-Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0

HP A-Series Routers with VPN Firewall Module
(Hardware Versions: HP 6604 with JG586A and JG578A, HP 6608 with JG586A and JG577A, HP 6616 with JG586A and JG576A, HP 8805 with JG586A and JG570A, HP 8808 with JG586A and JG571A and HP 8812 with JG586A and JG572A; Software Version: 5.2; Firmware Version: 5.2)

(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/20/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The HP A-series provides devices are suitable for a range of uses: in IP backbone networks, IP metropolitan area networks (MANs), or the core or convergence layers of large IP networks. The A-series routers provide a flexible, modular form factor."
1910 Hewlett-Packard Company
153 Taylor Street
Littleton, MA 01460
USA

-Boby Joseph
TEL: 978-264-5379
FAX: 978-264-5522

CST Lab: NVLAP 200427-0

HP Networking Switches with VPN Firewall
(Hardware Versions: HP 7510 with JG586A and JG565A, HP 7506 with JG586A and JG566A, HP 7506V with JG586A and JG567A, HP 7503 with JG586A and JG568A, HP 7502 with JG586A and JG569A, HP 7503-S with JG586A and JG569A, HP 9505 with JG586A and JG570A, HP 9508V with JG586A and JG571A, HP 9512 with JG586A and JG572A, HP 12504 with JG586A and JG721A, HP 12508 with JG586A and HP 12518 with JG586A; Software Version: 5.2; Firmware Version: 5.2)

(When operated in FIPS mode with tamper evident labels and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/20/2013;
07/31/2013
Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1927); DSA (Cert. #611); HMAC (Cert. #1161); RNG (Cert. #1014); RSA (Cert. #993); SHS (Cert. #1692); Triple-DES (Cert. #1254)

-Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; MD5; MD5 HMAC; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"HP Networking Box Switches are focused on enterprise access and aggregation application or datacenter applicationan are suitable for a range of uses: at the edge of a network, connecting server clusters in a data center, in an enterprise LAN core, and in large-scale industrial networks and campus networks. The series includes modular Ethernet switches. Each device is based on the Comware 5.2 platform."
1909 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747
FAX: n/a

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with Wireless Services Modules-2 (WiSM2)
(Hardware Version: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2], P/N 800-26335 [3, 4] and WS-SVCWISM2FIPKIT= [1, 2, 3, 4]; with one Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL, WS-SUP720-3B, VS-S720-10G-3C or VS-S720-10G-3CXL] and with one WiSM2 [1, 2, 3, 4]: [WS-SVC-WISM2-K-K9 [B, C, D], WS-SVC-WISM2-K-K9= [B, C, D], WS-SVC-WISM2-K9= [A, B, C, D], WS-SVC-WISM2-5-K9= [A, B, C, D], WS-SVC-WISM2-3-K9= [A, B, C, D], WS-SVC-WISM2-1-K9= [A, B, C, D], WS-SVC-WISM2-5-K9 [A, B, C, D], WS-SVC-WISM2-3-K9 [A, B, C, D] or WS-SVC-WISM2-1-K9 [A, B, C, D]]; Firmware Version: Supervisor Blade: Cisco IOS Release 12.2.33SXJ, Cisco IOS Release 12.2.33SXJ1, or Cisco IOS Release 12.2.33SXJ2; WiSM2: 7.0.230.0 [A], 7.2.103.0 [B], 7.2.115.1 [C] or 7.2.115.2 [D])

(When operated in FIPS mode and with the tamper evident seals and physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/20/2013;
05/16/2013;
07/12/2013
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509 and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM2 Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM2 Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1908 Panzura, Inc.
22 Great Oaks Blvd # 150
San Jose, CA 95119
USA

-Randy Chou
TEL: 408-457-8504

CST Lab: NVLAP 100432-0

Panzura Cryptographic Module 4.2
(Software Version: 4.2)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/20/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with Panzura Cloud Controller 8.0 running on Dell PowerEdge R410 with AES-NI; Panzura Cloud Controller 8.0 on VMware ESX running on Dell PowerEdge R410 with AES-NI; Panzura Cloud Controller 8.0 on VMware ESX running on Dell PowerEdge R410 (single user mode)

-FIPS Approved algorithms: AES (Cert. #2269); DRBG (Cert. #278); DSA (Cert. #707); HMAC (Cert. #1389); RNG (Cert. #1130); RSA (Cert. #1162); SHS (Cert. #1951); Triple-DES (Cert. #1417); ECDSA (Cert. #366); CVL (Cert. #42)

-Other algorithms: EC Diffie-Hellman; RSA (encrypt/decrypt)

Multi-chip standalone

"The Panzura Cryptographic Module provides validated cryptographic services for multiple Panzura products."
1907 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco Aironet® CAP3602E and CAP3602I Wireless LAN Access Points
(Hardware Versions: CAP3602E Revision B0 and CAP3602I Revision B0; FIPS Kit AIR-AP-FIPSKIT=, Version B0; Firmware Version: 7.2.103.0, 7.2.115.1 or 7.2.115.2)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/14/2013;
05/03/2013;
05/16/2013;
07/12/2013
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1991, #1992 and #1993); HMAC (Certs. #1204 and #1205); RNG (Cert. #1046); RSA (Cert. #1033); SHS (Certs. #1746 and #1747)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5

Multi-chip standalone

"The Cisco Aironet® 3600 Series sustains reliable connections at higher speeds further from the access point than competing solutions, resulting in up to three times more availability of 450 Mbps rates, and optimizing the performance of more mobile devices. Cisco Aironet® 3600 Series is an innovative, modular platform that offers unparalleled investment protection with future module expansion to support incoming 802.11ac clients with 870 Mbps rates, or offer comprehensive security and spectrum monitoring and control."
1906 Biscom, Inc.
321 Billerica Road
Chelmsford, MA 01824
USA

-Bill Ho
TEL: 978-367-3544
FAX: 978-367-9624

-Sharif Rahman
TEL: 978-367-3544
FAX: 978-367-9624

CST Lab: NVLAP 200427-0

Biscom Cryptographic Library Version 1.0
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 03/12/2013 Overall Level: 1 

-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) with Sun JRE 6.0 running on a Dell Optiplex 790 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2029); HMAC (Cert. #1231); RNG (Cert. #1062); SHS (Cert. #1778)

-Other algorithms: N/A

Multi-chip standalone

"The Biscom Cryptographic Library (the cryptographic module or the module) provides cryptographic security functions as Java APIs for application developers to integrate cryptographic services into Biscom applications or systems. The module is distributed only as an integrated subcomponent of the Biscom Delivery Server (BDS). The Biscom Cryptographic Library provides security functions for encryption, decryption, random number generation, hashing, getting the status of the integrity test, and running the self-tests. The library is used by the application"
1905 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Seagate Secure® TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module
(Hardware Versions: ST900MM0036 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], ST600MM0036 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], ST450MM0036 [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14], ST1200MM0027 [15, 16, 17, 18, 19, 20, 21, 22, 23, 24], ST4000NM0063 [25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39], ST3000NM0063 [25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39], ST2000NM0063 [25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39], ST1000NM0063 [25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39], ST4000NM0073 [40, 41], ST3000NM0073 [40, 41], ST2000NM0073 [40, 41], ST1000NM0073 [40, 41], ST600MP0054 [42, 45, 48], ST600MP0084 [43, 46, 49], ST450MP0054 [42, 45, 48], ST450MP0084 [43, 46, 49], ST450MP0024 [44, 47], ST300MP0054 [42, 45, 48], ST300MP0084 [43, 46, 49], ST300MP0024 [44, 47], ST600MX0024 [50], ST600MX0054 [51], ST450MX0024 [50], ST450MX0054 [51], ST300MX0024 [50] and ST300MX0054 [51]; Firmware Versions: A000 [1, 25], 0001 [2, 15], LSF5 [3], LEF5 [4], 0002 [5, 26], NA00F740 [6], NA009A40 [7], 0003 [8], LE05 [9], LF81 [10], 3P00 [11, 31], LSF6 [12], LE09 [13], LEF6 [14], ISF2 [16], IEF2 [17], 0002 [18], ISF3 [19], IEF4 [20], IEF5 [21], ISF4 [22], IEF6 [23], IEF7 [24], GSF3 [27], GEF3 [28], 0003 [29], NA009A40 [30], GE06 [31], GF81 [32], GSF4 [33], GEF4 [35], GE09 [36], 0004 [37], GSF5 [38], GEF5 [39], F001 [40], SF03 [41], FE01 [42], FK01 [43], FN01 [44], EF02 [45, 50], KF02 [46, 51], NF02 [47], VEE1 [48] and VF12 [49])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/12/2013;
05/22/2013;
05/31/2013;
08/09/2013;
11/08/2013;
02/20/2014;
04/03/2014;
06/05/2014;
09/26/2014
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1343, #1974 and #2068); DRBG (Cert. #62); RSA (Cert. #1021); SHS (Cert. #1225)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure® TCG Enterprise SSC FIPS 140 Module is embodied in Savvio®, Enterprise Performance®, Enterprise Turbo® and Constellation® model disk drives. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instant user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1904 Fortress™ Technologies, Inc.
2 Technology Park Dr
Westford, MA 01886
USA

-Certification Director
TEL: 978-923-6400
FAX: 978-923-6498

CST Lab: NVLAP 200427-0

Fortress Mesh Points
(Hardware Versions: ES210, ES2440, ES440, ES520v1, ES520v2 or ES820; Firmware Versions: 5.4.1, 5.4.3 or 5.4.4.1190)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 03/20/2013;
05/17/2013;
06/14/2013
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #688, #694 and #1519); DRBG (Cert. #66); ECDSA (Cert. #371); HMAC (Certs. #367, #371 and #889); KAS (Cert. #10); RNG (Certs. #402 and #406); RSA (Cert. #439); SHS (Certs. #717, #721 and #1357)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Fortress Mesh Point is an all-in-one network access device housed in a rugged compact chassis, with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the functions of a Fortress controller device: encrypting wireless traffic and providing Multi-factor Authentication for devices on the network it protects."
1903 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Loadable Kernel Module
(Software Versions: 5.5f and 5.5.1f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/22/2013;
03/28/2013;
01/23/2014;
02/20/2014;
04/03/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 2.2 running on a LG Optimus 3D (LG-P920); Android 2.3 running on a LG G2X (LG-P999); Android 4.0 running on a Samsung Nexus-S (GT-I9023); Android 4.1 running on a LG Optimus (LG-P920); Ubuntu Linux 32 bit running on a Dell Dimension 9200; Ubuntu Linux 64 bit running on a Dell Dimension 9200; Android 4.3 running on Asus TF 700 Tablet; Android 4.4 running on Nexus 7 Tablet (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2039, #2272 and #2741); Triple-DES (Certs. #1316 and #1650); SHS (Certs. #1785 and #2313); HMAC (Certs. #1238 and #1718); RNG (Certs. #1065 and #1266); DRBG (Certs. #201 and #460)

-Other algorithms: NDRNG; DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1902 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Laurence Hamid
TEL: 819-595-3069

CST Lab: NVLAP 100432-0

Imation S250/D250
(Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Version: 4.5.0)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/21/2013 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF2 (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG

Multi-chip standalone

"The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1901 Red Hat®, Inc.
314 Littleton Road
Westford, MA 01886
USA

-Ann-Marie Rubin
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 Kernel Crypto API Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode with Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837, Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs is automatically verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/21/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 without AES-NI running on HP ProLiant DL585; Red Hat Enterprise Linux 6.2 with AES-NI running on IBM HS22; Red Hat Enterprise Linux 6.2 without AES-NI running on IBM HS22 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1968, #1969, #1970, #1971 and #1972); Triple-DES (Certs. #1278 and #1279); SHS (Certs. #1725 and #1726); HMAC (Certs. #1187, #1188, #1199 and #1200); RNG (Certs. #1033, #1034, #1035, #1036 and #1037); DSA (Certs #628, #629, #634 and #635)

-Other algorithms: DES; Triple-DES (CTR; non-compliant); AES (192 bits, XTS; non-compliant); RNG (X9.31 with stdrng or ansi_cprng; non-compliant)

Multi-chip standalone

"The Linux kernel Crypto API implemented in Red Hat Enterprise Linux 6.2 provides services operating inside the Linux kernel with various ciphers, message digests and an approved random number generator."
1900 Gemalto
Avenue du Pic de Bertagne - BP100
Gemenos, 13881
France

-Anthony Vella
TEL: +33 4 42 36 61 38
FAX: +33 4 42 36 52 36

CST Lab: NVLAP 100432-0

MultiApp ID V2.1 Platform
(Hardware Version: P5CC081 [1] and P5CC145 [2]; Firmware Version: MultiApp ID V2.1 with softmask V2.2 [1] and V2.4 [2] and Demonstration Applet V1.1 [1,2])

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/21/2013 Overall Level: 3 

-Physical Security: Level 4

-FIPS Approved algorithms: RNG (Cert. #1023); Triple-DES (Cert. #1264); Triple-DES MAC (Triple-DES Cert. #1264, vendor affirmed); AES (Cert. #1943); RSA (Certs. #1006 and #1010); SHS (Certs. #1706 and #1707); ECDSA (Cert. #280); CVL (Cert. #17)

-Other algorithms: Triple-DES (Cert. # 1264, key wrapping; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman

Single-chip

"MultiApp V2.1 is a highly secured smartcard contact-only platform from Gemalto complying with Javacard 2.2.2 and GP 2.1.1 standards and operated on NXP P5CC081 and P5CC145 chips. Its cryptographic library implements TDES, AES, SHA, RSA, RSA CRT, ECDSA, ECC CDH and RNG ANSX9.31 algorithms. This modular and flexible platform serves various needs, enabling secure data storage, identification, authentication and digital signatures (AS) with biometry control. This field-proven OS has the largest number of references in national ID programs, thus ensuring a secure investment."
1899 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Dump Filter (DUMPFVE.SYS)
(Software Version: 6.2.9200)

(When installed, initialized and configured as specified in the Security Policy Section 2 with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/13/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2196 and #2198)

-Other algorithms: N/A

Multi-chip standalone

"The BitLocker® Dump Filter (DUMPFVE.SYS) is the full volume encryption filter that resides in the system dump stack. Whenever the dump stack is called (in the event of a system crash or for hibernation), this filter ensures that all data is encrypted before it gets written to the disk as a dump file or hibernation file. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1898 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, and Microsoft Surface Windows 8 Pro BitLocker® Windows Resume (WINRESUME)
(Software Version: 6.2.9200)

(When operated in FIPS mode with module Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/06/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

-Other algorithms: MD5

Multi-chip standalone

"BitLocker® Windows Resume is an operating system loader which loads the Windows OS kernel (ntoskrnl.exe) and other boot stage binary image files, as well as previous operating system state information, when Windows has been previously put into a sleep or hibernate power state. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1897 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL)
(Software Version: 6.2.9200)

(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/06/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: RSA (Cert. #1132); SHS (Cert. #1903)

-Other algorithms: MD5

Multi-chip standalone

"Code Integrity (CI.DLL) verifies the integrity of executable files, including kernel mode drivers, critical system components, and user mode cryptographic modules as they are loaded into memory from the disk. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1896 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD)
(Software Version: 6.2.9200)

(When operated in FIPS mode with module Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/06/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2196 and #2198); RSA (Cert. #1132); SHS (Cert. #1903)

-Other algorithms: AES (Cert. #2197; non-compliant); MD5; Non-Approved RNG

Multi-chip standalone

"The BitLocker® Windows OS Loader loads the boot-critical driver and OS kernel image files. Please note that AES (Cert. #2197) is only used in the entropy source for the module. This particular instance of AES is labeled as non-compliant because it does not perform a power-up self-test. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1895 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager
(Software Version: 6.2.9200)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/13/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2196 and #2198); HMAC (Cert. #1347); RSA (Cert. #1132); SHS (Cert. #1903)

-Other algorithms: MD5

Multi-chip standalone

"This is the system boot manager, called by the bootstrapping code that resides in the boot sector. It checks its own integrity, checks the integrity of the Windows OS Loader, and then launches it. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1894 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Enhanced Cryptographic Provider (RSAENH.DLL)
(Software Version: 6.2.9200)

(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 08/27/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with [Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8] (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2196); HMAC (Cert. #1346); RSA (Cert. #1132); SHS (Cert. #1902); Triple-DES (Cert. #1386)

-Other algorithms: AES (Cert. #2196, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Enhanced Cryptographic Provider (RSAENH.DLL) encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 validated cryptography. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1893 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)
(Software Version: 6.2.9200)

(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode, Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) validated to FIPS 140-2 under Cert. #1892 operating in FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/13/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)

-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL) encapsulates several different cryptographic algorithms in an easy-to-use cryptographic module accessible via the Microsoft CryptoAPI. It can be dynamically linked into applications by software developers to permit the use of general-purpose FIPS 140-2 validated cryptography. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1892 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)
(Software Version: 6.2.9200)

(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS) validated to FIPS 140-2 under Cert. #1891 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Code Integrity (CI.DLL) validated to FIPS 140-2 under Cert. #1897 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/06/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)

Multi-chip standalone

"The Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL) provides cryptographic services to Windows components and applications. It includes cryptographic algorithms in an easy-to-use cryptographic module via the Cryptography Next Generation (CNG) API. It can be dynamically linked into applications for the use of general-purpose FIPS 140-2 validated cryptography. This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1891 Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399
USA

-Tim Myers
TEL: 800-MICROSOFT

CST Lab: NVLAP 200427-0

Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Kernel Mode Cryptographic Primitives Library (CNG.SYS)
(Software Version: 6.2.9200)

(When operated in FIPS mode with modules Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 Boot Manager validated to FIPS 140-2 under Cert. #1895 operating in FIPS mode, and Microsoft Windows 8, Microsoft Windows Server 2012, Microsoft Windows RT, Microsoft Surface Windows RT, Microsoft Surface Windows 8 Pro, and Microsoft Windows Phone 8 BitLocker® Windows OS Loader (WINLOAD) validated to FIPS 140-2 under Cert. #1896 operating in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/06/2013 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 8 Enterprise (x86) running on a Dell Dimension C521; Microsoft Windows 8 Enterprise (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows 8 Enterprise (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows Server 2012 (x64) running on a Dell PowerEdge SC430 without AES-NI; Microsoft Windows Server 2012 (x64) running on Intel Core i7 with AES-NI running on an Intel Client Desktop; Microsoft Windows RT (ARMv7 Thumb-2) running on an NVIDIA Tegra 3 Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Qualcomm Tablet; Microsoft Windows RT (ARMv7 Thumb-2) running on a Microsoft Surface Windows RT; Microsoft Windows 8 Pro (x64) running on an Intel x64 Processor with AES-NI running on a Microsoft Surface Windows 8 Pro; Microsoft Windows Phone 8 (ARMv7 Thumb-2) running on a Windows Phone 8 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)

-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)

Multi-chip standalone

"Kernel Mode Cryptographic Primitives Library (CNG.SYS) runs as a kernel mode export driver, and provides cryptographic services, through their documented interfaces, to Windows kernel components. It supports several cryptographic algorithms accessible via a FIPS function table request IRP (I/O request packet). This cryptographic module also maintains FIPS 140-2 validation compliance (according to FIPS 140-2 PUB Implementation Guidance G.5) on Microsoft Windows 8, Microsoft Windows 8 Pro, and Microsoft Windows Server 2012 Datacenter."
1890 IBM Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, GA 30328
USA

-Scott Sinsel
TEL: 404-236-2722
FAX: 404-236-2632

CST Lab: NVLAP 200416-0

SiteProtector Cryptographic Module
(Software Version: 1.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/19/2013 Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2003 R2 Standard, Version 5.2 SP 2 on an IBM eServer 326m running on an AMD Opteron Processor 270

-FIPS Approved algorithms: AES (Cert. #1181); HMAC (Cert. #681); RNG (Cert. #652); RSA (Cert. #562); SHS (Cert. #1090)

-Other algorithms: MD5; RSA (key agreement; key establishment methodology provides 96 bits of encryption strength; non-compliant)

Multi-chip standalone

"IBM Proventia+ Management SiteProtectorTM system is a security management system that provides centralized command and control, analysis, reporting and workflow for all ISS IBM Protection devices and select third-party security solutions including network IPS, Network Multi-Function, Server, Endpoint, Vulnerability Assessment, Application Assessment, and DLP. All of these IBM ISS security components have a common update and policy management system as well. The SiteProtector system provides an in-depth security event analysis capability that is specific to the needs of security analysts."
1889 Stanley Security Solutions, Inc.
6161 E 75th Street
PO Box 50444
Indianapolis, IN 46250
USA

-Mr. Robert Strong
TEL: 317-806-3288

-Mr. Thomas Schuster
TEL: 317-806-3150

CST Lab: NVLAP 100414-0

Wi-Q OMW (OW2000) [1], WAC (SDC2K) [2], WDC [3] and WXC [4] Controllers
(Hardware Versions: 12681B [1]; 82065A [2]; 82069B [3]; 82069C [3]; 82069E [3]; 82069F [3] 82376C [4]; 82376D [4]; 82376F [4]; 82376G [4]; Firmware Version: 3.00.039)

(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/13/2013 Overall Level: 1 

-FIPS Approved algorithms: SHS (Cert. #1583); AES (Cert. #1802)

-Other algorithms: N/A

Multi-chip embedded

"The Stanley Wi-Q Controller Cryptographic Module is a wireless end point device that communicates via proprietary 802.15.4 protocol to a Stanley Wi-Q Portal Gateway module. The Stanley Wi-Q Controller provides secure key entry and data encryption functions within the Stanley Wi-Q Wireless Access Control System."
1888 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco Aironet 1552E Outdoor Access Point
(Hardware Version: AIR-CAP1552E-A-K9 Revision: B0; FIPS Kit Version AIRLAP-FIPSKIT=; Firmware Versions: 7.0.116.0, 7.0.230.0, 7.0.240.0, 7.0.250.0, 7.2.103.0, 7.2.115.1 or 7.2.115.2)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/11/2013;
03/28/2013;
05/03/2013;
05/16/2013;
07/12/2013;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1357 and #1359); HMAC (Cert. #794); RNG (Cert. #746); RSA (Cert. #660); SHS (Cert. #1238)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); RC4; MD5; HMAC MD5

Multi-chip standalone

"The Cisco Aironet 1552E Outdoor Access Point is the standard model, dual-radio system with dual-band radios that are compliant with IEEE 802.11a/n (5-GHz) and 802.11b/g/n standards (2.4 GHz). The 1552E has three external antenna connections for three dual-band antennas. It has Ethernet and fiber Smaill Form-Factor Pluggable (SFP) backhaul options, along with the option of a battery backup. This model also has a PoE-out port and can power a video surveillance camera."
1887 Cambium Networks Ltd.
Unit B2, Linhay Business Park
Ashburton, Devon TQ12 7UP
United Kingdom

-Mark Thomas
TEL: +44 1364 655586
FAX: +44 1364 655500

CST Lab: NVLAP 100432-0

Cambium PTP 600 Series Point to Point Wireless Ethernet Bridges
(Hardware Versions: P/Ns BP5830BHC, BP5830BHC15, BP5530BHC, BP5530BHC15, WB2781, WB3039, WB3037, WB3092, WB3094, WB3387, WB3389, WB3222, BP5830BH, BP5830BH15, BP5530BH, BP5530BH15, WB2780, WB3036, WB3038, WB3091, WB3093, WB3386, WB3388 and WB3221; with P/N WB3593 (HW Security Upgrade Kit); Firmware Versions: PTP600-10-00-FIPS, PTP600-10-05-FIPS or PTP600-10-07-FIPS)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013;
02/22/2013;
06/14/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1101); DSA (Cert. #569); AES (Certs. #708 and #1144); DRBG (Cert. #21); HMAC (Cert. #1070); Triple-DES (Cert. #863)

-Other algorithms: MD5; RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"The 600 Series of Point-to-Point wireless Ethernet bridges operates in the 2.5, 4.5, 4.8, 4.9, 5.4, 5.8 and 5.9 GHz spectrum, offering high performance Ethernet and TDM connectivity in line-of-sight and non-line-of-sight environments. PTP 600 links have class-leading sensitivity and power output, supporting data rates up to 300 Mbps and range up to 124 miles. This series of secure wireless bridges makes cost-effective connectivity and backhaul a reality for a wide range of enterprises, service providers, utilities, transportation agencies and public safety organizations."
1886 Comtech EF Data Corporation
2114 West 7th Street
Tempe, AZ 85281
USA

-Wallace Davis
TEL: 480-333-2189

CST Lab: NVLAP 200427-0

DMD2050E TRANSEC Module
(Hardware Version: PL-0000192-1, Revision A; Firmware Version: 1.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #2025 and #2026); ECDSA (Cert. #296); HMAC (Cert. #1228); RNG (Cert. #1061); RSA (Cert. #1053); SHS (Cert. #1775); Triple-DES (Cert. #1309)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength);RSA (key transport; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256-bits of encryption strength); MD5

Multi-chip embedded

"The Comtech EF Data FIPS Security Module features an FPGA to perform bulk encryption/decryption for Ethernet data traffic via the DMD2050E Satellite Modem, as well as firmware to provide the cryptographic functions needed to act as an endpoint for TLS and SSH management, and control traffic."
1885 Curtiss-Wright Controls Defense Solutions
2600 Paramount Place, Suite 200
Fairborn, OH 45324
USA

-Paul Davis
TEL: 937-610-5421
FAX: 937-252-1480

-Matt Young
TEL: 937-610-5457
FAX: 937-252-1480

CST Lab: NVLAP 200427-0

3U VPX-1TB FSM Flash Storage Module
(Hardware Versions: RHFS-3UR1024-F, RHFS-3UJ1024-F; Firmware Version: 1.11)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 02/08/2013;
05/16/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #250 and #1978); DRBG (Cert. #180); HMAC (Cert. #1191); SHS (Cert. #1732)

-Other algorithms: TRNG

Multi-chip embedded

"The Flash Storage Module (FSM) AES cryptographic engine uses 256-bit encryption keys and performs real-time encryption of all data written to or read from solid state drives. The FSM cryptographic engines provides maximum data-at-rest security in commercial and military applications."
1884 Totemo AG
Freihofstrasse 22
Küsnacht, CH-8700
Switzerland

-Marcel Mock
TEL: +41 44 914 99 00

-Daniel Raap
TEL: +41 44 914 99 00

CST Lab: NVLAP 200928-0

Totemo Cryptographic Module (TCM)
(Software Version: 2.0)

(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 02/08/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Totemo Appliance OS 2.0 v0711 with JRE 7.0 running on a Apligo NSA 7110 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #2059); Triple-DES (Cert. #1326); DSA (Cert. #652); RSA (Cert. #1071); ECDSA (Cert. #302); SHS (Cert. #1800); DRBG (Cert. #206); HMAC (Cert. #1252)

-Other algorithms: AES (Cert. #2059, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Cert. #1326, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); ECMQV (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Totemo Cryptographic Module supplies the cryptographic services required by the Totemo Security Platform (TSP) and the Totemo products which provides secure email, file transfer, and mobile messaging solutions. These solutions secure all types of communication without any infrastructure prerequisites."
1883 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Andrew Young
TEL: 443-327-1183
FAX: 410-931-7524

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 100432-0

eToken 5100, 5105, 5200 and 5205
(Hardware Versions: eToken 5100, eToken 5105, eToken 5200 and eToken 5205; Firmware Version: Athena IDProtect 0106.0113.2109 with SafeNet eToken Applet Suite 1.2.9)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013;
02/15/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1654); RSA (Cert. #824); Triple-DES (Cert. #1087); Triple-DES MAC (Triple-DES Cert. #1087, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1654, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"SafeNet eToken is a portable two-factor USB authenticator with advanced smart card technology. It utilizes certificate based technology to generate and store credentials, such as private keys, passwords and digital certificates inside the protected environment of the smart card chip. To authenticate, users must supply both their personal SafeNet authenticator and password, providing a critical second level of security beyond simple passwords to protect valuable digital business resources."
1882 Entrust, Inc.
One Lincoln Centre
5400 LBJ Freeway
Suite 1340
Dallas, TX 75240
USA

-Entrust Sales

CST Lab: NVLAP 100432-0

Entrust IdentityGuard PIV Credential
(Hardware Version: SCHW 1.0; Firmware Version: SCOS 1.0 with Entrust IdentityGuard PIV Applet 1.0.1 Patch 172799)

(PIV Card Application: Cert. #33)

(When operated in FIPS mode with PIN policies configured as indicated in the Security Policy Section 9)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/08/2013;
02/06/2014;
05/28/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 4
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: RNG (Cert. #942); Triple-DES (Cert. #1144); Triple-DES MAC (Triple-DES Cert. #1144, vendor affirmed); AES (Cert. #1769); RSA (Cert. #885); ECDSA (Cert. #237); CVL (Cert. #5); CVL (Certs. #219 and #223)

-Other algorithms: HW RNG; RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1769, key wrapping; key establishment methodology provides 256 bits of encryption strength); Triple-DES (Cert. #1144, key wrapping; key establishment methodology provides 112 bits of encryption strength)

Single-chip

"The Entrust IdentityGuard PIV Credential is a cryptographic module intended for use by US Federal agencies and other markets that require smartcards conformant with the PIV standards. The module can also be configured for use in markets where the set of keys and data objects, or the access control rules governing their use, differ from the PIV data model."
1881 WinMagic Inc.
200 Matheson Boulevard West
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Alexander Mazuruc
TEL: 905-502-7000 ext. 225
FAX: 905-502-7001

CST Lab: NVLAP 200928-0

SecureDoc® Disk Encryption Cryptographic Engine for MacOS X
(Software Version: 6.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/04/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Mac OS X 10.7 Lion 32-bit running on a MacBook Pro; Mac OS X 10.7 Lion 64-bit running on a MacBook Pro (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1924 and #1925); SHS (Cert. #1690); RNG (Cert. #1012); HMAC (Cert. #1159)

-Other algorithms: AES (Certs. #1924 and #1925, key wrapping)

Multi-chip standalone

"SecureDoc® Disk Encryption Cryptographic Engine for MacOS X provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on MacOS X platform. The module employs PKCS-11 cryptographic standard to deliver full disk and removable media encryption on Apple computers and laptops."
1880 WinMagic Inc.
200 Matheson Boulevard West
Suite 201
Mississauga, Ontario L5R 3L7
Canada

-Alexander Mazuruc
TEL: 905-502-7000 ext. 225
FAX: 905-502-7001

CST Lab: NVLAP 200928-0

SecureDoc® Disk Encryption Cryptographic Engine for Windows
(Software Version: 6.1)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 02/04/2013 Overall Level: 1 

-Roles, Services, and Authentication: Level 2
-EMI/EMC: Level 3
-Design Assurance: Level 3

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows 7 32-bit running on an Acer Aspire 7745G Intel Core i7, Microsoft Windows 7 32-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI, Microsoft Windows 7 64-bit running on an Acer Aspire 7745G Intel Core i7, Microsoft Windows 7 64-bit running on a Lenovo ThinkPad T420 Intel Core i5 with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1924 and #1925); SHS (Cert. #1690); RNG (Cert. #1012); HMAC (Cert. #1159)

-Other algorithms: AES (Certs. #1924 and #1925, key wrapping)

Multi-chip standalone

"SecureDoc® Disk Encryption Cryptographic Engine for Windows provides cryptographic services and key management for the SecureDoc® Disk Encryption products running on Windows platform. The module employs PKCS-11 cryptographic standard to deliver full disk encryption and other data protection solutions for General Purpose Computers, laptops and removable media."
1879 TechGuard Security
28 Hawk Ridge Circle
Suite 107
Lake St. Louis, MO 63367
USA

-David Maestas
TEL: 636-489-2230

CST Lab: NVLAP 200002-0

PoliWall-CCF M10 [1], M50 [2], G01 [3] and G10 [4] Series Security Appliance
(Hardware Versions: PW-CCF-M10-01C [1], PW-CCF-M50-01C [2], PW-CCF-G01-01C [3], PW-CCF-G01-01F [3], PW-CCF-G10-01X [4] and PW-CCF-G10-01F [4] with FIPS Kits: (PW-CCF-M10-FK1 [1,2], PW-CCF-G01-FK1 [3] and PW-CCF-G10-FK1 [4]); Software Version: 2.02.3101)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 02/04/2013 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1600 and #1601); RSA (Cert. #782); RNG (Cert. #857); SHS (Certs. #1412 and #1413)

-Other algorithms: DES; MD5; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The TechGuard Security PoliWall is a network boundary device that rapidly determines the country of origin for all incoming packets using HIPPIE (High-speed Internet Protocol Packet Inspection Engine) technology. Packets are filtered according to defined policies, exception lists, and Pre-Compiled Exception Lists (PCEL) that are bound to rule groups for specific network addresses and protocols. PoliWall also provides administrators with the ability to create maps which exclude traffic from selected countries."
1878 Mocana Corporation
350 Sansome Street
Suite 1010
San Francisco, CA 94104
USA

-James Blaisdell
TEL: 415-617-0055
FAX: 415-617-0056

CST Lab: NVLAP 100432-0

Mocana Cryptographic Suite B Module
(Software Versions: 5.5f and 5.5.1f)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/31/2013;
03/28/2013;
01/23/2014;
04/03/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android 2.2 running on a LG Optimus 3D (LG-P920); Android 2.3 running on a LG G2X (LG-P999); Android 4.0 running on a Samsung Nexus-S (GT-I9023); Android 4.1 running on a LG Optimus (LG-P920); Ubuntu Linux 32 bit running on a Dell Dimension 9200; Ubuntu Linux 64 bit running on a Dell Dimension 9200; Android 4.3 running on Asus TF 700 Tablet; Android 4.4 running on Nexus 7 Tablet; VxWorks 6.8 running on Avaya ERS 4850 (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2039, #2272 and #2741); Triple-DES (Certs. #1316 and #1650); SHS (Certs. #1785 and #2313); HMAC (Certs. #1238 and #1718); RSA (Certs. #1059 and #1437); DSA (Certs. #647 and #840); ECDSA (Certs. #298 and #479); RNG (Certs. #1065 and #1266); DRBG (Certs. #201 and #460)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; Blowfish; ARC2; ARC4; MD2; MD4; MD5; HMAC-MD5; AES EAX (non-compliant); AES XCBC (non-compliant); RSA (encrypt/decrypt)

Multi-chip standalone

"The Mocana Cryptographic Module is the engine of Mocana's Device Security Framework - a software framework that secures all aspects of a system. The Device Security Framework helps applications and device designers reduce development costs and dramatically enhance cryptographic performance. For details see www.mocana.com."
1877 Palo Alto Networks
3300 Olcott Street
Santa Clara, CA 95054
USA

-Jake Bajic
TEL: 408-753-3901
FAX: 408-753-4001

CST Lab: NVLAP 100432-0

PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series Firewalls
(Hardware Versions: HW P/Ns 910-000006-00O Rev. O with FIPS Kit P/N 920-000005-00A Rev. A (PA-500), 910-000094-00O Rev. O with FIPS Kit P/N 920-000005-00A (PA-500-2GB), 910-000004-00Z Rev. Z with FIPS Kit P/N 920-000004-00A Rev. A (PA-2020), 910-000003-00Z Rev. Z with FIPS Kit P/N 920-000004-00A Rev. A (PA-2050), 910-000002-00AB Rev. AB with FIPS Kit P/N 920-000003-00A Rev. A (PA-4020), HW P/N 910-000001-00AB Rev. AB with FIPS Kit P/N 920-000003-00A Rev. A (PA-4050), 910-000005-00S Rev. S with FIPS Kit P/N 920-000003-00A Rev. A (PA-4060), 910-000010-00F Rev. F w/ FIPS Kit P/N 920-000037-00A Rev. A (PA-5020), 910-000009-00F Rev. F w/ FIPS Kit P/N 920-000037-00A Rev. A (PA-5050) and 910-000008-00F Rev. F w/ FIPS Kit P/N 920-000037-00A Rev. A (PA-5060); Firmware Version: 4.0.10 or 4.0.12-h2)

(When operated in FIPS mode and with the tamper evident seals and opacity shields installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/30/2013;
08/16/2016
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1987); RSA (Cert. #1031); HMAC (Cert. #1201); SHS (Cert. #1743); RNG (Cert. #1044)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; RC4; Camellia; RC2; SEED; DES

Multi-chip standalone

"The Palo Alto Networks PA-500, PA-2000 Series, PA-4000 Series, and PA-5000 Series firewalls are multi-chip standalone modules that provide network security by enabling enterprises to see and control applications, users, and content using three unique idenification technologies: App-ID, User-ID, and Content-ID. These identification technologies enable enterprises to create business-relevant security policies - safely enabling organizations to adopt new applications."
1876 Apricorn Inc.
12191 Kirkham Road
Poway, CA 92064
USA

-Robert Davidson
TEL: 858-513-4430
FAX: 858-513-2020

CST Lab: NVLAP 100432-0

Apricorn Aegis Secure Key
(Hardware Versions: ASK-256-4GB [1], ASK-256-8GB [2], ASK-256-16GB [3] and ASK-256-32GB [4]; Firmware Versions: V01.12A13-F05 and V01.12A14-F05 20120817 [1], V01.12A13-F04 and V01.12A14-F05 20120817 [2], V01.12A15 Code Package-111130 and V01.12A14-F05 20120817 [3] and V01.12A14-F05 20120817 [4] with Security Controller Firmware Revision iStorage v6 [1] [2] [3] and iStorage v12 [1] [2] [3] [4])

(Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/30/2013
03/08/2013;
03/28/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177)

-Other algorithms: NDRNG

Multi-chip standalone

"The Apricorn Aegis Secure Key is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology. The Apricorn Aegis Secure Key uses full-disk hardware based AES 256 bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG)."
1875 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with Wireless Services Modules (WiSMs)
(Hardware Versions: Chassis: Catalyst 6506 switch [1], Catalyst 6506-E switch [2], Catalyst 6509 switch [3] and Catalyst 6509-E switch [4]; Backplane: WS-C6506 [1], WS-C6506-E [2], WS-C6509 [3] and WS-C6509-E [4]; FIPS Kit: P/N 800-27009 [1, 2] and P/N 800-26335 [3, 4]; Supervisor Blade [1, 2, 3, 4]: [WS-SUP720-3BXL or WS-SUP720-3B] and WiSM: WS-SVC-WISM-1-K9; Firmware Versions: Supervisor Blade: Cisco IOS Release 12.2.33-SXI3 or Cisco IOS Release 12.2.33-SXH5; WiSM: 7.0.230.0, 7.0.240.0 or 7.0.250.0)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/25/2013;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco Catalyst 6506, 6506-E, 6509, and 6509-E Switches with WiSM WLAN Controller deliver centralized control and high capacity for medium to large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WiSM Controller supports the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and supports a Secure Wireless Architecture with certified WiFi Alliance WPA-2 security. The Cisco WiSM Controller supports voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1874 Ultra Stereo Labs, Inc.
181 Bonetti Drive
San Luis Obispo, CA 93401
USA

-Larry McCrigler
TEL: 805-549-0161
FAX: 805-549-0163

CST Lab: NVLAP 100432-0

IMB-1000 HFR and IMB-1200 HFR Secure Media Blocks
(Hardware Versions: Rev. 11 and 12; Firmware Version: 08162012)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/18/2013 Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-Cryptographic Key Management: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1459, #1460 and #1964); HMAC (Certs. #856 and #857); SHS (Certs. #1320 and #1321); RNG (Cert. #798); RSA (Cert. #712); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: RSA (key wrapping, key establishment methodology provides 112 bits of encryption strength); NDRNG; MD5; TI S-BOX; EC Diffie-Hellman; DCI

Multi-chip embedded

"The Image Media Block is a type of Secure Processing Block that contains a Security Manager, Image, Audio and Subtitle Media Decryptors, Image decoder, Image and Audio Forensic Marking (FM) and optional Link Encoder. It is used for playback of encrypted movie content in commercial cinemas."
1873 iStorage Limited
Research House
Fraser Road
Greenford, Middlesex UB6 7AQ
England

-John Michael
TEL: +44 20 8537-3435
FAX: +44 20 8537-3438

CST Lab: NVLAP 100432-0

datAshur Secure USB Flash Drive
(Hardware Versions: IS-FL-DA-256-4 [1], IS-FL-DA-256-8 [2], IS-FL-DA-256-16 [3] and IS-FL-DA-256-32 [4]; Firmware Versions: V01.12A13-F05 and V01.12A14-F05 20120817 [1], V01.12A13-F04 and V01.12A14-F05 20120817 [2], V01.12A15 Code Package-111130 and V01.12A14-F05 20120817 [3] and V01.12A14-F05 20120817 [4] with Security Controller Firmware Revision iStorage v6 [1] [2] [3] and iStorage v12 [1] [2] [3] [4])

(Tamper evidence determined as indicated in the Security Policy, Physical Security Policy section)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/08/2013;
01/24/2013;
03/28/2013;
08/29/2014
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1728); DRBG (Cert. #177)

-Other algorithms: NDRNG

Multi-chip standalone

"The iStorage datAshur is a self-authenticating and self-encrypting secure USB flash drive based on DATALOCK® technology licensed from ClevX, LLC. datAshur uses full-disk hardware based AES 256 Bit encryption in CBC mode. The unit is not dependent on any host software and drivers. By design it is OS/Host independent and agnostic to any operating system (Win, Mac, Linux, Chrome, Android, Symbian, etc.), computer, or embedded device that supports the standard mass storage class (USB/USB OTG). datAshur supports a single encrypted private partition available to the user when unlocked."
1872 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 4150F
(Hardware Version: NSA-4150-FWEX-FRR and FIPS Kit: SAC-4150F-FIPS-KT; Firmware Version: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/08/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement;non-compliant)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1871 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 2150F
(Hardware Version: NSA-2150-FWEX-F and FIPS Kit: SAC-2150F-FIPS-KT; Firmware Version: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/08/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement; non-compliant)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1870 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100F
(Hardware Version: NSA-1100-FWEX-F and FIPS Kit: SAC-1100F-FIPS-KT; Firmware Version: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals and opacity baffles installed and initializing the module as specified in Section 3.1.1 of the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/08/2013 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); CAST-128; RC2; RC4; MD2; MD5; DES; EC Diffie-Hellman (key agreement; non-compliant)

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee's Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1869 WatchGuard Technologies, Inc.
505 Fifth Avenue South, Suite 500
Seattle, WA 98104
USA

-Peter Eng
TEL: 206-613-6600

CST Lab: NVLAP 200556-0

XTM 21 [1], XTM 21-W [2], XTM 22 [3], XTM 22-W [4], XTM 23 [5], XTM 23-W [6], XTM 25 [7], XTM 25-W [8], XTM 26 [9], XTM 26-W [10], XTM 33 [11], XTM 33-W [12], XTM 330 [13], XTM 505 [14], XTM 510 [15], XTM 520 [16], XTM 530 [17], XTM 810 [18], XTM 820 [19], XTM 830 [20], XTM 830-F [21], XTM 1050 [22] and XTM 2050 [23]
(Hardware Versions: XP3E6 [1, 3, 5], XP3E6W [2, 4, 6], FS1E5 [7, 9], FS1E5W [8, 10], FS2E5 [11], FS2E5W [12], NC5AE7 [13], NC2AE8 [14, 15, 16, 17], NS2BE10 [18, 19, 20], NS2BE6F4 [21], NX3CE12 [22] and NC4E16F2 [23] with Tamper Evident Seal Kit: SKU WG8566; Firmware Version: Fireware XTM OS v11.5.1)

(When operated in FIPS mode and the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/21/2012 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Certs. #1078, #1079, #1080, #1082, #1180, #1181 and #1182 ); AES (Certs. #1658, #1659, #1660, #1662, #1827, #1828 and #1829); SHS (Certs. #1452, #1453, #1454, #1457, #1606, #1607 and #1608 ); HMAC (Certs. #973, #974, #975, #977, #1081, #1082 and #1083 ); RSA (Cert. #819 ); ECDSA (Cert. #211); RNG (Cert. #885); DSA (Cert. #631)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 80-bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); DES; RC4; MD5

Multi-chip standalone

"WatchGuard Fireware XTM extensible threat management appliances are built for enterprise-grade performance with blazing throughput and numerous connectivity options. Advanced networking features include clustering, high availability (active/active), VLAN support, multi-WAN load balancing and enhanced VoIP security, plus inbound and outbound HTTPS inspection, to give the strong security enterprises need."
1868 Bomgar Corporation
578 Highland Colony Parkway
Paragon Centre, Suite 300
Ridgeland, MS 39157
USA

-Main Office
TEL: 601-519-0123
FAX: 601-510-9080

-Stella Kwon
TEL: 703-736-8363
FAX: 601-510-9080

CST Lab: NVLAP 200002-0

B200™, B300™ and B400™ Remote Support Appliances
(Hardware Versions: B200 [1], B300r1 [2] and B400r1 [3]; Tamper Evident Label Kit: TEL135325 [1,2,3]; Front Bezels: (FB000300 [2] and FB000400 [3]); Software Versions: 12.1.6FIPS [1,2,3] and 13.1.3FIPS [1,2]; Firmware Versions: 3.3.2FIPS [1,2,3] and 3.4.0FIPS [1,2])

(When operated in FIPS mode and with the tamper evident labels and front bezels applied as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/15/2013;
04/08/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #2219 and #2543); Triple-DES (Certs. #1389 and #1538); RSA (Certs. #1136 and #1297); SHS (Certs. #1910 and #2143); HMAC (Certs. #1350 and #1564); RNG (Certs. #1113 and #1208)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC4; RC4-40; DES; DES-40; MD5

Multi-chip standalone

"Bomgar Remote Support Appliances provide technicians secure remote control of devices over the internet/LAN/WAN. Bomgar allows collaborative remote support to various operating systems, including desktops, servers, mobile and network devices. In addition, Bomgar provides extensive auditing and recording of support sessions."
1867 Pitney Bowes Inc.
37 Executive Drive
Danbury, CT 06810
USA

-David Riley
TEL: 203-796-3208
FAX: 203-796-3129

CST Lab: NVLAP 100432-0

Cygnus X3 Hardware Security Module (XHSM)
(Hardware Version: P/N 1R84000 Version A; Firmware Versions: 01.00.06 and 01.03.0074 (Device Abstraction Layer))

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/19/2012 Overall Level: 3 

-Physical Security: Level 3 +EFP

-FIPS Approved algorithms: AES (Cert. #1979); DRBG (Cert. #181); DSA (Cert. #632); ECDSA (Cert. #286); HMAC (Cert. #1192); KAS (Cert. #33); CVL (Cert. #20); RSA (Cert. #1063); SHS (Cert. #1733); Triple-DES (Cert. #1319); Triple-DES MAC (Triple-DES Cert. #1319, vendor affirmed)

-Other algorithms: AES (Cert. #1979, key wrapping; key establishment methodology provides 128 or 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Single-chip

"The Pitney Bowes Cygnus X3 Postal Security Device (PSD) has been designed in compliance with FIPS 140-2 in order to support international digital indicia standards globally. The Cygnus X3 HSM Cryptographic Module employs strong encryption, decryption, and digital signature techniques for the protection of customer funds in Pitney Bowes Postage Metering products."
1866 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200556-0

FortiGate-3950B/3951B
(Hardware Versions: FortiGate-3950B (C4DE23) and FortiGate-3951B [(C4EL37) and FSM-064 (PE4F79)] with Blank Face Plate (P06698-02) and Tamper Evident Seal: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 12/19/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1856, #1857 and #1858); Triple-DES (Certs. #1203, #1204 and #1205); HMAC (Certs. #1103, #1104 and #1105); SHS (Certs. #1633, #1634 and #1635); RSA (Cert. #939); RNG (Cert. #974)

-Other algorithms: MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); DES

Multi-chip standalone

"FortiGate Multi-Threat Security Solutions are dedicated, hardware-based devices that deliver complete content protection against blended threats at the network perimeter or within the internal network."
1865 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba 3000 [A], 6000/M3 Revision C4 [B] and Dell W-3000 [C], W-6000M3 [D] Controllers with ArubaOS FIPS Firmware
(Hardware Versions: [3200-F1 Revision C4, 3400-F1 Revision C4, 3600-F1 Revision C4, 3200-USF1 Revision C4, 3400-USF1 Revision C4 and 3600-USF1 Revision C4] [1] [A], [(6000-400-F1 or 6000-400-USF1) with M3mk1-S-F1 Revision C4, HW-FT, HW-PSU-200 or HW-PSU-400, LC-2G-1, LC-2G24F-1 or LC-2G24FP-1] [1] [B], [W-3200-F1, W-3400-F1, W-3600-F1, W-3200-USF1, W-3400-USF1 and W-3600-USF1] [2] [C], and [(W-6000-400-F1 or W-6000-400-USF1) with W-6000M3, HW-FT and HW-PSU-400] [2] [D] with FIPS kit 4010061-01; Firmware Version: ArubaOS_MMC_6.1.2.3-FIPS [1] and Dell_PCW_MMC_6.1.2.3-FIPS [2] or ArubaOS_MMC_6.1.4.1-FIPS [1] and Dell_PCW_MMC_6.1.4.1-FIPS [2] or ArubaOS_MMC_6.1.4.5-FIPS [1] and Dell_PCW_MMC_6.1.4.5-FIPS [2] or ArubaOS_MMC_6.1.4.7-FIPS [1] and Dell_PCW_MMC_6.1.4.7-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400")

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/18/2012;
01/24/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #762, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #417, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #769, #1627, #1629 and #1631); Triple-DES (Certs. #667, #1198 and #1201)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services"
1864 Cambium Networks, Ltd.
Unit B2, Linhay Business Park
Ashburton, Devon TQ13 7UP
United Kingdom

-Mark Thomas
TEL: +44 1364 655586
FAX: +44 1364 655500

CST Lab: NVLAP 100432-0

Cambium Networks PTP 800 Compact Modem Unit (CMU)
(Hardware Versions: P/N WB3517, Versions 5.2, 5.3 and 6.6; Firmware Version: PTP 800-05-02)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/04/2013;
02/22/2013
Overall Level: 1 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: SHS (Cert. #1557); DSA (Cert. #556); AES (Certs. #1776 and #1526); DRBG (Cert. #123); Triple-DES (Cert. #1149); HMAC (Cert. #1041)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); RADIUS; MD5; Custom RNG

Multi-chip standalone

"Operating in the 6 to 38 GHz RF bands at up to 368 Mbps throughput (full duplex) and with user-configured channel bandwidths from 7 to 56 MHz, the Cambium Networks Point-to-Point 800 Series of Licensed Ethernet Microwave solutions offer operators a highly reliable licensed band wireless solution."
1863 Kaseya US Sales, LLC
901 N. Glebe Road
Suite 1010
Arlington, VA 22203
USA

-Bill Durant
TEL: 415-694-5700

CST Lab: NVLAP 200996-0

Virtual System Administrator Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/13/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with MAC OS X v10.6.8; Windows 7 (32-bit); Windows 7 (64-bit); Windows Server 2008; Red Hat Enterprise Linux 5.5 (32-bit); Red Hat Enterprise Linux 5.5 (64-bit) (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1988 and #1989); HMAC (Cert. #1202); SHS (Cert. #1744); DRBG (Cert. #185)

-Other algorithms: AES (Cert. #1989, key wrapping); AES-CBC (non-compliant)

Multi-chip standalone

"The Kaseya Virtual System Administrator provides an IT automation framework allowing IT managers to proactively monitor, manage, maintain, and protect distributed IT resources using a single, integrated web-based interface. The services offered by Kaseya Virtual System Administrator are ever-broadening; as IT management services needs increase, so do the tools and services provided by the framework."
1862 Seagate Technology LLC
1280 Disc Drive
Shakopee, MN 55379
USA

-David R Kaiser, PMP
TEL: 952-402-2356
FAX: 952-402-1273

CST Lab: NVLAP 200427-0

Seagate Secure® TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module
(Hardware Version: 1BU282; Firmware Version: 0003)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/07/2013;
01/25/2013
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1811 and #1343); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225)

-Other algorithms: N/A

Multi-chip embedded

"The Seagate Secure« Enterprise Self-Encrypting Drives FIPS 140 Module is embodied in the Seagate Pulsar.2 SED model disk drive. These products meet the performance requirements of the most demanding Enterprise applications. The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA bands and authenticated FW download."
1861 RSA Security, Inc.
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Youngjin Son
TEL: +82-10-6700-6735

CST Lab: NVLAP 200900-0

RSA BSAFE® Crypto-C Micro Edition for Samsung MFP SW Platform (VxWorks)
(Software Version: 3.0.0.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 12/10/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with VxWorks (single user mode)

-FIPS Approved algorithms: AES (Cert. #1826); Triple-DES (Cert. #1179); DSA (Cert. #573); ECDSA (Cert. #252); RNG (Cert. #962); DRBG (Cert. #143); RSA (Cert. #918); SHS (Cert. #1605); HMAC (Cert. #1080)

-Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman

Multi-chip standalone

"A software cryptographic library within the Vxworks real-time operating system specifically for embedded systems based on the ARM9 CPU architecture."
1860 CMS Products
12 Mauchly
Unit E
Irvine, CA 92618
USA

-Les Kristof
TEL: 714-424-5521
FAX: 949-754-9060

CST Lab: NVLAP 100432-0

CE Secure
(Hardware Versions: P/Ns CE-HDDFIPS-500, CE-HDDFIPS-320 and CE-HDDFIPS-250; Firmware Version: 0001SDM7)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/25/2013 Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225)

-Other algorithms: NDRNG

Multi-chip embedded

"The CE Secure CE-HDDFIPS is a Self Encrypting Drive used in CMS Products' line of external secure storage devices. All data on the secure storage device is protected with state of the art hardware encryption."
1859 Red Hat®, Inc.
314 Littleton Road
Raleigh, NC 27606
USA

-Ann-Marie Rubin
TEL: 978-392-1000
FAX: 978-392-1001

CST Lab: NVLAP 200658-0

Red Hat Enterprise Linux 6.2 Openswan Cryptographic Module
(Software Version: 2.0)

(When operated in FIPS mode and when obtained, installed, and initialized as assumed by the Crypto Officer role and specified in Section 9 of the provided Security Policy. This module contains the embedded Red Hat Enterprise Linux 6.2 OpenSSL Cryptographic Module validated to FIPS 140-2 under Cert. #1758 operating in FIPS mode and the Network Security Services (NSS) Cryptographic Module validated to FIPS 140-2 under Cert. #1837 operating in FIPS mode. Section 1 of the provided Security Policy specifies the precise RPM files containing this module. The integrity of the RPMs are verified during the installation and the Crypto officer shall not install the RPM files if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 12/03/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux 6.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Certs. #1289 and #1290); AES (Certs. #1985 and 1986); SHS (Certs. #1741 and #1742); RSA (Cert. #979, vendor affirmed); DRBG (Certs. #183 and #184); DSA (Certs. #634 and #635); HMAC (Certs. #1129, #1130, #1134, #1135, #1199 and #1200)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RC2; RC4; DES; Seed; CAMELLIA; MD2; MD5

Multi-chip standalone

"The Red Hat Enterprise Linux 6.2 OpenSwan Cryptographic Module is a software only cryptographic module that provides the IKE protocol version 1 and version 2 key agreement services required for IPSec."
1858 Vidyo, Inc.
433 Hackensack Ave, 6th Floor
Hackensack, NJ 07601
USA

CST Lab: NVLAP 200556-0

Cryptographic Security Kernel
(Software Version: 1.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/29/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E50xx without AES-NI; Mac OS X 10.6.8 32-bit running on Intel Core Duo without AES-NI; Mac OS X 10.6.8 64-bit running on Intel Core 2 Duo without AES-NI; Mac OS X 10.7.3 32-bit or Mac OS 10.7.3 64-bit running on Intel Core 2 Duo without AES-NI; Windows 7 32-bit running on Intel Core Duo without AES-NI; Windows 7 64-bit running on Intel Core 2 Duo without AES-NI; Windows XP 32-bit running on Intel Core Duo without AES-NI; Linux Ubuntu 10.04 32-bit or Linux Ubuntu 10.04 64-bit running on Intel Xeon E3 with AES-NI; Mac OS X 10.6.8 32-bit or Mac OS X 10.6.8 64-bit running on Intel Core i5 with AES-NI; Mac OS X 10.7.3 32-bit or Mac OS X 10.7.3 64-bit running on Intel Core i5 with AES-NI; Windows 7 32-bit or Windows 7 64-bit running on Intel Core i5 with AES-NI; Windows XP 32-bit running on Intel Core i5 with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2027 and #2028), DRBG (Certs. #194 and #195), HMAC (Certs. #1229 and #1230), SHS (Certs. #1776 and #1777)

-Other algorithms: N/A

Multi-chip standalone

"The Vidyo Cryptographic Security Kernel is a subset of the VidyoTechnology Software Development Kit, which consists of a set of libraries providing video conferencing capabilities. The SDK allows licensed end-users to implement video conferencing capabilities within their own software applications; the Vidyo CSK library provides the cryptographic functions required to secure the communications."
1857 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCI 7000 Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.8.7)

(When operated in FIPS mode and configured to Overall Level 3 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant)

Multi-chip embedded

"Luna® PCI offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna® PCI HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1856 SafeNet, Inc.
20 Colonnade Road
Suite 200
Ottawa, Ontario K2E 7M6
Canada

-Mark Yakabuski
TEL: 613-614-3407
FAX: 613-723-5079

-Chris Brych
TEL: 613-221-5081
FAX: 613-723-5079

CST Lab: NVLAP 200556-0

Luna® PCI 7000 Cryptographic Module
(Hardware Version: VBD-03-0100; Firmware Version: 4.8.7)

(When operated in FIPS mode and configured to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/29/2012;
12/03/2012
Overall Level: 2 

-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #510 and #1904); Triple-DES (Certs. #520 and #1236); Triple-DES MAC (Triple-DES Certs. #520 and #1236, vendor affirmed); DSA (Cert. #600); SHS (Cert. #1671); RSA (Certs. #974 and #975); HMAC (Cert. #1142); RNG (Cert. #998); ECDSA (Cert. #269); KAS (Cert. #29); KBKDF (vendor affirmed)

-Other algorithms: DES; RC2; RC4; RC5; CAST5; RSA (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; ARIA; MD2; MD5; HAS-160; AES MAC (AES Cert. #1904; non-compliant); DES MAC; RC2 MAC; RC5 MAC; CAST5 MAC; SSL3 MD5 MAC; SSL3 SHA1 MAC; KCDSA; Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); HRNG; AES (Certs. #510 and #1904, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Triple-DES (Certs. #520 and #1236, key wrapping; key establishment methodology provides 112 bits of encryption strength); Generic-Secret generation (non-compliant); SSL Pre-Master generation (non-compliant)

Multi-chip embedded

"Luna PCI® offers dedicated hardware key management to protect sensitive cryptographic keys from attack. The high-security hardware design ensures the integrity and protection of encryption keys throughout their life cycle. All digital signing and verification operations are performed within the HSM to increase performance and maintain security. Luna PCI® HSMs provide hardware secured key generation, storage, secure key backup and accelerated encryption in a range of models and configurations offering a wide selection of security, performance and operational capabilities."
1855 Nexus Wireless
Artists Court
15 Manette Street
London, W1D 4AP
United Kingdom

-Paul Richards
TEL: +44-207-734-0200
FAX: +44-207-734-0210

CST Lab: NVLAP 200416-0

Nexus FIPS 140-2 Crypto Module
(Hardware Version: 1.01; Firmware Versions: ES0408_RL01_R1_02_001 version 1.02.001 and ES0408_RL02_R1_02_000 version 1.02.000)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 01/18/2013 Overall Level: 1 

-FIPS Approved algorithms: AES (Cert. #914); DSA (Cert. #337); SHS (Certs. #901 and #928); HMAC (Cert. #533); RNG (Cert. #524)

-Other algorithms: DES; AES MAC (AES Cert. #914, vendor affirmed; P25 AES OTAR)

Multi-chip embedded

"The Nexus FIPS140-2 Crypto Module is a single-board security module designed to conform to FIPS140-2 standards and primarily intended for use in P25 radio equipment. The module supports both KFD and KMF management implementations, including a dedicated 3-wire KFD interface. It includes a complete key storage and critical security material management function for TEK, KEK, UKEK, CKEK and KSKEK keys in non-volatile memory within the FIPS module, with protection from unauthorized disclosure or modification. The FIPS Module executes encryption and decryption of P25 Phase 1 voice and data tra"
1854

CST Lab: NVLAP 100432-0


Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/28/2012 Overall Level: 2 

-FIPS Approved algorithms:

-Other algorithms:

Multi-chip standalone

1853 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco 4402 and 4404 Wireless LAN Controllers
(Hardware Versions: 4402, Revision Number R0 and 4404, Revision Number R0; FIPS Kit AIRWLC4400FIPSKIT=, Version A0; Opacity Baffle Version 1.0; Firmware Versions: 7.0.230.0, 7.0.240.0 or 7.0.250.0)

(When operated in FIPS mode and with the physical security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012;
02/20/2014
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1344 and #1345); HMAC (Certs. #783 and #784); RNG (Cert. #740); RSA (Certs. #651 and #652); SHS (Certs. #1226 and #1227); Triple-DES (Cert. #934)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1344, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 4400 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, intrusion protection and intelligent radio resource management."
1852 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0

FortiWiFi-60C
(Hardware Version: C4DM95 with Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); AES CCM (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1851 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Control Center
(Hardware Versions: [FWE-C1015 and FIPS Kit: FWE-CC-FIPS-KIT1], [FWE-C2050 and FIPS Kit: FWE-CC-FIPS-KIT2] and [FWE-C3000 and FIPS Kit: FWE-CC-FIPS-KIT2]; Firmware Version: 5.2.0)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012;
12/12/2012
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1831 and #1897); Triple-DES (Certs. #1184 and #1233); SHS (Certs. #1611 and #1666); HMAC (Certs. #1085 and #1137); DRBG (Cert. #163); RNG (Certs. #963 and #1009); RSA (Certs. #920 and #972); DSA (Certs. #575 and #599)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
1850 RSA, The Security Division of EMC
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Sandy Carielli
TEL: 781-515-7510

CST Lab: NVLAP 200427-0

RSA BSAFE® Crypto-C Micro Edition
(Software Version: 3.0.0.16 [1] and 3.0.0.20 [2])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/29/2012;
01/24/2013;
06/24/2013
Overall Level: 1 

-Cryptographic Module Specification: Level 3

-Operational Environment: Tested as meeting Level 1 with Wind River VxWorks General Purpose Platform 6.0 (PPC 604 32-bit) [1]; Wind River VxWorks General Purpose Platform 6.8 running on a Fuji Xerox 960K 61580 [2] (single-user mode)

-FIPS Approved algorithms: AES (Certs. #2018 [1] and #2485 [2]); DRBG (Certs. #192 [1] and #343 [2]); DSA (Certs. #643 [1] and #765 [2]); ECDSA (Certs. #293 [1], #294 [1], #414 [2] and #416 [2]); HMAC (Certs. #1222 [1] and #1527 [2]); RNG (Certs. #1058 [1] and #1203 [2]); RSA (Certs. #1047 [1] and #1274 [2]); SHS (Certs. #1768 [1] and #2103 [2]); Triple-DES (Certs. #1303 [1] and #1523 [2])

-Other algorithms: AES-GCM (non-compliant); DES; DES40; Diffie-Hellman; EC Diffie-Hellman; ECAES (non-compliant); ECIES; HMAC MD5; MD2; MD5; PBKDF1 SHA-1; PBKDF2 HMAC SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 (non-compliant); RC2; RC4; RC5; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA PKCS #1 v2.0 (OAEP; non-compliant)

Multi-chip standalone

"The Crypto-C Micro Edition (ME) Module is RSA, The Security Division of EMC's cryptographic library designed for securing mobile devices like wireless phones and personal digital assistants. It contains assembly-level optimizations on key wireless processors. Its functionality includes a wide range of data encryption and signing algorithms, including Triple-DES, the Advanced Encryption Standard (AES) algorithm, the RSA Public Key Cryptosystem, the DSA government signature algorithm, MD5 and SHA1 message digest routines, and more."
1849 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-60 and AP-61 Wireless Access Points
(Hardware Versions: AP-60-F1 Rev. 01 and AP-61-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS or ArubaOS_6.1.4.5-FIPS or ArubaOS_6.1.4.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/06/2012;
01/24/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1848 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 4150E
(Hardware Version: NSA-4150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/19/2012 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1847 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 2150E
(Hardware Version: NSA-2150-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/19/2012 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1846 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise 1100E
(Hardware Version: NSA-1100-FWEX-E and FRU-686-0089-00; Firmware Versions: 7.0.1.03 and 8.2.0)

(When operated in FIPS mode with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/19/2012 Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #972, #973, #974 and #1833); Triple-DES (Certs. #765, #766, #767 and #1185); SHS (Certs. #941, #942, #943 and #1612); HMAC (Certs. #544, #545, #546 and #1086); RNG (Certs. #549, #550, #551 and #964); RSA (Certs. #469 and #470); DSA (Certs. #338 and #339)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Blowfish; RC2; RC4; MD5; DES

Multi-chip standalone

"McAfee Firewall Enterprise solutions provide unmatched protection for the enterprise in the most mission-critical and sensitive environments. McAfee Firewall Enterprise appliances are created to meet the specific needs of organizations of all types and enable those organizations to reduce costs and mitigate the evolving risks that threaten today's networks and applications."
1845 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-65, AP-70 and AP-85 Wireless Access Points
(Hardware Versions: AP-65-F1 Rev. 01, AP-70-F1 Rev. 01, AP-85FX-F1 Rev. 01, AP-85LX-F1 Rev. 01 and AP-85TX-F1 Rev. 01 with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS or ArubaOS_6.1.4.1-FIPS or ArubaOS_6.1.4.5-FIPS or ArubaOS_6.1.4.7-FIPS)

(When operated in FIPS mode and with the tamper evidence seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012;
01/24/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1847, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #932, #933 and #934); SHS (Certs. #1625, #1626, #1627 and #1628); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1843 Gemalto
Avenue du Jujubier Z.I Athelia IV
La Ciotat, 13705
France

-Frederic Garnier
TEL: +33 4 42 36 43 68
FAX: +33 4 42 36 55 45

CST Lab: NVLAP 200427-0

Protiva+ PIV v2.0 using TOP DL v2 and TOP IL v2
(Hardware Versions: A1025258 and A1023393; Firmware Version: Build#11 - M1005011 + Softmask V04, Applet Version: PIV Applet v2.00 + OATH Applet v2.10)

(PIV Card Application: Cert. #30)

(When operated in FIPS mode with module TOP DL v2 or TOP IL v2 validated to FIPS 140-2 under Cert. #1450 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012;
02/06/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1973); CVL (Cert. #18); ECDSA (Cert. #284); RNG (Cert. #1038); RSA (Cert. #1019); SHS (Cert. #1727); Triple-DES (Cert. #1280); Triple-DES MAC (Triple-DES Cert. #1280, vendor affirmed); CVL (Certs. #217 and #224)

-Other algorithms: N/A

Single-chip

"This module is based on a Java Card platform (TOP DL V2) with 128K EEPROM memory and the Protiva PIV Applet loaded on the Java Card platform. The Cryptographic Module provides dual interfaces (i.e. contact and contact-less) where the same security level is achieved."
1842 SonicWALL, Inc.
2001 Logic Drive
San Jose, CA 95124-3452
USA

-Usha Sanagala
TEL: 408-962-6248
FAX: N/A

CST Lab: NVLAP 100432-0

SRA EX6000 and SRA EX7000
(Hardware Versions: P/Ns 101-500210-62 Rev. A (SRA EX6000) and 101-500188-62 Rev. A (SRA EX7000); Firmware Version: SRA 10.6.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1868, #1869 and #1870); HMAC (Certs. #1113, #1114 and #1115); RNG (Cert. #980); RSA (Certs. #950 and #951); SHS (Certs. #1642, #1643 and #1644); Triple-DES (Certs. #1213, #1214 and #1215)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); NDRNG; MD5; RC4

Multi-chip standalone

"Built on Aventail's powerful, proven SSL VPN platform, the SonicWALL Aventail SRA EX6000 and SRA EX7000 appliances provide granular access control for any type of remote access by first detecting the identity and the security of the end point, protecting applications with granular policy based on who the user is and the trust established for the end point used for access, and then connecting authorized employees and business partners effortlessly from a broad range of cross-platform devices only to authorized resources."
1841 InZero Systems
13755 Sunrise Valley Drive
Suite 750
Herndon, VA 20171
USA

-FIPS Product Team
TEL: 703-636-2048
FAX: 703-793-1805

CST Lab: NVLAP 200002-0

InZero Gateway
(Hardware Version: XB2CUSB3.1; Firmware Version: 2.80.0.38)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/29/2012 Overall Level: 2 

-FIPS Approved algorithms: AES (Cert. #1841); DSA (Cert. #576); HMAC (Cert. #1095); RNG (Cert. #967); RSA (Cert. #929); SHS (Cert. #1622); Triple-DES (Cert. #1194)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The InZero Gateway is a pocket-sized appliance that provides FIPS-validated VPNs and endpoint security for a Windows PC. The module's hardware sandbox ensures safe browsing (e.g., opening downloaded files) and safe internet banking. A conversion engine strips malware from e-mail attachments. The firewall helps enforce NAC policy. The module may be managed locally by the Crypto Officer or by a network administrator using a Management Console. The HTTPS management connection and VPNs use FIPS validated encryption, while sandbox HTTPS connections are non-FIPS for compatibility."
1840 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba 3000 [1] and 6000/M3 Revision B2 [2] Controllers with ArubaOS FIPS Firmware
(Hardware Versions: [3200-F1 Revision B2, 3400-F1 Revision B2, 3600-F1 Revision B2, 3200-USF1 Revision B2, 3400-USF1 Revision B2, 3600-USF1 Revision B2] [1] and [(6000-400-F1 or 6000-400-USF1) with (M3mk1-S-F1 Revision B2, LC-2G-1, LC-2G24F-1, LC-2G24FP-1, HW-FT, HW-PSU-200 or HW-PSU-400] [2] with FIPS kit 4010061-01; Firmware Version: ArubaOS_MMC_6.1.2.3-FIPS or ArubaOS_MMC_6.1.4.1-FIPS or ArubaOS_MMC_6.1.4.5-FIPS or ArubaOS_MMC_6.1.4.7-FIPS)

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy clause "Installing the Controller" and the 6000/M3 configured as specified in Security Policy clause "Minimum Configuration for the Aruba 6000-400")

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 02/11/2013;
03/08/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #465, #1850 and #1854); ECDSA (Certs. #257 and #258); HMAC (Certs. #416, #1098 and #1101); RNG (Certs. #969 and #972); RSA (Certs. #933, #935 and #937); SHS (Certs. #768, #1627, #1629 and #1631); Triple-DES (Certs. #482, #1198 and #1201)

-Other algorithms: DES; HMAC-MD5; MD5; RC4; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 192 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's family of Mobility Controllers are network infrastructure devices providing secure, scalable solutions for enterprise Wi-Fi, network security policy enforcement, VPN services, and wireless intrusion detection and prevention. Mobility controllers serve as central points of authentication, encryption, access control, and network coordination for all mobile network services"
1839 Entrust, Inc.
One Lincoln Centre
5400 LBJ Freeway
Suite 1340
Dallas, TX 75240
USA

-Entrust Sales

CST Lab: NVLAP 100432-0

Entrust Authority™ Security Toolkit for the Java®Platform
(Software Version: 8.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/29/2012;
05/28/2014
Overall Level: 2 

-Operational Environment: Tested as meeting Level 2 with Microsoft Windows Server 2008 R2 with Dell Optiplex 755

-FIPS Approved algorithms: AES (Certs. #1935 and #1954); Triple-DES (Cert. #1261); Triple-DES MAC (Cert. #1261, vendor affirmed); DSA (Cert. #617); DRBG (Cert. #170); ECDSA (Cert. #277); SHS (Cert. #1700); HMAC (Cert. #1168); RNG (Cert. #1019); RSA (Cert. #1001); CVL (Cert. #16); CVL (SP 800-135rev1, vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides between 112 and 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES (Cert. #1935, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); CAST3; CAST128; DES; IDEA; RC2; RC4; Rijndael-256; MD2; MD5; RIPEMD-160; SSL3-SHA-MD5; HMAC-MD5; CAST128 MAC; DES MAC; IDEA MAC; ElGamal; SPEKE

Multi-chip standalone

"Entrust Authority™ Security Toolkit for the Java® Platform enables custom applications to be built using a rich set of APIs that provide encryption, digital signature, and certificate authentication capabilities, as well as the ability to manage the full lifecycles of digital certificate-based identities through integration with the Entrust Authority PKI."
1838 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-92, AP-93, AP-104, AP-105, AP-175, Dell W-AP92, W-AP93, W-AP104, W-AP105 and W-AP175 Wireless Access Points
(Hardware Versions: AP-92-F1[1], AP-93-F1[1], AP-104-F1[1], AP-105-F1[1], AP-175P-F1[1], AP-175AC-F1[1], AP-175DC-F1[1], W-AP92-F1[2], W-AP93-F1[2], W-AP104-F1[2], W-AP105-F1[2], W-AP175P-F1[2], W-AP175AC-F1[2], W-AP175DC-F1[2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS[1] and Dell_PCW_6.1.2.3-FIPS[2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/08/2012;
01/24/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1837 Red Hat, Inc.
1801 Varsity Drive
Raleigh, NC 27606
USA

-Robert Relyea
TEL: 650-254-4236

CST Lab: NVLAP 200427-0

NSS Cryptographic Module
(Software Version: 3.12.9.1)

(When operated in FIPS mode and when obtained, installed, and initialized as specified in Section 5 of the provided Security Policy. Section 5 also specifies the precise RPM file containing this module. The integrity of the RPM is automatically verified during the installation and the Crypto officer shall not install the RPM file if the RPM tool indicates an integrity error. Any deviation from the specified verification, installation and initialization procedures will result in a non FIPS 140-2 compliant module. The module generates cryptographic keys whose strengths are modified by available entropy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/08/2012 Overall Level: 1 

-Design Assurance: Level 2

-Operational Environment: Tested as meeting Level 1 with Red Hat Enterprise Linux v6.2 32-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system; Red Hat Enterprise Linux v6.2 64-bit running on an Intel Core i7 system with AES-NI (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1908); DRBG (Cert. #165); DSA (Cert. #602); HMAC (Cert. #1145); RSA (Cert. #979); SHS (Cert. #1675); Triple-DES (Cert. #1240)

-Other algorithms: AES (Cert. #1908, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HKDF; J-PAKE; MD2; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); SEED; Triple-DES (Cert. #1240, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major Internet security standards. NSS is available free of charge under a variety of open source compatible licenses. See http://www.mozilla.org/projects/security/pki/nss/ ."
1836 RSA Security, Inc.
174 Middlesex Turnpike
Bedford, MA 01730
USA

-Youngjin Son
TEL: +82-10-6700-6735

CST Lab: NVLAP 200900-0

RSA BSAFE® Crypto-C Micro Edition for MFP SW Platform (pSOS)
(Software Versions: 3.0.0.1 and 3.0.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Software 11/08/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with pSOS (single user mode)

-FIPS Approved algorithms: AES (Cert. #1808); Triple-DES (Cert. #1166); DSA (Cert. #566); ECDSA (Cert. #249); RNG (Cert. #953); DRBG (Cert. #137); RSA (Cert. #905); SHS (Cert. #1587); HMAC (Cert. #1066)

-Other algorithms: DES; MD2; MD5; HMAC-MD5; DES40; RC2; RC4; RC5; ECAES (non-compliant); ECIES; PBKDF1-SHA-1 (non-compliant); PBKDF2-HMAC (SHA-1, SHA-224, SHA-256, SHA-384 and SHA-512) (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA OAEP; Entropy RNG; OTP RNG; Diffie-Hellman; EC Diffie-Hellman

Multi-chip standalone

"A software cryptographic library within the pSOS real-time operating system specifically for embedded systems based on the ARM9 CPU architecture."
1835 Cavium Networks
2315 N First Street
San Jose, CA 95131
USA

-TA Ramanujam
TEL: 408-931-2952
FAX: 408-577-1992

CST Lab: NVLAP 100432-0

NITROX XL 1600-NFBE HSM Family
(Hardware Versions: P/Ns CN1620-NFBE1NIC-2.0, CN1620-NFBE3NIC-2.0, CN1610-NFBE1NIC-2.0, CN1610-NFBE1-3.0, CN1620-NFBE1-3.0, CN1620-NFBE3-3.0, CN1610-NFBE1-2.0, CN1620-NFBE1-2.0 and CN1620-NFBE3-2.0; Firmware Versions: CN16XX-NFBE-FW-2.1-110015 or CN16XX-NFBE-FW-2.1-110016)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/08/2012;
10/18/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1265 and #1266); Triple-Des (Cert. #898); RSA (Certs. #607 and #742); ECDSA (Certs. #150 and #188); SHS (Certs. #1165 and #1166); HMAC (Cert. #736); KAS (Cert. #5); RNG (Cert. #707); DRBG (Cert. #32); DSA (Cert. #474)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength); AES (Cert. #1265, key wrapping; key establishment methodology provides 256 bits of encryption strength); RC4; MD5; PBE

Multi-chip embedded

"The NITROX XL 1600-NFBE HSM adapter family delivers the world's fastest FIPS 140-2 Level 3 Hardware Security Module (HSM) with PCIe Gen 2.0. The NITROX XL family of adapters offers up to 45,000 RSA operations per second and 5 Gbps of bulk crypto performance and is certified to the stringent US Government security standards. This FIPS family delivers an unmatched solution to the increasing performance, cryptographic and time to market requirements of the financial, government and healthcare vertical markets."
1834 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0

FortiGate-200B [1], FortiGate-310B [2] and FortiGate-620B [3]
(Hardware Versions: C4CD24 [1], C4ZF35 [2] and C4AK26 [3] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/08/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1408, #1899 and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1833 Motorola Solutions, Inc.
One Motorola Plaza
Holtsville, NY 11742
USA

-Bert Scaramozzino
TEL: 631-738-3215
FAX: 631-738-4164

CST Lab: NVLAP 200968-0

Fusion 802.1x Authentication Supplicant
(Software Version: H_3.40.0.0.19)

(When operated in FIPS mode. No assurance of module integrity when operating in non-FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/07/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Motorola ES400 with Windows Mobile 6.5 OS OEM Version 2.31.0002; Motorola MC65 with Windows Mobile 6.5 OS OEM Version 2.31.0002 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1200); AES (Cert. #1853); SHS (Cert. 1630); HMAC (Cert. #1100); RSA (Cert. #936); DSA (Cert. #578); RNG (Cert. #971)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DES; RC4; RC2; MD5; CCKM; IDEA; SMS4

Multi-chip standalone

"Motorola Fusion 802.1x Authentication Supplicant is a component of Motorola Wireless Mobile Computing devices that are equipped with a WLAN radio. These devices are used for business process automation applications in a number of vertical markets like retail, manufacturing, transportation, health and government"
1832 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0

FortiGate-60C [1], FortiGate-110C [2] and FortiGate-111C [3]
(Hardware Versions: C4DM93 [1], C4HA15 [2] and C4BQ31 [3] with Tamper Evident Seal Kit: FIPS-SEAL-RED [1] or FIPS-SEAL-BLUE [2,3]; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/07/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1408, #1899, and #1900); Triple-DES (Certs. #961, #1234 and #1235); SHS (Certs. #1278, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1831 Motorola Solutions, Inc.
1303 East Algonquin Road
Schaumburg, IL 60196
USA

-Tom Nguyen
TEL: 847-576-2352

CST Lab: NVLAP 100432-0

KMF CryptR
(Hardware Version: P/N CLN8566A; Firmware Version: R01.02.10, R01.05.00 or R01.05.01)

(When operated in FIPS mode and initialized to Overall Level 2 per Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
12/07/2012;
09/12/2014
Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1901); DRBG (Cert. #159); ECDSA (Cert. #268); SHS (Cert. #1670)

-Other algorithms: AES (Cert. #1901, key wrapping; key establishment methodology provides 256 bits of encryption strength); AES MAC (AES Cert. #1901, vendor affirmed; P25 AES OTAR); NDRNG; LFSR; KAS (non-compliant); DES-XL; DES-OFB; DES-ECB; DES-CBC; DVI-XL; DVP-XL

Multi-chip standalone

"The KMF CryptR provides encryption and decryption services for secure key management and Over-the-Air-Rekeying (OTAR) for Motorola's Key Management Facility (KMF). The KMF and KMF CryptR combine to provide these cryptographic services for Motorola's APCO-25 compliant Astro radio systems."
1830 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200996-0

FortiGate-5140 Chassis with FortiGate 5000 Series Blades
(Hardware Version: Chassis: C4GL51; Blades: P4CF76, P4CJ36-02, P4CJ36-04 and P4EV74; AMC Components: P4FC12 and AMC4F9; Shelf Manager: PN 21594 346; Alarm Panel: PN 21594 159; Tamper Evident Seal Kit: FIPS-SEAL-RED; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1405, #1408, #1858, #1899 and #1900); Triple-DES (Certs. #958, #961, #1205, #1234 and #1235); SHS (Certs. #1275, #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #826, #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1829 Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134
USA

-Palani Karuppan
TEL: 408-525-2747

CST Lab: NVLAP 100432-0

Cisco 5508 Wireless LAN Controller
(Hardware Version: CT5508 Revision Number B0; FIPS Kit AIR-CT5508FIPSKIT=; Opacity Baffle Version A0; Firmware Version: 7.0.230.0, 7.2.103.0, 7.2.115.1 or 7.2.115.2)

(When operated in FIPS mode and with the tamper evident seals and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
05/16/2013;
07/12/2013
Overall Level: 2 

-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1346, #1347 and #1348); HMAC (Certs. #785, #786 and #787); RNG (Certs. #741 and #742); RSA (Certs. #653 and #654); SHS (Certs. #1228, #1229 and #1230); Triple-DES (Cert. #935)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 96 bits of encryption strength; non-compliant); AES (Cert. #1346, key wrapping; key establishment methodology provides 128 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength); RC4; MD5; HMAC MD5; AES-CTR (non-compliant); CCKM

Multi-chip standalone

"The Cisco 5508 Series WLAN Controllers deliver centralized control and high capacity for small, medium and large-scale Enterprise wireless LAN networks. In FIPS 140-2 mode of operation, the Cisco WLAN Controllers support the IEEE 802.11i & 802.1x standards, IETF CAPWAP standard and support a Secure Wireless Architecture with WiFi Alliance certified WPA-2 security. The Cisco WLAN Controllers support voice, video and data services along with Cisco Clean Air technology, IPv6 mobility, intrusion protection and intelligent radio resource management."
1828 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-134, AP-135 and Dell W-AP134, W-AP135 Wireless Access Points
(Hardware Versions: AP-134-F1 [1], AP-135-F1 [1], W-AP134-F1 [2] and W-AP135-F1 [2] with FIPS kit 4010061-01; Firmware Version: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2])

(When operated in FIPS mode with tamper evident labels and security devices installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
01/24/2013;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #1847, 1849, #1850 and #1851); HMAC (Certs. #1097, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #1625, #1627, #1628 and #1629); Triple-DES (Certs. #1197, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1827 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 200556-0

Symantec Scanner Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 11/05/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with CentOS 5.5 (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1809); Triple-DES (Cert. #1167); DSA (Cert. #567); SHS (Cert. #1588); RNG (Cert. #954); RSA (Cert. #906); HMAC (Cert. #1067)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Symantec Scanner Cryptographic Module Version 1.0 provides cryptographic services to the Scanner component of the Symantec Messaging Gateway solution, a secure email gateway offering. The Scanner provides filtering services on inbound and outbound message flows and is responsible for taking actions on emails based on filtering verdicts."
1826 Seagate Technology LLC
389 Disc Drive
Longmont, CO 80503
USA

-Monty Forehand
TEL: 720-684-2835
FAX: 720-684-2733

CST Lab: NVLAP 100432-0

Seagate Secure® TCG Opal SSC Self-Encrypting Drive
(Hardware Versions: 9WU142 [1, 2, 3, 4, 5], 9WU14C [1, 2, 3, 4, 5], 9WU141 [1, 2, 3, 4, 5], 1DJ142 [1, 5, 6, 7], 1DJ14C [1, 5, 6, 7], 1DJ141 [1, 5, 6, 7], 1RS152 [8, 9, 10], 1RS15C [8, 9, 10] and 1RS15D [8, 9, 10]; Firmware Versions: 0001SDM7 [1], 0001SED7 [2], 0002SDM7 [3], 0002SED7 [4], 0001LIM7 [5], 1002SED7 [6], 1003SED7 [7], 0001SDM7 [8], 0001YXM7 [9] or 0002LIM7 [10])

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
06/14/2013;
05/20/2014;
09/25/2014
Overall Level: 2 

-EMI/EMC: Level 3

-FIPS Approved algorithms: AES (Certs. #1343 and #1845); DRBG (Cert. #62); RSA (Cert. #650); SHS (Cert. #1225)

-Other algorithms: NDRNG

Multi-chip embedded

"The Seagate Secure® TCG Opal SSC Self-Encrypting Drive is embedded in Seagate Momentus® Thin Self-Encrypting Drives (SEDs). The cryptographic module (CM) provides a wide range of cryptographic services using FIPS approved algorithms. Services include hardware-based data encryption, instantaneous user data disposal with cryptographic erase, independently controlled and protected user data LBA ranges, and authenticated FW download. The services are provided through an industry-standard TCG Opal SSC interface."
1825 TIBCO LogLogic®, Inc.
110 Rose Orchard Way
Suite 200
San Jose, CA 95134
USA

-Thor Taylor
TEL: 408-215-5941

-Phuong Hoang
TEL: (408) 731-7022

CST Lab: NVLAP 200928-0

LogLogic Communications Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 01/25/2013 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Oracle Enterprise Linux 5.6 running on LX 820, LX 1020, ST 1020, LX 4020, ST 1020, ST 2020-SAN, ST 4020 and MX 3020 appliances (single-user mode)

-FIPS Approved algorithms: AES (Cert. #1926); SHS (Cert. #1691); HMAC (Cert. #1160); RNG (Cert. #1013)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The LogLogic Communications Cryptographic Module establishes a secure, encrypted tunnel between LogLogic products for the secure transmission of log data."
1824 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Telepresence C20 Codec
(Hardware Version: C20 v1; Firmware Version: TC5.0.2)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/14/2012;
11/21/2012;
12/03/2012
Overall Level: 1 

-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 2

-FIPS Approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255)

-Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1823 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco Telepresence C40, C60, and C90 Codecs
(Hardware Versions: C40 v1, C60 v1 and C90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/05/2012;
11/21/2012;
12/03/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #1928); DRBG(Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255)

-Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1822 Data-Pac Mailing Systems Corp.
1217 Bay Road
Webster, NY 14580
USA

-Ken Yankloski
TEL: 585-787-7074
FAX: 585-671-1409

-John Keirsbilck
TEL: 585-787-7077
FAX: 585-671-1409

CST Lab: NVLAP 200427-0

iButton Postal Security Device
(Hardware Version: MAXQ1959B-F50#; Firmware Version: 1.3)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 11/01/2012 Overall Level: 3 

-Physical Security: Level 3 +EFT

-FIPS Approved algorithms: DSA (Cert. #544); RNG (Cert. #927); SHS (Cert. #1526)

-Other algorithms: N/A

Multi-chip standalone

"The Data-Pac MAXQ1959B-F50# Postal Security Device (PSD) is an embedded cryptographic module used for postage evidencing. The PSD complies with FIPS 140-2 standards and postal requirements to support the USPS IBI program, including strong cryptographic and physical security for the protection of postal funds."
1821 Integral Memory PLC.
Unit 6 Iron Bridge Close
Iron Bridge Business Park
Off Great Central Way
London, Middelsex NW10 0UF
United Kingdom

-Patrick Warley
TEL: +44 (0)20 8451 8700
FAX: +44 (0)20 8459 6301

- Samik Halai
TEL: +44 (0)20 8451 8704
FAX: +44 (0)20 8459 6301

CST Lab: NVLAP 200996-0

Crypto Dual (Underlying Steel Chassis) [1] and Crypto Dual Plus (Underlying Steel Chassis) [2]
(Hardware Versions: INFD2GCRYPTODL140-2(R) [1], INFD4GCRYPTODL140-2(R) [1], INFD8GCRYPTODL140-2(R) [1], INFD16GCRYPTODL140-2(R) [1], INFD32GCRYTPODL140-2(R) [1], INFD64GCRYPTODL140-2(R) [1], INFD2GCRYDLP140-2(R) [2], INFD4GCRYDLP140-2(R) [2], INFD8GCRYDLP140-2(R) [2], INFD16GCRYDLP140-2(R) [2], INFD32GCRYDLP140-2(R) [2], INFD64GCRYDLP140-2(R) [2], INFD128GCRYDLP140-2(R) [2], INFD256GCRYDLP140-2(R) [2], INFD512GCRYDLP140-2(R) [2] and INFD1TCRYDLP140-2(R) [2]; Firmware Version: PS2251-65)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 11/01/2012 Overall Level: 2 

-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1205); SHS (Cert. #1108); RNG (Cert. #666)

-Other algorithms: NDRNG

Multi-chip standalone

"The Crypto Dual (Underlying Steel Chassis) and Crypto Dual Plus (Underlying Steel Chassis) features Dual Password (User and Master) and works in both Windows & Mac operating Systems. Featuring Premium 256 bit AES security, it is one of the most secure and durable of all Integral USB Flash Drives. It has brute-force password attack protection, a 26 language interface and operates with a zero footprint."
1820 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba AP-120 Series and Dell W-AP120 Series Wireless Access Points
(Hardware Versions: AP-124-F1 [1], AP-125-F1 [1], W-AP124-F1 [2] and W-AP125-F1 [2] with FIPS kit 4010061-01; Firmware Versions: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.1-FIPS [1] and Dell_PCW_6.1.4.1-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/05/2012;
01/24/2013;
11/14/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's Wi-Fi access points serve as secure network on-ramps, aggregating wireless user traffic and forwarding it to Aruba's highly secure Mobility Controllers, where per-user role based access controls are applied through an integrated firewall. In FIPS 140-2 Mode, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 client standard along with optional Suite B cryptography. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1819 Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
USA

-John Roberts
TEL: 415-738-2810

CST Lab: NVLAP 200556-0

Symantec Control Center Cryptographic Module
(Software Version: 1.0)

(When operated in FIPS mode with RSA BSAFE® Crypto-J JCE Provider Module validated to FIPS 140-2 under Cert. #1048 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/12/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows XP SP2 (32-bit) with (Sun JRE 1.4.2, Sun JRE 1.5 or Sun JRE 1.6) (single-user mode)

-FIPS Approved algorithms: AES (Cert. #669); DSA (Cert. #251); ECDSA (Cert. #72); HMAC (Cert. #353); RNG (Cert. #389); DRBG (vendor affirmed); RSA (Cert. #311); SHS (Cert. #702); Triple-DES (Cert. #614)

-Other algorithms: AES-GCM (non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); DESX; ECAES (non-compliant); EC Diffie-Hellman; ECDHC; ECIES; MD2; MD5; PBE (non-compliant); RIPEMD 160; RNG (X9.31, non-compliant); MD5; SHA-1 (non-compliant); RC2; RC4; RC5; RSA OAEP (non-compliant); Raw RSA (non-compliant); RSA Keypair Generation MultiPrime (non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5

Multi-chip standalone

1818 Cisco Systems, Inc.
170 W. Tasman Drive
San Jose, CA 95134
USA

-Global Certification Team

CST Lab: NVLAP 200427-0

Cisco EX60 and EX90 TelePresence Systems
(Hardware Versions: EX60 v1 and EX90 v1 with CISCO-FIPSKIT=; Firmware Version: TC5.0.2)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2012;
11/21/2012;
12/03/2012
Overall Level: 2 

-Roles, Services, and Authentication: Level 3

-FIPS Approved algorithms: AES (Cert. #1928); DRBG (Cert. #168); DSA (Cert. #612); ECDSA (Cert. #276); HMAC (Cert. #1162); RSA (Cert. #994); SHS (Cert. #1693); Triple-DES (Cert. #1255)

-Other algorithms: AES (Cert. #1928, key wrapping; key establishment methodology provides 128 bits of encryption strength); Blowfish; Camellia; DES; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); HMAC-MD5; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Cisco TelePresence portfolio creates an immersive, face-to-face experience over the network, empowering you to collaborate with others like never before. Through a powerful combination of technologies and design that allows you and remote participants to feel as if you are all in the same room, the Cisco TelePresence portfolio has the potential to provide great productivity benefits and transform your business. Many organizations are already using it to control costs, make decisions faster, improve customer intimacy, scale scarce resources, and speed products to market."
1817 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 Event Manager
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/11/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Event Manager cryptographic module provides cryptographic services to an Event Manager. In particular, these services support secure communication with supporting SQL Server databases."
1816 Imation Corp.
Discovery Bldg. 1A-041
Oakdale, MN 55128
USA

-Larry Hamid
TEL: 408-737-4308

CST Lab: NVLAP 100432-0

Imation S250/D250
(Hardware Versions: D2-S250-S01, D2-S250-S02, D2-S250-S04, D2-S250-S08, D2-S250-S16, D2-S250-S32, D2-D250-B01, D2-D250-B02, D2-D250-B04, D2-D250-B08, D2-D250-B16, D2-D250-B32 and D2-D250-B64; Firmware Versions: 4.0.1 or 4.0.2)

(Files distributed with the module mounted within the internal CD Drive are excluded from validation)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2012;
01/04/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Certs. #1412 and #1874); DRBG (Cert. #152); HMAC (Certs. #1118 and #1119); RNG (Cert. #774); RSA (Certs. #688, #954 and #955); SHS (Certs. #1282 and #1647); Triple-DES (Cert. #965); PBKDF (vendor affirmed)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength)

Multi-chip standalone

"The Imation S250/D250 Secure Flash Drives include a high-speed hardware-based 256 Bit AES cryptography engine for encrypting and decrypting NAND flash and RAM buffers via USB. It also includes RSA, HMAC, SHA, and DRBG algorithms."
1815 Aruba Networks, Inc.
1322 Crossman Avenue
Sunnyvale, CA 94089
USA

-Jon Green
TEL: 408-227-4500

CST Lab: NVLAP 200427-0

Aruba RAP-5WN and Dell W-RAP-5WN Remote Access Points
(Hardware Versions: RAP-5WN-F1 [1] and W-RAP-5WN-F1 [2]; Firmware Version: ArubaOS_6.1.2.3-FIPS [1] and Dell_PCW_6.1.2.3-FIPS [2] or ArubaOS_6.1.4.5-FIPS [1] and Dell_PCW_6.1.4.5-FIPS [2] or ArubaOS_6.1.4.7-FIPS [1] and Dell_PCW_6.1.4.7-FIPS [2])

(When operated in FIPS mode with tamper evident labels installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2012;
07/26/2013;
01/23/2014
Overall Level: 2 

-FIPS Approved algorithms: AES (Certs. #861, #1850 and #1851); HMAC (Certs. #478, #1098 and #1099); RNG (Certs. #969 and #970); RSA (Certs. #933, #934 and #935); SHS (Certs. #856, #1627, #1628 and #1629); Triple-DES (Certs. #708, #1198 and #1199)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip standalone

"Aruba's RAP-5WN access point aggregates wired and wireless user traffic and forwards it to an Aruba Mobility Controller through a secure IPsec tunnel, using the public Internet or an optional 3G/4G WWAN service for backhaul. In the FIPS 140-2 mode of operation, Aruba APs in conjunction with the Mobility Controller support the IEEE 802.11i/WPA2 standard along with optional Suite B cryptography for high-assurance applications. Aruba APs also provide wireless intrusion detection/prevention services, support wireless mesh topologies, and have Wi-Fi Alliance certification for IEEE 802.11a/b/g/n."
1814 Websense Inc.
10240 Sorrento Valley Road
San Diego, CA 92121
USA

-Joshua Rosenthol
TEL: 858-320-3684

CST Lab: NVLAP 200928-0

Crypto Module C
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/11/2012;
01/22/2013
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2; 32-bit Red Hat Enterprise Linux 6 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1257); AES (Cert. #1931); SHS (Cert. #1696); HMAC (Cert. #1165); RNG (Cert. #1016); DSA (Cert. #614); RSA (Cert. #997)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 219 bits of encryption strength; non-compliant less than 112 bits of encryption strength); AES-CFB1 (non-compliant); ECDSA (non-compliant); ECDH (non-compliant)

Multi-chip standalone

"Websense produces a family of web, e-mail and data security solutions that can be deployed on pre-configured, security hardened hardware or as customer installable software. The Websense Crypto Module C provides support for cryptographic and secure communications services for these solutions."
1813 Juniper Networks, Inc.
1194 N. Mathilda Ave.
Sunnyvale, CA 94089
USA

-Guillaume Gavillet
FAX: 408-936-1801

-Seyed Safakish
TEL: 408-745-8158
FAX: 408-936-1801

CST Lab: NVLAP 200002-0

Junos-FIPS 10.4 L2 OS Cryptographic Module
(Firmware Version: 10.4R5)

(When operated only on the specific platforms specified on the reverse. The routing engine and chassis configured with tamper evident seals installed as indicated in the Security Policy.)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Firmware 10/11/2012 Overall Level: 2 

-Design Assurance: Level 3

-Tested: M120 [1], M320 [2], MX240 [3], MX480 [4], MX960 [5] and T1600 [6]; Routing Engines: (RE-A-2000-4096 [1,2] and RE-S-2000-4096 [3,4,5,6]); Routing Engine Control Boards: (750-011402 [1] and 750-021524 [3,4,5]); Blanking Plate (540-015089 Rev02 [5]); Control Boards: (750-009188 [2] and 750-024570 [6]); with Tamper Evident Seal Kit: (JNPR-FIPS-TAMPER-LBLS [1,2,3,4,5,6])

-FIPS Approved algorithms: AES (Certs. #1719, #1726 and #1727); DSA (Cert. #531); ECDSA (Cert. #225); RNG (Cert. #909); RSA (Cert. #847); HMAC (Certs. #994, #1000, #1001 and #1002); SHS (Certs. #1502, #1508, #1509 and #1510); Triple-DES (Certs. #1106, #1112 and #1113)

-Other algorithms: MD5; Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant)

Multi-chip embedded

"Juniper Networks M, T and MX series routing platforms are complete routing systems that support a variety of high-speed interfaces for medium/large networks and network applications and numerous routing standards. All platforms are physically self-contained, housing software, firmware, and hardware necessary for routing. The router architecture provides for streamlined forwarding and routing control and the capability to run Internet-scale networks at high speeds. They are powered by the same JUNOS software, which provides both management and control functions as well as all IP routing."
1812 McAfee, Inc.
2340 Energy Park Drive
St. Paul, MN 55108
USA

-Mark Hanson
TEL: 651-628-1633
FAX: 651-628-2701

CST Lab: NVLAP 200556-0

McAfee Firewall Enterprise Control Center Virtual Appliance
(Software Versions: 5.2.0 and 5.2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/11/2012;
10/31/2012
Overall Level: 1 

-Roles, Services, and Authentication: Level 2

-Operational Environment: Tested as meeting Level 1 with CGLinux (single-user mode)

-FIPS Approved algorithms: AES (Certs. #1862 and #1917); Triple-DES (Certs. #1209 and #1247); SHS (Certs. #1638 and #1683); HMAC (Certs. #1109 and #1152); DRBG (Cert. #162); RNG (Certs. #976 and #1008); RSA (Certs. #943 and #985); DSA (Certs. #581 and #608)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5

Multi-chip standalone

"McAfee Firewall Enterprise Control Center simplifies the management of multiple McAfee Firewall Enterprise appliances. Control Center enables centralized management and monitoring of the McAfee Firewall Enterprise solutions, allowing network administrators to centrally define firewall policy, deploy updates and inventory their firewall products."
1811 IMS Health Inc.
16720 Route Transcanadienne
Suite 1700
Kirkland, Québec H9H 5M3
Canada

-Charles Blair
TEL: 905-816-5131

-Hussam Mahgoub
TEL: 905-816-5134

CST Lab: NVLAP 200928-0

Diversinet Java Crypto Module
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/11/2012;
02/20/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Microsoft Windows Server 2008 R2 with JDK v1.6 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1276); AES (Cert. #1965); SHS (Cert. #1723); HMAC (Cert. #1185); DRBG (Cert. #175); RSA (Cert. #1017)

-Other algorithms: N/A

Multi-chip standalone

"Diversinet Java SE Crypto Module is a JCA (Java Cryptography Architecture) Provider shipped with Diversinet MobiSecure Products. The Crypto Module implements several JCE (Java Cryptography Extension) algorithms including Triple DES, AES, SHA, HMAC and RSA. The Crypto Module is packaged in a signed Java Archive (JAR) file."
1810 Fortinet, Inc.
326 Moodie Drive
Ottawa, Ontario K2H 8G3
Canada

-Alan Kaye
TEL: 613-225-9381

CST Lab: NVLAP 200426-0

FortiGate-1240B [1] and FortiGate-3140B [2]
(Hardware Versions: C4CN43 [1] and C4XC55 [2] with Tamper Evident Seal Kit: FIPS-SEAL-BLUE [1] or FIPS-SEAL-RED [2]; Firmware Version: FortiOS 4.0, build8892, 111128)

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/11/2012 Overall Level: 2 

-Cryptographic Module Ports and Interfaces: Level 3
-Roles, Services, and Authentication: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Certs. #1408, #1858, #1899 and #1900); Triple-DES (Certs. #961, #1205, #1234 and #1235); SHS (Certs. #1278, #1635, #1668 and #1669); RNG (Cert. #996); HMAC (Certs. #829, #1105, #1139 and #1140); RSA (Certs. #685 and #973)

-Other algorithms: DES; SHA-256 (non-compliant); HMAC-SHA-256 (non-compliant); MD5; HMAC-MD5; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 196 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The FortiGate product family spans the full range of network environments, from SOHO to service provider, offering cost effective systems for any size of application. FortiGate appliances detect and eliminate the most damaging, content-based threats from email and Web traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time - without degrading network performance."
1809 Systematic Development Group, LLC
350 Jim Moran Blvd. Suite 122
Deerfield Beach, FL 33442
USA

-George Wolf
TEL: 954-889-3535 x315

CST Lab: NVLAP 100432-0

LOK-IT® 10 KEY (Series SDG003FM/SDG005M)
(Hardware Versions: HW003-32 Rev:01 [2], HW003-16 Rev:03 [1], HW003-16 Rev:04 [2], HW003-08 Rev:02 [1], HW003-08 Rev:03 [2] , HW003-04 Rev:02 [1] and HW003-04 Rev:03 [2]; Firmware Version: USB Controller Firmware Revision V01.12A12-F01 [1] or V01.12A14-F05 [2]; Security Controller Firmware Revision SDG003FM-010)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 10/02/2012;
01/22/2013;
07/26/2013
Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1514); SHS (Cert. #1682); DRBG (Cert. #164)

-Other algorithms: NDRNG

Multi-chip standalone

"This module is a multi-chip standalone cryptographic module, as defined by FIPS 140-2 and consists of an Initio 1861 USB controller, NAND Flash memory and a Microchip PIC16LF1825 security controller. All components are encased in hard, opaque, production grade integrated circuit packaging. The cryptographic boundary is defined as the boundary of the module's PCB and hard epoxy coating. The module uses a NDRNG as input to a Hash_DRBG algorithm specified in NIST special publication SP800-90 to generate a random 256 bit encryption key. The AES key has 256 bits of entropy."
1808 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 Log Manager
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/02/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Log Manager cryptographic module provides cryptographic services to a Log Manager. In particular, these services support secure communication with other LogRhythm components (System Monitor Agents and AI Engine Servers) and SQL Server databases."
1807 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 Console
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/02/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Console cryptographic module provides cryptographic services to a Console. In particular, these services support secure communication with SQL Server databases in a LogRhythm deployment."
1806 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 Windows System Monitor Agent
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/02/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 Windows System Monitor Agent cryptographic module provides cryptographic services to a Windows System Monitor Agent. In particular, these services support secure communication with a LogRhythm Log Manager component."
1805 LogRhythm
3195 Sterling Circle, Suite 100
Boulder, CO 80301
USA

-Emily Dobson
TEL: 720-881-5348

CST Lab: NVLAP 200427-0

LogRhythm 6.0.4 AI Engine Server
(Software Version: 6.0.4)

(When operated in FIPS mode with module BCRYPTPRIMITIVES validated to FIPS 140-2 under Cert. #1336 operating in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/02/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Windows Server 2008 R2 (SP1) (single-user mode) running .NET framework version 3.5

-FIPS Approved algorithms: AES (Cert. # 1168); DRBG (Cert. #23); HMAC (Cert. #686); RNG (Cert. #649); RSA (Certs. #559 and #567); SHS (Cert. #1081)

-Other algorithms: MD5; HMAC-MD5

Multi-chip standalone

"The LogRhythm 6.0.4 AI Engine Server cryptographic module provides cryptographic services to an AI Engine Server. In particular, these services support secure communication with LogRhythm Log Managers and Event Manager SQL Server databases."
1804 IMS Health Inc.
16720 Route Transcanadienne
Kirkland, Québec H9H 5M3
Canada

-Charles Blair
TEL: 905-816-5131

-Hussam Mahgoub
TEL: 905-816-5134

CST Lab: NVLAP 200928-0

Diversinet Java Crypto Module for Mobile
(Software Version: 2.0)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 10/03/2012;
02/20/2014
Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with Android OS v2.2 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1277); AES (Cert. #1966); SHS (Cert. #1724); HMAC (Cert. #1186); DRBG (Cert. #176); RSA (Cert. #1018)

-Other algorithms: N/A

Multi-chip standalone

"Diversinet Java ME Crypto Module is shipped with Diversinet MobiSecure Client SDK for Java based run-time environments on Smartphones and tablets including, Android OS-, BlackBerry OS- and Java ME MIDP-based. The Crypto Module implements several cryptography algorithms including Triple DES, AES, SHA, HMAC and RSA."
1803 Websense Inc.
10240 Sorrento Valley Road
San Diego, CA 92121
USA

-Joshua Rosenthol
TEL: 858-320-3684

CST Lab: NVLAP 200928-0

Crypto Module Java
(Software Version: 1.0)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Software 09/25/2012 Overall Level: 1 

-Operational Environment: Tested as meeting Level 1 with 64-bit Microsoft Windows 2008 R2 with JRE v1.6.0 (single-user mode)

-FIPS Approved algorithms: Triple-DES (Cert. #1262); AES (Cert. #1936); SHS (Cert. #1701); HMAC (Cert. #1169); RNG (Cert. #1020); DSA (Cert. #618); RSA (Cert. #1002)

-Other algorithms: Diffie-Hellman (key agreement; key establishment methodology provides 80 bits of encryption strength; non-compliant); ECDSA (non-compliant); ECDH (non-compliant); MD2; MD4; MD5

Multi-chip standalone

"The Websense Crypto Module Java provides cryptographic and secure communication services for the Websense-developed family of web security, email security, and data loss prevention solutions, deployed on high-performance, pre-configured hardware or as fully-customizable "ready-to-install" software."
1802 Brocade Communications Systems, Inc.
130 Holger Way
San Jose, CA 95134
USA

-Greg Farris
TEL: 408-333-8000
FAX: 408-333-8101

CST Lab: NVLAP 200802-0

VDX 6710, VDX 6720 and VDX 6730 with Network OS (NOS) v2.1.0 Firmware
(Hardware Versions: VDX6710-54-F (P/N 80-1004843-02), VDX6710-54-R (P/N 80-1004702-02), VDX6720-16-F (P/N 80-1004566-05), VDX6720-16-R (P/N 80-1004567-05), VDX6720-24-F (P/N 80-1004564-05), VDX6720-24-R (P/N 80-1004565-05), VDX6720-40-F (P/N 80-1004570-05), VDX6720-40-R (P/N 80-1004571-05), VDX6720-60-F (P/N 80-1004568-05), VDX6720-60-R (P/N 80-1004569-05), VDX6730-16-F (P/N 80-1005649-01), VDX6730-16-R (P/N 80-1005651-01), VDX6730-24-F (P/N 80-1005648-01), VDX6730-24-R (P/N 80-1005650-01), VDX6730-40-F (P/N 80-1005680-01), VDX6730-40-R (P/N 80-1005681-01), VDX6730-60-F (P/N 80-1005679-011) and VDX6730-60-R (P/N 80-1005678-01) with FIPS Kit (P/N Brocade XBR-000195); Firmware Version: Network OS (NOS) v2.1.0 (P/N 63-1000931-01))

(When operated in FIPS mode and with the tamper evident seals installed as indicated in the Security Policy)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/07/2012 Overall Level: 2 

-FIPS Approved algorithms: Triple-DES (Cert. #652); AES (Certs. #731 and #1595); SHS (Certs. #749 and #1407); HMAC (Certs. #397 and #933); RNG (Cert. #426); RSA (Certs. #342 and #778)

-Other algorithms: RSA (key wrapping; key establishment methodology provides 80 bits of encryption strength; non-compliant); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); HMAC-MD5; MD5; NDRNG; BF; CAST; CAST5; DES; DES3; DESX; RC2; RC2-40; RC2-64; RC4; RC4-40; MD2; MD4; RMD160; AES128-CTR (non-compliant); AES192-CTR (non-compliant); AES256-CTR (non-compliant); ARCFOUR256; ARCFOUR128; AES128-CBC (non-compliant); 3DES-CBC (non-compliant); BLOWFISH-CBC; CAST128-CBC; AES192-CBC (non-compliant); AES256-CBC (non-compliant); ARCFOUR; UMAC-64; HMAC-RIPEMD160; HMAC-SHA1-96 (non-compliant); HMAC-MD5-96

Multi-chip standalone

"The VDX 6710, VDX 6720 and VDX 6730 are multiple-chip standalone cryptographic modules. The module is a Gigabit Ethernet routing switch that provides secure network services and network management."
1801 Motorola Solutions, Inc.
1301 East Algonquin Road
Schaumburg, IL 60196
USA

-Kirk Mathews
TEL: 847-576-4101

CST Lab: NVLAP 100432-0

µMACE
(Hardware Version: P/N AT58Z04; Firmware Version: R01.00.04)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 09/07/2012 Overall Level: 3 

-FIPS Approved algorithms: AES (Cert. #1876); DRBG (Cert. #154); ECDSA (Cert. #263); KAS (Cert. #28); SHS (Cert. #1619)

-Other algorithms: AES (Cert. #1876, key wrapping; key establishment methodology provides 256 bits of encryption strength); NDRNG

Single-chip

"The µMACE cryptographic processor is used in security modules embedded in Motorola Solutions security products."
1800 SafeNet, Inc.
4690 Millennium Drive
Belcamp, MD 21017
USA

-Andrew Young
TEL: 703-647-8408
FAX: 410-290-6506

CST Lab: NVLAP 100432-0

eToken 4300
(Hardware Version: Inside Secure AT90SC28880RCFV Rev. G; Firmware Version: SafeNet eToken 4300 010E.1245.0002 with PIV Applet 3.0)

(PIV Card Application: Cert. #32)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Hardware 12/06/2012;
02/06/2014
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-Physical Security: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: AES (Cert. #1655); RSA (Cert. #824); Triple-DES (Cert. #1088); Triple-DES MAC (Triple-DES Cert. #1088, vendor affirmed); DRBG (Cert. #98); SHS (Cert. #1465); ECDSA (Cert. # 214); CVL (Cert. #2); CVL (Certs. #218 and #222)

-Other algorithms: HW RNG; AES-CMAC (non-compliant); AES (Cert. #1655, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength)

Single-chip

"eToken 4300 is a Cryptographic Module based on the Athena OS755 Java Card smart card operating system with 80KB of EEPROM. eToken 4300 is compliant with the latest Java Card 2.2.2 and GlobalPlatform 2.1.1 specifications and is validated to FIPS 140-2 Level 2. eToken 4300 supports FIPS approved DRBG, SHA-1 and all SHA-2, TDES, AES, RSA, ECDSA and ECC CDC, and RSA and ECC key generation. eToken 4300 exposes PKI and Biometric APIs and is designed for high-performance government and enterprise smart card applications."
1799 Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

-Gary Brunner
TEL: 412-262-2571, ext. 101
FAX: 412-262-2574

CST Lab: NVLAP 200928-0

CEP100, CEP100 VSE, CEP100-XSA, CEP1000, CEP1000-DP and CEP1000 VSE
(Hardware Versions: [CEP100, A], [CEP100 VSE, A], [CEP100-XSA, A], [CEP1000, A], [CEP1000-DP, A] and [CEP1000 VSE, A]; Firmware Version: 2.1)

(When operated in FIPS mode)

Validated to FIPS 140-2

Security Policy

Consolidated Validation Certificate

Vendor Product Link
Hardware 09/04/2012;
03/08/2013
Overall Level: 2 

-Cryptographic Module Specification: Level 3
-Roles, Services, and Authentication: Level 3
-EMI/EMC: Level 3
-Design Assurance: Level 3

-FIPS Approved algorithms: Triple-DES (Certs. #482, #667 and #1258); AES (Certs. #465, #762 and #1932); SHS (Cert. #1697); HMAC (Certs. #416, #417 and #1166); RSA (Certs. #998); DSA (Certs. #615); RNG (Certs. #1017)

-Other algorithms: MD5; HMAC-MD5-96; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)

Multi-chip standalone

"The Certes Networks CEP VSE encryptors are a family of high performance network encryption appliances that offer line rate multi-layer encryption at speeds from 10 Mbps up to 10 Gbps for Ethernet, IP, and MPLS networks. The CEP VSE family can be centrally managed with the simple drag-and-drop interface of Certes TrustNet Manager. TrustNet Manager provides centralized policy and key management, logging and auditing for the entire network. The CEP100 VSE and CEP1000 VSE provide data confidentiality, data integrity and data authentication for network traffic at bit rates from 75 Mbps to 1 Gbps."
1798 Certes Networks, Inc.
300 Corporate Center Drive
Suite 140
Pittsburgh, PA 15108
USA

-